I am using AWS Cognito for auth. I am using AWS Amplify framework.
Currently I have email-password signup option. On Cognito PostConfirmationTrigger I add user to User DynamoDB table.
I want to add google signup option as well.
In federated sign-in (signup time), this trigger is not triggered so I am unable to add user to User DynamoDB table.
Any hints how can I invoke that trigger lambda only for first time federated sign-in (signup)?
The post confirmation trigger is worth avoiding as it also doesn't trigger for admin confirmations. Reimplement it as a post-authentication or pre-token-generation trigger and, if need be, add a condition expression to your put item request to avoid overwriting existing user items.
Cognito is a bit borked when it comes to federated sign-on and triggers. Triggers only seem to be called the first time a user logs in.
Related
I have a user pool in my Amplify project that has a single custom field configured incorrectly. Because you can't edit or delete the fields, my plan is to recreate the user pool. The app isn't in production yet so having some downtime is ok.
My question is, what is the cleanest way to recreate a user pool within the Amplify CLI? I need it to be identical in every way except for that single custom field. When I attempt to remove the auth category it throws an error because of the admin query API and my lambda functions.
Ideally I wouldn't have to run through the steps of creating it, my current configuration would be used.
Any ideas?
Thanks!
I'm having trouble implementing a feature where I need check if a user does not exist or is existing in cognito but as federated user. The prior is done without trouble but I'm stuck on the latter without any clue. I went through the cognito and amplify documents but couldn't find any clue. Could there be a work-around or a function that I don't know about, any suggest is welcomed.
You can create a mutable custom user attribute on Cognito such as isFederatedUser and set this on user during user creation.
If this is not possible, you can call list-users and filter the identities attribute.
I am using AWS Cognito Custom Auth (OTP based login) for authenticating mobile app users. Now I want to introduce Truecaller based login, for which I need to add support in Custom Auth to verify truecaller signature.
The Cognito custom auth flow is like
I was thinking of a approach where in I could pass a parameter (truecaller/otp) in InitiateAuthFlow using ClientMetadata field which I was hoping would reach Define Auth Challenge trigger on the basis of which I can decide which custom auth flow to trigger, but the documentation says it does not pass ClientMetadata field params to Define Auth Challenge trigger, I can't understand why.
And now I can't find a way to achieve this. Can someone help here?
Is there a way I can update another user attributes using AWS amplify with cognito? I.e. when user reply to a post I want to change a rating of a person that started a thread. Or for this I will need a table in DB to manage it.
In docs i see that there is a method:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminUpdateUserAttributes-property
but I dont see a way to use it in Amplify.
I have not seen any API of aws-amplify which can alter user attributes as admin.
Generally, it is good practice not to duplicate data or keeping data duplication minimal if unavoidable. In other words, keeping a single source of truth. Use Cognito as only for authentication, I mean obtaining JWT token.
Rating, user basic info, and role; keep those at your own data source.
I am using amplify auth and have a table in documentdb managing user profile information. I want to be able to create a document in dynamodb on signup with the cognitoIdentityId as a field so I can query for it later.
I was hoping I could handle this in a trigger on the cognito pool but I cannot get access to the identity inside my lambda function as it doesn't appear to be on the event.
Is it possible to get access to the id so I can create my document on the trigger or is there a better way to achieve this?