Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow mutable requiredAttributes in Cognito User Pools #7752

Closed
2 tasks done
arnulfojr opened this issue May 2, 2020 · 3 comments
Closed
2 tasks done

Allow mutable requiredAttributes in Cognito User Pools #7752

arnulfojr opened this issue May 2, 2020 · 3 comments
Assignees
@nija-at
Labels
@aws-cdk/aws-cognito Related to Amazon Cognito effort/medium Medium work item – several days of effort feature-request A feature should be added or improved.

Comments

@arnulfojr
Copy link
Contributor

arnulfojr commented May 2, 2020
edited
Loading

At the moment the L2 Construct for Cognito's User pools allow specifying required and custom attributes.
For simple use cases, the required attributes offer the complete information about a user.
The difference now is that the requiredAttributes are configured at the moment only with a boolean flag, and therefore they default to false, as it has to be explicitly specified that an attribute is mutable in order for the field to be modified.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html

Use Case

For fields like full name, address, gender, TZ, etc... this are the essential attributes of a user and can be changed over time.
Supporting mutable attributes even for the requiredAttributes will allow this to happen.
And also a WIP PR for adding support for AppClients to read and write attributes is in the way.

Related issues:

Proposed Solution

At the moment Cognito User pools offer mutable customAttributes.

// today
requiredAttributes: {
    fullname: true,
  },
  customAttributes: {
    'callingcode': new NumberAttribute({ min: 1, max: 3, mutable: true }),
 },

Sadly there's only a way to be backwards compatible is by allowing boolean or the StandardAttribute then rendering the RequiredAttributes accordingly, if boolean then as it is today else use the configured props.
Else introducing a breaking change by removing the boolean type.

Ofc, the requiredAttributes, if specified, they'll always be set as required === true.
And maybe the rename of the ICustomAttribute to IAttribute would fit now more?

export interface RequiredAttributes {
  /**
   * Whether the user's birthday, represented as an ISO 8601:2004 format, is a required attribute.
   * @default false
   */
  readonly birthdate?: boolean | StandardAttribute;
}

// user pool props:
requiredAttributes: {
    fullname: true,
    birthdate: new StandardAttribute({ mutable: true }),
  },
  customAttributes: {
    'callingcode': new NumberAttribute({ min: 1, max: 3, mutable: true }),
 },

An alternative would be to change the UserPool props to have only one set of "attributes" and within there we can mix required and custom attributes, after all they're all attributes.
Then only for the required attributes we add the require property

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@arnulfojr arnulfojr added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels May 2, 2020
@arnulfojr arnulfojr mentioned this issue May 2, 2020
Merged
@SomayaB SomayaB added the @aws-cdk/aws-cognito Related to Amazon Cognito label May 6, 2020
@nija-at
Copy link
Contributor

nija-at commented May 12, 2020

Copied from #7754 (review)

Is this a feature that Cognito supports? I couldn't find any documentation that states that standard attributes can be marked mutable or immutable and Cognito on the AWS console doesn't show these options either.

@nija-at nija-at added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels May 12, 2020
@arnulfojr
Copy link
Contributor Author

arnulfojr commented May 13, 2020
edited
Loading

Hi @nija-at ,

Well I'm not sure about the docs for the Cognito. But the UserPool Cloudformation resource treats the user schema as generic Attributes, AFAIK the CDK and cfn resource are just treating the attributes as generic attributes, whereas the console actually makes a difference between the standard attributes and the custom attributes.

The cfn resource of the UserPool "shortly" explains the schema as all attributes can be set as mutable or not.

I discover this while working in a web app. Since the user count would be low we went for using Cognito and Amplify's Auth library (only that lib the rest is CDK) to handle the communication with the Cognito.

The flow was:

  • We create a user pool with only "required"/Standard attributes and a pool client, ofc
  • afaik clients always have read/write permissions to required attributes "out-of-the-box" and clients therefore have those permissions.
  • We create a user manually since our use case was not being public (hence is not selfSign) therefore, the user receives a temporal password
  • the user authenticates, gets the NEW_PASSWORD code, the client shows up the form to fill details and change password (aka set the profile)
  • At this point it is required to collect's the user data, user inputs the new password, user sets the new password + requiredAttributes
  • bam error :D we can't update the attributes

The error I get:

{
  "__type":"InvalidParameterException",
  "message":"Invalid user attributes: name: Attribute cannot be updated.\n"
}

I know is long way to test it out but for me to help in the process I created a quick vue-client using CDK to set up a Congito pool and client using the amplify lib to handle the login and set password. feel free to test it out with that code :)
https://github.com/arnulfojr/aws-congito-user-pool-test-client

Usage of the client:
https://github.com/arnulfojr/aws-congito-user-pool-test-client/blob/master/src/components/HelloWorld.vue#L73-L93
the Cognito stack: https://github.com/arnulfojr/aws-congito-user-pool-test-client/blob/master/infrastructure/stack.ts
amplify config: https://github.com/arnulfojr/aws-congito-user-pool-test-client/blob/master/src/plugins/aws-auth.js
setup.sh: https://github.com/arnulfojr/aws-congito-user-pool-test-client/blob/master/setup.sh

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label May 14, 2020
@nija-at nija-at added the effort/medium Medium work item – several days of effort label May 22, 2020
mergify bot pushed a commit that referenced this issue Jun 8, 2020
@arnulfojr
feat(cognito): allow mutable attributes for requiredAttributes (#7754)
1fabd98 
I've taken the liberty to implement a preview, refer to #7752

Any feedback is welcome!

BREAKING CHANGE: `requiredAttributes` on `UserPool` construct is now replaced with `standardAttributes` with a slightly modified signature.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@nija-at
Copy link
Contributor

nija-at commented Jun 8, 2020

Merged - 1fabd98

@nija-at nija-at closed this as completed Jun 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nija-at nija-at

Labels
@aws-cdk/aws-cognito Related to Amazon Cognito effort/medium Medium work item – several days of effort feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arnulfojr @nija-at @SomayaB