Support adding custom attributes (#1732)

* update package-lock.json

* Prettier code style

* add changeset

* update construct

* update API.md

* export CustomAttributes in index.ts

* update API.MD

* export CustomAttributesString

* update API.md

* export CustomAttributeBase in index.ts

* update API.md

* updated CustomAttribute type name

* updated bindbindCustomAttribute method

* removed bindCustomAttributes unit test and updated creates user attributes unit test

* updated index export

* updated API.md

* updated bindCustomAttribute method

* Update blue-turkeys-trade.md

* Update blue-turkeys-trade.md

* update type CustomAttributeBoolean

* update /API.md

* update type CustomAttributesBoolean

* update API.md

* refactor top level cli error handling

* PR updates

* Add cause

* update api after clean build

* update construct.ts

* update construct.ts

* remove prefix custom:

* Delete .changeset/empty-cameras-smile.md

* Delete packages/cli/src/ampx.ts

* Delete packages/sandbox/src/file_watching_sandbox.ts

* update unit test and bind function

---------

authored-by: fangyuwu7 <wufangy372@gamil.com>

Author: fangyuwu7

.changeset/blue-turkeys-trade.md

@@ -0,0 +1,5 @@
+---
+'@aws-amplify/auth-construct': minor
+---
+
+Add customAttributes into userAttributes

packages/auth-construct/API.md

@@ -9,9 +9,11 @@ import { AuthResources } from '@aws-amplify/plugin-types';
 import { aws_cognito } from 'aws-cdk-lib';
 import { BackendOutputStorageStrategy } from '@aws-amplify/plugin-types';
 import { Construct } from 'constructs';
+import { NumberAttributeConstraints } from 'aws-cdk-lib/aws-cognito';
 import { ResourceProvider } from '@aws-amplify/plugin-types';
 import { SecretValue } from 'aws-cdk-lib';
 import { StandardAttributes } from 'aws-cdk-lib/aws-cognito';
+import { StringAttributeConstraints } from 'aws-cdk-lib/aws-cognito';
 import { UserPoolIdentityProviderSamlMetadata } from 'aws-cdk-lib/aws-cognito';
 
 // @public
@@ -43,13 +45,41 @@ export type AuthProps = {
         phone?: PhoneNumberLogin;
         externalProviders?: ExternalProviderOptions;
     };
-    userAttributes?: StandardAttributes;
+    userAttributes?: UserAttributes;
     multifactor?: MFA;
     accountRecovery?: keyof typeof aws_cognito.AccountRecovery;
     groups?: string[];
     outputStorageStrategy?: BackendOutputStorageStrategy<AuthOutput>;
 };
 
+// @public
+export type CustomAttribute = CustomAttributeString | CustomAttributeNumber | CustomAttributeBoolean | CustomAttributeDateTime;
+
+// @public
+export type CustomAttributeBase = {
+    mutable?: boolean;
+};
+
+// @public
+export type CustomAttributeBoolean = CustomAttributeBase & {
+    dataType: 'Boolean';
+};
+
+// @public
+export type CustomAttributeDateTime = CustomAttributeBase & {
+    dataType: 'DateTime';
+};
+
+// @public
+export type CustomAttributeNumber = CustomAttributeBase & NumberAttributeConstraints & {
+    dataType: 'Number';
+};
+
+// @public
+export type CustomAttributeString = CustomAttributeBase & StringAttributeConstraints & {
+    dataType: 'String';
+};
+
 // @public
 export type EmailLogin = true | EmailLoginSettings;
 
@@ -136,6 +166,9 @@ export type TriggerEvent = (typeof triggerEvents)[number];
 // @public
 export const triggerEvents: readonly ["createAuthChallenge", "customMessage", "defineAuthChallenge", "postAuthentication", "postConfirmation", "preAuthentication", "preSignUp", "preTokenGeneration", "userMigration", "verifyAuthChallengeResponse"];
 
