Amplify-cli: Ability to set custom attributes for auth

Also when doing an amplify push, where auth is updating, I notice that if cloudformation detects a new physical resource needs to be created it will actually delete your whole cognito userpool without notice and create a new one. This is horrible and can make someone accidentally delete all their app users. See https://forums.aws.amazon.com/thread.jspa?messageID=793367 for more info. Amplify should warn before cloudformation tries to delete your whole userpool...

We confirmed this behavior with ththe cognito service team last week. This behavior is detected when changing certain cognito policy attributes like the password policy and we have a PR out for same to not allow updating those scheme atteibutes using the CLI -
https://github.com/aws-amplify/amplify-cli/pull/184

We’ve also engaged with the Cognito service team to not allow the deletion of the user pool when users are present in the user pool. They’re working on changing this behavior as well.

Perfect, thank you!

Currently I am just modifying the cloud formation template that amplify produces. Is this ok

Can you share how you do this? I also need the functionality.

@ianpogi5 just go to backend/auth// and modify the yml and json accordingly. Add your attributes to 'userpoolClientWriteAttributes' in parameters.json and go from there.

This issue seems to be fixed. Feel free to re-open this issue if the problem still exists.

Hi @kaustavghosh06 can we re-open this or should I open a separate ticket? I edited the cloudformation and parameters files in the amplify/backend/auth/… part of my app to add a new custom parameter and it deleted my cognito pool and created a new one.

> git show a06946c59ce8ef6797795ca6b672a9ffdd9a0885

commit a06946c59ce8ef6797795ca6b672a9ffdd9a0885 (HEAD -> dev)
Author: Peter Example <[email protected]>
Date:   Tue Jan 8 14:04:07 2019 -0500

    test adding identity_id as custom attribute

diff --git a/amplify/backend/auth/myappauth/myappauth-cloudformation-template.yml b/amplify/backend/auth/myappauth/myappauth-cloudformation-template.yml
index 655c34a..7c08306 100644
--- a/amplify/backend/auth/myappauth/myappauth-cloudformation-template.yml
+++ b/amplify/backend/auth/myappauth/myappauth-cloudformation-template.yml
@@ -189,6 +189,10 @@ Resources:
           Name: email
           Required: true
           Mutable: true
+        -
+          Name: identity_id
+          Mutable: true
+          AttributeDataType: String

       # make email unique!
       UsernameAttributes: ['email']
diff --git a/amplify/backend/auth/myappauth/parameters.json b/amplify/backend/auth/myappauth/parameters.json
index 8a22aef..88e266b 100644
--- a/amplify/backend/auth/myappauth/parameters.json
+++ b/amplify/backend/auth/myappauth/parameters.json
@@ -37,7 +37,8 @@
     "userpoolClientReadAttributes": [
         "email",
         "given_name",
-        "name"
+        "name",
+        "custom:identity_id"
     ],
     "mfaLambdaRole": "myappauth_totp_lambda_role",
     "mfaLambdaLogPolicy": "myappauth_totp_lambda_log_policy",
@@ -57,7 +58,8 @@
     "userpoolClientWriteAttributes": [
         "given_name",
         "name",
-        "email"
+        "email",
+        "custom:identity_id"
     ],
     "facebookAppId": "1234567890101234",
     "googleClientId": "123456789012-ieo82pceb6b6uvdphutkabcdefghijkl.apps.googleusercontent.com",

@mrcoles Could you mention your Cloudformation StackId? would help us root cause this issue. You can find it in your amplify/backend/amplify-meta.json file

StackID:

arn:aws:cloudformation:us-east-1:193603674864:stack/fullpagev2-20181217234759/183f1e90-0280-11e9-a262-0e03953a0426

Additionally, ever since this, Amplify seems to always think one of my lambda functions always needs updating. An extra complication: when I first ran amplify push after applying the above code diff, I forget what exactly came up in the logs, but it failed to delete the previous cognito user pool (I think because I have the hosted UI setup and the pool cannot be deleted while it has a hosted UI domain associated with it) and I could have sworn I saw it trying to delete and recreate my lambda function from the logs too (but can’t remember for sure if it did).

@mrcoles Thanks for the information. Working with the Cognito service team on this issue. I'll keep you updated on this.

I don't know if this is a separate issue, but even when I edit my auth`s parameters.yml before pushing for the first time the configuration does not seem to be applied.

node v8.15.0
amplify-cli 0.1.42

I tried changing the password policy to only require lowercase characters and on singup I will still be prompted to put in uppercase, numbers and special characters.

Should I open a separate issue for this?

@janrop Yes, please open a seperate issue for your issue. It seems like a different issue.

Hey guys, with our new version of the CLI (>1.4.0), we've introduced the ability for users to select how they want users (including an option for email uniqueness) to sign in and select their sign up attributes upfront as a part of the default flow instead of setting the username attribute as a default in the default flow (which is immutable unfortunately after the creation of the userpool since that is a restriction from the Cognito service). Please feel free to check it out and re-open/comment on this issue if you see a problem with it.

Maybe an example of the updated cloud formation file with custom attributes added would help? Thanks.

I can't add custom attributes to the user pool i only get a list of predefined ones. And even still none of them work with federated sign in. It seems that the attribute selection is only for Required ones. I still have no idea how to proceed here.

@pr1ntr Check https://github.com/aws-amplify/amplify-cli/pull/1289/files the cf-templates/auth/README.md file. I've added an example of what works for me. Hope that helps.

Regards.

Excellent, thank you!