We Keep Coding

Cognito use either email or phone number as username

I have this SAM template:
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
Passwordless SMS authentication backend using Amazon Cognito User Pools CUSTOM AUTH challenge flow w/ AWS Lambda triggers and Amazon SNS for sending SMS TOTP
Metadata:
AWS::ServerlessRepo::Application:
Name: passwordless-sms-email-auth
Description: >
Passwordless SMS authentication backend using Amazon Cognito User Pools CUSTOM AUTH challenge flow w/ AWS Lambda triggers and Amazon SNS for sending SMS TOTP
SpdxLicenseId: MIT
LicenseUrl: LICENSE
Labels: ['passwordless', 'authentication', 'cognito', 'auth', 'sms', 'iOS', 'mobile', 'pinpoint', 'serverless', 'amplify']
SemanticVersion: 1.14.20
Globals:
Function:
Timeout: 3
Parameters:
UserPoolName:
Type: String
Description: The name you want the User Pool to be created with
Default: rafaelTest
Resources:
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: !Ref UserPoolName
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: true
- Name: phone_number
AttributeDataType: String
Mutable: true
Required: false
- Name: email
AttributeDataType: String
Mutable: true
Required: false
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
UsernameAttributes:
- phone_number
- email
MfaConfiguration: "OFF"
LambdaConfig:
CreateAuthChallenge: !GetAtt CreateAuthChallenge.Arn
DefineAuthChallenge: !GetAtt DefineAuthChallenge.Arn
PreSignUp: !GetAtt PreSignUp.Arn
VerifyAuthChallengeResponse: !GetAtt VerifyAuthChallengeResponse.Arn
UserPoolClient:
Type: "AWS::Cognito::UserPoolClient"
Properties:
ClientName: sms-auth-client
GenerateSecret: false
UserPoolId: !Ref UserPool
ExplicitAuthFlows:
- CUSTOM_AUTH_FLOW_ONLY
Outputs:
UserPoolId:
Description: ID of the User Pool
Value: !Ref UserPool
UserPoolClientId:
Description: ID of the User Pool Client
Value: !Ref UserPoolClient
When creating the userpool, I wanted users to be able to use either just their email or just their phone as their username.
This way it is done, I always need to send both email and phone number.
Does anyone know how I solve this?
I want users to be able to log in by putting one of the following information:
email + name
phone number + name
Anyone help me?

Users can login with their email or phone number, using this SAM template and use a random uuid as username when sign up.
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: !Ref UserPoolName
Schema:
- Name: phone_number
AttributeDataType: String
Mutable: true
- Name: email
AttributeDataType: String
Mutable: true
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
AliasAttributes:
- email
- phone_number
MfaConfiguration: "OFF"
But now I need to know with alias users use on sign in, anyone know how?
i'm doing a passwordless flow with cognito and the event on create-auth-lambda triggers is always the same.

AWS CloudFormation template to use Cognito

I have been trying to add a User Pool using AWS cloud formation template but it fails on the Deploy executechange set stage.
CognitoUsers:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: MoreLinksUsers-pool
UsernameConfiguration:
CaseSensitive: false
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireSymbols: true
RequireUppercase: true
TemporaryPasswordValidityDays: 1
UsernameAttributes:
- email
MfaConfiguration: "OFF"
Schema:
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: email
ClientAppClient:
Type: AWS::Cognito::UserPoolClient
Properties:
UserPoolId: !Ref CognitoUsers
ClientName: ClientApp
GenerateSecret: false
RefreshTokenValidity: 30
AllowedOAuthFlows:
- code
- implicit
ExplicitAuthFlows:
- ALLOW_USER_SRP_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
# CallbackURLs: !Ref AllowedCallbacks
AllowedOAuthScopes:
- email
- openid
- profile
- aws.cognito.signin.user.admin
AllowedOAuthFlowsUserPoolClient: true
PreventUserExistenceErrors: ENABLED
SupportedIdentityProviders:
- COGNITO
Any attribute that I'm missing? Any advice would be greatly appreciated. Thanks.

AWS Cognito General Attribute settings using Cloud formation

I am new to AWS and I am trying to create a new user-pool in that i want to achieve the below highlighted settings to be done using Cloud Formation. can you point me in the right direction to achieve this?

