Closed waltertschwe closed 6 days ago
Thanks for reaching out. The Boto3 admin_link_provider_for_user command involves a call to the underlying AdminLinkProviderForUser API, so this issue relates to the API behavior rather than Boto3 directly.
You referenced an AWS CLI version but not a Boto3 version — which version of Boto3 are you using? The latest is 1.34.126, and we recommend updating to a recent version if you have not already.
The error you shared (Invalid SourceUser: Cognito users with a username/password may not be passed in as a SourceUser, only as a DestinationUser
) has been reported a few other times across GitHub:
I think what may be happening is that the link is successful and then subsequent API calls fail with that error. This is probably something that we would want to reach out to the Cognito team for and see if there could be a better error message or documentation to describe the current behavior.
Before we review this further, can you share your debug logs (with sensitive info redacted) by adding boto3.set_stream_logger('')
to your script? That could help give more insight into the underlying issue.
@tim-finnigan
Boto version:
>>> boto3.__version__
'1.34.44'
Debug logging:
Thanks!
Thanks for following up. I'll reach out to the Cognito team and try to get more info here. I also created a tracking issue for this in our cross-SDK repository since APIs like these are used across AWS SDKs. Please refer to https://github.com/aws/aws-sdk/issues/766 for updates going forward.
This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.
Describe the bug
When linking a cognito user to okta by making a call like this:
I get a success back. When I try to make a subsequent call using the same username and a different okta_id I get the following error: . Error: An error occurred (InvalidParameterException) when calling the AdminLinkProviderForUser operation: Invalid SourceUser: Cognito users with a username/password may not be passed in as a SourceUser, only as a DestinationUser
Even though I get this error it looks like the linking is still made.
Expected Behavior
I would expect to be able to link multiple okta IDs to a cognito user as shown here:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html
Current Behavior
Error: Error: An error occurred (InvalidParameterException) when calling the AdminLinkProviderForUser operation: Invalid SourceUser: Cognito users with a username/password may not be passed in as a SourceUser, only as a DestinationUser
Reproduction Steps
Possible Solution
No response
Additional Information/Context
No response
SDK version used
aws-cli/1.22.34 Python/3.10.12 Linux/6.5.0-1020-aws botocore/1.34.38
Environment details (OS name and version, etc.)
AWS Workspace Ubuntu