My note about AWS Cognito.
User Pool
It is an authentication component that stores user attributes; name, email address, etc.
A client can retrieve some tokens as JWT; ID token, Access token, and Refresh token.
ID token
ID token includes user attributes; name, email address, etc.
API Gateway and Cognito Identity Pool uses this token to authenticate.
Access token
A client requests to User Pool to edit user attributes with the access token.
Refresh token
A client requests User Pool to retrieve the new access token with the refresh token if the access token is expired.
Identity Pool
It is an authorization component that serves token to access AWS resources.
A client can retrieve STS tokens as JWT with the ID token.
Top comments (0)