Skip to content

Deprecate Cognito PreTokenGenV2 and introduce PreTokenGenV2_0 #589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 9, 2025
Merged

Deprecate Cognito PreTokenGenV2 and introduce PreTokenGenV2_0 #589

merged 1 commit into from
Apr 9, 2025

Conversation

bmoffatt
Copy link
Collaborator

@bmoffatt bmoffatt commented Apr 8, 2025
edited
Loading

Issue #, if available:

#584
#585

Description of changes:

This inner AccessTokenGeneration and IDTokenGeneration structs used in the PreTokenGenV2 event struct incorrectly restricts the ClaimsToAddOrOverride map values as strings, but Cognito supports any type when the trigger is configured for V2 or V3.

This was fixed last year in the aws-lambda-dotnet project in aws/aws-lambda-dotnet#1799 - and released as a new major version of their Cognito events package aws/aws-lambda-dotnet#1798 (comment)

Correcting the structs in-place would:

  1. be a breaking change depending on how the fields are read-to/written-from in end user code
  2. mislead V1 users, where Cognito only supports string values in the map

So I copied all existing structs related to Cognito's PreTokenGen V2_0 request/response, and suffixed the copies with V2_0 - took this convention from the current version of the documentation, which includes paragraphs like:

Because Amazon Cognito invokes this trigger before token generation, you can customize the claims in user pool tokens. With the Basic features of the version one or V1_0 pre token generation trigger event, you can customize the identity (ID) token. In user pools with the Essentials or Plus feature plan, you can generate the version two or V2_0 trigger event with access token customization, and the version three or V3_0 trigger event with access token customization for machine-to-machine (M2M) client-credentials grants.

So seemed appropriate to take that convention rather than coming up with an alternative way to 'V2' the existing 'V2' struct.

In the future, V1_0 suffixed structs can also be introduced, to improve naming consistency in auto-complete and documentation.

While the PreTokenGenV2 still works, I also added a // Deprecated: annotation to alert end users via their editors/linters that they may be missing out on some features.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@godcrampy godcrampy merged commit 288af9e into aws:main Apr 9, 2025
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@godcrampy godcrampy godcrampy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bmoffatt @godcrampy