我想将cognito用户迁移到需要MFA的新用户池,而旧池也需要MFA。我已经创建了lambda触发器,它正在获取触发器并返回所需的响应,如下所示:
"response": {
"userAttributes": {
"email": "test@example.com",
"email_verified": "true",
"phone_number": "+917023433333",
"phone_number_verified": "true"
},
"forceAliasCreation": null,
"finalUserStatus": "CONFIRMED",
"messageAction": "SUPPRESS",
"desiredDeliveryMediums": null
}
这是我的事件对象:
{
"version": "1",
"triggerSource": "UserMigration_Authentication",
"region": "us-east-1",
"userPoolId": "us-east-1_newPoold",
"userName": "test@example.com",
"callerContext": {
"awsSdkVersion": "aws-sdk-unknown-unknown",
"clientId": "dddaio06kd1ls20sss5cpgddd"
},
"request": {
"password": "Test@123",
"validationData": {},
"userAttributes": null
},
"response": {
"userAttributes": null,
"forceAliasCreation": null,
"finalUserStatus": null,
"messageAction": null,
"desiredDeliveryMediums": null
}
}
当我试图将用户迁移到不需要2fa的新池时,我的脚本工作了,用户在新池中创建了,但对于2fa的池,相同的流不起作用。我使用的是相同的lambdahttps://github.com/Collaborne/migrate-cognito-user-pool-lambda/blob/master/src/index.ts
任何帮助都将不胜感激。谢谢
在询问AWS客户支持后,我通过在旧池上禁用MFA并仅在新池上启用MFA,以及在响应中将enableSMSMFA属性设置为true,实现了这一点。