Use A Custom Cognito User Pool with AWS AppSync
Disclaimer: This guide applies to the AWS Template Format Version 2010–09–09. I can’t speak to future versions of the CloudFormation templating system.
Intro
One of the more confusing aspects to figure out for our project was how to change our AppSync configuration so that we could accomplish two things:
- Use a custom Cognito setup that requires only a name and email for new users to sign up.
- Not break our current stack
I looked over the internet for a while hoping someone had already experienced this limitation and posted their process. StackOverflow, GitHub Issues, AWS Docs, etc. Nothing. I couldn’t find anything that helped our situation.
The real problem that we are having here is the need for new users to have a `phone_number`, one of the scopes outlined in the OIDC specifications. Since we are hooking up to anAzure AD App Registration as our OIDC Provider, however, we would have no way of supplying that attribute when authenticating though that mechanism. Azure does not supply that scope, though it supplies just about every other scope in the spec.
The Amplify CLI does not allow us to configure the required attributes for our Cognito auth setups, unfortunately. That would be the sweet and easy solution…
