By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Identify which alias was used to sign in on cognito lambda trigger

0

Hi, I created a userpool with email and phone as aliasAttributes. When the user sign in, can i identify which alias or username he uses? And get that information inside Create Auth Challenge lambda trigger? I always get the same event on that triggers with all user information.

UserPool:
    Type: "AWS::Cognito::UserPool"
    Properties:
      UserPoolName: !Ref UserPoolName
      Schema:
        - Name: phone_number
          AttributeDataType: String
          Mutable: true
        - Name: email
          AttributeDataType: String
          Mutable: true
      Policies:
        PasswordPolicy:
          MinimumLength: 6
          RequireLowercase: false
          RequireNumbers: false
          RequireSymbols: false
          RequireUppercase: false
      AliasAttributes:
        - email
        - phone_number
      MfaConfiguration: "OFF"

UserPoolClient:
    Type: "AWS::Cognito::UserPoolClient"
    Properties:
      ClientName: sms-auth-client
      GenerateSecret: false
      UserPoolId: !Ref UserPool
      ExplicitAuthFlows:
        - CUSTOM_AUTH_FLOW_ONLY
Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS CloudFormationAmazon Cognito
Language
English
rafaelgdn
asked a year ago289 views
1 Answer
0

You won't have this information natively.

But you can pass this information as Client Metadata as part of the the AdminRespondToAuthChallenge and RespondToAuthChallenge API actions to support your logic behavior.

See https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-create-auth-challenge.html

clientMetadata

    One or more key-value pairs that you can provide as custom input to the Lambda function that you specify for the create auth challenge trigger. You can use the ClientMetadata parameter in the AdminRespondToAuthChallenge and RespondToAuthChallenge API actions to pass this data to your Lambda function. The request that invokes the create auth challenge function does not include data passed in the ClientMetadata parameter in AdminInitiateAuth and InitiateAuth API operations.
AWS
Jeff Lombardo-AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content