Missing 'email' field from Cognito JWT ID token
martinbaste opened this issue · comments
When authenticating in a Cognito user pool, the ID token returns with the email
field, as seen here: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-id-token.html
Moto used to provide this field, but it was removed some time ago, in this issue: #5279
This is because the access token doesn't have an email field, but the ID token does. And Moto is using the same function to generate both tokens, so when it was removed on the PR to fix the referenced issue, it was also removed from the ID token.
If I understand the documentation correctly, it should be added to the ID token, and kept away from the Access token.