- 最新
- 最多得票
- 最多評論
I believe what you are trying to do is trigger the lambda function before the user is authenticated, which requires a pre-authentication trigger. In your Lambda function, you can update the user attributes before the token is generated. Use the event.request.userAttributes parameter to access the user attributes. Update the cognito:groups attribute with the desired role value. I’ve included a link that describes the pre-authentication triggers, as well as the documentation for user-identity-pool integration with lambda triggers.
Pre Authenitcation https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-authentication.html Lambda Triggers & Identity Pools https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
Hope this helps!
相關內容
AWS 官方已更新 2 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
Thanks for your answer, Aafant!
A couple of things: I'm using
amazon-cognito-identity-jslib to handle the cognito stuff in my NestJS app. There is a method calledupdateAttributesthat can only be invoked by an authenticated user, so I first authenticate the user, then I call theupdateAttributesand authenticate the user again (this is very confusing, but was the only way I found to update the userAttributes). Also, the Lambda is triggered automatically by theauthenticateUser. I'm logging theevent.request.userAttributesand I'm able to see the attribute I want to set. Everything seems to be okay, but the token is not getting the custom claims. By the way, I followed this tutorial from AWS: https://aws.amazon.com/blogs/mobile/how-to-use-cognito-pre-token-generators-to-customize-claims-in-id-tokens/