- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
I believe what you are trying to do is trigger the lambda function before the user is authenticated, which requires a pre-authentication trigger. In your Lambda function, you can update the user attributes before the token is generated. Use the event.request.userAttributes parameter to access the user attributes. Update the cognito:groups attribute with the desired role value. I’ve included a link that describes the pre-authentication triggers, as well as the documentation for user-identity-pool integration with lambda triggers.
Pre Authenitcation https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-authentication.html Lambda Triggers & Identity Pools https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
Hope this helps!
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 4 mesi fa
Thanks for your answer, Aafant!
A couple of things: I'm using
amazon-cognito-identity-js
lib to handle the cognito stuff in my NestJS app. There is a method calledupdateAttributes
that can only be invoked by an authenticated user, so I first authenticate the user, then I call theupdateAttributes
and authenticate the user again (this is very confusing, but was the only way I found to update the userAttributes). Also, the Lambda is triggered automatically by theauthenticateUser
. I'm logging theevent.request.userAttributes
and I'm able to see the attribute I want to set. Everything seems to be okay, but the token is not getting the custom claims. By the way, I followed this tutorial from AWS: https://aws.amazon.com/blogs/mobile/how-to-use-cognito-pre-token-generators-to-customize-claims-in-id-tokens/