Amazon Cognito "A client attempted to write unauthorized attribute"

Duke Dougal picture Duke Dougal · May 17, 2017 · Viewed 18.7k times · Source

I'm using the JavaScript SDK for AWS Cognito, and there are a couple of custom attributes that I just can't seem to save to and can't see why.

The problem attributes are mutable string fields as follows:

custom: role
custom: recruitingrole
custom: title

Other custom fields in the same request seem to update OK. Specifically, these ones seem to work:

custom:division
custom:linkedin
custom:location
custom:bio

When I submit via the SDK, this is returned:

{"__type":"NotAuthorizedException","message":"A client attempted to write unauthorized attribute"}

Here is the data that is sent, as show in the Chrome developer console network output:

{
    "AccessToken": "",
    "UserAttributes": [{
        "Name": "name",
        "Value": "Steve Austin"
    }, {
        "Name": "custom:company",
        "Value": "OSI"
    }, {
        "Name": "custom:division",
        "Value": "Bionics"
    }, {
        "Name": "custom:recruitingrole",
        "Value": "other"
    }, {
        "Name": "custom:linkedin",
        "Value": "http://www.linkedin.com"
    }, {
        "Name": "custom:location",
        "Value": "Mexico City, Mexico City, Mexico"
    }, {
        "Name": "custom:bio",
        "Value": "A man barely alive."
    }]
}

Can anyone suggest why I can't save to these attributes?

thanks

Answer

Duke Dougal picture Duke Dougal · May 17, 2017

Of course the answer became clear the moment I finished posting on StackOverflow.

The problem was that I had not set permissions for these attributes in the app associated with the user pool. The documentation should make this requirement clear where it discusses custom attributes.

enter image description here