AdminListGroupsForUser returns user does not exist












0















My application is a process of authenticating with 2 services, one of which is AWS Cognito. When a user is authenticated (so has the JWT Tokens that Cognito provides), I attempt to list the groups for that user via the AdminListGroupsForUser API call. I was getting the UserNotFoundException which was odd as the previous call had just authenticated that user with the same credentials?



I experimented with the following:



router.post("/groups/list", (req, res, next) => {
const { email, limit, nextToken } = req.body;
const listGroupsForUserParams = getAdminListGroupsForUserParams({
email,
limit,
nextToken
});
const getUserParams = getAdminGetUserParams(email);

cognitoClient.adminListGroupsForUser(listGroupsForUserParams, (listErr, listData) => {
cognitoClient.adminGetUser(getUserParams, (getErr, getData) => {
console.log(listErr); // "UserNotFoundException"
console.log(listData); // null
console.log(getErr); // null
console.log(getData); // User
});
});
});


listGroupsForUserParams and getUserParams contain the same information which is:



{
UserPoolId: "...",
Username: "test@example.com" // I use email as Username
}


I don't get how this makes sense that the former call cannot find the user in the pool but the latter can?



See (for references):




  • AdminListGroupsForUser

  • AdminGetUser










share|improve this question

























  • Does your cognitoClient have region set correctly ?

    – Deepthi
    Nov 20 '18 at 13:15











  • @Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call to adminGetUser would fail

    – wmash
    Nov 20 '18 at 13:17
















0















My application is a process of authenticating with 2 services, one of which is AWS Cognito. When a user is authenticated (so has the JWT Tokens that Cognito provides), I attempt to list the groups for that user via the AdminListGroupsForUser API call. I was getting the UserNotFoundException which was odd as the previous call had just authenticated that user with the same credentials?



I experimented with the following:



router.post("/groups/list", (req, res, next) => {
const { email, limit, nextToken } = req.body;
const listGroupsForUserParams = getAdminListGroupsForUserParams({
email,
limit,
nextToken
});
const getUserParams = getAdminGetUserParams(email);

cognitoClient.adminListGroupsForUser(listGroupsForUserParams, (listErr, listData) => {
cognitoClient.adminGetUser(getUserParams, (getErr, getData) => {
console.log(listErr); // "UserNotFoundException"
console.log(listData); // null
console.log(getErr); // null
console.log(getData); // User
});
});
});


listGroupsForUserParams and getUserParams contain the same information which is:



{
UserPoolId: "...",
Username: "test@example.com" // I use email as Username
}


I don't get how this makes sense that the former call cannot find the user in the pool but the latter can?



See (for references):




  • AdminListGroupsForUser

  • AdminGetUser










share|improve this question

























  • Does your cognitoClient have region set correctly ?

    – Deepthi
    Nov 20 '18 at 13:15











  • @Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call to adminGetUser would fail

    – wmash
    Nov 20 '18 at 13:17














0












0








0








My application is a process of authenticating with 2 services, one of which is AWS Cognito. When a user is authenticated (so has the JWT Tokens that Cognito provides), I attempt to list the groups for that user via the AdminListGroupsForUser API call. I was getting the UserNotFoundException which was odd as the previous call had just authenticated that user with the same credentials?



I experimented with the following:



router.post("/groups/list", (req, res, next) => {
const { email, limit, nextToken } = req.body;
const listGroupsForUserParams = getAdminListGroupsForUserParams({
email,
limit,
nextToken
});
const getUserParams = getAdminGetUserParams(email);

cognitoClient.adminListGroupsForUser(listGroupsForUserParams, (listErr, listData) => {
cognitoClient.adminGetUser(getUserParams, (getErr, getData) => {
console.log(listErr); // "UserNotFoundException"
console.log(listData); // null
console.log(getErr); // null
console.log(getData); // User
});
});
});


listGroupsForUserParams and getUserParams contain the same information which is:



{
UserPoolId: "...",
Username: "test@example.com" // I use email as Username
}


I don't get how this makes sense that the former call cannot find the user in the pool but the latter can?



See (for references):




  • AdminListGroupsForUser

  • AdminGetUser










share|improve this question
















My application is a process of authenticating with 2 services, one of which is AWS Cognito. When a user is authenticated (so has the JWT Tokens that Cognito provides), I attempt to list the groups for that user via the AdminListGroupsForUser API call. I was getting the UserNotFoundException which was odd as the previous call had just authenticated that user with the same credentials?



I experimented with the following:



router.post("/groups/list", (req, res, next) => {
const { email, limit, nextToken } = req.body;
const listGroupsForUserParams = getAdminListGroupsForUserParams({
email,
limit,
nextToken
});
const getUserParams = getAdminGetUserParams(email);

cognitoClient.adminListGroupsForUser(listGroupsForUserParams, (listErr, listData) => {
cognitoClient.adminGetUser(getUserParams, (getErr, getData) => {
console.log(listErr); // "UserNotFoundException"
console.log(listData); // null
console.log(getErr); // null
console.log(getData); // User
});
});
});


listGroupsForUserParams and getUserParams contain the same information which is:



{
UserPoolId: "...",
Username: "test@example.com" // I use email as Username
}


I don't get how this makes sense that the former call cannot find the user in the pool but the latter can?



See (for references):




  • AdminListGroupsForUser

  • AdminGetUser







javascript aws-sdk amazon-cognito






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 '18 at 13:13







wmash

















asked Nov 20 '18 at 13:02









wmashwmash

1,17611432




1,17611432













  • Does your cognitoClient have region set correctly ?

    – Deepthi
    Nov 20 '18 at 13:15











  • @Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call to adminGetUser would fail

    – wmash
    Nov 20 '18 at 13:17



















  • Does your cognitoClient have region set correctly ?

    – Deepthi
    Nov 20 '18 at 13:15











  • @Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call to adminGetUser would fail

    – wmash
    Nov 20 '18 at 13:17

















Does your cognitoClient have region set correctly ?

– Deepthi
Nov 20 '18 at 13:15





Does your cognitoClient have region set correctly ?

– Deepthi
Nov 20 '18 at 13:15













@Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call to adminGetUser would fail

– wmash
Nov 20 '18 at 13:17





@Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call to adminGetUser would fail

– wmash
Nov 20 '18 at 13:17












1 Answer
1






active

oldest

votes


















0














I had the same issue, and for some reason the adminListGroupsForUser function does not accept the email as username, whereas adminGetUser does.
I worked around that by retrieving the user data with adminGetUser. It returns the user and all its attributes. Retrieve the attribute value with name sub and use it as username for the adminListGroupsForUser call.



Something like this :



const getParams = {
UserPoolId: "" /*put your user pool Id here*/,
Username: "" /* email */
};

cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
return;
}

var sub;
if (data.UserAttributes && data.UserAttributes.length) {
for (var i = 0; i < data.UserAttributes.length; ++i) {
const attr = data.UserAttributes[i];
if (attr.Name === 'sub') {
console.log(attr);
sub = attr.Value
break;
}
}
}

if (!sub)
return;

const groupsParams = {
UserPoolId: event.userPoolId,
Username: sub
};
cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
/* Your code using groups here */
});
});





share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53393588%2fadminlistgroupsforuser-returns-user-does-not-exist%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I had the same issue, and for some reason the adminListGroupsForUser function does not accept the email as username, whereas adminGetUser does.
    I worked around that by retrieving the user data with adminGetUser. It returns the user and all its attributes. Retrieve the attribute value with name sub and use it as username for the adminListGroupsForUser call.



