xeusteerapat/handler.js

## handler.js
const AWS = require('aws-sdk');
const CognitoSDK = require('amazon-cognito-identity-js-node');
AWS.CognitoIdentityServiceProvider.AuthenticationDetails = CognitoSDK.AuthenticationDetails;
AWS.CognitoIdentityServiceProvider.CognitoUserPool = CognitoSDK.CognitoUserPool;
AWS.CognitoIdentityServiceProvider.CognitoUser = CognitoSDK.CognitoUser;

const Username = 'testuser';
const TempPassword = 'TemporaryPassword2!';
const NewPassword = 'NewPassword@#@!19';
const Email = 'some@email.com';
const config = { region: 'us-east-1' };
const UserPoolId = 'USER_POOL_ID_HERE';
const ClientId = 'APP_CLIENT_ID_HERE'; // Your App client id (add via Console->Cognito User Pool)

const cognitoIdentityServiceProvider =
  new AWS.CognitoIdentityServiceProvider(config);


const saveOrUpdateUser = (profile) => {

  //User Pool
  const poolData = {
    UserPoolId : UserPoolId,
    ClientId : ClientId // Your App client id here
  };
  const userPool = new AWS.CognitoIdentityServiceProvider.CognitoUserPool(poolData);

  //User
  const userParams = {
    Pool: userPool,
    Username: Username,
  };
  var cognitoUser = new AWS.CognitoIdentityServiceProvider.CognitoUser(userParams);

  //Authentication
  const authenticationData = {
    Username: Username,
    Password: NewPassword, //1st time use TempPassword
  }
  const authenticationDetails = new AWS.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
  var responseFunctions = {
    onSuccess: (result) => {
      console.log('IT WORKED!');
      console.log(result);
    },
    onFailure: (err) => {
      console.log('no go :(');
      console.log(err);
    }
  };

  //newPasswordRequired has to be added separately because it sends responseFunctions to completeNewPasswordChallenge
  responseFunctions.newPasswordRequired = (userAttributes, requiredAttributes) => {
    delete userAttributes.email_verified;
    cognitoUser.completeNewPasswordChallenge(NewPassword, {email: Email}, responseFunctions)
  };
  cognitoUser.authenticateUser(authenticationDetails, responseFunctions);
};

saveOrUpdateUser();

## package.json
{
  "name": "test-app",
  "description": "test app",
  "version": "0.0.1",
  "engines": {
    "node": ">=6.3.1"
  },
  "devDependencies": {
    "amazon-cognito-identity-js-node": "0.0.3",
    "aws-sdk": "^2.5.3"
  }
}

## server.yml (partial)
    events:
      - http:
          path: restricted
          method: get
          cors: true
          integration: lambda
          authorizer:
            arn: arn:aws:cognito-idp:AWS_REGION:AWS_ACCOUNT_ID:userpool/AWS_USERPOOL_ID
            resultTtlInSeconds: 0
            claims:
              - email
            identitySource: method.request.header.Authorization
            identityValidationExpression: .*
	const AWS = require('aws-sdk');
	const CognitoSDK = require('amazon-cognito-identity-js-node');
	AWS.CognitoIdentityServiceProvider.AuthenticationDetails = CognitoSDK.AuthenticationDetails;
	AWS.CognitoIdentityServiceProvider.CognitoUserPool = CognitoSDK.CognitoUserPool;
	AWS.CognitoIdentityServiceProvider.CognitoUser = CognitoSDK.CognitoUser;

	const Username = 'testuser';
	const TempPassword = 'TemporaryPassword2!';
	const NewPassword = 'NewPassword@#@!19';
	const Email = 'some@email.com';
	const config = { region: 'us-east-1' };
	const UserPoolId = 'USER_POOL_ID_HERE';
	const ClientId = 'APP_CLIENT_ID_HERE'; // Your App client id (add via Console->Cognito User Pool)

	const cognitoIdentityServiceProvider =
	new AWS.CognitoIdentityServiceProvider(config);


	const saveOrUpdateUser = (profile) => {

	//User Pool
	const poolData = {
	UserPoolId : UserPoolId,
	ClientId : ClientId // Your App client id here
	};
	const userPool = new AWS.CognitoIdentityServiceProvider.CognitoUserPool(poolData);

	//User
	const userParams = {
	Pool: userPool,
	Username: Username,
	};
	var cognitoUser = new AWS.CognitoIdentityServiceProvider.CognitoUser(userParams);

	//Authentication
	const authenticationData = {
	Username: Username,
	Password: NewPassword, //1st time use TempPassword
	}
	const authenticationDetails = new AWS.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
	var responseFunctions = {
	onSuccess: (result) => {
	console.log('IT WORKED!');
	console.log(result);
	},
	onFailure: (err) => {
	console.log('no go :(');
	console.log(err);
	}
	};

	//newPasswordRequired has to be added separately because it sends responseFunctions to completeNewPasswordChallenge
	responseFunctions.newPasswordRequired = (userAttributes, requiredAttributes) => {
	delete userAttributes.email_verified;
	cognitoUser.completeNewPasswordChallenge(NewPassword, {email: Email}, responseFunctions)
	};
	cognitoUser.authenticateUser(authenticationDetails, responseFunctions);
	};

	saveOrUpdateUser();
	{
	"name": "test-app",
	"description": "test app",
	"version": "0.0.1",
	"engines": {
	"node": ">=6.3.1"
	},
	"devDependencies": {
	"amazon-cognito-identity-js-node": "0.0.3",
	"aws-sdk": "^2.5.3"
	}
	}
	events:
	- http:
	path: restricted
	method: get
	cors: true
	integration: lambda
	authorizer:
	arn: arn:aws:cognito-idp:AWS_REGION:AWS_ACCOUNT_ID:userpool/AWS_USERPOOL_ID
	resultTtlInSeconds: 0
	claims:
	- email
	identitySource: method.request.header.Authorization
	identityValidationExpression: .*