Access token customization
Note
This page covers the additional capabilities that Amazon Cognito user pools advanced security features add to pre token generation Lambda triggers. For a full overview of pre token generation triggers, see Pre token generation Lambda trigger.
User pool access
tokens
Advanced security features add to the existing functions of a pre token generation trigger. Without advanced security features, you can customize ID tokens with additional claims, roles, and group membership. With advanced security, you can additionally customize access tokens with claims, roles, group membership, and OAuth scopes. Access token customization isn't available to machine-to-machine (M2M) client credentials grants.
To customize access tokens
-
Activate advanced security features.
-
Create a Lambda function for your trigger. To use our example function, configure it for Node.js.
-
Populate your Lambda function with our example code or compose your own. You function must process a request object from Amazon Cognito and return the changes that you want to include.
-
Assign your new function as a version 2 pre token generation trigger.
For more information, see Customizing the access token.