I'm working on a new project where I'm for the first time using both Vue js and AWS Cognito. I'm finding cognito documentation difficult to find, or simply missing.
Within the Vue application I'm using Amplify to handle all the user management which is working fine.
In my user pool, I added 2 custom attributes:
- custom:first_name
- custom:last_name
From within the Vue application, I post a quote request to a .net core api which contains all kinds of details, along with the logged in user's cognito username and a first name and last name:
{
"details": "all kinds of quote details",
"user": {
"cognitoUsername": "fd17f624-cf31-11e9-904a-88d7f67d5c52",
"firstName": "Carel",
"lastName": "Nel"
}
}
Using the Amazon.Extensions.CognitoAuthentication library, I am able to query the cognito user record with all it's attributes:
cognitoUser = await _pool.FindByIdAsync(model.User.CognitoUsername);
Next, my plan is to update the custom:first_name and custom:last_name attributes in the pool from this API post method after all kinds of other validation checks have passed. If I try the update, I get the following error:
if (attributesChanged)
{
await cognitoUser.UpdateAttributesAsync(userAttributes);
// Error: "Database Failure - User is not authenticated."
}
To test this a bit, I tried the following, which then worked:
if (attributesChanged)
{
await _signInManager.PasswordSignInAsync(cognitoUser, "password", false, false);
await cognitoUser.UpdateAttributesAsync(userAttributes);
}
So, if I sign in the user with the password, I'm able to update the custom attributes in the cognito pool successfully. I don't want to have to do this, however. Is there some kind of admin user configuration I can set up on the API that would allow me to update the user pools records without the specific user being logged in, or can I (should I) pass some the jwt token for the logged in user from the Vue application to the API and somehow use this to ensure authentication?
