How can you programmatically create a user in a Cognito User Pool?

CodyBugstein picture CodyBugstein · Jan 18, 2018 · Viewed 7.7k times · Source

The AWS documentation indicates that it is possible for an admin to create a user pool user in AWS Cognito using the API.

Here is the documentation I am referring to: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html

However the documentation provides scant details and not even an example of how this is done. It makes no mention of what endpoint to call, what SDK function to use, or anything regarding authentication, etc.

Does anyone have experience creating new users directly from your code ?

Answer

T1960CT picture T1960CT · Feb 7, 2019

It's actually quite easy if you follow the development documentation (https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html), more specifically the "signUp" function.

From the Docs:

var params = {
  ClientId: 'STRING_VALUE', /* required */
  Password: 'STRING_VALUE', /* required */
  Username: 'STRING_VALUE', /* required */
  AnalyticsMetadata: {
    AnalyticsEndpointId: 'STRING_VALUE'
  },
  SecretHash: 'STRING_VALUE',
  UserAttributes: [
    {
      Name: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE'
    },
    /* more items */
  ],
  UserContextData: {
    EncodedData: 'STRING_VALUE'
  },
  ValidationData: [
    {
      Name: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE'
    },
    /* more items */
  ]
};
cognitoidentityserviceprovider.signUp(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

And using this, it's simple to create a user (example in Lambda, but can easily be modified as JS on its own):

'use strict'
var AWS = require('aws-sdk');
var resp200ok = { statusCode: 200, headers: {'Content-Type': 'application/json'}, body: {} };
var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({apiVersion: '2016-04-18'});
// ^ Hard to find that this is the way to import the library, but it was obvious in docs

exports.handler = function(event, context, callback){
    var params = {
        ClientId: 'the App Client you set up with your identity pool (usually 26 alphanum chars)',
        Password: 'the password you want the user to have (keep in mind the password restrictions you set when creating pool)',
        Username: 'the username you want the user to have',
        UserAttributes:[ {
            {
                Name: 'name', 
                Value: 'Private'
            }, 
            {
                Name: 'family_name', 
                Value: 'Not-Tellinglol'
            },
        }],
    };

    cognitoidentityserviceprovider.signUp(params, function(err, data) {
        if (err){ console.log(err, err.stack); }
        else{ resp200ok.body = JSON.stringify(data); callback(null, resp200ok); }
    });
};

Anything you set to required in your Cognito pool setup has to be in the UserAttributes section (usually the email is defaulted to required, check if yours is). The list of things you can assign values to is found in (Cognito pool) General Settings -> App Clients -> Show Details -> Set Read/Write -> (list of things), here you can add custom attributes (like if you want to specify what city your user is from, or if you want to add whatever else (String/Number)).

When assigning a value to a custom field, your "Name" in the UserAttributes will be "custom:whatever", so if the custom field is "city" the Name is "custom:city".

Hopefully I wasn't stating too much of the obvious, but these are things it took me a while to figure out with the broken up SO info, and AWS docs, and I figured I'd plop it all together.