{"id":"6bb99fcc-f52d-4082-90cf-4ae8f434f897","shortId":"Y3TdM4","kind":"skill","title":"cognito","tagline":"AWS Cognito user authentication and authorization service. Use when setting up user pools, configuring identity pools, implementing OAuth flows, managing user attributes, or integrating with social identity providers.","description":"# AWS Cognito\n\nAmazon Cognito provides authentication, authorization, and user management for web and mobile applications. Users can sign in directly or through federated identity providers.\n\n## Table of Contents\n\n- [Core Concepts](#core-concepts)\n- [Common Patterns](#common-patterns)\n- [CLI Reference](#cli-reference)\n- [Best Practices](#best-practices)\n- [Troubleshooting](#troubleshooting)\n- [References](#references)\n\n## Core Concepts\n\n### User Pools\n\nUser directory for sign-up and sign-in. Provides:\n- User registration and authentication\n- OAuth 2.0 / OpenID Connect tokens\n- MFA and password policies\n- Customizable UI and flows\n\n### Identity Pools (Federated Identities)\n\nProvide temporary AWS credentials to access AWS services. Users can be:\n- Cognito User Pool users\n- Social identity (Google, Facebook, Apple)\n- SAML/OIDC enterprise identity\n- Anonymous guests\n\n### Tokens\n\n| Token | Purpose | Lifetime |\n|-------|---------|----------|\n| **ID Token** | User identity claims | 1 hour |\n| **Access Token** | API authorization | 1 hour |\n| **Refresh Token** | Get new ID/Access tokens | 30 days (configurable) |\n\n## Common Patterns\n\n### Create User Pool\n\n**AWS CLI:**\n\n```bash\naws cognito-idp create-user-pool \\\n  --pool-name my-app-users \\\n  --policies '{\n    \"PasswordPolicy\": {\n      \"MinimumLength\": 12,\n      \"RequireUppercase\": true,\n      \"RequireLowercase\": true,\n      \"RequireNumbers\": true,\n      \"RequireSymbols\": true\n    }\n  }' \\\n  --auto-verified-attributes email \\\n  --username-attributes email \\\n  --mfa-configuration OPTIONAL \\\n  --user-attribute-update-settings '{\n    \"AttributesRequireVerificationBeforeUpdate\": [\"email\"]\n  }'\n```\n\n### Create App Client\n\n```bash\naws cognito-idp create-user-pool-client \\\n  --user-pool-id us-east-1_abc123 \\\n  --client-name my-web-app \\\n  --generate-secret \\\n  --explicit-auth-flows ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \\\n  --supported-identity-providers COGNITO \\\n  --callback-urls https://myapp.com/callback \\\n  --logout-urls https://myapp.com/logout \\\n  --allowed-o-auth-flows code \\\n  --allowed-o-auth-scopes openid email profile \\\n  --allowed-o-auth-flows-user-pool-client \\\n  --access-token-validity 60 \\\n  --id-token-validity 60 \\\n  --refresh-token-validity 30 \\\n  --token-validity-units '{\n    \"AccessToken\": \"minutes\",\n    \"IdToken\": \"minutes\",\n    \"RefreshToken\": \"days\"\n  }'\n```\n\n### Sign Up User\n\n```python\nimport boto3\nimport hmac\nimport hashlib\nimport base64\n\ncognito = boto3.client('cognito-idp')\n\ndef get_secret_hash(username, client_id, client_secret):\n    message = username + client_id\n    dig = hmac.new(\n        client_secret.encode('utf-8'),\n        message.encode('utf-8'),\n        digestmod=hashlib.sha256\n    ).digest()\n    return base64.b64encode(dig).decode()\n\nresponse = cognito.sign_up(\n    ClientId='client-id',\n    SecretHash=get_secret_hash('user@example.com', 'client-id', 'client-secret'),\n    Username='user@example.com',\n    Password='SecurePassword123!',\n    