RSA SecurID Software Token with Automation 4. I’m using the PHP SDK:. gl/txjZPX Havven is a decentralised payment network wh. In order to use Kaa event feature every endpoint must be attached to some user using user verifiers, so in this case user id is some id by wich user can be identified in the external authentication system. Sending ID tokens that contain OpenID 2. Authentication. View pricing details. js code actually works. NET Core is a mixed bag. Summary: This policy controls how long a user can use a session token to get a new ID and session token after the last time they authenticated successfully by using multiple factors. After a user logs in, an Amazon Cognito user pool returns a JWT, which is a base64-encoded JSON string that contains information about the user (called claims). This documentation on the Google API PHP client shows you how to get an OAuth token for your app. js (assuming you aren't running it as a lambda function):. If you have a hearing impairment, call GA Relay at 1-800-255-0135. If you use two-step verification to authenticate with your Atlassian Cloud site, then your script will need to use a REST API token to authenticate. Cognito Get Id Token. Token unifies the way you prove your identity to the world -- live free of keys, cards, badges, and passwords. channel Id channelId?: string Property Value. aws cognito-idp get-csv-header help Creating a User Import Job After you create your. Access Token authorizes to Cognito user pool APIs for updating user profile or. The API action will depend on this value. At this point you could purge the SID history, but then you could lose access to all of the migrated data with old SIDs in the ACLs. Authentication involves: Registering your app to obtain a client ID and client secret. Everything we see in the documentation require the identity_id to get a Cognito ID. Cognito-Express: API Authentication with AWS Congito. Connected tokens are tokens that must be physically connected to the computer with which the user is authenticating. when using the OIDC flow. The OpenId token is valid for 15 minutes. The article here shows how to build an app that uses AD FS for OpenID Connect sign on. ‎If you need to use two-factor authentication to access your business network and resources but don’t want to carry a second device, then this is the solution. Native auth is the easiest way for users to connect with Foursquare. Page Access Token. net If you want to follow the news, information and share experiences and questions with others, please subscribe to our mailing list. Ask Question Asked today. The ID and access tokens expire after one hour, but your app can use the refresh token to get new tokens without having the user re-authenticate. Authenticate a user with Cognito User Pool and acquire a user token. AWS Cognito uses JSON Web Tokens (JWTs) for the OAuth2 Access Tokens, OIDC ID Tokens, and OIDC Refresh Tokens. How do I setup account linking with cognito as my provider? ?grant_type=code&client_id=[clientID I do get a token and account linking works but I can't get. The ID and access tokens expire after one hour, but your app can use the refresh token to get new tokens without having the user re-authenticate. Cognito takes the ID Token that you obtain from the OIDC identity provider and uses it to manufacture unique Cognito IDs for each person who uses your app. But when I paste in the Access Token, I get 401 - unauthorized. signIn() method from AWS Amplify. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by AWS Security Token Service (STS) to access temporary, limited-privilege AWS credentials. There is only one token for each network, so there is no possibility that two computers will attempt to transmit messages at the same time. In this post we will show how to validate a AWS Cognito JWT token. So I wrote th. An OpenID token, valid for 15 minutes. amazoncognito. Community Forum. This Id will remain the same if the user signs in later at any point. Once you have registered an app follow the steps below to gain authorized access to a users account. When I try to call the same URL, with the same data using an HTTP action in flow, it fails:. Create contact forms, registration forms, order forms, and more. To view a list of the currently available tokens on your site, you can navigate to the "Help > Token" (admin/help/token) page. After covering these features, we will have a full fledged user management system completely on AWS. Everything we see in the documentation require the identity_id to get a Cognito ID. Get Instagram Access Token To get your Instagram Access Token you need Instagram Client ID and Client Secret. This week Chris and Jordan review four great travel tripods from Manfrotto, Sirui, Gitzo and Peak Design that get the job done while still leaving room in your bag for your other gear. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server. com grant_type=refresh_token &refresh_token=xxxxxxxxxxx &client_id=xxxxxxxxxx &client_secret=xxxxxxxxxx Response. This is an example of how to protect API endpoints with Auth0 or AWS Cognito using JSON Web Key Sets and a custom authorizer lambda function. At Request Header we can also send Token ID so at Lambda level we can have info about user who has accessed the resource, his attribute values etc. Now we need to specify what AWS resources are accessible for users with temporary credentials obtained from the Cognito Identity Pool. We can get the ID token from the response. I thought this would tag any "callable" keyword in the source. This is a public API. 0 support for the PHP League's OAuth 2. com is to play all of the games and enter all of the sweepstakes on PCH. The authorization parameters, AuthParameters, are a key-value map where the key is "REFRESH_TOKEN" and value is the actual refresh token. Ask Question. After listing the existing files, the files can be downloaded from the same console by clicking on the file name. The value of aud in the ID token is equal to one of your app's client IDs. Now, from the App we can make call to the API. This known Cognito ID is returned by GetId. Find our ATMs /Automatic Teller Machines in over 40 countries. Cognito-Express: API Authentication with AWS Congito. The jwt token's payload part must contain the user cognito ID as a 'sub' property of the json object. Getting a token. NET Core is a mixed bag. Your Refresh Token can be used along with the Access Token, and the Id Token to obtain a valid user session. It uses the Active Directory Authentication Library that is installed with the Azure SDK. cognito-express authenticates API requests on a Node. Supplying multiple logins creates an implicit link. You can use Amazon Cognito to deliver temporary, limited-privilege credentials to your application, so that your users can access AWS resources. Supplying multiple logins will create an implicit linked account. Interestingly highlight_string is still working, but I couldn't see why. Put together a small tutorial on how to use refresh sessions of Cognito User with Node. Use the app for convenient mobile banking and deposits while you're on the go. I have the rest api which returns the access token. When the user is logged in to Cognito through Auth0 you can store information in Cognito that only this user will be able to access. PowerShell Function to Get Azure AD Token 12/06/2017 Tao Yang 4 comments When making Azure Resource Manager REST API calls, you will firstly need to obtain an Azure AD authorization token and use it to construct the authorization header for your HTTP requests. This section describes how to get credentials and how to retrieve an Amazon Cognito identity from an identity pool. OIDC tokens are compatible with services built for OIDC compliance, such as Cognito by Amazon Web Services. In this blog post I went through the most basic user flows that can be implemented against AWS Cognito. It may surprise you but the majority of mobile apps in the app store do not require users to authenticate before using their app. To get Amazon Cognito user details contained in an Amazon Cognito JSON Web Token (JWT), you can decode it and then verify the signature. You can also set the expiry in cookies. In this article, we are going to see how to configure ASP. These claims are statements about the user, which can be trusted if the consumer of the token can verify its signature. Hi there, I am trying to create a new method in /serverice/cognito. am_auth_get_sso_token_id() Retrieves the session identifier for the authenticated user. Get the boost you need to live better each day — whether that’s taking long walks, sleeping better, or finding time with friends and family. This known Cognito ID is returned by GetId. Get ID token. These examples assume a default port value of 35357, and depend on the sampledata bundled with keystone. We will implement the RSKeyProvider and also use the Jwts. In this article, we discuss what this means and what you need to do if you're using Auth0 tokens with your APIs. Summary: This policy controls how long a user can use a session token to get a new ID and session token after the last time they authenticated successfully by using multiple factors. Authentication. OIDC tokens are compatible with services built for OIDC compliance, such as Cognito by Amazon Web Services. First, security is hard to get right. These claims are statements about the user, which can be trusted if the consumer of the token can verify its signature. View pricing details. The founders of TokenWorks have been developing token and smart card-based technologies since 1992. Get id_token from alexa request when account link with cognito I need ID_TOKEN to access the Cognito Identity pool to implement the "sync user dataset". to update settings), you will need to use the App ID and App Token. 