AWS Cognito-用户丢失了“不可更改”属性“ email_verified”； [英] AWS Cognito - Users lost "non-mutable" attribute "email_verified"

问题描述

使用Cognito几个月后，用户池中的某些用户现在失去了 email_verified属性。我不明白它是如何丢失或如何恢复的。

After using Cognito for a few months, some users in a user pool have now lost the "email_verified" attribute. I can't understand how it is missing or how to recover.

症状是：

• 用户仍然可以登录


• 用户密码无法更改（例如，通过 JS SDK-changePassword ），产生错误： x-amzn-errormessage：无法重置密码用户，因为没有已注册/验证的电子邮件或电话号码。



• 使用列表用户CLI 显示属性缺失

• Users can still login
• User password can not change (eg via JS SDK - changePassword), produces error: "x-amzn-errormessage: Cannot reset password for the user as there is no registered/verified email or phone_number"

• Getting the user attributes for the user with the list-users CLI shows the attribute is missing

aws cognito-idp list-users --user-pool-id MYID-123 --query 'Users[?Username==`error@bla.com`].[*]'
[
  [
    [
        "error@bla.com", 
        true, 
        "CONFIRMED", 
        1522127817.526, 
        1522127819.369, 
        [
            {
                "Name": "sub", 
                "Value": "123123123341241238"
            }, 
            {
                "Name": "email", 
                "Value": "bla@bla.com"
            }
        ]
     ]
  ]
]

vs。一个具有适当属性的人

vs. one with the attribute in place

aws cognito-idp list-users --user-pool-id MYID-123 --query 'Users[?Username==`bla@bla.com`].[*]'
[
  [
    [
        "bla@bla.com", 
        true, 
        "CONFIRMED", 
        1524048734.588, 
        1524048737.777, 
        [
            {
                "Name": "sub", 
                "Value": "1231231231231235"
            }, 
            {
                "Name": "email_verified", 
                "Value": "true"
            }, 
            {
                "Name": "email", 
                "Value": "bla@bla.com"
            }
        ]
      ]
   ]
 ]

如果我尝试删除属性（具有足够的权限），它会失败-就像人们期望的那样-解释它是不可变的。

If I try deleting the attribute (with enough permissions), it fails - as one would expect - explaining it is not mutable.

aws cognito-idp admin-delete-user-attributes --user-pool-id MYID-123 --username test2@test.com --user-attribute-names email_verified

An error occurred (InvalidParameterException) when calling the AdminDeleteUserAttributes operation: Cannot modify the non-mutable attribute email_verified

推荐答案

我找不到导致此问题的原因

I can not find the cause for this problem, other than blaming AWS Cognito.

一种解决方法/黑客/补丁是将属性添加回去，这一次，非可变检查不是问题

A workaround/hack/patch is to add the attribute back, this time, the non-mutable check is not a problem

aws cognito-idp admin-update-user-attributes --user-pool-id MYID-123 --username error@bla.com --user-attributes Name=email_verified,Value=true

现在用户再次具有该属性，并且我可以重设密码。

And now the user has the attribute again and I can reset the password.

这篇关于AWS Cognito-用户丢失了“不可更改”属性“ email_verified”；的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！