Can Cognito be used to implement OAuth 2.0 for service to service authentication and authorization?
Yes and no. OAuth 2.0 is really only used for the authentication piece, it is not designed for authorization. That’s where OpenID Connect comes in (which is supported by Cognito). You can add your users to groups in Cognito and those can then be passed through in the id_token when the user logs in. You can then use the group membership for authorization in your application.