Cognito is a tool to get authentication from someone
The redirect URI is the URI that handles the code to token exchange.
Once a user has finished logging in your app does whatever you want with the logged in user
Not sure how/where/why an extension comes into this.
Since cognito is used as a method to get login from a user to then utilise your webapp or something.