By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Amazon cognito - user attributes in ID Token

0

Setting user attributes values in cognito user pool, causes those attributes to be present in the IDToken. How can I select which user attributes actually go into the ID Token? Via lambda trigger and no UI or API operation for that definition? Tks, DD

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementAmazon Cognito
Language
English
HC
asked a year ago283 views
1 Answer
1

Hello,

In order to stop an attribute from being present in the ID token, you need to unselect that attribute from the list of readable attributes for the app client.

Please expand the "Attribute permissions and scopes" section in document [1] for reference to attribute read/write settings in an Cognito user pool app client. You need to modify the "Set attribute read and write permissions" settings (if you are using old Cognito console) or the "Edit attribute read and write permissions" settings (if you are using new Cognito console).

After you unselect an attribute from this list, that attribute will no longer be present in the ID token.

I believe the information is helpful to you. In case you have any further queries/concerns then please let me know.

--References--

[1] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

AWS
SUPPORT ENGINEER
Tarit_G
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content