UserAttributes=[\n        {'Name': 'email', 'Value': 'user@example.com'},\n        {'Name': 'name', 'Value': 'John Doe'}\n    ]\n)\n```\n\n### Confirm Sign Up\n\n```python\ncognito.confirm_sign_up(\n    ClientId='client-id',\n    SecretHash=get_secret_hash('user@example.com', 'client-id', 'client-secret'),\n    Username='user@example.com',\n    ConfirmationCode='123456'\n)\n```\n\n### Authenticate User\n\n```python\nresponse = cognito.initiate_auth(\n    ClientId='client-id',\n    AuthFlow='USER_SRP_AUTH',\n    AuthParameters={\n        'USERNAME': 'user@example.com',\n        'SECRET_HASH': get_secret_hash('user@example.com', 'client-id', 'client-secret'),\n        'SRP_A': srp_a  # From SRP library\n    }\n)\n\n# For simple password auth (not recommended for production)\nresponse = cognito.admin_initiate_auth(\n    UserPoolId='us-east-1_abc123',\n    ClientId='client-id',\n    AuthFlow='ADMIN_USER_PASSWORD_AUTH',\n    AuthParameters={\n        'USERNAME': 'user@example.com',\n        'PASSWORD': 'password',\n        'SECRET_HASH': get_secret_hash('user@example.com', 'client-id', 'client-secret')\n    }\n)\n\ntokens = response['AuthenticationResult']\nid_token = tokens['IdToken']\naccess_token = tokens['AccessToken']\nrefresh_token = tokens['RefreshToken']\n```\n\n### Refresh Tokens\n\n```python\nresponse = cognito.initiate_auth(\n    ClientId='client-id',\n    AuthFlow='REFRESH_TOKEN_AUTH',\n    AuthParameters={\n        'REFRESH_TOKEN': refresh_token,\n        'SECRET_HASH': get_secret_hash('user@example.com', 'client-id', 'client-secret')\n    }\n)\n```\n\n### Create Identity Pool\n\n```bash\naws cognito-identity create-identity-pool \\\n  --identity-pool-name my-app-identities \\\n  --allow-unauthenticated-identities \\\n  --cognito-identity-providers \\\n    ProviderName=cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123,\\\nClientId=client-id,\\\nServerSideTokenCheck=true\n```\n\n### Get AWS Credentials\n\n```python\nimport boto3\n\ncognito_identity = boto3.client('cognito-identity')\n\n# Get identity ID\nresponse = cognito_identity.get_id(\n    IdentityPoolId='us-east-1:12345678-1234-1234-1234-123456789012',\n    Logins={\n        'cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123': id_token\n    }\n)\nidentity_id = response['IdentityId']\n\n# Get credentials\nresponse = cognito_identity.get_credentials_for_identity(\n    IdentityId=identity_id,\n    Logins={\n        'cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123': id_token\n    }\n)\n\ncredentials = response['Credentials']\n# Use credentials['AccessKeyId'], credentials['SecretKey'], credentials['SessionToken']\n```\n\n## CLI Reference\n\n### User Pool\n\n| Command | Description |\n|---------|-------------|\n| `aws cognito-idp create-user-pool` | Create user pool |\n| `aws cognito-idp describe-user-pool` | Get pool details |\n| `aws cognito-idp update-user-pool` | Update pool settings |\n| `aws cognito-idp delete-user-pool` | Delete pool |\n| `aws cognito-idp list-user-pools` | List pools |\n\n### Users\n\n| Command | Description |\n|---------|-------------|\n| `aws cognito-idp admin-create-user` | Create user (admin) |\n| `aws cognito-idp admin-delete-user` | Delete user |\n| `aws cognito-idp admin-get-user` | Get user details |\n| `aws cognito-idp list-users` | List users |\n| `aws cognito-idp admin-set-user-password` | Set password |\n| `aws cognito-idp admin-disable-user` | Disable user |\n\n### Authentication\n\n| Command | Description |\n|---------|-------------|\n| `aws cognito-idp initiate-auth` | Start authentication |\n| `aws cognito-idp respond-to-auth-challenge` | Respond to MFA |\n| `aws cognito-idp admin-initiate-auth` | Admin authentication |\n\n## Best Practices\n\n### Security\n\n- **Enable MFA** for all users (at least optional)\n- **Use strong password policies**\n- **Enable advanced security features** (adaptive auth)\n- **Verify email/phone** before allowing sign-in\n- **Use short token lifetimes** for sensitive apps\n- **Never expose client secrets** in frontend code\n\n### User Experience\n\n- **Use hosted UI** for quick implementation\n- **Customize UI** with CSS\n- **Implement proper error handling**\n- **Provide clear password requirements**\n\n### Architecture\n\n- **Use identity pools** for AWS resource access\n- **Use access tokens** for API Gateway\n- **Store refresh tokens securely**\n- **Implement token refresh** before expiry\n\n## Troubleshooting\n\n### User Cannot Sign In\n\n**Causes:**\n- User not confirmed\n- Password incorrect\n- User disabled\n- Account locked (too many attempts)\n\n**Debug:**\n\n```bash\naws cognito-idp admin-get-user \\\n  --user-pool-id us-east-1_abc123 \\\n  --username user@example.com\n```\n\n### Token Validation Failed\n\n**Causes:**\n- Token expired\n- Wrong user pool/client ID\n- Token signature invalid\n\n**Validate JWT:**\n\n```python\nimport jwt\nimport requests\n\n# Get JWKS\njwks_url = f'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123/.well-known/jwks.json'\njwks = requests.get(jwks_url).json()\n\n# Decode and verify (use python-jose or similar)\nfrom jose import jwt\n\nclaims = jwt.decode(\n    token,\n    jwks,\n    algorithms=['RS256'],\n    audience='client-id',\n    issuer='https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123'\n)\n```\n\n### Hosted UI Not Working\n\n**Check:**\n- Callback URLs configured correctly\n- Domain configured for user pool\n- OAuth settings enabled\n\n```bash\n# Check domain\naws cognito-idp describe-user-pool \\\n  --user-pool-id us-east-1_abc123 \\\n  --query 'UserPool.Domain'\n```\n\n### Rate Limiting\n\n**Symptom:** `TooManyRequestsException`\n\n**Solutions:**\n- Implement exponential backoff\n- Request quota increase\n- Cache tokens appropriately\n\n## References\n\n- [Cognito Developer Guide](https://docs.aws.amazon.com/cognito/latest/developerguide/)\n- [Cognito User Pools API](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/)\n- [Cognito Identity API](https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/)\n- [Cognito CLI Reference](https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/)","tags":["cognito","aws","agent","skills","itsmostafa","agent-skills","agentic-ai","claude-code","claude-skills","codex","coding-agents"],"capabilities":["skill","source-itsmostafa","skill-cognito","topic-agent-skills","topic-agentic-ai","topic-aws","topic-claude-code","topic-claude-skills","topic-codex","topic-coding-agents"],"categories":["aws-agent-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/itsmostafa/aws-agent-skills/cognito","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add itsmostafa/aws-agent-skills","source_repo":"https://github.com/itsmostafa/aws-agent-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 1085 github stars · SKILL.md body (8,870 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-03T00:52:58.305Z","embedding":null,"createdAt":"2026-04-18T21:55:38.610Z","updatedAt":"2026-05-03T00:52:58.305Z","lastSeenAt":"2026-05-03T00:52:58.305Z","tsv":"'-1234':623,624,625 '-123456789012':626 '-8':366,369 '/callback':278 '/cli/latest/reference/cognito-idp/)':1083 '/cognito-user-identity-pools/latest/apireference/)':1071 '/cognito/latest/developerguide/)':1064 '/cognitoidentity/latest/apireference/)':1077 '/logout':284 '/us-east-1_abc123''':1004 '/us-east-1_abc123'':':630,650 '/us-east-1_abc123,':592 '/us-east-1_abc123/.well-known/jwks.json''':972 '1':152,158,244,487,621,941,1040 '12':195 '123456':434 '12345678':622 '2.0':102 '30':166,321 '60':311,316 'abc123':245,488,942,1041 'access':123,154,308,522,890,892 'access-token-valid':307 'accesskeyid':658 'accesstoken':326,525 'account':919 'adapt':840 'admin':494,730,735,741,751,771,782,816,819,931 'admin-create-us':729 'admin-delete-us':740 'admin-disable-us':781 'admin-get-us':750,930 'admin-initiate-auth':815 'admin-set-user-password':770 'advanc':837 'algorithm':995 'allow':260,264,286,292,300,582,845 'allow-unauthenticated-ident':581 'allowed-o-auth-flow':285 'allowed-o-auth-flows-user-pool-cli':299 'allowed-o-auth-scop':291 'amazon':32 'anonym':141 'api':156,895,1068,1074 'app':190,225,252,579,855 'appl':137 'applic':44 'appropri':1057 'architectur':883 'attempt':923 'attribut':23,207,211,219 'attributesrequireverificationbeforeupd':222 'audienc':997 'auth':258,263,267,288,294,302,440,448,474,482,497,535,543,796,806,818,841 'authent':5,35,100,435,787,798,820 'authenticationresult':517 'authflow':445,493,540 'author':7,36,157 'authparamet':449,498,544 'auto':205 'auto-verified-attribut':204 'aw':2,30,120,124,174,177,228,565,600,669,680,691,702,712,725,736,746,757,766,777,790,799,811,888,926,1025 'backoff':1051 'base64':343 'base64.b64encode':374 'bash':176,227,564,925,1022 'best':73,76,821 'best-practic':75 'boto3':337,604 'boto3.client':345,607 'cach':1055 'callback':274,1010 'callback-url':273 'cannot':908 'caus':911,948 'challeng':807 'check':1009,1023 'claim':151,991 'clear':880 'cli':68,71,175,663,1079 'cli-refer':70 'client':226,236,247,306,354,356,360,382,390,393,418,426,429,443,459,462,491,510,513,538,556,559,595,858,999 'client-id':381,389,417,425,442,458,490,509,537,555,594,998 'client-nam':246 'client-secret':392,428,461,512,558 'client_secret.encode':364 'clientid':380,416,441,489,536,593 'code':290,862 'cognito':1,3,31,33,129,179,230,272,344,347,567,586,605,609,671,682,693,704,714,727,738,748,759,768,779,792,801,813,928,1027,1059,1065,1072,1078 'cognito-ident':566,608 'cognito-identity-provid':585 'cognito-idp':178,229,346,670,681,692,703,713,726,737,747,758,767,778,791,800,812,927,1026 'cognito-idp.us-east-1.amazonaws.com':591,629,649,971,1003 'cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123''':1002 'cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123'':':628,648 'cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123,':590 'cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123/.well-known/jwks.json''':970 'cognito.admin':480 'cognito.confirm':413 'cognito.initiate':439,534 'cognito.sign':378 'cognito_identity.get':615,640 'command':667,723,788 'common':63,66,169 'common-pattern':65 'concept':59,62,83 'configur':15,168,215,1012,1015 'confirm':409,914 'confirmationcod':433 'connect':104 'content':57 'core':58,61,82 'core-concept':60 'correct':1013 'creat':171,182,224,233,561,570,674,677,731,733 'create-identity-pool':569 'create-user-pool':181,673 'create-user-pool-cli':232 'credenti':121,601,638,641,653,655,657,659,661 'css':874 'custom':871 