问题描述

我正在尝试通过其他OAuth登录Cognito.我将OIDC提供程序添加到了Cognito Userpool.我为此新的OIDC电子邮件"->电子邮件"设置属性映射.在属性中，权限是检查所有权限的读和写权限.

I'm trying to login in Cognito via another OAuth.I added OIDC provider to Cognito Userpool. I setup attribute mappings for this new OIDC "email" -> "Email". In attributes permissions are all permission checked for read and also write.

我可以通过此OIDC通过Cognito成功登录，但是用户中没有属性电子邮件.知道为什么吗?

I can successfully log in through cognito via this OIDC, but there is no attribute email in user. Any idea why ?

我尝试使用访问令牌手动命中用户信息终结点，并且作为响应，有电子邮件.我不知道为什么Cognito无法获得它.

I tried manually hit user info endpoint with access token and in response there is email. I dont know why Cognito is not able to get it.

我也尝试将Auth0用作OIDC提供程序，并且一切正常，但看不到它们之间的任何区别.

I tried also use Auth0 as OIDC provider and everything works fine, but I can't see any difference between them.

这是OIDC提供商: https://authtest.sportlink.com/.众所周知的/openid配置

This is OIDC provider: https://authtest.sportlink.com/.well-known/openid-configuration

推荐答案

我唯一能想到的是范围可能缺少电子邮件.

Only thing I can think of is that perhaps the scopes are missing email.

如果您编辑OIDC连接，请确保email在授权范围"部分.

If you edit the OIDC connection make sure that email is in the "Authorize scope" section.

我也使用OIDC，它确实为我映射电子邮件.

I also use OIDC and it does map email for me.

这篇关于AWS Cognito属性OpenID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！