Amazon Cognito web app login

Amazon Cognito supports multiple authentication flows, including OAuth2.0 and JSON Web Tokens (JWT) as well as username/password-based authentication.

When using Amazon Cognito for username/password authentication, you can obtain a JWT access token by calling the InitiateAuth or AdminInitiateAuth API actions after the user has been authenticated. The JWT token can then be used to authorize API calls to other services.

OAuth2.0 is another authentication flow supported by Amazon Cognito. It allows you to use a third-party identity provider, such as Google or Facebook, to authenticate your users. When using OAuth2.0, Amazon Cognito acts as the OAuth2.0 provider and issues JWT access tokens that can be used to authorize API calls to other services.

If you are not using app-to-app communication and only need to authenticate users with username and password, you can use Amazon Cognito's user pools directly without using OAuth2.0. The user pool will handle user authentication and provide a JWT token that can be used to authorize API calls.

In summary, you can use Amazon Cognito user pools to authenticate users with username and password, and obtain a JWT token for API authorization without using OAuth2.0. However, if you need to support third-party identity providers or implement more complex authentication flows, OAuth2.0 can be used with Amazon Cognito as well.