Unable to mutate user attributes using iOS Cognito UserPool SDK after signup

Question

I am trying to change a user's attribute (i.e family name) after they have signed up. This is an attribute that has been selected in the cognito user pool and was filled out when they initially signed up. I have only setup a user pool and not an identity pool.

For that, I am using the method adminUpdateUserAttributes in the AWSCognitoIdentityProvider, using the iOS SDK but it gives me the following error:

Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=0 "(null)" UserInfo={__type=MissingAuthenticationTokenException, message=Missing Authentication Token}

Here is my setup in the AppDelegate:

    let clientId:String = self.cognitoConfig!.getClientId()
    let poolId:String = self.cognitoConfig!.getPoolId()
    let clientSecret:String = self.cognitoConfig!.getClientSecret()
    let region:AWSRegionType = self.cognitoConfig!.getRegion()



    let serviceConfiguration:AWSServiceConfiguration = AWSServiceConfiguration(region: region, credentialsProvider: nil)
    let cognitoConfiguration:AWSCognitoIdentityUserPoolConfiguration = AWSCognitoIdentityUserPoolConfiguration(clientId: clientId, clientSecret: clientSecret, poolId: poolId)
    AWSCognitoIdentityUserPool.register(with: serviceConfiguration, userPoolConfiguration: cognitoConfiguration, forKey: userPoolID)
    let pool:AWSCognitoIdentityUserPool = AppDelegate.defaultUserPool()
    pool.delegate = self

    AWSServiceManager.default().defaultServiceConfiguration = serviceConfiguration

Here is my code for actually trying to change the attribute

    let identityProvider = AWSCognitoIdentityProvider.default()


    let requestAttributeChange = AWSCognitoIdentityProviderAdminUpdateUserAttributesRequest()
    requestAttributeChange?.username = user?.username
    requestAttributeChange?.userPoolId = AppDelegate.defaultUserPool().userPoolConfiguration.poolId

    let attribute = AWSCognitoIdentityProviderAttributeType.init()
    attribute?.name = "given_name"
    attribute?.value = "TEST"

    if let att = attribute {

        print("Change attribute")
        requestAttributeChange?.userAttributes = [att]

        identityProvider.adminUpdateUserAttributes(requestAttributeChange!).continueWith(block: { (res) -> Any? in
            print(res.error)
        })
    }

Do I need to setup a separate identity pool too? I am also not sure about the type of data/keys that i will need to store in addition to get more access? As I am trying to avoid storing any sensitive data on the actual device.

Answer 1

So, my approach will not work, as it requires me to also create an identity pool as well. If you already have an identity pool, then the above approach might work but its a bit dirty/unsecure-ish as you are forcing your way as an admin to do something very simple.

I found a better solution thanks to this issue and this resource.

Here is the same answer in swift 4 syntax.

let attr = AWSCognitoIdentityUserAttributeType.init(name: "given_name", value: "TEST")

user?.update([attr]).continueOnSuccessWith(block: { (response) -> Any? in
    // Was successful, do any changes, UI changes must be done on the main thread.
    return nil
 })

You can also update custom attributes this way as well. Just make sure that when you add a custom attribute via the aws panel, you go into your AWS Cognito UserPool. Go to General Settings -> App Clients -> Click on "Show Details" -> Click on "Set attribute read and write permissions" and specify appropriate read and write permissions for your newly created custom attributes.

When updating custom attributes, you only need to include the custom tag before the attribute name. So, for example, an attribute called school would be created as follows.

let attr = AWSCognitoIdentityUserAttributeType.init(name: "custom:school", value: "Junior High")