Unable to read `email_verified` from the Cognito adminGetUser API


I have a Cognito user whose email is “Not verified”:

Example from Cognito dashboard

When I query them, I see nothing about email_verified in the API response:

const AWS = require('aws-sdk');
const cognitoIsp = new AWS.CognitoIdentityServiceProvider();
await cognitoIsp.adminGetUser({ UserPoolId: userPoolId, Username: username }).promise();

  UserAttributes: [
    { Name: 'sub', Value: '9dXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX86' },
    { Name: 'email', Value: 'syXXX@XXXXXXXX.com' },
      Name: 'custom:identity_id',
  UserCreateDate: 2023-12-08T15:41:25.328Z,
  UserLastModifiedDate: 2023-12-08T15:46:47.209Z,
  Enabled: true,
  UserStatus: 'CONFIRMED'

I understand that I can set email_verified using the API (e.g., this docs page). But how can I read that state of email_verified from the API??

asked 2 months ago75 views
1 Answer
Accepted Answer

It looks like the issue was that my perms for Cognito needed to add “email_verified” as a readable attribute. From this SO post:

Go to: General settings -> App clients -> Show details -> Set attribute read and write permissions link and check off Readable Attributes: Email Verified

Since I’m using Cognito with AWS Amplify, I was able to run amplify update auth and eventually find my way to that setting. FWIW, that triggered an issue with Amplify where it wiped all my App Client information because I have different settings for different environments as documented in this github issue.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions