✅ - New cognito pool for Amplify auth | AWS Amplify | Page 1

errant crow Mar 17, 2024, 6:43 PM

#

I setup Amplify auth with fields like given_name and family_name as required, but as I'm trying to setup Google sign in, I'm realizing that if the user doesn't have these fields configured as public, then the callback after signing up fails with an error saying that these fields are required. I can't update the fields in Amplify, and I have done this on my backend environments for dev, staging and prod. Is the right way to fix this to go back and run amplify auth remove on the current auth configuration then run amplify auth add for each of these 3 environments? We haven't launched yet, so not a big deal if I lose the existing prod users.

errant crow Mar 18, 2024, 5:05 PM

#

bump

errant crow Mar 19, 2024, 5:18 PM

#

Future readers: amplify api update, remove cognito user pools as an auth method from your API then amplify auth remove you may have to remove the auths from yours graphQL schema. I did but I don't know if I needed to. Then amplify auth add to add the new user pool.

warped coyote Mar 20, 2024, 8:02 PM

#

Once the user attributes are configured there is no way to really revert from my understanding. Historically when testing I would just rebuild the auth. You do have to remove permissions for your api when you scope it… that’s the timely process.
As for why the Google sign up doesn’t have these attributes available, not really sure as I don’t use any sort of social provider sign in 😦

errant crow Mar 22, 2024, 7:42 PM

#

Also, after doing this I ran into an HTTP 400 after signing in that was due to this issue: https://stackoverflow.com/questions/44043289/aws-invalid-identity-pool-configuration-check-assigned-iam-roles-for-this-poo

I had to find the right role in IAM then add in a trust policy:

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "cognito-identity.amazonaws.com"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "cognito-identity.amazonaws.com:aud": "<identity pool id here>"
                },
                "ForAnyValue:StringLike": {
                    "cognito-identity.amazonaws.com:amr": "authenticated"
                }
            }
        }
    ]
}```

mystic hollowBOT Mar 22, 2024, 8:24 PM

#

✅ - New cognito pool for Amplify auth

#✅ - New cognito pool for Amplify auth