1

I have added migration between two user pools. The following are the actions I took :

  1. create lambda function based on sample code given by AWS docs for cognito migration https://docs.aws.amazon.com/code-samples/latest/catalog/javascript-cognito-lambda-trigger-migrate-user.js.html
  2. create the trigger for migration in cognito and connect the lambda.
  3. add policies for relevant roles.

After trying it out I get 'No email provided but email_verified was true' as the error responded by cognito and no cloud watch logs for the migration trigger lambda function.

User login code :

  const authenticationData = {
        Username: email,
        Email: email,
        Password: userPassword,
      };

      const authDetails = AWS.authenticationDetails(authenticationData);
      const userPool = AWS.cognitoUserPool(poolData);
      const userData = {
        Username: email,
        Email: email,
        Pool: userPool,
      };
      const cognitoUser = AWS.cognitoUser(userData);
      cognitoUser.setAuthenticationFlowType('USER_PASSWORD_AUTH');
      authDetails.email = email;
      try {
        const authResult = await utilsHelper.promisifySF(cognitoUser.authenticateUser.bind(cognitoUser))(authDetails);
        console.log('authResult : ', authResult);
      } catch (e) {
        console.log('user verify exception : ', e);
      }

lambda function code

'use strict';
var CLIENT_ID = '';
var USER_POOL_ID = '';
var OLD_CLIENT_ID = '';
var OLD_USER_POOL_ID = '';
var OLD_USER_POOL_REGION = '';
var OLD_ROLE_ARN = '';
var OLD_EXTERNAL_ID = '';
var AWS = require('aws-sdk');
exports.handler = (event, context, callback) => {

    var user;

    if ( event.triggerSource == "UserMigration_Authentication" ) {

        // authenticate the user with your existing user directory service
        user = authenticateUser(event.userName, event.request.password);
        if ( user ) {
            event.response.userAttributes = {
                "email": user.emailAddress,
                "email_verified": "true"
            };
            event.response.finalUserStatus = "CONFIRMED";
            event.response.messageAction = "SUPPRESS";
            context.succeed(event);
        }
        else {
            // Return error to Amazon Cognito
            callback("Bad password");
        }
    }
    else { 
        // Return error to Amazon Cognito
        callback("Bad triggerSource " + event.triggerSource);
    }
};
async function authenticateUser(username, password) {
  const isp = new AWS.CognitoIdentityServiceProvider();
  // Validate username/password
  const resAuth = await isp.adminInitiateAuth({
    AuthFlow: 'ADMIN_USER_PASSWORD_AUTH',
    AuthParameters: {
      PASSWORD: password,
      USERNAME: username,
    },
    ClientId: OLD_CLIENT_ID,
    UserPoolId: OLD_USER_POOL_ID,
  }).promise();
  if (resAuth.code && resAuth.message) {
    return undefined;
  }
  // Load user data
  const resGet = await isp.adminGetUser({
    UserPoolId: OLD_USER_POOL_ID,
    Username: username,
  }).promise();
  if (resGet.code && resGet.message) {
    return undefined;
  } 
  return {
    emailAddress: resGet.UserAttributes.find(e => e.Name === 'email').Value,
  };
}

Congito error response

{
  code: 'UserNotFoundException',
  name: 'UserNotFoundException',
  message: 'User does not exist.'
}

Please let me know if any further details are required. It would be great if you could help me. Thank you in advance for your help.

Michael Marshal
  • 19
  • 6

0 Answers0