DecisionsDev
diff --git a/‎.secrets.baseline‎
Lines changed: 32 additions & 4 deletions b/‎.secrets.baseline‎
Lines changed: 32 additions & 4 deletions
diff --git a/‎authentication/Cognito/README.md‎
Lines changed: 210 additions & 176 deletions b/‎authentication/Cognito/README.md‎
Lines changed: 210 additions & 176 deletions
diff --git a/‎authentication/Cognito/images/AddLambdaTrigger.png‎
-22.4 KB b/‎authentication/Cognito/images/AddLambdaTrigger.png‎
-22.4 KB
diff --git a/‎authentication/Cognito/images/ClientCredentialsApp.png‎
-5.82 KB b/‎authentication/Cognito/images/ClientCredentialsApp.png‎
-5.82 KB
diff --git a/‎authentication/Cognito/images/CognitoPlan.png‎
472 KB b/‎authentication/Cognito/images/CognitoPlan.png‎
472 KB
diff --git a/‎authentication/Cognito/images/authentication-methods.png‎
210 KB b/‎authentication/Cognito/images/authentication-methods.png‎
210 KB
diff --git a/‎authentication/Cognito/images/pre-token-generation.png‎
74.3 KB b/‎authentication/Cognito/images/pre-token-generation.png‎
74.3 KB
diff --git a/‎authentication/Cognito/images/sign-in.png‎
208 KB b/‎authentication/Cognito/images/sign-in.png‎
208 KB
diff --git a/‎authentication/Cognito/images/sign-up.png‎
217 KB b/‎authentication/Cognito/images/sign-up.png‎
217 KB
diff --git a/‎authentication/Cognito/odmLambdaFunction.js‎
Lines changed: 34 additions & 14 deletions b/‎authentication/Cognito/odmLambdaFunction.js‎
Lines changed: 34 additions & 14 deletions
@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-06-06T14:36:54Z",
+  "generated_at": "2025-06-12T13:27:18Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -238,27 +238,35 @@
       }
     ],
     "authentication/Cognito/README.md": [
+      {
+        "hashed_secret": "94cf36b943ae0d08e06b0e19303d2730477fa710",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 181,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
       {
         "hashed_secret": "5a2ea68e9ea943ea31948fe51388c798e13346a9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 395,
+        "line_number": 424,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "fa9beb99e4029ad5a6615399e7bbae21356086b3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 625,
+        "line_number": 658,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "12d3a2730ae9976303db72d424b3771221f90852",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 674,
+        "line_number": 708,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -273,6 +281,26 @@
         "verified_result": null
       }
     ],
+    "authentication/Cognito/templates/OdmOidcProvidersRD.json": [
+      {
+        "hashed_secret": "999d3e78e4bbda9742dfd849826327d7e5a444c1",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 9,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "authentication/Cognito/templates/openIdParameters.properties": [
+      {
+        "hashed_secret": "999d3e78e4bbda9742dfd849826327d7e5a444c1",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 5,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "authentication/Cognito/templates/openIdWebSecurity.xml": [
       {
         "hashed_secret": "999d3e78e4bbda9742dfd849826327d7e5a444c1",
 
@@ -1,19 +1,39 @@
-const handler = async (event) => {
-  // Allow to get debug information in the Watcher 
+export const handler = function(event, context) {
+  console.debug("enter in ODM lambda");
+  // Allow to get debug information in the Watcher
+  console.debug("context");
+  console.debug(context);
+  
+  console.debug("event");
+  console.debug(event);
+  console.debug("clientId");
+  console.debug(event.callerContext.clientId);
+
+  console.debug("userAttributes");
   console.debug(event.request.userAttributes);
-  // Get User email value
-  var user_email = event.request.userAttributes.email;
-  console.debug(user_email);
+
+  var identity_for_access_token = event.callerContext.clientId;
+  if (event.request.userAttributes.email != undefined) {
+    console.debug("user email is defined. Use user email as claim identity for the access_token - Rule Designer Context");
+    identity_for_access_token = event.request.userAttributes.email 
+  } else {
+    console.debug("user email is undefined. Use clienId as claim identity for the access_token - M2M Context with client-credentials");
+  }
+  console.debug(identity_for_access_token);
   event.response = {
-    claimsOverrideDetails: {
-      claimsToAddOrOverride: {
-        // Add a client_id claim with email value
-        client_id: user_email,
+    "claimsAndScopeOverrideDetails": {
+      "idTokenGeneration": {
+        "claimsToAddOrOverride": {
+          "identity": event.request.userAttributes.email
+    }
+      },
+      "accessTokenGeneration": {
+        "claimsToAddOrOverride": {
+          "identity": identity_for_access_token
+    }
       },
-    },
+    }
   };
-
-  return event;
+  // Return to Amazon Cognito
+  context.done(null, event);
 };
-
-export { handler };