2 for Windows and Mac OS X Administrator's Guide 3 years ago in RSA SecurID Software Token for Microsoft Windows by Kevin Kyle RSA SecurID Software Token with Automation 4. It supports OpenID Connect (With OAuth2), which allows implementing authentication for web and mobile applications. To demonstrate we are going to call addRecord to add a record. Like the Web Token, the PC Soft Token is licensed per user, and can be reused if the user loses a laptop or leaves the organization. The value of iss in the ID token is equal to accounts. Then, click Show token. Get Azure AD Bearer Token (JWT) This script acquires a bearer token that can be used to authenticate to the Azure Resource Manager API with tools such as Postman. This is typically a random string of characters. Re: OATH2 Authentication - can "get ID Token" be automated in testing? You have to get project and make sure the scirpt is valid , in my code snippet you may need project and other variables defined, the previous reply had better complete code,. Download SQUARE ENIX Software Token and enjoy it on your iPhone, iPad, and iPod touch. I use the Cognito ID token to make RESTful requests to the API Gateway, letting the gateway perform the validation of the token. Native auth is the easiest way for users to connect with Foursquare. @Aleolly there is no "identityid" with cognito. Flow details: The client authenticates against a user pool. The ID Token is represented as a JSON Web Token (JWT) (Jones, M. get_open_id_token_for_developer_identity(**kwargs)¶ Registers (or retrieves) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process. This check is necessary to prevent ID tokens issued to a malicious app being used to access data about the same user on your app's backend server. In this integration, a trust is created between SecureAuth IdP (the OpenID Connect Provider) and Amazon Cognito. The refresh token is actually an encrypted JWT — this is the first time I've. Access Token authorizes to Cognito user pool APIs for updating user profile or. RSA SecurID Software Token FAQ's What is an RSA SecurID Software Token? An RSA Software Token can be installed onto your UPS authorized mobile device, allowing your mobile device to serve as your SecurID Token for remote access to the UPS network or RSA protected resources. Installation $ npm init $ npm install @mitchallen/cognito-login --save. NET Core MVC , AWS , Cognito AWS Cognito has two parts: User Pools and Federated Identities. Slack returns a response with two tokens: a token beginning with xoxa-2-, your access token encoding your current permission level with that workspace; and a refresh token beginning with xoxr-, used to refresh the access token when it expires. js will be copied to your configured source directory, for example. Step by Step: Obtaining the Amazon Seller ID and Auth Token. Cognito Forms, a free online form builder that helps you collect information and payments. Step #1: lib/awsSDK. ID Token contains details about the user attributes and can be used as an authorizer in AWS API gateway service. You should only need to supply a client ID and. Getting the tokens on login. IBO MEMBER COMMENTS. com is to play all of the games and enter all of the sweepstakes on PCH. Changed in v2. In the future these events could be used for "smart" reruns or a fault tolerance mechanism. Supplying multiple logins will create an implicit linked account. Get id_token from alexa request when account link with cognito I need ID_TOKEN to access the Cognito Identity pool to implement the "sync user dataset". Ask Question Asked today. Cognito-Node-Example. GET / GET /tokens/{token_id}. Using Cognito User and Federated Identities Cognito User Identities (Your User Pool) User Sign-in 1a Returns Access and ID Tokens 2a Cognito Federated Identities (Identity Pool) Get AWS scoped credentials 3 Access to AWS Services 4 DynamoDBS3 API Gateway SAML Identity Provider Example: Active Directory with ADFS 1bSign-in 2b Returns Tokens 10. The Javascript sdk handles refreshing of the tokens internally. Can't we get the tokens again with refresh token only? This comment has been minimized. We will be setting up AWS Cognito, which is a custom login pool (such as login with email). com and then click the Sign up for MWS button. Supplying multiple logins creates an implicit link. Conclusion. Audience represents the recipient of the token. An email has been sent containing your CDO web services token. All of Auth0's main SDKs support acquiring, using, and revoking refresh tokens out of the box, without you having to worry about formatting messages. The response to the refresh token grant is the same as when issuing an access token. Keep in mind it's dependent on js-sha256 for the SHA256 implementation, which is included for you if you use the example index. AWS Cognito uses JSON Web Tokens (JWTs) for the OAuth2 Access Tokens, OIDC ID Tokens, and OIDC Refresh Tokens. The example checks the token is signed by a valid certificate and it has not expired. RSA SecurID two-factor authentication is based on something you have (a software token installed in the Token app) and something you know (an RSA SecurID PIN), providing a more reliable level of user authentication than reusable passwords. when using the OIDC flow. But this can cause problem when using authorizers with shared API Gateway. Version: 17. get_open_id_token_for_developer_identity(**kwargs)¶ Registers (or retrieves) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process. Cognito IS NOT a login manager for any type of login (such as Facebook and Gmail), only for custom logins. Login with AWS Cognito; Add the session to the