-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cognito: cannot verify Email with link after update(userAttribute) #1017
Comments
Hi @mohaalsouli , Thanks for reaching out. I have not yet tried to reproduce this, nor can I confirm this is a bug or feature request. I'm just trying to confirm my understanding at this point. To summarize your request: Steps to reproduce:
Observed behavior: Expected behavior:
|
Hi @wooj2, To answer your questions:
Thank you. |
Further details:
Looking forward to a workaround or a proper solution. Thank you. |
FYI, a similar issue was also raised for Amplify Android. It's the exact same issue. Just thought to share this here as this might actually not be a bug but a missing feature across all Amplify SDKs (or the downstream API). |
We need to investigate to find out the correct Cognito API to call for this use case. For example, GetUserAttributeVerificationCode looks promising. :) Once we have verified that calling that API will in fact send a link rather than a code, we need to see if AWSMobileClient (which underlies Amplify Auth) is invoking that API correctly, or what it would take to get it to invoke that API. |
Hi, @mohaalsouli I have confirmed with Cognito that they only supports links for initial verification but not for email updates. |
Thanks @ruiguoamz |
Before raising a feature request on behalf of you. Do you mind telling us the reason of this specific use case? Because the auth flow you describe in this issue is actually a normal use case. |
But feel free to raise a feature request with AWS support for Cognito |
Hi @ruiguoamz, this signup flow is actually not complicated. It's common for mobile apps to sign up new users with phone number first, then capture their further details like name, email, etc. Also, according to Cognito documentation:
So, if we sign up a user with both email and phone at the same time, the user will not get a verification email automatically. Hence, we sign up with the phone number first, then update the user email so the verification process is invoked automatically inside Code verification for emails is not an ideal workflow for mobile users. It can work, but it's not ideal like with simply clicking a link. That is the reason we raised this issue. Thanks |
Thanks for the elaboration. Sorry to say that's the limitation of current Cognito auth flow. Feel free to raise a feature request through AWS Support so that Cognito puts it in their backlog. |
No worries and thank you for the investigation @ruiguoamz. I've raised a feature request to AWS Support (Cased ID: 7971079261) explaining that this is very limiting for mobile apps in the following scenarios:
I believe this ticket should be parked until the feature is available in Cognito API, then it can be made available through Amplify SDK too. Cheers |
Flagging as a feature request, and as @mohaalsouli notes, we'll leave this as an open issue until we get a disposition on their request to the service team. |
This issue is stale because it has been open for 14 days with no activity. Please, provide an update or it will be automatically closed in 7 days. |
Bumping since we need this as well. |
Hello @mohaalsouli, Thank you for your message. |
Same here, have someone implemented any workaround? |
Closing the ticket, since this is not something supported by the service. Please reach out to AWS support for further updates with regards to this feature. |
This issue is now closed. Comments on closed issues are hard for our team to see. |
Hi,
Background: we have a User Pool set up to verify the users both phone numbers and emails. The SMS template for phone number verification is the default template, while the email template is set to send a Link, instead of a Code. This seems fine following the documentation.
The problem: in our mobile app, when we sign up a user for the first time, we sign them up with the phone number only at first which triggers Cognito to send an SMS with the verification code. The app then captures the code and verifies it with Cognito. Once verified, the app then signs the user in and asks them for their email address and name. We send those to Cognito using the updateAttribute() function. This update triggers Email verification but we receive a code in the email instead of the expected link configured in the User Pool's templates.
Upon further digging, we suspect that this behaviour is due to the API unconditionally calling the confirmAttributeWithCode function or specifically the GetUserAttributeVerificationCode() API.
So, whether this is a bug or a missing feature, could you please suggest a solution or add support to verifying emails with a link upon calling the updateAttribute() function?
Thank you.
The text was updated successfully, but these errors were encountered: