2

I read some questions and answers about my issue, but I still don't know the answer.

Can I use the userSub in AWS Cognito as primary key?

AWS Cognito: Difference between Cognito ID and sub, what should I use as primary key?

First, I will try to describe my case.

I want to create an application with spring boot as a resource server that uses oauth2. Then to save me some time with user management, I was hoping to use AWS Cognito since it allows me to create users as admin. I can set it up that it won't let other people sign up for themselves, which is crucial for me since my app will have restricted access; the admin will manage that.

Now to my question, which field of AWS Cognito can I use as the primary key for keeping user-specific data in my DB? I read that neither usernamenor sub is correct. username can be changed, for example, and sub is globally unique, so it can't be restored. Is there any way to create a custom field where AWS Cognito will autogenerate UUID that I can use, and if I had to restore the user pool, I would have an option to set this field?

apologiessirnoclue
  • 196
  • 8

1 Answers1

1

You can still go with username. If it is ever changed, just update your database to reflect this change. You can also create a custom attributes in user pool. You can use that to store a self generated id. As for automatically generating this, you can have a post confirmation lambda trigger that will use adminUpdateUserAttributes to assign a unique id.

Ninad Gaikwad
  • 4,272
  • 2
  • 13
  • 23
  • 1
    Thank you for your response, for now I went with keycloak, but I will use AWS Cognito eventually and this autogeneration will be needed. With this feature I could use this autogenerated field as primary key. – apologiessirnoclue Dec 19 '21 at 21:37