Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

username property in access_token is different between using SRP_AUTH and hosted UI

0

Currently we have a field named 'username' which is a UUID for the user and an e-mail address field, which is used for logging into the application.

However, when logging in using the Hosted UI, the username field of the access_token is populated with the UUID field. But when logging in using SRP_AUTH with the Amplify module, the username property in the access_token is populated with the e-mail address.

Using the USER_PASSWORD_AUTH Flow, the access_token is populated with the username, but we cannot use this flow because it doesn't support MFA or device tracking.

We want a consistent access_token over all our apps, independent of the way we log in. How can we achieve this?

Themen
Frontend-Web & MobileSicherheit, Identität & KonformitätAWS Framework mit guter Struktur
Tags
Frontend-Web & MobileAWS AmplifyAmazon CognitoSicherheitAmazon Cognito-Benutzergruppen
Sprache
English
rePost-User-5111883
gefragt vor 2 Jahren223 Aufrufe
1 Antwort
0

I have limited information on the implementation to answer, like if you have multiple user pool or same, different app client for each or what is the attributes selected. However one caveat may be if you have enabled login with email or username, this value might toggle based on how user logs in.

AWS
Pravo
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt