I am trying to give some custom attributes specific read/write access depending on the attribute. I am getting this error.
Resource handler returned message: "Invalid write attributes specified while creating a client (Service: CognitoIdentityProvider, Status Code: 400, Request ID: <request_id>)" (RequestToken: <request_token>, HandlerErrorCode: InvalidRequest)
Can anyone point me in the right direction or tell me why this is happening? Obviously, I understand what the error is telling me, but I don't know what (specifically) is causing it or how to fix it. Maybe something to do with the way I am creating the attribute to begin with...
Here is my code;
self.my_user_pool = cognito.UserPool(
self,
COGNITO_USER_POOL_ID,
sign_in_aliases=cognito.SignInAliases(email=True),
self_sign_up_enabled=True,
auto_verify=cognito.AutoVerifiedAttrs(email=True),
user_verification=cognito.UserVerificationConfig(
email_style=cognito.VerificationEmailStyle.LINK
),
custom_attributes={
"custom_attribute_1": cognito.StringAttribute(mutable=True),
"custom_attribute_2": cognito.StringAttribute(mutable=True),
},
password_policy=cognito.PasswordPolicy(
min_length=8,
require_lowercase=True,
require_uppercase=True,
require_digits=True,
require_symbols=True,
),
account_recovery=cognito.AccountRecovery.EMAIL_ONLY,
removal_policy=RemovalPolicy.DESTROY,
)
client_read_attributes = (cognito.ClientAttributes()).with_custom_attributes(
"custom:custom_attribute_1", "custom:custom_attribute_2"
)
client_write_attributes = (cognito.ClientAttributes()).with_custom_attributes(
"custom:custom_attribute_1"
)
self.my_user_pool_client = self.user_pool.add_client(
"<my_cognito_client_id>",
access_token_validity=Duration.minutes(60),
id_token_validity=Duration.minutes(60),
refresh_token_validity=Duration.days(1),
auth_flows=cognito.AuthFlow(admin_user_password=True, user_srp=True, custom=True),
o_auth=cognito.OAuthSettings(flows=cognito.OAuthFlows(implicit_code_grant=True)),
prevent_user_existence_errors=True,
generate_secret=True,
read_attributes=client_read_attributes,
write_attributes=client_write_attributes,
enable_token_revocation=True,
)
standard_attributesprop? Are you able to provide the names of your custom attributes and/or confirm that they don't conflict with the names of any standard attributes (e.g.nameoremail)?