diff --git a/moto/cognitoidp/models.py b/moto/cognitoidp/models.py
index 0c1cda80e..20b49a8c0 100644
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@@ -539,7 +539,7 @@ class CognitoIdpUserPool(BaseModel):
             "token_use": token_use,
             "auth_time": now,
             "exp": now + expires_in,
-            "username": username,
+            "username" if token_use == "access" else "cognito:username": username,
         }
         payload.update(extra_data or {})
         headers = {"kid": "dummy"}  # KID as present in jwks-public.json
diff --git a/tests/test_cognitoidp/test_cognitoidp.py b/tests/test_cognitoidp/test_cognitoidp.py
index fb91777bc..bb9bbacc2 100644
--- a/tests/test_cognitoidp/test_cognitoidp.py
+++ b/tests/test_cognitoidp/test_cognitoidp.py
@@ -2893,6 +2893,7 @@ def test_token_legitimacy():
         id_claims["iss"].should.equal(issuer)
         id_claims["aud"].should.equal(client_id)
         id_claims["token_use"].should.equal("id")
+        id_claims["cognito:username"].should.equal(username)
         for k, v in outputs["additional_fields"].items():
             id_claims[k].should.equal(v)
         access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256"))