How can I get custom scopes in the access token when I make an InitiateAuth or AdminInitiateAuth API call?
3 minute read
I want to get custom scopes in my access token when I authenticate with InititateAuth or AdminInitiateAuth API calls.
An access token returns custom scopes when you use OAuth endpoints for authentication. However, the API calls InitiateAuth or AdminInitiate don't return custom scopes in the access token because the calls don't use OAuth endpoints during authentication. Note: Amazon Cognito allows you to customize access token. For more information, see Pre token generation Lambda trigger.
Before you begin, make sure you completed the following:
Note: Replace username and password with your username and password. Replace app_client_id with the app client ID, userpool_id with your Cognito user pool ID, and the region_name with the Region name where the user pool is located.
The pre token generation Lambda function adds the custom scopes when the access token is generated. Decode the access token to see the custom scopes. Note: You can modify other parameters such as user attributes, scopes, group configuration, and client metadata to generate access tokens with custom scopes.