For integrating supertokens with lambda authorizer, is it good practice to include in the returned context the claims of the jwt? Or should it be decoded in my backend service?