By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cognito issue with Google and Apple

2

In the last days I've been having an annoying problem with Cognito and logging in, both with Google and with Apple. After successfully logging in with both providers the same error is returned:

Invalid+user+attributes%3A+_amzn-auth.login_attributes%3A+The+value+of+attribute+_amzn-auth.login_attributes+is+an+empty+list+which+is+not+allowed

The service was tested and working, it suddenly stopped working. No changes were made to the user pool configuration. The fact that it happens with both providers makes me think there is a malfunction in Cognito. Anyone can help me? Thanks

  • Ray
    3 months ago

    hey, im running into the same issue. Debugged for many hours. im assuming its an issue from AWS side then

    specifically it is unable to create account, i can still login with google. but definitely something wrong with cognito that broke a few days ago.

Topics
Security, Identity, & Compliance
Tags
Amazon CognitoAmazon Cognito Federated Identities
Language
English
giaesp
asked 3 months ago262 views
1 Answer
0

Since you're having issues with different providers, that suggests there is an issue on Cognito itself. I would suggest you: -Check Recent Changes: Even though you mentioned that no changes were made, it's worth reviewing any recent changes in the AWS environment that could affect Cognito. This includes changes in related services such as IAM roles, policies, or Lambda triggers associated with Cognito. -Review Attribute Mapping: In the Cognito console, review the attribute mappings for external providers to ensure that required attributes are correctly mapped from Google and Apple to Cognito user pool attributes. An empty list error might indicate an issue with the mapping configuration where Cognito expects certain attributes that are not being provided. -Examine App Client Settings: Verify the settings of your Cognito user pool's app client, especially the enabled identity providers and the attribute read and write permissions. Ensure that the configurations align with the requirements for using Google and Apple as identity providers. -Inspect Token Processing: If you have any Lambda triggers set up for pre or post-authentication processes, inspect the code to ensure that it's not modifying user attributes in a way that could lead to this error. The issue might arise if a Lambda function is incorrectly handling the attributes returned by the identity providers. -Test with AWS CLI or SDKs: Try to authenticate using the AWS Command Line Interface (CLI) or one of the AWS SDKs to see if the issue persists outside of your application environment. This can help isolate the problem to either the service or the application implementation. -Consult AWS Service Health Dashboard: Check the AWS Service Health Dashboard to see if any ongoing issues with AWS Cognito might be affecting its functionality. -Enable Logging: Increase the logging level for Cognito and monitor the logs in Amazon CloudWatch. This might provide more detailed insights into what's happening during the authentication process and why the error is being triggered.

profile picture
EXPERT
Giovanni Lauria
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content