I'm attempting to implement the example lambda from the AWS documentation https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html in Python. After combing through the documentation many times, it seems to me that I need to set the 'userAttributes', 'finalUserStatus', and 'messageAction' fields for the 'UserMigration_Authentication' flow and Cognito does the rest. However, after following the example and writing the following code, my lambda trigger does not migrate the user. I've verified this by going to the Cognito logs and the user does not exist. I am using AWS' HostedUI and the HostedUI returns an error upon attempted migration (The username or password you entered is invalid). I have code to migrate the user manually, however I'd like to use AWS' method.
If anyone can provide insight into my errors, I would appreciate it.
def lookup_user(username, old_user_pool):
# ... Lookup user in legacy user pool (old_user_pool) ...
return user
def authenticate_user(old_user_pool, old_client_id, username, password):
# ... Authenticate user in legacy user pool (old_user_pool) ...
return lookup_user(username, old_user_pool)
def usermigration_authentication(event, old_user_pool, old_client_id, username, password):
user = authenticate_user(old_user_pool, old_client_id, username, password)
if not user:
raise Exception('Bad Credentials')
event['response']['userAttributes'] = user['Attributes']
event['response']['finalUserStatus'] = 'CONFIRMED'
event['response']['messageAction']= "SUPPRESS"
return event
def usermigration_forgotpassword(event, old_user_pool, username):
user = lookup_user(username, old_user_pool)
if not user:
raise Exception('Bad Credentials')
event['response']['userAttributes'] = user['Attributes']
event['response']['messageAction']= "SUPPRESS"
return event
def handler(event, context):
trigger_source = event['triggerSource']
password = event['request']['password']
email = event['userName']
logger.info({'message': "User email: " + email})
old_user_pool = os.environ.get('migration_user_pool')
old_client_id = os.environ.get('old_client_id')
try:
if trigger_source == "UserMigration_Authentication":
event = usermigration_authentication(event, old_user_pool, old_client_id, email, password)
elif trigger_source == "UserMigration_ForgotPassword":
event = usermigration_forgotpassword(event, old_user_pool, email)
except Exception as err:
logger.error({'message': {'Error attempting to migrate user': err}})
return event
Edited by: ansonss on Oct 19, 2020 6:17 AM