是否可以在Lambda触发器中修改AWS Cognito用户属性

问题描述 投票:17回答:4

看一下AWS文档,

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html#cognito-user-pools-lambda-trigger-syntax-pre-signup

您在预注册 Lambda函数中可以使用以下参数:

"request": {
  "userAttributes": {
    "string": "string",
    ....
},
"validationData": {<validation data as key-value (String, String) pairs, from the client>}

是否可以修改或添加事件对象的其他userAttributes

例如:

// Modify an existing username...
event.request.userAttributes.name.ucfirst();

// Add an additional attribute...
event.request.userAttributes.nickname = "ANY_NAME";


callback(null, event);
triggers aws-lambda amazon-cognito
4个回答
8
投票

是的,绝对有办法!您需要在Lambda处理程序中使用AWS javascript SDK:

const AWS = require('aws-sdk');
AWS.config.update({region: 'ap-southeast-1'});

const cognitoidentityserviceprovider =
  new AWS.CognitoIdentityServiceProvider({
    apiVersion: '2016-04-18'
  });
cognitoidentityserviceprovider.adminUpdateUserAttributes(
  {
    UserAttributes: [
      {
        Name: 'YOUR_USER_ATTRIBUTE_NAME',
        Value: 'YOUR_USER_ATTRIBUTE_VALUE'
      }
    ],
    UserPoolId: event.userPoolId,
    Username: event.userName
  },
  function(err, data) {
    ...
  }
);

请确保为Lambda函数提供正确的策略(即允许执行“ cognito-idp:AdminUpdateUserAttributes”操作,并且用户池已定义了属性。

4
投票

注册期间无法更改/增强属性,但是在登录期间,您可以使用pre-token generation trigger进行更改/增强属性。

1
投票

对于正在研究此问题的其他人,这是下面的示例

下面的lambda函数#1包含两个自定义属性idaethaddress。 lambda在Cognito用户池的PreSignUpHook中被调用

#2(事件更改日志之前),这些属性的原始值为ida=1ethaddress=ABCD

#3(事件更改后的日志)反映了这些属性的更改值:ida=2ethaddress=EFGH

但是保存到认知模式的值是原始值:ida=1ethaddress=ABCD。因此,按照某些答案中的建议,在presignuphook期间更新userAttributes无效。

附带说明,修改响应对象中的预定义属性后,它们会按预期更新:

"response": {
    "autoConfirmUser": true,
    "autoVerifyEmail": false,
    "autoVerifyPhone": false
}
1. LAMBDA:
'use strict';
global.fetch = require('node-fetch')

module.exports.preSignUp = async (event, context, callback) => {
// Set the user pool autoConfirmUser flag after validating the email domain

let data = await fetch("http://***.***.***/api/members/create",
{
    headers: {
      'Accept': 'application/json',
      'Content-Type': 'application/json'
    },
    method: "POST",
})
.then(res => res.json())
.then(res => res);

event.response.autoConfirmUser = true;
console.log('before event:', JSON.stringify(event)); 
event.request.userAttributes['custom:ethaddress'] = String(data.address); 
event.request.userAttributes['custom:ida'] = "2";  
console.log('Received event:', JSON.stringify(event));  
console.log('Address:', data.address);


 // Return to Amazon Cognito
callback(null, event);
 };
2。

事件更改日志前:

2019-01-20T01:02:24.639Z    edce636e-75ea-492b-b6a0-dd4f22dc9038    before event:
{
    "version": "1",
    "region": "us-east-1",
    "userPoolId": "us-east-1-*****",
    "userName": "*******@gmail.com",
    "callerContext": {
        "awsSdkVersion": "aws-sdk-unknown-unknown",
        "clientId": "******************"
    },
    "triggerSource": "PreSignUp_SignUp",
    "request": {
        "userAttributes": {
            "custom:ida": "1",
            "custom:ethaddress": "ABCD",
            "email": "*******@gmail.com"
        },
        "validationData": {}
    },
    "response": {
        "autoConfirmUser": true,
        "autoVerifyEmail": false,
        "autoVerifyPhone": false
    }
}
3。

事后更改日志:

Received event:
{
    "version": "1",
    "region": "us-east-1",
    "userPoolId": "us-east-1_0BaE6eaTY",
    "userName": "*******@gmail.com",
    "callerContext": {
        "awsSdkVersion": "aws-sdk-unknown-unknown",
        "clientId": "*****************"
    },
    "triggerSource": "PreSignUp_SignUp",
    "request": {
        "userAttributes": {
            "custom:ida": "2",
            "custom:ethaddress": "EFGH",
            "email": "*******@gmail.com"
        },
        "validationData": {}
    },
    "response": {
        "autoConfirmUser": true,
        "autoVerifyEmail": false,
        "autoVerifyPhone": false
    }
}

UPDATE:

似乎没有办法在PRESIGNUP过程中进行此操作但是,可以在下面提供的cognito示例中将此操作作为POSTCONFIRMATION触发器。

有些事情要提防。

  1. 自定义属性已添加到cognito中并且是可变的。
  2. 在App客户端中->显示详细信息->“设置属性读写权限”确保自定义属性的读写权限位于下面。
  3. 确保lambda函数具有一个允许执行的角色:adminUpdateUserAttributes例如。将AmazonCognitoPowerUser策略附加到LambaRole。
module.exports.postConfirmation = async (event, context,callback) => {
        const cognitoIdServiceProvider = new CognitoIdentityServiceProvider({
          region: 'us-east-1'
        });

        var params =  {
            UserAttributes: [
              {
                  Name: 'custom:sillyName',
                  Value: 'customSillyName'
              }
            ],
            UserPoolId: event.userPoolId,
            Username: event.userName
        }

        cognitoIdServiceProvider.adminUpdateUserAttributes(params, function(err, data) {
          if (err) console.log(err, err.stack); // an error occurred
          else     console.log(data);           // successful response
        }); 

        callback(null,event);

};

请注意,如果您尝试在preSignUp触发器挂钩中使用用户cognitoIdServiceProvider.adminUpdateUserAttributes,您将得到一个异常,表明用户尚未退出

-3
投票

嗯,简单的解决方案就是这样,将此添加到“ Pre Sign-up Lambda函数”中,从您的代码中得到提示:

// Modify an existing username...
 event['request']['userAttributes']['name'] = "My_NAME";

// Add an additional attribute...
 event['request']['userAttributes']['custom:sillyname'] = "ANY_NAME";

 callback(null, event);

考虑您已经为用户池添加了custom:sillyname属性。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.