Hi, i followed this document to customize cognito SMS delivery flow https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sms-sender.html
I'm not working on a Javascript environment so wrote this Go snippet:
package main
import (
"context"
golog "log"
"os"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kms"
)
// USING THIS TYPES BECAUSE AWS-SDK-GO DOES NOT SUPPORTS THIS
// CognitoEventUserPoolsCustomSmsSender is sent by AWS Cognito User Pools before each mail to send.
type CognitoEventUserPoolsCustomSmsSender struct {
events.CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsCustomSmsSenderRequest `json:"request"`
}
// CognitoEventUserPoolsCustomSmsSenderRequest contains the request portion of a CustomSmsSender event
type CognitoEventUserPoolsCustomSmsSenderRequest struct {
UserAttributes map[string]interface{} `json:"userAttributes"`
Code string `json:"code"`
ClientMetadata map[string]string `json:"clientMetadata"`
Type string `json:"type"`
}
func main() {
lambda.Start(sendCustomSms)
}
func sendCustomSms(ctx context.Context, event *CognitoEventUserPoolsCustomSmsSender) error {
golog.Printf("received event=%+v", event)
golog.Printf("received ctx=%+v", ctx)
config := aws.NewConfig().WithRegion(os.Getenv("AWS_REGION"))
session, err := session.NewSession(config)
if err != nil {
return err
}
kmsProvider := kms.New(session)
smsCode, err := kmsProvider.Decrypt(&kms.DecryptInput{
KeyId: aws.String("a8a566c5-796a-4ba1-8715-c9c17c6f0cb5"),
CiphertextBlob: []byte(event.Request.Code),
})
if err != nil {
return err
}
golog.Printf("decrypted code %v", smsCode.Plaintext)
return nil
}
i'm always getting InvalidCiphertextException: : InvalidCiphertextException null
, can someone help?
This is how lambda config looks on my user pool:
"LambdaConfig": {
"CustomSMSSender": {
"LambdaVersion": "V1_0",
"LambdaArn": "arn:aws:lambda:eu-west-1:...:function:cognito-custom-auth-sms-sender-dev"
},
"KMSKeyID": "arn:aws:kms:eu-west-1:...:key/a8a566c5-796a-4ba1-8715-c9c17c6f0cb5"
},
Hi, i couldn't find a workaround for Golang. The reason is the lack of compatibility for the aws encryption sdk... It is only available for certain languages and Go is not in the list. https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html
The code is encrypted throught keyring (an aws kms master key provider) which is somehow inside the aws encryption sdk encrypt/decrypt process. Writting your own sdk for Go is not an option, so i'll suggest you to use Javascript or Python instead for this scenario.
What a shame aws...
Edit: here's a how keyring works https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/using-keyrings.html to understand why the posted code will never work for this case