Do you guys have suggestions for using cognito triggers? Thinking about applying some attribute changes for different user types (regular/admin etc).

You can do something like this:

// Create the Lambda function
const authChallengeFn = new sst.Function(this, 'AuthChallengeFn', {
  handler: 'src/authChallenge.main',
});

// Create the User Pool
const userPool = new cognito.UserPool(this, 'MyUserPool', {
  lambdaTriggers: {
    createAuthChallenge: authChallengeFn,
  }
});

Looks like what I wanted, thanks @Frank ! So this would make a cognito.UserPool instead of using sst.Auth then, I'm guessing there would be some additional steps after?

Are you currently using

sst.Auth

to protect ur api?

Yah:

// Create auth provider

const auth = new sst.Auth(this, 'Auth', {

cognito: {

signInAliases: { email: true },

},

});

auth.attachPermissionsForAuthUsers([api]);

Ah so instead of creating a new user pool, use the one created by

sst.Auth

, so something like this:

auth.cognitoUserPool.addTrigger(cognito.UserPoolOperation.CREATE_AUTH_CHALLENGE, authChallengeFn);

Whoa, exactly what I wanted! I suggest adding that to the docs 😄 Thanks a ton!

yeah, good point will do

Hey Frank, in this example where are you getting the reference for

cognito

? (cognito.UserPoolOperation)

oh right.. you need to import

import * as cognito from "@aws-cdk/aws-cognito";

🙏

Hey @Ilia Reingold the

sst.Auth

construct now supports UserPool triggers out of the box in v0.18.0:

new Auth(this, "Auth", {
  cognito: {
    triggers: {
      preAuthentication: "src/preAuthentication.main",
      postAuthentication: "src/postAuthentication.main",
    },
  },
});

More examples here - https://docs.serverless-stack.com/constructs/Auth#configuring-userpool-triggers