Open maziarzamani opened 1 year ago
Hey @maziarzamani :wave: thanks for raising this! These attributes can be mapped in an auth override https://docs.amplify.aws/cli/auth/override/#customize-amplify-generated-cognito-auth-resources-with-social-providers
Hey @maziarzamani 👋 thanks for raising this! These attributes can be mapped in an auth override https://docs.amplify.aws/cli/auth/override/#customize-amplify-generated-cognito-auth-resources-with-social-providers
I actually forgot to mention this in the post, but I attempted using the override.ts file and adding the resource manually, however I ran into an issue which is that this override removes "domain" information on the Cognito endpoint, which seems to have a domino effect on the aws-export file which does not refer to the correct endpoint if set manually. This is not ideal :-/
Hey @maziarzamani ahh that makes sense. Are you encountering an issue where modifying a value in the override does not also override the value in aws-exports? Or is this a case where the override is effectively breaking aws-exports?
Hey @maziarzamani ahh that makes sense. Are you encountering an issue where modifying a value in the override does not also override the value in aws-exports? Or is this a case where the override is effectively breaking aws-exports?
So this is what happens:
a. If i enable Google login through amplify cli, the custom domain is also generated and aws-export is as it should be b. If i enable Google login through the override.ts, the custom domain is obviously not created as I have to do this manually, furthermore the aws-export is scrambled with a. random endpoint.
Hey @maziarzamani thanks for clarifying! Unfortunately configuring this through overrides will not produce the expected output in aws-exports.js
, and it would instead be advised to capture these outputs manually using a post-push command hook and write to this file or another file that your frontend has access to read.
Can you try writing this in amplify/backend/auth/<resource-name>/cli-inputs.json
in the hostedUIProviderMeta
property? Apologies for the confusion
"hostedUIProviderMeta": "[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"username\":\"id\"}}]",
Hey @maziarzamani thanks for clarifying! Unfortunately configuring this through overrides will not produce the expected output in
aws-exports.js
, and it would instead be advised to capture these outputs manually using a post-push command hook and write to this file or another file that your frontend has access to read.Can you try writing this in
amplify/backend/auth/<resource-name>/cli-inputs.json
in thehostedUIProviderMeta
property? Apologies for the confusion"hostedUIProviderMeta": "[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"username\":\"id\"}}]",
I tried to add given_name
and family_name
which basically triggered an update, but it did not change attribute mapping on the SSO. This seems a bit odd?
"hostedUIProviderMeta": "[{\"ProviderName\": \"Google\", \"authorize_scopes\": \"openid email profile\", \"AttributeMapping\": {\"email\": \"email\", \"username\": \"sub\", \"given_name\": \"given_name\", \"family_name\": \"family_name\"}}]",
Hey @maziarzamani thanks for clarifying! Unfortunately configuring this through overrides will not produce the expected output in
aws-exports.js
, and it would instead be advised to capture these outputs manually using a post-push command hook and write to this file or another file that your frontend has access to read.Can you try writing this in
amplify/backend/auth/<resource-name>/cli-inputs.json
in thehostedUIProviderMeta
property? Apologies for the confusion"hostedUIProviderMeta": "[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"username\":\"id\"}}]",
I tried this, but it didn't change anything..
Hey @maziarzamani :wave: apologies for the delay on this one! I have found that if you push the changes to attribute mapping after you've added a provider or removed a provider, it will cause the Lambda callout to fire and update the social providers with the new attribute mapping. This is suitable as a workaround, but please keep in mind subsequent amplify update auth
executions may overwrite this attribute mapping.
Marking this as investigating
Hey @maziarzamani 👋 apologies for the delay on this one! I have found that if you push the changes to attribute mapping after you've added a provider or removed a provider, it will cause the Lambda callout to fire and update the social providers with the new attribute mapping. This is suitable as a workaround, but please keep in mind subsequent
amplify update auth
executions may overwrite this attribute mapping.Marking this as investigating
Yeah this is clearly the problem I ran into :-/
Marking as a bug to address the issue where updating corresponding attributes in auth's cli-inputs.json
does not update the social providers (given the custom Lambda callout does not run).
Thank you @josefaidt
Is this feature request related to a new or existing Amplify category?
auth
Is this related to another service?
Cognito
Describe the feature you'd like to request
Hi there.
I was wondering if there is a programmatically way to setup Attribute Mapping for SSO login (Google and Apple).
I am specifically attempting to map, firstName, lastName and birthdate if they are available.
As far as I can see it is possible to do manually in Cognito Console?
Thanks.
Describe the solution you'd like
A programatic way to enable these attributes with the CLI
Describe alternatives you've considered
Manually adding them via the console.
Additional context
No response
Is this something that you'd be interested in working on?
Would this feature include a breaking change?