I have a user pool in my Amplify project that has a single custom field configured incorrectly. Because you can't edit or delete the fields, my plan is to recreate the user pool. The app isn't in production yet so having some downtime is ok.
My question is, what is the cleanest way to recreate a user pool within the Amplify CLI? I need it to be identical in every way except for that single custom field. When I attempt to remove the auth category it throws an error because of the admin query API and my lambda functions.
Ideally I wouldn't have to run through the steps of creating it, my current configuration would be used.
Any ideas?
Thanks!
Related
I'm having trouble implementing a feature where I need check if a user does not exist or is existing in cognito but as federated user. The prior is done without trouble but I'm stuck on the latter without any clue. I went through the cognito and amplify documents but couldn't find any clue. Could there be a work-around or a function that I don't know about, any suggest is welcomed.
You can create a mutable custom user attribute on Cognito such as isFederatedUser and set this on user during user creation.
If this is not possible, you can call list-users and filter the identities attribute.
I am using AWS Cognito for auth. I am using AWS Amplify framework.
Currently I have email-password signup option. On Cognito PostConfirmationTrigger I add user to User DynamoDB table.
I want to add google signup option as well.
In federated sign-in (signup time), this trigger is not triggered so I am unable to add user to User DynamoDB table.
Any hints how can I invoke that trigger lambda only for first time federated sign-in (signup)?
The post confirmation trigger is worth avoiding as it also doesn't trigger for admin confirmations. Reimplement it as a post-authentication or pre-token-generation trigger and, if need be, add a condition expression to your put item request to avoid overwriting existing user items.
Cognito is a bit borked when it comes to federated sign-on and triggers. Triggers only seem to be called the first time a user logs in.
Is there a way I can update another user attributes using AWS amplify with cognito? I.e. when user reply to a post I want to change a rating of a person that started a thread. Or for this I will need a table in DB to manage it.
In docs i see that there is a method:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminUpdateUserAttributes-property
but I dont see a way to use it in Amplify.
I have not seen any API of aws-amplify which can alter user attributes as admin.
Generally, it is good practice not to duplicate data or keeping data duplication minimal if unavoidable. In other words, keeping a single source of truth. Use Cognito as only for authentication, I mean obtaining JWT token.
Rating, user basic info, and role; keep those at your own data source.
I deployed a user pool in Cognito which now needs additional custom attributes. These can't be added after the fact. Is it possible to now move those users from the old user pool to a new user pool? I saw mention of using a Lambda to do this, but seems like a fairly common case and Lambda seems unnecessarily complicated when you just want to export/re-import user data especially between user pools in the same AWS account.
I would like to limit the access to my cognito service.
My scope is to filter all the calls to cognito adding a server layer that allow me to do specific actions when the user uses the service.
I know that triggering events is the right way to do this but the events in cognito are very limited and a lot of stuff can not be done. For example if the Authentication fails for some reason the postAuthentication event is not triggered.
Another use case can be the validation of the attribute, or limit the reading of some attribute.
The only idea I've is to hide the IdentityPoolId or the UserPoolClientId but seems pretty unsafe.
There are two approaches in using AWS Cognito UserPools.
Using Hosted UI.
Using the SDKs/RESTAPI and Implement Your Own API and UI interface.
Using Hosted UI
If you go with the first option, pretty much of the things are handled by AWS and the control you have is limited. However, you can do certain configuration using triggers. On the other hand, you have lesser risks from your side since you are maintaining a limited code.
Using the SDKs/RESTAPI
If you go with the second option, you can limit Cognito UserPools as required putting the logic inside your own code. This allows limiting access as you desire. However, you have to write custom code to authenticate and signup users.
Mix of Both
It is also possible to use a mix of these approaches. For example, you can write custom code for signup but for sign in use hosted UI.
Custom Attributes and Claims
Also if you plan to return attributes based on your custom rules, use the trigger Pre token generation. Amazon Cognito invokes this trigger before token generation allowing you to customize identity token claims.
Note: A similar approach can be done for the Cognito Identity Pools.