Managed group filter for AWS Cognito

I have setup the OIDC Auth Method with AWS Cognito user pool successfully and I can access the console with AWS Cognito user pool.

I want to use managed group to associate a role for all accounts in group of AWS Cognito user pool.
From AWS doc Using the Access Token - Amazon Cognito,
the group info is listed in claim “cognito:groups”, is there any info about how to escape the colon char in “filter” parameter when I use boundary cli?

For example,
./boundary managed-groups update oidc -id mgoidc_xxxx -filter=’“testgroup” in “/token/cognito:groups”’ would get the error “Error when parsing filter to check validity: 1:16 (15): rule “match”: Invalid selector”.


1 Like

Hi there!

Currently the grammar for parsing the expression doesn’t allow colons. I’ve created a PR to address this and it should go into the next version of Boundary. Sorry about that!

1 Like

PR is up at Update go-bexpr to allow colons in paths; add a test by jefferai · Pull Request #1453 · hashicorp/boundary · GitHub and will be in our next release.