using cognito user pool in aws lambda function to consume google photo api

Question

i build a small service to get photos from google photos shared album in aws lambda function. regarding permissions - 1.i created cognito user pool that i connected the lambda function under Resource-based policy statements 2.i added an IAM role with all the neccesery cognito policies and connected the lambda function under Execution role

i tried both type of service authentication and user authentication but both are not working

this is the code including method for user and method for server -

import os
import json
import boto3
import requests
from google.oauth2 import credentials
from google.oauth2 import service_account
from google_auth_oauthlib.flow import InstalledAppFlow
from googleapiclient.discovery import build


# Load OAuth 2.0 credentials from environment variables
def authenticate_with_service_account():
    # Load the service account credentials from the JSON key file
    creds = service_account.Credentials.from_service_account_file('key.json', scopes=['https://www.googleapis.com/auth/photoslibrary'])
    # Build the service with the authenticated credentials
    service = build('photoslibrary', 'v1', credentials=creds,static_discovery=False)
    return service
    
def authenticate_with_oauth():
    flow = InstalledAppFlow.from_client_secrets_file('credentials.json', scopes=['https://www.googleapis.com/auth/photoslibrary'])
    creds = flow.run_local_server(port=0)
    service = build('photoslibrary', 'v1', credentials=creds,static_discovery=False)
    return service

def get_all_photos_from_shared_album():
    service = authenticate_with_oauth() #client oauth from browser
    #service = authenticate_with_service_account() # service account Oauth
    shared_album_id = '{album ID}'
    all_photos = []

    # Get the list of media items (photos) in the shared album
    next_page_token = None
    while True:
        results = service.mediaItems().search(
            body={'albumId': shared_album_id, 'pageSize': 100, 'pageToken': next_page_token}).execute()
        photos = results.get('mediaItems', [])
        all_photos.extend(photos)

        next_page_token = results.get('nextPageToken')
        if not next_page_token:
            break

    return all_photos

def lambda_handler(event, context):
    all_photos = get_all_photos_from_shared_album()
    # Now 'all_photos' contains all the photos from the shared album
    # You can further process or cache them as needed

json strcuture for key and authenticate_with_service_account method -

{ "type": "service_account", "project_id": "{set by dev}", "private_key_id": "{generated from google}",
"private_key": "{generated from google}", "client_email": "{generated from google}", "client_id": "{generated from google}",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/yourspecificservice.iam.gserviceaccount.com", "universe_domain": "googleapis.com" }

json structure for credentials and authenticate_with_oauth -

{ "web":{ "client_id":"{generated from google}", "project_id":"{set by dev}", "auth_uri":"https://accounts.google.com/o/oauth2/auth", "token_uri":"https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs", "client_secret":"{generetate from google}", "redirect_uris":["https://coggoogle.auth.us-west-1.amazoncognito.com/oauth2/idpresponse"], "javascript_origins":["https://coggoogle.auth.us-west-1.amazoncognito.com"] } }