Reputation: 51
When using the "Pre Token Generation Lambda Trigger Function", how do I set the "claimsToAddOrOverride" to return an array instead of a string
I've written a Pre Token Generation Lambda Trigger function to split a custom string attribute into an array and assign to a new attribute, the string attribute would be in this format "FDVC443FD|HFVSD4434". The lambda function should then create the array ["FDVC443FD", "HFVSD4434"] and assigned it to the new attribute.
Expected Result Input -> "custom:eaid": "FDVC443FD|HFVSD4434" Output -> "eaid": ["FDVC443FD", "HFVSD4434"]
Pre Token Generation Lambda Trigger Function (Python)
def lambda_handler(event, context):
#This function handles adding a custom claim to the cognito ID token.# grab requestor's custom external id (eaid)
custom_eaid = event['request']['userAttributes']['custom:eaid']
# Split the custom attribute string into an array by the "|" seperator
custom_eaid = custom_eaid.split('|')
# placeholder variable
eaid = ''
# this allows us to override claims in the id token
# "claimsToAddOrOverride" is the important part
event["response"]["claimsOverrideDetails"] = {
"claimsToAddOrOverride": {
"eaid": custom_eaid
},
"claimsToSuppress": ["custom:eaid"]
}
# return modified ID token to Amazon Cognito
return event
The Lambda function returns the following error:-
Error executing "InitiateAuth" on "https://cognito-idp.eu-west-1.amazonaws.com\ "; AWS HTTP error: Client error: POST https://cognito-idp.eu-west-1.amazonaws.com resulted in a 400 Bad Request response:\n{"__type":"InvalidLambdaResponseException","message":"Unrecognizable lambda output"}\n InvalidLambdaResponseException (client): Unrecognizable lambda output - {"__type":"InvalidLambdaResponseException","message":"Unrecognizable lambda output"}
Upvotes: 2
Views: 2412
Answers (1)
Reputation: 825
According to the documentation, claimsToAddOrOverride expects a collection of string key/value pairs.
So as of now we can not pass a list as a value.
Maybe you can try, a comma separated string or set the custom:eaid as it is. Then whenever you need that as a list, extract that from the claim.
Upvotes: 0
Related Questions
- AWS Cognito: Add custom claim/attribute to JWT access token
- AWS Cognito pre token generation lambda trigger
- How to add array values in Claims of IdToken in Cognito using claimsToAddOrOverride
- Automatically getting AccessToken of authenticated-user in AWS Cognito PostAuthentication trigger event handler lambda
- How to retrieve custom JWT claims from within Lambda with Identity Pool?
- AWS Cognito OAuth2 access the STATE or SCOPE parameter by some Lambda Trigger
- AWS Cognito Pre-Token Generation not adding custom claims to ID Token (with ALB setup + Auth Code flow)
- Pre sign-up lambda function in cognito
- AWS Cognito Pre-Authentication lambda trigger using .Net Core 3 - returns an 'InvalidLambdaResponse' exception
- How to customize cognito user pool authorizer's Unauthorized 401 JSON response in AWS API Gateway