Create an API to publish users as administrators with Cognito

programming

Cognito implements the case of “allowing only administrators to create users”. Use AdminCreateUser in the Amazon Cognito user pool API.

Use Serverless Flamework to implement the API.

What you want to make

When the administrator includes the email address of the person who wants to issue the account in the request and executes it, the account is issued.
Create an API to send the user name and initial password to that email address.

Cognito user pool settings

This time, we will proceed with the implementation when using only the email address.

“Do you want to allow users to self-sign up?” you must specify “Allow administrators to create users only“.

Folder configuration

- .serverless
  - ...
- conf
  - ...
- functions
  - auth
    - index.js
    - adminCreateUser.js
- node_modules
  - ...
- package-lock.json
- package.json
- serverless.yml
- webpack.config.js

implementation

app: app-name
service: service-name

provider:
  name: aws
  runtime: nodejs12.x
  region: ap-northeast-1
  stage: ${opt:stage, self:custom.defaultStage}
  profile: default
  environment:
    ${file(./conf/${opt:stage}/${opt:stage}.yml)}
  iamRoleStatements:
    - Effect: Allow
      Action:
        - cognito-idp:*
      Resource:
        - "arn:aws:cognito-idp:ap-northeast-1:**********:userpool/ap-northeast-1_******"

custom:
  defaultStage: dev
  otherfile:
    environment:
      dev: ${file(./conf/dev/dev.yml)}
      stg: ${file(./conf/stg/stg.yml)}
      prd: ${file(./conf/prd/prd.yml)}

functions:
  adminCreateUser:
    handler: functions/auth/index.adminCreateUser
    events:
      - http:
          path: owner/create
          method: post
          cors: true

plugins:
  - serverless-webpack
const validator = require('validator')
const qs = require('qs')
const cognito = require('./adminCreateUser.js')

export function adminCreateUser(event, context, callback) {
	var pParam = null
	if(event.body !== null) {
			pParam = (validator.isJSON(event.body)) ? JSON.parse(event.body) : qs.parse(event.body)
	}
  cognito.adminCreateUser(pParam, (err, result) => {
    if (err) {
      callback(null, {
        statusCode: 400,
        headers: {
          'Access-Control-Allow-Origin': '*',
          'Access-Control-Allow-Headers': 'Content-Type'
        },
        body: JSON.stringify({
          status: '400',
          errorInfo: err
        })
      })
    } else {
      callback(null, {
        statusCode: 200,
        headers: {
          'Access-Control-Allow-Origin': '*',
          'Access-Control-Allow-Headers': 'Content-Type'
        },
        body: JSON.stringify({
          status: '000',
          responseData: result
        })
      })
    }
  })
}
'use strict'
const AWS = require('aws-sdk')

exports.adminCreateUser = (body, callback) => {
	if (body.email === undefined) return callback('email is a required field.) ')

var cognitoisp = new AWS. CognitoIdentityServiceProvider({ apiVersion: '2016-04-18' })
	var params = {
		UserPoolId: 'ap-northeast-1_*****',
		Username: body.email,
		DesiredDeliveryM[ 'EMAIL' ]ediums: ,
		ForceAliasCreation: false,
		UserAttributes: [
			{
				Name: 'email_verified',
				Value: 'true'
			},
			{
				Name: 'email',
				Value: body.email
			}
		]
	}
	cognitoisp.adminCreateUser(params, function(err, data) {
		if (err) {
			console.error(err, err.stack)
			callback(err)
		} else {
			console.log(data)
			callback(null, data)
		}
	})

}

Reference

For the time being, look at this ↓

AdminCreateUser - Amazon Cognito
Creates a new user in the specified user pool.

Check the implementation contents ↓

AWS Cognito adminCreateUser from Lambda
I'm trying to create a user in a AWS User Pool from an AWS Lambda I tried with this script took from what seems to be the official JavascriptSDK for the AWS b...

↑ In the implementation, because the mail did not fly ↓

Not receiving mail with "adminCreateUser" function in AWS Cognito
I am trying to create User with adminCreateUser function, but I am not receiving temporary password on my mail id. var RegisterUser = exports.RegisterUser = fu...

コメント

タイトルとURLをコピーしました