Open theotherian opened 3 days ago
Welcome to LocalStack! Thanks for reporting your first issue and our team will be working towards fixing the issue for you or reach out for more background information. We recommend joining our Slack Community for real-time help and drop a message to LocalStack Pro Support if you are a Pro user! If you are willing to contribute towards fixing this issue, please have a look at our contributing guidelines and our contributing guide.
Wanted to add one more piece of detail to this to give a more complete picture.
You should notice right away that clientMetadata
is absent in event.request
when the VerifyAuthChallenge
lambda is invoked, but I also wanted to point out that for the use case I was working towards I was also using a PreTokenGeneration
lambda using the PreTokenGenerationConfig
approach aiming for V2_0
and that was also missing clientMetadata
.
Pointing this out because I know per the AWS docs that VerifyAuthChallenge
should forward its clientMetadata
to PreTokenGeneration
as well as other functions.
Is there an existing issue for this?
Current Behavior
As a reference point, I'm trying to implement passkey-based authentication in Localstack as a proof of concept based on the following article: https://aws.amazon.com/blogs/security/how-to-implement-password-less-authentication-with-amazon-cognito-and-webauthn/
I have a Cognito setup working with custom challenges executing with Lambas for create, define and verify challenge.
It seems clientMetadata doesn't work as expected. I'm passing a key and value both via the
awslocal
command by sending--client-metadata '{"key":"value"}'
toresponse-to-auth-challenge
and I'm sending the same thing via the JavaScript API andevent.request.clientMetadata
is always undefined both in theVerifyAuthChallenge
lambda and all other lambdas. In fact,event.request
doesn't even have aclientMetadata
field in it even though it has all the other expected fields likeuserAttributes
,challengeAnswer
, etc.According to https://repost.aws/knowledge-center/cognito-clientmetadata-lambda-trigger the
clientMetadata
field passed toResponseToAuthChallenge
should not only be present in that request but should also be visible to almost every other custom Lambda in the flow.Expected Behavior
The
event.request.clientMetadata
field should both be available in all Cognito custom Lambdas and should also be carried to other Lambas in accordance with the AWS documentation here: https://repost.aws/knowledge-center/cognito-clientmetadata-lambda-triggerHow are you starting LocalStack?
With a docker-compose file
Steps To Reproduce
How are you starting localstack (e.g.,
bin/localstack
command, arguments, ordocker-compose.yml
)I have some Lambdas defined locally locally that might be a bit convoluted to strip down and upload along with this example, but if you need them in order to reproduce the issue I could probably create no-op versions.
Docker compose:
init-localstack.sh
startup script:Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)
Environment
Anything else?
No response