state; Load the state from the session; Clear the session on logout; Redirect on login and logout; Give feedback while logging in; Create a signup page. The SSO token handle. This contact will be made between the hours of 9am and 9pm EST seven days a week. CognitoIdentityServiceProvider(). Download the Citi MobileSM app from iTunes and Google Play. " }, "request_endpoints": [ { "POST /click/": { "description. The example checks the token is signed by a valid certificate and it has not expired. How about some generic that applies to any external authentication system. Place it in your project. Now you're ready to use your token. Download Defender Soft Token and enjoy it on your iPhone, iPad, and iPod touch. The OpenID is a great way when Office 365 authentication is needed within a web application. AWS Cognito User Pool Access Token Invalidation Since the integrated tools in AWS Cognito aren't enough to invalidate a token once a sign out has been triggered, here's a helpful workaround. He just showed a great shortcut. if that is intended design, but I had to user both Coginto Auth JS methods and Cognito ID methods to get things working and a successful session with both initiated. The user authenticates the skill on the Alexa app with credentials by signing in on the same client_id. AuthFlow (string) -- [REQUIRED] The authentication flow for this call to execute. This check is necessary to prevent ID tokens issued to a malicious app being used to access data about the same user on your app's backend server. The concepts are. 2 for Windows and Mac OS X Administrator's Guide 3 years ago in RSA SecurID Software Token for Microsoft Windows by Kevin Kyle RSA SecurID Software Token with Automation 4. Security tokens provide an extra level of assurance through a method known as two-factor. h" AM_EXPORT const char * am_sso_get_sso_token_id(const am_sso_token_handle_t sso_token_handle); Parameters. Flow 1: Get Access Token from Client Credentials (Client credentials Grant) The most basic option is to use our Client ID and Secret in order to get an access token. But to how validate them? Like identity cards, they contain a number of attributes, or claims. Below CURL command should return an access token //Replace app client id and secret accordingly. validating token example from 3rd party. You can use Amazon Cognito to deliver temporary, limited-privilege credentials to your application, so that your users can access AWS resources. The Android Client ID will be used in your Android app to authorize the OAuth flow directly with Google allowing your users to authenticate with Google using their Google login credentials. Get the authentication token. First, security is hard to get right. When using graph. GET: List of feed. After you’ve filled out the required fields and clicked Create a New App ID, you’ll be taken to your new App’s dashboard. You generate the token from your Atlassian account, then copy and paste it to the script. The ID and access tokens expire after one hour, but your app can use the refresh token to get new tokens without having the user re-authenticate. The application exchanges the ID token for a Cognito token. NULL if sso_token. You can grab the uid of the user or device from the decoded token. roles (Required) - The map of roles associated with this pool. Gets the SSO token ID for this session. If you have started a credit application and saved your data for later, you were emailed an Application ID and asked to save it. pl/public/4uunz/jlzke. ID Token contains details about the user attributes and can be used as an authorizer in AWS API gateway service. Now, we have successfully setup a OAuth2 agent in Cognito. To use them after that you'll need the refresh token to refresh the access/id tokens for another hour. Clicking the button invalidates your existing token. I've seen examples using the Facebook SDK and it's stupid simple to say Fb. identity_pool_id (Required) - An identity pool ID in the format REGION:GUID. User Pools provides us with a JSON Web Token, so we can use it as an authorizer for any existing API, while with Identity Pools we get temporary AWS credentials, which means that is meant to utilize AWS resources. AWS Cognito User Pools is a fully managed identity provider service offered by Amazon Web Services. This check is necessary to prevent ID tokens issued to a malicious app being used to access data about the same user on your app's backend server. I use the Cognito ID token to make RESTful requests to the API Gateway, letting the gateway perform the validation of the token. Cognito takes the ID Token that you obtain from the OIDC identity provider and uses it to manufacture unique Cognito IDs for each person who uses your app. If more than one user signed the document, this token lists (as a multi-value token) the ID numbers of each signature. Summary: This policy controls how long a user can use a session token to get a new ID and session token after the last time they authenticated successfully by using multiple factors. 4, I saw four new tokens, amongs them is T_CALLABLE. string Required. NET Core MVC , AWS , Cognito AWS Cognito has two parts: User Pools and Federated Identities. Your Refresh Token can be used along with the Access Token, and the Id Token to obtain a valid user session. Having signed in to the User Pool and acquired an access token, there are two main ways it can be used. Posted by Edd Mann on Jun 26, 2018. account_info()["display_name"] Note that the generated access token only works for your own Dropbox account. You can optionally add additional logins for the identity. Under Cognito tab, enter User Pool ID and App Client ID of the User Pool created in the Create a Cognito user pool chapter. At Request Header we can also send Token ID so at Lambda level we can have info about user who has accessed the resource, his attribute values etc. It supports OpenID Connect (With OAuth2), which allows implementing authentication for web and mobile applications. It will navigate to the next screen to create a new IAM role by default, to provide. Add Records to the CognitoSync Dataset back to Part 2 The complete code for the tutorial is at GitHub. So we should analyze the access token in the request we just captured : So the resource we need should be : 74658136-14ec-4630-ad9b. In addition, if you are already leveraging other AWS services for your mobile application, you can use your user pool as an identity provider for your AWS credentials. To get Amazon Cognito user details contained in an Amazon Cognito JSON Web Token (JWT), you can decode it and then verify the signature. The first thing to do is to get the element that will trigger the Twitter authorization and binding its click event with a function. You can optionally add additional logins for the identity. The value of aud in the ID token is equal to one of your app's client IDs. com Job Fair 2019, Chattogram 9 & 10 April, 2019 (Tuesday & Wednesday) Venue: GEC Convention Center, Chattogram. Assuming Kong environment is set up and operating as expected, this blog helps to Validate Cognito tokens in Kong. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server. Changed in v2. To use them after that you'll need the refresh token to refresh the access/id tokens for another hour. Follow us: api-subscribe@ml. At that time when I configured alexa smart skill and Cognito, I found alexa initiated discovery request just with accesstoken. Under Cognito tab, enter User Pool ID and App Client ID of the User Pool created in the Create a Cognito user pool chapter. In order to make authorized calls to External Authentification Server APIs, your application must first obtain an OAuth access token. The Authoreon A-ID enables you to verify, authorize, authenticate or certifyany identity or asset – fast, seamlessly and securely on the Blockchain. Many serverless applications need a way to manage end user identities and support sign-ups and sign-ins. Interestingly highlight_string is still working, but I couldn't see why. Verify ID tokens using the Firebase Admin SDK. This is an example of how to protect API endpoints with Auth0 or AWS Cognito using JSON Web Key Sets and a custom authorizer lambda function. When using graph. The Javascript sdk handles refreshing of the tokens internally. I’m using the PHP SDK:. Optionally, to use other AWS services, include a build of the AWS SDK for JavaScript. get_open_id_token_for_developer_identity(**kwargs)¶ Registers (or retrieves) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process. If the response did not include a Refresh Token, check that you comply with the Restrictions listed in this document. You can find your access tokens, create new ones, or delete existing ones on your Access Tokens page or programmatically using the Mapbox Tokens API. HttpMethod. Authority is the address of the token issuing authentication server. 1 day ago · Soldiers to Get Wearable Token in Place of CAC Card for Battlefield Computer Access 8:00 AM Military. Hi, So that was a nice presentation from Mr. get_open_id_token (identity_id, logins=None) ¶ Gets an OpenID token, using a known Cognito ID. A token makes development easier if you just plan to use the API for yourself. The response contains an access token, id token and refresh token, each encoded as a JSON Web Token (JWT). com is to play all of the games and enter all of the sweepstakes on PCH. If you have installed the Azure PowerShell module from the PowerShell Gallery you may need. Get raw ID token. Authentication. Re: OATH2 Authentication - can "get ID Token" be automated in testing? You have to get project and make sure the scirpt is valid , in my code snippet you may need project and other variables defined, the previous reply had better complete code,. AWS Cognito uses JSON Web Tokens (JWTs) for the OAuth2 Access Tokens, OIDC ID Tokens, and OIDC Refresh Tokens. Let's first make a user pool by clicking on "Manage your User. a word, punctuation symbol, whitespace, etc. Supplying multiple logins will create an implicit linked account. I just want the token and pass it to an API which will extract authentication information from token and use it for some specific purpose. To get Amazon Cognito user details contained in an Amazon Cognito JSON Web Token (JWT), you can decode it and then verify the signature. You can for example use these tokens to test REST API calls when building an add-on. You can also set the expiry in cookies. log('Token refreshed. Note: verifying app authenticity is available only for apps distributed by Google Play. You must ensure that these tokens are handled securely by transmitting them only over HTTPS and only via POST data or within request headers. As a developer, you can choose the expiration time of refresh tokens, and therefore. sent_start property is deprecated and has been replaced with Token. The authorization parameters, AuthParameters, are a key-value map where the key is “REFRESH_TOKEN” and value is the actual refresh token. The token provides a secure way for a website to ask Instagram's permission to access your profile and display its images. There are some docs in AWS that give an overview. It does work, however, if I add an audience when retrieving the refresh token in the first place. Amazon Cognito returns three tokens: the ID token, access token, and refresh token—the ID token contains the user fields defined in the Amazon Cognito user pool. Authenticate a user with Cognito User Pool and acquire a user token. Getting the tokens on login. After covering these features, we will have a full fledged user management system completely on AWS. This access token will only work within the Origin URL you specified when registering the application. Any suggestions for accessing the URL fragment from backend is appreciated! Note: I am able to extract the URL fragment on the browser using window. You can read about how to get it in the article How to get Instagram Access Token? of our blog. all prices for pogo tokens listed below. signIn() method from AWS Amplify. This is a public API. Do you have plans to revoke tokens before User Pool goes GA?. If you have forgotten or do not have a token, click the Get Access Token button below. This section describes how to get credentials and how to retrieve an Amazon Cognito identity from an identity pool. When a user enters data into one of my forms Cognito assigns it an "Entry. If scope is set to openid, then the ID Token will contain only the iss, sub, aud, exp and iat claims. Firebase ID tokens are short lived and last for an hour; the refresh token can be used to retrieve new ID tokens. GitHub Gist: instantly share code, notes, and snippets. js and Express. If you are over the age of 18, you can use your tokens to enter monthly draws for a wide range of prizes by clicking on the "Redeem Tokens" link below your token balance at the top of PCH. Verifying the ID Token. This gist is great - thank you! For anyone who is trying to run this as a script locally, for programmatic access to an access token for database testing, etc - add the following line somewhere near the top of your index. This known Cognito ID is returned by GetId. Put together a small tutorial on how to use refresh sessions of Cognito User with Node. Installation. The following is showing the SRP math ported from the AWS Cognito Android SDK. As mentioned earlier, app access tokens are only for server-to-server API requests. How to refresh Cognito ID token in Android. GET / GET /tokens/{token_id}. You can get an ID Token for a user after they successfully authenticate. cl-cognito: A Common Lisp Interface to Amazon Cognito. provides a tolerance on the token expiry time. parser() to check if its valid. There are some docs in AWS that give an overview. The security model is the same as Facebook Access Tokens. But using token_get_all(), I can't get a T_CALLABLE token. Hi there, Another Cognito question, by far the most confusing service for me in AWS personally. Page Access Token. Create a token. Hi there, I am trying to create a new method in /serverice/cognito. But to how validate them? Like identity cards, they contain a number of attributes, or claims. Conclusion. These access tokens are similar to user access tokens, except that they provide permission to APIs that read, write or modify the data belonging to a Facebook Page. The response contains an access token, id token and refresh token, each encoded as a JSON Web Token (JWT). 5) Lambda@edge function to auth against cognito and set token in cookie. Is there any sign in mechanisum to get life time session id or access token from sales force 3. No more standing in line for tokens or drink tickets! Other features include: - receive event alerts and information; - receive FREE promotional tokens to use. Now, we have successfully setup a OAuth2 agent in Cognito. The constant SID can also be used to retrieve the current name and session id as a string suitable for adding to URLs. The ID Token is a security token that contains Claims about the Authentication of an End-User by an Authorization Server when using a Client, and potentially other requested Claims. An OpenID token, valid for 15 minutes. My assumption is that accessToken is the token for AWS Cognito - but how do I use it? I need to get the CognitoUser information. Gets an OpenID token, using a known Cognito ID. We are going to create a Cognito User Pool to store and manage the users for our serverless app.