Skip to content

Commit

Permalink
Adds the V2 version of the pre token generation event.
Browse files Browse the repository at this point in the history
  • Loading branch information
msailes authored and andclt committed Jun 11, 2024
1 parent 02d2c06 commit 656417a
Show file tree
Hide file tree
Showing 4 changed files with 185 additions and 1 deletion.
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
/* Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. */

package com.amazonaws.services.lambda.runtime.events;

import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
import lombok.ToString;

import java.util.Map;

/**
* Represent the class for the Cognito User Pool Pre Token Generation Lambda Trigger V2
* <p>
* See <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html">Pre Token Generation Lambda Trigger</a>
*/
@Data
@EqualsAndHashCode(callSuper = true)
@NoArgsConstructor
@ToString(callSuper = true)
public class CognitoUserPoolPreTokenGenerationEventV2 extends CognitoUserPoolEvent {
/**
* The request from the Amazon Cognito service.
*/
private Request request;

/**
* The response from your Lambda trigger.
*/
private Response response;

@Builder(setterPrefix = "with")
public CognitoUserPoolPreTokenGenerationEventV2(
String version,
String triggerSource,
String region,
String userPoolId,
String userName,
CallerContext callerContext,
Request request,
Response response) {
super(version, triggerSource, region, userPoolId, userName, callerContext);
this.request = request;
this.response = response;
}

@Data
@EqualsAndHashCode(callSuper = true)
@NoArgsConstructor
@ToString(callSuper = true)
public static class Request extends CognitoUserPoolEvent.Request {

private String[] scopes;
private GroupConfiguration groupConfiguration;
private Map<String, String> clientMetadata;

@Builder(setterPrefix = "with")
public Request(Map<String, String> userAttributes, String[] scopes, GroupConfiguration groupConfiguration, Map<String, String> clientMetadata) {
super(userAttributes);
this.scopes = scopes;
this.groupConfiguration = groupConfiguration;
this.clientMetadata = clientMetadata;
}
}

@Data
@AllArgsConstructor
@Builder(setterPrefix = "with")
@NoArgsConstructor
public static class GroupConfiguration {
/**
* A list of the group names that are associated with the user that the identity token is issued for.
*/
private String[] groupsToOverride;
/**
* A list of the current IAM roles associated with these groups.
*/
private String[] iamRolesToOverride;
/**
* Indicates the preferred IAM role.
*/
private String preferredRole;
}

@Data
@AllArgsConstructor
@Builder(setterPrefix = "with")
@NoArgsConstructor
public static class Response {
private ClaimsAndScopeOverrideDetails claimsAndScopeOverrideDetails;
}

@Data
@AllArgsConstructor
@Builder(setterPrefix = "with")
@NoArgsConstructor
public static class ClaimsAndScopeOverrideDetails {
private IdTokenGeneration idTokenGeneration;
private AccessTokenGeneration accessTokenGeneration;
private GroupOverrideDetails groupOverrideDetails;
}

@Data
@AllArgsConstructor
@Builder(setterPrefix = "with")
@NoArgsConstructor
public static class IdTokenGeneration {
private Map<String, String> claimsToAddOrOverride;
private String[] claimsToSuppress;
}

@Data
@AllArgsConstructor
@Builder(setterPrefix = "with")
@NoArgsConstructor
public static class AccessTokenGeneration {
private Map<String, String> claimsToAddOrOverride;
private String[] claimsToSuppress;
private String[] scopesToAdd;
private String[] scopesToSuppress;
}

@Data
@AllArgsConstructor
@Builder(setterPrefix = "with")
@NoArgsConstructor
public static class GroupOverrideDetails {
private Map<String, String> groupsToOverride;
private Map<String, String> iamRolesToOverride;
private String preferredRole;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,10 @@ public static RabbitMQEvent loadRabbitMQEvent(String filename) {
return loadEvent(filename, RabbitMQEvent.class);
}

public static CognitoUserPoolPreTokenGenerationEventV2 loadCognitoUserPoolPreTokenGenerationEventV2(String filename) {
return loadEvent(filename, CognitoUserPoolPreTokenGenerationEventV2.class);
}

public static <T> T loadEvent(String filename, Class<T> targetClass) {

if (!filename.endsWith("json")) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@

import static java.time.Instant.ofEpochSecond;
import static org.assertj.core.api.Assertions.*;
import static org.assertj.core.api.Assertions.from;

import com.amazonaws.services.lambda.runtime.events.*;

Expand Down Expand Up @@ -363,4 +362,18 @@ public void testLoadRabbitMQEvent() {
assertThat(header1.get("bytes")).contains(118, 97, 108, 117, 101, 49);
assertThat((Integer) headers.get("numberInHeader")).isEqualTo(10);
}

@Test
public void testLoadCognitoUserPoolPreTokenGenerationEventV2() {
CognitoUserPoolPreTokenGenerationEventV2 event = EventLoader.loadCognitoUserPoolPreTokenGenerationEventV2("cognito_user_pool_pre_token_generation_event_v2.json");
assertThat(event).isNotNull();
assertThat(event)
.returns("2", from(CognitoUserPoolPreTokenGenerationEventV2::getVersion))
.returns("us-east-1", from(CognitoUserPoolPreTokenGenerationEventV2::getRegion))
.returns("TokenGeneration_Authentication", from(CognitoUserPoolPreTokenGenerationEventV2::getTriggerSource));

CognitoUserPoolPreTokenGenerationEventV2.Request request = event.getRequest();
assertThat(request)
.returns("aws.cognito.signin.user.admin", from(CognitoUserPoolPreTokenGenerationEventV2.Request::getScopes));
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"version": "2",
"triggerSource": "TokenGeneration_Authentication",
"region": "us-east-1",
"userPoolId": "us-east-1_EXAMPLE",
"userName": "JaneDoe",
"callerContext": {
"awsSdkVersion": "aws-sdk-unknown-unknown",
"clientId": "1example23456789"
},
"request": {
"userAttributes": {
"sub": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"cognito:user_status": "CONFIRMED",
"email_verified": "true",
"phone_number_verified": "true",
"phone_number": "+12065551212",
"family_name": "Zoe",
"email": "[email protected]"
},
"groupConfiguration": {
"groupsToOverride": ["group-1", "group-2", "group-3"],
"iamRolesToOverride": ["arn:aws:iam::123456789012:role/sns_caller1", "arn:aws:iam::123456789012:role/sns_caller2", "arn:aws:iam::123456789012:role/sns_caller3"],
"preferredRole": ["arn:aws:iam::123456789012:role/sns_caller"]
},
"scopes": [
"aws.cognito.signin.user.admin", "openid", "email", "phone"
]
},
"response": {
"claimsAndScopeOverrideDetails": []
}
}

0 comments on commit 656417a

Please sign in to comment.