- Más nuevo
- Más votos
- Más comentarios
For starters, you should definitely stick to using the access token for you're authorization needs against the API gateway. This is a best practice. The good news is you can now customize the access token using a Pre token generation Lambda trigger. This would allow you to add the necessary information to the access token. This feature is available with Cognito's advanced security features.
Otherwise, you could explore creating a backend mapping (ex: using DynamoDB) between the userId attribute (what you're ultimately needing) and the SUB of the user, which is present in the access token. Maintain the userId as the immutable identifier for the user for your solution and have an additional backend lookup to obtain the userId.
The ID token is meant for authentication. It contains claims about the identity of the authenticated user, such as user ID, username, and any custom attributes. The access token is meant for authorization. It grants the client application access to specific resources on behalf of the user. It is used to make requests to protected resources, such as API endpoints.
I see!
Thank you man!
I see! Thank you man!