5

I need to create some custom attributes while registering user. I can do that successfully (Vue) with:

methods: {
  async signUp () {
    const { username, password } = this.form;

    try {
      this.error = '';
      await this.$Amplify.Auth.signUp({
        username,
        password,
        attributes: {
          'custom:my_attribute': 'some data',
        },
      });
      this.isSignedUp = true;
    } catch (e) {
      this.error = e.message;
    }
  }
}

However I would like to do similar with federatedSignIn. Is there any possibility to save custom attribute with that method? Is there any other method to achieve that?

I was trying this:

await this.$Amplify.Auth.federatedSignIn({ provider, attributes: { 'custom:my_attribute': 'some data' } })

and that didn't work.

I am using cognito user pool.

CitricAcid
  • 101
  • 1
  • 7
  • I dont think you can add attribute when sign-in. You need to sign-in, so Cognito can Authn who you are, then update attribute. – Tuan Vo Dec 18 '19 at 08:20
  • Thanks @TuanVA. I am referring to the situation while the user is not in the pool yet. Then AFAIK user is set in pool after first federatedSignIn - so like during the sign up. I am wondering if in this situation it is possible to have attribute set just like on simple sign up. – CitricAcid Dec 18 '19 at 08:31

1 Answers1

0

For anyone else trying to figure out how you sent the custom attributes. I had to do it via Cognito lambda triggers. You need to use the pre-token trigger. This allows you to modify the current session. BUT you also have to persist the change to the users record via the following

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html

Sigex
  • 2,834
  • 2
  • 24
  • 25
  • But how does the pre token gen trigger know what values to set for an attribute? These values are known to the UI alone... – callmekatootie Nov 04 '21 at 08:00
  • I need more information, please explain your use case. What attributes are you working with? – Sigex Nov 13 '21 at 09:42
  • 2
    Let us say, during `federatedSignIn()`, I need to also pass detail about if the user selected item A or item B (Assume my sign up form allows user to select some items at the time of sign up). With a regular username / password based sign up, I can create custom attributes to pass this info - but with your approach, how do I pass this info since `federatedSignIn()` does not allow any attributes (other than the provider) to be passed to it... So, in the pre token trigger, how do I know which item the user selected? – callmekatootie Nov 14 '21 at 16:55
  • @callmekatootie did you ever figure out a way to do this? – user Jul 10 '22 at 20:08
  • 1
    @user What we ended up doing is - the custom fields that user needs to enter values for were moved to after signing in instead of before signing in. After signing in, you can use the `Auth.updateUserAttributes()` method. – callmekatootie Jul 11 '22 at 06:50
  • I was thinking the same thing. I need to get a user to enter information before they can access the app. I can check if user attributes are defined when they sign in, if they're not then I direct them to the appropriate screen. – user Jul 11 '22 at 12:34
  • @callmekatootie I wanted to add some check based on passed in data which would decide if the token should be issued or not. Did you find any other way to pass data to `federatedSignIn`. Any help is appreciated. thnks – iJade Aug 23 '22 at 18:28
  • @iJade You could check the preSignIn and postConfirmation auth triggers and see if that fits your use case – callmekatootie Aug 25 '22 at 01:38
  • @callmekatootie it doesn't. Since I need to get the IP address when users does a social sign in using `federatedSignIn`. But with `federatedSignIn` I'm not able to pass ip in `clientMetaData` or `validationData`. – iJade Aug 25 '22 at 04:41
  • @iJade A solution I can think of is to allow the user to go through the entire flow of `federatedSignIn()` - and then once signed in, the user sees a page where their IP address gets verified - and if it's in a blacklist, user cannot proceed further (user record will exist in the db - but maybe have a "status" attribute where the user is disabled – callmekatootie Aug 25 '22 at 09:19
  • @callmekatootie once the entire flow of `federatedSignIn()` happens the token is generated from cognito and user gets signed in. I was looking for solution where I can check the ip address before the token generation and if all good then proceed to token generation and sign in. – iJade Aug 25 '22 at 10:16
  • Sounds like you need to use one of the other lambdas you can attach to Cognito before auth. Wire it up and console log the event. Not sure if the IP is exposed in that data. https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html – Sigex Dec 09 '22 at 10:49