AdminListGroupsForUser returns user does not exist
My application is a process of authenticating with 2 services, one of which is AWS Cognito. When a user is authenticated (so has the JWT Tokens that Cognito provides), I attempt to list the groups for that user via the AdminListGroupsForUser
API call. I was getting the UserNotFoundException which was odd as the previous call had just authenticated that user with the same credentials?
I experimented with the following:
router.post("/groups/list", (req, res, next) => {
const { email, limit, nextToken } = req.body;
const listGroupsForUserParams = getAdminListGroupsForUserParams({
email,
limit,
nextToken
});
const getUserParams = getAdminGetUserParams(email);
cognitoClient.adminListGroupsForUser(listGroupsForUserParams, (listErr, listData) => {
cognitoClient.adminGetUser(getUserParams, (getErr, getData) => {
console.log(listErr); // "UserNotFoundException"
console.log(listData); // null
console.log(getErr); // null
console.log(getData); // User
});
});
});
listGroupsForUserParams
and getUserParams
contain the same information which is:
{
UserPoolId: "...",
Username: "test@example.com" // I use email as Username
}
I don't get how this makes sense that the former call cannot find the user in the pool but the latter can?
See (for references):
- AdminListGroupsForUser
- AdminGetUser
javascript aws-sdk amazon-cognito
add a comment |
My application is a process of authenticating with 2 services, one of which is AWS Cognito. When a user is authenticated (so has the JWT Tokens that Cognito provides), I attempt to list the groups for that user via the AdminListGroupsForUser
API call. I was getting the UserNotFoundException which was odd as the previous call had just authenticated that user with the same credentials?
I experimented with the following:
router.post("/groups/list", (req, res, next) => {
const { email, limit, nextToken } = req.body;
const listGroupsForUserParams = getAdminListGroupsForUserParams({
email,
limit,
nextToken
});
const getUserParams = getAdminGetUserParams(email);
cognitoClient.adminListGroupsForUser(listGroupsForUserParams, (listErr, listData) => {
cognitoClient.adminGetUser(getUserParams, (getErr, getData) => {
console.log(listErr); // "UserNotFoundException"
console.log(listData); // null
console.log(getErr); // null
console.log(getData); // User
});
});
});
listGroupsForUserParams
and getUserParams
contain the same information which is:
{
UserPoolId: "...",
Username: "test@example.com" // I use email as Username
}
I don't get how this makes sense that the former call cannot find the user in the pool but the latter can?
See (for references):
- AdminListGroupsForUser
- AdminGetUser
javascript aws-sdk amazon-cognito
Does your cognitoClient have region set correctly ?
– Deepthi
Nov 20 '18 at 13:15
@Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call toadminGetUser
would fail
– wmash
Nov 20 '18 at 13:17
add a comment |
My application is a process of authenticating with 2 services, one of which is AWS Cognito. When a user is authenticated (so has the JWT Tokens that Cognito provides), I attempt to list the groups for that user via the AdminListGroupsForUser
API call. I was getting the UserNotFoundException which was odd as the previous call had just authenticated that user with the same credentials?
I experimented with the following:
router.post("/groups/list", (req, res, next) => {
const { email, limit, nextToken } = req.body;
const listGroupsForUserParams = getAdminListGroupsForUserParams({
email,
limit,
nextToken
});
const getUserParams = getAdminGetUserParams(email);
cognitoClient.adminListGroupsForUser(listGroupsForUserParams, (listErr, listData) => {
cognitoClient.adminGetUser(getUserParams, (getErr, getData) => {
console.log(listErr); // "UserNotFoundException"
console.log(listData); // null
console.log(getErr); // null
console.log(getData); // User
});
});
});
listGroupsForUserParams
and getUserParams
contain the same information which is:
{
UserPoolId: "...",
Username: "test@example.com" // I use email as Username
}
I don't get how this makes sense that the former call cannot find the user in the pool but the latter can?
See (for references):
- AdminListGroupsForUser
- AdminGetUser
javascript aws-sdk amazon-cognito
My application is a process of authenticating with 2 services, one of which is AWS Cognito. When a user is authenticated (so has the JWT Tokens that Cognito provides), I attempt to list the groups for that user via the AdminListGroupsForUser
API call. I was getting the UserNotFoundException which was odd as the previous call had just authenticated that user with the same credentials?
I experimented with the following:
router.post("/groups/list", (req, res, next) => {
const { email, limit, nextToken } = req.body;
const listGroupsForUserParams = getAdminListGroupsForUserParams({
email,
limit,
nextToken
});
const getUserParams = getAdminGetUserParams(email);
cognitoClient.adminListGroupsForUser(listGroupsForUserParams, (listErr, listData) => {
cognitoClient.adminGetUser(getUserParams, (getErr, getData) => {
console.log(listErr); // "UserNotFoundException"
console.log(listData); // null
console.log(getErr); // null
console.log(getData); // User
});
});
});
listGroupsForUserParams
and getUserParams
contain the same information which is:
{
UserPoolId: "...",
Username: "test@example.com" // I use email as Username
}
I don't get how this makes sense that the former call cannot find the user in the pool but the latter can?
See (for references):
- AdminListGroupsForUser
- AdminGetUser
javascript aws-sdk amazon-cognito
javascript aws-sdk amazon-cognito
edited Nov 20 '18 at 13:13
wmash
asked Nov 20 '18 at 13:02
wmashwmash
1,17611432
1,17611432
Does your cognitoClient have region set correctly ?
– Deepthi
Nov 20 '18 at 13:15
@Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call toadminGetUser
would fail
– wmash
Nov 20 '18 at 13:17
add a comment |
Does your cognitoClient have region set correctly ?
– Deepthi
Nov 20 '18 at 13:15
@Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call toadminGetUser
would fail
– wmash
Nov 20 '18 at 13:17
Does your cognitoClient have region set correctly ?
– Deepthi
Nov 20 '18 at 13:15
Does your cognitoClient have region set correctly ?
– Deepthi
Nov 20 '18 at 13:15
@Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call to
adminGetUser
would fail– wmash
Nov 20 '18 at 13:17
@Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call to
adminGetUser
would fail– wmash
Nov 20 '18 at 13:17
add a comment |
1 Answer
1
active
oldest
votes
I had the same issue, and for some reason the adminListGroupsForUser
function does not accept the email as username, whereas adminGetUser
does.
I worked around that by retrieving the user data with adminGetUser
. It returns the user and all its attributes. Retrieve the attribute value with name sub
and use it as username for the adminListGroupsForUser
call.
Something like this :
const getParams = {
UserPoolId: "" /*put your user pool Id here*/,
Username: "" /* email */
};
cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
return;
}
var sub;
if (data.UserAttributes && data.UserAttributes.length) {
for (var i = 0; i < data.UserAttributes.length; ++i) {
const attr = data.UserAttributes[i];
if (attr.Name === 'sub') {
console.log(attr);
sub = attr.Value
break;
}
}
}
if (!sub)
return;
const groupsParams = {
UserPoolId: event.userPoolId,
Username: sub
};
cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
/* Your code using groups here */
});
});
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53393588%2fadminlistgroupsforuser-returns-user-does-not-exist%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I had the same issue, and for some reason the adminListGroupsForUser
function does not accept the email as username, whereas adminGetUser
does.
I worked around that by retrieving the user data with adminGetUser
. It returns the user and all its attributes. Retrieve the attribute value with name sub
and use it as username for the adminListGroupsForUser
call.
Something like this :
const getParams = {
UserPoolId: "" /*put your user pool Id here*/,
Username: "" /* email */
};
cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
return;
}
var sub;
if (data.UserAttributes && data.UserAttributes.length) {
for (var i = 0; i < data.UserAttributes.length; ++i) {
const attr = data.UserAttributes[i];
if (attr.Name === 'sub') {
console.log(attr);
sub = attr.Value
break;
}
}
}
if (!sub)
return;
const groupsParams = {
UserPoolId: event.userPoolId,
Username: sub
};
cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
/* Your code using groups here */
});
});
add a comment |
I had the same issue, and for some reason the adminListGroupsForUser
function does not accept the email as username, whereas adminGetUser
does.
I worked around that by retrieving the user data with adminGetUser
. It returns the user and all its attributes. Retrieve the attribute value with name sub
and use it as username for the adminListGroupsForUser
call.
Something like this :
const getParams = {
UserPoolId: "" /*put your user pool Id here*/,
Username: "" /* email */
};
cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
return;
}
var sub;
if (data.UserAttributes && data.UserAttributes.length) {
for (var i = 0; i < data.UserAttributes.length; ++i) {
const attr = data.UserAttributes[i];
if (attr.Name === 'sub') {
console.log(attr);
sub = attr.Value
break;
}
}
}
if (!sub)
return;
const groupsParams = {
UserPoolId: event.userPoolId,
Username: sub
};
cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
/* Your code using groups here */
});
});
add a comment |
I had the same issue, and for some reason the adminListGroupsForUser
function does not accept the email as username, whereas adminGetUser
does.
I worked around that by retrieving the user data with adminGetUser
. It returns the user and all its attributes. Retrieve the attribute value with name sub
and use it as username for the adminListGroupsForUser
call.
Something like this :
const getParams = {
UserPoolId: "" /*put your user pool Id here*/,
Username: "" /* email */
};
cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
return;
}
var sub;
if (data.UserAttributes && data.UserAttributes.length) {
for (var i = 0; i < data.UserAttributes.length; ++i) {
const attr = data.UserAttributes[i];
if (attr.Name === 'sub') {
console.log(attr);
sub = attr.Value
break;
}
}
}
if (!sub)
return;
const groupsParams = {
UserPoolId: event.userPoolId,
Username: sub
};
cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
/* Your code using groups here */
});
});
I had the same issue, and for some reason the adminListGroupsForUser
function does not accept the email as username, whereas adminGetUser
does.
I worked around that by retrieving the user data with adminGetUser
. It returns the user and all its attributes. Retrieve the attribute value with name sub
and use it as username for the adminListGroupsForUser
call.
Something like this :
const getParams = {
UserPoolId: "" /*put your user pool Id here*/,
Username: "" /* email */
};
cognitoidentityserviceprovider.adminGetUser(getParams, function(err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
return;
}
var sub;
if (data.UserAttributes && data.UserAttributes.length) {
for (var i = 0; i < data.UserAttributes.length; ++i) {
const attr = data.UserAttributes[i];
if (attr.Name === 'sub') {
console.log(attr);
sub = attr.Value
break;
}
}
}
if (!sub)
return;
const groupsParams = {
UserPoolId: event.userPoolId,
Username: sub
};
cognitoidentityserviceprovider.adminListGroupsForUser(groupsParams, function(err, data) {
/* Your code using groups here */
});
});
answered Feb 6 at 9:10
Julien BarroisJulien Barrois
11
11
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53393588%2fadminlistgroupsforuser-returns-user-does-not-exist%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Does your cognitoClient have region set correctly ?
– Deepthi
Nov 20 '18 at 13:15
@Deepthi yes, the region is correct. I imagine that if it wasn't, even the 2nd call to
adminGetUser
would fail– wmash
Nov 20 '18 at 13:17