Currently, it is impossible to create a custom authentication with AWS Cognito, because Cognito uses multiple/rotating signing keys to sign its JWT.

I assume for this to work, we should be able to set a JWKS endpoint - "https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json".

Cheers