Hi,
I have configured a migrate user lambda trigger in my Cognito user pool.
It gets called when a user logs in and it returns successfully when it a user/psw can be validated against a rest service.
However in the amplify UI, I get NotAuthorizedException: Incorrect username or password and also the user is not properly created in the Cognito pool.
I assigned the lambda 512 MB of memory and timeout 30 seconds.
I gave it cognito full acces in IAM (probably not needed)
Maybe the result i return from the lambda is not correct. But I double checked it with the docs.
The return value of lambda :
{
"version":"1",
"triggerSource":"UserMigration_Authentication",
"region":"eu-central-1",
"userPoolId":"<mypoolid>",
"userName":"stijn2",
"callerContext":{
"awsSdkVersion":"aws-sdk-unknown-unknown",
"clientId":"*****<myCliendId>*****"
},
"request":{
"password":"myPSW",
"validationData":{
"myCustomKey":"myCustomValue"
},
"userAttributes":"None"
},
"response":{
"userAttributes":{
"email":"stijn2@someprovider.be",
"email_verified":"true",
"username":"stijn2"
},
"forceAliasCreation":"None",
"enableSMSMFA":"None",
"finalUserStatus":"CONFIRMED",
"messageAction":"SUPPRESS",
"desiredDeliveryMediums":"None"
}
}
The Python lambda code :
import json
import logging
import os
import requests
import urllib.parse
import boto3
logger = logging.getLogger()
logger.setLevel(logging.INFO)
def lambda_handler(event, context):
logger.info(event)
event["response"]["userAttributes"] = {}
if event["triggerSource"] == "UserMigration_Authentication":
result = auth_user(event["userName"], event["request"]["password"])
if result:
if "email" in result:
event["response"]["userAttributes"]["email"] = result["email"]
event["response"]["userAttributes"]["email_verified"] = "true"
event["response"]["finalUserStatus"] = "CONFIRMED"
elif event["triggerSource"] == "UserMigration_ForgotPassword":
result = find_user(event["userName"] )
if result:
if "email" in result:
event["response"]["userAttributes"]["email"] = result["email"]
event["response"]["userAttributes"]["email_verified"] = "true"
event["response"]["userAttributes"]["username"] = event["userName"]
event["response"]["messageAction"] = "SUPPRESS"
logger.info("Lambda return value event {}".format(event))
return event
def auth_user(userName, password):
params = {"userName": userName, "plainTextPsw": password}
querystring = urllib.parse.urlencode(params)
url = "{}/login?{}".format(os.environ.get("REDWOOD_LOGIN_URL"), querystring)
response = requests.get(url)
response_json = response.json()
logger.info("redwood auth_user response: {}".format(response_json))
return response_json
def find_user(userName):
params = {"userName": userName}
querystring = urllib.parse.urlencode(params)
url = "{}/user-by-principal?{}".format(os.environ.get("REDWOOD_LOGIN_URL"), querystring)
response = requests.get(url)
response_json = response.json()
logger.info("redwood find_user response: {}".format(response_json))
return response_json