JWT SSO With Cognito

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple.
The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for your app users. Identity pools enable you to grant your users access to other AWS services. You can use identity pools and user pools separately or together.
Authentication typically consists of a user entering using a username or email and a password and then being granted access to different resources or services.
Authentication, by its very nature, relies on keeping the state of the User. This seems to contradict a fundamental property of HTTP, which is a stateless protocol.
JSON Web Token (JWT) provides a way to solve this issue. Your Angular app can talk to a backend that produces a token. The Angular app can then pass that token in an Authorization header to the backend to prove they are authenticated and needs access to the particular route or resources. The backend should verify the JWT and grant access based on its validity.