up33v (up33v) asked a question.
I am running into an issue with our customer, using their Okta instance, there are certain user profile properties that were not being copied over from Okta into Cognito, specifically, email, given_name, and family_name. In our own dev Okta instance, that information comes over to AWS just fine
I confirmed that for the user, those values exist on their profile, and that it is mapped correctly from Okta user profile to the Xemelgo OIDC app profile, and is mapped correctly on the AWS Cognito side. I ensured that "openid profile email" is in the authorized scopes. Basically checking between our dev Okta settings and our production settings, at least from what I can tell, things look correct.
Any ideas as to how I can continue to troubleshoot this?
have you add profile in the scope of authorize like:
https://${yourOktaDomain}/oauth2/default/v1/authorize?client_id=0oabucvy
c38HLL1ef0h7&response_type=code&scope=openid email profile&redirect_uri=http%3A%2F%2Flocal
host%3A8080&state=state-296bc9a0-a2a2-4a57-be1a-d0e2fd9bb601&nonce=g5ly497e8ps
Yes, when I set up the identity provider in Cognito User Pool, I did set the authorized scopes to include openid email profile
Is it possible for Okta to be set up in a way that prevents certain user data properties from coming over?
@up33v (up33v) Could you give me an example?
The issue was that the user somehow didn't have any properties in the profile after it was assigned to the app. After we removed the user, and re-assigned the user, the data was in the profile, and now is also in AWS Cognito
Good news. Maybe create a case with Okta support and let they find why the properties not in the profile before.