Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Cognito - PostSignUp Trigger Not Working

Tags:

amazon-web-services

triggers

amazon-cognito

i have a post signup trigger setup to store the user details in DynamoDb table. This works fine when the user signs up on their own through the front-end but the trigger is never invoked if the user is created through AdminCreateUser API. Our assumption was after the newly added user gets an email with a temporary password and logins through the front-end, Cognito will invoke the postsignup trigger.

Is that an expected behavior? And also, how do we address this issue?

like image 877
Emon Avatar asked Feb 14 '20 18:02

Emon

People also ask

How do you add post confirmation in Lambda trigger?

Post confirmation request parameters You can pass this data to your Lambda function by using the ClientMetadata parameter in the following API actions: AdminConfirmSignUp, ConfirmForgotPassword, ConfirmSignUp, and SignUp.

How do I Auto verify Cognito?

In the response, you can set autoConfirmUser to true if you want to auto-confirm the user. You can set autoVerifyEmail to true to auto-verify the user's email. You can set autoVerifyPhone to true to auto-verify the user's phone number.

What is callback URL in Cognito?

A callback URL indicates where the user will be redirected after a successful sign-in. Enter Sign out URL(s). A sign-out URL indicates where your user will be redirected after signing out. Select Authorization code grant to return an authorization code that is then exchanged for user pool tokens.

Can Cognito do authorization?

An authorization code grant is a code parameter that Amazon Cognito appends to your redirect URL. Your app can exchange the code with the Token endpoint for access, ID, and refresh tokens. As a security best practice, and to receive refresh tokens for your users, use an authorization code grant in your app.

1 Answers

Although that's counter intuitive, seems that's the expected behavior.

Post Confirmation trigger is not invoked when a user is created via AdminCreateUser API.

Workaround could be to to use Post Authentication trigger and during processing of the fired event to check if cognito:user_status is FORCE_CHANGE_PASSWORD.

When a user is created using AdminCreateUser, status of the new user is set to FORCE_CHANGE_PASSWORD. Once user logs in and changes temporary password, status is changed to CONFIRMED.

Downside is that trigger is invoked after every login.

like image 52
a1eksandre Avatar answered Sep 23 '22 15:09

a1eksandre
Sign in to Comment

Related questions

Does Amazon Aurora Postgres support lambda invocations?
Import external cert in aws
Amazon SNS -- Change Sender ID
How to redirect non-www traffic to www for site hosted on EC2 instance behind CloudFront?
How to set up Okta as SAML IDP in AWS Cognito User Pool?
What is a Cognito IdentityId?
How is `tmp` folder managed when using ECS Fargate?
Deployment options using Amazon Lightsail?
ASG can't launch instances anymore with encrypted EBS root volume
AWS Glue: How to add a column with the source filename in the output?
Clear stack policy in Cloudformation?
Is it possible to start Vault dev server on 0.0.0.0 instead of 127.0.0.1?
Can I automate user creation in AWS IAM service?
Trouble with Jupyter certifications
AWS AppSync Lambda resolver fields
When to use dynamodb.client, dynamodb.resource and dynamodb.Table?
SSH into kubernetes nodes created through KOPS
AWS-SDK in nodejs Lambda function cannot find endpoint-cache module
The DB instance and EC2 security group are in different VPCs, cloudFormation error
Spring boot reading parameters from AWS parameter store

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!