Home > OS >  How to decrypt the verification code from cognito?
How to decrypt the verification code from cognito?

Time:07-06

I got the code like this in request codeParameter:"{####}" and I want to store it in database decrypted.

const { plaintext, messageHeader } = await decrypt(
      keyring,
      b64.toByteArray(codeParameter),
    );
    console.log(plaintext, messageHeader);

That's the request

{
  version: '1',
  region: 'eu-west-1',
  userPoolId: 'xxxxxxx',
  userName: 'xxxxxxxx',
  callerContext: {
    awsSdkVersion: 'aws-sdk-unknown-unknown',
    clientId: 'xxxxxxxx'
  },
  triggerSource: 'CustomMessage_SignUp',
  request: {
    userAttributes: {
      sub: 'xxxxxxx',
      'cognito:email_alias': 'xxxxxxx',
      email_verified: 'false',
      'cognito:user_status': 'UNCONFIRMED',
      email: 'xxxxxxx'
    },
    codeParameter: '{####}',
    linkParameter: '{##Click Here##}',
    usernameParameter: null
  },
  response: { smsMessage: null, emailMessage: null, emailSubject: null }
}

From what can I see it's named code on AWS DOC and not codeParameter..

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-email-sender.html

CodePudding user response:

The lambda trigger referred in the provided AWS Documentation Custom email sender Lambda trigger is not the same as the lambda you are implementing, which is the Custom message Lambda trigger.

The Custom message Lambda trigger allows you to have some logic to customize the email or sms messages sent by Cognito. In this lambda trigger you have access to event.request.codeParameter which contains only a placeholder #### that Cognito will replace with the actual code value once it sends the message.

The Custom email sender Lambda trigger allows to use a third-party provider to send the email messages, and as such, you have access to the actual code at event.request.code (in an encrypted format, to be decrypted with the provided snippet) to construct the full message and send it by your means.

Also keep in mind that, from documentation:

Currently, you can't assign a custom email sender trigger in the Amazon Cognito console. You can assign a trigger with the LambdaConfig parameter in a CreateUserPool or UpdateUserPool API request.

  • Related