CognitoIDP: ID-token has different key for username (#6056)

2023-03-12 09:19:33 -01:00 · 2023-03-12 09:19:33 -01:00 · e70911fd35
commit e70911fd35
parent 25f0c660f7
2 changed files with 2 additions and 1 deletions
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@ -539,7 +539,7 @@ class CognitoIdpUserPool(BaseModel):
            "token_use": token_use,
            "auth_time": now,
            "exp": now + expires_in,
-            "username": username,
+            "username" if token_use == "access" else "cognito:username": username,
        }
        payload.update(extra_data or {})
        headers = {"kid": "dummy"}  # KID as present in jwks-public.json
--- a/tests/test_cognitoidp/test_cognitoidp.py
+++ b/tests/test_cognitoidp/test_cognitoidp.py
@ -2893,6 +2893,7 @@ def test_token_legitimacy():
        id_claims["iss"].should.equal(issuer)
        id_claims["aud"].should.equal(client_id)
        id_claims["token_use"].should.equal("id")
+        id_claims["cognito:username"].should.equal(username)
        for k, v in outputs["additional_fields"].items():
            id_claims[k].should.equal(v)
        access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256"))