Pre Signup Validation on AWS Cognito

  1. The validation will only live in this particular backend. If we create another app that interacts with the same user pool, we will have to repeat this logic there too.
  2. We’re adding bloat to the request handler, we could keep this handler clean by avoiding unnecessary code if we can.
  1. We can add custom validation when registering a new user to the user pool. In our case, it’s to check if the submitted email is already in use.
  2. The logic is baked into the user pool. Any signup event for this user pool will be validated regardless of where it’s coming from.

Implementation

Lambda

const { CognitoIdentityProviderClient, ListUsersCommand } = require("@aws-sdk/client-cognito-identity-provider");exports.handler = async (event, context, callback) => {
// TODO implement
const params = {
UserPoolId: 'us-west-2_rxOJKcUKc',
Filter: `email = "${event.request.userAttributes.email}"`
};
const client = new CognitoIdentityProviderClient();
const listUsersCommand = new ListUsersCommand(params);
const data = await client.send(listUsersCommand);if (data?.Users?.length > 0) {
callback(new Error("Email is already taken"), event);
} else {
callback(null, event);
}
};

Layer

{
...
"scripts": {
...
"build": "rm -rf nodejs && rm cognito-base-layer.zip && npm install && mkdir nodejs && mv node_modules nodejs && zip -r cognito-base-layer.zip . && cp cognito-base-layer.zip ~/Downloads"
},
...
}
  1. Delete the previous nodejs directory and cognito-base-layer.zip file from the previous build.
  2. Install the packages.
  3. Create a directory called nodejs.
  4. Move the node_modules folder into nodejs.
  5. Zip the current directory into a zip file called cognito-base-layer.zip.
  6. Copy the zip file to the desired location (Optional).

Permissions

{
"Version": "2012-10-17",
"Statement": []
}
{
"Effect": "Allow",
"Action": "cognito-idp:ListUsers",
"Resource": "arn:aws:cognito-idp:<region>:<account_id>:userpool/<userpool_id>"
}

Triggers

Result

UserLambdaValidationException: PreSignUp failed with error Email is already taken.
...
{
'$fault': 'client',
'$metadata': {
httpStatusCode: 400,
requestId: '3bc8f968-cbf5-4960-857f-e48daa312870',
extendedRequestId: undefined,
cfId: undefined,
attempts: 1,
totalRetryDelay: 0
},
__type: 'UserLambdaValidationException'
}

Bonus

event.response.autoConfirmUser = true event.response.autoVerifyPhone = true event.response.autoVerifyEmail = true

--

--

--

Full-stack software developer. #WebDev #Programming

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to implement a GraphQL API using TypeScript and TypeORM

How to remove immutability from a complex object

Bundle your Web application with ParcelJS

Random SVG Blob Shape Generator

How I developed an application to convert images to pdf, join pdf files and compress several pdf’s…

compress with javascript

Running Promises in a loop sequentially, one by one

Basic Aptos Wallet using aptos-web3.js

Ordinary linux command

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kelvin

Kelvin

Full-stack software developer. #WebDev #Programming

More from Medium

Google Login on AWS Cognito Without Hosted UI (Work-around)

Deploy a Lambda function using AWS Cloud9

My First Experience with AWS S3 Bucket (Story Time)

Send emails asynchronously with Sendgrid and node.js, AWS SQS, AWS Lambda