Allow to set read and write attributes in Cognito UserPoolClient

When a client of a Cognito User Pool is created, the developer can (and should) specify which user attributes the client will be able to read and/or write.

This is not currently implemented in Cognito.

Use Case

Often you want different clients to be able to make different operations on user attributes. For example, there might be a customerPlan attribute for every user but only some clients (i.e. those used by the back office) are allowed to change its value.

Or you may want to allow a specific client (e.g. the one used by the web app) to be able to read the email attribute but not the `

Proposed Solution

The proposed solution is to allow to set the list of read attributes and write attributes to the props for userPoolClient.

As example

const pool = new UserPool(stack, 'Pool');
pool.addClient('MyClient', {
  readAttributes: ['email', 'phoneNumber', 'custom:customerPlan', 'custom:isActive']
  writeAttributes: ['phoneNumber', 'custom:isActive']
});

I think there are two flaws with this approach:

1. having to type the attribute names is error prone
2. having to prepend custom: to all custom attributes can be easily forgot

The solution for both problems could be the following:

const pool = new UserPool(stack, 'Pool');
pool.addClient('MyClient', {
  readAttributes: {
    // all cognito attributes are automatically available as boolean values
    email: true,
    phoneNumber: true,
    // all custom attributes can be set with an array without the need to prepend them with `custom:`
    custom: ['customerPlan', 'isActive'],
  },
  writeAttributes: {
    // all cognito attributes are available as boolean values
    email: false,
    phoneNumber: true,
    // all custom attributes can be set with an array without the need to prepend them with `custom:`
    custom: ['isActive'],
  },
});

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request