"email" vs "Email" in AWS Cognito
In my AWS Cognito App Client settings, it offers me two settings for email: one with a capital E (Email), and one with a lowercase e (email). See screenshot below.
What is the difference between them?
Assuming you referring to the "Email" listed under Scopes vs. the "email" listed under Attributes:
Uppercase Email is a Scope and lowercase email is an attribute.
OpenID defines an attribute as "The base of the information model used to describe the Identity Data, for the purpose of exchanging it."
A Scope is used to group Attributes. A Scope defines what resources can be accessed via an OAuth2.0 guarded endpoint.
See more info here
In this screenshot, you are defining Read/Write ability over those specific attributes. Attributes you cannot mark as writeable are Required fields.
EDIT: An App Client provides an avenue for you to call unauthenticated APIs for registration, password resets, sign in, etc.
If you uncheck a scope under Readable or Writeable you will notice all attributes associated with that scope also uncheck, or you turn off individual attributes.
By unchecking you are disabling the ability for those fields to be received (read) or modified (write) through the API.
Why would you want to do this?: let's say you have a mobile app, web app, and a fat client/server side application sharing the same user pool. you would not necessarily want all three to have the same permissions when talking to the unauthenticated APIs. An App Client allows you to create an individual connection with tailored permissions per App Client ID.
See here for more info.