Cognito User Pool vs Google OAuth: Which Login Strategy Should You Use?
You're building a new app and hit the first real architectural decision: do you spin up a Cognito User Pool with email/password, or just drop in 'Sign in with Google' and call it done? The answer matters more than it looks — one gives you full control over identity, the other offloads credential management entirely, and Cognito can actually do both at the same time if you wire it correctly. TL;DR: Cognito User Pool vs Google OAuth Dimension Cognito User Pool (native) Google OAuth (federated) Cognito + Google (federated via Cognito) Credential storage Cognito manages passwords Google manages passwords Google manages passwords; Cognito holds the federated identity Token issuer Cognito (Cognito JWTs) Google (Google ID tokens) Cognito (Cognito JWTs, after federation) Your backend sees Cognito JWT Google ID token Cognito JWT (consistent regardless of login method) MFA support Yes (TOTP, SMS) Delega...