I created an user pool with AWS Cognito. It works good but many email servers (providers like FreeTelecom our Orange in France) never received the Confirmation Code (in order to validate an email address and activate a user account). I found nothing in the AWS Documentation. Please someone could help me ?
Image url:
Please do find the image url and open it for reference.
While creating your user pool you have to enable MFA (Multi-Factor Authentication) on aws console.
Do verify 1. whether you have Marked MFA as required field. 2.Which second factors do you want to enable? Enable an option OTP or SMS 3.Do you want to require verification of emails or phone numbers? Check the field both Email and Phone Number
Related
I am using AWS Cognito to manage my user pools. Users can signup using email, Apple, Facebook & Google.
Email registered users are required to confirm their account (through email verification). I want to have the same behaviour for social signup but unsuccessful (will leave this issue for another question).
I am using AWS Pinpoint to reach my user pool by email. When creating a campaign only users who did signup with email & password receives the email (not social users), and I don't understand why. Any idea of what could be the cause of the problem, or perhaps the solution?
Additional information:
Tried verify social user's emails manually (using aws admin privileges) => users still don't receive emails.
Did export my segment to csv, and apple relay email endpoints are in the segment (with an Active status) => but still no email received by social users (not forwarded for this case)
Thank you all for you assistance
Is there a way in AWS SDK CognitoIdentityServiceProvider to resend a phone_number attribute change verification code for a CONFIRMED user?
I have set phone_number attribute to be verified in Cognito. adminUpdateUserAttributes() sends the verification code. But I have failed to find a way of resending the verification code. This is a necessity in the use case i am working on.
So far I have tried doing a adminUpdateUserAttributes() with the same phone number. It doesn't seem like it resend the verification code. With a new number, it does.
I cant do a deleteUserAttributes() and an update again, as the pool configuration sets the phone number as required.
Not sure if its relevant; but note that I have to pretty much use the CognitoIdentityServiceProvider admin APIs as Sign UP is also disabled in the User pool.
To sum it up, I am looking for a solution where I can resend the verification code for phone_number attribute in a confirmed user in Cognito User Pool.
This is the method in AWS Api reference that resends OTP code for this flow:
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserAttributeVerificationCode.html
Then in my service, using AWS Java SDK, I call it:
public void resendCodeAttributeVerification(String accessToken) {
cognitoClient.getUserAttributeVerificationCode(new GetUserAttributeVerificationCodeRequest()
.withAttributeName(PHONE_NUMBER)
.withAccessToken(accessToken));
}
I want to make a simple flow for registration app.
User sign up with only email -> The verification/registration link is sent to the email -> People register (putting in their password) on that link
I've googled anything but haven't found any way to make it with AWS Cognito.
Looks like Cognito is forcing users to sign up with at least email AND password to get the confirmation link
You can sign up users with adminCreateUser API call. They will receive an email with temporary passwords. This approach is configurable.
See: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html
Use: AdminCreateUser
Create a new user profile by using the AWS Management Console or by calling the AdminCreateUser API. Specify the temporary password(will be your user's password) or allow Amazon Cognito to automatically generate one.
Specify whether provided email addresses and phone numbers are marked as verified for new users.
Specify custom SMS and email invitation messages for new users via the AWS Management Console.
Specify whether invitation messages are sent via SMS, email, or both.
After successful user creation,
1. authenticate user using same user credentials
Use: SDK calls InitiateAuth(Username, USER_SRP_AUTH)
2. After success of initateAuth, amazon Cognito returns the PASSWORD_VERIFIER challenge with Salt & Secret block.
3. Use RespondToAuthChallenge(Username, <SRP variables>, PASSWORD_VERIFIER
4. Amazon Cognito returns the NEW_PASSWORD_REQUIRED challenge along with the current and required attributes.
5. The user is prompted and enters a new password and any missing values for required attributes.
6. Call RespondToAuthChallenge(Username, <New password>, <User attributes>).
7. After successful password change user can be able to login using same credentials added by you.
Short answer
- In that case, you can specify the temporary password(will allow Amazon Cognito to automatically generate one.).
- all user users will be forced to change their password only at first login.
I am using the JavaScript AWS Amplify Authentication module. If an existing and confirmed user changes their email address, the user in the cognito user pool is set to not verified and the user is sent a verification code to the new email address. However, I can't find any way with the API to determine if the current user's email is verified or not verified. How can I find out if the user's email address is verified or not via the API?
I figured it out... so for anyone else trying to figure this out:
You need to set the read permissions on the App client to read the Email Verified attribute.
Go to: General settings -> App clients -> Show details -> Set attribute read and write permissions link and check off Readable Attributes: Email Verified
While creating user in userpool, user invitation messages are sent with a temporary password but email verification messages is not being sent.
I was creating a very simple setup to try out aws cognito service.
Here is what I did in AWS cognito, I created a user pool with step by step as follows:
1)What do you want to name your user pool?
-> testpool
2)How do you want to create your user pool?
-> step through settings
3)How do you want your end users to sign in?
->Email address or phone number-Allow email addresses
4)What password strength do you want to require?
->Minimum length=6
5)Do you want to allow users to sign themselves up?
->Allow users to sign themselves up
6)How quickly should user accounts created by administrators expire if not used?
->Days to expire-7
7)Do you want to enable Multi-Factor Authentication (MFA)?
->off
8)Do you want to require verification of emails or phone numbers?
->Email
9)You must provide a role to allow Amazon Cognito to send SMS messages
->testpool-SMS-Role
10)Do you want to customize your email verification messages?
->Verification type-link
->Email subject = Your verification link
->Email message = Please click the link below to verify your email address. {##Verify Email##}
11)Do you want to customize your user invitation messages?
->SMS message = Your username is {username} and temporary password is ->{####}.
->Email subject = Your temporary password
->Email message = Your username is {username} and temporary password is {####}.
12)Do you want to customize your email address?
->no
13)Do you want to add tags for this user pool?
->no
14)Do you want to remember your user's devices?
->no
15)Which app clients will have access to this user pool?
->none(will simulate from create user option in genral setting-user and group)
16)Do you want to customize workflows with triggers?
->no
17)Review page - this page shows summary of whatever I selected
Create pool
Now after pool creation went ot genral setting-user and group and clicked create user
A Create user pop-up shows:
Username (Required): myEmailAddress
Send an invitation to this new user?: check
Temporary password: left blank
Phone Number: empty(not required)
Mark phone number as verified? unCheck
Email: myEmailAddress
Mark email as verified? unCheck
Click on Create User
A mail is received into my account form no-reply#verificationemail.com via amazonses.com,with subject: Your temporary password with message as: Your username is somemailid#gmail.com and temporary password is agsjyk.
This is okay.
But I didnot receive any verification mail link before previous mail.
Not sure if you're missing this particular setup....Domain name is require for link verification.
Under "Tab integration" then "Domain name"
A mail is received into my account form no-reply#verificationemail.com via
amazonses.com,
with subject: Your temporary password
with message as: Your username is somemailid#gmail.com and temporary password is > agsjyk.
Looking at this it seems you are creating the user via the Cognito API by the AdminCreateUser method, and that's why you are receiving a temporary password.
The confirmation email you are expecting will only be sent if the user registers itself, so you should use the SignUp method.
verification mail link is for when users sign themselves up, they will receive a link to ask them to verify the email address instead of a code. In your case, you are send a temporary password to the user, so the link wont show up.
You need to add a domain in this section of the Incognito Service:
Also, if you are not getting the email, click on the user, and check their email, it could be wrong.
If anyone else is facing this issue, it appears that you cannot send verification emails if you use SAML or a federated identity provider. Cognito sets the cognito user to EXTERNAL_PROVIDER and no Cognito API calls allow sending a verifcation code or link. The cognito user is automatically created on initial sign-in. I have my user pool set to validate email address but it is always set to false.
The only way that I know to confirm the user via SSO is to use an external verification process outside of cognito.
With Cognito, if you have added both email and phone number then you should allow both as verification methods(In the SignUp experience Tab) as below:
Otherwise the email verification link or code is not sent