How to add array values in Claims of IdToken in Cognito using claimsToAddOrOverride

Question

I am using Pre Token Generation to update the claims of IdToken.

I am successfully able to update claim using single key:value pair. Below is the sample example of that.

event["response"] = {"claimsOverrideDetails":{"claimsToAddOrOverride":{"scope": "test.debug"}}}

But when i am trying to add array of string inside that, it giving me internal server error (Response from AWS Cognito)

Ex:

event["response"] = {"claimsOverrideDetails":{"claimsToAddOrOverride":{"scope": ["test1","test2]}}}

It is working fine using 'Test' option of lambda function.

If i am using groupsToOverride then it is overriding the cognito:groups claim.

Any help?

Answer 1

I think this must be a bug with Cognito and unfortunately will require a workaround until it's resolved.

It's not ideal I know, but I've worked around this issue by using a delimited string which I then parse to an array when I receive the token.

Lambda:

exports.handler = (event, context, callback) => {
    event.response = {
        "claimsOverrideDetails": {
            "claimsToAddOrOverride": {
                "scope": "test1|test2"
            }
        }
    };

    // Return to Amazon Cognito
    callback(null, event);
};

Client:

const token = jwt.decode(id_token);
const scopes = token.scope.split('|');