AWS API Gateway - using Access Token with Cognito User Pool authorizer?

Question

I am configuring an app with various frontends (mobile and web apps) and a single API backend, powered by Lambda and accessed via AWS API Gateway.

As I\'m planning to us

Answer 1

Yes, API Gateway will only use idToken to Authorize.

After user enters correct credentials, Access Code is provided by Identity provider authorizing that the user entered correct credential and this access code is used by client just to get you idToken and refreshToken from /oauth2/token endpoint for that given user. All your further calls would only use idToken in Authorization header.

Even that access code expires after you retrieve you user tokens.