Amazon cognito - user attributes in ID Token


Setting user attributes values in cognito user pool, causes those attributes to be present in the IDToken. How can I select which user attributes actually go into the ID Token? Via lambda trigger and no UI or API operation for that definition? Tks, DD

asked a year ago273 views
1 Answer


In order to stop an attribute from being present in the ID token, you need to unselect that attribute from the list of readable attributes for the app client.

Please expand the "Attribute permissions and scopes" section in document [1] for reference to attribute read/write settings in an Cognito user pool app client. You need to modify the "Set attribute read and write permissions" settings (if you are using old Cognito console) or the "Edit attribute read and write permissions" settings (if you are using new Cognito console).

After you unselect an attribute from this list, that attribute will no longer be present in the ID token.

I believe the information is helpful to you. In case you have any further queries/concerns then please let me know.



answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions