Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Duplicate User Entries Issue in Amazon Cognito

0

We are using Amazon Cognito as our identity management solution for user registration and authentication. Our requirement is to ensure that each user is uniquely identified by their email address. However, we have noticed that when a user registers using their email, and subsequently registers again using social identity providers such as Google or Facebook, it creates duplicate entries in our user pool, causing data inconsistency.

Issue Description: The problem arises when a user first registers with their email, and later decides to sign in using either Google or Facebook. Instead of updating the existing user entry with the new identity provider, a new user entry is created, leading to multiple accounts for the same email address.

Expected Behavior: We expect Amazon Cognito to identify that the email address is already registered and update the user entry with the additional identity provider data, rather than creating a new entry.

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Amazon Cognito
Idioma
English
swap
preguntada hace 10 meses537 visualizaciones
2 Respuestas
1

Hi, to avoid this, customers usually us the Cognito pre-sign up trigger with a Lambda taking appropriate action based on requirements: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html

There is a good Github repo with sample code: https://github.com/vhalbuquerque/pre-signup-lambda

Best, Didier

profile pictureAWS
EXPERTO
Didier_Durand
respondido hace 10 meses
profile picture
EXPERTO
Mikel Del Tio
revisado hace 10 meses
  • Mikel Del Tio EXPERTO
    hace 10 meses

    Just mention that the provided example ensures that there are no duplicates entries in the user pool, but it does not allow a user to access with the same email from different identity providers.

0

Thank you for your response. While your solution to preventing duplicate entries in Amazon Cognito is helpful, our specific requirement involves handling social identity provider logins and ensuring a single user entry with multiple linked identities.

We've identified that our issue arises when a user registers with their email and later signs in using social identity providers like Google or Facebook.

So how we can resolve this ?

swap
respondido hace 10 meses
  • Mikel Del Tio EXPERTO
    hace 10 meses

    Hi,

    According to the AWS documentation, you can link multiple identity providers (IdPs) to the same user profile in your Cognito directory, usually by automating the AdminLinkProviderForUser action on the pre-signup Lambda trigger, but you will always find both the linked local user and the automatically-created federated user when you search users in your user pool.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante