Create user with custom attribute using AdminCreateUser in AWS Cognito

aws cognito-idp admin-create-user example
cognito custom attributes
cognito get user attributes
aws cognito api
cognito custom attributes in token
aws cognito edit user attributes
cloudformation cognito custom attributes
aws cognito documentation

I am trying to create user in AWS Cognito with adminCreateUser API with the below code

var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();

var params = {
      UserPoolId: "us-east-1_302HlhnaC", /* required */
      Username : "test@yopmail.com",
      ForceAliasCreation: true,
      TemporaryPassword: 'test@yopmail.com',
      UserAttributes: [
        {
          Name: 'given_name', /* required */
          Value: 'test'
        },
        {
          Name: 'family_name', /* required */
          Value: 'kumar'
        },
        {
          Name: 'name', /* required */
          Value: 'test'
        },
        {
          Name: 'custom:dob', /* required */
          Value: '1990-07-25'
        },
        {
          Name: 'email', /* required */
          Value: 'test@yopmail.com',
        },
        {
          Name: 'email_verified', /* required */
          Value: 'true',
        }
        /* more items */
      ],

};


cognitoidentityserviceprovider.adminCreateUser(params, function(error, data) {
    console.log(error,data);
    res.send("test");
});

It always throwing following exception : InvalidParameterException: Attributes did not conform to the schema: custom:dob: Attribute does not exist in the schema.

Is am doing anything wrong,if yes please let me know the solution.

Thanks

You must add the custom attribute ahead of time. You can create custom attributes by visiting the User Pool and clicking the Attributes link.

admin-create-user, 3 Answers. You must add the custom attribute ahead of time. You can create custom attributes by visiting the User Pool and clicking the Attributes link. Just adding my case here. For custom attributes, you must prepend the custom: prefix to the attribute name. To send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.

Just adding my case here.

In my CloudFormation, I have:

  Schema:
    - AttributeDataType: String
      Name: role
      DeveloperOnlyAttribute: true
      Mutable: true
      Required: false

In the console, it translated into:

In the application adminCreateUser call, I had to provide it as dev:custom:role:

  cognitoService.adminCreateUser({
    UserPoolId: config.cognitoUserPoolId,
    Username: email,
    UserAttributes: [{
      Name: 'dev:custom:role',
      Value: role,
    }]
  }).promise()

Figured it out by trying. Wish I knew where the docs for this are.

AdminCreateUser - Amazon Cognito Identity Provider, Create user accounts in the Amazon Cognito console or with the User Pools API. After you create your user pool, you can create users using the AWS for new users via the AWS Management Console or a Custom Message Lambda trigger. existing user by calling the AdminCreateUser API, specifying RESEND for the  For user accounts that you create by using the Create user form in the AWS Management Console, only the attributes shown in the form can be set in the AWS Management Console. Other attributes must be set by using the AWS Command Line Interface or the Amazon Cognito API, even if you have marked them as required attributes.

Darcy's answer is correct. But I wanted to elaborate as that answer was focused on the AWS web console.

Also the other answer viz., prefixing "dev:" is probably an undocumented workaround (hence no documentation) and might stop working without warning.

First, the custom attributes has to be created when the Userpool is Created.

        CreateUserPoolRequest request = new CreateUserPoolRequest
        {
           ...

            Schema = new List<SchemaAttributeType>
            {
            new SchemaAttributeType
            {
                Name = "email",
                AttributeDataType = AttributeDataType.String,
                Required = true,
                Mutable = false
            },
            new SchemaAttributeType //custom attribute
            {
                Name = "blah",
                AttributeDataType = AttributeDataType.String,
                Mutable = false
            },

            ...
        };

And then when the user is created, it can be set.

        var request = new AdminCreateUserRequest
        {
             ...

            UserAttributes = new List<AttributeType>
            {
                new AttributeType
                {
                    Name = "email",
                    Value = "xyz@xyz.com"
                },
                new AttributeType //custom attribute
                {
                    Name = $"custom:blah",
                    Value = "value for blah"
                }
            }
        };

Now, just prefixing with "custom:" works.

Also note AWS continues with its tradition of having inconsistent api's by not having to prefix when creating the user pool and having the prefix when creating the user.

Create user with custom attribute using AdminCreateUser in AWS , I couldn't find any example using custom attributes and sdk @crivera Write permissions can be set in your AWS Cognito users console. My additional note would be to make sure you are setting the right 'app client' for  For custom attributes, you must prepend the custom: prefix to the attribute name. To send a message inviting the user to sign up, you must specify the user’s email address or phone number. This can be done in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools. In your call to AdminCreateUser, you can set the email_verified attribute to True, and you can set the phone_number_verified attribute to True. (You can also do this by calling .)

Creating User Accounts as Administrator, Creates a new user in the specified user pool. This can be done in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for user attributes and attribute values that you can use for custom validation, You create custom workflows by assigning AWS Lambda functions to user pool triggers. AWS Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. A User Pool acts as a user directory in Cognito. With a user pool, your users can…

Signup with custom attributes in Cognito user pools · Issue #1084 , AWS Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. A User Pool acts as a user  In Amazon Cognito, a user pool represents a set of identities for users of an application. To integrate with Amazon Cognito, you must first set up a user pool where information about your app’s users is stored. Since this is a one-time setup for the purposes of this demo, we demonstrate this using the AWS Management Console. You can also use

cognitoidentityprovider_admin_create_user function, Adds additional user attributes to the user pool schema. Confirms user registration as an admin without using a confirmation code. Creates a new user in the specified user pool. This template includes your custom sign-up instructions and placeholders for user AdminCreateUser requires developer credentials. Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user. For custom attributes, you must prepend the custom: prefix to the attribute name. In addition to updating user attributes, this API can also be used to mark phone and email as verified. Calling this action requires developer credentials.

Comments
  • Thank you so much for this! There are 0 docs on this. 😢 Changing 'custom:dev:custom:role' to 'dev:custom:role' makes it work...
  • Yes, this is terrible documentation on their part. I wasted a good 2 hours trying to figure out why it wasn't working. Thank you for the thorough answer