amazon-cognito-auth-js | Amazon Cognito Auth SDK for JavaScript simplifies | Authentication library

I am writing here to ask for help or at least a clarification.

I work at a startup and a couple of weeks ago we launched our SaaS. We manage all our users with Aws Cognito. I'm using amazon-cognito-identity-js for the authentication on the frontend and both sign-up and sign-in work fine. We want to add social sign-in (OAuth) through Google and for that I'm using aws-amplify-js, calling Auth.federatedSignIn({provider: 'Google'}) as specified in Amplify docs.

The first time a user sign in with Google, a new user is correctly created in Cognito, but if I try to sign in again with the same user I get the following error: #error_description=Invalid+user+attributes%3A+email%3A+Attribute+cannot+be+updated.%0A+&error=invalid_request.

Apparently this is a rather common issue:

• https://github.com/amazon-archives/amazon-cognito-auth-js/issues/159
• https://github.com/amazon-archives/amazon-cognito-auth-js/issues/48
• https://github.com/aws-amplify/amplify-js/issues/3526

After looking for a solution I believe this happens because when we created our User Pool we set email as a required attribute and it was automatically set as immutable. Apparently if you want to use social sign-in every attribute should be mutable (as specified here because on every new sign in Cognito tries to update them.

So now we're stuck. It's not possible to change email attribute from immutable to mutable for an existing User Pool and as far as I know it's not possible to prevent Auth.federatedSignIn({provider: 'Google'}) to update every user attributes.

We cannot simply delete and recreate our User Pool because we're already in production and we got several users already registered. Is there any possible solution or workaround to fix this? Any kind of suggestion would be very helpful!