Amazon Cognito
Developer Guide

Example: Migrating JavaScript Users with a Lambda Trigger

A user migration Lambda trigger allows easy migration of users from your existing user management system into your user pool without a password reset.

Set Up a User Migration Lambda Trigger

Before making changes in your JavaScript app, set up a user migration Lambda for your user pool.

To learn more about Lambda triggers see Customizing User Pool Workflows with Lambda Triggers.

For more information about migrating users with a Lambda trigger see Importing Users into User Pools With a User Migration Lambda Trigger.

JavaScript App Changes

Update your AWSCognitoIdentityProvider JavaScript SDK to version 2.0.2 or above.

Authentication Flow for User Migration

You can authenticate your users and validate their passwords against your legacy system and seamlessly migrate their profiles into your user pool. However, the service needs the legacy password to avoid a password reset.

The default authentication flow in the SDK implements the secure remote password (SRP) protocol where no password is actually sent over the wire. To enable user migration on your app, use the USER_PASSWORD_AUTH authentication flow which sends your password to the service over an encrypted SSL connection during authentication. After user migration, use the default SRP authentication flow.

Set the authentication flow type to USER_PASSWORD_AUTH.

cognitoUser.setAuthenticationFlowType('USER_PASSWORD_AUTH'); cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function(result) { // User authentication was successful }, onFailure: function(err) { // User authentication was not successful }, mfaRequired: function (codeDeliveryDetails) { // MFA is required to complete user authentication. // Get the code from user and call cognitoUser.sendMFACode(verificationCode, this); } });