After successfully signing in, a session is returned.
A session contains :
- an ID token that contains user claims,
- an access token that is used internally to perform authenticated calls,
- and a refresh token that is used internally to refresh the session after it expires each hour.
More … Using Tokens with User Pools