As of today you can't add custom attributes to Cognito access token. You probably could achieve mapping AD groups to Cognito groups but I wouldn't recommend that, management would probably be unnecessarily complex and potentially error prone. Another way would be to see if customer could use id_token instead. You can map AD attributes to Cognito ones and those are included in id_token.
- AWS公式更新しました 2年前