#✅ - External auth provider created different user and does not capture email

export const auth = defineAuth({
loginWith: {
email: true,
externalProviders: {
callbackUrls: [
"http://localhost:3000/authenticate",
"https://www.redon.ai/authenticate",
"https://main.d376h48d6ioxyy.amplifyapp.com/authenticate",
],
logoutUrls: [
"http://localhost:3000",
"https://www.redon.ai/",
"https://main.d376h48d6ioxyy.amplifyapp.com/",
],
google: {
scopes: ["email"],
clientId: secret("GOOGLE_CLIENT_ID"),
clientSecret: secret("GOOGLE_CLIENT_SECRET"),
attributeMapping: {
email: "email",
preferredUsername: "email",
},
},
},
},
userAttributes: {
email: {
required: true,
mutable: false,
},
},
});

This is my defineAuth. I have mapped attributes and external provider google.
But when I login through email password and then through google. it creates 2 different users.

External auth provider created different user and does not capture email

Hi @ripe tree Is the issue that a user can signup and login to the User Pool with the same email as a Google federated user?

If so, this might be expected behavior. There is a difference between local users and federated users in a User Pool, each creates a user with a unique sub.

I'll reach out to the team to confirm though.

So, to address this you can link federated users to an existing local user profile before their first login using a Pre sign-up Lambda trigger:

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html#:~:text=When a federated user signs,mapping rules for the IdP.

✅ - External auth provider created different user and does not capture email