After a user confirms their email, we want to run a Post Confirmation Lambda in AWS.
This lambda will store the user's email and password to a database that is separate from Cognito, so we need to fetch these credentials from AWS.
We believe it should be possible from the event object, but we can't find anything about this in the official documentation.
Is it possible to fetch a user's email and password from AWS from within a Post Confirmation Lambda?
After inspecting vars(context) and event, it seems that it is impossible to get a user's password from within the post confirmation lambda itself, as these objects do not contain it.
Thanks to everyone who helped.
Related
I need to get some user attributes from non-validated users on AWS Cognito
My use case is the following:
An user sign up in the app, however he does not submit the validation code immediately
When he tries to sign in in the app, he is prompted once again to submit the code he has received in his e-mail
But then I cannot register this user in the database, because I donĀ“t have his data...Hopefully this was clear enough
I tried to research some resources online such as this AWS Cognito- get user information with ID and this one AWS Cognito: get user attributes of any unauthenticated user
However I am concerned about security of the user, regarding the GDPR... As I would be exposing an unprotected endpoint with access to some sensitive data...
Does any of you guys know how could I address such issue without violating any GDPR rule?
Is there any cognito method that returns the user data for non validated users when they try to sign In?
For legal reasons I need to BCC someone on my Cognito verification emails when someone signs up on my website. Is there a way to configure this in Amazon SES or Cognito? I have searched through the settings on both of the services and searched google but I haven't been able to find anything. I am wondering if maybe I should use SNS to trigger a welcome email with the compliance information after the user verifies their email, though I am still not sure if this is possible.
You will need to implement a Cognito custom email sender Lambda function. There's an example of that function using NodeJS at the above link. Having gone through this myself I would point out that it can only be done using NodeJS or Java due to the specific AWS encryption SDK needed to decode the email body in your Lambda function.
Inside that example Lambda function you can see the different event triggers the function has to handle. In the CustomEmailSender_SignUp trigger handler you would add your BCC when you send the email.
You would need to use the AWS SDK inside that code to send the emails using SES.
User Sign up ==> Account is auto confirmed ==> a custom email is send to email to verify email ==> user can login without verifying email since its account is already confirmed.
When user click on the link his email is verified.
Above is the user signup flow that I want. Till now, I'm verifiying the account by trigger a lambda in cognito's presignup trigger. However, using this way, email is not triggered. So I'm verifying account from signup lambda itself using adminConfirmSignup method. Now we user click on link, we get error that account is already verified, but I want its email to be verified whne the link is clicked.
My Current Solution:
Confirm the user account by adminConfirmSignup, and send the api gateway link contains username / client_id / confirmation code instead of default link. The Api gateway will point to a lambda where I'll confirm the code and update the user'email attribute, but how can I verify the confirmation_code?
Is there any other solution available?
Also the custom email that is being send to the user, I'm including a button and a click eventlistener in it, event listener seems to be not working. Any reason?
I did NOT find a way to capture the email address (username entered by the users in login form) and password in Lambda Function. I have created a Lambda function (nodejs) and triggered it from Cognito Pre Authentication. It get triggered but if the email address does not exist in cognito user pool, event.request.userAttributes is empty.
Is there anyone facing the same problem and solved the problem ?
If the user doesn't exist, the lambda cannot get its attributes.
If the subsequent problem is that the user attributes object is empty even if it exists, check the IAM Role/Policy attached to the lambda.
It needs the cognito-idp:GetUser to retrieve the UserAttributes.
I am working on one project with AWS lambda function, DynamoDB, serverless architecture with the node.js runtime environment.
Now thing is that I want to send an email when a new user signup in my system for email address confirmation.
First, I tried with SES(SMTP credentials) and nodemailer module. When we try to send an email using SES then we need to verify both the email addresses(From and TO). But thing is that suppose I verify my From email address but the new signup user has a new email address, so, this when I try to send an email to the new signup user's email address then it through error like email address not verified.
So, i want to know that if I want to send an email to this new signup user how can I send the email confirmation mail?
Can I use SNS with AWS lambda and serverless architecture?
Thanks in advance for the help.
I'm suspecting your Amazon SES is still in sandbox mode. As long as you are in sandbox mode, you can only do the following things:
You can only send mail to verified email addresses and domains, or to the Amazon SES mailbox simulator.
You can send a maximum of 200 messages per 24-hour period.
You can send a maximum of 1 message per second.
To get yourself removed out of sandbox mode, you need to open a SES Sending Limits Increase case to the AWS Support center.