I created a lambda for PreTokenGeneration to add fields to all generated idTokens. It appears that all values get converted to string regardless of type. Is there a way around this?
Here is the lambda code as an example:
exports.handler = async (event, context, callback) => {
// TODO implement
event.response = {
claimsOverrideDetails: {
claimsToAddOrOverride: {
someBool: false,
someNumber: 123
},
},
};
callback(null, event)
};
Here is the decoded token body (I removed most of the irrelevant fields):
{
"someNumber": "123",
"email_verified": true,
"someBool": "false",
"token_use": "id",
"auth_time": 1658949192
}
you can see that cognito does properly encode its native fields like email_verified and auth_time. Is there a way to make Cognito respect the requested types of non-native fields?
According to the AWS Cognito documentation, this is not possible.
As annoying as it is, this is behaving as documented here.
The response.claimsOverrideDetails.claimsToAddOrOverride where you correctly are adding the claims you want added to the jwt takes a StringMap type, which is an object with all key value pairs having all values being strings.
Even though some of the pre-existing claims created by AWS and passed into the lambda are key value pairs where the value is a number (eg auth_time in your question), AWS allows the lambda to only add string values.
You can find this on this page (find the text: "claimsToAddOrOverride": {"string": "string"},)