Question:
The AWS documentation indicates that it is possible for an admin to create a user pool user in AWS Cognito using the API.
Here is the documentation I am referring to: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html
However the documentation provides scant details and not even an example of how this is done. It makes no mention of what endpoint to call, what SDK function to use, or anything regarding authentication, etc.
Does anyone have experience creating new users directly from your code ?
Answer:
It’s actually quite easy if you follow the development documentation (https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html), more specifically the “signUp” function.
From the Docs:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
var params = { ClientId: 'STRING_VALUE', /* required */ Password: 'STRING_VALUE', /* required */ Username: 'STRING_VALUE', /* required */ AnalyticsMetadata: { AnalyticsEndpointId: 'STRING_VALUE' }, SecretHash: 'STRING_VALUE', UserAttributes: [ { Name: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' }, /* more items */ ], UserContextData: { EncodedData: 'STRING_VALUE' }, ValidationData: [ { Name: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' }, /* more items */ ] }; cognitoidentityserviceprovider.signUp(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response }); |
And using this, it’s simple to create a user (example in Lambda, but can easily be modified as JS on its own):
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
'use strict' var AWS = require('aws-sdk'); var resp200ok = { statusCode: 200, headers: {'Content-Type': 'application/json'}, body: {} }; var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({apiVersion: '2016-04-18'}); // ^ Hard to find that this is the way to import the library, but it was obvious in docs exports.handler = function(event, context, callback){ var params = { ClientId: 'the App Client you set up with your identity pool (usually 26 alphanum chars)', Password: 'the password you want the user to have (keep in mind the password restrictions you set when creating pool)', Username: 'the username you want the user to have', UserAttributes:[ { { Name: 'name', Value: 'Private' }, { Name: 'family_name', Value: 'Not-Tellinglol' }, }], }; cognitoidentityserviceprovider.signUp(params, function(err, data) { if (err){ console.log(err, err.stack); } else{ resp200ok.body = JSON.stringify(data); callback(null, resp200ok); } }); }; |
Anything you set to required in your Cognito pool setup has to be in the UserAttributes section (usually the email is defaulted to required, check if yours is). The list of things you can assign values to is found in (Cognito pool) General Settings -> App Clients -> Show Details -> Set Read/Write -> (list of things), here you can add custom attributes (like if you want to specify what city your user is from, or if you want to add whatever else (String/Number)).
When assigning a value to a custom field, your “Name” in the UserAttributes will be “custom:whatever”, so if the custom field is “city” the Name is “custom:city”.
Hopefully I wasn’t stating too much of the obvious, but these are things it took me a while to figure out with the broken up SO info, and AWS docs, and I figured I’d plop it all together.