Unrecognizable lambda output in Cognito Pre authentication lambda trigger

[StephaneLeveugle]

Description:

Note: this issue is focused on pre authentication lambda trigger but I suppose it can happen everywhere AWS expects an object and receives an array

It is currently impossible to use the Pre authentication lambda trigger out of the box

It seems related to this issue #710, even though the event was a different one the logic behind it is the same

After some investigation the root cause seems to be PHP's array and how it behaves with json_encode

This is the payload received, which we should return as is if we accept the authentication

{
    "request": {
        "userAttributes": {
            "string": "string",
            . . .
        },
        "validationData": {}
    },
    "response": {}
}

After converting the json to a PHP array and reencoding it to JSON to send to AWS the output becomes

{
    "request": {
        "userAttributes": {
            "string": "string",
            . . .
        },
        "validationData": []
    },
    "response": []
}

which AWS considers an invalid lambda output with good reason

How to reproduce:

A basic lambda that just returns the event like this should allow every authentication

<?php

declare(strict_types=1);
 
use Bref\Context\Context;
 
require __DIR__ . '/vendor/autoload.php';
 
return function (mixed $event, Context $context) {
    return $event;
};

However it fails for everyone with Unrecognizable lambda output

To fix it manually we can set the impacted fields to a Map or stdClass, which will result to the correct output when json encoded, example:

<?php

declare(strict_types=1);
 
use Ds\Map;
use Bref\Context\Context;
 
require __DIR__ . '/vendor/autoload.php';
 
return function (mixed $event, Context $context) {
    $event['request']['validationData'] = new Map();
    $event['response'] = new Map();
    return $event;
};

Thank you :)