AWS provides cognito which provides the developer with sign-up and sign-in functionality including federations with OpenId compatible identity providers such as facebook, google etc.
There are two types of categories in cognito developer console. These are managing user pool and managing federated identities.
I'm just a little bit confused because both are very similar even we want to provide our client to login with their facebook account.
The cognito user pool itself provides federation and federation identity pool also provide it by authentication providers.
The question is that if I want to allow my clients to use their own facebook account for sign-in, which categories should I use? user pool or federated identities?
In addition, if I want to configure authorizer in API gateway I have to create cognito user pool but federated identity pool. Is that the main reason choosing the cognito category?
Best Answer
Cognito user pool:
Cognito Federated Identities or Identity Pool:
Relationship between User pool and Identity pool:
The Cognito Identity Pool simply takes all the identity providers and puts them together (federates them). And with all of this it can now give your users secure access to your AWS services, regardless of where they come from.
So in summary, the Cognito User Pool stores all the users which then plugs into Cognito Identity Pool which can give the users access to AWS services.
source