- Newest
- Most votes
- Most comments
I understand your situation with implementing social sign-in for Google using AWS Cognito and the challenges you're facing with required attributes. Unfortunately, there isn't a straightforward way to override the required social provider attribute mapping in Cognito without modifying the user pool configuration.
However, there are a few potential workarounds you could consider:
-
Modify attribute requirements: If possible, you could update your user pool to make birthday and gender optional instead of required. This would allow users to sign in with Google without providing these attributes.
-
Custom attribute mapping: While you've already tried mapping to irrelevant fields, you could potentially create a more sophisticated mapping. For example, you could map a constant value or a default date for the birthday attribute that meets the YYYY-MM-DD format requirement.
-
Pre-population of attributes: You could implement a post-authentication trigger (Lambda function) that runs after a user signs in with Google. This function could populate the required attributes with default values if they're missing.
-
Two-step registration: Implement a flow where users first sign in with Google, and then prompt them to provide the missing required attributes before fully creating their account.
-
Attribute mapping adjustment: Review your current attribute mapping configuration in Cognito. Ensure that you're only mapping the attributes that Google provides and that are compatible with your user pool requirements.
-
Scopes adjustment: Make sure you're requesting the appropriate scopes from Google that align with your required attributes. However, keep in mind that some attributes like birthday might not be available or provided by Google.
It's important to note that these workarounds may have implications for data consistency and user experience. The ideal long-term solution would be to redesign your user pool to better accommodate social sign-in providers, but I understand that this isn't currently feasible given your existing user base and product integration.
If these options don't suit your needs, you might need to consider more complex solutions involving custom authentication flows or middleware to handle the attribute discrepancies between Google and your Cognito user pool.
Sources
Using social identity providers with a user pool - Amazon Cognito
Mapping IdP attributes to profiles and tokens - Amazon Cognito
Add social sign-in to your user pool - Amazon Cognito
Just updating this! I spoke with support and we found a technical solution where birthday can be mapped to Google's exp token which is a epoch token of length 10. Technically it will work for another 200+ years, so it's a good "temporary" solution.
There is currently no support to remove required attributes or fallbacks however.
Relevant content
- asked 4 months ago
- Accepted Answerasked 6 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
I am facing the exact same issue. We require given_name and family_name as attribute in our user pool. In testing, this fails when my family_name is not set.
How can we provide a fall-back value or prompt the user to enter a value before the google auth token is used?
We have a lot of users and do not want to migrate.