+// @public
+export type UserAttributes = StandardAttributes & Record<`custom:${string}`, CustomAttribute>;
+
 // @public (undocumented)
 export type VerificationEmailWithCode = {
     verificationEmailStyle?: 'CODE';

packages/auth-construct/src/construct.test.ts

@@ -601,6 +601,35 @@ void describe('Auth construct', () => {
         familyName: {
           required: true,
         },
+        'custom:display_name': {
+          dataType: 'String',
+          mutable: true,
+          maxLen: 100,
+          minLen: 0,
+        },
+        'custom:tenant_id': {
+          dataType: 'Number',
+          mutable: false,
+          max: 66,
+          min: 1,
+        },
+        'custom:register_date': {
+          dataType: 'DateTime',
+          mutable: true,
+        },
+        'custom:is_member': {
+          dataType: 'Boolean',
+          mutable: false,
+        },
+        'custom:year_as_member': {
+          dataType: 'Number',
+          max: 90,
+          min: 0,
+        },
+        'custom:favorite_song': {
+          dataType: 'String',
+          mutable: true,
+        },
       },
     });
     const template = Template.fromStack(stack);
@@ -621,6 +650,48 @@ void describe('Auth construct', () => {
           Name: 'family_name',
           Required: true,
         },
+        {
+          AttributeDataType: 'String',
+          Name: 'display_name',
+          Mutable: true,
+          StringAttributeConstraints: {
+            MaxLength: '100',
+            MinLength: '0',
+          },
+        },
+        {
+          AttributeDataType: 'Number',
+          Name: 'tenant_id',
+          Mutable: false,
+          NumberAttributeConstraints: {
+            MaxValue: '66',
+            MinValue: '1',
+          },
+        },
+        {
+          AttributeDataType: 'DateTime',
+          Name: 'register_date',
+          Mutable: true,
+        },
+        {
+          AttributeDataType: 'Boolean',
+          Name: 'is_member',
+          Mutable: false,
+        },
+        {
+          AttributeDataType: 'Number',
+          Name: 'year_as_member',
+          Mutable: true,
+          NumberAttributeConstraints: {
+            MaxValue: '90',
+            MinValue: '0',
+          },
+        },
+        {
+          AttributeDataType: 'String',
+          Name: 'favorite_song',
+          Mutable: true,
+        },
       ],
     });
   });

packages/auth-construct/src/construct.ts

@@ -16,11 +16,14 @@ import {
   CfnUserPoolClient,
   CfnUserPoolGroup,
   CfnUserPoolIdentityProvider,
+  CustomAttributeConfig,
+  ICustomAttribute,
   Mfa,
   MfaSecondFactor,
   OAuthScope,
   OidcAttributeRequestMethod,
   ProviderAttribute,
+  StandardAttribute,
   UserPool,
   UserPoolClient,
   UserPoolDomain,
@@ -38,6 +41,7 @@ import { AuthOutput, authOutputKey } from '@aws-amplify/backend-output-schemas';
 import {
   AttributeMapping,
   AuthProps,
+  CustomAttribute,
   EmailLoginSettings,
   ExternalProviderOptions,
 } from './types.js';
@@ -347,6 +351,51 @@ export class AmplifyAuth
     };
   };
 
+  /**
+   * Define bindCustomAttribute to meet requirements of the Cognito API to call the bind method
+   */
+  private bindCustomAttribute = (
+    key: string,
+    attribute: CustomAttribute
+  ): CustomAttributeConfig & ICustomAttribute => {
+    const baseConfig: CustomAttributeConfig = {
+      dataType: attribute.dataType,
+
+      mutable: attribute.mutable ?? true,
+    };
+
+    let constraints = {};
+    // Conditionally add constraint properties based on dataType.
+    if (attribute.dataType === 'String') {
+      constraints = {
+        stringConstraints: {
+          minLen: attribute.minLen,
+
+          maxLen: attribute.maxLen,
+        },
+      };
+    } else if (attribute.dataType === 'Number') {
+      constraints = {
+        numberConstraints: {
+          min: attribute.min,
+
+          max: attribute.max,
+        },
+      };
+    }
+    //The final config object includes baseConfig and conditionally added constraint properties.
+    const config = {
+      ...baseConfig,
+
+      ...constraints,
+    };
+
+    return {
+      ...config,
+
+      bind: () => config,
+    };
+  };
   /**
    * Process props into UserPoolProps (set defaults if needed)
    */
@@ -404,6 +453,32 @@ export class AmplifyAuth
       );
     }
 
+    const { standardAttributes, customAttributes } = Object.entries(
+      props.userAttributes ?? {}
+    ).reduce(
+      (
+        acc: {
+          standardAttributes: { [key: string]: StandardAttribute };
+          customAttributes: {
+            [key: string]: CustomAttributeConfig & ICustomAttribute;
+          };
+        },
+        [key, value]
+      ) => {
+        if (key.startsWith('custom:')) {
+          const attributeKey = key.replace(/^custom:/i, '');
+          acc.customAttributes[attributeKey] = this.bindCustomAttribute(
+            attributeKey,
+            value
+          );
+        } else {
+          acc.standardAttributes[key] = value;
+        }
+        return acc;
+      },
+      { standardAttributes: {}, customAttributes: {} }
+    );
+
     const userPoolProps: UserPoolProps = {
       signInCaseSensitive: DEFAULTS.SIGN_IN_CASE_SENSITIVE,
       signInAliases: {
@@ -423,8 +498,12 @@ export class AmplifyAuth
       standardAttributes: {
         email: DEFAULTS.IS_REQUIRED_ATTRIBUTE.email(emailEnabled),
         phoneNumber: DEFAULTS.IS_REQUIRED_ATTRIBUTE.phoneNumber(phoneEnabled),
-        ...(props.userAttributes ? props.userAttributes : {}),
+        ...standardAttributes,
+      },
+      customAttributes: {
+        ...customAttributes,
       },
+
       selfSignUpEnabled: DEFAULTS.ALLOW_SELF_SIGN_UP,
       mfa: mfaMode,
       mfaMessage: this.getMFAMessage(props.multifactor),

packages/auth-construct/src/index.ts

@@ -19,6 +19,13 @@ export {
   TriggerEvent,
   IdentityProviderProps,
   AttributeMapping,
+  UserAttributes,
+  CustomAttribute,
+  CustomAttributeString,
+  CustomAttributeNumber,
+  CustomAttributeBoolean,
+  CustomAttributeDateTime,
+  CustomAttributeBase,
 } from './types.js';
 export { AmplifyAuth } from './construct.js';
 export { triggerEvents } from './trigger_events.js';

packages/auth-construct/src/types.ts

@@ -3,7 +3,9 @@ import { triggerEvents } from './trigger_events.js';
 import { BackendOutputStorageStrategy } from '@aws-amplify/plugin-types';
 import { AuthOutput } from '@aws-amplify/backend-output-schemas';
 import {
+  NumberAttributeConstraints,
   StandardAttributes,
+  StringAttributeConstraints,
   UserPoolIdentityProviderSamlMetadata,
 } from 'aws-cdk-lib/aws-cognito';
 export type VerificationEmailWithLink = {
@@ -327,6 +329,56 @@ export type ExternalProviderOptions = {
  */
 export type TriggerEvent = (typeof triggerEvents)[number];
 
+/**
+ * CustomAttributeBase is a type that represents the base properties for a custom attribute
+ */
+export type CustomAttributeBase = {
+  /**
+   * @default {true}
+   */
+  mutable?: boolean;
+};
+/**
+ * CustomAttributeString represents a custom attribute of type string.
+ */
+export type CustomAttributeString = CustomAttributeBase &
+  StringAttributeConstraints & {
+    dataType: 'String';
+  };
+/**
+ * CustomAttributeNumber represents a custom attribute of type number.
+ */
+export type CustomAttributeNumber = CustomAttributeBase &
+  NumberAttributeConstraints & {
+    dataType: 'Number';
+  };
+/**
+ * CustomAttributeBoolean represents a custom attribute of type boolean.
+ */
+export type CustomAttributeBoolean = CustomAttributeBase & {
+  dataType: 'Boolean';
+};
+/**
+ * CustomAttributeDateTime represents a custom attribute of type dataTime.
+ */
+export type CustomAttributeDateTime = CustomAttributeBase & {
+  dataType: 'DateTime';
+};
+/**
+ * CustomAttributes is a union type that represents all the different types of custom attributes.
+ */
+export type CustomAttribute =
+  | CustomAttributeString
+  | CustomAttributeNumber
+  | CustomAttributeBoolean
+  | CustomAttributeDateTime;
+/**
+ * UserAttributes represents the combined attributes of a user, including
+ * standard attributes and any number of custom attributes defined with a 'custom:' prefix.
+ */
+export type UserAttributes = StandardAttributes &
+  Record<`custom:${string}`, CustomAttribute>;
+
 /**
  * Input props for the AmplifyAuth construct
  */
@@ -362,7 +414,7 @@ export type AuthProps = {
    * The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
    * @default - email/phone will be added as required user attributes if they are included as login methods
    */
-  userAttributes?: StandardAttributes;
+  userAttributes?: UserAttributes;
   /**
    * Configure whether users can or are required to use multifactor (MFA) to sign in.
    */