Well first I think it’s a tradeoff you have to make when using service for the authnetication/authorization. Whether you are going to implement all the things by yourself with all the security considerations or speed up the work using a service. Besides as I think this sort of a migration would happen highly unlikely, however if you expect such a migration you can use the cognito triggers to store the users in your own database with a id that you generate and include that id in the token generated by the cognito. Then your id can be used for storing user specific data at your backend. Now if you need to migrate, it’s a minor effort to map the user with the new system.