AWS Cognito Post authentication trigger get identity id

Question

I'm trying to use Cognito Post authentication trigger to attach an AWS IoT Policy to my users and for that I need the Cognito identityID. However, when triggering the Post authentication lambda I only receive basic informations about the user:

{
  version: '1',
  region: 'eu-west-1',
  userPoolId: 'eu-west-1_xxxx',
  userName: '6411221azf-7af6-44b7-a0fb-8e52f213bcc4',
  callerContext: {
    awsSdkVersion: 'aws-sdk-unknown-unknown',
    clientId: 'u88vwwf7no8vijkt81ocg704e4cl'
  },
  triggerSource: 'PostAuthentication_Authentication',
  request: {
    userAttributes: {
      sub: '6411221aesge-dgrg56-DRGD43-8e52f213bcc4',
      email_verified: 'true',
      'cognito:user_status': 'CONFIRMED',
      'cognito:email_alias': 'wwwwwwww@gmail.com',
      phone_number_verified: 'false',
      phone_number: '+00000000',
      email: 'xxxxx@gmail.com'
    },
    newDeviceUsed: false
  },
  response: {}
}

Is there any way for me to get the cognito identityID when triggering the lambda ? Thanks!!

It is not, I've found in the doc that it should be here but only if the user is [connecting trough phone](https://docs.aws.amazon.com/lambda/latest/dg/nodejs-context.html)... Do you have any idea of how I can bypass that ? — Aimé .Risson, Feb 01 '21 at 05:25

score 0 · Answer 1 · answered Jun 28 '23 at 12:55

0

I answered this in this post. But basically, the best way to go is having a lambda function which will securely attach the IoT policy for you.

answered Jun 28 '23 at 12:55

Lucas Meier

369
3
6

AWS Cognito Post authentication trigger get identity id

1 Answers1