Configure Google attribute mapping without marking as required

[redjonzaci]

Amplify CLI Version

12.3.0

Question

I went through the following guide: https://docs.amplify.aws/javascript/build-a-backend/auth/override-cognito/#customize-amplify-generated-cognito-auth-resources-with-social-providers, but it didn't work. And in the following issue #11646, I saw that marking attributes as required should allow the mapping, but is there a way without marking as required?

[redjonzaci]

I am looking into doing that through the post-push command hook, but I don't have access to the user pool ID.
Just mentioning it in case it helps with ideas.

[redjonzaci]

I also found the following issue #12910.

[ykethan]

Hey @redjonzaci, thank you for reaching out. you should be able to create a custom attribute as optional using the auth override. we have an example on https://docs.amplify.aws/javascript/build-a-backend/auth/override-cognito/#customize-amplify-generated-cognito-auth-resources

[redjonzaci]

Hey @ykethan, I need to configure the Google attribute mapping, not a custom attribute on the Cognito user pool.

[ykethan]

Hey @redjonzaci, thank you for the clarification, this looks similar to #12910 (comment).
Update the attributes can be done when adding provider or removing a provider, it will cause the Lambda callout to fire and update the social providers with the new attribute mapping.
i was able to update the attribute, by running amplify update auth -> select the provider, then add the attribute in the cli-inputs.json in the hostedUIProviderMeta AttributeMapping then run push which should update the attributes.
do note that running an update auth may override the changes.
To understand making an attribute optional are you referring to the following?

[redjonzaci]

I read in #11646 that if I mark attributes in Cognito as required, they will be added in the identity provider attribute mapping.
But I was looking for a way to keep the Cognito attributes optional and still add them in the identity provider attribute mapping programmatically.

Could I work on improving this feature so that it works properly?
Maybe by adding an option in the auth walkthrough that lets you provide the attribute mapping and updating the Lambda callout to update the attribute mapping whenever auth changes (not just when I add / remove a provider).

[redjonzaci]

Also, the approach you're suggesting should work when creating new PRs?
I am testing this now and will reply again later.

[ykethan]

Hey @redjonzaci, when we create a auth resource with amplify add auth, you should be able to remove the required attributes. by default the cognito expects an attribute with sub and but should be created as optional from my testing. you could then add the additional attributes in the cli-inputs.json and push

Do you want to use the default authentication and security configuration? Default configuration with Social Provider (Federation)
 Warning: you will not be able to edit these selections. 
 How do you want users to be able to sign in? Email
 Do you want to configure advanced settings? Yes, I want to make some additional changes.
 Warning: you will not be able to edit these selections. 
 What attributes are required for signing up? <- removed here
 Do you want to enable any of the following capabilities? 
 What domain name prefix do you want to use? attribs6b68ffc7-6b68ffc7
 Enter your redirect signin URI: http://localhost:3000/
? Do you want to add another redirect signin URI No
 Enter your redirect signout URI: http://localhost:3000/
? Do you want to add another redirect signout URI No
 Select the social providers you want to configure for your user pool: Google

on cognito

[redjonzaci]

Let's say I have added given_name mapping to cli-inputs.json, will it be mapped when a new env is created?
This was my latest question.

[redjonzaci]

It worked. Thanks for the support and happy holidays @ykethan!

[ykethan]

@redjonzaci Glad to hear the suggestion worked. The amplify add env should not remove the changes. But noticed this behavior when we update the auth to add a new oauth provider the CLI overrides the cli-inputs.json file.

Closing the issue, do reach out to us if you require any assistance.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.