- Newest
- Most votes
- Most comments
When using federation it is often confusing which entity is playing which role at what point.
When you integrate Cognito with Google as an ODIC identity provider, Cognito is the corresponding relying party ("app") in the relationship with Google, not your "Server"(App). Cognito is using the client id/secret to do the code exchange. Cognito does that behind the scene and it is not visible to you. After that Cognito gives your application the tokens Cognito itself generates.
Please refer to the diagram and description here for how the signals flow: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-oidc-flow.html
Cognito acts as a relying party which provides token handling and management for authenticated users from all identity providers, so your backend systems can standardize on one set of user pool tokens.
Relevant content
- asked 5 months ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 7 months ago
Thank you for claryfying & reply. So I need a Hosted UI just as a redirect endpoint used by Google for the OAuth workflow Will probably use Amplify in my react app together with Google Login & dont need a Hosted UI but the Google identity provider does need a Hosted UI probably.