Understand Cognito way of working

Hi Guys,
I am trying to create a small system where I could practice how to handle security aspect with Cognito.

What I have currently React + Amplify for login by Google, Facebook I will add signUp by email in password in close future. I don’t use Amplify magic for creating Cognito etc. I use it only for auth. I have also JavaScript code in Lambda for extracting users email.

Unfortunately I have more questions that answers. For example why when I login by Google/Facebook for Cognito I am a different user even when I use the same email. Can I merge them into one? Another think is how to create something more complex.
For example I would like to have 2 type of users [Admin and normal User]. One would can execute more Lambdas. But currently each of my lambda contains authorizer: aws_iam and I don’t know how to handle different level of access.

I have tried with custom lambda for token verifying but I don’t know how to extract users data from Cognito because I get only methodArn, authorizationToken with the request.