stackoom
  简体   繁体   中英

When using the "Pre Token Generation Lambda Trigger Function", how do I set the "claimsToAddOrOverride" to return an array instead of a string

 原文  2022-12-05 09:11:18       aws-lambda/ amazon-cognito/ aws-sdk

Question

I've written a Pre Token Generation Lambda Trigger function to split a custom string attribute into an array and assign to a new attribute, the string attribute would be in this format "FDVC443FD|HFVSD4434". The lambda function should then create the array ["FDVC443FD", "HFVSD4434"] and assigned it to the new attribute.

Expected Result Input -> "custom:eaid": "FDVC443FD|HFVSD4434" Output -> "eaid": ["FDVC443FD", "HFVSD4434"]

Pre Token Generation Lambda Trigger Function (Python)

def lambda_handler(event, context):
#This function handles adding a custom claim to the cognito ID token.# grab requestor's custom external id (eaid)
custom_eaid = event['request']['userAttributes']['custom:eaid']

# Split the custom attribute string into an array by the "|" seperator
custom_eaid = custom_eaid.split('|')

# placeholder variable
eaid = ''

# this allows us to override claims in the id token
# "claimsToAddOrOverride" is the important part 
event["response"]["claimsOverrideDetails"] = { 
    "claimsToAddOrOverride": { 
        "eaid": custom_eaid
    },
    "claimsToSuppress": ["custom:eaid"]
} 
     
# return modified ID token to Amazon Cognito 
return event

The Lambda function returns the following error:-

Error executing "InitiateAuth" on "https://cognito-idp.eu-west-1.amazonaws.com\ "; AWS HTTP error: Client error: POST https://cognito-idp.eu-west-1.amazonaws.com resulted in a 400 Bad Request response:\n{"__type":"InvalidLambdaResponseException","message":"Unrecognizable lambda output"}\n InvalidLambdaResponseException (client): Unrecognizable lambda output - {"__type":"InvalidLambdaResponseException","message":"Unrecognizable lambda output"}

1 answers

solution1
 0  2022-12-07 08:35:31

According to the documentation , claimsToAddOrOverride expects a collection of string key/value pairs.

So as of now we can not pass a list as a value.

Maybe you can try, a comma separated string or set the custom:eaid as it is. Then whenever you need that as a list, extract that from the claim.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can i call "sendTaskSuccess" that return the token to a waiting state in stepfunction. not using lambda function how I can trigger Lambda function using boto3 AWS Lambda function is missing trigger by websocket gateway when using CloudFormation Can I trigger one Lambda function after successful completion of another Lambda function (without using Step Function)? How do I deploy a Google Cloud Function (2nd generation)? How do I return errors on an AWS Lambda function written in Node.js through the AWS API Gateway using the Serverless framework? How can I return a response to an AWS lambda function for a longer running process before lambda times out? How do I use Heartbeat with a Callback Return Step Function in my Lambda Function? Lambda trigger a function itself How do I include an image (jpg) with a lambda function?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM