Exchange IdP tokens for Cognito tokens

I have a web application with existing login flows integrated with an external IdP for authentication. Now as part of the same UI, I'm introducing a new sub functionality that calls an API via API gateway. My requirement is to authorize this API call without re-authenticating the user and no changes to existing authentication flow. I have the following questions -

Would you recommend using Cognito in this scenario or use the existing IdP integration and authorize the API via Lambda Authorizer?
Could both work together - i.e continue using the existing IdP integration but leverage cognito only for the new functionality without re-authentication? If yes, can you please share some references or approach on how to configure this?
Following point 2, is it possible to exchange the IdP tokens with Cognito tokens without re-authenticating the user? If yes, what the API/command to do so?

Topics

Security, Identity, & Compliance

Relevant content

External IDP Tokens in Cognito User Pools
camiloking
asked 2 years ago
Cognito IdP: Include "nonce" token in "id_token"
AWS-User-3007764
asked 2 years ago
AWS Cognito Federated IDP - refresh access token
PD
asked 6 months ago
Revoking cognito refresh token on deleting/disabling external IDP user
Imtiaz
asked a year ago
How can I decode and verify the signature of an Amazon Cognito JSON Web Token?
AWS OFFICIALUpdated 2 years ago
How do I set up OneLogin as a SAML identity provider with an Amazon Cognito user pool?
AWS OFFICIALUpdated 8 months ago
How do I configure the hosted web UI for Amazon Cognito?
AWS OFFICIALUpdated 2 years ago
How do I get IdP-issued OIDC or social identity tokens for Amazon Cognito user pools?
AWS OFFICIALUpdated 2 months ago
AWS Cognito Finally Supports Custom Claims for Access Tokens
EXPERT
Antonio_Lagrotteria
published a month ago
How to Rotate your External IdP Certificates in AWS IAM Identity Center (successor to AWS Single Sign-On) with Zero Downtime
EXPERT
Matt-B
published a year ago