Serverless Cognito User Pool authorizer

Question

I want to use my Cognito User Pool as the authorizer for all my lambda functions deployed through the Serverless Framework and API Gateway.

The Serverless docs mention that this is possible as follows, which exposes claims at event.requestContext.authorizer.claims:

functions:
  create:
    handler: posts.create
    events:
      - http:
          path: posts/create
          method: post
          authorizer:
            arn: arn:aws:cognito-idp:us-east-1:xxx:userpool/us-east-1_ZZZ
            scopes:
              - my-app/read

Or, if you want more control of which attributes are exposed as claims, use the following implementation which exposes claims at events.cognitoPoolClaims:

functions:
  create:
    handler: posts.create
    events:
      - http:
          path: posts/create
          method: post
          integration: lambda
          authorizer:
            arn: arn:aws:cognito-idp:us-east-1:xxx:userpool/us-east-1_ZZZ
            claims:
              - email
              - nickname

I have a few questions about this and I'm attempting to find the answers online, but the terms are all commonly-used and it's hard to know what to search for and recognize the correct answer. The docs also seem to show a few examples, but never specifies all the available options (as far as I've seen). I'd appreciate some clarification on the following or a link to the docs where it may explain some of this in more detail:

1. What scopes are available? (e.g. scopes: my-app/read)

2. What is the difference between exposing the claims at event.requestContext.authorizer.claims vs events.cognitoPoolClaims?

3. Will this implementation work with httpApi functions, instead of http like the docs show?