aws cognito attribute 'address' doesn't follow its own documentation - amazon-web-services

I was looking through aws docs at https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html as I needed to update the address for a user. According to the docs it says it follows the openID spec which for an address is a json object. However it errors on anything that is not a string.
I'm using the aws cli and calling it like so:
aws cognito-idp admin-update-user-attributes --user-pool-id my_user_pool --username a#b.com --user-attributes Name=address,Value={"street_address": "123 Fake Street","locality": "Somewhere","postal_code":"AA1 1AA"}
the following also doesn't work:
aws cognito-idp admin-update-user-attributes --user-pool-id my_user_pool --username a#b.com --user-attributes Name=address,Value="123 Fake Street, Somewhere"
Parameter validation failed:
Invalid type for parameter UserAttributes[0].Value, value: ['123 Fake
Street', 'Somewhere'], type: <class 'list'>, valid types: <class 'str'>
Am I inputting something wrong or is aws docs incorrect and only allowing strings through

I just ran into this issue as well, I couldn't find a solve in any of the AWS documentation but if you escape the comma it works.
aws cognito-idp admin-update-user-attributes --user-pool-id my_user_pool --username a#b.com --user-attributes Name=address,Value="123 Fake Street\, Somewhere"

Related

How do admin create user in cognito aws using AWS CLI Builder?

aws cognito-idp admin-create-user --user-pool-id us-west-2_####### --username test --user-attributes Name="name",Value="demo" Name="email",Value="demo#mail.com" Name="family_name",Value="test" Name="birthdate",Value="01-01-1999" Name="gender",Value="female" Name="middle_name",Value="demo" --region ap-southeast-2 --output json
error--
An error occurred (UserLambdaValidationException) when calling the AdminCreateUser operation: PreSignUp failed with error cannot unpack non-iterable NoneType object.
create new user in awsclibuilder

aws cognito-idp list-users : filter by email domain?

I can filter on addresses that start with "john#"
aws cognito-idp list-users --user-pool-id my-pool --filter "email ^= \"john#\"" --limit 20
Is it possible to filter on ends with "#gmail.com"?
Not at the moment. You can follow this issue to see if in the future they add this feature: https://github.com/aws/aws-sdk-js/issues/3136
Yes it is possible.
If you use the --query instead of --filter you can query on anything in the resulting response by using JMESPath.
So to filter out #gmail.com you can do:
aws cognito-idp list-users --user-pool-id my-pool --query 'Users[?Attributes[?Name==`email` && contains(Value, `gmail.com`)]]

aws-cli: getting error "argument --user-pool-id is required"

I am trying to get user information from cognito user pool using aws-cli. According to aws-cli documentation the synopsis should be like this:
admin-get-user
--user-pool-id <value>
--username <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
I have tried with these:
aws cognito-idp admin-get-user us-west-2_MMyZYq4B1 mahbubur.rahman
aws cognito-idp admin-get-user --us-west-2_MMyZYq4B1 --mahbubur.rahman
but getting error aws: error: argument --user-pool-id is required.
what's wrong??
user-pool-id and username are the option key:
--user-pool-id <value>
--username <value>
So the command should be:
aws cognito-idp admin-get-user --user-pool-id us-west-2_MMyZYq4B1 --username mahbubur.rahman

How to generate access token for an AWS Cognito user?

I' using Cognito user pool for securing my API gateway . Now I would like to make requests to my API using postman but I need to pass in Authorization token as the API is secured. Is there any AWS CLI command or REST API to generate auth tokens(by passing username/password)? I have searched documentation but couldn't find any examples. Thanks for your help.
You can do this using the following CLI commands:
Register a user
aws cognito-idp sign-up --region {your-aws-region} --client-id {your-client-id} --username admin#example.com --password password123
Confirm user registration
aws cognito-idp admin-confirm-sign-up --region {your-aws-region} --user-pool-id {your-user-pool-id} --username admin#example.com
Authenticate (get tokens)
aws cognito-idp admin-initiate-auth --region {your-aws-region} --cli-input-json file://auth.json
Where auth.json is:
{
"UserPoolId": "{your-user-pool-id}",
"ClientId": "{your-client-id}",
"AuthFlow": "ADMIN_NO_SRP_AUTH",
"AuthParameters": {
"USERNAME": "admin#example.com",
"PASSWORD": "password123"
}
}
You should get a response like this if everything is set up correctly:
{
"AuthenticationResult": {
"ExpiresIn": 3600,
"IdToken": "{your-idtoken}",
"RefreshToken": "{your-refresh-token}",
"TokenType": "Bearer",
"AccessToken": "{your-access-token}"
},
"ChallengeParameters": {}
}
Use the following command to generate the auth tokens, fill in the xxxx appropriately based on your cognito configuration,
aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --client-id xxxx --auth-parameters USERNAME=xx#xx.com,PASSWORD=xxxx
Note: You can use any one username or password under applicable cognito user pool.
The client can be found under general settings--> app client
The AccessKeyId and SecretAccessKey is not required as it already defined while setting up the aws cli. If not done use the following link to set that up first
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
There is an AWS CLI command to generate Auth Tokens. You can use InitiateAuth CLI Command for this.
Note: Make sure you have done the UserPool configuration matching the expected tokens.

How pass json value for admin-update-user-attributes operation via cli in aws?

Consider the example:
aws cognito-idp admin-update-user-attributes --user-pool-id myUserPollId
--username myUser
--user-attributes [{"Name": "custom:roles","Value": "ROLE1,ROLE2"}] --region us-east-1
This gets me error:
Invalid JSON:
[{Name:
You can always try using shorthand syntax:
--user-attributes Name="custom:roles",Value="ROLE1,ROLE2"
If you really want to use the JSON syntax, try this:
--user-attributes '[{"Name" : "custom:roles","Value" : "ROLE1,ROLE2"}]'
Ensure that the user-attributes list is enclosed in single quotes
--user-attributes '[{"Name": "phone_number", "Value": "+123434532"},
{"Name": "name", "Value":"name_your"}]'
In case someone get stuck in the same problem again, below are the tested steps to have user attributes updated via aws cli with json file.
Step 0: Setup AWS CLI in case you haven't already. Mac users can run:
brew install awscli
Step 1: Have a valid json handy with you, saved in a file. Sample json with valid format:
{
"UserAttributes": [{
"Name": "custom:additional-attribute1",
"Value": "Value for additional attribute 1"
},
{
"Name": "custom:additional-attribute2",
"Value": "Value for additional attribute 2"
}
]
}
Step 2: Run the following in your console:
aws cognito-idp admin-update-user-attributes --user-pool-id XX-XXXX-X_XXXXXXXXX --username XXXXX#XXXXX.com --cli-input-json file:///Users/YOUR_PATH_TO_THE_FILE/user-attributes.json
Parameters:
--user-pool-id :: Your user pool ID.
--username :: The user you want to udpate.
--cli-input-json :: This is the command that loads json file and parses it.
That's it. If your json is valid and aws cli authorises, the given user record should be updated instantly.