Post Authentication Lambda is being triggered inconsistently

Hello,

I have set up a Cognito User Pool with 2 federated clients (Apple and Google). We have configured a Post Authentication lambda to send some tracking event to an external service, but we are seeing inconsistent results. The first time I log in using any of the federated clients I can confirm through CloudWatch that the lambda is triggered, and we see the correct tracking being done. Whenever we logout on our service and log back in again, we do not see this lambda being triggered through cloudwatch logs (also no tracking calls are made).

Why is it not being triggered again?

Kind regards

Topics

Security, Identity, & Compliance

Tags

Amazon Cognito Amazon Cognito Federated Identities

Language

English

Ian

asked 2 months ago107 views

2 Answers

Newest
Most votes
Most comments

Hello, according to the documentation, the Post Authentication trigger should trigger in subsequent sign-ins for the federated users instead of the first time: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html#lambda-triggers-for-federated-users

Could you mind verify again using the correct trigger? Thanks.

Zen

answered 2 months ago

EXPERT

Osvaldo Marte

reviewed 2 months ago

Hello, thanks for the reply, I've double checked the lambda setup and it is in fact a Post Authentication Lambda. We did some more research into this and whenever we login on a fresh incognito chrome browser, the event is being triggered. Whenever we open a fully fresh new incognito instace and log in again, it is also being triggered.

My expectation is that whenever a user clicks logout (and we call the <cognito-instance>/logout from our front end) the session is deemed closed, and whenever that same user logs in again, even in that same browsing session, the post authentication lambda is triggered again.

Kind Regards

Ian

answered a month ago

Relevant content

How to trigger Post Authentication trigger when a user Sign In using Google?
Karim
asked 5 days ago
pass custom event to a cognito lambda trigger : Post authentication Lambda trigger
Jess
asked 2 years ago
Cognito Post Authentication Trigger Not Working
Maddoxrb
asked a year ago
Cognito issue with Google and Apple
giaesp
asked 6 months ago
How do I set up an Application Load Balancer to authenticate users through an Amazon Cognito user pool?
AWS OFFICIALUpdated a year ago
How do I activate TOTP multi-factor authentication for Amazon Cognito user pools?
AWS OFFICIALUpdated 2 years ago
How do I set up Google as a federated identity provider in an Amazon Cognito user pool?
AWS OFFICIALUpdated 3 months ago
How do I pass ClientMetadata to Lambda triggers in Amazon Cognito?
AWS OFFICIALUpdated a year ago
How to setup cross-account Cognito User Pool migration with the Migrate User Lambda Trigger
EXPERT
Mitchell Tennison
published 2 months ago
Use IAM tags to enable fine-grained federated authentication to Redshift Serverless
EXPERT
Poulomi_DG
published a year ago