- 最新
- 投票最多
- 评论最多
Hi, Currently it is not possible to add custom claims to access-token, if you just want to know which user pool has been used to authenticate the user then you can use the "iss" claim which has the issuer user-pool-id in it, you will need to keep a mapping between user-pool-id and tenant-id in your backend and lookup this mapping in your application when needed.
Having a group that all users belong to is a good idea as well if this allows you to propagate the information you need about tenants without having to keep an external storage, another option is to use usernames that are combination of tenant-id and username, the username gets propagated to access-token as well.
Seems like you should be able to add claims if you use this lambda hook - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
相关内容
- AWS 官方已更新 2 年前