How to get user attributes (username, email, etc.) using cognito identity id

Using REST API

AccessToken

Thought that this could be very helpful to someone as I've spent a lot of time trying to figure out how to get UserAttributes with only accessToken and region ( Similar to this but with REST API ( Without using aws-sdk )

You can get UserAttributes with accessToken using this HTTP request. ( GetUser )

Method: POST
Endpoint: https://cognito-idp.{REGION}.amazonaws.com/
Content-Type: application/x-amz-json-1.1
Content-Length: 1162 // Access Token bytes length
X-Amz-Target: AWSCognitoIdentityProviderService.GetUser
Body: {"AccessToken":"ACCESS_TOKEN"}

And if the accessToken is valid, you should receive example response like the following

{
    "UserAttributes": [
        {
            "Name": "sub",
            "Value": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
        },
        {
            "Name": "email_verified",
            "Value": "true"
        },
        {
            "Name": "name",
            "Value": "Jason"
        },
        {
            "Name": "phone_number_verified",
            "Value": "true"
        },
        {
            "Name": "phone_number",
            "Value": "+xxxxxxxxxxx"
        },
        {
            "Name": "email",
            "Value": "[email protected]"
        }
    ],
    "Username": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
}

AWS cognito-idp list-users has a filter option that allows you to filter based on attribute. 'sub' is the attribute that matches the identity id you are describing.

e.g. at the command line:

aws cognito-idp list-users --user-pool-id us-east-1_abcdFghjI --filter "sub=\":XXaXcXXa-XXXX-XXXX-XXX-XXXXXXXXXXXX\""

This also requires the user-pool-id, which I suspect you have. Additionally, I have no idea how this is implemented or how it performances when filtering a large number of users, but I take custom attributes not being usable in filters as a hint that there is some form of indexing behind the curtain.

The ID Token that you exchange with Cognito federated identity service to get the identity id and credentials already has all user attributes. You do not need an extra call to any service.

It is a JWT token and you can use any library on the client to decode the values. You can read this guide for more information about the tokens vended by Cognito user pools.

Alternatively, you can also use the Access Token to call GetUser API which will return all the user information.

I faced the similar issue and after too much of scratching i was not able to find the exact way of pulling out the details. My usecase was to get the details in android APP. After looking into their AWSMobile client API code. I found below and it is working from me.

Log.i(TAG, "User Details"+ AWSMobileClient.getInstance().getUserAttributes().toString());

Recommendation - Try use AWSMobileclient incase you are using it for Android Development as this is new library that is recommended for development.