Open dnys1 opened 2 years ago
To allow backwards compat with older clients that were incorrectly generating "cognito:username", we can explicitly check for this case:
In the default logic (2), should solve this issue, since the identityClaim is "cognito:username" and provider is ODIC should fall into this case.
Swift issue and proposed code change: https://github.com/aws-amplify/amplify-swift/issues/1467#issuecomment-1155653764
Before opening, please confirm:
Language and Async Model
Not applicable
Amplify Categories
GraphQL API, DataStore
Gradle script dependencies
Environment information
Please include any relevant guides or documentation you're referencing
https://docs.amplify.aws/lib/graphqlapi/authz/q/platform/android/#oidc
Describe the bug
Cognito Identity Tokens cannot be used with owner auth due to logic in core switching the "cognito:username" identity claim for "username".
Cognito ID tokens and Access Tokens have different structures. This logic in core seems to be accommodating changes to the latter; however, as a result, it seems to have also broken the former.
From Cognito docs:
ID Token Payload
Access Token Payload
Reproduction steps (if applicable)
Code Snippet
Log output
amplifyconfiguration.json
GraphQL Schema
Additional information and screenshots
No response