Accessing resources after a successful user pool authentication - Amazon Cognito
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Accessing resources after a successful user pool authentication

Your app users can either sign in directly through a user pool, or they can federate through a third-party identity provider (IdP). The user pool manages the overhead of handling the tokens that are returned from social sign-in through Facebook, Google, Amazon, and Apple, and from OpenID Connect (OIDC) and SAML IdPs. For more information, see Using tokens with user pools.

After a successful authentication, your app will receive user pool tokens from Amazon Cognito. You can use user pool tokens to:

  • Retrieve Amazon credentials that authorize requests for application resources in Amazon Web Services like Amazon DynamoDB and Amazon S3.

  • Provide temporary, revocable proof of authentication.

  • Populate identity data to a user profile in your app.

  • Authorize changes to the signed-in user's profile in the user pool directory.

  • Authorize requests for user information with an access token.

  • Authorize requests to data that is behind access-protected external APIs with access tokens.

  • Authorize access to application assets that are stored on the client or server with Amazon Verified Permissions.

For more information, see User pool authentication flow and Using tokens with user pools.

Authentication overview.