Amazon Cognito user pools now support the ability to customize access tokens
In December 2023, Amazon Cognito user pools announced the ability to enrich identity and access tokens with custom attributes in the form of OAuth 2.0 scopes and claims. Today, we are expanding this functionality to support complex custom attributes such as arrays, maps and JSON objects in both identity and access tokens. You can now make fine-grained authorization decisions using complex custom attributes in the token. This feature enables you to offer enhanced personalization and increased access control. You can also simplify migration and modernization of your applications to use Amazon Cognito with minimal or no changes to your applications.
Amazon Cognito is a service that makes it simpler to add authentication, authorization, and user management to your web and mobile apps. Amazon Cognito provides authentication for applications with millions of users and supports sign-in with social identity providers such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via standards such as SAML 2.0 and OpenID Connect.
Access token customization is available as part of Cognito advanced security features in all AWS Regions, except AWS GovCloud (US) Regions.
To get started, see the following resources: