Updating Cognito "User Pools" or "Federated Identities" is not working

0
votes

I created a cognito user pool with some apps and attributes. All is empty, it has no user yet.

Now, I want to add some new attributes in "Atributes" tab, but all fields are disabled.

On the other hand, in Federated Policies, i was trying to change the "user pool id" and "client id", under tab "Authentication Provider" > "Cognito". All fine, I do my changes and I press "Save Changes", but when I refresh the page to see it, i see that my changes was lose.

My question is, is a bug of Cognito, or updating attributes/configuration is not supported?

EDIT 1: OK, it's not possible to update an attributes.

EDIT 2: I can't update configuration on Identity Pool. Here is my steps:

  1. Go to federated identities enter image description here
  2. Press edit identity pool enter image description here
  3. In authentication provider, in cognito tab, unloock user pool id and app client id enter image description here
  4. Update values and press Save Changes enter image description here
  5. System show me that changes was successfully saved enter image description here
  6. Go to Authentication Provider, under Cognito, but still appears old values enter image description here
  7. Check if Pool Id and App Client Id was correct enter image description here enter image description here

Thanks

4
amazon-cognito
I am trying to use button "Add Another Provider" and have the same behaviour - it says that changes were saved successfully but doesn't save it at allAleksy Goroszko
I will post it in AWS forum. I think it's a bugVladimir Venegas
I'm also facing this issue in 2021.Bharat Patil

4 Answers

2
votes

Part 2: Changing user pool id and the client id is somewhat confusing (some would say "inane" because it is non-standard and serves no purpose). Here is how it works, there is a little "UnLock" button next to each field, you must press this button to "unlock" the field, then you can enter the field and click Save. This is handled similarly on some of the other authentication providers (google/facebook). While the "Unlock" buttons sound like the do something undesirable (who wants to Unlock their own authentication provider?) they just unlock the text field.

Part 1, to expand on Rachit's answer: You can add custom attributes, but the standard attributes are "locked in" upon creating the pool (the Console has a note indicating that).

1
votes

Updating the standard attributes is not supported in Cognito. You can add custom attributes if need be.

Updating the configuration should work in Federated Identities and I just tried to reproduce and was able to change the user pool id and the client id. Is there any error message displayed for you?

1
votes

I was did exactly what you did and it worked. So maybe it is fixed, or maybe you have a browser incompatibility (I did it in safari).

You can also (alternatively) add another provider using the same user pool ID (that also works).

Lastly, and with caution...

there have been reports of where configurations have gotten messed up and deleting the identity pool and reconnecting the user pool improved things. I even experienced this personally. But I was never able to reproduce it and there are risks.

risks

(the identity pool keeps the identityID and if you delete it your devices will have old keychains with non-existant identityId's and you may have to wipe the keychain

Obviously if you have anything synced it will be lost, and if you have any data related to the identityId it will be lost (because everyone will get a new identity id).

But it is a step of last resort that is easy if you are still in development.

0
votes

I was facing the exact problem described in the question but able to overcome it using AWS CLI, I could add the Cognito Authentication providers, the command is as follows:

aws cognito-identity update-identity-pool \
--identity-pool-id "<IDENTITY_POOL>" \
--identity-pool-name "<IDENTITY_POOL_NAME>" \
--no-allow-unauthenticated-identities \
--cognito-identity-providers \
ProviderName="cognito-idp.<USER_POOL_ID>",ClientId="<USER_POOL_APP_CLIENT_ID>",ServerSideTokenCheck=false

Caution:

This will overwrite the existing Cognito Identify Providers, if you don't want to overwrite but add a new one then list other Cognito Identity Providers as well in the above command like ProviderName="cognito-idp.<EXISTING_USER_POOL_ID>",ClientId="<EXISTING_USER_POOL_APP_CLIENT_ID>",ServerSideTokenCheck=false next to each other, in that case the command will look like below:

aws cognito-identity update-identity-pool \
--identity-pool-id "<IDENTITY_POOL>" \
--identity-pool-name "<IDENTITY_POOL_NAME>" \
--no-allow-unauthenticated-identities \
--cognito-identity-providers \
ProviderName="cognito-idp.<USER_POOL_ID>",ClientId="<USER_POOL_APP_CLIENT_ID>",ServerSideTokenCheck=false \
ProviderName="cognito-idp.<EXISTING_USER_POOL_ID>",ClientId="<EXISTING_USER_POOL_APP_CLIENT_ID>",ServerSideTokenCheck=false