'customiz':110 'day':167,331 'debug':924 'decod':376,978 'def':349 'delet':707,710,742,744 'delete-user-pool':706 'describ':685,1030 'describe-user-pool':684,1029 'descript':668,724,789 'detail':690,756 'develop':1060 'dig':362,375 'digest':372 'digestmod':370 'direct':49 'directori':87 'disabl':783,785,918 'docs.aws.amazon.com':1063,1070,1076,1082 'docs.aws.amazon.com/cli/latest/reference/cognito-idp/)':1081 'docs.aws.amazon.com/cognito-user-identity-pools/latest/apireference/)':1069 'docs.aws.amazon.com/cognito/latest/developerguide/)':1062 'docs.aws.amazon.com/cognitoidentity/latest/apireference/)':1075 'doe':408 'domain':1014,1024 'east':243,486,620,940,1039 'email':208,212,223,297,401 'email/phone':843 'enabl':824,836,1021 'enterpris':139 'error':877 'experi':864 'expir':950 'expiri':905 'explicit':257 'explicit-auth-flow':256 'exponenti':1050 'expos':857 'f':969 'facebook':136 'fail':947 'featur':839 'feder':52,116 'flow':20,113,259,289,303 'frontend':861 'gateway':896 'generat':254 'generate-secret':253 'get':162,350,385,421,454,505,551,599,611,637,688,752,754,932,965 'googl':135 'guest':142 'guid':1061 'handl':878 'hash':352,387,423,453,456,504,507,550,553 'hashlib':341 'hashlib.sha256':371 'hmac':339 'hmac.new':363 'host':866,1005 'hour':153,159 'id':147,240,313,355,361,383,391,419,427,444,460,492,511,518,539,557,596,613,616,631,634,646,651,937,954,1000,1036 'id-token-valid':312 'id/access':164 'ident':16,28,53,114,117,134,140,150,270,562,568,571,574,580,584,587,606,610,612,633,643,645,885,1073 'identity-pool-nam':573 'identityid':636,644 'identitypoolid':617 'idp':180,231,348,672,683,694,705,715,728,739,749,760,769,780,793,802,814,929,1028 'idtoken':328,521 'implement':18,870,875,901,1049 'import':336,338,340,342,603,961,963,989 'incorrect':916 'increas':1054 'initi':481,795,817 'initiate-auth':794 'integr':25 'invalid':957 'issuer':1001 'john':407 'jose':984,988 'json':977 'jwks':966,967,973,975,994 'jwt':959,962,990 'jwt.decode':992 'least':830 'librari':470 'lifetim':146,852 'limit':1045 'list':717,720,762,764 'list-us':761 'list-user-pool':716 'lock':920 'login':627,647 'logout':280 'logout-url':279 'manag':21,39 'mani':922 'messag':358 'message.encode':367 'mfa':106,214,810,825 'mfa-configur':213 'minimumlength':194 'minut':327,329 'mobil':43 'my-app-ident':577 'my-app-us':188 'my-web-app':249 'myapp.com':277,283 'myapp.com/callback':276 'myapp.com/logout':282 'name':187,248,400,404,405,576 'never':856 'new':163 'o':287,293,301 'oauth':19,101,1019 'openid':103,296 'option':216,831 'password':108,397,473,496,501,502,774,776,834,881,915 'passwordpolici':193 'pattern':64,67,170 'polici':109,192,835 'pool':14,17,85,115,131,173,184,186,235,239,305,563,572,575,666,676,679,687,689,698,700,709,711,719,721,886,936,1018,1032,1035,1067 'pool-nam':185 'pool/client':953 'practic':74,77,822 'product':478 'profil':298 'proper':876 'provid':29,34,54,96,118,271,588,879 'providernam':589 'purpos':145 'python':335,412,437,532,602,960,983 'python-jos':982 'queri':1042 'quick':869 'quota':1053 'rate':1044 'recommend':476 'refer':69,72,80,81,664,1058,1080 'refresh':160,265,318,526,530,541,545,547,898,903 'refresh-token-valid':317 'refreshtoken':330,529 'registr':98 'request':964,1052 'requests.get':974 'requir':882 'requirelowercas':198 'requirenumb':200 'requiresymbol':202 'requireuppercas':196 'resourc':889 'respond':804,808 'respond-to-auth-challeng':803 'respons':377,438,479,516,533,614,635,639,654 'return':373 'rs256':996 