- 最新
- 最多得票
- 最多評論
Hello,
From the description of the issue, I can see that you wish to implement the custom authentication flow by using a custom attribute of your user instead of using its sub ID.
I would like to mention that the authentication flow starts with a call to the InitiateAuth API operation[1]. Now, we have to pass the user's username as an auth parameter to the API[2]. Here, I would like to mention that if we have configured our userpool to use email/phone_number as sign-up/sign-in option then we can pass the sub ID as well to the auth parameter of the API as in this case, the value for the username and the sub attribute of the authenticated user would be the same unique identifier UUID[3]. Currently, it is not possible to start the sign-in for a user by passing any other attribute or custom attribute of the user as an auth parameter.
If you wish to use the custom attribute of your user for some validation, then you have to create a custom challenge in your Lambda function involving that attribute and present it to the user as a challenge, once the authentication has initiated. Please refer the documentation[4][5] for sample code snippets for creating custom challenges.
[1]. https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
[5]. https://github.com/aws-samples/amazon-cognito-passwordless-email-auth
Thank you. Actually I may have this backward. It might sufficient for my needs that the Cognito POST API with the AccessToken as payload that returns a {"UserAttributes": {...}, "Username": "..."} dictionary include the custom ID in the attributes. Currently it includes only the sub, email and email_verified attributes.
Never mind, I found out: you just need to make the custom attribute readable for the selected app.
相關內容
AWS 官方已更新 2 年前- AWS 官方已更新 10 個月前
- AWS 官方已更新 2 年前