Post Confirmation doesn't trigger lambda function

Asked 15/4, 2019 at 11:57 Answered 13/6, 2024 at 0:7

amazon-web-services amazon-cognito amazon-cognito-triggers

My step:

I created user by calling the AdminCreateUser API.
I use my custom login form to do the first login
I change password (because I'm in FORCE_PASSWORD_CHANGE status) Now the user is CONFIRMED
Trigger doesn't fire.

Eider answered 15/4, 2019 at 11:57 Comment(1)

Did you find out why that happened? Facing the same problem! – Incommodity 21/8, 2020 at 8:47

Cognito does not trigger post confirm when the user is created with adminCreateUser or manually from Cognito dashboard.

Melodize answered 6/2, 2021 at 13:41 Comment(6)

Do you have any documentation proving that ? I'm not challenging your response. It totally makes sense, since well, is not getting triggered in my case as well, but is there anywhere in AWS where we can get that info from ? – Transceiver 11/2, 2021 at 15:44

The Cognito documents are quite poor. I have myself been exploring this for a bit and I can confirm this with my exploration. I have tested both scenarios and this is how it is. – Melodize 11/2, 2021 at 23:49

This is correct, the adminCreateUser doesn't trigger the post confirm event. You can however trigger pre-sign up, check my other answer to this question for details and references. – Thurmanthurmann 19/4, 2021 at 14:29

Unfortunately, this is correct. I've tried all of the configurations. Here's a list of those triggers that work: Pre Sign Up, Pre Authentication, Post Authentication. I've tried unticking the "confirm phone" and "confirm email" radio boxes, but it still won't work. I'm doing the same, and I need the user to provide data so that I can use the Lambda to pop that info into a db. This is too bad. – Farland 30/5, 2021 at 5:9

@Farland I need your exact behavior too. Actually, I need to set up a whole tenant for the user in that trigger. How'd you get around this quickly? signup on hosted UI? – Dru 22/11, 2021 at 12:53

@ShawnMclean I created a signup script using the AWS CLI and used the Pre Sign Up trigger. I then used my Lambda to do my trickery. If you want to grab user info after they're done authenticating (after they submit a code or something) for your lambda, the best path is a signup using Amplify or the cognito identity SDK and using the Post Auth trigger. I hope that helps! – Farland 22/11, 2021 at 19:16

I am looking for the answer to this as well and I found this in the official documentation:-

You create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the pre sign-up trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input.

So basically we need to attach the lambda function to the pre sign-up trigger if we are using the AdminCreateUser API action. Haven't checked if it works. Confirmation would be great!

Update:-

I tried it out myself and it does trigger the pre sign-up lambda function. So there's the confirmation!

Thurmanthurmann answered 17/4, 2021 at 9:40 Comment(2)

But that does not imply that the user really change his password. Just that it was created – Harr 10/6, 2022 at 23:25

I see many peoples annoyed with this Well done finding this, it was amazingly well hidden and so no logic... Looks like AWS make all his best so we can be tired of using Cognito, you have to be workarounds black belt to offer a proper user experience with this service – Paymaster 23/8, 2024 at 22:5

As the name suggests, it is post "confirmation" trigger. The user needs to confirm the email belongs to him/her. This is done by entering the OTP that cognito sends to the given email address. Once the user enters that OTP, the email address is confirmed and post confirmation trigger fires.

Do Use the hosted UI's "Signup" link to create the account

Do Not Use Cognito service's in-built user creation page. Use Admin API

Aeniah answered 27/1, 2023 at 5:20 Comment(0)

I believe Ragav's answer is the closest one but missing some extra information. For pre-signup triggers, you run the risk that Cognito denies the registration after you already synced the user to the database. So keep the syncing in the Post-Confirmation trigger.

Add a pre-signup trigger that only listens for "AdminCreateNewUser" type of events, since these are the edge case anyways, and then you can safely add these users to the DB since Cognito won't give any validation problems afterwards for these specific users.

This is the event that the pre-signup trigger passes:

    {
      "version": "1",
      "region": "us-east-1",
      "userPoolId": "us-east-1_xxxxxxxx",
      "userName": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "callerContext": {
        "awsSdkVersion": "aws-sdk-js-2.1545.0",
        "clientId": "CLIENT_ID_NOT_APPLICABLE"
      },
      "triggerSource": "PreSignUp_AdminCreateUser",
      "request": {
        "userAttributes": {
          "email": "[email protected]"
        },
        "validationData": null
      },
      "response": {
        "autoConfirmUser": false,
        "autoVerifyEmail": false,
        "autoVerifyPhone": false
      }
    }

Jackdaw answered 13/6, 2024 at 0:7 Comment(0)

Recommended topics

Hot tags