I'm building an SSO process to integrate an app with Cognito. For that I'm using Django (the app), Mozilla OIDC (for integration with Cognito) and AWS Cognito.
I'm able to migrate users from the already existing app to Cognito User Pool.
I need to contemplate the situation where a user clicks on "Forgot Password", which should trigger a Lambda, and allows me to update the user's password (hashing it) into the Database by writing the lambda_handler code.
Now I don't understand how to achieve this. More specifically, the flow and which trigger to use.
So far, when a user clicks on Forgot Password, it sends an email with a confirmation code, which the user has to enter along with the new password and new password confirmation.
I need that when the user CONFIRMS that new password, I would capture that event and that new password I would hash it and update the database.
All the hashing and updating the database, I know how to do. This is what I'm doing:
- Push a docker image that contains Django, boto3 and psycopg2 to an AWS ECR.
- This image gets pulled up when the lambda gets triggered (I think there are generic triggers and then, inside the code I might need to check for a more specific trigger)
- inside that image the lambda_handler function should detect that more specific trigger for user confirming that new password, capture it and do all the rest I already have.
Does anyone know how to actually achieve that? Or if there's another way I should do it?
If I don't update the new password inside the Django app's Postgres DB, then the user won't be properly authenticated into the app. Or maybe I'm just doing something wrong.
Thank you all in advance!