Integrating Cognito with Okta requires `Schema` attribute `email` to be mutable

[collen-maxex]

When integrating Okta as an identity provider with the CognitoUserPool that CloudFormation creates it is required that the Schema defined here is created with Mutable: true. Example:

      Schema:
      - AttributeDataType: String
        Name: email
        Required: true
        Mutable: true

This value cannot be updated after the initial creation of a user pool.

To Reproduce

• Create a new instance of this stack via the serverless application repository
• Enable Okta as an identity provider in your newly created Cognito User Pool outlined here
• Try to login to the developer portal via the Okta identity provider
• You should receive this error or something similar email Attribute cannot be updated in the network tab of your web dev tools

I have confirmed updating the schema attribute to fix this problem.

This issue may also be helpful. It helped me.

The issue described is forcing me to "fork" the CloudFormation contained in this repository as a workaround which introduces a slew of other problems. For my use case it is not ideal to rely on only Cognito to manage user access to the developer portal since I rely on Okta for everything else.