Reputation: 1172
Is a custom attribute in Cognito user pool the proper place to store dynamic user information?
Cognito's AWS documentation says:
Each custom attribute: Cannot be removed or changed once added to the user pool.
I believe they are referring to the name of the custom attribute, no the value itself.
So, the value could be changed from a Lambda function for instance. Let's say we are storing fidelity points for each user in our e-commerce website.
Is a custom attribute the proper place to store this kind of information?. Or should I create a new DynamoDB table linked to the UserId in the user pool?
Upvotes: 7
Views: 3165
Answers (2)
Reputation: 1730
in my opinion If you need that the attribute value appears on identity token you should use the custom attrib, if not is better to store that on another place.
Example: You have 'users' that are admins of 'pages', then you store on Custom Attrib that relationship. Cognito add that information to the Identity Token, then When the user make an api call to 'pages' you only need to trust the information in the token and not make an extra database call to check if user is related to that page.
Custom Attrib are very restrictive as documentation says:
You can add up to 50 custom attributes to your user pool. You can specify a minimum and/or maximum length for custom attributes. However, the maximum length for any custom attribute can be no more than 2048 characters.
Each custom attribute:
Can be defined as a string or a number.
Can't be required.
Can't be removed or changed once added to the user pool.
Can have a name with a character length that is within the limit that is accepted by Amazon Cognito. For more information, see Quotas in Amazon Cognito.
If you don't need the attrib on the token I prefer to use dynameDB, a lot less restrictive.
Upvotes: 1
Reputation: 3035
You certainly could store this information in a Cognito custom attribute. If you were to do so, there are two things I would consider:
1) Make sure that the Cognito user pool client that is being used to authenticate against the user pool does not have permission to write to this attribute. Otherwise a rogue user could write code to authenticate themselves against the user pool and give themselves as many fidelity points as they wanted. So you might want to consider hiding the custom attribute update behind a service.
2) Depending on how often you need to update this attribute, and your overall Cognito usage pattern, you may encounter RequestLimitExceeded errors when using the Cognito updateAttributes API. Almost every time I have tried to use Cognito as a primary data store for user information I have been throttled. AWS support will up your limits but the error happens without warning, which isn't great in a production environment. I invariably end up just defaulting to a DynamoDB table. Of course this has just been my experience so YMMV
Upvotes: 11
Related Questions
- cognito user pool custom attribute in IAM Policy Conditions with Dynamodb Fine grained access
- AWS Cognito Identity user ID or User Pool user ID? Which to use?
- Should I use AWS Cognito "username" or "sub" (uid) for storing in database?
- AWS Making a User Store based on Userpools
- Storing Non-AWS API Access Tokens in Cognito User Attributes
- what is the best practise to store user information obtained from cognito authentication in dynamodb
- Amazon Cognito User Pool - using the "username" attribute to store custom user IDs
- Store user attributes in Cognito or AppSync?
- Adding Cognito custom attributes post pool creation?
- How do I look up a user in a Cognito User Pool by a custom attribute?