AWS Cognito-用户丢失了“不可更改”属性“ email_verified”; [英] AWS Cognito - Users lost "non-mutable" attribute "email_verified"
问题描述
使用Cognito几个月后,用户池中的某些用户现在失去了 email_verified属性。我不明白它是如何丢失或如何恢复的。
After using Cognito for a few months, some users in a user pool have now lost the "email_verified" attribute. I can't understand how it is missing or how to recover.
症状是:
- 用户仍然可以登录
- 用户密码无法更改(例如,通过 JS SDK-changePassword ),产生错误: x-amzn-errormessage:无法重置密码用户,因为没有已注册/验证的电子邮件或电话号码。
-
使用列表用户CLI 显示属性缺失
- Users can still login
- User password can not change (eg via JS SDK - changePassword), produces error: "x-amzn-errormessage: Cannot reset password for the user as there is no registered/verified email or phone_number"
Getting the user attributes for the user with the list-users CLI shows the attribute is missing
aws cognito-idp list-users --user-pool-id MYID-123 --query 'Users[?Username==`error@bla.com`].[*]'
[
[
[
"error@bla.com",
true,
"CONFIRMED",
1522127817.526,
1522127819.369,
[
{
"Name": "sub",
"Value": "123123123341241238"
},
{
"Name": "email",
"Value": "bla@bla.com"
}
]
]
]
]
vs。一个具有适当属性的人
vs. one with the attribute in place
aws cognito-idp list-users --user-pool-id MYID-123 --query 'Users[?Username==`bla@bla.com`].[*]'
[
[
[
"bla@bla.com",
true,
"CONFIRMED",
1524048734.588,
1524048737.777,
[
{
"Name": "sub",
"Value": "1231231231231235"
},
{
"Name": "email_verified",
"Value": "true"
},
{
"Name": "email",
"Value": "bla@bla.com"
}
]
]
]
]
如果我尝试删除属性(具有足够的权限),它会失败-就像人们期望的那样-解释它是不可变的。
If I try deleting the attribute (with enough permissions), it fails - as one would expect - explaining it is not mutable.
aws cognito-idp admin-delete-user-attributes --user-pool-id MYID-123 --username test2@test.com --user-attribute-names email_verified
An error occurred (InvalidParameterException) when calling the AdminDeleteUserAttributes operation: Cannot modify the non-mutable attribute email_verified
推荐答案
我找不到导致此问题的原因
I can not find the cause for this problem, other than blaming AWS Cognito.
一种解决方法/黑客/补丁是将属性添加回去,这一次,非可变检查不是问题
A workaround/hack/patch is to add the attribute back, this time, the non-mutable check is not a problem
aws cognito-idp admin-update-user-attributes --user-pool-id MYID-123 --username error@bla.com --user-attributes Name=email_verified,Value=true
现在用户再次具有该属性,并且我可以重设密码。
And now the user has the attribute again and I can reset the password.
这篇关于AWS Cognito-用户丢失了“不可更改”属性“ email_verified”;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!