feat: add preTokenGeneration trigger version support (v2_0, v3_0)

[Ktsierra]

defineAuth({ triggers: { preTokenGeneration } }) always wires the trigger as V1 via UserPoolOperation.of('preTokenGeneration') with no lambdaVersion argument. Users needing V2_0 or V3_0 (required for access token customization on Essentials/Plus tier) must bypass defineAuth entirely with a CDK escape hatch.

Issue number, if available: #1417

Changes

• Added PreTokenGenerationVersion type ('v1_0' | 'v2_0' | 'v3_0') to @aws-amplify/auth-construct
• Updated triggers type in AmplifyAuthProps to accept an object form { handler, version } for preTokenGeneration
• Updated the trigger wiring loop to use UserPoolOperation.PRE_TOKEN_GENERATION_CONFIG with the corresponding LambdaVersion when version is specified
• Plain handler form remains backward compatible (wires as V1)

Corresponding docs PR, if applicable: N/A

Validation

• Added unit tests for v1_0, v2_0, and v3_0 object forms asserting PreTokenGenerationConfig with correct LambdaVersion in the CFN template
• Existing trigger tests continue to pass (backward compat for plain handler form)
• Full test suite passes (npm run test : 113 backend-auth, 110 auth-construct, 0 failures)
• API.md files regenerated for both packages

Checklist

• If this PR includes a functional change to the runtime behavior of the code, I have added or updated automated test coverage for this change.
• If this PR requires a change to the Project Architecture README, I have included that update in this PR.
• If this PR requires a docs update, I have linked to that docs PR above.
• If this PR modifies E2E tests, makes changes to resource provisioning, or makes SDK calls, I have run the PR checks with the run-e2e label set.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[changeset-bot]

🦋 Changeset detected

Latest commit: 4e202b9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@aws-amplify/auth-construct	Minor
@aws-amplify/backend-auth	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[Copilot]

Pull request overview

This PR adds support for specifying the Cognito preTokenGeneration trigger “lambda version” (v1_0/v2_0/v3_0) when using defineAuth, enabling access token customization for tiers that require v2_0/v3_0 while keeping the plain handler form backward compatible.

Changes:

• Introduces PreTokenGenerationVersion in @aws-amplify/auth-construct and exports it publicly.
• Extends defineAuth trigger typing to allow { handler, version } specifically for preTokenGeneration.
• Updates backend trigger wiring to use PreTokenGenerationConfig + LambdaVersion when version is provided, and adds unit tests for v1_0/v2_0/v3_0.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
packages/backend-auth/src/factory.ts	Adds version-aware wiring for preTokenGeneration using PRE_TOKEN_GENERATION_CONFIG + LambdaVersion.
packages/backend-auth/src/factory.test.ts	Adds unit tests asserting PreTokenGenerationConfig and correct LambdaVersion for v1_0/v2_0/v3_0.
packages/backend-auth/API.md	Regenerates API docs to reflect the new triggers typing and exported type usage.
packages/auth-construct/src/types.ts	Adds the PreTokenGenerationVersion type with documentation.
packages/auth-construct/src/index.ts	Exports PreTokenGenerationVersion from the package entrypoint.
packages/auth-construct/API.md	Regenerates API docs to include the new public type.
.changeset/pre-token-generation-version.md	Declares a minor bump for both packages with the feature description.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.