AWS Certified Solutions Architect – Professional — Question 875

In Amazon Cognito, your mobile app authenticates with the Identity Provider (IdP) using the provider's SDK. Once the end user is authenticated with the IdP, the
OAuth or OpenID Connect token returned from the IdP is passed by your app to Amazon Cognito, which returns a new _____ for the user and a set of temporary, limited-privilege AWS credentials.

Answer options

• A. Cognito Key Pair
• B. Cognito API
• C. Cognito ID
• D. Cognito SDK

Correct answer: C

Explanation

Amazon Cognito Identity Pools exchange OAuth or OpenID Connect tokens from external identity providers for a unique Cognito ID and temporary AWS credentials. This Cognito ID uniquely identifies the user within the identity pool. Options like Cognito Key Pair, Cognito API, and Cognito SDK are incorrect as they refer to cryptographic tools, interfaces, or development kits rather than the user identifier.