search

NabuCasa / pycognito

Python library for using AWS Cognito. With support for SRP.
Apache License 2.0
129 stars 39 forks source link

Get_Users returning everything #21

Open chrisspen opened 3 years ago

chrisspen commented 3 years ago

Is there a way to do a case-insensitive search of a username?

I'm trying to do:

cog = Cognito(...)
users = cog.get_users(attr_map={"username":"someUserName"})

However, the list of users returned appears to be everything in my pool. Is this the expected behavior, or am I using this incorrectly?

How would I find a user called "someusername" vs "someUserName"? I've found that the search feature in the AWS Cognito user search page is case-sensitive, which makes searching very error prone when usernames may contain inconsistent casing.

jusexton commented 3 years ago

By no means am I an expert on this topic, but a quick search suggests that user pools can be configured to be case sensitive or insensitive. https://aws.amazon.com/blogs/security/how-to-set-case-sensitivity-in-the-amazon-cognito-console/

I would suggest to make sure your user pool is configured to be case sensitive. User pools are by default case insensitive.

If your user pool is case insensitive I would assume the above is the expected behavior. However, if the user pool is case sensitive the above is definitely unwanted behavior.