We're building an IoT device with user authentication currently done via Amazon Cognito User Pools. We have a web app where the user signs in via their credentials and a JSON Web Token is returned, which in turn allows them to access API resources via API gateway. This is working great, however I'm trying to understand how/if this system can be used for OAuth2 delegation in the future. We are planning on becoming an IFTTT partner down the track (which currently only supports OAuth2). Is AWS likely to offer further OAuth2 services in the future? If not, will it be possible to setup our own OAuth2 endpoints using this current implementation?
https://partners.ifttt.com/docs/api_reference#service-connection
Thanks in advance.
You can set up pretty much anything in a Custom Authorizer since it's just Lambda function code that you control. This includes validating Cognito-vended JWTs using the public key that Cognito provides. I believe you can also add scopes to Cognito User Pool tokens, but I'm not certain. For delegation, you would have to set up that component yourself.