Hi Zubin,

I have not tried custom authentication flow. Since custom authentication flow doesn’t follow the OAuth2 specification, I think AWS doesn’t support scopes for that flow. If you can build your application to post a SAML assertion back to AWS, I think you can configure it as a Identity Provider and initiate the authentication using OAuth2 Authorization code grant flow.