search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.33k stars 3.76k forks source link

aws-cognito: UserPoolIdentityProviderOidc does not support `email_verified` as attributeMapping #30467

Open mirkods opened 2 weeks ago

mirkods commented 2 weeks ago

Describe the bug

Hi all,

I'm configuring a custom OpenId provide on my cognito user pool. I'd like to auto_verified emails since the openId provider give me this information.

I noticed that in the AWS console I can map the email_verified field on a field that my OpenId provided provides to me but looks like that the email_verified field is not expose as a property of the construct UserPoolIdentityProviderOidc under attributeMapping key.

I expect to use this code:

new cognito.UserPoolIdentityProviderOidc(this, 'custom',{
        name: '...',
        userPool: this.userPool,
        clientId: '...',
        attributeMapping: {
          email: cognito.ProviderAttribute.other('email'),
          email_verified: cognito.ProviderAttribute.other('email_verified'),
      }
    )

Expected Behavior

I expect that using this field the email is automatically verified at the signup time

Current Behavior

Actually this field is not available as property of the object attributeMapping

Reproduction Steps

Using this code:

new cognito.UserPoolIdentityProviderOidc(this, 'custom',{
        name: '...',
        userPool: this.userPool,
        clientId: '...',
        attributeMapping: {
          email: cognito.ProviderAttribute.other('email'),
          email_verified: cognito.ProviderAttribute.other('email_verified'),
      }
    )

Typescript notifies that email_verified is not a know property.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.1628.0

Framework Version

No response

Node.js Version

18.18.2

OS

MacOs 14.5

Language

TypeScript

Language Version

No response

Other information

No response

pahud commented 2 weeks ago

Looks like email_verified is not in AttributeMapping. We probably need a PR to add that. Feel free to submit a PR if you are interested.

ref: https://repost.aws/knowledge-center/cognito-email-verified-attribute

mirkods commented 2 weeks ago

Hi @pahud,

thanks for your input. PR done 🤞🏻