Hello,
We are now facing an issue about the scope of "aws.cognito.signin.user.admin" after using initiateAuth method for signing in to Cognito, as we found this scope has given a lot of API actions when the user gain the token. For the condition of using initialAuth() method from Cognito with USER_PASSWORD_AUTH and Client Credentials grant flow, any possible solution to change the scope?
And if Authorization Code Grant flow is needed to be selected in order to switch to other possible scopes, is it possible for not using the hosted UI as the login form and retain the initialAuth() method with USER_PASSWORD_AUTH and applying the new grant flow? Thanks.
Regards,
Jimmy Shum
