The question is already stated in the title - is there any way to create an App client for Amazon Cognito User Pool, which will have read permissions only? It's a bit weird but when I untick all the boxes in "Writable Attributes" section (User pool -> General settings -> Add another app client), it gives back this warning:
All attributes are writable by default because none are selected. Select attributes to make only those writable
That's cool, but my intention was to create 1 trustable private client with all write permissions and 1 public read-only client to be embedded into the app. I managed to reduce the number of writable attributes to a single one, which is not so important for me, but this solution looks hacky. Did anyone manage to crack this properly?
I also tried to play with App client OAuth 2.0 settings, but had no luck. Thanks for any info.
