I am working on migrating all our users from our DB to a managed service, and we're considering AWS Cognito.
We want to use Cognito for Authentication and Access Control.
For access control, we're thinking about putting the user claims in the access token which is possible using the pre-token generation lambda and using them in the resource servers
The thing is I am not sure that this is the "right way" to do it using OAuth 2.0 and OpenID Connect.
Are we doing it right? is there a better way?