aws_cognito: lambd trigger version #28683
Comments
tcvall86
added
feature-request
pahud
added
p2
effort/medium
|
Thank you for the feature request. We welcome any pull requests for this from the community. |
|
Hey! I have the same needs here with the Python AWS CDK. Hope this is updated! ;) |
Just throwing in something here. If you are blocked and just want to go forward with new you could try to create the cfn resource first (typescript example below) const cfnUserPool = new cognito.CfnUserPool(this, 'CfnUserPool', {
userPoolName: `userPoolName`,
userPoolAddOns: {
advancedSecurityMode: cognito.AdvancedSecurityMode.AUDIT
},
lambdaConfig: {
preTokenGenerationConfig: {
lambdaArn: `yourlambdarn`,
lambdaVersion: 'V2_0'
}
}
// ....
// if you need to add other things like clients etc you can export / import it into the stack
const userPool = cognito.UserPool.fromUserPoolId(this, 'UserPool', cfnUserPool.ref)It will require recreation of the userPool though if it is an existing one and is not the nicest, but if it is a new thing it may be worth it |
Thank you! I will take a look! |
…igger() (#28899) I have added a `lambdaVersion` to the `UserPool.addTrigger()`. This is in response to the [support for V2.0 trigger event in preTokenGeneration](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html). ```ts declare const userpool: cognito.UserPool; declare const preTokenGenerationFn: lambda.Function; userpool.addTrigger(cognito.UserPoolOperation.PRE_TOKEN_GENERATION_CONFIG, preTokenGenerationFn, LambdaVersion.V2_0); ``` In #28683, apart from the current implementation approach, there was also a proposal to add `lambdaVersion` to `UserPoolProps.lambdaTrigger`. However, it was not adopted as it would result in a breaking change. Closes #28683 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…igger() (#28899) I have added a `lambdaVersion` to the `UserPool.addTrigger()`. This is in response to the [support for V2.0 trigger event in preTokenGeneration](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html). ```ts declare const userpool: cognito.UserPool; declare const preTokenGenerationFn: lambda.Function; userpool.addTrigger(cognito.UserPoolOperation.PRE_TOKEN_GENERATION_CONFIG, preTokenGenerationFn, LambdaVersion.V2_0); ``` In #28683, apart from the current implementation approach, there was also a proposal to add `lambdaVersion` to `UserPoolProps.lambdaTrigger`. However, it was not adopted as it would result in a breaking change. Closes #28683 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…igger() (#28899) I have added a `lambdaVersion` to the `UserPool.addTrigger()`. This is in response to the [support for V2.0 trigger event in preTokenGeneration](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html). ```ts declare const userpool: cognito.UserPool; declare const preTokenGenerationFn: lambda.Function; userpool.addTrigger(cognito.UserPoolOperation.PRE_TOKEN_GENERATION_CONFIG, preTokenGenerationFn, LambdaVersion.V2_0); ``` In #28683, apart from the current implementation approach, there was also a proposal to add `lambdaVersion` to `UserPoolProps.lambdaTrigger`. However, it was not adopted as it would result in a breaking change. Closes #28683 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Describe the feature
Now that cognito officially supports modification of access tokens by using lambda version 2 it would be great if the addTrigger functionality could support this. If this is already supported but undocumented maybe just an update to the docs are needed
https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-cognito-user-pools-customize-access-tokens/
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
From the second link:
To support access token customization in a pre token generation Lambda trigger
Generate a CreateUserPool or UpdateUserPool API request. You must specify a value for all parameters that you don't want set to a default value. For more information, see Updating user pool configuration.
Include the following content in the LambdaVersion parameter of your request. A LambdaVersion value of V2_0 causes your user pool to add parameters for access token customization. To invoke a specific function version, use a Lambda function ARN with a function version as the value of LambdaArn.
this is also supported in cloudformation
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-pretokengenerationconfig.html
Use Case
Instead of writing custom code to update this or call the cfn resource and add logic for the updates it would make a lot of sense if this was supported natively with cdk addTrigger function
Proposed Solution
Update add trigger to support input of version string like
It should default to V1_0 if not set and it should only be evaluated if the operation ins PRE_TOKEN_GENERATION
An alternate approach would be to do this on the userpool trigger config in the userpool
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolTriggers.html
ie change the
preTokenGeneration? from iFunction to be a construct with iFunction and version string
This seem somewhat prepared because you can set the value to preTokenGenerationConfig but it only expects a IFunction
Other Information
No response
Acknowledgements
CDK version used
2.119.0
Environment details (OS name and version, etc.)
macOS 14.2.1 (23C71)
The text was updated successfully, but these errors were encountered: