[[AWS]] service for user management. > Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect. ## How-tos - [[How to authenticate from a web app to a Cognito user pool]] ## Concepts ### User Pool Database for your user data and associated authentication data such as username and password. Provides auth mechanism for [[OAuth]], [[SAML]] and social sign-on. Has features for hooking into different parts of the auth flow. ### Identity Pool (aka Federated Identities) These are for authorization. Exchange 1 set of credentials for another set of credentials. So you're swapping your already validated credentials from an Identity Provider (e.g. Google, or a Cognito User Pool) for short-lived [[AWS IAM|IAM]] credentials. A use case for using both user and identity pools together, is an e-commerce web app where users can login (using User Pool) and then the client-side web app makes direct AWS SDK calls to Kinesis Streams in order to send click-stream analytics data. [[AWS S3]] and [[AWS Pinpoint]] SDK calls from a mobile app is another example here. ## Learning resources - [Production-ready Cognito (book)](https://cognitobook.com) by [[@David Wells]] - [Cognito Wiki](https://www.cognito.wiki) by [[@Michael Bahr]] - [Difference between Cognito User Pools and Identity Pools(video)](https://www.youtube.com/watch?v=KXZQUKgsHj8) by [[@Eoin Shanaghy]] and Luciano