AWS Cognito NotAuthorizedException A client attempted to write unauthorized attribute

Question

I'm using AWS Cognito and aws-cpp-sdk for my application. I defined a user pool and an application, then I got app client id and app secret. I can create user pool object:

    Aws::Client::ClientConfiguration clientConfig;
    clientConfig.region =
        Aws::Region::EU_CENTRAL_1;  // "RegionEndpoint.EUCentral1";
    clientConfig.scheme = Aws::Http::Scheme::HTTPS;
    clientConfig.connectTimeoutMs = 30000;
    clientConfig.requestTimeoutMs = 600000;

    CognitoIdentityProviderClient client;
    client = CognitoIdentityProviderClient(clientConfig);

    DescribeUserPoolClientRequest describeUserPoolClientRequest;
    describeUserPoolClientRequest.WithUserPoolId(POOL_ID)
        .WithClientId(TEST_APP_CLIENT_ID);
    DescribeUserPoolClientOutcome describeUserPoolClientOutcome =
        client.DescribeUserPoolClient(describeUserPoolClientRequest);

After I defined an user with SignUpRequest, there was an error like this: NotAuthorizedException A client attempted to write unauthorized attribute

This is my signup code:

    SignUpRequest signUpRequest;
    signUpRequest.SetClientId(describeUserPoolClientOutcome.GetResult()
                                  .GetUserPoolClient()
                                  .GetClientId());
    signUpRequest.SetUsername("xxxxx");
    signUpRequest.SetPassword("xxxxxx?");
    AttributeType email, phone_number, gender, given_name, family_name, picture;
    email.WithName("email").WithValue("[email protected]");
    phone_number.WithName("phone_number").WithValue("+xxxxx");
    given_name.WithName("given_name").WithValue("xxx");
    family_name.WithName("familiy_name").WithValue("xxx");
    gender.WithName("gender").WithValue("MALE");
    picture.WithName("picture").WithValue(
        "http://xxxx");
    signUpRequest.AddUserAttributes(email);
    signUpRequest.AddUserAttributes(phone_number);
    signUpRequest.AddUserAttributes(given_name);
    signUpRequest.AddUserAttributes(family_name);
    signUpRequest.AddUserAttributes(gender);
    signUpRequest.AddUserAttributes(picture);

    SignUpOutcome signUpOutcome = client.SignUp(signUpRequest);

What is the problem? How can I solve it?

Answer 1

In the AWS website go to your User Pool -> Apps -> Show Details -> Set attribute read write permissions. Make sure every attribute you are trying to write i in the writeable attributes list and they have a checkmark.

Answer 2

I have same problem but it was resolved by adding custom: in other attributes. While you are adding custom attributes you need to add

custom:family_name