An external IdP account for a user who doesn’t exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
SourceUser is using a federated social IdP, such as Facebook, Google, or Login with Amazon, you must set the
Cognito_Subject . For social IdPs, the
ProviderName will be
Google , or
LoginWithAmazon , and Amazon Cognito will automatically parse the Facebook, Google, and Login with Amazon tokens for
sub , and
user_id , respectively. The
ProviderAttributeValue for the user must be the same value as the
sub , or
user_id value found in the social IdP token.
For SAML, the
ProviderAttributeName can be any value that matches a claim in the SAML assertion. If you want to link SAML users based on the subject of the SAML assertion, you should map the subject to a claim through the SAML IdP and submit that claim name as the
ProviderAttributeName . If you set
Cognito_Subject , Amazon Cognito will automatically parse the default unique identifier found in the subject from the SAML token.
ProviderName -> (string)
The name of the provider, such as Facebook, Google, or Login with Amazon.
ProviderAttributeName -> (string)
The name of the provider attribute to link to, such as
ProviderAttributeValue -> (string)
The value of the provider attribute to link to, such as