OpenID sub token too long for Cognito (max 128)

[christian-vdz]

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

2.41.1

Storage Type

Postgres

Installation Type

Official Helm chart

Expected Behavior

Dex provides OpenID sub token to Cognito and Cognito creates corresponding user in user pool.

Actual Behavior

Dex provides OpenID sub token to Cognito but Cognito returns following error:
1 validation error detected: Value at 'userName' failed to satisfy constraint: Member must have length less than or equal to 128 .

Steps To Reproduce

Use Dex as "backend" for Cognito (Cognito -> Dex -> LDAP).
Sub token issued by IDP seems to be longer than 128 characters with long user id (in my case, email or name from ldap).

Additional Information

As per https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html. the AdminCreateUser accepts username only up to 128 chars:

Username
The username for the user. Must be unique within the user pool. Must be a
UTF-8 string between 1 and 128 characters. After the user is created,
the username can't be changed.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Configuration

No response

Logs

No response