NHSDigital
diff --git a/‎infrastructure/terraform/components/sandbox/aws_cognito_user_pool_sandbox.tf‎
Lines changed: 8 additions & 0 deletions b/‎infrastructure/terraform/components/sandbox/aws_cognito_user_pool_sandbox.tf‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎lambdas/cognito-triggers/src/__tests__/pre-token-generation.test.ts‎
Lines changed: 83 additions & 2 deletions b/‎lambdas/cognito-triggers/src/__tests__/pre-token-generation.test.ts‎
Lines changed: 83 additions & 2 deletions
diff --git a/‎lambdas/cognito-triggers/src/pre-token-generation.ts‎
Lines changed: 43 additions & 11 deletions b/‎lambdas/cognito-triggers/src/pre-token-generation.ts‎
Lines changed: 43 additions & 11 deletions
@@ -15,4 +15,12 @@ resource "aws_cognito_user_pool" "sandbox" {
     required            = false
     string_attribute_constraints {}
   }
+
+  schema {
+    name                = "sbx_client_name"
+    attribute_data_type = "String"
+    mutable             = true
+    required            = false
+    string_attribute_constraints {}
+  }
 }
@@ -60,6 +60,7 @@ const eventWithCustomAttr = (): PreTokenGenerationV2Event => ({
       email_verified: 'True',
       sub: '76c25234-b041-70f2-8ba4-caf538363b35',
       'custom:sbx_client_id': 'f58d4b65-870c-42c0-8bb6-2941c5be2bec',
+      'custom:sbx_client_name': 'NHS Trust',
     },
   },
   response: {
@@ -71,8 +72,8 @@ const eventWithCustomAttr = (): PreTokenGenerationV2Event => ({
   version: '2',
 });
 
-describe('when user has custom:sbx_client_id attribute', () => {
-  test('adds nhs-notify:client-id claim from custom attribute in event', async () => {
+describe('when user has custom attributes set', () => {
+  test(`adds nhs-notify:client-id claim from 'custom:sbx_client_id' attribute in event`, async () => {
     const result = await new PreTokenGenerationLambda().handler(
       eventWithCustomAttr()
     );
@@ -90,4 +91,84 @@ describe('when user has custom:sbx_client_id attribute', () => {
       },
     });
   });
+
+  test(`adds nhs-notify:client-name to ID token from 'custom:sbx_client_name' attribute`, async () => {
+    const result = await new PreTokenGenerationLambda().handler(
+      eventWithCustomAttr()
+    );
+
+    expect(
+      result.response.claimsAndScopeOverrideDetails?.idTokenGeneration
+        ?.claimsToAddOrOverride
+    ).toMatchObject({
+      'nhs-notify:client-id': 'f58d4b65-870c-42c0-8bb6-2941c5be2bec',
+      'nhs-notify:client-name': 'NHS Trust',
+    });
+
+    expect(
+      result.response.claimsAndScopeOverrideDetails?.accessTokenGeneration
+        ?.claimsToAddOrOverride
+    ).toMatchObject({
+      'nhs-notify:client-id': 'f58d4b65-870c-42c0-8bb6-2941c5be2bec',
+    });
+  });
+});
+
+describe('when client ID and name are set but identity attributes are not', () => {
+  test('does not include any name-related claims', async () => {
+    const result = await new PreTokenGenerationLambda().handler(
+      eventWithCustomAttr()
+    );
+
+    const claims =
+      result.response.claimsAndScopeOverrideDetails?.idTokenGeneration
+        ?.claimsToAddOrOverride ?? {};
+
+    expect(claims).toMatchObject({
+      'nhs-notify:client-id': 'f58d4b65-870c-42c0-8bb6-2941c5be2bec',
+      'nhs-notify:client-name': 'NHS Trust',
+    });
+
+    expect(claims).not.toHaveProperty('preferred_username');
+    expect(claims).not.toHaveProperty('given_name');
+    expect(claims).not.toHaveProperty('family_name');
+  });
+});
+
+describe('when user has identity user attributes set', () => {
+  test('adds name-related claims', async () => {
+    const event = eventWithCustomAttr();
+
+    Object.assign(event.request.userAttributes, {
+      preferred_username: 'Dr Test User',
+      given_name: 'Test',
+      family_name: 'User',
+    });
+
+    const result = await new PreTokenGenerationLambda().handler(event);
+
+    expect(
+      result.response.claimsAndScopeOverrideDetails?.idTokenGeneration
+        ?.claimsToAddOrOverride
+    ).toMatchObject({
+      'nhs-notify:client-id': 'f58d4b65-870c-42c0-8bb6-2941c5be2bec',
+      preferred_username: 'Dr Test User',
+      given_name: 'Test',
+      family_name: 'User',
+    });
+  });
+
+  test(`adds only 'preferred_username' if only that is set`, async () => {
+    const event = eventNoCustomAttrs();
+    event.request.userAttributes.preferred_username = 'Test User';
+
+    const result = await new PreTokenGenerationLambda().handler(event);
+
+    expect(
+      result.response.claimsAndScopeOverrideDetails?.idTokenGeneration
+        ?.claimsToAddOrOverride
+    ).toMatchObject({
+      preferred_username: 'Test User',
+    });
+  });
 });
@@ -13,31 +13,63 @@ export type PreTokenGenerationV2Event = Omit<
     'claimsAndScopeOverrideDetails'
   > & {
     claimsAndScopeOverrideDetails:
-      | PreTokenGenerationV2TriggerEvent['response']['claimsAndScopeOverrideDetails']
-      | null;
+    | PreTokenGenerationV2TriggerEvent['response']['claimsAndScopeOverrideDetails']
+    | null;
   };
 };
 
