- Newest
- Most votes
- Most comments
Hi, Currently it is not possible to add custom claims to access-token, if you just want to know which user pool has been used to authenticate the user then you can use the "iss" claim which has the issuer user-pool-id in it, you will need to keep a mapping between user-pool-id and tenant-id in your backend and lookup this mapping in your application when needed.
Having a group that all users belong to is a good idea as well if this allows you to propagate the information you need about tenants without having to keep an external storage, another option is to use usernames that are combination of tenant-id and username, the username gets propagated to access-token as well.
Seems like you should be able to add claims if you use this lambda hook - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago