Read through other SO posts, implemented the solutions, and this still seems to be an error.
My issue is simple: I'm using AWS Cognito and requiring email verification for users. However, when I get to this page:
I don't see the email, even after 2 hours. Steps I've ensured:
Enabled email verification in the Cognito console
Checked that the user email field is filled out. It is.
Enabled a domain name for my app sign up and sign in.
Tried resending the code.
I don't believe I'm over the daily quota limit for Amazon Cognito (I haven't configured it with SES), since I haven't gotten verification email today. Does anyone know why this is occuring?
Related
I am currently working on a which requires two emails to sign up. The first email is a personal or social account and AWS Amplify sends a verification link to verify the email. However, Users need to add a second email (edu email) to verify they are going to a school. Is there a way to add this second email as an attribute and get amplify to send a verification link?
this is app is being made in flutter if it makes a difference.
I am happy with using AWS Cognito as a service for my flutter application. However, now I realize that the AWS SNS service is really pricey for usage within my country (No free tier and price is significantly higher than in the West), hence I wanted to use another 3rd party service which is cheaper to send any SMS to users. This will include Phone Number Verification during signup, Forgot Password Verification and other flows. I know that I can accomplish the phone number verification using the lambda function. However, for the forgot password flow, the only way of me changing the password is through sending a request to AWS which includes the OTP and new password.
How can I accomplish this? Can I change the user password explicitly in AWS by not going through the forgot_password flow in AWS (Meaning I send my own OTP and check the OTP myself, then updates the password), or how can I get the OTP generated by the forgot password then send it through the 3rd party SMS service?
In AWS Cognito, the service notes that one should use Amazon SES for user pools due to the daily email limit of Cognito, as seen here. The quotas documentation shows that the maximum amount of emails sent per day is 50.
In the 'Configuring Email or Phone Verification docs', it states that there is no charge for sending verification codes to email addresses. This documentation does not explicitly bring up Cognito email quotas.
I cannot find a clear answer as to whether or not verification code emails apply to the quota. I'm trying to avoid a situation in which >50 users try to sign up in a day, but cannot receive their verification email. Can anyone clarify this? Thanks.
I've just confirmed that the limit applies to the verification emails as well. After signing up 50 users, the following message is received after user signup:
An error occurred (LimitExceededException) when calling the AdminCreateUser operation (reached max retries: 2): Exceeded daily email limit for the operation or the account. If a higher limit is required, please configure your user pool to use your own Amazon SES configuration for sending email.
Similarly if the signup occurs via the Hosted UI, except it only mentions An error was encountered with the requested page..
Worth mentioning that the Sign up still occurs, ie, the user is still created in the User Pool but no verification email is sent. Also, password recovery emails cannot be sent after this limit is reached, as the limit is shared and is per account, so applicable across all user pools in same account.
We have an application using AWS Cognito (+ hosted web UI) where users are only created by administrators. MFA with SMS is required. This is our current flow for new users:
Admin creates a new user using AdminCreateUser of aws-sdk. Email, name and phone number are given.
A new account is created with FORCE_CHANGE_PASSWORD status. Username and a temporary password are sent to the user via email.
User signs in for the first time with the temporary password.
Cognito asks for a new password.
User sets their new password and proceeds to log in.
MFA code is sent to user via SMS. However, Cognito does not ask for the MFA code. User simply gets logged in. Account status is now CONFIRMED but phone_number_verified is not set.
However, the MFA challenge works fine starting from the second login. In other words, user's phone number only gets verified if they manage to log in for the second time. This means that a user who forgets their password after the initial login is unable to reset their password (as it requires a verified phone number).
Any idea why this is happening and what settings should I look into? I'm aware I can avoid the main problem by programmatically setting phone_number_verified as true, but I'd like to know why the MFA challenge fails on first login.
I've been really disappointed in the AWS hostsed auth UI. It's ugly and very limited. As you've discovered, for example, it doesn't handle MFA at all.
The best alternative I've found is to use the Authenticator Amplify UI component. It's possible to use Amplify UI without using the Amplify CLI or hosting your site on AWS, so it's pretty well a drop-in solution. Authenticator handles setting up software TOTP tokens and the TOTP challenge as needed. I haven't used it for SMS, but this page implies it's supported.
You can learn how to use Amplify UI components standalone (without the CLI and AWS hosting) in this StackOverflow answer.
I'm using Cognito for User Management, and everything seems to work fine apart from email verification process.
I would like to build user journey similar to all other website:
1) Fill registration form with user details
2) Receive an email with email verification link
3) Verify email address by clicking on the link
So far, I can only verify email by making user manually input verification code. This is slightly unusual. And some users find it easier to just click on the link.
On "Message customisation" page, there is a possibility to use "link" for message verification. But it is using "Amazon Cognito domain", which is exposing underlying technology to the end user.
Ideally I would like to use my own domain.
I'm trying to "Use own domain" at "App integration->Domain Name" tab, but getting "We didn’t find any AWS managed certificates for this region."
But I have added "AWS managed certificates" for my domain and verified it via DNS. It is appearing in "Certificate Manager" with status "Issued".
Have someone successfully managed to use "Your own domain" for email verification? What am I missing?
Thanks,
OM
OK, I found what the problem was.
Thanks Mukti Arip, for pointing to documentation.
Documentation says, that Certificate needs to be registered in US East (N. Virginia), no matter where your Cognito user pool is located.
As soon as I registered certificate in N. Virginia it appeared in my Domain configuration.
You can send verification email using your own domain if you have an SES verified identity. See in this link: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-addresses-and-domains.html