Skip to content

Commit

Permalink
Cognito PreTokenGen Event (#95)
Browse files Browse the repository at this point in the history 
* Adds support for pretokengen event.

* link to the cognito events README files.

* Iam -> IAM

* Updated sample data with dummy values

copied from

* fix json synx error
  • Loading branch information
@parsnips @bmoffatt
parsnips authored and bmoffatt committed Dec 4, 2018
1 parent 4e03420 commit 9e3676e
Show file tree
Hide file tree
Showing 5 changed files with 127 additions and 0 deletions.
6 changes: 6 additions & 0 deletions events/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@ This package provides input types for Lambda functions that process AWS events.

[Cognito Events](README_Cognito.md)

[Cognito PostConfirmation](README_Cognito_UserPools_PostConfirmation.md)

[Cognito PreSignup](README_Cognito_UserPools_PreSignup.md)

[Cognito PreTokenGen](README_Cognito_UserPools_PreTokenGen.md)

[Config Events](README_Config.md)

[DynamoDB Events](README_DynamoDB.md)
Expand Down
26 changes: 26 additions & 0 deletions events/README_Cognito_UserPools_PreTokenGen.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Sample Function

The following is a sample Lambda function that receives Amazon Cognito User Pools pre-token-gen event as an input and writes some of the record data to CloudWatch Logs. (Note that by default anything written to Console will be logged as CloudWatch Logs events.)

Please see instructions for setting up the Cognito triggers at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html .

```go
package main

import (
"fmt"

"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-lambda-go/events"
)

func handler(event events.CognitoEventUserPoolsPreTokenGen) (events.CognitoEventUserPoolsPreTokenGen, error) {
fmt.Printf("PreTokenGen of user: %s\n", event.UserName)
event.Response.ClaimOverrideDetails.ClaimsToSupress = []string{"family_name"}
return event, nil
}

func main() {
lambda.Start(handler)
}
```
33 changes: 33 additions & 0 deletions events/cognito.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,14 @@ type CognitoEventUserPoolsPostConfirmation struct {
Response CognitoEventUserPoolsPostConfirmationResponse `json:"response"`
}

// CognitoEventUserPoolsPreTokenGen is sent by AWS Cognito User Pools when a user attempts to retrieve
// credentials, allowing a Lambda to perform insert, supress or override claims
type CognitoEventUserPoolsPreTokenGen struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsPreTokenGenRequest `json:"request"`
Response CognitoEventUserPoolsPreTokenGenResponse `json:"response"`
}

// CognitoEventUserPoolsCallerContext contains information about the caller
type CognitoEventUserPoolsCallerContext struct {
AWSSDKVersion string `json:"awsSdkVersion"`
Expand Down Expand Up @@ -73,3 +81,28 @@ type CognitoEventUserPoolsPostConfirmationRequest struct {
// CognitoEventUserPoolsPostConfirmationResponse contains the response portion of a PostConfirmation event
type CognitoEventUserPoolsPostConfirmationResponse struct {
}

// CognitoEventUserPoolsPreTokenGenRequest contains request portion of PreTokenGen event
type CognitoEventUserPoolsPreTokenGenRequest struct {
UserAttributes map[string]string `json:"userAttributes"`
GroupConfiguration GroupConfiguration `json:"groupConfiguration"`
}

// CognitoEventUserPoolsPreTokenGenResponse containst the response portion of a PreTokenGen event
type CognitoEventUserPoolsPreTokenGenResponse struct {
ClaimsOverrideDetails ClaimsOverrideDetails `json:"claimsOverrideDetails"`
}

// ClaimsOverrideDetails allows lambda to add, supress or override claims in the token
type ClaimsOverrideDetails struct {
GroupOverrideDetails GroupConfiguration `json:"groupOverrideDetails"`
ClaimsToAddOrOverride map[string]string `json:"claimsToAddOrOverride"`
ClaimsToSuppress []string `json:"claimsToSuppress"`
}

// GroupConfiguration allows lambda to override groups, roles and set a perferred role
type GroupConfiguration struct {
GroupsToOverride []string `json:"groupsToOverride"`
IAMRolesToOverride []string `json:"iamRolesToOverride"`
PreferredRole *string `json:"preferredRole"`
}
26 changes: 26 additions & 0 deletions events/cognito_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,3 +85,29 @@ func TestCognitoEventUserPoolsPostConfirmationMarshaling(t *testing.T) {

test.AssertJsonsEqual(t, inputJSON, outputJSON)
}

func TestCognitoEventUserPoolsPreTokenGenMarshalingMalformedJson(t *testing.T) {
test.TestMalformedJson(t, CognitoEventUserPoolsPreTokenGen{})
}

func TestCognitoEventUserPoolsPreTokenGenMarshaling(t *testing.T) {
// read json from file
inputJSON, err := ioutil.ReadFile("./testdata/cognito-event-userpools-pretokengen.json")
if err != nil {
t.Errorf("could not open test file. details: %v", err)
}

// de-serialize into CognitoEvent
var inputEvent CognitoEventUserPoolsPreTokenGen
if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
t.Errorf("could not unmarshal event. details: %v", err)
}

// serialize to json
outputJSON, err := json.Marshal(inputEvent)
if err != nil {
t.Errorf("could not marshal event. details: %v", err)
}

test.AssertJsonsEqual(t, inputJSON, outputJSON)
}
36 changes: 36 additions & 0 deletions events/testdata/cognito-event-userpools-pretokengen.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"version": "1",
"triggerSource": "PreTokenGen",
"region": "region",
"userPoolId": "userPoolId",
"userName": "userName",
"callerContext": {
"awsSdkVersion": "calling aws sdk with version",
"clientId": "apps client id"
},
"request": {
"userAttributes": {
"email": "email",
"phone_number": "phone_number"
},
"groupConfiguration": {
"groupsToOverride": ["group-A", "group-B", "group-C"],
"iamRolesToOverride": ["arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", "arn:aws:iam::XXXXXXXXX:role/sns_callerB", "arn:aws:iam::XXXXXXXXXX:role/sns_callerC"],
"preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller"
}
},
"response": {
"claimsOverrideDetails": {
"claimsToAddOrOverride": {
"attribute_key2": "attribute_value2",
"attribute_key": "attribute_value"
},
"claimsToSuppress": ["email"],
"groupOverrideDetails": {
"groupsToOverride": ["group-A", "group-B", "group-C"],
"iamRolesToOverride": ["arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", "arn:aws:iam::XXXXXXXXX:role/sns_callerB", "arn:aws:iam::XXXXXXXXXX:role/sns_callerC"],
"preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller"
}
}
}
}

0 comments on commit 9e3676e

Please sign in to comment.