3 Answers
- Newest
- Most votes
- Most comments
1
The lambda contract is defined as JSON here:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html#cognito-user-pools-lambda-trigger-syntax-user-migration
Can you debug your lambda function to check if the response object as part of the contract is not set?
answered 4 years ago
1
Setting just the Response field in the message returned from Lambda seems to work
answered 4 years ago
0
For anyone looking for this same concept with the preAuthentication lambda function (or perhaps even other Cognito functions) with the same setting "PreventUserExistenceErrors" enabled:
You will unfortunately need to modify your Lambda to exit early (or other preferred logic) such as what I do below at the very beginning of my preAuthentication entry point:
export const myPreAuthenticationFunctionName = async (event: PreAuthenticationTriggerEvent, context, callback: Callback<PreAuthenticationTriggerEvent>) => {
// allows for using callbacks as finish/error-handlers
context.callbackWaitsForEmptyEventLoop = false;
// Earliest exit point, returns event to Cognito if userNotFound to show Cognito's message for this event. (with the "PreventUserExistenceErrors" setting enabled, the error is: 'NotAuthorizedException: Incorrect username or password.' which is desired).
const userNotFound = event.request.userNotFound;
if (userNotFound) {
console.info("User not found, returning event to Cognito handler.");
return callback(null, event);
}
}
answered a year ago
Relevant content
- asked a year ago
- Accepted Answerasked 6 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago