I have performed this same for forgot password by writing lambda function. But I am not getting verification code in Gmail it shows "Your verification code is {####}.
While I have tried to create an account using fake email and when I try to forgot the password, the mail receives with the verification code.
I am getting verification code in default email but not in recoveryEmail attribute.
I am using AWS Cognito to manage my user pools. Users can signup using email, Apple, Facebook & Google.
Email registered users are required to confirm their account (through email verification). I want to have the same behaviour for social signup but unsuccessful (will leave this issue for another question).
I am using AWS Pinpoint to reach my user pool by email. When creating a campaign only users who did signup with email & password receives the email (not social users), and I don't understand why. Any idea of what could be the cause of the problem, or perhaps the solution?
Additional information:
Tried verify social user's emails manually (using aws admin privileges) => users still don't receive emails.
Did export my segment to csv, and apple relay email endpoints are in the segment (with an Active status) => but still no email received by social users (not forwarded for this case)
Thank you all for you assistance
Some help on how do you prevent a Cognito user from locking themselves out when changing an email? i.e Only change the email in Cognito once it's verified for existing users updating an email.
If they enter a (wrong email i.e typo e.t.c) and we call Amplify.updateUserAttributes() Cognito registers that new email without waiting for the user to confirm it, locking the users out.
I've searched for ways to first have a 'temporary' new email which will only be active once a user verifies it and haven't seen one.
We have a scenario where a user forgets their username or password and can click on a 'Forgot password' link, receiving a confirmation code in an SMS (via Cognito's ForgotPassword).
If, for some reason, the user doesn't receive the SMS, they can click on 'Resend code' link which will execute Cognito's ResendConfirmationCode.
The result from the POST request is a 400 containing the following:
{"__type":"InvalidParameterException","message":"User is already confirmed."}
How can the user be confirmed when they have requested their confirmation code? Any clarification into the cause of this issue would be much appreciated.
Not sure if this is the best approach, but managed to get another SMS sent to Cognito user by simply resubmitting ForgotPassword instead of using ResendConfirmationCode.
While creating user in userpool, user invitation messages are sent with a temporary password but email verification messages is not being sent.
I was creating a very simple setup to try out aws cognito service.
Here is what I did in AWS cognito, I created a user pool with step by step as follows:
1)What do you want to name your user pool?
-> testpool
2)How do you want to create your user pool?
-> step through settings
3)How do you want your end users to sign in?
->Email address or phone number-Allow email addresses
4)What password strength do you want to require?
->Minimum length=6
5)Do you want to allow users to sign themselves up?
->Allow users to sign themselves up
6)How quickly should user accounts created by administrators expire if not used?
->Days to expire-7
7)Do you want to enable Multi-Factor Authentication (MFA)?
->off
8)Do you want to require verification of emails or phone numbers?
->Email
9)You must provide a role to allow Amazon Cognito to send SMS messages
->testpool-SMS-Role
10)Do you want to customize your email verification messages?
->Verification type-link
->Email subject = Your verification link
->Email message = Please click the link below to verify your email address. {##Verify Email##}
11)Do you want to customize your user invitation messages?
->SMS message = Your username is {username} and temporary password is ->{####}.
->Email subject = Your temporary password
->Email message = Your username is {username} and temporary password is {####}.
12)Do you want to customize your email address?
->no
13)Do you want to add tags for this user pool?
->no
14)Do you want to remember your user's devices?
->no
15)Which app clients will have access to this user pool?
->none(will simulate from create user option in genral setting-user and group)
16)Do you want to customize workflows with triggers?
->no
17)Review page - this page shows summary of whatever I selected
Create pool
Now after pool creation went ot genral setting-user and group and clicked create user
A Create user pop-up shows:
Username (Required): myEmailAddress
Send an invitation to this new user?: check
Temporary password: left blank
Phone Number: empty(not required)
Mark phone number as verified? unCheck
Email: myEmailAddress
Mark email as verified? unCheck
Click on Create User
A mail is received into my account form no-reply#verificationemail.com via amazonses.com,with subject: Your temporary password with message as: Your username is somemailid#gmail.com and temporary password is agsjyk.
This is okay.
But I didnot receive any verification mail link before previous mail.
Not sure if you're missing this particular setup....Domain name is require for link verification.
Under "Tab integration" then "Domain name"
A mail is received into my account form no-reply#verificationemail.com via
amazonses.com,
with subject: Your temporary password
with message as: Your username is somemailid#gmail.com and temporary password is > agsjyk.
Looking at this it seems you are creating the user via the Cognito API by the AdminCreateUser method, and that's why you are receiving a temporary password.
The confirmation email you are expecting will only be sent if the user registers itself, so you should use the SignUp method.
verification mail link is for when users sign themselves up, they will receive a link to ask them to verify the email address instead of a code. In your case, you are send a temporary password to the user, so the link wont show up.
You need to add a domain in this section of the Incognito Service:
Also, if you are not getting the email, click on the user, and check their email, it could be wrong.
If anyone else is facing this issue, it appears that you cannot send verification emails if you use SAML or a federated identity provider. Cognito sets the cognito user to EXTERNAL_PROVIDER and no Cognito API calls allow sending a verifcation code or link. The cognito user is automatically created on initial sign-in. I have my user pool set to validate email address but it is always set to false.
The only way that I know to confirm the user via SSO is to use an external verification process outside of cognito.
With Cognito, if you have added both email and phone number then you should allow both as verification methods(In the SignUp experience Tab) as below:
Otherwise the email verification link or code is not sent