By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ID token claims in AWS cognito

0

Here is the docode id token that i get from aws cognito after logging into website: { "member_id": "1480922", "sub": "11740962-fded-43c4-80b6-e511e82d54ce", "email_verified": true, "iss": "https://cognito-idp.ap-south-1.amazonaws.com/ap-south-1_oVBRrXQ9g", "phone_number_verified": true, "cognito:username": "11740962-fded-43c4-80b6-e511e82d54ce", "origin_jti": "4c721793-99a5-440b-bd21-15ff63832c4a", "aud": "11b78mavj1gvtnm2roehb697u8", "event_id": "16f53eef-eeba-45ac-8284-90562846edaf", "token_use": "id", "auth_time": 1695712867, "is_subscribed": "true", "exp": 1695713166, "iat": 1695712867, "jti": "d945282e-eadd-4114-bafa-1bd276acc723" }

I want to removed claims like iss, event_id, token_use, cognito:username to make the token shorter. For this I tried to override these claims with none in my lambda function: event['response']['claimsOverrideDetails'] = { 'claimsToAddOrOverride': { 'cognito:username': None, 'token_use': None, 'iss': None, 'event_id': None } }

But i can still see the claims

Topics
ServerlessComputeSecurity, Identity, & Compliance
Tags
AWS LambdaAmazon Cognito
Language
English
harsh pratap singh
asked 7 months ago541 views
1 Answer
0

No, you are not allowed to remove those claims. Claims that cannot be modified are mentioned in the following page.

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html

profile picture
HS
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content