AWS

Amazon Web Services (AWS) Cognito is a managed identity service that provides user authentication, authorization, and user management for web and mobile applications. Cognito User Pools function as a fully managed user directory and OAuth 2.0 authorization server, enabling secure sign-in and token-based access control.

Capabilities

• Authenticate users via OAuth 2.0 authorization code grant with PKCE support
• Retrieve ID, access, and refresh tokens for secure API access
• Integrate with third-party identity providers (Google, Facebook, SAML, OIDC)
• Manage user sessions and token refresh workflows
• Access user profile information through OpenID Connect claims
• Implement fine-grained access control using OAuth 2.0 scopes

Resources

• User Pool Endpoints Reference
• OAuth 2.0 Grants
• Authorization Endpoint
• Amazon Cognito User Pools Guide