Please based on this one to change a bit for you. This is I'm using which is very close to your requirement already.
AWSTemplateFormatVersion: 2010-09-09
Description: >
AWS CloudFormation template to create core infrastructure
Parameters:
Product:
Type: String
Default: "your-product-name"
Resources:
UserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: !Join ["-", [!Ref Product, "user-pool"]]
AutoVerifiedAttributes:
- email
Schema:
- AttributeDataType: "String"
Mutable: true
Name: "email"
Required: true
- AttributeDataType: "String"
Mutable: true
Name: "family_name"
Required: true
- AttributeDataType: "String"
Mutable: true
Name: "given_name"
Required: true
UsernameAttributes:
- email
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 1
AdminCreateUserConfig:
AllowAdminCreateUserOnly: False
UsernameConfiguration:
CaseSensitive: false
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
TemporaryPasswordValidityDays: 30
DeviceConfiguration:
ChallengeRequiredOnNewDevice: false
DeviceOnlyRememberedOnUserPrompt: false
VerificationMessageTemplate:
DefaultEmailOption: CONFIRM_WITH_LINK
UserPoolTags:
product: !Ref Product
If you need more than that, please comment more.

To set phone number as a username:
UsernameAttributes:
- phone_number
and to set phone number as a required attribute:
Schema:
- Name: email
AttributeDataType: String
Required: true
Mutable: true
You can refer https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html to get the detailed information.

How to get cognito user's "username" in cloudformation

I created a user like:
SuperAdminUser:
Type: AWS::Cognito::UserPoolUser
Properties:
DesiredDeliveryMediums:
- EMAIL
Username: !Ref SuperAdminEmail
UserAttributes:
- Name: email
Value: !Ref SuperAdminEmail
UserPoolId:
Fn::ImportValue:
!Sub ${BaseStack}-Cognito
And the user pool is defined:
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
AdminCreateUserConfig:
AllowAdminCreateUserOnly: false
UnusedAccountValidityDays: 3
LambdaConfig:
PreSignUp: !GetAtt CognitoPreSignUpHook.Arn
Policies:
PasswordPolicy:
MinimumLength: 8
RequireNumbers: true
UsernameAttributes:
- email
I noticed that it fails to find the user because username looks like: 9f8aecc2-530d-411d-8d73-c3b775da1893 while !Ref gives the email of the user in this case. I notice this started failing when I added
UsernameAttributes:
- email
How can I resolve this? I noticed User resource does not allow me to get the Sub of the user ...

AWS Cognito - How to create pool allowing sign up with email address, using CloudFormation?

I am attempting to create a UserPool using CloudFormation syntax, but I am unable to find which property I need to set in order to create the pool with email address sign up. How do I specify this?
As you can see in the screenshot, by default the pool is created with Usernames.
Here's my current pool config;
MyPool:
Type: "AWS::Cognito::UserPool"
Properties:
Schema:
- Name: sub
StringAttributeConstraints:
MinLength: '1'
MaxLength: '2048'
DeveloperOnlyAttribute: false
Required: true
AttributeDataType: String
Mutable: false
- Name: name
StringAttributeConstraints:
MinLength: '0'
MaxLength: '2048'
DeveloperOnlyAttribute: false
Required: false
AttributeDataType: String
Mutable: true
- Name: updated_at
NumberAttributeConstraints:
MinValue: '0'
DeveloperOnlyAttribute: false
Required: false
AttributeDataType: Number
Mutable: true
UserPoolName: ${self:provider.environment.PARTNER_POOL}
EmailVerificationMessage: 'Please click the link below to verify your email address.
{####} '
EmailVerificationSubject: Your verification link
SmsAuthenticationMessage: 'Your authentication code is {####}. '
DeviceConfiguration:
ChallengeRequiredOnNewDevice: false
DeviceOnlyRememberedOnUserPrompt: false
AdminCreateUserConfig:
InviteMessageTemplate:
EmailMessage: 'Your username is {username} and temporary password is {####}. '
EmailSubject: Your temporary password
SMSMessage: 'Your username is {username} and temporary password is {####}. '
UnusedAccountValidityDays: 7
AllowAdminCreateUserOnly: false
EmailConfiguration: {}
AutoVerifiedAttributes:
- email
Policies:
PasswordPolicy:
RequireLowercase: false
RequireSymbols: false
RequireNumbers: true
MinimumLength: 8
RequireUppercase: false
AliasAttributes:
- email

The ability to configure user pool with the new SignUp flow options is not yet supported through CloudFormation. The parameter that is used to specify the email or phone number only options is UsernameAttributes.
We will add this as a +1 to the feature request to support this with CloudFormation.

You need to set the AliasAttributes.
AWS::Cognito::UserPool -> AliasAttributes
Here a sample CloudFormation template:
AWSTemplateFormatVersion: '2010-09-09'
Resources:
UserPool:
Type: AWS::Cognito::UserPool
Properties:
AliasAttributes:
- email
UserPoolName:
Ref: AWS::StackName

The ability to configure user pool with the new SignUp flow options is now supported through CloudFormation.
AWS::Cognito::UserPool -> UsernameAttributes like so,
UserPool:
Type: AWS::Cognito::UserPool
Properties:
UsernameAttributes:
- email