Adding user pool sign-in through a third party - Amazon Cognito

Adding user pool sign-in through a third party

Your app users can sign in either directly through a user pool, or federate through a third-party identity provider (IdP). The user pool manages the overhead of handling the tokens that are returned from social sign-in through Facebook, Google, Amazon, and Apple, and from OpenID Connect (OIDC) and SAML IdPs. With the built-in hosted web UI, Amazon Cognito provides token handling and management for authenticated users from all IdPs. This way, your backend systems can standardize on one set of user pool tokens.

If you want your users to sign in with federated providers, you must choose a domain. This sets up the Amazon Cognito hosted UI and auth API endpoints. You can use the AUTHORIZATION endpoint to redirect your users transparently through the hosted UI to federated provider sign-in. You can't use the API operations InitiateAuth or AdminInitiateAuth to sign in with federated IdPs. For more information about how you use the hosted UI, see Using the Amazon Cognito hosted UI for sign-up and sign-in.

When the hosted UI redirects a session to a federated IdP, Amazon Cognito includes the user-agent header Amazon/Cognito in the request.


            Authentication overview with social sign-in
Note

Sign-in through a third party (federation) is available in Amazon Cognito user pools. This feature is independent of federation through Amazon Cognito identity pools (federated identities).