'saml/oidc':138 'scope':295 'secret':255,351,357,386,394,422,430,452,455,463,503,506,514,549,552,560,859 'secrethash':384,420 'secretkey':660 'secur':823,838,900 'securepassword123':398 'sensit':854 'serversidetokencheck':597 'servic':8,125 'sessiontoken':662 'set':11,221,701,772,775,1020 'short':850 'sign':47,90,94,332,410,414,847,909 'sign-in':93,846 'sign-up':89 'signatur':956 'similar':986 'simpl':472 'skill' 'skill-cognito' 'social':27,133 'solut':1048 'source-itsmostafa' 'srp':262,447,464,466,469 'start':797 'store':897 'strong':833 'support':269 'supported-identity-provid':268 'symptom':1046 'tabl':55 'temporari':119 'token':105,143,144,148,155,161,165,266,309,314,319,323,515,519,520,523,524,527,528,531,542,546,548,632,652,851,893,899,902,945,949,955,993,1056 'token-validity-unit':322 'toomanyrequestsexcept':1047 'topic-agent-skills' 'topic-agentic-ai' 'topic-aws' 'topic-claude-code' 'topic-claude-skills' 'topic-codex' 'topic-coding-agents' 'troubleshoot':78,79,906 'true':197,199,201,203,598 'ui':111,867,872,1006 'unauthent':583 'unit':325 'updat':220,696,699 'update-user-pool':695 'url':275,281,968,976,1011 'us':242,485,619,939,1038 'us-east':241,484,618,938,1037 'use':9,656,832,849,865,884,891,981 'user':4,13,22,38,45,84,86,97,126,130,132,149,172,183,191,218,234,238,261,304,334,436,446,495,665,675,678,686,697,708,718,722,732,734,743,745,753,755,763,765,773,784,786,828,863,907,912,917,933,935,952,1017,1031,1034,1066 'user-attribute-update-set':217 'user-pool-id':237,934,1033 'user@example.com':388,396,403,424,432,451,457,500,508,554,944 'userattribut':399 'usernam':210,353,359,395,431,450,499,943 'username-attribut':209 'userpool.domain':1043 'userpoolid':483 'utf':365,368 'valid':310,315,320,324,946,958 'valu':402,406 'verifi':206,842,980 'web':41,251 'work':1008 'wrong':951","prices":[{"id":"c4b2cdee-58cf-4b21-9255-d00dd1672481","listingId":"6bb99fcc-f52d-4082-90cf-4ae8f434f897","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"itsmostafa","category":"aws-agent-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:55:38.610Z"}],"sources":[{"listingId":"6bb99fcc-f52d-4082-90cf-4ae8f434f897","source":"github","sourceId":"itsmostafa/aws-agent-skills/cognito","sourceUrl":"https://github.com/itsmostafa/aws-agent-skills/tree/main/skills/cognito","isPrimary":false,"firstSeenAt":"2026-04-18T21:55:38.610Z","lastSeenAt":"2026-05-03T00:52:58.305Z"}],"details":{"listingId":"6bb99fcc-f52d-4082-90cf-4ae8f434f897","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"itsmostafa","slug":"cognito","github":{"repo":"itsmostafa/aws-agent-skills","stars":1085,"topics":["agent-skills","agentic-ai","aws","claude-code","claude-skills","codex","coding-agents"],"license":"mit","html_url":"https://github.com/itsmostafa/aws-agent-skills","pushed_at":"2026-04-27T09:45:24Z","description":"AWS Skills for Agents","skill_md_sha":"7dd0256c1851bfccf568242cbb61e11ca37afd80","skill_md_path":"skills/cognito/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/itsmostafa/aws-agent-skills/tree/main/skills/cognito"},"layout":"multi","source":"github","category":"aws-agent-skills","frontmatter":{"name":"cognito","description":"AWS Cognito user authentication and authorization service. Use when setting up user pools, configuring identity pools, implementing OAuth flows, managing user attributes, or integrating with social identity providers."},"skills_sh_url":"https://skills.sh/itsmostafa/aws-agent-skills/cognito"},"updatedAt":"2026-05-03T00:52:58.305Z"}}