-
Notifications
You must be signed in to change notification settings - Fork 557
/
Copy pathcognito.go
310 lines (266 loc) · 14.9 KB
/
cognito.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
// Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
package events
// CognitoEvent contains data from an event sent from Amazon Cognito Sync
type CognitoEvent struct {
DatasetName string `json:"datasetName"`
DatasetRecords map[string]CognitoDatasetRecord `json:"datasetRecords"`
EventType string `json:"eventType"`
IdentityID string `json:"identityId"`
IdentityPoolID string `json:"identityPoolId"`
Region string `json:"region"`
Version int `json:"version"`
}
// CognitoDatasetRecord represents a record from an Amazon Cognito Sync event
type CognitoDatasetRecord struct {
NewValue string `json:"newValue"`
OldValue string `json:"oldValue"`
Op string `json:"op"`
}
// CognitoEventUserPoolsPreSignup is sent by Amazon Cognito User Pools when a user attempts to register
// (sign up), allowing a Lambda to perform custom validation to accept or deny the registration request
type CognitoEventUserPoolsPreSignup struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsPreSignupRequest `json:"request"`
Response CognitoEventUserPoolsPreSignupResponse `json:"response"`
}
// CognitoEventUserPoolsPreAuthentication is sent by Amazon Cognito User Pools when a user submits their information
// to be authenticated, allowing you to perform custom validations to accept or deny the sign in request.
type CognitoEventUserPoolsPreAuthentication struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsPreAuthenticationRequest `json:"request"`
Response CognitoEventUserPoolsPreAuthenticationResponse `json:"response"`
}
// CognitoEventUserPoolsPostConfirmation is sent by Amazon Cognito User Pools after a user is confirmed,
// allowing the Lambda to send custom messages or add custom logic.
type CognitoEventUserPoolsPostConfirmation struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsPostConfirmationRequest `json:"request"`
Response CognitoEventUserPoolsPostConfirmationResponse `json:"response"`
}
// CognitoEventUserPoolsPreTokenGen is sent by Amazon Cognito User Pools when a user attempts to retrieve
// credentials, allowing a Lambda to perform insert, suppress or override claims
type CognitoEventUserPoolsPreTokenGen struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsPreTokenGenRequest `json:"request"`
Response CognitoEventUserPoolsPreTokenGenResponse `json:"response"`
}
// CognitoEventUserPoolsPreTokenGenV2 is sent by Amazon Cognito User Pools when a user attempts to retrieve
// credentials, allowing a Lambda to perform insert, suppress or override claims and scopes
type CognitoEventUserPoolsPreTokenGenV2 struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsPreTokenGenV2Request `json:"request"`
Response CognitoEventUserPoolsPreTokenGenV2Response `json:"response"`
}
// CognitoEventUserPoolsPostAuthentication is sent by Amazon Cognito User Pools after a user is authenticated,
// allowing the Lambda to add custom logic.
type CognitoEventUserPoolsPostAuthentication struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsPostAuthenticationRequest `json:"request"`
Response CognitoEventUserPoolsPostAuthenticationResponse `json:"response"`
}
// CognitoEventUserPoolsMigrateUser is sent by Amazon Cognito User Pools when a user does not exist in the
// user pool at the time of sign-in with a password, or in the forgot-password flow.
type CognitoEventUserPoolsMigrateUser struct {
CognitoEventUserPoolsHeader
CognitoEventUserPoolsMigrateUserRequest `json:"request"`
CognitoEventUserPoolsMigrateUserResponse `json:"response"`
}
// CognitoEventUserPoolsCallerContext contains information about the caller
type CognitoEventUserPoolsCallerContext struct {
AWSSDKVersion string `json:"awsSdkVersion"`
ClientID string `json:"clientId"`
}
// CognitoEventUserPoolsHeader contains common data from events sent by Amazon Cognito User Pools
type CognitoEventUserPoolsHeader struct {
Version string `json:"version"`
TriggerSource string `json:"triggerSource"`
Region string `json:"region"`
UserPoolID string `json:"userPoolId"`
CallerContext CognitoEventUserPoolsCallerContext `json:"callerContext"`
UserName string `json:"userName"`
}
// CognitoEventUserPoolsPreSignupRequest contains the request portion of a PreSignup event
type CognitoEventUserPoolsPreSignupRequest struct {
UserAttributes map[string]string `json:"userAttributes"`
ValidationData map[string]string `json:"validationData"`
ClientMetadata map[string]string `json:"clientMetadata"`
}
// CognitoEventUserPoolsPreSignupResponse contains the response portion of a PreSignup event
type CognitoEventUserPoolsPreSignupResponse struct {
AutoConfirmUser bool `json:"autoConfirmUser"`
AutoVerifyEmail bool `json:"autoVerifyEmail"`
AutoVerifyPhone bool `json:"autoVerifyPhone"`
}
// CognitoEventUserPoolsPreAuthenticationRequest contains the request portion of a PreAuthentication event
type CognitoEventUserPoolsPreAuthenticationRequest struct {
UserAttributes map[string]string `json:"userAttributes"`
ValidationData map[string]string `json:"validationData"`
}
// CognitoEventUserPoolsPreAuthenticationResponse contains the response portion of a PreAuthentication event
type CognitoEventUserPoolsPreAuthenticationResponse struct {
}
// CognitoEventUserPoolsPostConfirmationRequest contains the request portion of a PostConfirmation event
type CognitoEventUserPoolsPostConfirmationRequest struct {
UserAttributes map[string]string `json:"userAttributes"`
ClientMetadata map[string]string `json:"clientMetadata"`
}
// CognitoEventUserPoolsPostConfirmationResponse contains the response portion of a PostConfirmation event
type CognitoEventUserPoolsPostConfirmationResponse struct {
}
// CognitoEventUserPoolsPreTokenGenRequest contains request portion of PreTokenGen event
type CognitoEventUserPoolsPreTokenGenRequest struct {
UserAttributes map[string]string `json:"userAttributes"`
GroupConfiguration GroupConfiguration `json:"groupConfiguration"`
ClientMetadata map[string]string `json:"clientMetadata"`
}
// CognitoEventUserPoolsPreTokenGenV2Request contains request portion of V2 PreTokenGen event
type CognitoEventUserPoolsPreTokenGenV2Request struct {
UserAttributes map[string]string `json:"userAttributes"`
GroupConfiguration GroupConfiguration `json:"groupConfiguration"`
ClientMetadata map[string]string `json:"clientMetadata,omitempty"`
Scopes []string `json:"scopes"`
}
// CognitoEventUserPoolsPreTokenGenResponse contains the response portion of a PreTokenGen event
type CognitoEventUserPoolsPreTokenGenResponse struct {
ClaimsOverrideDetails ClaimsOverrideDetails `json:"claimsOverrideDetails"`
}
// CognitoEventUserPoolsPreTokenGenV2Response contains the response portion of a V2 PreTokenGen event
type CognitoEventUserPoolsPreTokenGenV2Response struct {
ClaimsAndScopeOverrideDetails ClaimsAndScopeOverrideDetails `json:"claimsAndScopeOverrideDetails"`
}
// CognitoEventUserPoolsPostAuthenticationRequest contains the request portion of a PostAuthentication event
type CognitoEventUserPoolsPostAuthenticationRequest struct {
NewDeviceUsed bool `json:"newDeviceUsed"`
UserAttributes map[string]string `json:"userAttributes"`
ClientMetadata map[string]string `json:"clientMetadata"`
}
// CognitoEventUserPoolsPostAuthenticationResponse contains the response portion of a PostAuthentication event
type CognitoEventUserPoolsPostAuthenticationResponse struct {
}
// CognitoEventUserPoolsMigrateUserRequest contains the request portion of a MigrateUser event
type CognitoEventUserPoolsMigrateUserRequest struct {
Password string `json:"password"`
ValidationData map[string]string `json:"validationData"`
ClientMetadata map[string]string `json:"clientMetadata"`
}
// CognitoEventUserPoolsMigrateUserResponse contains the response portion of a MigrateUser event
type CognitoEventUserPoolsMigrateUserResponse struct {
UserAttributes map[string]string `json:"userAttributes"`
FinalUserStatus string `json:"finalUserStatus"`
MessageAction string `json:"messageAction"`
DesiredDeliveryMediums []string `json:"desiredDeliveryMediums"`
ForceAliasCreation bool `json:"forceAliasCreation"`
}
// ClaimsAndScopeOverrideDetails allows lambda to add, suppress or override V2 claims and scopes in the token
type ClaimsAndScopeOverrideDetails struct {
IDTokenGeneration IDTokenGeneration `json:"idTokenGeneration"`
AccessTokenGeneration AccessTokenGeneration `json:"accessTokenGeneration"`
GroupOverrideDetails GroupConfiguration `json:"groupOverrideDetails"`
}
// IDTokenGeneration allows lambda to modify the ID token
type IDTokenGeneration struct {
ClaimsToAddOrOverride map[string]string `json:"claimsToAddOrOverride"`
ClaimsToSuppress []string `json:"claimsToSuppress"`
}
// AccessTokenGeneration allows lambda to modify the access token
type AccessTokenGeneration struct {
ClaimsToAddOrOverride map[string]string `json:"claimsToAddOrOverride"`
ClaimsToSuppress []string `json:"claimsToSuppress"`
ScopesToAdd []string `json:"scopesToAdd"`
ScopesToSuppress []string `json:"scopesToSuppress"`
}
// ClaimsOverrideDetails allows lambda to add, suppress or override claims in the token
type ClaimsOverrideDetails struct {
GroupOverrideDetails GroupConfiguration `json:"groupOverrideDetails"`
ClaimsToAddOrOverride map[string]string `json:"claimsToAddOrOverride"`
ClaimsToSuppress []string `json:"claimsToSuppress"`
}
// GroupConfiguration allows lambda to override groups, roles and set a preferred role
type GroupConfiguration struct {
GroupsToOverride []string `json:"groupsToOverride"`
IAMRolesToOverride []string `json:"iamRolesToOverride"`
PreferredRole *string `json:"preferredRole"`
}
// CognitoEventUserPoolsChallengeResult represents a challenge that is presented to the user in the authentication
// process that is underway, along with the corresponding result.
type CognitoEventUserPoolsChallengeResult struct {
ChallengeName string `json:"challengeName"`
ChallengeResult bool `json:"challengeResult"`
ChallengeMetadata string `json:"challengeMetadata"`
}
// CognitoEventUserPoolsDefineAuthChallengeRequest defines auth challenge request parameters
type CognitoEventUserPoolsDefineAuthChallengeRequest struct {
UserAttributes map[string]string `json:"userAttributes"`
Session []*CognitoEventUserPoolsChallengeResult `json:"session"`
ClientMetadata map[string]string `json:"clientMetadata"`
UserNotFound bool `json:"userNotFound"`
}
// CognitoEventUserPoolsDefineAuthChallengeResponse defines auth challenge response parameters
type CognitoEventUserPoolsDefineAuthChallengeResponse struct {
ChallengeName string `json:"challengeName"`
IssueTokens bool `json:"issueTokens"`
FailAuthentication bool `json:"failAuthentication"`
}
// CognitoEventUserPoolsDefineAuthChallenge sent by Amazon Cognito User Pools to initiate custom authentication flow
type CognitoEventUserPoolsDefineAuthChallenge struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsDefineAuthChallengeRequest `json:"request"`
Response CognitoEventUserPoolsDefineAuthChallengeResponse `json:"response"`
}
// CognitoEventUserPoolsCreateAuthChallengeRequest defines create auth challenge request parameters
type CognitoEventUserPoolsCreateAuthChallengeRequest struct {
UserAttributes map[string]string `json:"userAttributes"`
ChallengeName string `json:"challengeName"`
Session []*CognitoEventUserPoolsChallengeResult `json:"session"`
ClientMetadata map[string]string `json:"clientMetadata"`
}
// CognitoEventUserPoolsCreateAuthChallengeResponse defines create auth challenge response rarameters
type CognitoEventUserPoolsCreateAuthChallengeResponse struct {
PublicChallengeParameters map[string]string `json:"publicChallengeParameters"`
PrivateChallengeParameters map[string]string `json:"privateChallengeParameters"`
ChallengeMetadata string `json:"challengeMetadata"`
}
// CognitoEventUserPoolsCreateAuthChallenge sent by Amazon Cognito User Pools to create a challenge to present to the user
type CognitoEventUserPoolsCreateAuthChallenge struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsCreateAuthChallengeRequest `json:"request"`
Response CognitoEventUserPoolsCreateAuthChallengeResponse `json:"response"`
}
// CognitoEventUserPoolsVerifyAuthChallengeRequest defines verify auth challenge request parameters
type CognitoEventUserPoolsVerifyAuthChallengeRequest struct {
UserAttributes map[string]string `json:"userAttributes"`
PrivateChallengeParameters map[string]string `json:"privateChallengeParameters"`
ChallengeAnswer interface{} `json:"challengeAnswer"`
ClientMetadata map[string]string `json:"clientMetadata"`
}
// CognitoEventUserPoolsVerifyAuthChallengeResponse defines verify auth challenge response parameters
type CognitoEventUserPoolsVerifyAuthChallengeResponse struct {
AnswerCorrect bool `json:"answerCorrect"`
}
// CognitoEventUserPoolsVerifyAuthChallenge sent by Amazon Cognito User Pools to verify if the response from the end user
// for a custom Auth Challenge is valid or not
type CognitoEventUserPoolsVerifyAuthChallenge struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsVerifyAuthChallengeRequest `json:"request"`
Response CognitoEventUserPoolsVerifyAuthChallengeResponse `json:"response"`
}
// CognitoEventUserPoolsCustomMessage is sent by Amazon Cognito User Pools before a verification or MFA message is sent,
// allowing a user to customize the message dynamically.
type CognitoEventUserPoolsCustomMessage struct {
CognitoEventUserPoolsHeader
Request CognitoEventUserPoolsCustomMessageRequest `json:"request"`
Response CognitoEventUserPoolsCustomMessageResponse `json:"response"`
}
// CognitoEventUserPoolsCustomMessageRequest contains the request portion of a CustomMessage event
type CognitoEventUserPoolsCustomMessageRequest struct {
UserAttributes map[string]interface{} `json:"userAttributes"`
CodeParameter string `json:"codeParameter"`
UsernameParameter string `json:"usernameParameter"`
ClientMetadata map[string]string `json:"clientMetadata"`
}
// CognitoEventUserPoolsCustomMessageResponse contains the response portion of a CustomMessage event
type CognitoEventUserPoolsCustomMessageResponse struct {
SMSMessage string `json:"smsMessage"`
EmailMessage string `json:"emailMessage"`
EmailSubject string `json:"emailSubject"`
}