Linking Federated Users to an Existing Account in AWS Congito Using AWS CDK

There are scenarios where a user exists in your system (here AWS Cognito user pool) and then goes ahead and uses a Federated login provider such as Google or Facebook using the same email address. Instead of creating a new user account in the user pool, linking the existing user account with the federated identity provider is possible.

This post will teach us how to link federated user logins to an existing user account while using AWS Cognito User Pools.

How Will We Link Accounts?

Cognito User Pool provides the AdminLinkProviderForUser API which can be used to link an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP.

We will create an AWS Lambda function that does exactly this and configure the AWS Lambda function as a pre-sign-up trigger to the AWS Cognito user pool.

Prerequisites

This article builds on my previous article, where I demonstrated how to add federated Google Login in AWS Cognito using AWS CDK. In the last article, we already set up an AWS Cognito user pool, created a custom domain, created a Google federated login identity, and…