Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

PostAuthentication - auto verify phone_number (not in PreSignUp)

0

Hello All, Cognito/Amplify Team,

I am implementing passwordless SMS auth. Flow is: signIn -> error (userNotFound) -> signUp -> signIn -> OTP sent to mobile -> OTP entered by user -> confirmSignIn -> success and user is logged in. This flow works and user is able to successfully sign in. But verification of phone_number should better happen in PostAuthentication (after user is signed in after entering and successfully checking OTP) and not before that in PreSignUp.

I have following lambdas: PreSignUp, DefineAuthChallenge, CreateAuthChallenge, VerifyAuthChallengeResponse, PostAuthentication. Things have run fine. Want to change one thing for good: Auto verify phone number in Post Authentication instead of PreSignUp lambda. How to do that? I thought following can do it in PostAuthentication lambda:

    event.response.phone_number_verified = "true"

it did not. I also tried with setting:

event.request.userAttributes.phone_number_verified = "true"

it also did not. In PreSignUp, following did work fine:

event.response.autoVerifyPhone = true;

PostAuthentication lambda (custom.js):

exports.handler = async (event, context) => {
  console.log('Received EVENT', JSON.stringify(event, null, 2));                      if (event.request.userAttributes.hasOwnProperty("email")                                 && event.request.userAttributes.email_verified != "true") {                   
      event.request.userAttributes.email_verified = "true"                            
      event.response.email_verified = "true";
  }   
  if (event.request.userAttributes.hasOwnProperty("phone_number")              && event.request.userAttributes.phone_number_verified != "true") {   
      event.request.userAttributes.phone_number_verified = "true";  
      event.response.phone_number_verified = "true";   
  } 
  console.log('Returning event', JSON.stringify(event, null, 2))                      
  return event;                                                                       
};

PreSignUp (custom.js):

"use strict";
exports.handler = async (event) => {
    console.log('Received EVENT', JSON.stringify(event, null, 2));
    event.response.autoConfirmUser = true;
    /*
    if (event.request.userAttributes.hasOwnProperty("email")) {
        event.response.autoVerifyEmail = true;
    }
    if (event.request.userAttributes.hasOwnProperty("phone_number")) {
        event.response.autoVerifyPhone = true;
    }
    */
    console.log('Returning EVENT', JSON.stringify(event, null, 2));
    return event;

But when I check user in Cognito, it still shows as NotVerified. [1] which is in TS but also suggest to set: event.request.userAttributes.email_verified = "true"
[2] does not suggest how to auto verify phone_number in PostAuthentication lambda. [3] does suggest how to auto verify phone_number in PreSignUp.

[1] https://github.com/aws-samples/amazon-cognito-passwordless-email-auth/blob/master/cognito/lambda-triggers/post-authentication/post-authentication.ts [2] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-authentication.html [3] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html

Can you help resolve this. How/what to set in PostAuthentication to auto verification of phone number?

Thanks in advance.

Temas
Sin servidorCálculoWeb y móvil front-endSeguridad, identidad y cumplimiento
Etiquetas
AWS LambdaAWS AmplifyAmazon Cognito
Idioma
English
Raj
preguntada hace un año275 visualizaciones
2 Respuestas
0
Respuesta aceptada

Hi,

you must not return verified true as part of the return structure but update the attribute through a dedicated API Call to AdminUpdateUserAttributes [ https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html ] in one of the Lambda function.

That is why the status is not updated.

Jeff

AWS
Jeff Lombardo-AWS
respondido hace un año
  • Raj
    hace un año

    Thanks Jeff. It worked. Though, had to give the required permission to lambda.

0

Cognito showing the phone_number as NotVerified. This is after user has successfully logged in and session screen is presented using the baked-in authUser.

Phone_number: NotVerified

Raj
respondido hace un año
  • Jeff Lombardo-AWS
    hace un año

    you masked the sub in the user attributes but no in the user Information pane, I do not know if this is a problem.

  • Raj
    hace un año

    Sharp eyes! sub is uuid inside aws and will change for next authUser instantiation. Looks harmless if such transient handle is leaked at one experimental point.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante