AWS cognito documentation change
Summary
Added clarification about userAttributes availability in pre-sign-up Lambda trigger
Security assessment
The change provides additional documentation clarity about attribute availability but doesn't introduce or modify security controls. It helps developers understand data flow without addressing vulnerabilities.
Diff
diff --git a/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.md b/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.md index e25478049..7cc62b62a 100644 --- a//cognito/latest/developerguide/user-pool-lambda-pre-sign-up.md +++ b//cognito/latest/developerguide/user-pool-lambda-pre-sign-up.md @@ -11 +11 @@ You might want to customize the sign-up process in user pools that have self-ser -Immediately before Amazon Cognito completes creation of a new [local](./cognito-terms.html#terms-localuser) or [federated](./cognito-terms.html#terms-federateduser) user, it activates the pre sign-up Lambda function. Your user pool invokes this trigger on self-service sign-up with [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) or first sign-in with a trusted [identity provider](./amazon-cognito-user-pools-authentication-flow-methods.html#amazon-cognito-user-pools-authentication-flow-methods-federated), and on user creation with [AdminCreateUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html). As part of the sign-up process, you can use this function to analyze the sign-in event with custom logic, and modify or deny the new user. +Immediately before Amazon Cognito completes creation of a new [local](./cognito-terms.html#terms-localuser) or [federated](./cognito-terms.html#terms-federateduser) user, it activates the pre sign-up Lambda function. The `userAttributes` in the request object sent to this function contain attributes that have been provided by local user sign-up or that have successfully been mapped from provider attributes for a federated user. Your user pool invokes this trigger on self-service sign-up with [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) or first sign-in with a trusted [identity provider](./amazon-cognito-user-pools-authentication-flow-methods.html#amazon-cognito-user-pools-authentication-flow-methods-federated), and on user creation with [AdminCreateUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html). As part of the sign-up process, you can use this function to analyze the sign-in event with custom logic, and modify or deny the new user.