I am trying to use Cognito User Pool to handle user authentication. I've started down the path of integrating an OIDC provider for login. It is mostly working, thanks to help from a few SO posts and this post.
I've gotten to the point where I'm able to link the external user to my internal user, but when I try to login I get "Invalid Provider Name Username combination" error. I noticed that it's because the user id for the external user has capitals in it, but the linked user_id in Cognito is only lowercase.
Example:
External User's Okta id: abc123DEF
Internal User's id: <uuid> (doesn't matter)
Cognito external user's id: okta_abc123def
Internal user's identity list: [{"userId":"abc123def","providerName":"Okta","providerType":"OIDC","issuer":null,"primary":false,"dateCreated":1640383493683}]
Has anyone ran into this issue before and figured out a solution? I could solve it if I knew the user's external ID before they sign up since Cognito requires the linking command to be called before the external user is added, but that would require them knowing their internal id and providing it which is too much overhead.
EDIT:
When manually calling the link user command with case-sensitive user id, and then try logging in with the external provider, I get a code back as expected, but no external user is created in Cognito (when there should be) and the code doesn't work to get back tokens.
UPDATE:
The issue was I was not calling the LOGOUT endpoint for the cognito domain so it was using the incorrectly linked auth'd user instead of trying to re-auth through Cognito. Using the suggestion of a custom attribute (which maintains casing) I was able to use the pre sign-up lambda to link the users and it's working for me now. There is still the issue of an error of the user already existing, but I can handle that in my client like this post suggests.
