I would like to link new user who is using SSO with the existing cognito user. In order to achieve this, cognito has AdminLinkProviderForUser endpoint. But this endpoint returns error below and I cannot change the user attribute configuration since Cognito does not allow me.
Cannot update attribute: custom:someCustomAttribute: Attribute cannot be updated.
(Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: InvalidParameterException; Request ID: Xxxxxxxxxx; Proxy: null):
com.amazonaws.services.cognitoidp.model.InvalidParameterException: Cannot update attribute: custom:someCustomAttribute: Attribute cannot be updated.
Is there any other way to link SAML based federated SSO user with the existing cognito (username-password) user?
Thanks a lot!
I have contacted with AWS regarding this and apparently there is no rollback if you have created an immutable user attribute so we are going to end up re-creating the users in order to link them.