diff --git a/lambda-events/src/event/cognito/mod.rs b/lambda-events/src/event/cognito/mod.rs index decc31a5..95782ffc 100644 --- a/lambda-events/src/event/cognito/mod.rs +++ b/lambda-events/src/event/cognito/mod.rs @@ -44,11 +44,22 @@ pub struct CognitoDatasetRecord { pub struct CognitoEventUserPoolsPreSignup { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsPreSignupRequest, pub response: CognitoEventUserPoolsPreSignupResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsPreSignupTriggerSource { + #[serde(rename = "PreSignUp_SignUp")] + #[default] + SignUp, + #[serde(rename = "PreSignUp_AdminCreateUser")] + AdminCreateUser, + #[serde(rename = "PreSignUp_ExternalProvider")] + ExternalProvider, +} + /// `CognitoEventUserPoolsPreAuthentication` is sent by AWS Cognito User Pools when a user submits their information /// to be authenticated, allowing you to perform custom validations to accept or deny the sign in request. #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] @@ -56,11 +67,19 @@ pub struct CognitoEventUserPoolsPreSignup { pub struct CognitoEventUserPoolsPreAuthentication { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: + CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsPreAuthenticationRequest, pub response: CognitoEventUserPoolsPreAuthenticationResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsPreAuthenticationTriggerSource { + #[serde(rename = "PreAuthentication_Authentication")] + #[default] + Authentication, +} + /// `CognitoEventUserPoolsPostConfirmation` is sent by AWS Cognito User Pools after a user is confirmed, /// allowing the Lambda to send custom messages or add custom logic. #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] @@ -68,11 +87,21 @@ pub struct CognitoEventUserPoolsPreAuthentication { pub struct CognitoEventUserPoolsPostConfirmation { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: + CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsPostConfirmationRequest, pub response: CognitoEventUserPoolsPostConfirmationResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsPostConfirmationTriggerSource { + #[serde(rename = "PostConfirmation_ConfirmForgotPassword")] + ConfirmForgotPassword, + #[serde(rename = "PostConfirmation_ConfirmSignUp")] + #[default] + ConfirmSignUp, +} + /// `CognitoEventUserPoolsPreTokenGen` is sent by AWS Cognito User Pools when a user attempts to retrieve /// credentials, allowing a Lambda to perform insert, suppress or override claims #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] @@ -80,11 +109,26 @@ pub struct CognitoEventUserPoolsPostConfirmation { pub struct CognitoEventUserPoolsPreTokenGen { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsPreTokenGenRequest, pub response: CognitoEventUserPoolsPreTokenGenResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsPreTokenGenTriggerSource { + #[serde(rename = "TokenGeneration_HostedAuth")] + HostedAuth, + #[serde(rename = "TokenGeneration_Authentication")] + #[default] + Authentication, + #[serde(rename = "TokenGeneration_NewPasswordChallenge")] + NewPasswordChallenge, + #[serde(rename = "TokenGeneration_AuthenticateDevice")] + AuthenticateDevice, + #[serde(rename = "TokenGeneration_RefreshTokens")] + RefreshTokens, +} + /// `CognitoEventUserPoolsPostAuthentication` is sent by AWS Cognito User Pools after a user is authenticated, /// allowing the Lambda to add custom logic. #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] @@ -92,11 +136,19 @@ pub struct CognitoEventUserPoolsPreTokenGen { pub struct CognitoEventUserPoolsPostAuthentication { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: + CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsPostAuthenticationRequest, pub response: CognitoEventUserPoolsPostAuthenticationResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsPostAuthenticationTriggerSource { + #[serde(rename = "PostAuthentication_Authentication")] + #[default] + Authentication, +} + /// `CognitoEventUserPoolsMigrateUser` is sent by AWS Cognito User Pools when a user does not exist in the /// user pool at the time of sign-in with a password, or in the forgot-password flow. #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] @@ -104,13 +156,22 @@ pub struct CognitoEventUserPoolsPostAuthentication { pub struct CognitoEventUserPoolsMigrateUser { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, #[serde(rename = "request")] pub cognito_event_user_pools_migrate_user_request: CognitoEventUserPoolsMigrateUserRequest, #[serde(rename = "response")] pub cognito_event_user_pools_migrate_user_response: CognitoEventUserPoolsMigrateUserResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsMigrateUserTriggerSource { + #[serde(rename = "UserMigration_Authentication")] + #[default] + Authentication, + #[serde(rename = "UserMigration_ForgotPassword")] + ForgotPassword, +} + /// `CognitoEventUserPoolsCallerContext` contains information about the caller #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] #[serde(rename_all = "camelCase")] @@ -125,11 +186,11 @@ pub struct CognitoEventUserPoolsCallerContext { /// `CognitoEventUserPoolsHeader` contains common data from events sent by AWS Cognito User Pools #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] #[serde(rename_all = "camelCase")] -pub struct CognitoEventUserPoolsHeader { +pub struct CognitoEventUserPoolsHeader { #[serde(default)] pub version: Option, #[serde(default)] - pub trigger_source: Option, + pub trigger_source: Option, #[serde(default)] pub region: Option, #[serde(default)] @@ -220,7 +281,7 @@ pub struct CognitoEventUserPoolsPreTokenGenResponse { pub struct CognitoEventUserPoolsPreTokenGenV2 { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsPreTokenGenRequestV2, pub response: CognitoEventUserPoolsPreTokenGenResponseV2, } @@ -384,11 +445,19 @@ pub struct CognitoEventUserPoolsDefineAuthChallengeResponse { pub struct CognitoEventUserPoolsDefineAuthChallenge { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: + CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsDefineAuthChallengeRequest, pub response: CognitoEventUserPoolsDefineAuthChallengeResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsDefineAuthChallengeTriggerSource { + #[serde(rename = "DefineAuthChallenge_Authentication")] + #[default] + Authentication, +} + /// `CognitoEventUserPoolsCreateAuthChallengeRequest` defines create auth challenge request parameters #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] #[serde(rename_all = "camelCase")] @@ -426,11 +495,19 @@ pub struct CognitoEventUserPoolsCreateAuthChallengeResponse { pub struct CognitoEventUserPoolsCreateAuthChallenge { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: + CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsCreateAuthChallengeRequest, pub response: CognitoEventUserPoolsCreateAuthChallengeResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsCreateAuthChallengeTriggerSource { + #[serde(rename = "CreateAuthChallenge_Authentication")] + #[default] + Authentication, +} + /// `CognitoEventUserPoolsVerifyAuthChallengeRequest` defines verify auth challenge request parameters #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] #[serde(rename_all = "camelCase")] @@ -469,11 +546,19 @@ pub struct CognitoEventUserPoolsVerifyAuthChallengeResponse { pub struct CognitoEventUserPoolsVerifyAuthChallenge { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: + CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsVerifyAuthChallengeRequest, pub response: CognitoEventUserPoolsVerifyAuthChallengeResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsVerifyAuthChallengeTriggerSource { + #[serde(rename = "VerifyAuthChallengeResponse_Authentication")] + #[default] + Authentication, +} + /// `CognitoEventUserPoolsCustomMessage` is sent by AWS Cognito User Pools before a verification or MFA message is sent, /// allowing a user to customize the message dynamically. #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] @@ -481,11 +566,30 @@ pub struct CognitoEventUserPoolsVerifyAuthChallenge { pub struct CognitoEventUserPoolsCustomMessage { #[serde(rename = "CognitoEventUserPoolsHeader")] #[serde(flatten)] - pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, + pub cognito_event_user_pools_header: CognitoEventUserPoolsHeader, pub request: CognitoEventUserPoolsCustomMessageRequest, pub response: CognitoEventUserPoolsCustomMessageResponse, } +#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, Default)] +pub enum CognitoEventUserPoolsCustomMessageTriggerSource { + #[serde(rename = "CustomMessage_SignUp")] + #[default] + SignUp, + #[serde(rename = "CustomMessage_AdminCreateUser")] + AdminCreateUser, + #[serde(rename = "CustomMessage_ResendCode")] + ResendCode, + #[serde(rename = "CustomMessage_ForgotPassword")] + ForgotPassword, + #[serde(rename = "CustomMessage_UpdateUserAttribute")] + UpdateUserAttribute, + #[serde(rename = "CustomMessage_VerifyUserAttribute")] + VerifyUserAttribute, + #[serde(rename = "CustomMessage_Authentication")] + Authentication, +} + /// `CognitoEventUserPoolsCustomMessageRequest` contains the request portion of a CustomMessage event #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] #[serde(rename_all = "camelCase")] @@ -736,3 +840,178 @@ mod test { assert_eq!(parsed, reparsed); } } + +#[cfg(test)] +#[cfg(feature = "cognito")] +mod trigger_source_tests { + use super::*; + + fn gen_header(trigger_source: &str) -> String { + format!( + r#" +{{ + "version": "1", + "triggerSource": "{trigger_source}", + "region": "region", + "userPoolId": "userPoolId", + "userName": "userName", + "callerContext": {{ + "awsSdkVersion": "calling aws sdk with version", + "clientId": "apps client id" + }} +}}"# + ) + } + + #[test] + fn pre_sign_up() { + let possible_triggers = [ + "PreSignUp_AdminCreateUser", + "PreSignUp_AdminCreateUser", + "PreSignUp_ExternalProvider", + ]; + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } + + #[test] + fn pre_authentication() { + let possible_triggers = ["PreAuthentication_Authentication"]; + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } + #[test] + fn post_confirmation() { + let possible_triggers = [ + "PostConfirmation_ConfirmForgotPassword", + "PostConfirmation_ConfirmSignUp", + ]; + + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } + #[test] + fn post_authentication() { + let possible_triggers = ["PostAuthentication_Authentication"]; + + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } + #[test] + fn define_auth_challenge() { + let possible_triggers = ["DefineAuthChallenge_Authentication"]; + + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } + + #[test] + fn create_auth_challenge() { + let possible_triggers = ["CreateAuthChallenge_Authentication"]; + + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } + #[test] + fn verify_auth_challenge() { + let possible_triggers = ["VerifyAuthChallengeResponse_Authentication"]; + + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } + #[test] + fn pre_token_generation() { + let possible_triggers = [ + "TokenGeneration_HostedAuth", + "TokenGeneration_Authentication", + "TokenGeneration_NewPasswordChallenge", + "TokenGeneration_AuthenticateDevice", + "TokenGeneration_RefreshTokens", + ]; + + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } + #[test] + fn user_migration() { + let possible_triggers = ["UserMigration_Authentication", "UserMigration_ForgotPassword"]; + + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } + #[test] + fn custom_message() { + let possible_triggers = [ + "CustomMessage_SignUp", + "CustomMessage_AdminCreateUser", + "CustomMessage_ResendCode", + "CustomMessage_ForgotPassword", + "CustomMessage_UpdateUserAttribute", + "CustomMessage_VerifyUserAttribute", + "CustomMessage_Authentication", + ]; + + possible_triggers.into_iter().for_each(|trigger| { + let header = gen_header(trigger); + let parsed: CognitoEventUserPoolsHeader = + serde_json::from_str(&header).unwrap(); + let output: String = serde_json::to_string(&parsed).unwrap(); + let reparsed: CognitoEventUserPoolsHeader<_> = serde_json::from_slice(output.as_bytes()).unwrap(); + assert_eq!(parsed, reparsed); + }); + } +} diff --git a/lambda-events/src/fixtures/example-cognito-event-userpools-custommessage.json b/lambda-events/src/fixtures/example-cognito-event-userpools-custommessage.json index 90e8b68e..8b2ca55d 100644 --- a/lambda-events/src/fixtures/example-cognito-event-userpools-custommessage.json +++ b/lambda-events/src/fixtures/example-cognito-event-userpools-custommessage.json @@ -1,28 +1,27 @@ { "version": "1", - "triggerSource": "CustomMessage_SignUp/CustomMessage_ResendCode/CustomMessage_ForgotPassword/CustomMessage_VerifyUserAttribute", + "triggerSource": "CustomMessage_VerifyUserAttribute", "region": "", "userPoolId": "", "userName": "", "callerContext": { - "awsSdkVersion": "", - "clientId": "" + "awsSdkVersion": "", + "clientId": "" }, "request": { - "userAttributes": { - "phone_number_verified": true, - "email_verified": false - }, - "codeParameter": "####", - "usernameParameter": "{username}", - "clientMetadata": { - "exampleMetadataKey": "example metadata value" - } + "userAttributes": { + "phone_number_verified": true, + "email_verified": false + }, + "codeParameter": "####", + "usernameParameter": "{username}", + "clientMetadata": { + "exampleMetadataKey": "example metadata value" + } }, "response": { - "smsMessage": "", - "emailMessage": "", - "emailSubject": "" + "smsMessage": "", + "emailMessage": "", + "emailSubject": "" } } - diff --git a/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-incoming.json b/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-incoming.json index fed10a51..ae78b7c7 100644 --- a/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-incoming.json +++ b/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-incoming.json @@ -1,6 +1,6 @@ { "version": "1", - "triggerSource": "PreTokenGen", + "triggerSource": "TokenGeneration_Authentication", "region": "region", "userPoolId": "userPoolId", "userName": "userName", @@ -15,7 +15,11 @@ }, "groupConfiguration": { "groupsToOverride": ["group-A", "group-B", "group-C"], - "iamRolesToOverride": ["arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", "arn:aws:iam::XXXXXXXXX:role/sns_callerB", "arn:aws:iam::XXXXXXXXXX:role/sns_callerC"], + "iamRolesToOverride": [ + "arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", + "arn:aws:iam::XXXXXXXXX:role/sns_callerB", + "arn:aws:iam::XXXXXXXXXX:role/sns_callerC" + ], "preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller" }, "clientMetadata": { @@ -26,4 +30,3 @@ "claimsOverrideDetails": null } } - diff --git a/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-v2-incoming.json b/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-v2-incoming.json index 3376d6e0..e5c776d8 100644 --- a/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-v2-incoming.json +++ b/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-v2-incoming.json @@ -1,33 +1,33 @@ { - "version": "1", - "triggerSource": "PreTokenGen", - "region": "region", - "userPoolId": "userPoolId", - "userName": "userName", - "callerContext": { - "awsSdkVersion": "calling aws sdk with version", - "clientId": "apps client id" + "version": "1", + "triggerSource": "TokenGeneration_HostedAuth", + "region": "region", + "userPoolId": "userPoolId", + "userName": "userName", + "callerContext": { + "awsSdkVersion": "calling aws sdk with version", + "clientId": "apps client id" + }, + "request": { + "userAttributes": { + "email": "email", + "phone_number": "phone_number" }, - "request": { - "userAttributes": { - "email": "email", - "phone_number": "phone_number" - }, - "scopes": ["scope-1", "scope-2"], - "groupConfiguration": { - "groupsToOverride": ["group-A", "group-B", "group-C"], - "iamRolesToOverride": [ - "arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", - "arn:aws:iam::XXXXXXXXX:role/sns_callerB", - "arn:aws:iam::XXXXXXXXXX:role/sns_callerC" - ], - "preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller" - }, - "clientMetadata": { - "exampleMetadataKey": "example metadata value" - } + "scopes": ["scope-1", "scope-2"], + "groupConfiguration": { + "groupsToOverride": ["group-A", "group-B", "group-C"], + "iamRolesToOverride": [ + "arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", + "arn:aws:iam::XXXXXXXXX:role/sns_callerB", + "arn:aws:iam::XXXXXXXXXX:role/sns_callerC" + ], + "preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller" }, - "response": { - "claimsOverrideDetails": null + "clientMetadata": { + "exampleMetadataKey": "example metadata value" } + }, + "response": { + "claimsOverrideDetails": null + } } diff --git a/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-v2.json b/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-v2.json index f7ccfe2f..6046d446 100644 --- a/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-v2.json +++ b/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen-v2.json @@ -1,58 +1,58 @@ { - "version": "1", - "triggerSource": "PreTokenGen", - "region": "region", - "userPoolId": "userPoolId", - "userName": "userName", - "callerContext": { - "awsSdkVersion": "calling aws sdk with version", - "clientId": "apps client id" + "version": "1", + "triggerSource": "TokenGeneration_HostedAuth", + "region": "region", + "userPoolId": "userPoolId", + "userName": "userName", + "callerContext": { + "awsSdkVersion": "calling aws sdk with version", + "clientId": "apps client id" + }, + "request": { + "userAttributes": { + "email": "email", + "phone_number": "phone_number" }, - "request": { - "userAttributes": { - "email": "email", - "phone_number": "phone_number" + "scopes": ["scope-1", "scope-2"], + "groupConfiguration": { + "groupsToOverride": ["group-A", "group-B", "group-C"], + "iamRolesToOverride": [ + "arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", + "arn:aws:iam::XXXXXXXXX:role/sns_callerB", + "arn:aws:iam::XXXXXXXXXX:role/sns_callerC" + ], + "preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller" + }, + "clientMetadata": { + "exampleMetadataKey": "example metadata value" + } + }, + "response": { + "claimsAndScopeOverrideDetails": { + "idTokenGeneration": { + "claimsToAddOrOverride": { + "string": "string" }, - "scopes": ["scope-1", "scope-2"], - "groupConfiguration": { - "groupsToOverride": ["group-A", "group-B", "group-C"], - "iamRolesToOverride": [ - "arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", - "arn:aws:iam::XXXXXXXXX:role/sns_callerB", - "arn:aws:iam::XXXXXXXXXX:role/sns_callerC" - ], - "preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller" + "claimsToSuppress": ["string", "string"] + }, + "accessTokenGeneration": { + "claimsToAddOrOverride": { + "attribute_key2": "attribute_value2", + "attribute_key": "attribute_value" }, - "clientMetadata": { - "exampleMetadataKey": "example metadata value" - } - }, - "response": { - "claimsAndScopeOverrideDetails": { - "idTokenGeneration": { - "claimsToAddOrOverride": { - "string": "string" - }, - "claimsToSuppress": ["string", "string"] - }, - "accessTokenGeneration": { - "claimsToAddOrOverride": { - "attribute_key2": "attribute_value2", - "attribute_key": "attribute_value" - }, - "claimsToSuppress": ["email", "phone"], - "scopesToAdd": ["scope-B", "scope-B"], - "scopesToSuppress": ["scope-C", "scope-D"] - }, - "groupOverrideDetails": { - "groupsToOverride": ["group-A", "group-B", "group-C"], - "iamRolesToOverride": [ - "arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", - "arn:aws:iam::XXXXXXXXX:role/sns_callerB", - "arn:aws:iam::XXXXXXXXXX:role/sns_callerC" - ], - "preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller" - } - } + "claimsToSuppress": ["email", "phone"], + "scopesToAdd": ["scope-B", "scope-B"], + "scopesToSuppress": ["scope-C", "scope-D"] + }, + "groupOverrideDetails": { + "groupsToOverride": ["group-A", "group-B", "group-C"], + "iamRolesToOverride": [ + "arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", + "arn:aws:iam::XXXXXXXXX:role/sns_callerB", + "arn:aws:iam::XXXXXXXXXX:role/sns_callerC" + ], + "preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller" + } } + } } diff --git a/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen.json b/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen.json index 7b851904..f79e8573 100644 --- a/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen.json +++ b/lambda-events/src/fixtures/example-cognito-event-userpools-pretokengen.json @@ -1,6 +1,6 @@ { "version": "1", - "triggerSource": "PreTokenGen", + "triggerSource": "TokenGeneration_HostedAuth", "region": "region", "userPoolId": "userPoolId", "userName": "userName", @@ -15,7 +15,11 @@ }, "groupConfiguration": { "groupsToOverride": ["group-A", "group-B", "group-C"], - "iamRolesToOverride": ["arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", "arn:aws:iam::XXXXXXXXX:role/sns_callerB", "arn:aws:iam::XXXXXXXXXX:role/sns_callerC"], + "iamRolesToOverride": [ + "arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", + "arn:aws:iam::XXXXXXXXX:role/sns_callerB", + "arn:aws:iam::XXXXXXXXXX:role/sns_callerC" + ], "preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller" }, "clientMetadata": { @@ -31,10 +35,13 @@ "claimsToSuppress": ["email"], "groupOverrideDetails": { "groupsToOverride": ["group-A", "group-B", "group-C"], - "iamRolesToOverride": ["arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", "arn:aws:iam::XXXXXXXXX:role/sns_callerB", "arn:aws:iam::XXXXXXXXXX:role/sns_callerC"], + "iamRolesToOverride": [ + "arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA", + "arn:aws:iam::XXXXXXXXX:role/sns_callerB", + "arn:aws:iam::XXXXXXXXXX:role/sns_callerC" + ], "preferredRole": "arn:aws:iam::XXXXXXXXXXX:role/sns_caller" } } } } -