the way I do role based access is not via Cognito, it's a custom build system. I authenticate the end-user via Cognito and then I use roles to match against a role table. If the role doesn't match that API, I return access denied.
It's much easier to implement this and it's secure
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
the way I do role based access is not via Cognito, it's a custom build system. I authenticate the end-user via Cognito and then I use roles to match against a role table. If the role doesn't match that API, I return access denied.
It's much easier to implement this and it's secure