🤖 Merge PR #46142 [aws-lambda] add individual event types for all cognito triggers by @netroy

types/aws-lambda/aws-lambda-tests.ts

@@ -9,6 +9,8 @@ declare let strOrNull: string | null;
 declare let strOrUndefined: string | undefined;
 declare let strOrUndefinedOrNull: string | undefined | null;
 declare let date: Date;
+declare let obj: {};
+declare let array: any[];
 declare let anyObj: any;
 declare let num: number;
 declare let error: Error;
@@ -17,6 +19,8 @@ declare let boolOrUndefined: boolean | undefined;
 declare let boolOrNumOrStr: boolean | number | string;
 declare let numOrUndefined: number | undefined;
 declare let strArrayOrUndefined: string[] | undefined;
+declare let nullOrUndefined: null | undefined;
+declare let objectOrUndefined: {} | undefined;
 
 // handler.d.ts types
 declare let context: AWSLambda.Context;

types/aws-lambda/index.d.ts

@@ -61,7 +61,7 @@ export * from "./trigger/codepipeline-cloudwatch-action";
 export * from "./trigger/codepipeline-cloudwatch-pipeline";
 export * from "./trigger/codepipeline-cloudwatch-stage";
 // TODO: export * from "./trigger/cognito-sync";
-export * from "./trigger/cognito-user-pool-trigger";
+export * from "./trigger/cognito-user-pool-trigger/";
 export * from "./trigger/connect-contact-flow";
 // TODO: export * from "./trigger/config";
 export * from "./trigger/dynamodb-stream";

types/aws-lambda/test/cognito-tests.ts

@@ -1,117 +1,256 @@
-// TODO: Update test to read all event properties, and write all result
-//       properties, like the user will.
+import {
+    Handler,
+    PreSignUpTriggerEvent, PreSignUpTriggerHandler,
+    PostConfirmationTriggerEvent, PostConfirmationTriggerHandler,
+    PreAuthenticationTriggerEvent, PreAuthenticationTriggerHandler,
+    PostAuthenticationTriggerEvent, PostAuthenticationTriggerHandler,
+    CreateAuthChallengeTriggerEvent, CreateAuthChallengeTriggerHandler,
+    DefineAuthChallengeTriggerEvent, DefineAuthChallengeTriggerHandler,
+    VerifyAuthChallengeResponseTriggerEvent, VerifyAuthChallengeResponseTriggerHandler,
+    PreTokenGenerationTriggerEvent, PreTokenGenerationTriggerHandler,
+    UserMigrationTriggerEvent, UserMigrationTriggerHandler,
+    CustomMessageTriggerEvent, CustomMessageTriggerHandler,
+} from 'aws-lambda';
 
-import { CognitoUserPoolTriggerHandler } from "aws-lambda";
-
-const handler: CognitoUserPoolTriggerHandler = async (event, context, callback) => {
-    num = event.version;
-    event.triggerSource === 'PreSignUp_SignUp';
-    event.triggerSource === 'PreSignUp_ExternalProvider';
-    event.triggerSource === 'PostConfirmation_ConfirmSignUp';
-    event.triggerSource === 'PreAuthentication_Authentication';
-    event.triggerSource === 'PostAuthentication_Authentication';
-    event.triggerSource === 'CustomMessage_SignUp';
-    event.triggerSource === 'CustomMessage_AdminCreateUser';
-    event.triggerSource === 'CustomMessage_ResendCode';
-    event.triggerSource === 'CustomMessage_ForgotPassword';
-    event.triggerSource === 'CustomMessage_UpdateUserAttribute';
-    event.triggerSource === 'CustomMessage_VerifyUserAttribute';
-    event.triggerSource === 'CustomMessage_Authentication';
-    event.triggerSource === 'DefineAuthChallenge_Authentication';
-    event.triggerSource === 'CreateAuthChallenge_Authentication';
-    event.triggerSource === 'VerifyAuthChallengeResponse_Authentication';
-    event.triggerSource === 'PreSignUp_AdminCreateUser';
-    event.triggerSource === 'PostConfirmation_ConfirmForgotPassword';
-    event.triggerSource === 'TokenGeneration_HostedAuth';
-    event.triggerSource === 'TokenGeneration_Authentication';
-    event.triggerSource === 'TokenGeneration_NewPasswordChallenge';
-    event.triggerSource === 'TokenGeneration_AuthenticateDevice';
-    event.triggerSource === 'TokenGeneration_RefreshTokens';
-    event.triggerSource === 'UserMigration_Authentication';
-    event.triggerSource === 'UserMigration_ForgotPassword';
-    // $ExpectError
-    event.triggerSource === 'NoSuch_Trigger';
+type CognitoTriggerEvent =
+    | PreSignUpTriggerEvent
+    | PostConfirmationTriggerEvent
+    | PreAuthenticationTriggerEvent
+    | PostAuthenticationTriggerEvent
+    | DefineAuthChallengeTriggerEvent
+    | CreateAuthChallengeTriggerEvent
+    | VerifyAuthChallengeResponseTriggerEvent
+    | PreTokenGenerationTriggerEvent
+    | UserMigrationTriggerEvent
+    | CustomMessageTriggerEvent;
 
+const baseTest: Handler<CognitoTriggerEvent> = async (event: CognitoTriggerEvent, _, callback) => {
+    str = event.version;
     str = event.region;
     str = event.userPoolId;
-    strOrUndefined = event.userName;
+    str = event.triggerSource;
+    str = event.userName;
     str = event.callerContext.awsSdkVersion;
     str = event.callerContext.clientId;
-    str = event.request.userAttributes['email'];
-    str = event.request.validationData!['k1'];
-    strOrUndefined = event.request.codeParameter;
-    strOrUndefined = event.request.linkParameter;
-    strOrUndefined = event.request.usernameParameter;
-    boolOrUndefined = event.request.newDeviceUsed;
-    event.request.session![0].challengeName === 'CUSTOM_CHALLENGE';
-    event.request.session![0].challengeName === 'PASSWORD_VERIFIER';
-    event.request.session![0].challengeName === 'SMS_MFA';
-    event.request.session![0].challengeName === 'DEVICE_SRP_AUTH';
-    event.request.session![0].challengeName === 'DEVICE_PASSWORD_VERIFIER';
-    event.request.session![0].challengeName === 'ADMIN_NO_SRP_AUTH';
-    event.request.session![0].challengeName === 'SRP_A';
-    bool = event.request.session![0].challengeResult;
-    strOrUndefined = event.request.session![0].challengeMetadata;
-    strOrUndefined = event.request.challengeName;
-    str = event.request.privateChallengeParameters!['answer'];
-    str = event.request.challengeAnswer!;
-    strOrUndefined = event.request.password;
-    str = event.request.clientMetadata!['action'];
-    boolOrUndefined = event.request.userNotFound;
-    boolOrUndefined = event.response.answerCorrect;
-    strOrUndefined = event.response.smsMessage;
-    strOrUndefined = event.response.emailMessage;
-    strOrUndefined = event.response.emailSubject;
-    strOrUndefined = event.response.challengeName;
-    boolOrUndefined = event.response.issueTokens;
-    boolOrUndefined = event.response.failAuthentication;
-    str = event.response.publicChallengeParameters!['captchaUrl'];
-    str = event.response.privateChallengeParameters!['answer'];
-    strOrUndefined = event.response.challengeMetadata;
-    boolOrUndefined = event.response.answerCorrect;
-    str = event.response.userAttributes!['username'];
-    event.response.finalUserStatus === 'CONFIRMED';
-    event.response.finalUserStatus === 'RESET_REQUIRED';
-    event.response.messageAction === 'SUPPRESS';
-    event.response.desiredDeliveryMediums === ['EMAIL'];
-    event.response.desiredDeliveryMediums === ['SMS'];
-    event.response.desiredDeliveryMediums === ['SMS', 'EMAIL'];
-    boolOrUndefined = event.response.forceAliasCreation;
 
-    // From AWS examples
-    event.response = {
-        claimsOverrideDetails: {
-            claimsToAddOrOverride: {
-                attribute_key2: 'attribute_value2',
-                attribute_key: 'attribute_value',
-            },
-            claimsToSuppress: ['email'],
-        },
-    };
-    event.response = {
-        claimsOverrideDetails: {
-            claimsToAddOrOverride: {
-                attribute_key2: 'attribute_value2',
-                attribute_key: 'attribute_value',
-            },
-            claimsToSuppress: ['email'],
-            groupOverrideDetails: {
-                groupsToOverride: ['group-A', 'group-B', 'group-C'],
-                iamRolesToOverride: [
-                    'arn:aws:iam::XXXXXXXXXXXX:role/sns_callerA',
-                    'arn:aws:iam::XXXXXXXXX:role/sns_callerB',
-                    'arn:aws:iam::XXXXXXXXXX:role/sns_callerC',
-                ],
-                preferredRole: 'arn:aws:iam::XXXXXXXXXXX:role/sns_caller',
-            },
-        },
-    };
-    event.response.claimsOverrideDetails!.groupOverrideDetails = null;
+    obj = event.request;
+    obj = event.response;
 
     callback(new Error());
     callback(null, event);
-    callback(null, {
-        response: event.response,
-    });
+    callback(null, { response: event.response });
     return event;
 };
+
+const preSignUp: PreSignUpTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    obj = request.userAttributes;
+    str = request.userAttributes.email;
+    str = request.validationData!['k1'];
+    str = request.clientMetadata!['action'];
+
+    bool = response.autoConfirmUser;
+    bool = response.autoVerifyEmail;
+    bool = response.autoVerifyPhone;
+
+    triggerSource === 'PreSignUp_SignUp';
+    triggerSource === 'PreSignUp_ExternalProvider';
+    triggerSource === 'PreSignUp_AdminCreateUser';
+
+    // $ExpectError
+    triggerSource === 'PostConfirmation_ConfirmSignUp';
+
+    // $ExpectError
+    request.session![0].challengeName === 'CUSTOM_CHALLENGE';
+};
+
+const postConfirmation: PostConfirmationTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    obj = request.userAttributes;
+    str = request.userAttributes.email;
+    str = request.clientMetadata!['action'];
+
+    objectOrUndefined = response;
+
+    triggerSource === 'PostConfirmation_ConfirmSignUp';
+    triggerSource === 'PostConfirmation_ConfirmForgotPassword';
+
+    // $ExpectError
+    triggerSource === 'PreSignUp_ExternalProvider';
+    // $ExpectError
+    request.session![0].challengeName === 'CUSTOM_CHALLENGE';
+    // $ExpectError
+    str = request.validationData!['k1'];
+    // $ExpectError
+    bool = response.autoVerifyEmail;
+    // $ExpectError
+    bool = response.autoVerifyPhone;
+};
+
+const defineAuthChallenge: DefineAuthChallengeTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    obj = request.userAttributes;
+    str = request.userAttributes.email;
+    array = request.session;
+
+    const session = request.session[0];
+    session.challengeName === 'CUSTOM_CHALLENGE';
+    session.challengeName === 'PASSWORD_VERIFIER';
+    session.challengeName === 'SMS_MFA';
+    session.challengeName === 'DEVICE_SRP_AUTH';
+    session.challengeName === 'DEVICE_PASSWORD_VERIFIER';
+    session.challengeName === 'ADMIN_NO_SRP_AUTH';
+    session.challengeName === 'SRP_A';
+    bool = session.challengeResult;
+    boolOrUndefined = request.userNotFound;
+
+    str = response.challengeName;
+    bool = response.failAuthentication;
+    bool = response.issueTokens;
+
+    triggerSource === 'DefineAuthChallenge_Authentication';
+
+    // $ExpectError
+    nullOrUndefined = request.userAttributes;
+};
+
+const createAuthChallenge: CreateAuthChallengeTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    obj = request.userAttributes;
+    str = request.userAttributes.email;
+    str = request.challengeName;
+    array = request.session;
+    str = request.session[0].challengeName;
+    bool = request.session[0].challengeResult;
+    strOrUndefined = request.session[0].challengeMetadata;
+    boolOrUndefined = request.userNotFound;
+
+    obj = response.publicChallengeParameters;
+    str = response.publicChallengeParameters['foo'];
+    obj = response.privateChallengeParameters;
+    str = response.privateChallengeParameters['bar'];
+    str = response.challengeMetadata;
+
+    triggerSource === 'CreateAuthChallenge_Authentication';
+
+    // $ExpectError
+    nullOrUndefined = request.userAttributes;
+};
+
+const validateAuthChallengeResponse: VerifyAuthChallengeResponseTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    obj = request.userAttributes;
+    str = request.userAttributes.email;
+    obj = request.privateChallengeParameters;
+    str = request.privateChallengeParameters['foo'];
+    str = request.challengeAnswer;
+    boolOrUndefined = request.userNotFound;
+
+    bool = response.answerCorrect;
+
+    triggerSource === 'VerifyAuthChallengeResponse_Authentication';
+};
+
+const preAuthentication: PreAuthenticationTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    obj = request.userAttributes;
+    str = request.userAttributes.email;
+    boolOrUndefined = request.userNotFound;
+
+    objectOrUndefined = response;
+
+    triggerSource === 'PreAuthentication_Authentication';
+};
+
+const postAuthentication: PostAuthenticationTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    obj = request.userAttributes;
+    str = request.userAttributes.email;
+    bool = request.newDeviceUsed;
+
+    objectOrUndefined = response;
+
+    triggerSource === 'PostAuthentication_Authentication';
+};
+
+const preTokenGeneration: PreTokenGenerationTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    obj = request.userAttributes;
+    str = request.userAttributes.email;
+    obj = request.groupConfiguration;
+    strArrayOrUndefined = request.groupConfiguration.groupsToOverride;
+    strArrayOrUndefined = request.groupConfiguration.iamRolesToOverride;
+    strOrUndefined = request.groupConfiguration.preferredRole;
+
+    obj = response.claimsOverrideDetails;
+    objectOrUndefined = response.claimsOverrideDetails.claimsToAddOrOverride;
+    strArrayOrUndefined = response.claimsOverrideDetails.claimsToSuppress;
+
+    const groupOverrideDetails = response.claimsOverrideDetails.groupOverrideDetails!;
+    strArrayOrUndefined = groupOverrideDetails.groupsToOverride;
+    strArrayOrUndefined = groupOverrideDetails.iamRolesToOverride;
+    strOrUndefined = groupOverrideDetails.preferredRole;
+
+    triggerSource === 'TokenGeneration_AuthenticateDevice';
+    triggerSource === 'TokenGeneration_Authentication';
+    triggerSource === 'TokenGeneration_HostedAuth';
+    triggerSource === 'TokenGeneration_NewPasswordChallenge';
+    triggerSource === 'TokenGeneration_RefreshTokens';
+};
+
+const userMigration: UserMigrationTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    str = request.password;
+    objectOrUndefined = request.validationData;
+    str = request.validationData!.foobar;
+
+    obj = response.userAttributes;
+    str = response.userAttributes.email;
+    strOrUndefined = response.finalUserStatus;
+    response.finalUserStatus === 'UNCONFIRMED';
+    response.finalUserStatus === 'CONFIRMED';
+    response.finalUserStatus === 'ARCHIVED';
+    response.finalUserStatus === 'COMPROMISED';
+    response.finalUserStatus === 'UNKNOWN';
+    response.finalUserStatus === 'RESET_REQUIRED';
+    response.finalUserStatus === 'FORCE_CHANGE_PASSWORD';
+    boolOrUndefined = response.forceAliasCreation;
+    response.messageAction === 'RESEND';
+    response.messageAction === 'SUPPRESS';
+    response.desiredDeliveryMediums === ['EMAIL'];
+    response.desiredDeliveryMediums === ['SMS'];
+    response.desiredDeliveryMediums === ['SMS', 'EMAIL'];
+
+    triggerSource === 'UserMigration_Authentication';
+    triggerSource === 'UserMigration_ForgotPassword';
+};
+
+const customMessage: CustomMessageTriggerHandler = async (event, _, callback) => {
+    const { request, response, triggerSource } = event;
+
+    obj = request.userAttributes;
+    str = request.userAttributes.email;
+    str = request.codeParameter;
+    str = request.usernameParameter;
+
+    str = response.smsMessage;
+    str = response.emailMessage;
+    str = response.emailSubject;
+
+    triggerSource === 'CustomMessage_AdminCreateUser';
+    triggerSource === 'CustomMessage_Authentication';
+    triggerSource === 'CustomMessage_ForgotPassword';
+    triggerSource === 'CustomMessage_ResendCode';
+    triggerSource === 'CustomMessage_SignUp';
+    triggerSource === 'CustomMessage_UpdateUserAttribute';
+    triggerSource === 'CustomMessage_VerifyUserAttribute';
+};

