Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why is the identity-claim sub::username when sub is not restoreable in a recovery system #12870

Closed
biller-aivy opened this issue Jun 27, 2023 · 5 comments
Closed

Why is the identity-claim sub::username when sub is not restoreable in a recovery system #12870

biller-aivy opened this issue Jun 27, 2023 · 5 comments
Labels
pending-response Issue is pending response from the issue author pending-triage Issue is pending triage question General question

Comments

@biller-aivy
Copy link

Amplify CLI Version

10.5.2

Question

https://docs.amplify.aws/cli/migration/identity-claim-changes/#what-are-the-breaking-changes
So I can read here, that in the versions of the cli the claim is sub::username, but why?

When I forced to run a recovery system and get all the old data there with the same cognito user, I can import all user, but the sub will be changed.
@biller-aivy biller-aivy added pending-triage Issue is pending triage question General question labels Jun 27, 2023
@josefaidt
Copy link
Contributor

Hey @biller-aivy 👋 thanks for raising this! Although we are thinking about appropriate backups and recoveries, this can be changed to be better suited for a straightforward recovery by specifying an identityClaim

@josefaidt josefaidt added the pending-response Issue is pending response from the issue author label Jun 29, 2023
@biller-aivy
Copy link
Author

@josefaidt
What seems a bit strange to me is that since version 9 I think you save sub::username as owner or? Yet you can't transfer sub to a new pool.
I already have everywhere

{
        allow: owner
        identityClaim: "username" # explicit use of username
      }

@github-actions github-actions bot removed the pending-response Issue is pending response from the issue author label Jul 10, 2023
@josefaidt
Copy link
Contributor

Hey @biller-aivy that's correct, and we are actively thinking about disaster recovery, which includes situations like this where the sub is non-transferrable. Unfortunately you will need to specify the custom identityClaim or toggle the useSubUsernameForDefaultIdentityClaim feature flag in amplify/cli.json to change that behavior.

@josefaidt josefaidt added the pending-response Issue is pending response from the issue author label Jul 13, 2023
@josefaidt
Copy link
Contributor

Closing due to inactivity

@josefaidt josefaidt closed this as not planned Won't fix, can't repro, duplicate, stale Aug 14, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending-response Issue is pending response from the issue author pending-triage Issue is pending triage question General question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@josefaidt @biller-aivy