Cognito

• Authentication & authorization

• User management

• Integration with Facebook, Google, …

• Also support unauthenticated users

• Cognito (mobile/desktop client SDK) generates JWT that is sent to Cognito service which can be then used to auth to Facebook, Dropbox, Google, etc.

• A cognito pool can assume a role or generate temporal aws credentials