1- import { CognitoIdentityProvider , InitiateAuthCommandOutput } from '@aws-sdk/client-cognito-identity-provider' ;
1+ import {
2+ CognitoIdentityProvider ,
3+ InitiateAuthCommandOutput ,
4+ RespondToAuthChallengeCommandOutput ,
5+ } from '@aws-sdk/client-cognito-identity-provider' ;
26import { APIGatewayProxyHandler } from 'aws-lambda' ;
37
48const cognitoClient = new CognitoIdentityProvider ( { region : process . env . AWS_REGION } ) ;
@@ -8,19 +12,38 @@ export const lambdaHandler: APIGatewayProxyHandler = async (event, _context) =>
812 const { username, password } = body ;
913
1014 try {
11- const response : InitiateAuthCommandOutput = await cognitoClient . initiateAuth ( {
15+ const authResponse : InitiateAuthCommandOutput = await cognitoClient . initiateAuth ( {
1216 ClientId : process . env . USER_POOL_CLIENT_ID ,
1317 AuthFlow : 'USER_PASSWORD_AUTH' ,
1418 AuthParameters : {
1519 USERNAME : username ,
1620 PASSWORD : password ,
1721 } ,
1822 } ) ;
19- console . log ( response ) ;
20- return {
21- statusCode : 200 ,
22- body : JSON . stringify ( response ) ,
23- } ;
23+
24+ if ( authResponse . ChallengeName === 'NEW_PASSWORD_REQUIRED' ) {
25+ const challengeResponse : RespondToAuthChallengeCommandOutput = await cognitoClient . respondToAuthChallenge ( {
26+ ClientId : process . env . USER_POOL_CLIENT_ID ,
27+ ChallengeName : 'NEW_PASSWORD_REQUIRED' ,
28+ ChallengeResponses : {
29+ USERNAME : username ,
30+ NEW_PASSWORD : password ,
31+ } ,
32+ Session : authResponse . Session ,
33+ } ) ;
34+
35+ console . log ( challengeResponse ) ;
36+ return {
37+ statusCode : 200 ,
38+ body : JSON . stringify ( challengeResponse ) ,
39+ } ;
40+ } else {
41+ console . log ( authResponse ) ;
42+ return {
43+ statusCode : 200 ,
44+ body : JSON . stringify ( authResponse ) ,
45+ } ;
46+ }
2447 } catch ( err ) {
2548 console . error ( err ) ;
2649 return {
0 commit comments