lambda-pre-token-generation-accesstoken v2. #13638
Comments
nadetastic
added
auth
|
HI @biller-aivy thank you for opening this issue. If you would like to be able to add a claim to you access token through the PreToken Generation lambda, this is something you are able to do yourself. Here are the steps:
With this configured you will be able to get the V2 event in your PreToken Generation lambda. |
nadetastic
added
pending-response
|
So, when I do it in this way, I have to do it for all env by myself. Any plans for the cli? I want a custom claim for my lambda code. But the lambda receives only the access token instead of id token. So the custom claim is not included at the moment. I saw that I can use also the id token for lambda calls. Any security issues than? |
github-actions
bot
removed
the
pending-response
|
@biller-aivy IM going to transfer this over to the CLI repo to better address the question of introducing this natively into CLI. |
nadetastic
added
the
transferred
josefaidt
added
pending-triage
|
@josefaidt could we get a status update on this ticket? We're hoping to be able to programmatically specify I found this other issue that described breaking apart the Auth stack and manually working through resolving circular dependencies: The way I see reach resolution:
|
|
@matt-at-allera @biller-aivy I spent a few hours to get a solution to handle this issue. Hope it helps if you're facing it :
import type { Handler } from "aws-lambda";
export const handler: Handler = async (event) => {
event.response = {
claimsAndScopeOverrideDetails: {
accessTokenGeneration: {
claimsToAddOrOverride: {
yourCustomClaim: "claimContent",
}
}
}
};
return event;
};
import { defineFunction } from '@aws-amplify/backend';
export const preTokenGeneration = defineFunction({
name: 'pre-token-generation',
resourceGroupName: 'auth'
});
import { defineAuth } from '@aws-amplify/backend';
import { preTokenGeneration } from '../functions/pre-token-generation/resource';
/**
* Define and configure your auth resource
* @see https://docs.amplify.aws/gen2/build-a-backend/auth
*/
export const auth = defineAuth({
loginWith: {
email: true,
},
triggers: {
preTokenGeneration,
}
});
import { defineBackend } from '@aws-amplify/backend';
import { auth } from './auth/resource';
import { data } from './data/resource';
import { preTokenGeneration } from './functions/pre-token-generation/resource';
const backend = defineBackend({
auth,
data,
preTokenGeneration
});
const { cfnUserPool } = backend.auth.resources.cfnResources;
const { cfnFunction } = backend.preTokenGeneration.resources.cfnResources;
const preTokenGenArn = cfnFunction.attrArn;
cfnUserPool.addPropertyOverride('LambdaConfig.PreTokenGeneration', preTokenGenArn);
cfnUserPool.addPropertyOverride('LambdaConfig.PreTokenGenerationConfig', {
LambdaArn: preTokenGenArn,
LambdaVersion: 'V2_0',
}); |
Thanks for posting @samuel-fringeli. This is great for Amplify Gen 2, what about a Gen 1 solution? |
Is this related to a new or existing framework?
React
Is this related to a new or existing API?
Authentication
Is this related to another service?
Cognito Trigger
Describe the feature you'd like to request
I want to add a claim to access token instead of id token to get this claim on a lambda app sync call.
There is an updated API to do that:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html#user-pool-lambda-pre-token-generation-accesstoken
Describe the solution you'd like
add the v2 API to get access to access token.
Describe alternatives you've considered
--
Additional context
No response
Is this something that you'd be interested in working on?
The text was updated successfully, but these errors were encountered: