Reputation: 323
AWS Cognito - custom challenge not triggered
I'm defining a custom challenge on user authentication. I created a few lambdas:
tutoring-define-auth-challenge
"use strict";
exports.handler = (event, context, callback) => {
// throw new Error("tutoring-define-auth-challenge");
if (event.request.session.length == 1 && event.request.session[0].challengeName == 'SRP_A') {
event.response.issueTokens = false;
event.response.failAuthentication = false;
event.response.challengeName = 'PASSWORD_VERIFIER';
} else if (event.request.session.length == 2 && event.request.session[1].challengeName == 'PASSWORD_VERIFIER' && event.request.session[1].challengeResult == true) {
event.response.issueTokens = false;
event.response.failAuthentication = false;
event.response.challengeName = 'CUSTOM_CHALLENGE';
} else if (event.request.session.length == 3 && event.request.session[2].challengeName == 'CUSTOM_CHALLENGE' && event.request.session[2].challengeResult == true) {
event.response.issueTokens = true;
event.response.failAuthentication = false;
} else {
event.response.issueTokens = false;
event.response.failAuthentication = true;
}
// Return to Amazon Cognito
callback(null, event);
}
tutoring-create-auth-challenge
"use strict";
const publicKey = require('./public');
exports.handler = async (event) => {
//throw new Error("tutoring-create-auth-challenge");
event.response.privateChallengeParameters = { key: publicKey.key };
return event;
};
and configured them as triggers in the user pools
The problem is that those lambdas aren't triggered. I added errors in each of them (see commented out code) but I was able to register and log in without any problem.
What I want to do is add a new challenge with checking a custom JWT token (instead of verification code sent by email).
What else do I have to do to make it work? I checked cloudwatch and could be able to find only logs from manual lambda's executions.
Upvotes: 0
Views: 2428
Answers (1)
Reputation: 353
Could you please show which commands are you using to trigger the custom challenge?
Recently I've implemented a similar flow to what you have described in `define-auth`. A couple of things I'd like to share:
This document was very helpful(Use SRP Password Verification in Custom Authentication Flow section)
If you are familiar with Java I highly recommend you to have a look at this nice utility (similar code can be found for python and javascript) that can be used for custom flow invocations. For that, I believe you need to update
AuthFlowTypehere toCUSTOM_AUTH.
Also, this utility helps withPASSWORD_CLAIM_SIGNATUREandPASSWORD_CLAIM_SECRET_BLOCKcalculations.
Upvotes: 1
Related Questions
- AWS Cognito: Custom Challenge with Retry
- Cognito does not call Lambda function in CustomSMSSender
- custom error from aws cognito trigger lambda
- AWS Cognito does not use my custom message lambda
- Custom auth lambda trigger not configured
- AWS Cognito Pre-Authentication lambda trigger using .Net Core 3 - returns an 'InvalidLambdaResponse' exception
- AWS Cognito Pool Trigger
- AWS Java Lambda Cognito - Invalid lambda trigger source
- AWS Cognito with Lambda for custom validation
- Cognito to Lambda sync trigger not firing