Can I use Cognito Access Token to generate an ID Token?

Question

Is it possible to use the Cognito Access Token to generate an ID Token? I couldn't find any documentation on this online.

I'm trying to get an ID Token with custom claims, but the existing solutions don't work for my situation (details here). As a workaround, I'm thinking of manually asking Cognito for an ID Token directly with the Access Token after the user logs in.

What I tried

• calling Cognito's /oauth2/userinfo endpoint only returns the basic claims, not the custom claims I had added via the pre token generation lambda trigger.
• Adding custom claims/attributes to the access token. Seems like that's not supported.
• Idea I haven't explored: use Amplify and somehow get ID Token through there?

Answer 1

You can use your access token to call the getUser method on the Cognito API: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html That will provide the user attributes: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

This provides the same data as you get on the ID token.