By using AWS re:Post, you agree to the Terms of Use

Sign In with Apple not sending attributes for users who have previously signed in

0

My orginization recently moved to Cognito for user authentication and was previously using native sign in with apple. For the users who had used Sign In with Apple before the move to Cognito, they are experiencing an error:

"Invalid user attributes: family_name: Attribute is required. Invalid user attributes: given_name: Attribute is required."

It seems that when going through the Sign In with Apple flow with a user that already exists - but does not exist in Congnito yet - Apple is not providing the firstName and lastName attributes in the token. As a workaround I have set family/given_name to map to the "sub" attribute but this is not an ideal solution long term. What are my options here?

1 Answer
0

You need to configure the Custom Attributes within the User Pool. To achieve this, you would need to go into Cognito > UserPoolName > Sign-Up Experience > Custom attributes > Add the custom Attributes that the app requires (that Apple used to pass). These custom attributes can then be leveraged in the app client configuration.

Something important to mention, is that if you require to include these attributes in the token, you would need to create a Post-Authentication Lambda to include the required attributes within the Token being passed to the application.

answered 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions