Is it safe to use ID tokens with Cognito authorizers?
A common narrative is that one should always use access tokens to call your APIs, while ID tokens are strictly for identifying users.
But how much of that actually makes sense when you use Cognito authorizers with your API?
Are ID tokens inherently less secure?
What is the cost of using access tokens instead?
Ultimately, is it safe to use ID tokens, or should you switch to access tokens?