AWS cognito: What's the difference between Access and Identity tokens?
Just reading the docs, they seem very similar to me so I can't really discern why to use one over the other. Although identity token seems better since it has custom attributes on it from the user pool (eg:
custom:blah and the default ones like
Right now, I am working with an app that passes the access token back down to the browser so it can use it for making ajax REST calls (there is an auth filter that expects this access token and validates it). Could I just switch out the access token with the id token? The current validation logic is to just get the
sub field (the uuid) from the access token, but this
sub field is also present in the identity token (as well as practically every other attribute except the
aud which I don't need). I just want to make sure I am understanding this right as it is confusing to me why both tokens exist and seem so similar.