Custom attribute not passed into ID_TOKEN created by AWS Cognito

Question

I am not able to get custom attribute in ID_TOKEN returned from AWS Cognito after successful user login.

Steps I tried :

1.Created user pool 2.Created app client and checked the custom attribute(customattrib1,customattrib2)

User Pool screen :

Check custom attribute in app client config

3.Created user using admin-create-user api

Below image shows the value for user attributes:

4.Signed in user using aws-cognito-auth.js in client app.The ID token returned do not contain the custom attribute.

ID_TOKEN

{   "at_hash": "PKfjYDaiEty5mUOyJZlPQA",   "sub": "639d5016-2bd3-4c6f-b82d-21ae38071b09",   "email_verified": true,   "iss": "https://cognito-idp.ap-south-1.amazonaws.com/ap-south-1_XXXXXXX",   "phone_number_verified": true,   "cognito:username": "testuser",   "aud": "XYXYXYXYX",   "token_use": "id",   "auth_time": 1549349674,   "phone_number": "##########",   "exp": 1549353274,   "iat": 1549349674,   "email": "[email protected]" } 

I have already checked links below, which had some info regarding this issue, but nothing helped so far.

Adding Cognito custom attributes post pool creation?

Cognito User Pool custom attributes do not show up in the ID token if user pool is configured with a SAML identity provider

Cognito User Pool custom attributes do not show up in the ID token if user pool is configured with a SAML identity provider

https://www.reddit.com/r/aws/comments/a07dwg/cognito_add_custom_attribute_to_jwt_token/

Please help me figure out if I am missing something..

Answer 1

• In your Cognito user pool go to General Settings -> App Clients, then for each app client click on Show Details, then Set attribute read and write permissions. Check the checkbox next to your attribute name under Readable Attributes.
• In your Cognito user pool go to App client settings -> Allowed OAuth Scopes and enable profile scope.