integration of cognito with verified permissions

Question

in verified permissions can we do authorization process using access token from cognito:groups users.i have done the matching with sub value but i need to do with cognito:groups for my requirement for multiple users.using id token i have done different matches but while using  access token i have done only with the sub value.is there any methods to do the authorization process using access token for handling multiple users. the best practice of authorization process is with using access token so i need methods using with access token

Answer

Hi jai,  
Using Cognito groups with IsAuthorizedWithToken() call is not yet supported. You have a couple of alternatives:
* Switching to use isAuthorized() and manually verifying / unpacking token and then constructing principal portion of entity slice yourself
* Using [scope from access token](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/identity-sources_map-token-to-schema.html#identity-sources_map-access-token) as a way to match mulitple users

Answer

Unfortunately the isAuthzWithToken API does not currently support groups.

I would recommend using the plain vanilla IsAuthorized API instead. In this scenario, you would translate the token to a user entity and pass the entity to the IsAuthz API. You can find sample code for translating the entity and sending it to AVP [here](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/identity-providers.html#identity-providers_other-idp)

integration of cognito with verified permissions

Relevant content