问题
I'm trying to login in Cognito via another OAuth. I added OIDC provider to Cognito Userpool. I setup attribute mappings for this new OIDC "email" -> "Email". In attributes permissions are all permission checked for read and also write.
I can successfully log in through cognito via this OIDC, but there is no attribute email in user. Any idea why ?
I tried manually hit user info endpoint with access token and in response there is email. I dont know why Cognito is not able to get it.
I tried also use Auth0 as OIDC provider and everything works fine, but I can't see any difference between them.
This is OIDC provider: https://authtest.sportlink.com/.well-known/openid-configuration
回答1:
Only thing I can think of is that perhaps the scopes are missing email.
If you edit the OIDC connection make sure that email is in the "Authorize scope" section.
I also use OIDC and it does map email for me.
来源:https://stackoverflow.com/questions/51324778/aws-cognito-attributes-openid