Somewhat of multiple question but,

How does one perform authentication with Amazon Cognito User Pools, in .NET. I am initiating the Auth with the following:

var response1 = client.InitiateAuth(new InitiateAuthRequest()
            {
                AuthFlow = AuthFlowType.USER_SRP_AUTH,
                AuthParameters = new Dictionary<string, string>()
                {
                    {"USERNAME","User" },
                    {"SRP_A"  ,  A }
                },
                ClientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
            });

Their documentation is really, really bad, and I can't seem to find what to pass when I want to respond to the challenge.

client.RespondToAuthChallenge(new RespondToAuthChallengeRequest()
        {
            ChallengeName = ChallengeNameType.PASSWORD_VERIFIER,
            ChallengeResponses = { /*WHAT am I supposed to add here, and where can I find any documnetation on what is expected?*/ },
            Session =  response1.Session,
            ClientId = "xxxxxxxxxxxxx"
        });

On a side note, I want to use Cognito Federated Identities to protected a custom .Net API, so my idea is to use a Token returned by Cognito to pass as the JWT to the webapi side, where I would then decode and validate the token. Is this a expected way to use Amazon Cognito for? (I don't want to use amazon API gateway, for now at least).

I am assuming its just configuring OWIN with a default JWT middleware, or should I expected something else?

The developer guide touches on what needs to go into the request for both initiate auth and respond to auth challenge.

You will likely find it easier to offload the srp authentication to Cognito with the AdminInitiateAuth API (detailed in the same link), which will fill in these blanks for you.

The mobile SDKs have wrappers around SRP authentication for you, which help fill in these parameters, but other SDKs have no such features in place. You could use the code for the SDKs (all of which live in GitHub) to fill in things like SRP_A, but you'll likely find it far easier to just use AdminInitiateAuth.

This guy here describes how to do the SRP calculations in a .NET app. I had to add some logic to update the temp passwords issued when creating users in console, but other than that it works like a charm

AWS Cognito SRP Login in C# / .NET