Amazon Cognito
Amazon Cognito is an AWS service that provides authentication, authorization, and user management for web and mobile applications. It supports OAuth2, OIDC, SAML federation, and social identity providers. Cognito has two main components: User Pools for user authentication and app integration, and Federated Identities for granting temporary AWS credentials to authenticated users. It includes multi-factor authentication, advanced security features, and customizable authentication flows.
APIs
Amazon Cognito Identity Provider
Control plane API for managing Cognito user pools, app clients, users, groups, identity providers, and resource servers. Supports user authentication flows including SRP, custom...
Amazon Cognito Identity (Federated Identities)
Federated identity service that issues temporary AWS credentials to authenticated and unauthenticated users from Cognito user pools, social identity providers (Facebook, Google,...
GraphQL
Amazon Cognito GraphQL API
GRAPHQLPricing Plans
Rate Limits
FinOps
Aws Cognito Finops
FINOPSFeatures
Fully managed user directories with sign-up, sign-in, and user profile management.
Standards-based OAuth2 authorization server and OpenID Connect identity provider for apps.
Integrate enterprise identity providers via SAML 2.0 for single sign-on.
Sign in with Google, Facebook, Apple, and Amazon without custom backend code.
Built-in MFA with SMS, TOTP, and email verification options.
Lambda triggers for custom authentication challenges, pre-signup validation, and post-confirmation.
Risk-based adaptive authentication with compromised credential detection and device tracking.
Grant temporary AWS credentials to users authenticated via user pools or social providers.
Pre-built customizable sign-in/sign-up pages with OAuth2 endpoint support.
Attribute-based access control with group-based IAM role assignment.
Use Cases
Add user registration, login, and session management to web and mobile applications.
Connect enterprise SAML identity providers for single sign-on to AWS-hosted applications.
Use Cognito JWT tokens to authorize access to API Gateway, AppSync, and custom APIs.
Manage consumer user accounts with self-service registration and profile management.
Issue scoped AWS credentials to authenticated users for direct service access.
Semantic Vocabularies
API Governance Rules
JSON Structure
Cognito Identity Get Open Id Token For Developer Identity Input Structure
5 properties
JSON STRUCTURECognito Identity Get Open Id Token For Developer Identity Response Structure
2 properties
JSON STRUCTURECognito Identity Invalid Identity Pool Configuration Exception Structure
0 properties
JSON STRUCTURECognito Idp Admin Create User Unused Account Validity Days Type Structure
0 properties
JSON STRUCTURECognito Idp Attributes Require Verification Before Update Type Structure
0 properties
JSON STRUCTURE