-
-
Save morgler/651e5dc48bcfae5680181e1b7bb8d04b to your computer and use it in GitHub Desktop.
| 'use strict'; | |
| const https = require('https'); | |
| const attributes = (response) => { | |
| return { | |
| "email": response.email, | |
| "email_verified": "true", | |
| "name": response.name, | |
| "custom:rails_app_id": response.id | |
| }; | |
| }; | |
| const checkUser = (server, data, callback) => { | |
| let postData = JSON.stringify( data ); | |
| let options = { | |
| hostname: server, | |
| path: "/aws/auth", | |
| method: 'POST', | |
| headers: { | |
| 'Content-Type': 'application/json', | |
| 'Content-Length': postData.length | |
| } | |
| }; | |
| console.log('checkUser', options, data) | |
| let req = https.request(options, (res) => { | |
| console.log("result", res) | |
| let data = ""; | |
| res.on('data', (chunk) => { | |
| data += chunk; | |
| }); | |
| res.on('end', () => { | |
| if ( data ){ | |
| let response = JSON.parse( data ); | |
| //console.log( 'response:', JSON.stringify(response, null, 2) ); | |
| callback( null, response); | |
| } else { | |
| callback( "Authentication error"); | |
| } | |
| }); | |
| }); | |
| req.on('error', (e) => { | |
| callback( e ); | |
| }); | |
| req.write( postData ); | |
| req.end(); | |
| } | |
| exports.handler = (event, context, callback) => { | |
| console.log('Migrating user:', event.userName); | |
| let rails_server_url = process.env.rails_server_url; | |
| checkUser( rails_server_url, { | |
| email: event.userName, | |
| password: event.request && event.request.password, | |
| access_token: process.env.rails_server_access_token | |
| }, (err, response ) => { | |
| if ( err ){ | |
| return context.fail("Connection error", err); | |
| } | |
| if ( event.triggerSource == "UserMigration_Authentication" ) { | |
| // authenticate the user with your existing user directory service | |
| if ( response.success ) { | |
| event.response.userAttributes = attributes( response ) ; | |
| event.response.finalUserStatus = "CONFIRMED"; | |
| event.response.messageAction = "SUPPRESS"; | |
| console.log(event) | |
| console.log('Migrating user:', event.userName); | |
| callback(null, event) | |
| } else if ( response.user_exists ) { | |
| // Return error to Amazon Cognito | |
| callback("Bad password"); | |
| } else { | |
| callback("Bad user"); | |
| } | |
| } else if ( event.triggerSource == "UserMigration_ForgotPassword" ) { | |
| if ( response.user_exists ) { | |
| event.response.userAttributes = attributes( response ) ; | |
| event.response.messageAction = "SUPPRESS"; | |
| console.log('Migrating user with password reset:', event.userName); | |
| callback(null, event); | |
| } else { | |
| callback("Bad user"); | |
| } | |
| } else { | |
| // Return error to Amazon Cognito | |
| callback("Bad triggerSource " + event.triggerSource); | |
| } | |
| }); | |
| }; |
The user migration is happening from a custom system. In this example it is a Rails application, but it could be any system. The only thing needed is an API endpoint to verify user credentials.
Just out of curiosity, Can this migration work if my user data is in RDS mysql db and I want migrate them to cognito user pool?
Theoretically it should work. You would simply substitute the checkUser function with a call to RDS and a check of the credentials you retrieved. But maybe, since RDS is also AWS, there is an even simpler way to migrate – I don't know.
Alright.I do have another silly question, which is how does it know which pool to migrate it to?as I see nothing defined in the code.
Thank in advance, for answering my questions patiently.
You set the lambda function with this code as being triggered in your Cognito user pool: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html . Cognito will call that lambda whenever it needs to migrate a user and then uses the return value of your function to create the user in Cognito.
H.Could you tell the user migration is happening from where into congito user pool?