Pre Token Generation trigger: This Lambda trigger allows you to customize an identity token before it is generated: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
I am looking for a way to configure this trigger via SAM. Something like:
ApiJWTAddCustomClaimFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ${AWS::StackName}-ApiJWTAddCustomClaimFunction
Description: Modify JWT before token generation
Handler: main
Environment:
Variables:
AUTH_API_URL: !Ref AuthApiUrl
AUTH_SDK_KEYS: !Ref AuthSdkKeys
Policies:
- AWSXrayWriteOnlyAccess
- Statement:
- Sid: Cognito
Effect: Allow
Action:
- cognito-idp:*
Resource: '*'
Events:
???
I found another thread on the same question, but this time via CloudFormation. It says support for this feature is on the roadmap.
PS I am a complete newbie on AWS and cloud computing in general. I apologize if my assumptions make no sense whatsoever.
CodePudding user response:
The documentation says these events are exists. https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-cognito.html#sam-function-cognito-trigger
From this I would try something like:
ApiJWTAddCustomClaimFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ${AWS::StackName}-ApiJWTAddCustomClaimFunction
Description: Modify JWT before token generation
Handler: main
Environment:
Variables:
AUTH_API_URL: !Ref AuthApiUrl
AUTH_SDK_KEYS: !Ref AuthSdkKeys
Policies:
- AWSXrayWriteOnlyAccess
- Statement:
- Sid: Cognito
Effect: Allow
Action:
- cognito-idp:*
Resource: '*'
Events:
CognitoUserPoolPreTokenGeneration:
Type: Cognito
Properties:
UserPool:
Ref: <<<MyCognitoUserPool>>>
Trigger: PreTokenGeneration