Created
April 26, 2019 06:27
-
-
Save morgler/651e5dc48bcfae5680181e1b7bb8d04b to your computer and use it in GitHub Desktop.
AWS Cognito user migration lambda function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| const https = require('https'); | |
| const attributes = (response) => { | |
| return { | |
| "email": response.email, | |
| "email_verified": "true", | |
| "name": response.name, | |
| "custom:rails_app_id": response.id | |
| }; | |
| }; | |
| const checkUser = (server, data, callback) => { | |
| let postData = JSON.stringify( data ); | |
| let options = { | |
| hostname: server, | |
| path: "/aws/auth", | |
| method: 'POST', | |
| headers: { | |
| 'Content-Type': 'application/json', | |
| 'Content-Length': postData.length | |
| } | |
| }; | |
| console.log('checkUser', options, data) | |
| let req = https.request(options, (res) => { | |
| console.log("result", res) | |
| let data = ""; | |
| res.on('data', (chunk) => { | |
| data += chunk; | |
| }); | |
| res.on('end', () => { | |
| if ( data ){ | |
| let response = JSON.parse( data ); | |
| //console.log( 'response:', JSON.stringify(response, null, 2) ); | |
| callback( null, response); | |
| } else { | |
| callback( "Authentication error"); | |
| } | |
| }); | |
| }); | |
| req.on('error', (e) => { | |
| callback( e ); | |
| }); | |
| req.write( postData ); | |
| req.end(); | |
| } | |
| exports.handler = (event, context, callback) => { | |
| console.log('Migrating user:', event.userName); | |
| let rails_server_url = process.env.rails_server_url; | |
| checkUser( rails_server_url, { | |
| email: event.userName, | |
| password: event.request && event.request.password, | |
| access_token: process.env.rails_server_access_token | |
| }, (err, response ) => { | |
| if ( err ){ | |
| return context.fail("Connection error", err); | |
| } | |
| if ( event.triggerSource == "UserMigration_Authentication" ) { | |
| // authenticate the user with your existing user directory service | |
| if ( response.success ) { | |
| event.response.userAttributes = attributes( response ) ; | |
| event.response.finalUserStatus = "CONFIRMED"; | |
| event.response.messageAction = "SUPPRESS"; | |
| console.log(event) | |
| console.log('Migrating user:', event.userName); | |
| callback(null, event) | |
| } else if ( response.user_exists ) { | |
| // Return error to Amazon Cognito | |
| callback("Bad password"); | |
| } else { | |
| callback("Bad user"); | |
| } | |
| } else if ( event.triggerSource == "UserMigration_ForgotPassword" ) { | |
| if ( response.user_exists ) { | |
| event.response.userAttributes = attributes( response ) ; | |
| event.response.messageAction = "SUPPRESS"; | |
| console.log('Migrating user with password reset:', event.userName); | |
| callback(null, event); | |
| } else { | |
| callback("Bad user"); | |
| } | |
| } else { | |
| // Return error to Amazon Cognito | |
| callback("Bad triggerSource " + event.triggerSource); | |
| } | |
| }); | |
| }; |
Alright.I do have another silly question, which is how does it know which pool to migrate it to?as I see nothing defined in the code.
Thank in advance, for answering my questions patiently.
You set the lambda function with this code as being triggered in your Cognito user pool: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html . Cognito will call that lambda whenever it needs to migrate a user and then uses the return value of your function to create the user in Cognito.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Theoretically it should work. You would simply substitute the
checkUserfunction with a call to RDS and a check of the credentials you retrieved. But maybe, since RDS is also AWS, there is an even simpler way to migrate – I don't know.