AWS Certified Security - Specialty (#100)

The Security Engineer for a mobile game has to implement a method to authenticate users so that they can save their progress. Because most of the users are part of the same OpenID-Connect compatible social media website, the Security Engineer would like to use that as the identity provider. Which solution is the SIMPLEST way to allow the authentication of users using their social media identities?

Amazon Cognito
AssumeRoleWithWebIdentity API
Amazon Cloud Directory
Active Directory (AD) Connector