6

I want to modify the email address while migrating a user from one user pool to another via the Migrate User Lambda Trigger in Amazon Cognito.

I've got a running user migration without manipulating the email address with the help of this article. The lambda function is running in a Node.js 12.x environment and both the source and the target user pool are configured with the email as the only username attribute: user pool configuration

My Migrate User Response Parameters are as follows:

{
  userAttributes: {
    email: 'foo@bar.com', // --> the manipulated email address
    email_verified: 'true'
  },
  finalUserStatus: 'CONFIRMED',
  messageAction: 'SUPPRESS'
}

which results in a "User email should be empty or same as username, since username attribute is email." error message when trying to migrate, i.e. login. So I followed this message and added the manipulated email address as the username:

{
  userAttributes: {
    email: 'foo@bar.com',
    email_verified: 'true',
    username: 'foo@bar.com'
  },
  ...
}

which now results in a "Invalid username or missing email / phone_number / preferred_username attributes" error message. This turns out to be the expected behavior according to this documentation:

If email is selected as an alias, a username cannot match a valid email format.

Since I had no clue how to overcome this issue, I gave it a shot and changed the user pool configuration so that the username along with the email address is used to sign up: another user pool configuration

As the first response parameters mentioned above now result in a "Username cannot be of email format, since user pool is configured for email alias." error message, I set the username to the one of the source user (retrieved via the AdminGetUser API):

{
  userAttributes: {
    email: 'foo@bar.com',
    email_verified: 'true',
    username: user.username
  },
  ...
}

which again results in a "Invalid username or missing email / phone_number / preferred_username attributes" error message.

I already thought about manipulating the email in another (subsequent) Lambda Trigger (e.g. Post Authentication Lambda Trigger), but I would appreciate your help for getting the email manipulation done in the Migrate User Lambda Trigger.

ntt
  • 81
  • 1
  • 3
  • As you already noticed you cannot have your user name to be an email and have an alias to email at the same time. It kind make sense. This would be one and the same thing. Why don't you just configure the new User Pool without email being an alias? Use will still be able to sign in with email since it's going to be a username. Or am I missing something here? – Aleksander Wons Nov 07 '20 at 15:04

0 Answers0