Include custom attributes in cognito claims

Today, 27th January 2023, Ukraine is still bravely fighting for democratic values, human rights and peace in whole world. Russians ruthlessly kill all civilians in Ukraine including childs and destroy their cities. We are uniting against Putinโ€™s invasion and violence, in support of the people in Ukraine. You can help by donating to Ukrainian's army.

Amazon Cognito ID Token includes standard user attributes (these things also known as JWT token claims), so they can be received in your lambda if you use some cognito authorizer or even could be read on frontend.

For example if you are using serverless framework, yaml config will look like:

    handler: simplefunction.main
      - http: post simplefunction/call
    integration: lambda
      arn: arn:aws:cognito-idp:us-east-1:xxxxx:userpool/us-east-1_xxxxxxxxxx
        - email
        - nickname 

In node.js lambda map of attributes can be accessed as

module.exports.main = (event, context, callback) => {

But if you use some custom attributes they will not be included in token by default so you will not be able to get them. To fix this go to your app setting and set attributes you want to include as readable:

Image for a hint

So now it should be added in serverless config claims (on in your cloudformation template, or clicked in AWS console) as:

  - email
  - nickname
  - custom:last_name
  - custom:first_name

And when you will test it, don't forget to re-login (or refresh token) because ID token should be regenerated to include new claims!

#aws #awscognito
Ivan Borshchov profile picture
Mar 20, 2017
by Ivan Borshchov
Did it help you?
Yes !

Best related