Amplify-js: [Cognito] Auto-confirm user AND send verification code

There may be a couple of ways to get by (sort of), but I have yet to test them:

1. Use a Post Confirmation lambda for sending a welcome email without a verification code and subsequently trigger attribute verification (user will receive 2 emails).

2. Add a custom welcome_email_sent user attribute that can be checked in the CustomMessage_VerifyUserAttribute custom message lambda in order to determine the email content to send (this one trigger source will be responsible for sending both welcome and attribute verification emails).

@Palisand Any luck with this?

@Palisand There are Cognito Lambda Triggers in place now via a CLI configuration. Please let us know if this is what you are looking.

@Palisand I'm closing this issue due to inactivity. I believe that this is what you would want. You could probably have a single trigger both send the email and mark a user as confirmed.

This feature would be super usefull since it can't be done by any tigger.

There is a huge setback with this scenario:

1. Step 1: User needs to signup and get a confirmed account right away (not a confirmed email; this will be prompted by the application to unlock extra features and extend usability etc) At this point user can sign in but is a limited user.
2. Step 2: User is sent a standard and very common welcome email + verification link (created with the verification code and embedded into an API Gateway URL as a parameter that is then processed to verify the email since Cognito still does not support verification links)
3. Step 3: User clicks on the link and now has both a verified account and a verified email.

This is not possible since we can't get the signup custom message trigger to fire after the user is auto-confirmed.

We're facing this exact issue as well @geddawi

I'm having this exact same issue right now

I'm having this exact same issue right now

I'm having this exact same issue right now

I managed to fix this. It seems to be being fixed during build time. I’m under the impression that the “amplifyPush - -simple” command is fixing it.

Hey there, we are facing the same issue. We want to autoconfirm the ACCOUNT, but still want to send the email confirmation code. So the user will be able to login, but he will have to confirm his email at some point. When I try to trigger that ResendConfirmationCodeAsync in one of the triggers, it fails, saying that the account is already confirmed. How to confirm the email then?

@ivandimov Were you able to find a solution to this by any chance? Running into the same issue.

@sandramedina we did kinda workaround. When they register we autoconfirm the account, so they will be able to login. On their first login, we are sending an attribute(email) verification email, using the client sdk and prompt the user with a message, that they will have to confirm their email. The only downside of this approach is that, we are not going to send them an email, until their first login. It's a little hacky, but will do the job for us

@ibrt Thank you for the suggestion - I tried this and it works in the sense
that I do get a confirmation code sent after hitting the API, however it
breaks when I try to actually use the confirmation code with
confirm_sign_up (
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.confirm_sign_up)
It gives me an error saying "User cannot be confirmed. Current status is
CONFIRMED".

It seems like what I need instead might be verify_user_attribute (
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.verify_user_attribute)
but this requires changes on the frontend (since we need the AccessToken)
that my client isn't ready to make right now, so that potential solution is
going to have to wait.

I agree that this is a common use case and wish Cognito had a more simple
way to configure it.

On Thu, Sep 10, 2020 at 2:45 PM Ivan Bertona notifications@github.com
wrote:

This looks like (yet another) weird server-side behavior of Cognito -
confirming the user in the pre sign-up handler (but not verifying the
e-mail) causes it to ignore the auto-verify email setting and not send the
verification email. This is needed for a pretty common use case: allow the
user to immediately start using their account and later verify the email
address.

It can be worked around by adding a PostConfirmation_SignUp trigger which
calls the ResendConfirmationCode API method.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/aws-amplify/amplify-js/issues/2588#issuecomment-690748685,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ADRRO22P3JN5OAPMRBBFVMTSFFCHBANCNFSM4GRHXATA
.

@sandramedina yep, that call should be client side, and yes, it's that verify_user_attribute. Spent like couple of days on that, and couldn't find better way to do it...

I am having trouble with confirming users. I want auto confirm. I don't know why we have to go set up an entire lambda just to do that. There should be an autoConfirm option or something within Auth.signUp. Requiring a pre-signUp lambda to do this is overkill

@JordanTreDaniel I totally agree. It's also very confusing to me that I have

    "autoVerifiedAttributes": [
        "email"
    ],

set in my parameters.json but it doesn't seem to actually auto-verify the email.

I'm also not clear on the difference between verify and confirm, i.e. even if I set up an auto-verify lambda would I _also_ have to independently _confirm_ the user?

@macsj200 Hey, sorry you're also having trouble. But yes, _verify_ & _confirm_ are two different things from what I understand. I am certainly not an expert, as this is my first project with AWS Amplify, but to acheive what I wanted, (Auth just for the sake of being able to use the API & Storage modules) I did one thing:

1. Went to AWS Console > Cognito Service Dashboard > Manage User Pools > [Your pool name] > "Triggers" (in sidebar), then set a Pre-Sign Up Lambda with this contents:

exports.handler = (event, context, callback) => {

    // Confirm the user
        event.response.autoConfirmUser = true;

    // Set the email as verified if it is in the request
    if (event.request.userAttributes.hasOwnProperty("email")) {
        event.response.autoVerifyEmail = true;
    }

    // Set the phone number as verified if it is in the request
    if (event.request.userAttributes.hasOwnProperty("phone_number")) {
        event.response.autoVerifyPhone = true;
    }

    // Return to Amazon Cognito
    callback(null, event);
};

This is some template obtained from here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html#aws-lambda-triggers-pre-registration-example-2

Thanks for that! I was actually able to find that template in their docs but wasn't clear as to how to actually integrate it with the app.