I am looking into using amazon-cognito-identity-js with my React frontend and boto3 with my Python backend. Once I have a user signed in on the frontend, how can I send an API request to my backend and have the backend verify that the user is signed in before giving data back?
Is it the ID, access or refresh token? If so are these JWT tokens that require a separate library to verify? Or can it be verified within boto3 to check the user's session is active?
This is an example using the serverless framework, here the API endpoint is secured using the Cognito User pool.
Then you just need to add this jwt token you got when user authenticated to the header and send the request to the server