AWS Cognito: Add custom claim/attribute to JWT access token

aws-lambda amazon-cognito
Hiren Makwana picture Hiren Makwana · Jul 10, 2019 · Viewed 7.5k times · Source

My app creates a custom attribute "userType" for each new signed-up user. Now I would like this "userType" claim/attribute to be added to the JWT access token whenever the user signs in or the token gets refreshed.

Is there an option to tell cognito to add my custom claim/attribute to the JWT access token? (Without a pre token generation Lambda)

Answer

stackOp picture stackOp · Jun 15, 2020

Custom attributes are not available in Cognito access token. Currently it is not possible to inject additional claims in Access Token using Pre Token Generation Lambda Trigger as well. PreToken Generation Lambda Trigger allows you to customize identity token(Id Token) claims only.

Related questions

Using an api key in amazon api gateway

I have created an api key and added it to my functions. I have then deployed the api and tested it but still get: "message": "Forbidden" How do I pass the api key with my JSON request as I have …

Read More
Cognito User Pool: How to refresh Access Token using Refresh Token

I am using Cognito user pool to authenticate users in my system. A successful authentication gives an ID Token (JWT), Access Token (JWT) and a Refresh Token. The documentation here, clearly mentions that the refresh token can be used to …

Read More
How to get the Cognito Identity id in AWS Lambda

How can I get the identity id of the user (logged in by AWS Cognito) that invoked an AWS Lambda function? Do I have to use the SDK on the Lambda function to get the identity id?

Read More