search

awslabs / aws-lambda-rust-runtime

A Rust runtime for AWS Lambda
Apache License 2.0
3.26k stars 335 forks source link

Lambda for Cognito Post Confirmation event response causes error for Account Creation #873

Closed jregistr closed 1 month ago

jregistr commented 2 months ago

Hi! I recently implemented a lambda for AWS Cognito integration with the user-pool-lambda-post-confirmation event.

The sdk event for that is this: event/cognito/mod.rs#L87.

Looks like this event is not correct. I think maybe the docs are out of date? The docs page show an empty json for Response (html#cognito-user-pools-lambda-trigger-syntax-post-confirmation).

{ "request": { "userAttributes": {"string": "string",. . .},"clientMetadata": {"string": "string",. . .}},"response": {}}

The CognitoEventUserPoolsPostConfirmationResponse is also an empty object.

We found when logging into the app via socials for the first time (login implemented with Amplify SDK for iOS), an error is thrown and login fails. The error message mentions the lambda

Location:applocation://?error_description=Invalid+version+in+Lambda+response.+Version+should+be+1+&state=e3811fde-b3fe-4507-9992-fa2b228ed194&error=invalid_request

The JS example in the lower part of the docs shows simply returning the input even which contains the version field. After updating the code to return the event user pools header (I saw it had this same version field), it worked.

type EventResponse = CognitoEventUserPoolsHeader<CognitoEventUserPoolsPostConfirmationTriggerSource>;

async fn function_handler(
    event: LambdaEvent<CognitoEventUserPoolsPostConfirmation>
) -> Result<EventResponse> {
   let payload = event.payload;
   let event_response = payload.cognito_event_user_pools_header;
   .... // details
   Ok(event_response)
}
calavera commented 1 month ago

I checked with the Cognito team and it looks like the documentation might not be super clear. Cognito expects that the payload that the lambda invocation returns is similar to the payload that it receives, this is key in the docs:

Amazon Cognito passes event information to your Lambda function. The function then returns the same event object to Amazon Cognito, with any changes in the response.

As you point out, the example in the doc returns the same event payload that it receives.

I think this could be an opportunity for us to have some examples of how to work with Cognito and Rust Lambda functions, I'm not an expert on it though, but any help will be very appreciated.

github-actions[bot] commented 1 month ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one.