types/aws-lambda/trigger/cognito-user-pool-trigger/_common.d.ts

@@ -0,0 +1,41 @@
+export interface StringMap {
+  [name: string]: string;
+}
+
+export type ChallengeName =
+  | 'PASSWORD_VERIFIER'
+  | 'SMS_MFA'
+  | 'DEVICE_SRP_AUTH'
+  | 'DEVICE_PASSWORD_VERIFIER'
+  | 'ADMIN_NO_SRP_AUTH'
+  | 'SRP_A';
+
+export interface ChallengeResult {
+  challengeName: ChallengeName;
+  challengeResult: boolean;
+  challengeMetadata?: undefined;
+}
+
+export interface CustomChallengeResult {
+  challengeName: 'CUSTOM_CHALLENGE';
+  challengeResult: boolean;
+  challengeMetadata?: string;
+}
+
+/**
+ * Common attributes shared by all User Pool Lambda Trigger Events
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html#cognito-user-pools-lambda-trigger-event-parameter-shared
+ */
+export interface BaseTriggerEvent<T extends string> {
+  version: string;
+  region: string;
+  userPoolId: string;
+  triggerSource: T;
+  userName: string;
+  callerContext: {
+      awsSdkVersion: string;
+      clientId: string;
+  };
+  request: {};
+  response: {};
+}

types/aws-lambda/trigger/cognito-user-pool-trigger/create-auth-challenge.d.ts

@@ -0,0 +1,22 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap, ChallengeResult, CustomChallengeResult } from './_common';
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-create-auth-challenge.html
+ */
+export interface CreateAuthChallengeTriggerEvent extends BaseTriggerEvent<'CreateAuthChallenge_Authentication'> {
+  request: {
+      userAttributes: StringMap;
+      challengeName: string;
+      session: Array<ChallengeResult | CustomChallengeResult>;
+      clientMetadata?: StringMap;
+      userNotFound?: boolean;
+  };
+  response: {
+      publicChallengeParameters: StringMap;
+      privateChallengeParameters: StringMap;
+      challengeMetadata: string;
+  };
+}
+
+export type CreateAuthChallengeTriggerHandler = Handler<CreateAuthChallengeTriggerEvent>;

