Description
Let me start by saying that I am bit rusty on the topic since I haven't touched our custom auth lambda in almost two years, and that this isn't really an issue but more of an idea I'd like to discuss.
I was looking at the CognitoEvent
s and I was wondering if the distinction between the request and response event is actually necessary.
Since Cognito already provides an empty response object in the input event, we could remove the Response event.
This would have the added (debatable?) benefit of editing the inner response objects in place. I don't know if you like the idea, since this isn't exactly the most "Swift" way to go, but it would allow to write code which is very similar to the examples provided in the AWS doc, making the adoption easier I would guess. Those example usually edit the event.response
in-place and then return the input event as the Lambda output.
POC:
enum CognitoEvent {
case defineAuthChallenge(DefineAuthChallenge)
}
struct DefineAuthChallenge: Codable {
let version: String
let region: String
let userPoolId: String
let userName: String
let callerContext: [String: String]
let triggerSource: String
let request: Request
var response: Response
struct Request: Codable {
let userAttributes: [String: String]
let session: [Challange]
let userNotFound: Bool
struct Challange: Codable {
let challengeName: String
let challengeResult: Bool
let challengeMetadata: String
}
}
final class Response: Codable {
var challengeName: String?
var issueTokens: Bool?
var failAuthentication: Bool?
}
}
switch event {
case .defineAuthChallenge(let defineAuthChallenge):
defineAuthChallenge.response.challengeName = "MY_CUSTOM_2FA"
default:
throw UnsupportedEvent()
}