Amazon Cognito
Developer Guide

Authentication with a User Pool

You can enable your users to authenticate with a user pool. Your users can sign in either directly through a user pool, or indirectly through a third-party identity provider (IdP). The user pool manages the overhead of handling the tokens that are returned from social sign-in through Facebook, Google, and Amazon, as well as the tokens that are returned from SAML identity providers.

After successful authentication, Amazon Cognito returns bearer tokens to your app. You can use the tokens to grant your users access to your own resources, or to the Amazon API Gateway. Or, you can exchange them for AWS credentials to access other AWS services. For more information, see User Pool Authentication Flow and Using Tokens with User Pools.

      Authentication overview