amplify-cli icon indicating copy to clipboard operation
amplify-cli copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

Cognito identity provider's atrribute mapping keeps changing, causing error in triggers.

Open artidataio opened this issue 3 years ago • 7 comments

Before opening, please confirm:

  • [X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
  • [X] I have searched for duplicate or closed issues.
  • [X] I have read the guide for submitting bug reports.
  • [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

How did you install the Amplify CLI?

No response

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

7.4.5

What operating system are you using?

Ubuntu

Amplify Categories

auth

Amplify Commands

update

Describe the bug

Cognito atrribute mapping keeps changing. When using identity provider Oauth 2.0 like Google and Facebook. You can configure the Attribute mapping in your cognito console. After setting it up, I will use these attributes in my cognito triggers, such as custom user pool attributes. However, in production all of a sudden attribute mapping change, name, picture, email_verified no longer mapped. This will prevent user sign up and sign in while in production.

Expected behavior

The attribute mapping doesn't change, so my cognito triggers can run smoothly.

Reproduction steps

I have tried many ways to reproduce the bugs. I have tried isolating auth update and do the amplify push. But the attribute mapping doesn't change, So yeah, I can't find it. But I am very certain it is there. It will always show up when I am trying to do a product demo. So yeah, that's a painful bug.

GraphQL schema(s)

# Put schemas below this line

Log output

# Put your logs below this line

Additional information

No response

artidataio avatar Nov 22 '21 10:11 artidataio

Hi @artidata, updating amplify resources outside CLI is not supported. Closing the ticket as per no steps to reproduce. Please reopen if you find a way to reproduce the issue.

lazpavel avatar Nov 29 '21 22:11 lazpavel

I think it's this line in cli-inputs.json of the auth backend:

"hostedUIProviderMeta": "[{\"ProviderName\":\"Google\",\"authorize_scopes\":\"openid email profile\",\"AttributeMapping\":{\"email\":\"email\",\"username\":\"sub\"}}]",

That keeps overriding my cognito Attribute mapping set up. However, no cli input can actually override these values.

artidataio avatar Nov 30 '21 19:11 artidataio

Yeap, this line override my cognito oauth attribute mapping setup. I can rewrite it manually, but everytime I am running cli command amplify update auth this line will get overwritten again.

artidataio avatar Dec 01 '21 06:12 artidataio

Hi @artidata, I am also having this problem. Have you tried to use amplify override ? Maybe you can customize attribute mappings for your user pool?

@lazpavel do you think it is a good idea?

cnbrkkaya avatar Jan 19 '22 15:01 cnbrkkaya

any update? this behavior really break our team collaboration on the same env as it changes the Cognito attribute whenever we run 'amplify push xxx'.

walkingtospace avatar Jul 11 '22 23:07 walkingtospace

ditto

seongwoobyun avatar Jul 12 '22 00:07 seongwoobyun

Any update on this or do I need to open a new issue?

redjonzaci avatar Dec 20 '23 18:12 redjonzaci