types/aws-lambda/trigger/cognito-user-pool-trigger/custom-message.d.ts

@@ -0,0 +1,44 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap } from './_common';
+
+export interface BaseCustomMessageTriggerEvent<T extends string> extends BaseTriggerEvent<T> {
+  request: {
+      userAttributes: StringMap;
+      codeParameter: string;
+      usernameParameter: string;
+      clientMetadata?: StringMap;
+  };
+  response: {
+      smsMessage: string;
+      emailMessage: string;
+      emailSubject: string;
+  };
+}
+
+export type CustomMessageAdminCreateUserTriggerEvent = BaseCustomMessageTriggerEvent<'CustomMessage_AdminCreateUser'>;
+
+export type CustomMessageAuthenticationTriggerEvent = BaseCustomMessageTriggerEvent<'CustomMessage_Authentication'>;
+
+export type CustomMessageForgotPasswordTriggerEvent = BaseCustomMessageTriggerEvent<'CustomMessage_ForgotPassword'>;
+
+export type CustomMessageResendCodeTriggerEvent = BaseCustomMessageTriggerEvent<'CustomMessage_ResendCode'>;
+
+export type CustomMessageSignUpTriggerEvent = BaseCustomMessageTriggerEvent<'CustomMessage_SignUp'>;
+
+export type CustomMessageUpdateUserAttributeTriggerEvent = BaseCustomMessageTriggerEvent<'CustomMessage_UpdateUserAttribute'>;
+
+export type CustomMessageVerifyUserAttributeTriggerEvent = BaseCustomMessageTriggerEvent<'CustomMessage_VerifyUserAttribute'>;
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-message.html
+ */
+export type CustomMessageTriggerEvent =
+    | CustomMessageSignUpTriggerEvent
+    | CustomMessageAdminCreateUserTriggerEvent
+    | CustomMessageResendCodeTriggerEvent
+    | CustomMessageForgotPasswordTriggerEvent
+    | CustomMessageUpdateUserAttributeTriggerEvent
+    | CustomMessageVerifyUserAttributeTriggerEvent
+    | CustomMessageAuthenticationTriggerEvent;
+
+export type CustomMessageTriggerHandler = Handler<CustomMessageTriggerEvent>;

types/aws-lambda/trigger/cognito-user-pool-trigger/define-auth-challenge.d.ts

@@ -0,0 +1,21 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap, ChallengeResult, CustomChallengeResult } from './_common';
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.html
+ */
+export interface DefineAuthChallengeTriggerEvent extends BaseTriggerEvent<'DefineAuthChallenge_Authentication'> {
+  request: {
+      userAttributes: StringMap;
+      session: Array<ChallengeResult | CustomChallengeResult>;
+      clientMetadata?: StringMap;
+      userNotFound?: boolean;
+  };
+  response: {
+      challengeName: string;
+      failAuthentication: boolean;
+      issueTokens: boolean;
+  };
+}
+
+export type DefineAuthChallengeTriggerHandler = Handler<DefineAuthChallengeTriggerEvent>;

types/aws-lambda/trigger/cognito-user-pool-trigger/index.d.ts

@@ -1,12 +1,8 @@
-import { Handler } from "../handler";
-
-// Result type is weird: docs and samples say to return the mutated event, but it only requires an object
-// with a "response" field, the type of which is specific to the event.triggerType. Leave as any for now.
-export type CognitoUserPoolTriggerHandler = Handler<CognitoUserPoolTriggerEvent>;
-// TODO: Different event/handler types for each event trigger so we can type the result?
+import { Handler } from '../../handler';
 
 /**
  * Cognito User Pool event
+ * @deprecated Please use specific event types instead
  * http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
  */
 export interface CognitoUserPoolTriggerEvent {
@@ -99,4 +95,24 @@ export interface CognitoUserPoolTriggerEvent {
         };
     };
 }
+
+/**
+ * @deprecated Please use specific event types instead
+ */
 export type CognitoUserPoolEvent = CognitoUserPoolTriggerEvent;
+
+/**
+ * @deprecated Please use specific event handler types instead
+ */
+export type CognitoUserPoolTriggerHandler = Handler<CognitoUserPoolTriggerEvent>;
+
+export * from './create-auth-challenge';
+export * from './custom-message';
+export * from './define-auth-challenge';
+export * from './post-authentication';
+export * from './post-confirmation';
+export * from './pre-authentication';
+export * from './pre-signup';
+export * from './pre-token-generation';
+export * from './user-migration';
+export * from './verify-auth-challenge-response';

