knok16
Reputation: 618
User Id from AWS Cognito User Pool
I'm looking forward to use AWS Cognito User Pool in my application. And have several questions:
- Is it possible to store some sensitive data in Cognito: for example user permissions (I think no, because user can read and write data about himself - but I want to be sure)
How to get/add Id(to be used as external key) to user record? I have several options:
a. Leverage username - but I wanted to use random string as ids; and even I fill username this way and enable aliasing for logging in - this field still client-side populated - so I have no control over it.
b. Add custom field - how/where to properly populate it?
c. Use
subfield of access token - there is no proper way to get it - except base64-decoding access token - that looks hacky.
Upvotes: 2
Views: 2622
Answers (1)
Vinay Kushwaha
Reputation: 1797
- Currently Cognito User pools attributes do not support this use case. You can use Cognito sync and create a dataset. You can configure your role in way that user does not have access to this sensitive dataset.
- For #b you can find the custom attributes in attributes section of User pool configuration. You can make the attribute immutable by un-checking the mutable option. Note that, this will not enforce uniqueness for your custom id. 'sub' field from Id token might be the best option, as it enforces uniqueness as well. Making it available without parsing the token might be something to be considered as feature and it can be requested on AWS forums.
Upvotes: 4
Related Questions
- AWS API Gateway - using Access Token with Cognito User Pool authorizer?
- How to store AWS Cognito User Pool users in DB (for instance DynamoDB)?
- aws cognito pool with multiple sign in options
- Is it safe to show the AWS cognito pool ID in my html?
- AWS Cognito, Failure to Integrate a User in a User Pool with an Identity Pool
- How to access DynamoDB by authenticated cognito user (user pool) in swift