Cognito 用户池“用户名”显示为 ID 而不是电子邮件，如何解决？

Question

I'm using Amazon Cognito user pools, and i choose to have users signup/In with their emails. According to online guides, when choosing so, the user pool should list users with "username" value as their email, but this is not the case, i'm seeing the "id" which is also referred to as "sub" as the "username" field! it has the UUID format.

Any ideas how to get username shows the email? ** Note: I'm talking about showing users from AWS cognito console. Attached is a screenshot

Answer 1

That seems to happen when you chose to signup with either email or phone. Apparently in that configuration Cognito generates 'username' using the sub...

I would suggest configuring Congito to use 'username' and then on signup set up the 'username' to email, you can also pass email (and phone) as additional attributes.

I hope that helps

Answer 2

@Luke is correct , this only happens when you select the "Email address or phone number" option in the "How do you want your end users to sign in" section of the wizard.

It's a bit confusing because the SignUp API expects an email-formatted username during signup, but then ends up creating a user with a GUID as a username, and assigns the submitted username to the email attribute. This is described in the docs :

• Call the SignUp API and pass an email address or phone number in the username parameter of the API. This API does the following:
  • If the username string is in valid email format, the user pool automatically populates the email attribute of the user with the username value.
  • If the username string format is not in email or phone number format, the SignUp API throws an exception.
  • The SignUp API generates a persistent UUID for your user, and uses it as the immutable username attribute internally. This UUID has the same value as the sub claim in the user identity token.
  • If the username string contains an email address or phone number that is already in use, the SignUp API throws an exception.

This is in fact probably what you want though, as it allows users to change their emails down the line (as actual usernames cannot be changed). And furthermore, the docs state that "You can use an email address or phone number as an alias in place of the username in all APIs except the ListUsers API", so the fact that the username is a GUID in the backend doesn't have much effect on how you interact with the API.

As for listing the email in the console, it looks like they've added an email column in the user list, so that shouldn't be a problem anymore.

Answer 3

Here you have an example.

auth.service.ts

you have to do the login method for Cognito in your authentication service. Something like this:

login(username: string, password: string): Promise<CognitoUser|any> {
    return new Promise((resolve,reject) => {
      Auth.signIn(username,password)
      .then((user: CognitoUser|any) => {
        this.currentUserSubject.next(user);
        localStorage.setItem("currentUser", JSON.stringify(user));
        localStorage.setItem("token", user.signInUserSession.idToken.jwtToken);
        localStorage.setItem("userGroup", user.signInUserSession.idToken.payload['cognito:groups']);
        localStorage.setItem("userEmail", user.attributes.email);
        this.loggedIn = true;
        resolve(user);
      }).catch((error: any) => reject(error));
    });
  }

and then in the .ts of your component you have to do the call of that method in the constructor and store in a variable the userEmail argument that you get in the localStorage from Cognito:

constructor(
    private authService: AuthService,
  ) {
    this.authService.currentUser.subscribe(response => {
      this.currentUser = response;
    });

    this.userSessionName = localStorage.getItem('userEmail');
  }

Finally, you have to display the userSessionName variable in you .html component:

<p>{{ userSessionName }}</p>