I am trying to create a small system where I could practice how to handle security aspect with Cognito.
Unfortunately I have more questions that answers. For example why when I login by Google/Facebook for Cognito I am a different user even when I use the same email. Can I merge them into one? Another think is how to create something more complex.
For example I would like to have 2 type of users [Admin and normal User]. One would can execute more Lambdas. But currently each of my lambda contains authorizer: aws_iam and I don’t know how to handle different level of access.
I have tried with custom lambda for token verifying but I don’t know how to extract users data from Cognito because I get only methodArn, authorizationToken with the request.