# Web Identity Federation

* Federation allows users to authenticate with **Web Identity Provider** (Google, Facebook, etc).
* The user authenticates first with Web ID Provider and receives a token, which is exchanged for temporary AWS credentials allowing them to assume IAM role<br>
* **Cognito** is an **Identity Broker** which handles interaction between your applications and the Web ID Provider:
  * Provides sign up, sign in, and guest user access
  * Syncs user data for a seamless experience across your devices
  * Cognito is the AWS recommended approach for Web Identity Federation, particularly for mobile apps.
* Cognito uses **User Pools** to manage user sign up and sign in directly or via Web ID Provider
* Cognito acts as an Identity Broker, handling all interactions with Web ID Provider
* Cognito uses push synchronization to send a silent push notification of user data updates to multiple device types associated with a user ID.

**STS AssumeRoleWithWebIdentity**

* Part of STS (Security Token Service)
* Allows users who have authenticated with Web ID Provider to access AWS resources
* Once the user has authenticated, the application makes the '`assume-role-with-web-identity`' API call.
* If successful, STS will return temporary credentials enabling access to AWS resources
* AssumedRoleUser ARN and AssumedRoleID are used to programmatically reference the temporary credentials - not an IAM role or user.
* Mobile apps should use Cognito for federation instead of STS AssumeRoleWithWebIdentity


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notebook.iuriioapps.com/cloud/aws/security_and_compliance/web-identity-federation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.