Unable to read `email_verified` from the Cognito adminGetUser API
I have a Cognito user whose email is “Not verified”:
When I query them, I see nothing about email_verified in the API response:
const AWS = require('aws-sdk'); const cognitoIsp = new AWS.CognitoIdentityServiceProvider(); await cognitoIsp.adminGetUser({ UserPoolId: userPoolId, Username: username }).promise(); { Username: '9dXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX86', UserAttributes: [ { Name: 'sub', Value: '9dXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX86' }, { Name: 'email', Value: 'syXXX@XXXXXXXX.com' }, { Name: 'custom:identity_id', Value: 'us-east-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' } ], UserCreateDate: 2023-12-08T15:41:25.328Z, UserLastModifiedDate: 2023-12-08T15:46:47.209Z, Enabled: true, UserStatus: 'CONFIRMED' }
I understand that I can set email_verified using the API (e.g., this docs page). But how can I read that state of email_verified from the API??
- Newest
- Most votes
- Most comments
It looks like the issue was that my perms for Cognito needed to add “email_verified” as a readable attribute. From this SO post:
Go to: General settings -> App clients -> Show details -> Set attribute read and write permissions link and check off Readable Attributes: Email Verified
Since I’m using Cognito with AWS Amplify, I was able to run amplify update auth and eventually find my way to that setting. FWIW, that triggered an issue with Amplify where it wiped all my App Client information because I have different settings for different environments as documented in this github issue.
Relevant content
- Accepted Answerasked 8 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
