Reputation: 127
Cognito User Pools & Access Tokens
I am hoping to use Cognito and User Pools to support a multitenant environment. So far it checks most of the boxes. It is my understanding that there is no current way to enrich the access token using Lambda triggers. I would really like to pass something to identify which user pool the user authenticated with in the access token to my APIs. Am I missing something or is there a workaround for this?
One option that came to mind is to create a group in each to which all members of the pool are members off that is either the name or combination of the name and tenant id. Is this a reasonable approach or a horrible idea? something like tenant_1234. Then I believe this group would be included in the access token and can be parsed to get the id.
Thanks.
Upvotes: 1
Views: 1145
Answers (1)
Reputation: 2797
I may had misunderstood the question, however access token payload contains the user pool Id https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.html#user-pool-access-token-payload
Issuer (iss) The iss claim has the following format: https://cognito-idp.{region}.amazonaws.com/{userPoolId}.
You can also add the custom scopes to the access token to customize the payload further
Upvotes: 1
Related Questions
- Is this auth flow possible with Amazon Cognito Identity and User Pool
- Cognito login with tokens
- AWS cognito authorization
- AWS Cognito single use access token
- AWS Cognito refreshing tokens against a different user pool also returns valid tokens
- Cognito user pool for single admin
- AWS Cognito User Pools and OpenId
- OAUTH2 server for getting AWS Cognito User Pool token?
- Additional authorization logic for Cognito User Pools User
- User Pool with Cognito using IAM Users