Describe the feature
Now that cognito officially supports modification of access tokens by using lambda version 2 it would be great if the addTrigger functionality could support this. If this is already supported but undocumented maybe just an update to the docs are needed
https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-cognito-user-pools-customize-access-tokens/
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
From the second link:
To support access token customization in a pre token generation Lambda trigger
Generate a CreateUserPool or UpdateUserPool API request. You must specify a value for all parameters that you don't want set to a default value. For more information, see Updating user pool configuration.
Include the following content in the LambdaVersion parameter of your request. A LambdaVersion value of V2_0 causes your user pool to add parameters for access token customization. To invoke a specific function version, use a Lambda function ARN with a function version as the value of LambdaArn.
"PreTokenGenerationConfig": {
"LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyFunction",
"LambdaVersion": "V2_0"
}this is also supported in cloudformation
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-pretokengenerationconfig.html
LambdaArn: String
LambdaVersion: String
Use Case
Instead of writing custom code to update this or call the cfn resource and add logic for the updates it would make a lot of sense if this was supported natively with cdk addTrigger function
Proposed Solution
Update add trigger to support input of version string like
(method) UserPool.addTrigger(operation: cdk.aws_cognito.UserPoolOperation, fn: cdk.aws_lambda.IFunction, lambdaVersion: string): void
It should default to V1_0 if not set and it should only be evaluated if the operation ins PRE_TOKEN_GENERATION
userPool.addTrigger(cognito.UserPoolOperation.PRE_TOKEN_GENERATION, lambda.Function.fromFunctionArn(
this,
'PreTokenGenerationLambda',
`arn:aws:lambda:${props.env?.region}:${props.env?.account}:function:MyFunction`
),"V2_0");An alternate approach would be to do this on the userpool trigger config in the userpool
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolTriggers.html
ie change the
preTokenGeneration? from iFunction to be a construct with iFunction and version string
(property) UserPoolTriggers.preTokenGenerationConfig?: cdk.aws_cognito.PreTokenGenerationConfig | undefined
This seem somewhat prepared because you can set the value to preTokenGenerationConfig but it only expects a IFunction
(property) preTokenGenerationConfig: cdk.aws_lambda.IFunction
Other Information
No response
Acknowledgements
CDK version used
2.119.0
Environment details (OS name and version, etc.)
macOS 14.2.1 (23C71)
Describe the feature
Now that cognito officially supports modification of access tokens by using lambda version 2 it would be great if the addTrigger functionality could support this. If this is already supported but undocumented maybe just an update to the docs are needed
https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-cognito-user-pools-customize-access-tokens/
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
From the second link:
To support access token customization in a pre token generation Lambda trigger
Generate a CreateUserPool or UpdateUserPool API request. You must specify a value for all parameters that you don't want set to a default value. For more information, see Updating user pool configuration.
Include the following content in the LambdaVersion parameter of your request. A LambdaVersion value of V2_0 causes your user pool to add parameters for access token customization. To invoke a specific function version, use a Lambda function ARN with a function version as the value of LambdaArn.
this is also supported in cloudformation
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-pretokengenerationconfig.html
Use Case
Instead of writing custom code to update this or call the cfn resource and add logic for the updates it would make a lot of sense if this was supported natively with cdk addTrigger function
Proposed Solution
Update add trigger to support input of version string like
It should default to V1_0 if not set and it should only be evaluated if the operation ins PRE_TOKEN_GENERATION
An alternate approach would be to do this on the userpool trigger config in the userpool
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolTriggers.html
ie change the
preTokenGeneration? from iFunction to be a construct with iFunction and version string
This seem somewhat prepared because you can set the value to preTokenGenerationConfig but it only expects a IFunction
Other Information
No response
Acknowledgements
CDK version used
2.119.0
Environment details (OS name and version, etc.)
macOS 14.2.1 (23C71)