Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to modify AWS Cognito user attributes in the Lambda triggers

Having a look at the AWS documentation,

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html#cognito-user-pools-lambda-trigger-syntax-pre-signup

you have the following paramaters available in the Pre Sign-up Lambda fuction:

"request": {   "userAttributes": {     "string": "string",     .... }, "validationData": {<validation data as key-value (String, String) pairs, from the client>} 

is there a way to modify or add additional userAttributes the the event object?

for example:

// Modify an existing username... event.request.userAttributes.name.ucfirst();  // Add an additional attribute... event.request.userAttributes.nickname = "ANY_NAME";   callback(null, event); 
like image 942
altus Avatar asked Jan 28 '18 14:01

altus


People also ask

How do I change user attributes in Cognito?

To update a cognito user's attributes use the admin-update-user-attributes command, specifying the user-pool-id , username and user-attributes parameters.

What are Lambda triggers for Cognito?

A user migration Lambda trigger allows easy migration of users from your existing user management system into your user pool. For examples of each Lambda trigger, see Customizing user pool workflows with Lambda triggers. The Custom message AWS Lambda trigger is an advanced way to customize messages for email and SMS.

How do I customize my AWS Cognito?

Sign in to the Amazon Cognito console . In the navigation pane, choose User Pools, and choose the user pool you want to edit. Choose the App integration tab. To customize UI settings for all app clients, locate Hosted UI customization and select Edit.

How do I allow API users to run AWS Lambda with their Amazon Cognito permissions?

To allow users to run Lambda with their Amazon Cognito permissions, follow these steps: Use the API Gateway console to establish your Amazon Cognito user pool as an authorizer. Then, assign the Amazon Cognito user pool as the authorizer for the method of your API.


2 Answers

Yes, there's absolutely a way! You need to use AWS javascript SDK in your Lambda handler:

const AWS = require('aws-sdk'); AWS.config.update({region: 'ap-southeast-1'});  const cognitoidentityserviceprovider =   new AWS.CognitoIdentityServiceProvider({     apiVersion: '2016-04-18'   }); cognitoidentityserviceprovider.adminUpdateUserAttributes(   {     UserAttributes: [       {         Name: 'YOUR_USER_ATTRIBUTE_NAME',         Value: 'YOUR_USER_ATTRIBUTE_VALUE'       }     ],     UserPoolId: event.userPoolId,     Username: event.userName   },   function(err, data) {     ...   } ); 

Make sure to give your Lambda function the right policies (i.e. allows "cognito-idp:AdminUpdateUserAttributes" action) and the user pool has the attribute defined.

like image 54
Khoi Avatar answered Sep 18 '22 23:09

Khoi


There isn't a way to mutate/augment attributes during sign up, but during sign in, you can mutate/augment them with the pre-token generation trigger.

like image 26
behrooziAWS Avatar answered Sep 21 '22 23:09

behrooziAWS