Currently we have a field named 'username' which is a UUID for the user and an e-mail address field, which is used for logging into the application.
However, when logging in using the Hosted UI, the username field of the access_token is populated with the UUID field. But when logging in using SRP_AUTH with the Amplify module, the username property in the access_token is populated with the e-mail address.
Using the USER_PASSWORD_AUTH Flow, the access_token is populated with the username, but we cannot use this flow because it doesn't support MFA or device tracking.
We want a consistent access_token over all our apps, independent of the way we log in. How can we achieve this?