Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CognitoIDP: ID-token now exposes custom attributes (#7212)

Browse Source
This commit is contained in:
Bert Blommers 2024-01-13 23:05:45 +00:00 committed by GitHub
parent 3b3f718d41
commit f47080a420
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
moto/cognitoidp/models.py
View File

@ -568,6 +568,9 @@ class CognitoIdpUserPool(BaseModel):
def create_id_token(self, client_id: str, username: str) -> Tuple[str, int]: def create_id_token(self, client_id: str, username: str) -> Tuple[str, int]:
extra_data = self.get_user_extra_data_by_client_id(client_id, username) extra_data = self.get_user_extra_data_by_client_id(client_id, username)
user = self._get_user(username) user = self._get_user(username)
for attr in user.attributes:
if attr["Name"].startswith("custom:"):
extra_data[attr["Name"]] = attr["Value"]
if len(user.groups) > 0: if len(user.groups) > 0:
extra_data["cognito:groups"] = [group.group_name for group in user.groups] extra_data["cognito:groups"] = [group.group_name for group in user.groups]
id_token, expires_in = self.create_jwt( id_token, expires_in = self.create_jwt(

30
tests/test_cognitoidp/test_cognitoidp.py
View File

@ -514,8 +514,8 @@ def test_add_custom_attributes_existing_attribute():
def test_create_user_pool_default_id_strategy(): def test_create_user_pool_default_id_strategy():
conn = boto3.client("cognito-idp", "us-west-2") conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(PoolName=str("default-pool")) first_pool = conn.create_user_pool(PoolName="default-pool")
second_pool = conn.create_user_pool(PoolName=str("default-pool")) second_pool = conn.create_user_pool(PoolName="default-pool")
assert first_pool["UserPool"]["Id"] != second_pool["UserPool"]["Id"] assert first_pool["UserPool"]["Id"] != second_pool["UserPool"]["Id"]
@ -528,8 +528,8 @@ def test_create_user_pool_hash_id_strategy_with_equal_pool_name():
conn = boto3.client("cognito-idp", "us-west-2") conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(PoolName=str("default-pool")) first_pool = conn.create_user_pool(PoolName="default-pool")
second_pool = conn.create_user_pool(PoolName=str("default-pool")) second_pool = conn.create_user_pool(PoolName="default-pool")
assert first_pool["UserPool"]["Id"] == second_pool["UserPool"]["Id"] assert first_pool["UserPool"]["Id"] == second_pool["UserPool"]["Id"]
@ -542,8 +542,8 @@ def test_create_user_pool_hash_id_strategy_with_different_pool_name():
conn = boto3.client("cognito-idp", "us-west-2") conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(PoolName=str("first-pool")) first_pool = conn.create_user_pool(PoolName="first-pool")
second_pool = conn.create_user_pool(PoolName=str("second-pool")) second_pool = conn.create_user_pool(PoolName="second-pool")
assert first_pool["UserPool"]["Id"] != second_pool["UserPool"]["Id"] assert first_pool["UserPool"]["Id"] != second_pool["UserPool"]["Id"]
@ -557,7 +557,7 @@ def test_create_user_pool_hash_id_strategy_with_different_attributes():
conn = boto3.client("cognito-idp", "us-west-2") conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool( first_pool = conn.create_user_pool(
PoolName=str("default-pool"), PoolName="default-pool",
Schema=[ Schema=[
{ {
"Name": "first", "Name": "first",
@ -566,7 +566,7 @@ def test_create_user_pool_hash_id_strategy_with_different_attributes():
], ],
) )
second_pool = conn.create_user_pool( second_pool = conn.create_user_pool(
PoolName=str("default-pool"), PoolName="default-pool",
Schema=[ Schema=[
{ {
"Name": "second", "Name": "second",
@ -1545,12 +1545,16 @@ def test_group_in_access_token():
@mock_cognitoidp @mock_cognitoidp
def test_group_in_id_token(): def test_other_attributes_in_id_token():
conn = boto3.client("cognito-idp", "us-west-2") conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4()) username = str(uuid.uuid4())
temporary_password = "P2$Sword" temporary_password = "P2$Sword"
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"] user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[{"Name": "myattr", "AttributeDataType": "String"}],
)["UserPool"]["Id"]
user_attribute_name = str(uuid.uuid4()) user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4()) user_attribute_value = str(uuid.uuid4())
group_name = str(uuid.uuid4()) group_name = str(uuid.uuid4())
@ -1566,7 +1570,10 @@ def test_group_in_id_token():
UserPoolId=user_pool_id, UserPoolId=user_pool_id,
Username=username, Username=username,
TemporaryPassword=temporary_password, TemporaryPassword=temporary_password,
UserAttributes=[{"Name": user_attribute_name, "Value": user_attribute_value}], UserAttributes=[
{"Name": user_attribute_name, "Value": user_attribute_value},
{"Name": "custom:myattr", "Value": "some val"},
],
) )
conn.admin_add_user_to_group( conn.admin_add_user_to_group(
@ -1596,6 +1603,7 @@ def test_group_in_id_token():
claims = jwt.get_unverified_claims(result["AuthenticationResult"]["IdToken"]) claims = jwt.get_unverified_claims(result["AuthenticationResult"]["IdToken"])
assert claims["cognito:groups"] == [group_name] assert claims["cognito:groups"] == [group_name]
assert claims["custom:myattr"] == "some val"
@mock_cognitoidp @mock_cognitoidp