用户注册时发送电子邮件-AWS Cognito联合身份 [英] send email when user registers - AWS Cognito federated Identities

问题描述

当新用户注册时，如何发送电子邮件/触发lambda函数？

How can i send an email/trigger a lambda function when a new user registers?

在编辑身份池下，我仅发现了一个同步触发器。
如果我正确理解：每次用户同步其数据时都会触发此操作...

有什么方法可以仅针对初始同步或在特定情况下触发lambda函数吗？数据集是为用户创建的？

Under "edit identity pool" i only found a sync trigger. If i understand correctly: This one is triggered every time a user syncs his data...
Is there any way to trigger a lambda function only for the "initial" sync or when a certain dataset is created for the user?

编辑：

更具体地说：我确实使用JS SDK通过lambdas创建了用户。我将开发人员身份验证与我自己的oauth2流一起使用。我不知道如何区分授予访问权限的用户，例如第一次是通过Google进行的，第二次是通过某人进行的。带有访问代码的json对我来说是相同的……也许我误会了。

To be more specific: I do create the user via lambdas using the JS SDK. I use developer authentication with my own oauth2 flow. I don't know how to distinguish between a user granting access e.g. via Google the first time from someone doing this the second time. The json with the access code seams the same to me... Maybe I am mistaken.

还使用 getOpenIdTokenForDeveloperIdentity 调用，我不知道如何区分Cognito的新ID一个认知者已经知道。

Also using the getOpenIdTokenForDeveloperIdentity call I don't know how to distinguish between an ID that is new to cognito from one cognito already knows.

编辑2：
更准确地说：
我在此项目上构建： https://github.com/laardee/serverless-authentication-boilerplate/blob/master /authentication/lib/storage/usersStorage.js

这是我目前如何保存用户进行认知的方法。
我确实为首次用户和第n次用户运行此代码。我的问题是我不知道该如何区分...

here is how i do save the User to cognito at the moment. I do run this code for first time users as well as nth time users. My problem is that i dont know how to distinguish...

const saveCognito = (profile) => new Promise((resolve, reject) => {
  if (profile) {
    cognitoidentity.getOpenIdTokenForDeveloperIdentity({
      IdentityPoolId: process.env.COGNITO_IDENTITY_POOL_ID,
      Logins: {
        // profile.userId = encrypted id of the e.g. google oauth2 id
        [process.env.COGNITO_PROVIDER_NAME]: profile.userId 
      }
    }, (err, dat) => {
      if (err) {
        reject(err);
      } else {
        var list_params = {
          DatasetName: 'user-data', /* dataset name */
          IdentityId: dat.IdentityId, /* cognito id */
          IdentityPoolId: process.env.COGNITO_IDENTITY_POOL_ID
        };
        cognitosync.listRecords(list_params, function(err, data) {
          if (err) {
            reject(err); // an error occurred
          } else {

            var RecordPatches = //[Parts of the i want to write to the user]
            // SyncSessionToken is returned by the cognitosync.listRecords call
            list_params["SyncSessionToken"] = data.SyncSessionToken; 
            list_params["RecordPatches"] = RecordPatches;

            cognitosync.updateRecords(list_params, function(err, update_data) {
              if (err){
                reject(err);
              } else {
                resolve();
              }
            });
          }
        });
      }
    });
  } else {
    reject('Invalid profile');
  }
});

推荐答案

所以Cognito目前不支持此功能盒子外面。您的说法是正确的，唯一会触发Lambda函数的内置Cognito事件是同步触发事件。每当Cognito IdentityId将其某些数据同步到Cognito Sync云数据存储时，都会触发此Sync事件。

So this is something which is not currently supported in Cognito out of the box. You are correct in saying that the only built in Cognito Event that will trigger a Lambda Function is the "Sync Trigger" Event. This Sync event is fired every time that a Cognito IdentityId Synchronizes some of their data to the Cognito Sync cloud data store.

此事件与创建新的IdentityId无关由Cognito联合身份提供。

This event is unrelated to the creation of a new IdentityId by Cognito Federated Identity.

理论上您可以：

• 在列表上运行列表身份调用IdentityPool，在用户登录
  之前。


• 登录用户。在用户登录
  之前，请检查您检索到的列表中是否存在已提供给用户的IdentityId。这将告诉您在登录之前是否存在被赋予用户
  的身份。 / li>
  
• 根据此信息，您可以
  决定是否以编程方式从应用程序中调用Lambda
  函数。

上面的设置很复杂，因为出于安全原因，您需要在服务器端维护此服务。列表身份调用需要AWS凭证才能调用。而且我怀疑您是否希望在未经身份验证的用户的IAM策略中包含该呼叫的权限。

The setup of the above would be complex, as for security reasons you would need to maintain this service, server-side. The list-identities call requires AWS credentials to call. And I doubt you'd want to include permissions for that call in your IAM policy for unauthenticated users.

除了上述内容之外，您目前无能为力。
为此，您需要设置一个DynamoDB表（或一些类似的低延迟数据存储），您可以在其中维护IdentityId列表的状态，然后在每次登录用户时查询此服务/存储。将新登录名与现有列表进行比较。

Aside from the above there is not much you can do at the moment. In order to do this, you would need to setup a DynamoDB table (or some similar low latency datastore) where you could maintain the state of the IdentityId list, and then query this service/store whenever you login a user to compare new logins to the pre-existing list.

如果这对您的用例至关重要，我建议您转到AWS Support，并创建一个案例以进行登录

If this is critical to your use case I would suggest heading over to AWS Support, and create a case where you can log this as a feature request.

https：// aws.amazon.com/premiumsupport/

这篇关于用户注册时发送电子邮件-AWS Cognito联合身份的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！