Amazon Cognito "A client attempted to write unauthorized attribute"
I'm using the JavaScript SDK for AWS Cognito, and there are a couple of custom attributes that I just can't seem to save to and can't see why.
The problem attributes are mutable string fields as follows:
custom: role
custom: recruitingrole
custom: title
Other custom fields in the same request seem to update OK. Specifically, these ones seem to work:
custom:division
custom:linkedin
custom:location
custom:bio
When I submit via the SDK, this is returned:
{"__type":"NotAuthorizedException","message":"A client attempted to write unauthorized attribute"}
Here is the data that is sent, as show in the Chrome developer console network output:
{
"AccessToken": "",
"UserAttributes": [{
"Name": "name",
"Value": "Steve Austin"
}, {
"Name": "custom:company",
"Value": "OSI"
}, {
"Name": "custom:division",
"Value": "Bionics"
}, {
"Name": "custom:recruitingrole",
"Value": "other"
}, {
"Name": "custom:linkedin",
"Value": "http://www.linkedin.com"
}, {
"Name": "custom:location",
"Value": "Mexico City, Mexico City, Mexico"
}, {
"Name": "custom:bio",
"Value": "A man barely alive."
}]
}
Can anyone suggest why I can't save to these attributes?
thanks
Solution 1:
Of course the answer became clear the moment I finished posting on StackOverflow.
The problem was that I had not set permissions for these attributes in the app associated with the user pool. The documentation should make this requirement clear where it discusses custom attributes.
Solution 2:
Just highlighting the answer from @mvandillen:
General settings -> App clients -> Show details -> Set attribute read and write permissions link
Solution 3:
For anyone that stumbles upon this question:
Like the others suggested, you should enable the writable attributes. But if that doesn't work, make sure you use the custom: prefix:
await Auth.signUp({
username: email,
password: password,
attributes: {
'custom:firstName': firstName,
'custom:lastName': lastName,
'custom:countryCode': countryCode
}
})