    Something like this :



    const getParams = {
    UserPoolId: "" /*put your user pool Id here*/,
    Username: "" /* email */
    };

    cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
    if (err) {
    console.log(err, err.stack); // an error occurred
    return;
    }

    var sub;
    if (data.UserAttributes && data.UserAttributes.length) {
    for (var i = 0; i < data.UserAttributes.length; ++i) {
    const attr = data.UserAttributes[i];
    if (attr.Name === 'sub') {
    console.log(attr);
    sub = attr.Value
    break;
    }
    }
    }

    if (!sub)
    return;

    const groupsParams = {
    UserPoolId: event.userPoolId,
    Username: sub
    };
    cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
    /* Your code using groups here */
    });
    });





    share|improve this answer




























      0














      I had the same issue, and for some reason the adminListGroupsForUser function does not accept the email as username, whereas adminGetUser does.
      I worked around that by retrieving the user data with adminGetUser. It returns the user and all its attributes. Retrieve the attribute value with name sub and use it as username for the adminListGroupsForUser call.



      Something like this :



      const getParams = {
      UserPoolId: "" /*put your user pool Id here*/,
      Username: "" /* email */
      };

      cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
      if (err) {
      console.log(err, err.stack); // an error occurred
      return;
      }

      var sub;
      if (data.UserAttributes && data.UserAttributes.length) {
      for (var i = 0; i < data.UserAttributes.length; ++i) {
      const attr = data.UserAttributes[i];
      if (attr.Name === 'sub') {
      console.log(attr);
      sub = attr.Value
      break;
      }
      }
      }

      if (!sub)
      return;

      const groupsParams = {
      UserPoolId: event.userPoolId,
      Username: sub
      };
      cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
      /* Your code using groups here */
      });
      });





      share|improve this answer


























        0












        0








        0







        I had the same issue, and for some reason the adminListGroupsForUser function does not accept the email as username, whereas adminGetUser does.
        I worked around that by retrieving the user data with adminGetUser. It returns the user and all its attributes. Retrieve the attribute value with name sub and use it as username for the adminListGroupsForUser call.



        Something like this :



        const getParams = {
        UserPoolId: "" /*put your user pool Id here*/,
        Username: "" /* email */
        };

        cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
        if (err) {
        console.log(err, err.stack); // an error occurred
        return;
        }

        var sub;
        if (data.UserAttributes && data.UserAttributes.length) {
        for (var i = 0; i < data.UserAttributes.length; ++i) {
        const attr = data.UserAttributes[i];
        if (attr.Name === 'sub') {
        console.log(attr);
        sub = attr.Value
        break;
        }
        }
        }

        if (!sub)
        return;

        const groupsParams = {
        UserPoolId: event.userPoolId,
        Username: sub
        };
        cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
        /* Your code using groups here */
        });
        });





        share|improve this answer













        I had the same issue, and for some reason the adminListGroupsForUser function does not accept the email as username, whereas adminGetUser does.
        I worked around that by retrieving the user data with adminGetUser. It returns the user and all its attributes. Retrieve the attribute value with name sub and use it as username for the adminListGroupsForUser call.



        Something like this :



        const getParams = {
        UserPoolId: "" /*put your user pool Id here*/,
        Username: "" /* email */
        };

        cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
        if (err) {
        console.log(err, err.stack); // an error occurred
        return;
        }

        var sub;
        if (data.UserAttributes && data.UserAttributes.length) {
        for (var i = 0; i < data.UserAttributes.length; ++i) {
        const attr = data.UserAttributes[i];
        if (attr.Name === 'sub') {
        console.log(attr);
        sub = attr.Value
        break;
        }
        }
        }

        if (!sub)
        return;

        const groupsParams = {
        UserPoolId: event.userPoolId,
        Username: sub
        };
        cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
        /* Your code using groups here */
        });
        });






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 6 at 9:10









        Julien BarroisJulien Barrois

        11




        11
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53393588%2fadminlistgroupsforuser-returns-user-does-not-exist%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            這個網誌中的熱門文章

            Xamarin.form Move up view when keyboard appear

            Post-Redirect-Get with Spring WebFlux and Thymeleaf

            Anylogic : not able to use stopDelay()