I'm using Cognito for user registration and authentication. I would like users to be able to register and login without having to verify their email address (there will be a separate process for this)
I have setup my Cognito User Pool to not require either email or sms verification, but when I make the following call I am still being returned a failure due to the account not being verified.
cognitoUser.authenticateUser(authenticationDetails, {
newPasswordRequired: function (userAttributes, requiredAttributes) {
callback.cognitoCallback(`User needs to set password.`, null);
}
The error message I receive is 'User is not confirmed.'
So even though I have turned verification off the API seems to be rejecting if I'm not verified. Is there really no way around this other than auto verification? I wouldn't want that, at some point in the user process I do want to verify email address, I just don't want it as a barrier for registration.
In order to verify a cognito user's email, we have to set their email_verified attribute to true . To set their email_verified attribute to true we can use the admin-update-user-attributes command. Copied!
I am using aws cognito user pool in my application and users can log in to the app using their email that verified in aws cognito. Users can change login email and the users must verify the new email.
Short description. User pools are for authentication (identity verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control).
They are not secret. In fact, the ID token contains the iss claim (property), which is the User Pool ID, and the aud claim, which is the App Client ID.
By default, users aren't confirmed in Cognito User Pools, so you need to do this manually if you don't want them to go through the email or phone verification process.
To do this, you can set the Pre sign-up
trigger to call a Lambda function with this code:
def lambda_handler(event, context):
event['response'] = {
'autoConfirmUser': True,
'autoVerifyEmail': False,
'autoVerifyPhone': False
}
return event
The triggers basically allow you to do additional processing on each authentication request. Note that you MUST pass the event object back as the output of the Lambda function.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With