 export class PreTokenGenerationLambda {
   handler = async (event: PreTokenGenerationV2Event) => {
     let response = { ...event };
-    const clientId = event.request.userAttributes['custom:sbx_client_id'];
+    const { userAttributes } = event.request;
+
+    const clientId = userAttributes['custom:sbx_client_id'];
+    const clientName = userAttributes['custom:sbx_client_name'];
 
     if (clientId) {
       response = PreTokenGenerationLambda.setTokenClaims(
-        event,
+        response,
         'accessTokenGeneration',
-        {
-          'nhs-notify:client-id': clientId,
-        }
+        { 'nhs-notify:client-id': clientId }
+      );
+
+      response = PreTokenGenerationLambda.setTokenClaims(
+        response,
+        'idTokenGeneration',
+        { 'nhs-notify:client-id': clientId }
+      );
+    }
+
+    if (clientName) {
+      response = PreTokenGenerationLambda.setTokenClaims(
+        response,
+        'idTokenGeneration',
+        { 'nhs-notify:client-name': clientName }
       );
+    }
+
+    const preferred =
+      userAttributes.preferred_username || userAttributes.display_name;
 
+    if (preferred) {
+      response = PreTokenGenerationLambda.setTokenClaims(
+        response,
+        'idTokenGeneration',
+        { preferred_username: preferred }
+      );
+    }
+    if (userAttributes.given_name) {
+      response = PreTokenGenerationLambda.setTokenClaims(
+        response,
+        'idTokenGeneration',
+        { given_name: userAttributes.given_name }
+      );
+    }
+    if (userAttributes.family_name) {
       response = PreTokenGenerationLambda.setTokenClaims(
-        event,
+        response,
         'idTokenGeneration',
-        {
-          'nhs-notify:client-id': clientId,
-        }
+        { family_name: userAttributes.family_name }
       );
     }
Original file line number	Diff line number	Diff line change
`@@ -15,4 +15,12 @@ resource "aws_cognito_user_pool" "sandbox" {`
`15`	`15`	`required = false`
`16`	`16`	`string_attribute_constraints {}`
`17`	`17`	`}`
	`18`	`+`
	`19`	`+ schema {`
	`20`	`+ name = "sbx_client_name"`
	`21`	`+ attribute_data_type = "String"`
	`22`	`+ mutable = true`
	`23`	`+ required = false`
	`24`	`+ string_attribute_constraints {}`
	`25`	`+ }`
`18`	`26`	`}`