The AWS amplify documentation provides a section on integration with NextJS and server side rendering. Specifically, it provides getCurrentUser() and fetchAuthSession() which can be run from the server using a server context. I am wondering if these can securely be used to identify a user without any extra steps.
For background, I am just beginning to learn about JWT. If a user modified their token to reflect the ID of another user, would my server component be able to tell just by running the provided functions (assuming the cookies might be modified)? The point is that I might make a call to a database or some other resource based on the user's identity.
I tried looking through the aws-amplify github repo, but wasn't able to find a concrete answer. I am not experienced at this.