External IDP Tokens in Cognito User Pools

2

Does Cognito User Pools store tokens granted by external IDPs (such as external access_token and refresh_token)? If so, how can they be accessed?

gefragt vor 2 Jahren1129 Aufrufe
2 Antworten
0

Hello,

You can create a custom attribute [1] in your user pool, and then you can map [2] that custom attribute with the attribute name sent from identity provider side token endpoint.

For example, your identity provider sends the access token with a attribute named access_token. Then, you can create a custom attribute external_access_token. And map custom:external_access_token with access_token in attribute mapping section of your user pool [2].

I have tested this solution for Google and it worked. If you want to have other tokens (id token or refresh token) then you can create another custom attribute and map it in similar way.

Note: Please note that there is a size limit on length of a custom attribute. If the token sent from your IdP is longer than 2048 characters then this solution will not work.

I hope this helps. In case you have any further queries/concerns then please let me know.

--References--

[1] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

[2] https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html#cognito-user-pools-specifying-attribute-mapping-console

AWS
SUPPORT-TECHNIKER
Tarit_G
beantwortet vor 2 Jahren
profile picture
EXPERTE
überprüft vor einem Monat
-1

You can get the user's tokens using the /oauth2/token endpoint.

AWS
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen