Unable to read `email_verified` from the Cognito adminGetUser API

Question

I have a Cognito user whose email is “Not verified”:

![Example from Cognito dashboard](/media/postImages/original/IMWydq_LIoSTm0t110aJE2vw)

When I query them, I see nothing about `email_verified` in the API response:

```javascript
const AWS = require('aws-sdk');
const cognitoIsp = new AWS.CognitoIdentityServiceProvider();
await cognitoIsp.adminGetUser({ UserPoolId: userPoolId, Username: username }).promise();

{
  Username: '9dXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX86',
  UserAttributes: [
    { Name: 'sub', Value: '9dXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX86' },
    { Name: 'email', Value: 'syXXX@XXXXXXXX.com' },
    {
      Name: 'custom:identity_id',
      Value: 'us-east-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
    }
  ],
  UserCreateDate: 2023-12-08T15:41:25.328Z,
  UserLastModifiedDate: 2023-12-08T15:46:47.209Z,
  Enabled: true,
  UserStatus: 'CONFIRMED'
}
```

I understand that I can set `email_verified` using the API (e.g., [this docs page](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html)). **But how can I read that state of email_verified from the API??**

Accepted Answer

It looks like the issue was that my perms for Cognito needed to add “email_verified” as a readable attribute. From [this SO post](https://stackoverflow.com/a/53680414):

> Go to: General settings -> App clients -> Show details -> Set attribute read and write permissions link and check off Readable Attributes: Email Verified

Since I’m using Cognito with AWS Amplify, I was able to run `amplify update auth` and eventually find my way to that setting. FWIW, that triggered an issue with Amplify where it wiped all my App Client information because I have different settings for different environments as documented in [this github issue](https://github.com/aws-amplify/amplify-cli/issues/5401).

Unable to read `email_verified` from the Cognito adminGetUser API

関連するコンテンツ