5

I created a Cognito User Pool and used the Federated login ( to Facebook )

However when the application goes into testing I foundout that lots of Facebook user do not have "email" which cause the whole login process to fail!

Worse than that, I found out that it is not possible to remove "required attribute" after user pool creation

Also there is no way to easily migate user from one pool to another ( I am exclusively using fedarated login, so no password needed however )

Have anyone get into the same issue and came up with a solution?

qkhanhpro
  • 4,371
  • 2
  • 33
  • 45

2 Answers2

3

As far as I know An attribute cannot be switched between required and not required after a user pool has been created.

I suggest you:

  • Wanna keep current Userpool -> Create a lambda function, then you can add the required attribute at the pre-sign-up step.

  • If all user is from Facebook -> Create a new Userpool then export, and import user again. I think no problem in this case because Facebook AppID is same

Tuan Vo
  • 1,875
  • 10
  • 10
  • can you suggest an easy way to export the user? – qkhanhpro Feb 02 '20 at 12:26
  • Thanks. The lambda hook solution was the one I thought of at first. But seems like it is not triggered for federated identities https://stackoverflow.com/questions/46923482/aws-is-there-a-way-to-hook-into-when-a-federated-identity-is-created-for-the I will look at the import/export solution. – qkhanhpro Feb 02 '20 at 12:33
  • Can the user react to AWS resources (IoT, S3)? or only for application authentication? – Tuan Vo Feb 02 '20 at 12:43
  • It's only for application auth – qkhanhpro Feb 02 '20 at 12:43
  • 1
    In this case `Identity pool` is unnecessary. Please try Cognito User pool Trigger. Identity pool only in case of return AWS credential to react to AWS resource. – Tuan Vo Feb 02 '20 at 12:49
  • Thanks, I will take a look into that and approve the answer if one of the solutions works – qkhanhpro Feb 02 '20 at 12:50
1

If your attribute is required, the cognito signup call will fail because of the required attribute. I'm pretty certain it won't even call out to your presignup trigger. That's been my experience at least.

Dave
  • 867
  • 6
  • 11