There appears to be two different ids that identify users in an AWS Amplify project that uses AWS Cognito:
- “Cognito Identity Id” and…
- “Cognito Sub”
Is there any way to get a “Cognito Identity Id” purely from Cognito itself, using the CognitoIdentityServiceProvider
? For example, if a new user is created programmatically and there’s an associated table indexed on their “cognito identity id” and I want to set values in that table before the user logs in. It seems like it is only exposed in requests by that actual user.
For more context on what I understand these terms to be:
-
Cognito Identity Id
- Is this the id from the identity pool?
- This is a uuid with the region prefixed, e.g.,: "us-east-1:12345678-beef-cafe-face-1234567890ab"
- Accessed via:
- In frontend code with the Auth module:
Auth.currentUserInfo().then(user => user.id)
- In backend API requests for an authenticated user:
req.apiGateway.event.requestContext.identity.cognitoIdentityId
- Not available in the results of:
new AWS.CognitoIdentityServiceProvider().listUsers(params)
- Notes:
- This id is treated as a "userId" in various Amplify examples/docs
- I’ve seen examples of people saving this manually in Cognito with a custom parameter of "custom:identity_id", which can only be set during an authenticated request by that user
-
Cognito Sub
- This appears to be something like a unique id for the user pool?
- This is a uuid
- Accessed via:
- In frontend code with the Auth module:
Auth.currentUserInfo().then(user => user.attributes.sub)
- In backend API requests for an authenticated user:
req.apiGateway.event.requestContext.identity.cognitoAuthenticationProvider.match(/CognitoSignIn:([^:]+)$/)[1]
- In the results of CognitoIdentityServiceProvider queries