I am working with Cognito User Pool, and I wonder if we can have a way to create a custom global attribute that available for all users ? I want to create this because we want to update the attribute later with only one time and place.
Yes you can create custom attributes for your Cognito User Pool.
See https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html and look at the section "Custom Attributes"
Related
I'm having trouble implementing a feature where I need check if a user does not exist or is existing in cognito but as federated user. The prior is done without trouble but I'm stuck on the latter without any clue. I went through the cognito and amplify documents but couldn't find any clue. Could there be a work-around or a function that I don't know about, any suggest is welcomed.
You can create a mutable custom user attribute on Cognito such as isFederatedUser and set this on user during user creation.
If this is not possible, you can call list-users and filter the identities attribute.
How can I define custom scopes on a per user basis using cognito?
For example I have scope resource1.read, resource1.write
I want user A to have resource1.read and resource1.write while user B has resource1.read only.
This is just a high level example. We have tons of different resources and wants to allow customers to manage what resource each user has access to.
I havent found a way to associate scopes with each individual users but only at a per pool level.
Is there a way to achieve this using only cognito or cognito + some AWS manged service or do I have to implement another API to manage the scopes myself?
we couldn't find a way to make scope work on per user basis so we ended up using the custom attributes instead.
if you have less than 25 scopes (cognito max limit) then you can use one attribute per scope. P.S. just be aware you can't rename/remove the attribute once its in place unless you delete the whole pool and start over again.
For example your attributes might look like:
custom:resource1.read : "true"
custom:resource1.write : "false"
custom:resource2.read : "true"
custom:resource2.write : "true"
the idea is simple. instead of having all the scopes defined inside the scopes array we define it in regular custom attributes. When the code checks for scopes just loop thru all fields and find the one with correct prefix.
You could implement your own authorization service and call it with the Pre token generation Lambda trigger:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
This only applies to the ID token though, just like Steve's answer.
You can use this AWS Lambda trigger to customize an identity token before Amazon Cognito generates it. You can use this trigger to add new claims, update claims, or suppress claims in the identity token.
I changed the user store to our custom oracle db. so, there are some fields that should be added to user profile when set the user profile of a user. How can I add some new properties to user profile GUI and map those to related fields in um_user table? thanks for your response!
you may want to have a look in the administrative console ( /carbon ) for the claim management.
Locate claims in the claim dialect http://wso2.org/claims, there you can define additional user attributes and their attribute names (field name in the underlying userstore).
good luck
I added a few custom properties in the User configuration off my AWS Cognito User Pool. I have my app in objective-c similar to the sample project CognitoYourUserPoolsSample. Everything works fine and I can sign-in/sign-up without any problem.
Though, I don't know how to access and set all the User custom attributes that I added in the User Pool config. I can access the default attributes values from the response object AWSCognitoIdentityProviderGetUserResponse for example. They are stored in the _userAttributes property (e.g. phone, email, etc.).
My questions are:
Where are the custom attributes stored?
What is the proper way to set them during sign-up?
I get the following error when I try to sign-up with custom attributes using the same approach as the default attributes:
// add custom attributes
AWSCognitoIdentityUserAttributeType * subscriptionType = [AWSCognitoIdentityUserAttributeType new];
subscriptionType.name = #"subscriptionType";
subscriptionType.value = #"Premium";
[attributes addObject:subscriptionType];
Here is the error I get.
responseObjectForResponse:originalRequest:currentRequest:data:error:] | Response body:
{"__type":"NotAuthorizedException","message":"A client attempted to write unauthorized attribute"}
Thanks!
To answer your questions:
Custom attributes are stored internally by Cognito, custom attributes can be seen from the response of a DescribeUserPool call.
They should be set on pool creation from the Cognito console. They are not allowed to be set from a client, which is why you saw issues.
Thanks
As I found in the issue:
Signup with custom attributes in Cognito user pools
to set the value for custom attribute you must set a write permissions for it.
Open Amazon Cognito Console -> YourPool -> General Settings -> App Clients -> Show Details -> Set attribute read and write permissions and activate checkboxes for your custom attributes.
Also in code attribute name should contain a prefix 'custom:'
i.e. subscriptionType.name = #"custom:subscriptionType"; and those values are shown in AWS console.
I am working on a Titanium Alloy project where in I am creating custom objects using ACS. I also have different users in the Users ACS. I wish to associate a particular custom object to a particular logged in user.
For example, If user A is logged in the custom object created by that user should be associated to user A. Same for user B and so on. How do I create this association? Currently my Custom objects get created but they are not associated to the logged in user.
After a little discussion, I realised I should add my scenario too.
My scenario is, a user changes a few settings using the toggle switch. This information should be stored for a user and later on push notification for selected settings should be sent to the user.
Any help in this regard is greatly appreciated.
Regards,
Shreerang
So i think you should store custom object in database with its user name so whenever you want you can get back with user's name.