When creating Auth objects should the cognito triggers for c Serverless Stack #help

When creating Auth objects, should the cognito.tri...

Tim V

12/10/2021, 7:52 PM

When creating Auth objects, should the cognito.triggers for createAuthChallenge, defineAuthChallenge, and verifyAuthChallengeResponse work with Live Lambda Debugging? I'm not seeing any console output... but I do for preAuthentication, postAuthentication and preTokenGeneration.

Frank

12/11/2021, 10:16 AM

Hey @Tim V, they all should work. Can I see how you are defining the triggers?

Tim V

12/13/2021, 3:42 PM

I had the functions down to just a console.log in the handler. To attach them, I was doing

Copy code

new Auth(this, "auth", { cognito: { triggers: createAuthChallenge: "path/to/code.handler" } } );

Let me know if that's less than helpful.

Tim V

12/13/2021, 4:37 PM

I've reverted the code back a bit to provide the actual setup that I'm using...

Copy code

const auth = new Auth(this, "auth", {
      cognito: {
        userPool: {
          selfSignUpEnabled: false,
          signInAliases: { email: true },
          customAttributes: {
            PasswordUpdated: new DateTimeAttribute({ mutable: true }),
          },
        },
        triggers: {
          createAuthChallenge: "stack/cognito/testing.handler",
          customMessage: "stack/cognito/testing.handler",
          defineAuthChallenge: "stack/cognito/testing.handler",
          postAuthentication: "stack/cognito/testing.handler",
          postConfirmation: "stack/cognito/testing.handler",
          preAuthentication: "stack/cognito/testing.handler",
          preSignUp: "stack/cognito/testing.handler",
          preTokenGeneration: "stack/cognito/testing.handler",
          userMigration: "stack/cognito/testing.handler",
          verifyAuthChallengeResponse: "stack/cognito/testing.handler",
        },
      },
    });

Tim V

12/13/2021, 4:38 PM

And here's the testing function...

Copy code

export const handler = async (event) => {
    console.log(JSON.stringify(event, null, 2));
    return event;
};

Tim V

12/13/2021, 4:40 PM

So, to re-iterate, I'm am seeing preAuthentication, postAuthentication, and preTokenGeneration... but not createAuthChallenge, defineAuthChallenge, or verifyAuthChallengeResponse. 🙂

Frank

12/13/2021, 7:46 PM

Hey @Tim V, thanks for the details!

Frank

12/13/2021, 7:48 PM

@manitej could you take a look at this and see if you can produce it on ur end?

Tim V

12/13/2021, 7:53 PM

Thank you.

Frank

12/13/2021, 8:05 PM

Btw, it seems the ones that are not working are all

AuthChallenge

related. Can I see how you are triggering the auth challenge?

manitej

12/14/2021, 2:05 AM

Hey @Tim V to trigger

AuthChallenge

you need to pass in extra code. A small example code might look like this

Copy code

exports.handler = (event, context, callback) => {
    if (event.request.session.length == 1 && event.request.session[0].challengeName == 'SRP_A') {
        event.response.issueTokens = false;
        event.response.failAuthentication = false;
        event.response.challengeName = 'PASSWORD_VERIFIER';
    } else if (event.request.session.length == 2 && event.request.session[1].challengeName == 'PASSWORD_VERIFIER' && event.request.session[1].challengeResult == true) {
        event.response.issueTokens = false;
        event.response.failAuthentication = false;
        event.response.challengeName = 'CUSTOM_CHALLENGE';
    } else if (event.request.session.length == 3 && event.request.session[2].challengeName == 'CUSTOM_CHALLENGE' && event.request.session[2].challengeResult == true) {
        event.response.issueTokens = true;
        event.response.failAuthentication = false;
    } else {
        event.response.issueTokens = false;
        event.response.failAuthentication = true;
    }

    // Return to Amazon Cognito
    callback(null, event);
}

Tim V

12/14/2021, 2:50 AM

Forgive me if I'm misunderstanding the AuthChallenge flow, but I was expecting defineAuthChallenge to trigger every time... regardless of any other input event or returned event response parameters.

Tim V

12/14/2021, 2:51 AM

P.S. Thank you for looking into this @manitej.

manitej

12/14/2021, 2:52 AM

Yeah it'll trigger but as you're just logging stuff inside the trigger, it's not passing to next steps.

manitej

12/14/2021, 2:52 AM

Try with the code I sent above, and let me know!

Tim V

12/14/2021, 3:15 PM

Thanks @manitej. I'm not seeing the console.log for the defineAuthChallenge in the Live Lambda Debugger, which leads me to believe that it's not working as expected.

Frank

12/18/2021, 7:59 AM

Following up on this.. @Tim V did you managed to get the AuthChallenge triggers to work?

Tim V

01/03/2022, 3:14 PM

Heya @Frank! Unfortunately, I did not. In addition, I wasn't sure whether attributes triggers would fire when a user updates their password, so I just moved on to wrapping Cognito in API Gateway.

Open in Slack

Previous Next