Sending id_token Instead of access_token on fetch with Cognito

I’m developing a Jira plugin using Forge and setting up authentication with AWS Cognito. I need the fetch to send an id_token to my API and need to get access to the user email on the token. However, an access_token is being sent instead and no email info. I am following the Atlassian tutorial on using dynamic profiles with external authentication (https://developer.atlassian.com/platform/forge/implement-a-dynamic-profile-retriever-with-external-authentication/).

How can I configure my Forge app to ensure the id_token is sent instead of the access_token?

My manifest.yml:

function:
    - key: resolver
      handler: index.handler
      providers:
        auth:
          - cognito-auth
    - key: cognito-profile
      handler: auth.retriever
...
actions:
        authorization:
          remote: aws-cognito
          path: /oauth2/authorize
        exchange:
          remote: aws-cognito
          path: /oauth2/token
        revokeToken:
          remote: aws-cognito
          path: /oauth2/revoke
        retrieveProfile:
          remote: aws-cognito
          path: /oauth2/userInfo
          function: cognito-profile

My auth.js:

export const retriever = (response) => {
  console.log(response)
  const { status, body: externalProfile } = response;

  console.log(externalProfile);
  if (status === 200) {
    return new AuthProfile({
      id: externalProfile.sub,
      displayName: externalProfile.email || externalProfile.name,
      avatarUrl: externalProfile.picture,
    });
  } else {
    throw new Error(
      `Could not determine profile information. HTTP ${status}`
    );
  }
};