2023.2.1-nightly.2023.8.2
PabloBuchu
tagged this
01 Aug 15:50
For some reason, the hosted UI for both email and password and SSO, as well as the `Auth.federatedSignIn({provider: 'Google'})` call require the `aws.cognito.signin.user.admin` scope to be enabled to fetch and update user attributed. However, a call to `Auth.signIn(email, password)` does not. This is not well documented in AWS Cognito. # Important Notes `aws.cognito.signin.user.admin` gives you access to all Cognito User Pool APIs. Which federatedSignIn with google provider uses to get `currentUserInfo()` where we store optional `organizationId`. It does not provide any admin level access to other cognito or AWS parts.