1

In my React Native mobile app, I use AWS Amplify to send info about user actions (screen views, button taps, swipes, etc.) by means of Analytics.record(...) to AWS Pinpoint which in turn feeds them into a AWS Kinesis Data Stream. I have created an AWS Lambda Python 3 function that listens to events in this data stream.

Setup has been a breeze, thanks to outstanding documentation and everything works fine - except for one thing:

When a user logs in, I update the Pinpoint Endpoint with the user ID, email address and some more attributes using Analytics.updateEndpoint(...). In the lambda function, I base64-decode the event payload as shown in this sample code and a sample event payload looks roughly like this:

{
    "event_type": "_session.start",
    "event_timestamp": 1572345161558,
    "application": {
        "app_id": "<some app ID>",
        "cognito_identity_pool_id": "us-east-1:<some pool ID>",
        "sdk": {},
        "version_name": "<the app version I put in using updateEndpoint(...)>"

       ... <snipped for brevity> ...

    },
    "attributes": {},
    "endpoint": {
        "ChannelType": "APNS",
        "Address": "=ABAQRuUDJD ... <some longish binary value> j0eL+69lsY=",
        "EndpointStatus": "ACTIVE",
        "Location": {
            "Country": "US"
        },
        "Demographic": {
            "Make": "iPhone",
            "Model": "iPhone X",
            "ModelVersion": "13.1.3",
              ...
            "Platform": "ios"
        },
        "User": {
            "UserId": "us-east-1:<Cognito ID of the user that logged in>",
            "UserAttributes": {}
        },

        ... <snipped for brevity> ...

    },
    "awsAccountId": "<my account ID>"
}

The user email address in the "Address" field above is not contained in the Kinesis Data Stream event as plain text, but encoded (or encrypted ?) somehow.

My question: Can anybody tell me how it is encoded / encrypted ? And, ideally, how to get the plain text address ?

I tried to base64-decode it or decrypt it using my default AWS KMS key (and a combination thereof), but no luck.

Alternatively, I could use the (plain text) user ID to look up the email address in the AWS Cognito user pool used to manage auth & auth, but getting it from the event directly would obviously be a lot simpler...

I have searched the web up and down, asked in the AWS-Amplify channel on gitter, but that Address encoding / encryption just does not seem to be documented anywhere...

ssc
  • 9,528
  • 10
  • 64
  • 94
  • I'm really a novice at AWS, but I would read "address" as an (opaque) endpoint address, not a user email address. Are you sure that it's an encoding of the email address? – Joachim Isaksson Oct 29 '19 at 18:54
  • The actual value of the address depends on the channel used to send Pinpoint notifications to the user, can be e.g. an email address or a mobile phone number; see e.g. https://docs.aws.amazon.com/en_pv/pinpoint/latest/apireference/apps-application-id-endpoints-endpoint-id.html (half way down the page). I am _half_ sure it is an encoded email address because that's what I put in as `address` in `Analytics.updateEndpoint(...)` (https://aws-amplify.github.io/docs/js/analytics#update-endpoint) – ssc Oct 29 '19 at 19:24

0 Answers0