Cognito identity provider's atrribute mapping keeps changing, causing error in triggers.

artidataio commented 2 years ago

Before opening, please confirm:

[X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
[X] I have searched for duplicate or closed issues.
[X] I have read the guide for submitting bug reports.
[X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

How did you install the Amplify CLI?

No response

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

7.4.5

What operating system are you using?

Ubuntu

Amplify Categories

auth

Amplify Commands

update

Describe the bug

Cognito atrribute mapping keeps changing. When using identity provider Oauth 2.0 like Google and Facebook. You can configure the Attribute mapping in your cognito console. After setting it up, I will use these attributes in my cognito triggers, such as custom user pool attributes. However, in production all of a sudden attribute mapping change, name, picture, email_verified no longer mapped. This will prevent user sign up and sign in while in production.

Expected behavior

The attribute mapping doesn't change, so my cognito triggers can run smoothly.

Reproduction steps

I have tried many ways to reproduce the bugs. I have tried isolating auth update and do the amplify push. But the attribute mapping doesn't change, So yeah, I can't find it. But I am very certain it is there. It will always show up when I am trying to do a product demo. So yeah, that's a painful bug.

GraphQL schema(s)

```graphql # Put schemas below this line ```

Log output

``` # Put your logs below this line ```

Additional information

No response

lazpavel commented 2 years ago

Hi @artidata, updating amplify resources outside CLI is not supported. Closing the ticket as per no steps to reproduce. Please reopen if you find a way to reproduce the issue.

artidataio commented 2 years ago

I think it's this line in cli-inputs.json of the auth backend:

 "hostedUIProviderMeta": "[{\"ProviderName\":\"Google\",\"authorize_scopes\":\"openid email profile\",\"AttributeMapping\":{\"email\":\"email\",\"username\":\"sub\"}}]",

That keeps overriding my cognito Attribute mapping set up. However, no cli input can actually override these values.

artidataio commented 2 years ago

Yeap, this line override my cognito oauth attribute mapping setup. I can rewrite it manually, but everytime I am running cli command amplify update auth this line will get overwritten again.

cnbrkkaya commented 2 years ago

Hi @artidata, I am also having this problem. Have you tried to use amplify override ? Maybe you can customize attribute mappings for your user pool?

@lazpavel do you think it is a good idea?

walkingtospace commented 1 year ago

any update? this behavior really break our team collaboration on the same env as it changes the Cognito attribute whenever we run 'amplify push xxx'.

seongwoobyun commented 1 year ago

ditto

redjonzaci commented 6 months ago

Any update on this or do I need to open a new issue?

aws-amplify / amplify-cli