Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Amazon Cognito "A client attempted to write unauthorized attribute"

I'm using the JavaScript SDK for AWS Cognito, and there are a couple of custom attributes that I just can't seem to save to and can't see why.

The problem attributes are mutable string fields as follows:

custom: role
custom: recruitingrole
custom: title

Other custom fields in the same request seem to update OK. Specifically, these ones seem to work:

custom:division
custom:linkedin
custom:location
custom:bio

When I submit via the SDK, this is returned:

{"__type":"NotAuthorizedException","message":"A client attempted to write unauthorized attribute"}

Here is the data that is sent, as show in the Chrome developer console network output:

{
    "AccessToken": "",
    "UserAttributes": [{
        "Name": "name",
        "Value": "Steve Austin"
    }, {
        "Name": "custom:company",
        "Value": "OSI"
    }, {
        "Name": "custom:division",
        "Value": "Bionics"
    }, {
        "Name": "custom:recruitingrole",
        "Value": "other"
    }, {
        "Name": "custom:linkedin",
        "Value": "http://www.linkedin.com"
    }, {
        "Name": "custom:location",
        "Value": "Mexico City, Mexico City, Mexico"
    }, {
        "Name": "custom:bio",
        "Value": "A man barely alive."
    }]
}

Can anyone suggest why I can't save to these attributes?

thanks

like image 235
Duke Dougal Avatar asked May 17 '17 01:05

Duke Dougal


3 Answers

Of course the answer became clear the moment I finished posting on StackOverflow.

The problem was that I had not set permissions for these attributes in the app associated with the user pool. The documentation should make this requirement clear where it discusses custom attributes.

enter image description here

like image 128
Duke Dougal Avatar answered Oct 17 '22 12:10

Duke Dougal


Just highlighting the answer from @mvandillen:

General settings -> App clients -> Show details -> Set attribute read and write permissions link

like image 80
Martin Rázus Avatar answered Oct 17 '22 12:10

Martin Rázus


For anyone that stumbles upon this question:

Like the others suggested, you should enable the writable attributes. But if that doesn't work, make sure you use the custom: prefix:

await Auth.signUp({
      username: email,
      password: password,
      attributes: {
        'custom:firstName': firstName,
        'custom:lastName': lastName,
        'custom:countryCode': countryCode
      }
    })
like image 20
Christiaan Maks Avatar answered Oct 17 '22 13:10

Christiaan Maks