By using AWS re:Post, you agree to the Terms of Use

username property in access_token is different between using SRP_AUTH and hosted UI


Currently we have a field named 'username' which is a UUID for the user and an e-mail address field, which is used for logging into the application.

However, when logging in using the Hosted UI, the username field of the access_token is populated with the UUID field. But when logging in using SRP_AUTH with the Amplify module, the username property in the access_token is populated with the e-mail address.

Using the USER_PASSWORD_AUTH Flow, the access_token is populated with the username, but we cannot use this flow because it doesn't support MFA or device tracking.

We want a consistent access_token over all our apps, independent of the way we log in. How can we achieve this?

1 Answer

I have limited information on the implementation to answer, like if you have multiple user pool or same, different app client for each or what is the attributes selected. However one caveat may be if you have enabled login with email or username, this value might toggle based on how user logs in.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions