Amplify-js: Automatically sign in users after sign up, verification later

Created on 2 Jun 2019 · 4Comments · Source: aws-amplify/amplify-js

* Which Category is your question related to? *
Authentication

* What AWS Services are you utilizing? *
Cognito

* Provide additional details e.g. code snippets *
I'd like to sign up my users and then immediatly call sign in and let the confirm / validate their email or phone number later:

const handleSignUpPressed = async ({
    emailAddress = '',
    firstName = '',
    lastName = '',
    password = '',
    wantsToImproveApp = true,
  } = {}) => {
    if (emailAddress && firstName && lastName && password) {
      try {
        const res = await Auth.signUp({
          username: emailAddress,
          password,
          attributes: {
            email: emailAddress,
            name: firstName,
            family_name: lastName,
          },
        });
        console.log('success', res);
        const otherRes = await Auth.signIn({
          username: emailAddress,
          password,
        });
        console.log('success', otherRes);
      } catch (err) {
        console.log(err);
      }
    }
  };

Is there a way to achieve this? This currently throws the error:

{
  "code": "UserNotConfirmedException",
  "message": "User is not confirmed.",
  "name": "UserNotConfirmedException",
}

even though I set

Screenshot 2019-06-02 at 22 41 40

in my Cognito console.

Auth question

Source

janhesters

Most helpful comment

@janhesters From the documentation https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html :

Confirming User Accounts Without Verifying Email or Phone Number
The Pre-Sign Up Lambda trigger can be used to auto-confirm user accounts at sign-up time, without requiring a confirmation code or verifying email or phone number. Users who are confirmed this way can immediately sign in without having to receive a code.

You can also mark a user's email or phone number verified through this trigger.

Note

While this approach is convenient for users when they're getting started, we recommend auto-verifying at least one of email or phone number. Otherwise the user can be left unable to recover if they forget their password.

If you don't require the user to receive and enter a confirmation code at sign-up and you don't auto-verify email and phone number in the Pre-Sign Up Lambda trigger, you risk not having a verified email address or phone number for that user account. The user can verify the email address or phone number at a later time. However, if the user forgets his or her password and doesn't have a verified email address or phone number, the user is locked out of the account, because the Forgot Password flow requires a verified email or phone number in order to send a verification code to the user.