These are the slides from the June 2018 AWS Atlanta Meetup Group over Amazon Cognito. We covered the Web Identity Service and User Pools.

6. Understanding Cognito Flow

10. Cognito Identity and User Experience

12. You can enable your users to access
your API through API gateway. API
Gateway validates the tokens from a
successful user pool authentication,
and uses them to grant your users
access to resources including
Lambda functions, or your own API.

13. After successful user pool sign-in,
your mobile app will receive user
pool tokens from Amazon Cognito.
You can use these tokens to control
access to your server side-resources.

14. After successful user pool
authentication, your app will receive
user pool tokens from Amazon
Cognito.You can exchange them for
temporary access to other AWS
services with an identity pool.

15. You can enable your users access to
AWS services through an identity
pool. An identity pool requires an IdP
token from a user that’s
authenticated by a third party
identity provider (or nothing if it’s an
anonymous guest). In exchange, the
identity pool grants temporary AWS
credentials that you can use to
access other AWS services.

16. You can grant your users access to
AWS AppSync resources with tokens
from a successful Amazon Cognito
authentication (from a user pool or
identity pool).

17. JWT JSON WebToken
name email phone_number

18. {
"sub": "aaaaaaaa-bbbb-cccc-dddd-example",
"aud": "xxxxxxxxxxxxexample",
"email_verified": true,
"token_use": "id",
"auth_time": 1500009400,
"iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_example",
"cognito:username": "janedoe",
"exp": 1500013000,
"given_name": "Jane",
"iat": 1500009400,
"email": janedoe@example.com
}

19. Federated Identities