Confirm and Link User Accounts

1. const AWS = require('aws-sdk')
2. const cognito = new AWS.CognitoIdentityServiceProvider({apiVersion: '2016-04-18' })
3. // BackendClientIds
4. // These are needed because JS can't use a app client with a client secret
5. var backendClientIds = {
6. // TO DO: USERPOOLID : BACKENDCLIENTID
7. "":""
8. };
9.  
10. // NOTE: This is not site specific; however, at this time it is only set to work with Facebook
11. exports.handler = (event, context, callback) => {
12. console.log('exports.handler - event:');
13. console.log(event);
14. if(event.triggerSource.includes('ExternalProvider'))
15. {
16. // ExternalProvider (ie. Social)
17. if (event.request.userAttributes.hasOwnProperty("email")) {
18. // Create Native User Always
19. var params = {
20. ClientId: backendClientIds[event.userPoolId],
21. Password: generatePassword(),
22. Username: event.request.userAttributes.email
23. };
24. cognito.signUp(params, function(err, data) {
25. if (err) {
26. console.log('cognito.signUp:');
27. console.log(err, err.stack);
28. if(err.code === 'UsernameExistsException')
29. {
30. // Get and Link Existing User
31. getUsersAndLink(event.userPoolId, event.request.userAttributes.email, event);
32. }
33. }
34. else {
35. console.log('cognito.signUp:');
36. console.log(data);
37. if(data.UserConfirmed)
38. {
39. // Link Newly Created User
40. linkUser(data.UserSub, event);
41. }
42. }
43. });
44. }
45. } else {
46. // All Others (ie. Native Accounts)
47. // Auto Confirm The User
48. event.response.autoConfirmUser = true;
49. // Set the email as verified if it is in the request
50. if (event.request.userAttributes.hasOwnProperty("email")) {
51. event.response.autoVerifyEmail = true;
52. }
53. }
54. // Return to Amazon Cognito
55. callback(null, event);
56. };
57.  
58. function generatePassword() {
59. // TO DO: Code returns a string of a random generated password
60. // NOTE: We do a 20+ character password random generated by a bulk list of characters
61. }
62.  
63. function getUsersAndLink(userPoolId, email, event) {
64. var params = {
65. UserPoolId: userPoolId,
66. AttributesToGet: ['sub','email','cognito:user_status'],
67. Filter: "email = \"" + email + "\""
68. }
69. cognito.listUsers(params, (err, data) => {
70. if (err) {
71. console.log('getUsersAndLink - err - cognito.listUsers:');
72. console.log(err, err.stack);
73. }
74. else {
75. console.log('getUsersAndLink - cognito.listUsers:');
76. console.log(data);
77. linkUsers(data, event);
78. }
79. });
80. }
81.  
82. function linkUser(userName, event) {
83. var destinationValue = userName;
84. var sourceValue = event.userName.split("_")[1];
85. console.log('destinationValue: ' + destinationValue);
86. console.log('sourceValue: ' + sourceValue);
87. // Email Found and CONFIRMED (not EXTERNAL_PROVIDER)
88. var params = {
89. DestinationUser: {
90. ProviderAttributeValue: destinationValue,
91. ProviderName: 'Cognito'
92. },
93. SourceUser: {
94. ProviderAttributeName: 'Cognito_Subject',
95. ProviderAttributeValue: sourceValue,
96. ProviderName: event.userName.split("_")[0]
97. },
98. UserPoolId: event.userPoolId
99. };
100. cognito.adminLinkProviderForUser(params, function(err, data) {
101. if (err) {
102. console.log('linkUser - err - cognito.adminLinkProviderForUser:');
103. console.log(err, err.stack);
104. }
105. else {
106. console.log('linkUser - cognito.adminLinkProviderForUser:');
107. console.log(data);
108. }
109. });
110. }
111.  
112. function linkUsers(usersData, event) {
113. if(usersData != null && usersData.Users != null && usersData.Users.length > 0)
114. {
115. for (var i = 0; i < usersData.Users.length; i++) {
116. if(usersData.Users[i] != null)
117. {
118. var destinationValue = '';
119. var sourceValue = '';
120. if(usersData.Users[i].UserStatus === 'CONFIRMED') {
121. linkUser(usersData.Users[i].Username, event);
122. }
123. }
124. }
125. } else {
126. console.log("linkUsers: UserData was NULL or Empty")
127. }
128. }