Here is a brief description of the three tokens you spoke of. I will try to link you to more detailed documentation where possible.
- Token : This is an OpendId Connect compatible identifier token issued by Cognito Identity that confirms user identification in a signed and verifiable manner. Consider this token as a digital identification card that customers can use to verify the identity of users. You can refer to the cognito API documentation for details on how to get this token and this documentation for more details on how to check this token as a client.
- SessionToken . This token is issued by the service as an AWS user session descriptor along with temporary AWS credentials. Cognito calls STS on your behalf and returns the returned temporary credentials. When using other AWS resources using the issued temporary credentials, this token must be part of the past temporary credentials. See the cognito help system and STS documentation for more information .
- SyncSessionToken . This is the identifier issued by the Cognito Sync service after initiating the synchronization operation. This synchronization operation is used as a unit to synchronize Cognito synchronization. Synchronization ends when you execute successful write / update records using this token or this token expires.
Hope this helps.