in oauth2 login, the gateway sends request to authorization server and adds what scopes it requires, and after seccessfull login in cognito, cognito adds scopes requested in the token.
the problem with this is i would need to predefine the scopes and this is bad, it says every user that logs in would get all the scope and there is noway to differentiate access level.