Hello, I have created a Migrate user Lambda trigger to automatically sign-up users from a MySQL DB into a Cognito pool once they sign-in.
I am using the hosted UI provided by Cognito and the trigger executes properly, it validates the user credentials and a context.succeed(event);
is emitted back, yet I get an error response every time in the UI Incorrect username or password.
and the user is not properly created in the Cognito pool.
This Lambda function was previously working as expected, I was able to migrate user's successfully but it started to suddenly fail.
Here's how it looks like:
exports.handler = async (event, context, callback) => {
var user;
if (event.triggerSource == "UserMigration_Authentication") {
// authenticate the user with your existing user directory service
user = await authenticateUser(event.userName, event.request.password);
if (user) {
event.response.userAttributes = {
"email": user.email,
"email_verified": "true"
};
event.response.finalUserStatus = "CONFIRMED";
event.response.messageAction = "SUPPRESS";
context.succeed(event);
} else {
// Return error to Amazon Cognito
callback("Invalid password code");
}
} else if (event.triggerSource == "UserMigration_ForgotPassword") {
// Lookup the user in your existing user directory service
user = await lookupUser(event.userName);
if (user) {
event.response.userAttributes = {
"email": user.email,
// required to enable password-reset code to be sent to user
"email_verified": "true"
};
event.response.messageAction = "SUPPRESS";
context.succeed(event);
} else {
// Return error to Amazon Cognito
callback("User not found");
}
} else {
// Return error to Amazon Cognito
callback("Invalid triggerSource " + event.triggerSource);
}
};
And this is an example of the event sent back when a user is successfully authenticated:
{
version: '1',
triggerSource: 'UserMigration_Authentication',
region: 'us-xxx-x',
userPoolId: 'us-xxx-x_xxxXxXX',
userName: 'qa_tests+email@email.com',
callerContext: {
awsSdkVersion: 'aws-sdk-unknown-unknown',
clientId: '79vm3b2pogsddtl9udq5unrg'
},
request: { password: 'Password!', validationData: null, userAttributes: null },
response: {
userAttributes: {
email: 'qa_tests+email@email.com',
email_verified: 'true'
},
forceAliasCreation: null,
enableSMSMFA: null,
finalUserStatus: 'CONFIRMED',
messageAction: 'SUPPRESS',
desiredDeliveryMediums: null
}
}
authenticateUser
is the function fetching the user from MySQL and validating the credentials
lookupUser
is the function fetching a user from MySQL.
I can not figure out what the problem is, specially given the error response Incorrect username or password.
when both, email and password are correct.
This Lambda was properly working before, it just started to fail recently and I can't think of a reason, the only changes that I can recall have been adding and deleting client Apps in the pool.