Questions tagged with Amazon CloudWatch

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Cognito does not call CreateAuthChallenge trigger

I'd like to configure custom authentication flow with AWS Cognito so I used [this](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#Custom-authentication-flow-and-challenges) and [this](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-custom-authentication-flow) instructions to do this. Previously, I configured password authentication with a possibility to specify a user email or phone number as a username with sending confirmation codes via custom sender triggers and it worked fine. But then after adding custom authentication triggers I realized, that there is no `CreateAuthChallenge` call - only `DefineAuthChallenge`. So what I have now: 1. I call `InitiateAuth` with the following body: ``` { "AuthFlow": "CUSTOM_AUTH", "ClientId": "{{client_id}}", "AuthParameters": { "USERNAME": "{{username}}", "SECRET_HASH": "{{secret_hash}}" } } ``` 2. The response of this call is: ``` { "ChallengeName": "MY_AUTH", "ChallengeParameters": { "USERNAME": "59edb46e-...-8f74a7084057" }, "Session": "AYABeC...jA_TyA" } ``` 3. At the same time in the logs I see only one lambda call with the following event as an argument: ``` { "version": "1", "region": "me-south-1", "userPoolId": "me-south-1_...", "userName": "59edb46e-...-8f74a7084057", "callerContext": { "awsSdkVersion": "aws-sdk-unknown-unknown", "clientId": "44v...bp" }, "triggerSource": "DefineAuthChallenge_Authentication", "request": { "userAttributes": { "sub": "59edb46e-...-8f74a7084057", "cognito:email_alias": "devops@example.com", "cognito:user_status": "CONFIRMED", "email_verified": "true", "email": "devops@example.com" }, "session": [], "userNotFound": false }, "response": { "challengeName": null, "issueTokens": null, "failAuthentication": null } } ``` According to the [docs](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-create-auth-challenge.html) right after this event I should see the event for `CreateAuthChallenge` trigger but I see nothing. The trigger that is called for those events has the following code: ``` import json import requests def handler(event, context): print('### EVENT ###') print(json.dumps(event)) source = event.get("triggerSource", "unknown") sessions = event.get("request", {}).get("session", []) if source == "DefineAuthChallenge_Authentication": event["response"]["issueTokens"] = False event["response"]["failAuthentication"] = True if len(sessions) == 0: event["response"]["issueTokens"] = False event["response"]["challengeName"] = "MY_AUTH" event["response"]["failAuthentication"] = False print(json.dumps(event)) return event if len(sessions) == 1 and sessions[0].get("challengeName", "") == "CUSTOM_CHALLENGE" and sessions[0].get("challengeResult", False) and sessions[0].get("challengeMetadata", "") == "MY_AUTH": event["response"]["issueTokens"] = True event["response"]["failAuthentication"] = False print(json.dumps(event)) return event print("unexpected sessions sequence: ", sessions) return event if source == "VerifyAuthChallengeResponse_Authentication": event["response"]["answerCorrect"] = False return event print("unexpected triggerSource: ", source) return event ``` Please advise what I can do to make Cognito calling `CreateAuthChallenge` trigger to pass public and private data according to the docs. Thanks!
1
answers
0
votes
17
views
asked a month ago