Menu
I'm using AWS Cognit, and when validating the access token I need to extract the email attribute to handle some migration cases between the app's database and Cognito.
but the issue is that I can't find the email in the token; instead, I get a username, which is a UUID.
is there any way to include the email to the access token (without making an extra call to pre-token-generation-lambda)?
641
asked Sep 17 '25 13:09
This is not currently supported. Your backend can however send the access token to the Cognito user info endpoint to get the email.
You can then produce a useful claims principal containing the email. Then cache the extra claims for subsequent backend requests. See this code of mine for an example.
198
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
