Custom:tenantId And Custom:tenantTier Not Passed To New User

As a Tenant Admin, creating new users within the application is a crucial task. However, a critical issue arises when the custom tenant ID and tier are not passed to the new user, leading to a breakdown in the API Gateway Authorizer. In this article, we will delve into the root cause of this problem and propose a solution to rectify it.

Understanding the Issue

When creating a new user in the BASIC tier within the application, the Cognito attributes custom:tenantId and custom:tenantTier are not set within the new user. This issue becomes apparent when the newly created user logs in to the application, as the products and orders cannot be retrieved due to the absence of the custom tenant ID in the user's parameters.

The Root Cause

Upon investigation, it appears that the create_user function in the server/src/layers/cognito/user_management_util.py file is not setting the custom:tenantId and custom:tenantTier attributes in the user's Cognito attributes. This function is responsible for creating new users in the Cognito user pool.

Proposed Solution

To rectify this issue, we propose modifying the create_user function to include the custom:tenantId and custom:tenantTier attributes in the user's Cognito attributes. The modified function would look like this:

def create_user(user_pool_id, user_details):
    response = cognito.admin_create_user(
        Username=user_details['userName'],
        UserPoolId=user_pool_id,
        ForceAliasCreation=True,
        UserAttributes=
        [
            {
                'Name': 'email',
                'Value': user_details['userEmail']
            },
            {
                'Name': 'email_verified',
                'Value': 'true'
            },
            {
                'Name': 'custom:userRole',
                'Value': user_details['userRole'] 
            },
            {
                'Name': 'custom:tenantId',
                'Value': user_details['tenantId']
            },
            {
                'Name': 'custom:tenantTier',
                'Value': user_details['tenantTier']
            }
        ]
    )
    return response

By including these attributes in the create_user function, we ensure that the custom tenant ID and tier are set for the new user, resolving the issue with the API Gateway Authorizer.

Conclusion

In conclusion, the issue of custom tenant ID and tier not being passed to new users is a critical problem that affects the functionality of the application. By modifying the create_user function to include the custom:tenantId and custom:tenantTier attributes, we can rectify this issue and ensure that new users are created with the necessary attributes to access the application's features.

Recommendations

To prevent similar issues in the future, we recommend the following:

1. Regularly review and test user management functionality: Regularly review and test the user management functionality to ensure that it is working as expected.
2. Use automated testing: Use automated testing to identify and fix issues before they affect the application.
3. **Monitor application logs Monitor application logs to identify and fix issues before they affect the application.

By following these recommendations, we can ensure that our application is stable, secure, and functional.

Additional Considerations

When creating new users, it is essential to consider the following:

1. User role: Ensure that the user role is set correctly to determine the user's access level.
2. Tenant ID and tier: Ensure that the custom tenant ID and tier are set correctly to determine the user's access to specific features.
3. User attributes: Ensure that all necessary user attributes are set correctly to determine the user's access to specific features.

By considering these factors, we can ensure that new users are created with the necessary attributes to access the application's features.

Future Development

In the future, we plan to:

1. Improve user management functionality: Improve the user management functionality to make it more efficient and user-friendly.
2. Add new features: Add new features to the application to enhance user experience.
3. Enhance security: Enhance security measures to protect user data and prevent unauthorized access.

By following these plans, we can ensure that our application remains stable, secure, and functional.

Conclusion

As a Tenant Admin, you may have questions about the custom tenant ID and tier not being passed to new users. In this article, we will address some of the most frequently asked questions to provide clarity on this issue.

Q: What is the custom tenant ID and tier?

A: The custom tenant ID and tier are attributes that are set for each user in the Cognito user pool. The custom tenant ID is a unique identifier for each tenant, while the custom tenant tier determines the user's access level to specific features.

Q: Why is the custom tenant ID and tier not being passed to new users?

A: The custom tenant ID and tier are not being passed to new users because the create_user function in the server/src/layers/cognito/user_management_util.py file is not setting these attributes in the user's Cognito attributes.

Q: How do I fix this issue?

A: To fix this issue, you need to modify the create_user function to include the custom:tenantId and custom:tenantTier attributes in the user's Cognito attributes. The modified function would look like this:

def create_user(user_pool_id, user_details):
    response = cognito.admin_create_user(
        Username=user_details['userName'],
        UserPoolId=user_pool_id,
        ForceAliasCreation=True,
        UserAttributes=
        [
            {
                'Name': 'email',
                'Value': user_details['userEmail']
            },
            {
                'Name': 'email_verified',
                'Value': 'true'
            },
            {
                'Name': 'custom:userRole',
                'Value': user_details['userRole'] 
            },
            {
                'Name': 'custom:tenantId',
                'Value': user_details['tenantId']
            },
            {
                'Name': 'custom:tenantTier',
                'Value': user_details['tenantTier']
            }
        ]
    )
    return response

Q: What are the consequences of not passing the custom tenant ID and tier to new users?

A: Not passing the custom tenant ID and tier to new users can lead to a breakdown in the API Gateway Authorizer, making it impossible for users to access the application's features.

Q: How can I prevent similar issues in the future?

A: To prevent similar issues in the future, you can:

1. Regularly review and test user management functionality: Regularly review and test the user management functionality to ensure that it is working as expected.
2. Use automated testing: Use automated testing to identify and fix issues before they affect the application.
3. Monitor application logs: Monitor application logs to identify and fix issues before they affect the application.

Q: What are the benefits of passing the custom tenant ID and tier to new users?

A: Passing the custom tenant ID and tier to new users ensures that they have the necessary attributes to access the application's features, making it easier for them to use the application.

Q: Can I customize the custom tenant and tier attributes?

A: Yes, you can customize the custom tenant ID and tier attributes to suit your application's needs.

Q: How do I customize the custom tenant ID and tier attributes?

A: To customize the custom tenant ID and tier attributes, you need to modify the create_user function to include the custom attributes in the user's Cognito attributes.

Conclusion

In conclusion, the custom tenant ID and tier not being passed to new users is a critical issue that affects the functionality of the application. By modifying the create_user function to include the custom:tenantId and custom:tenantTier attributes, we can rectify this issue and ensure that new users are created with the necessary attributes to access the application's features.