Skip to content

fix(data-classes): ensure lazy initialization for Cognito token generation response properties #7653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: develop
Choose a base branch
from
Open

fix(data-classes): ensure lazy initialization for Cognito token generation response properties #7653

wants to merge 10 commits into from
+27 −19

Conversation

@nc-dirknilius
Copy link

@nc-dirknilius nc-dirknilius commented Nov 10, 2025
edited
Loading

Issue number: closes #7651

Summary

Fixed lazy initialization behavior in Cognito User Pool Pre Token Generation trigger event response properties to ensure consistent state management and prevent None return values when accessing nested token configuration objects.

The PreTokenGenerationTriggerEventResponse and PreTokenGenerationV2TriggerEvent response classes had inconsistent lazy initialization behavior:

  1. In ClaimsAndScopeOverrideDetails, the id_token_generation and access_token_generation properties could return None when the underlying data didn't exist yet, forcing users to handle None cases.

  2. In PreTokenGenerationTriggerEventResponse.claims_override_details and PreTokenGenerationTriggerV2EventResponse.claims_scope_override_details, the properties used self.get() which created a new dictionary on every access instead of initializing the underlying _data dictionary once.

This meant that modifications to nested properties wouldn't persist correctly, as each property access would create a fresh wrapper around a new empty dictionary rather than modifying the event's actual data structure.

Changes

Updated the property implementations to use consistent lazy initialization pattern:

  1. Changed id_token_generation and access_token_generation properties from returning TokenClaimsAndScopeOverrideDetails | None to always returning TokenClaimsAndScopeOverrideDetails by initializing an empty dict in _data if not present.

  2. Modified claims_override_details and claims_scope_override_details properties to check and initialize their respective keys in self._data (instead of using self.get()), ensuring all modifications are made to the same underlying dictionary that will be included in the final event response.

This aligns with the existing pattern used in other trigger event response classes and ensures that users can chain property access and modifications without encountering None values or losing changes.

  • test_cognito_pre_token_generation_trigger_event: Validates that claims_override_details properties can be accessed and modified, with changes persisting through the event object
  • test_cognito_pre_token_v2_generation_trigger_event: Validates that claims_scope_override_details and its nested id_token_generation and access_token_generation properties can be accessed and modified with proper persistence of changes
  • Both tests verify the lazy initialization behavior when properties are explicitly set to None in the raw event data

User experience

The user can now properly use the class:

event.response.claims_override_details.claims_to_add_or_override = { "test": "value" }

# or
event.response.claims_scope_override_details.id_token_generation.claims_to_add_or_override = { "test": "value" }

# or
event.response.claims_scope_override_details.access_token_generation.claims_to_add_or_override = { "test": "value" }

This was not working before as stated above. Even though there was some tests around that feature, the tests implemented poorly and covered the actual problem. The tests where updated to actually test the final event data.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

fix(data-classes): ensure lazy initialization for Cognito token gener…
5ae740e 
…ation responses

Fixed inconsistent lazy initialization in PreTokenGenerationTriggerEventResponse
and PreTokenGenerationV2TriggerEvent response properties. Properties now
consistently initialize empty dictionaries in _data when None, preventing
None returns and ensuring modifications persist correctly.

Affects: claims_override_details, claims_scope_override_details,
id_token_generation, and access_token_generation properties.
@nc-dirknilius nc-dirknilius requested a review from a team as a code owner November 10, 2025 18:11
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Nov 10, 2025
@boring-cyborg boring-cyborg bot added the tests label Nov 10, 2025
@boring-cyborg
Copy link

boring-cyborg bot commented Nov 10, 2025

Thanks a lot for your first contribution! Please check out our contributing guidelines and don't hesitate to ask whatever you need.
In the meantime, check out the #python channel on our Powertools for AWS Lambda Discord: Invite link

@github-actions github-actions bot added the bug Something isn't working label Nov 11, 2025
@anafalcao
Copy link
Contributor

anafalcao commented Nov 11, 2025

Hi @nc-dirknilius ! Thanks for the PR, I see some checks are failing, can you address them? let me know if you need any help

@nc-dirknilius
Copy link
Author

nc-dirknilius commented Nov 12, 2025

Hi @nc-dirknilius ! Thanks for the PR, I see some checks are failing, can you address them? let me know if you need any help

Hi @anafalcao, I fixed the linter finding. Pls re-check.

@codecov
Copy link

codecov bot commented Nov 12, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.52%. Comparing base (f77c259) to head (04a6147).

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #7653   +/-   ##
========================================
  Coverage    96.52%   96.52%           
========================================
  Files          275      275           
  Lines        13117    13123    +6     
  Branches       986      990    +4     
========================================
+ Hits         12661    12667    +6     
  Misses         353      353           
  Partials       103      103

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 14, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@leandrodamascena
Copy link
Contributor

leandrodamascena commented Nov 14, 2025

Assigning to me to review this by Monday.

@leandrodamascena leandrodamascena requested review from leandrodamascena and removed request for anafalcao November 14, 2025 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leandrodamascena leandrodamascena Awaiting requested review from leandrodamascena

At least 1 approving review is required to merge this pull request.

Assignees

@nc-dirknilius nc-dirknilius

Labels

bug Something isn't working size/M Denotes a PR that changes 30-99 lines, ignoring generated files. tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: Unable to add custom claims to authentication token with Powertools v3.9.0 and later

3 participants

@nc-dirknilius @anafalcao @leandrodamascena