Aws-sdk-js: Signup with custom attributes in Cognito user pools

Created on 2 Aug 2016  路  15Comments  路  Source: aws/aws-sdk-js

Hi,
I am writing lambda function for user signup and I can't manage to save custom attribute to the user. When I save the user with standard attributes only, it works fine but when I add the custom one, it fails with: NotAuthorizedException: A client attempted to write unauthorized attribute. My code looks like this (vendor is the custom attribute):

var provider = new aws.CognitoIdentityServiceProvider();
provider.signUp({
  ClientId: process.env.COGNITO_USER_IDENTITY_POOL_CLIENT_ID,
  Username: event.email,
  Password: event.password,
  UserAttributes: [
    {
      Name: 'email',
      Value: event.email
    },
    {
      Name: 'name',
      Value: event.name
    },
    {
      Name: 'vendor',
      Value: event.vendor
    }
  ]
}, function(err, data) {
  return callbackLocal(err);
});

My user pool setup looks ok:
user_pools_-_amazon_cognito

I am just confused with the custom: prefix little bit but the code doesn't work when I put { Name: 'custom:vendor', Value: event.vendor } to the UserAttributes neither.

I couldn't find any example using custom attributes and sdk documentation does not say anything special about them so I guess it should work the same way as standard ones. I use sdk 2.4.11 running the labda function locally on node 5.10.1 with serverless 0.5.6

guidance
Source
picture JakubMatejka

Most helpful comment

@JakubMatejka
Your custom UserAttributes should have the custom: prefix when setting their name field.

Other than that, can you confirm if your user pool client has write permissions for the fields you're trying to update? In the console, you can list the apps that can connect to your user pool. Check the write permissions for one that you're seeing that error with.

picture chrisradek on 4 Aug 2016
👍323 🎉3

All 15 comments

It looks that I can't write optional standard attributes neither. When I try to set profile or locale in UserAttributes I get the same error as with the custom attribute.

JakubMatejka picture JakubMatejka on 2 Aug 2016

@JakubMatejka
Your custom UserAttributes should have the custom: prefix when setting their name field.

Other than that, can you confirm if your user pool client has write permissions for the fields you're trying to update? In the console, you can list the apps that can connect to your user pool. Check the write permissions for one that you're seeing that error with.

chrisradek picture chrisradek on 4 Aug 2016
👍323 🎉3

Oh I totally overlooked this setting of write permissions per client. Thanks a lot Chris.

JakubMatejka picture JakubMatejka on 4 Aug 2016

hi ... where do i set the write permissions? in IAM?

crivera picture crivera on 3 Mar 2017

@crivera Write permissions can be set in your AWS Cognito users console. Select your user pool, then go to Apps. Select your app (if you have more than one), click the "Show Details" button and you will see the link to "Set attribute read and write permissions"

benhulan picture benhulan on 6 Apr 2017
👍25

I blew several hours on this - it should be clearly explained in the documentation that these permissions need to be set.

starqueue picture starqueue on 17 May 2017
👍11

AWS Console > User Pool > General settings > App Clients > Show details > Set attribute read and write permissions.
Mark your custom attributes.
Hope it saves time for someone.

dm-grinko picture dm-grinko on 19 Apr 2018
👍4

@dm-grinko Even with permissions set in app clients, I am getting this error

thatshailesh picture thatshailesh on 12 Jun 2018
👍2

pasted_image_2018-06-25__9_21_pm

for the visual types out there...

jplew picture jplew on 26 Jun 2018

Wow.... Then this document is completely misleading... - https://aws.amazon.com/blogs/mobile/aws-amplify-adds-support-for-custom-attributes-in-amazon-cognito-user-pools/ it doesn't even mention the custom: prefix part. I followed this doc and kept getting the error like @JakubMatejka and prefixing it solved the issue. The only thing is that the Object format can be much simple like below instead of the "Name" "Value" type pairs-

'attributes': {
        'email': '[email protected]',
        'custom:favorite_flavor': 'Cookie Dough'  // custom attribute, not standard
        'custom:age': 25             // custom attribute, not standard
    }
annjawn picture annjawn on 21 Jul 2018
👍6 🎉32

You comment really helpful @annjawn :) . Do you have any idea how to extract the field , in the documentation 

try {
  const { favorite_flavor } = await Auth.currentUserInfo();
alert("hi" + favorite_flavor)
} catch (err) {
  console.log('error fetching user info: ', err);
}

Where in the const do i need to replace favorite_flavor with custom:favorite_flavor because i tried both but i didn't get any value.

Thanks

YaswanthC picture YaswanthC on 7 Aug 2018

@YaswanthC Auth.currentUserInfo(); returns a Cognito User object in this format-

{
  id: '2b3d-6da3-852b-ac1c5dc45dcd',
  username: '[email protected]',
  attributes: {
    "email" : "[email protected]",
    "custom:favorite_flavor" : "Peach",
  }
}

so you will have to do this-

const { attributes } = await Auth.currentUserInfo();
const flavor = attributes['custom:favorite_flavor'];
annjawn picture annjawn on 7 Aug 2018
👍1

Wow.... Then this document is completely misleading... - https://aws.amazon.com/blogs/mobile/aws-amplify-adds-support-for-custom-attributes-in-amazon-cognito-user-pools/ it doesn't even mention the custom: prefix part. I followed this doc and kept getting the error like @JakubMatejka and prefixing it solved the issue. The only thing is that the Object format can be much simple like below instead of the "Name" "Value" type pairs-

'attributes': {
        'email': '[email protected]',
        'custom:favorite_flavor': 'Cookie Dough'  // custom attribute, not standard
        'custom:age': 25             // custom attribute, not standard
    }

Holy Canoly!
I spent so many hours pulling my hairs out wondering why I kept getting the unauthorized message when the user pool had the appropriate permissions; adding in the 'custom' part solved it. @annjawn You are right! I followed the same thing.

rickydo picture rickydo on 14 Sep 2018
👍1

Thanks to this thread, it helps me resolve the same issue with regards to custom attribute. My additional note would be to make sure you are setting the right 'app client' for read / write permissions.

The one that I am having difficulty now is getting my required standard attribute such as 'family_name' and 'given_name' to show up which is weird. In spite of all the changes needed above, this time around, it's the standard attribute that is not showing up. Even from the user's detail page at cognito pool, I couldn't see it even though I know that there's value because I can signup on my form without any issue.

eibay picture eibay on 5 Mar 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

lock[bot] picture lock[bot] on 28 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

fastman picture fastman  路  3Comments
bhishp picture bhishp  路  4Comments
pocari picture pocari  路  3Comments
pihish picture pihish  路  4Comments
arogulin picture arogulin  路  3Comments