Hello, so recently I came across this very useful graphic outlining the recommended architecture for games using GameLift. From reading various answers on this forum as well as reading some blogs, these are the following points I have concluded (please correct me if I am wrong).
Clients first authenticate themselves by passing their user-inputted credentials (username and password) to Cognito, and a token is generated by Cognito for the client to use in addition to other user information in future requests to a client-backend service that will handle all GameLift service requests.
This client-backend service could be simple AWS Lambda functions that use the AWS GameLiftClient functions and models since it is not recommended to use the GameLiftClient class directly in your game client. Therefore, the client will go through Lambda directly instead.
These Lambda functions will do all the dirty work in terms of using matchmaking potentially to find a game session, creating one if need be, and allocating a player session for the client. However, Lambda should just simply return the connection information for the client to join the game.
My question is, are user credentials stored in Cognito, or are they stored in a database such as DynamoDB that is connected to Cognito. Basically, how does Cognito verify a user from a set of credentials? And to further expand on this, for OAuth 2.0, how does Cognito verify users when they input a set of credentials from external providers such as Facebook, Google, etc.?