自定义属性未传递到AWS Cognito创建的ID_TOKEN中 [英] Custom attribute not passed into ID_TOKEN created by AWS Cognito

问题描述

成功登录用户后，我无法从AWS Cognito返回ID_TOKEN中的自定义属性.

I am not able to get custom attribute in ID_TOKEN returned from AWS Cognito after successful user login.

我尝试过的步骤:

1.创建的用户池2.创建应用客户端，并检查自定义属性( customattrib1，customattrib2 )

1.Created user pool 2.Created app client and checked the custom attribute(customattrib1,customattrib2)

用户池屏幕:

在应用客户端配置中检查自定义属性

Check custom attribute in app client config

3.使用admin-create-user api创建的用户

3.Created user using admin-create-user api

下图显示了用户属性的值:

Below image shows the value for user attributes:

4.使用客户端应用程序中的aws-cognito-auth.js登录的用户.返回的ID令牌不包含自定义属性.

4.Signed in user using aws-cognito-auth.js in client app.The ID token returned do not contain the custom attribute.

ID_TOKEN

{
  "at_hash": "PKfjYDaiEty5mUOyJZlPQA",
  "sub": "639d5016-2bd3-4c6f-b82d-21ae38071b09",
  "email_verified": true,
  "iss": "https://cognito-idp.ap-south-1.amazonaws.com/ap-south-1_XXXXXXX",
  "phone_number_verified": true,
  "cognito:username": "testuser",
  "aud": "XYXYXYXYX",
  "token_use": "id",
  "auth_time": 1549349674,
  "phone_number": "##########",
  "exp": 1549353274,
  "iat": 1549349674,
  "email": "testuser@somedomain.com"
}

我已经检查了下面的链接，其中包含有关此问题的一些信息，但到目前为止没有任何帮助.

I have already checked links below, which had some info regarding this issue, but nothing helped so far.

在池创建后添加Cognito自定义属性吗?

https://www.reddit.com/r/aws/comments/a07dwg/cognito_add_custom_attribute_to_jwt_token/

如果我缺少什么，请帮助我..

Please help me figure out if I am missing something..

推荐答案

• 在您的Cognito用户池中，转到常规设置"->应用程序客户端"，然后为每个应用程序客户端单击"显示详细信息"，然后单击"设置属性读取和写入权限" .选中可读属性下属性名称旁边的复选框.
• 在您的Cognito用户池中，转到应用程序客户端设置"->允许的OAuth范围"并启用配置文件范围.
• In your Cognito user pool go to General Settings -> App Clients, then for each app client click on Show Details, then Set attribute read and write permissions. Check the checkbox next to your attribute name under Readable Attributes.
• In your Cognito user pool go to App client settings -> Allowed OAuth Scopes and enable profile scope.

这篇关于自定义属性未传递到AWS Cognito创建的ID_TOKEN中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！