I have a set of users in a Cognito User Pool. These users, and ONLY these users, are allowed to login to my webapp.
Now I want to allow these users, and ONLY these users, to have the option to login either via Facebook or via their login credentials. In other words, I want to allow a person to login to my app using either Facebook or their Cognito login credentials and get access to the same Cognito User account, regardless of whether they logged in using FB or Cognito. Just to be clear, a FB user without a Cognito user account would not be allowed to login to my app. How do I do this? Is this possible? It seems to me that I have to find a way to map each of the Cognito user's Cognito User Pool account with their corresponding Facebook account.
From the Cognito documentation on AWS, it seems that when I add Facebook as a federated Identity Provider, this means a user can login via EITHER Cognito or Facebook, and all Facebook users who can login to Facebook can now login to my app. This is NOT what I want! Just because a person is authorized to use Facebook does not mean they are authorized to use my app!
So, how do I allow a user in my Cognito User Pool to connect his/her Facebook account so that the user has multiple ways of logging in to the same Cognito user account?
