AWS Lambda Cognito access

Question

There is any way to get the cognito user object in the lambda function? My client already sent the identity and I have context.identity.cognitoIdentityId, but I did not find any way to "convert" this to a valid user object.

For example, if I want to know the authenticated user username, email address or another cognito attribute, what's the right way to get it?

And this identityId is unique identifier of the user? I mean if the user registered with their fb account and after that connect their twitter account the identity id still remain? Or got new? If it's got new how can I "connect" the old id to the new?

Thanks

b0c1

Answer 1

The original username/email does not cross the federation boundary so if you exchange a Cognito User Pools Id token for AWS Credentials via Cognito Federated Identity, all of the claims in the Id token are lost.

If you front Lambda with API Gateway, you can use the Cognito User Pools Id token directly with the Cognito Authorizer option to authenticate the request and all of the claims from the id token will be passed in with context. Details here.

Unfortunately, it sounds like you are trying to link multiple providers to the same identity, which you cannot do unless you use Federated Identity. But to answer your question about how do you link two identity provider accounts together in Federated Identity, if you pass both tokens at the same time in the logins map, it will link the two identities.

"graph.facebook.com":"facebookToken"
"accounts.google.com":"googleToken"

If you have never linked either account before, you will get a new id, if you have linked either before, the identities will merge and you will get one or the other.