However, because of #2 Cognito allows several users to have the same verified phone number, thus I'm struggling with #3.
I've tried to use Post-Confirmation lambda, but if phone is already confirmed, lambda doesn't get triggered on email confirmation, since Cognito considers that a user is already confirmed after phone or email are confirmed - this already kills that idea, but I also suppose that even if I throw exception, user will remain confirmed.
Additional complexity is being added with ability of users to change their phone/email anytime out of our website (since due to publicity there is no client secret).
It would be ideal for me, if Cognito would have a lambda event for pre-confirmation of phone and email. But what can be a workaround here?
The behavior you describe is correct. Unfortunately, if you don't use phone number as alias in your user pool you can have the same number in the verified state in multiple accounts. That requirement (a single verified phone number in a user pool) is only enforced if phone number is an alias.
I will mention the use case and your lambda trigger suggestion within the team as a feature request.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With