amplify-js: Login with google for the second time : email Attribute cannot be updated
Describe the bug I have the same problem as this #issue. If you make a user pool with required email field then the second google login attempt fails. changing required fields after creating UserPool is not possible and deleting the UserPool and making a new one doesn’t look like a good solution to me because by doing it I will lose all my user’s data!
To Reproduce
- Make a new UserPool with email attribute as required field
- Enable Google federation in UserPool
- Try to login for the second time using hosted ui
- It should give you this error:
email Attribute cannot be updated.
Expected behavior When we use same email address it shouldn’t update email attribute!
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 3
- Comments: 45 (16 by maintainers)
It seems after two years of my report, you guys still don’t fix it @sammartinez Actually, I moved away from Cognito a long time ago and can’t test it anymore. It was a horrible experience with a lot of bugs and a lack of necessary features
Hi @anjanvb - can you please create a new Github issue with the details we need to troubleshoot this?
Still have this issue. Terrible. User pool is already in production. Can’t recreate it…
I can reproduce the same issue. email is not mandatory for my pool, and is selected as readable and writable by my app client. First time login succeeds (and the email attribute on my Cognito user is populated), subsequent logins fail with ‘user+attributes%3A+email%3A+Attribute+cannot+be+updated’ error.
I worked around it by creating a custom attribute called ‘emailaddress’ and mapped the Google email attribute to that.
@anjanvb Thanks for the follow up and clarification, I’m glad you were able to resolve this.
I believe the confusion comes from the use of the terms
"writable"and"mutable". Note that these are different and independent, in the way that"mutable"is specific to the userPool and"writable"is specific to the userPoolClient.A scenario to help elaborate on this:
"immutable"on the userPool - meaning once it is set, it cannot be changed"writable"on the userPoolClient - meaning the userPoolClient can write to the userPool attribute."immutable"and cannot be changed.This will result in a situation similar to what you and others have faced on this issue.
In short, be sure you are setting the attribute to both
"mutable"on the userPool config and"writable"on the userPoolClient config.References
Hi @uchar - can you please submit a new Github issue for us following our template so that we can investigate this? https://github.com/aws-amplify/amplify-js/issues/new?assignees=&labels=&template=1.bug_report.yaml
@uchar I tried to reproduce issue but couldn’t. I have the email attribute as required in my user pool setting. Is your email attributes mutable? There is a
Set attribute read and write permissionssecton underApp clients.Yes I did, and It works fine for the first time but trying to sign in for the second time give me that error
@uchar Hi, did you map the
emailattributes from google to the Cognito User Pool? There is an sectionAttribute mappingunderFederationin the Cognito User Pool console that you can do the mapping.