types/aws-lambda/trigger/cognito-user-pool-trigger/post-authentication.d.ts

@@ -0,0 +1,15 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap } from './_common';
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-authentication.html
+ */
+export interface PostAuthenticationTriggerEvent extends BaseTriggerEvent<'PostAuthentication_Authentication'> {
+  request: {
+      userAttributes: StringMap;
+      newDeviceUsed: boolean;
+      clientMetadata?: StringMap;
+  };
+}
+
+export type PostAuthenticationTriggerHandler = Handler<PostAuthenticationTriggerEvent>;

types/aws-lambda/trigger/cognito-user-pool-trigger/post-confirmation.d.ts

@@ -0,0 +1,22 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap } from './_common';
+
+export interface BasePostConfirmationTriggerEvent<T extends string> extends BaseTriggerEvent<T> {
+  request: {
+      userAttributes: StringMap;
+      clientMetadata?: StringMap;
+  };
+}
+
+export type PostConfirmationConfirmSignUpTriggerEvent = BasePostConfirmationTriggerEvent<'PostConfirmation_ConfirmSignUp'>;
+
+export type PostConfirmationConfirmForgotPassword = BasePostConfirmationTriggerEvent<'PostConfirmation_ConfirmForgotPassword'>;
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-confirmation.html
+ */
+export type PostConfirmationTriggerEvent =
+  | PostConfirmationConfirmSignUpTriggerEvent
+  | PostConfirmationConfirmForgotPassword;
+
+export type PostConfirmationTriggerHandler = Handler<PostConfirmationTriggerEvent>;

types/aws-lambda/trigger/cognito-user-pool-trigger/pre-authentication.d.ts

@@ -0,0 +1,15 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap } from './_common';
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-authentication.html
+ */
+export interface PreAuthenticationTriggerEvent extends BaseTriggerEvent<'PreAuthentication_Authentication'> {
+  request: {
+      userAttributes: StringMap;
+      userNotFound?: boolean;
+      validationData?: StringMap;
+  };
+}
+
+export type PreAuthenticationTriggerHandler = Handler<PreAuthenticationTriggerEvent>;

types/aws-lambda/trigger/cognito-user-pool-trigger/pre-signup.d.ts

@@ -0,0 +1,31 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap } from './_common';
+
+export interface BasePreSignUpTriggerEvent<T extends string> extends BaseTriggerEvent<T> {
+  request: {
+      userAttributes: StringMap;
+      validationData?: StringMap;
+      clientMetadata?: StringMap;
+  };
+  response: {
+      autoConfirmUser: boolean;
+      autoVerifyEmail: boolean;
+      autoVerifyPhone: boolean;
+  };
+}
+
+export type PreSignUpEmailTriggerEvent = BasePreSignUpTriggerEvent<'PreSignUp_SignUp'>;
+
+export type PreSignUpExternalProviderTriggerEvent = BasePreSignUpTriggerEvent<'PreSignUp_ExternalProvider'>;
+
+export type PreSignUpAdminCreateUserTriggerEvent = BasePreSignUpTriggerEvent<'PreSignUp_AdminCreateUser'>;
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html
+ */
+export type PreSignUpTriggerEvent =
+  | PreSignUpEmailTriggerEvent
+  | PreSignUpExternalProviderTriggerEvent
+  | PreSignUpAdminCreateUserTriggerEvent;
+
+export type PreSignUpTriggerHandler = Handler<PreSignUpTriggerEvent>;

types/aws-lambda/trigger/cognito-user-pool-trigger/pre-token-generation.d.ts

@@ -0,0 +1,45 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap } from './_common';
+
+export interface GroupOverrideDetails {
+  groupsToOverride?: string[];
+  iamRolesToOverride?: string[];
+  preferredRole?: string;
+}
+
+export interface BasePreTokenGenerationTriggerEvent<T extends string> extends BaseTriggerEvent<T> {
+  request: {
+      userAttributes: StringMap;
+      groupConfiguration: GroupOverrideDetails;
+      clientMetadata?: StringMap;
+  };
+  response: {
+      claimsOverrideDetails: {
+          claimsToAddOrOverride?: StringMap;
+          claimsToSuppress?: string[];
+          groupOverrideDetails?: GroupOverrideDetails;
+      };
+  };
+}
+
+export type PreTokenGenerationHostedAuthTriggerEvent = BasePreTokenGenerationTriggerEvent<'TokenGeneration_HostedAuth'>;
+
+export type PreTokenGenerationAuthenticationTriggerEvent = BasePreTokenGenerationTriggerEvent<'TokenGeneration_Authentication'>;
+
+export type PreTokenGenerationNewPasswordChallengeTriggerEvent = BasePreTokenGenerationTriggerEvent<'TokenGeneration_NewPasswordChallenge'>;
+
+export type PreTokenGenerationAuthenticateDeviceTriggerEvent = BasePreTokenGenerationTriggerEvent<'TokenGeneration_AuthenticateDevice'>;
+
+export type PreTokenGenerationRefreshTokensTriggerEvent = BasePreTokenGenerationTriggerEvent<'TokenGeneration_RefreshTokens'>;
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
+ */
+export type PreTokenGenerationTriggerEvent =
+  | PreTokenGenerationHostedAuthTriggerEvent
+  | PreTokenGenerationAuthenticationTriggerEvent
+  | PreTokenGenerationNewPasswordChallengeTriggerEvent
+  | PreTokenGenerationAuthenticateDeviceTriggerEvent
+  | PreTokenGenerationRefreshTokensTriggerEvent;
+
+export type PreTokenGenerationTriggerHandler = Handler<PreTokenGenerationTriggerEvent>;

types/aws-lambda/trigger/cognito-user-pool-trigger/user-migration.d.ts

@@ -0,0 +1,39 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap } from './_common';
+
+export type UserStatus =
+  | 'UNCONFIRMED'
+  | 'CONFIRMED'
+  | 'ARCHIVED'
+  | 'COMPROMISED'
+  | 'UNKNOWN'
+  | 'RESET_REQUIRED'
+  | 'FORCE_CHANGE_PASSWORD';
+
+export interface BaseUserMigrationTriggerEvent<T extends string> extends BaseTriggerEvent<T> {
+  request: {
+      password: string;
+      validationData?: StringMap;
+      clientMetadata?: StringMap;
+  };
+  response: {
+      userAttributes: StringMap;
+      finalUserStatus?: UserStatus;
+      messageAction?: 'RESEND' | 'SUPPRESS';
+      desiredDeliveryMediums: Array<'SMS' | 'EMAIL'>;
+      forceAliasCreation?: boolean;
+  };
+}
+
+export type UserMigrationAuthenticationTriggerEvent = BaseUserMigrationTriggerEvent<'UserMigration_Authentication'>;
+
+export type UserMigrationForgotPasswordTriggerEvent = BaseUserMigrationTriggerEvent<'UserMigration_ForgotPassword'>;
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html
+ */
+export type UserMigrationTriggerEvent =
+  | UserMigrationAuthenticationTriggerEvent
+  | UserMigrationForgotPasswordTriggerEvent;
+
+export type UserMigrationTriggerHandler = Handler<UserMigrationTriggerEvent>;

types/aws-lambda/trigger/cognito-user-pool-trigger/verify-auth-challenge-response.d.ts

@@ -0,0 +1,20 @@
+import { Handler } from '../../handler';
+import { BaseTriggerEvent, StringMap } from './_common';
+
+/**
+ * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-verify-auth-challenge-response.html
+ */
+export interface VerifyAuthChallengeResponseTriggerEvent extends BaseTriggerEvent<'VerifyAuthChallengeResponse_Authentication'> {
+  request: {
+      userAttributes: StringMap;
+      privateChallengeParameters: StringMap;
+      challengeAnswer: string;
+      clientMetadata?: StringMap;
+      userNotFound?: boolean;
+  };
+  response: {
+      answerCorrect: boolean;
+  };
+}
+
+export type VerifyAuthChallengeResponseTriggerHandler = Handler<VerifyAuthChallengeResponseTriggerEvent>;