AWS provides cognito which provides the developer with sign-up and sign-in functionality including federations with OpenId compatible identity providers such as facebook, google etc.
There are two types of categories in cognito developer console. These are managing user pool and managing federated identities.
I'm just a little bit confused because both are very similar even we want to provide our client to login with their facebook account. The cognito user pool itself provides federation and federation identity pool also provide it by authentication providers.
The question is that if I want to allow my clients to use their own facebook account for sign-in, which categories should I use? user pool or federated identities?
In addition, if I want to configure authorizer in API gateway I have to create cognito user pool but federated identity pool. Is that the main reason choosing the cognito category?
You can think of user pools as sort of a directory which contains user attributes such as name, email, phone number etc. This also provides sign up, sign in capability. You can federate users into user pools. Currently you can use Facebook, Google, and SAML as identity providers for user pools.
Cognito Federated identities lets you federate users into AWS and vends AWS credentials that can be used to access the resources you allow in your policy. For Cognito Federated Identities, you also have a variety of identity providers that you can configure such as Facebook, Google, and also Cognito User Pools can be an identity provider.
What you use depends on your use case. If you don't require AWS resources for your app, probably User Pools is all you need.