I am trying to pass the custom user attribute (custom:role) through Cognito hosted UI URL as a query param. Still, I cannot get the passed attribute in either lambda PreSign trigger or it is not being saved in user attributes.
I've added a custom user attribute as role and allowed to read and write permissions.
Here are some examples of cognito hosted UI and allowed callback URLs, I tried
- https://${userPoolId}.auth.us-east-1.amazoncognito.com/signup?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&state=${state}
Where const state = encodeURIComponent(JSON.stringify({ ["custom:role"]: "value" }))
ALLOWED URL: http://CALLBACK_URL/ROUTE&Istate%3D%257B%2522custom%253Arole%2522%253A%2522independent%2522%257D
-
https://${userPoolId}.auth.us-east-1.amazoncognito.com/signup?response_type=code&client_id=${clientId}&redirect_uri=${REDIRECT_URI}/ROUTE&role=value
ALLOWED URL : ${REDIRECT_URI}/ROUTE&role=value
-
https://${userPoolId}.auth.us-east-1.amazoncognito.com/signup?response_type=code&client_id=${clientId}&redirect_uri=${REDIRECT_URI}/ROUTE&encodeURIComponent()user_attributes: { 'custom:role': 'value' })
ALLOWED URL : ${REDIRECT_URI}/ROUTE&encodeURIComponent()user_attributes: { 'custom:role': 'value' })
In the lambda function, I am just getting email attributes in user_attributes object from the request.
LAMBDA PRE SIGN TRIGGER Logs:
2023-03-31T07:04:57.154Z c74de25c-a20a-42d5-9af7-00ffc5dd062f INFO .....event.... {
version: '1',
region: 'us-east-1',
userPoolId: 'us-east-1_iBb7CJZGw',
userName: '86b6e63d-8309-42b4-8446-668b0c80b9e6',
callerContext: {
awsSdkVersion: 'aws-sdk-unknown-unknown',
clientId: '6qciagr67e8kptsakeuk9h7mi7'
},
triggerSource: 'PreSignUp_SignUp',
request: {
userAttributes: { email: 'voconefy@mailinator.com' },
validationData: null
},
response: {
autoConfirmUser: false,
autoVerifyEmail: false,
autoVerifyPhone: false
}
}