CognitoIDP: Replace email with username in cogntio JWT tokens (#5652)

2022-11-10 18:08:56 +01:00 · 2022-11-10 18:08:56 +01:00 · 8c9838cc8c
commit 8c9838cc8c
parent ea8718d402
2 changed files with 3 additions and 1 deletions
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@ -538,7 +538,7 @@ class CognitoIdpUserPool(BaseModel):
            "token_use": token_use,
            "auth_time": now,
            "exp": now + expires_in,
-            "email": flatten_attrs(self._get_user(username).attributes).get("email"),
+            "username": username,
        }
        payload.update(extra_data or {})
        headers = {"kid": "dummy"}  # KID as present in jwks-public.json
--- a/tests/test_cognitoidp/test_cognitoidp.py
+++ b/tests/test_cognitoidp/test_cognitoidp.py
@ -2838,6 +2838,7 @@ def test_token_legitimacy():
        id_token = outputs["id_token"]
        access_token = outputs["access_token"]
        client_id = outputs["client_id"]
+        username = outputs["username"]
        issuer = "https://cognito-idp.us-west-2.amazonaws.com/{}".format(
            outputs["user_pool_id"]
        )
@ -2851,6 +2852,7 @@ def test_token_legitimacy():
        access_claims["iss"].should.equal(issuer)
        access_claims["aud"].should.equal(client_id)
        access_claims["token_use"].should.equal("access")
+        access_claims["username"].should.equal(username)


@mock_cognitoidp