TechQA.

Cognito Custom Auth trigger not getting Session from Cognito

2.2k views Asked by At

I tried to call the InitiateAuth API from AWS CLI. I have set up Define auth, create auth and verify auth lambda triggers correctly. The problem is that, when I ran the below command, it's showing error:

aws cognito-idp initiate-auth --client-id <my_client_id> --auth-flow CUSTOM_AUTH --auth-parameters USERNAME=uname,ChallengeName="SRP_A",SRP_A="<srp_value>"

Error: An error occurred (UserLambdaValidationException) when calling the InitiateAuth operation: DefineAuthChallenge failed with error Cannot read property 'challengeName' of undefined.

I checked the Define Auth lambda code, and also the Cloud Watch logs of Lambda execution. The error occurred because the input from Cognito contains an empty session key in the event json (which usually sent from Cognito to Lambda). As the property challengeName resides inside the session key (as shown in official documentation).

Here is the JSON event sent to Lambda from Cognito when I ran that command (I got this JSON from CloudWatch Lambda logs, I printed the event which is being sent from Cognito):

{
  version: '1',
  region: 'us-east-1',
  userPoolId: 'us-east-1_******',
  userName: 'uname',
  callerContext: {
    awsSdkVersion: 'aws-sdk-unknown-unknown',
    clientId: '<my_client_id>'
  },
  triggerSource: 'DefineAuthChallenge_Authentication',
  request: {
    userAttributes: {
      sub: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx',
      'cognito:email_alias': '<email>',
      'cognito:user_status': 'CONFIRMED',
      email_verified: 'true',
      name: 'Custom Test',
      email: '<email>'
    },
    session: [],                                       -----> !! Empty
    userNotFound: false
  },
  response: { challengeName: null, issueTokens: null, failAuthentication: null }
}

What is the reason? Is it because I am sending the request from CLI so Cognito not able to create a session or something? I'm not sure. Any help will be appreciated.

amazon-cognito amazon-cognito-triggers
Original Q&A
1

There are 1 answers

0
Andrew Gillis On BEST ANSWER

Session holds previous auth challenge results (either from built-in challenges or you custom challenges). It will be empty for the first invocation of the define auth challenge lambda. As the name suggests you have to define the auth challenge in the handler response.

Related Questions in AMAZON-COGNITO

Related Questions in AMAZON-COGNITO-TRIGGERS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions