AWS Cognito GetUser API not returning all attributes

Question

Currently I am working on an application that makes use of AWS Cognito. I am storing a number of custom attributes on each user, and pulling from that information when users sign in or when they update their information. For the most part this works with no problems. However, some of my custom attributes are not being returned by the getUser function. Confused by this, I double checked the users in the aws cognito console and found that all of the attributes were present, despite not being returned. Finally, I triple checked by looking at what was being returned when I listed all the users in the pool and displayed the attribute I was looking for. In that case, the attribute was appearing with no difficulty. This is a very bizarre issue because it is failing silently, only giving me some of the information tied to a user instead of all of it. Even more bizarre is the fact that it is even giving me some of the custom attributes, just not all of them. Does anyone have any idea what the problem could be or what else to test?

For reference, I am accessing this information using a node.js server. I am using this: http://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html to get a specific user using an access token. I am also using this http://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html for testing purposes to see if the attributes are present at all.

Answer 1

After a substantial amount of digging I have finally discovered the solution. The GetUser API will only return attributes marked as readable (I didn't even know you could edit the read/write permission for attributes).

To access this, go to the page for your user pool, then navigate to:

General settings > App clients > Show Details > Set attribute read and write permissions

.