Created
November 21, 2025 21:14
-
-
Save alekstrust/14c420dbb2478ec7dc70f35cb04fdd0f to your computer and use it in GitHub Desktop.
Add Authentik IdP groups to Cognito JWT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export const handler = function(event, context) { | |
| // Log the incoming user attributes for debugging | |
| console.debug(event); | |
| // Extract the custom:idpgroups claim | |
| const externalUserGroupsString = event.request.userAttributes['custom:idpgroups']; | |
| // Parse the stringified array | |
| const externalUserGroups = JSON.parse(externalUserGroupsString); | |
| console.debug("External user groups:", externalUserGroups); | |
| // Remove the "myapp-" prefix for each group | |
| const unprefixedGroups = externalUserGroups.map(group => group.replace('myapp-', '')); | |
| console.debug("Unprefixed groups:", unprefixedGroups); | |
| // Extract the cognito:groups claim | |
| const cognitoUserGroups = event.request.groupConfiguration.groupsToOverride; | |
| console.log("Cognito user groups:", cognitoUserGroups); | |
| // Append the cleaned groups to the current | |
| if (unprefixedGroups) { | |
| // Append unprefixedGroups to cognitoUserGroups | |
| const updatedGroups = [...cognitoUserGroups, ...unprefixedGroups]; | |
| event.response = { | |
| claimsAndScopeOverrideDetails: { | |
| groupOverrideDetails: { | |
| groupsToOverride: updatedGroups | |
| } | |
| } | |
| }; | |
| } | |
| context.done(null, event); | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment