[DOCS] Include documented example for Identity Pool tokens

[EvanK]

When verifying tokens issued from a Cognito identity pool (instead of a user pool), one must use the generic JwtVerifier rather than the CognitoJwtVerifier, with the following issuer and JWKS uri:

import { JwtVerifier } from "aws-jwt-verify";

const verifier = JwtVerifier.create({
  issuer: "https://cognito-identity.amazonaws.com",
  audience: "us-east-1:1-2-3-4-5", // <- would be your identity pool id
  jwksUri: "https://cognito-identity.amazonaws.com/.well-known/jwks_uri",
});

try {
  const payload = await verifier.verify("eyJraWQ...");
  console.log("Token is valid. Payload:", payload);
} catch {
  console.log("Token not valid!");
}

[hakanson]

Can you clarify what you mean by "tokens issued from a Cognito identity pool"? From https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html

An Amazon Cognito identity pool is a directory of federated identities that you can exchange for AWS credentials. Identity pools generate temporary AWS credentials for the users of your app, whether they’ve signed in or you haven’t identified them yet.

I assume this is related to a re:Post answer of yours (https://repost.aws/questions/QUjjIB-M4VT4WfOnqwik0l0w/verify-openid-connect-token-generated-by-cognito-identity-pool) and you are referring to OpenID token returned from GetOpenIdToken

---

Sounds like this issue is just for documentation updates vs an CognitoJwtVerifier overload or another subclass of Verifier. Can you start a PR for this documentation change along with the scenarios where someone would use it?