1. 技术文章
  2. Custom attribute not passed into ID_TOKEN created by AWS Cognito

Custom attribute not passed into ID_TOKEN created by AWS Cognito

我只是一个虾纸丫 提交于 2021-02-06 09:54:06

问题


I am not able to get custom attribute in ID_TOKEN returned from AWS Cognito after successful user login.

Steps I tried :

1.Created user pool 2.Created app client and checked the custom attribute(customattrib1,customattrib2)

User Pool screen :

Check custom attribute in app client config

3.Created user using admin-create-user api

Below image shows the value for user attributes:

4.Signed in user using aws-cognito-auth.js in client app.The ID token returned do not contain the custom attribute.

ID_TOKEN

{
  "at_hash": "PKfjYDaiEty5mUOyJZlPQA",
  "sub": "639d5016-2bd3-4c6f-b82d-21ae38071b09",
  "email_verified": true,
  "iss": "https://cognito-idp.ap-south-1.amazonaws.com/ap-south-1_XXXXXXX",
  "phone_number_verified": true,
  "cognito:username": "testuser",
  "aud": "XYXYXYXYX",
  "token_use": "id",
  "auth_time": 1549349674,
  "phone_number": "##########",
  "exp": 1549353274,
  "iat": 1549349674,
  "email": "testuser@somedomain.com"
}

I have already checked links below, which had some info regarding this issue, but nothing helped so far.

Adding Cognito custom attributes post pool creation?

Cognito User Pool custom attributes do not show up in the ID token if user pool is configured with a SAML identity provider

Cognito User Pool custom attributes do not show up in the ID token if user pool is configured with a SAML identity provider

https://www.reddit.com/r/aws/comments/a07dwg/cognito_add_custom_attribute_to_jwt_token/

Please help me figure out if I am missing something..


回答1:


  • In your Cognito user pool go to General Settings -> App Clients, then for each app client click on Show Details, then Set attribute read and write permissions. Check the checkbox next to your attribute name under Readable Attributes.
  • In your Cognito user pool go to App client settings -> Allowed OAuth Scopes and enable profile scope.



回答2:


I had the same trouble and your question came up when I was searching for a solution.

My custom attributes started to appear in ID token when I enabled profile scope in 'App client settings'. (available at: AWS console-> 'User pools'-> click your pool -> 'App client settings' -> 'Allowed OAuth Scopes')

(BTW: I was misled by this sentence from the documentation: "The openid scope returns all user attributes in the ID token that are readable by the client". In my case openid scope was not enough.)



来源:https://stackoverflow.com/questions/54530776/custom-attribute-not-passed-into-id-token-created-by-aws-cognito

标签
amazon-web-services
aws-sdk
amazon-cognito
openid-connect
aws-userpools
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!