pass custom event to a cognito lambda trigger : Post authentication Lambda trigger

0

Hi team,

I have a lambda function#1 that creates a user inside a Cognito user pool using adminCreateUser API call,

after that, I call (in the same lambda function #1) adminInitiateAuth to have the 'NEW_PASSWORD_REQUIRED' challenge.

then Cognito will call my second lambda function#2: Post authentication Lambda trigger.

I would like to pass to the Post authentication Lambda trigger (lambda function#2) the initAuthResponse result from the adminInitiateAuth call (made in my first lambda function#1).

so I can have the Cognito session (initAuthResponse.session) in lambda function#2 and store it in Redis cache

  • I'm wondering if that's feasible to pass an event to a Post authentication Lambda trigger or only Cognito can do that (pass a custom event to a Post authentication Lambda trigger in Cognito)?

  • does the session (initAuthResponse.session) result from the adminInitiateAuth have an expiry time? or never expire, don't find documentation about the expiration date of the session (adminInitiateAuthResult.session)

1 Answer
0

Hello,

Greetings from AWS !

I understand that you would like to pass to the Post authentication Lambda trigger (lambda function#2) the admininitAuthResponse result from the adminInitiateAuth call (made in my first lambda function#1).Please feel free to correct me in case I have misunderstood your concern.

Please find the answers below :

1)I'm wondering if that's feasible to pass an event to a Post authentication Lambda trigger or only Cognito can do that (pass a custom event to a Post authentication Lambda trigger in Cognito)?

Answer: As per the link[1], Please be informed that The ClientMetadata value is passed as input to the functions for only the following triggers:

a)Pre signup

b)Pre authentication

c)User migration

So, I would like to confirm that it is not feasible to pass an event to a Post authentication Lambda trigger.

2)Does the session (initAuthResponse.session) result from the adminInitiateAuth have an expiry time? or never expire, don't find documentation about the expiration date of the session (adminInitiateAuthResult.session)

Answer: Yes, It has expiry time. By default, your users must complete each challenge within 3 minutes. If you want to provide your users with more time, up to 15 minutes per API request, you can adjust this value. please refer to the link[2] for configuring Authentication flow session duration.

I believe the information is helpful to you. In case you have any further queries/concerns then please let us know. We will be more than happy to assist you further.

Wish you an Awesome day ahead and stay safe !

--References--

[1] https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html#API_AdminInitiateAuth_RequestParameters

[2] https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions