My desired scenario is this:
User is added to user pool with AWS Amplify.
User's email is auto verified with presignup trigger.
User is auto confirmed with presignup trigger.
User receives an invitation email from Cognito.
My problem is with the invitation email. It is not sent. Everything else prior to that is working.
I tried without auto-verify and auto-confirm and then the confirmation code is sent by email just fine.
How can I fix this issue? Is there some issue that the email isn't sent if users are auto confirmed?
The invitation email is created only when you created a user as admin. if you are using the Auth.signUp() function, Cognito will not send an invitation email. please share your code if it is possible.
Please make sure that the email domain is verified (in case you are using sandbox).
How to verify email address: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html
Is there a way in AWS SDK CognitoIdentityServiceProvider to resend a phone_number attribute change verification code for a CONFIRMED user?
I have set phone_number attribute to be verified in Cognito. adminUpdateUserAttributes() sends the verification code. But I have failed to find a way of resending the verification code. This is a necessity in the use case i am working on.
So far I have tried doing a adminUpdateUserAttributes() with the same phone number. It doesn't seem like it resend the verification code. With a new number, it does.
I cant do a deleteUserAttributes() and an update again, as the pool configuration sets the phone number as required.
Not sure if its relevant; but note that I have to pretty much use the CognitoIdentityServiceProvider admin APIs as Sign UP is also disabled in the User pool.
To sum it up, I am looking for a solution where I can resend the verification code for phone_number attribute in a confirmed user in Cognito User Pool.
This is the method in AWS Api reference that resends OTP code for this flow:
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserAttributeVerificationCode.html
Then in my service, using AWS Java SDK, I call it:
public void resendCodeAttributeVerification(String accessToken) {
cognitoClient.getUserAttributeVerificationCode(new GetUserAttributeVerificationCodeRequest()
.withAttributeName(PHONE_NUMBER)
.withAccessToken(accessToken));
}
I want to achieve the following user case:
If the user logged in with a new device, my app will send an email to notify the user and requires the user to enter the code in the email to successfully logged in the app.
The way I thought is to create a custom authentication flow to achieve this, but I cannot find any information about the user login device in defineAuthChallenge and createAuthChallenge. Did I miss something here? Is this the correct way to achieve the user case?
More info about the custom authentication flow:
https://aws.amazon.com/blogs/mobile/customizing-your-user-pool-authentication-flow/
You can try to implement this using the post authentication lambda trigger. This will send you the user login details (except password) when user attempts to sign in.
I created an user pool with AWS Cognito. It works good but many email servers (providers like FreeTelecom our Orange in France) never received the Confirmation Code (in order to validate an email address and activate a user account). I found nothing in the AWS Documentation. Please someone could help me ?
Image url:
Please do find the image url and open it for reference.
While creating your user pool you have to enable MFA (Multi-Factor Authentication) on aws console.
Do verify 1. whether you have Marked MFA as required field. 2.Which second factors do you want to enable? Enable an option OTP or SMS 3.Do you want to require verification of emails or phone numbers? Check the field both Email and Phone Number
While creating user in userpool, user invitation messages are sent with a temporary password but email verification messages is not being sent.
I was creating a very simple setup to try out aws cognito service.
Here is what I did in AWS cognito, I created a user pool with step by step as follows:
1)What do you want to name your user pool?
-> testpool
2)How do you want to create your user pool?
-> step through settings
3)How do you want your end users to sign in?
->Email address or phone number-Allow email addresses
4)What password strength do you want to require?
->Minimum length=6
5)Do you want to allow users to sign themselves up?
->Allow users to sign themselves up
6)How quickly should user accounts created by administrators expire if not used?
->Days to expire-7
7)Do you want to enable Multi-Factor Authentication (MFA)?
->off
8)Do you want to require verification of emails or phone numbers?
->Email
9)You must provide a role to allow Amazon Cognito to send SMS messages
->testpool-SMS-Role
10)Do you want to customize your email verification messages?
->Verification type-link
->Email subject = Your verification link
->Email message = Please click the link below to verify your email address. {##Verify Email##}
11)Do you want to customize your user invitation messages?
->SMS message = Your username is {username} and temporary password is ->{####}.
->Email subject = Your temporary password
->Email message = Your username is {username} and temporary password is {####}.
12)Do you want to customize your email address?
->no
13)Do you want to add tags for this user pool?
->no
14)Do you want to remember your user's devices?
->no
15)Which app clients will have access to this user pool?
->none(will simulate from create user option in genral setting-user and group)
16)Do you want to customize workflows with triggers?
->no
17)Review page - this page shows summary of whatever I selected
Create pool
Now after pool creation went ot genral setting-user and group and clicked create user
A Create user pop-up shows:
Username (Required): myEmailAddress
Send an invitation to this new user?: check
Temporary password: left blank
Phone Number: empty(not required)
Mark phone number as verified? unCheck
Email: myEmailAddress
Mark email as verified? unCheck
Click on Create User
A mail is received into my account form no-reply#verificationemail.com via amazonses.com,with subject: Your temporary password with message as: Your username is somemailid#gmail.com and temporary password is agsjyk.
This is okay.
But I didnot receive any verification mail link before previous mail.
Not sure if you're missing this particular setup....Domain name is require for link verification.
Under "Tab integration" then "Domain name"
A mail is received into my account form no-reply#verificationemail.com via
amazonses.com,
with subject: Your temporary password
with message as: Your username is somemailid#gmail.com and temporary password is > agsjyk.
Looking at this it seems you are creating the user via the Cognito API by the AdminCreateUser method, and that's why you are receiving a temporary password.
The confirmation email you are expecting will only be sent if the user registers itself, so you should use the SignUp method.
verification mail link is for when users sign themselves up, they will receive a link to ask them to verify the email address instead of a code. In your case, you are send a temporary password to the user, so the link wont show up.
You need to add a domain in this section of the Incognito Service:
Also, if you are not getting the email, click on the user, and check their email, it could be wrong.
If anyone else is facing this issue, it appears that you cannot send verification emails if you use SAML or a federated identity provider. Cognito sets the cognito user to EXTERNAL_PROVIDER and no Cognito API calls allow sending a verifcation code or link. The cognito user is automatically created on initial sign-in. I have my user pool set to validate email address but it is always set to false.
The only way that I know to confirm the user via SSO is to use an external verification process outside of cognito.
With Cognito, if you have added both email and phone number then you should allow both as verification methods(In the SignUp experience Tab) as below:
Otherwise the email verification link or code is not sent