Support user database in Authentication module #347
Description
Feature Description
Enhance the Authentication module to automatically integrate with the database configuration, implementing best practices for user identity management by automatically setting up custom user IDs, triggers, and database fields needed to store user data properly.
Problem Statement
Currently, when using Cognito with cdk-serverless, developers often fall into the trap of using Cognito's sub attribute as the primary user identifier. As highlighted in the community, this approach causes significant problems:
- Migration Issues: When migrating users between Cognito User Pools, the sub values don't carry over, breaking user references throughout the application
- Identity Federation Problems: Each identity provider (Google, LinkedIn, etc.) creates a separate Cognito user with a different sub, making it difficult to maintain a single user identity
- Clunky Identity Merging: The current Cognito identity merge process often fails on first sign-in attempts, requiring client-side workarounds
Proposed Solution
The Authentication construct should automatically:
- Accept database configuration from the existing single-table datastore or custom database setup
- Create a custom user ID attribute in the Cognito User Pool
- Set up Lambda triggers
Implementation Details
const auth = new Authentication(this, 'Auth', {
...
// New database integration
datastore: singleTableDatastore, // Reference to existing datastore
});Expected Behavior
Automatic User ID Generation: System generates a unique user ID (UUID) stored as a custom attribute
Database Synchronization: User records automatically created/updated in the database
Identity Federation Handling: Multiple social logins map to the same user record
Benefits
- Future-proof: Applications are protected from Cognito User Pool migration issues
- Single User Identity: Proper handling of multiple identity providers
- Zero Configuration: Works out of the box with sensible defaults
- Extensible: Developers can override triggers and extend user attributes
- Best Practices: Implements AWS recommended patterns automatically
Backwards Compatibility
- Feature is opt-in via the database configuration
- Existing deployments without database integration continue to work unchanged
- Migration path provided for existing users