Aws-sdk-java: [AWS cognito] How to verify email from lambda trigger without having to send confirmation code

This is probably more of a question for the Cognito team themselves (rather than the SDK) so you might be better off opening a support case through the AWS console. FWIW I've read through the docs myself and it's not obvious how you can set this attribute - seems like the only thing you can do in the pre-signup trigger is set autoConfirmUser

Out of interest - why is it important to override the verified status? You say your application doesn't require it - without actually receiving an email and confirming via a code have users really verified?

You might also want to submit a question to the amazon-cognito team on stack-overflow : http://stackoverflow.com/questions/tagged/amazon-cognito

@kiiadi Thanks for your reply. Yes I did post my question in the AWS Cognito forum here. And I have found one working solution to auto verify the email. That is by using the adminUpdateUserAttributes API and passing email_verified = true as an attribute to it.
Another solution through the lambda trigger is suggested by AWS team member, that is to use autoVerifyEmail = true. But I havent tried this solution yet.

Out of interest - why is it important to override the verified status?

I require to override the email verified status, because I want to provide the forgot password option to user. And forgot password API does not work if user email is not verified.

hello @hithisisneel Are you find way to override the email verified status. I want to reset password without confirmation code, if you find way , please let me know , thanks.

@ijustyce Yes you can override email verification in the following ways:

• Use autoVerifyEmail = true in your pre-signup lambda trigger.
  OR
• Call the adminUpdateUserAttributes API and pass email_verified = true as an attribute to it.

Thanks @hithisisneel But in this way I only can confirm email address without confirm code when signup, still cannot find password without verify email address. If you known how to reset password without verification code , please tell me , thanks in advance.

@ijustyce I'm not sure I understand what you mean here. But, here are a couple of scenarios-

1. If you want to use Cognito's forgot password API, but at the same time you don't want to force the user to enter a 'valid email id at signup'. Then you can override the email verify status by using one of the ways I described earlier (Because if the email is not verified, then forgot password api throws errors). Bear in mind that, in this case if the user enters a fake/non-existing email id, then when he tries to do a 'forgot password', then he simply wont receive the reset password mail because he has given an invalid email in the first place. So in this case, either the user has to try and remember the password he entered on signup ELSE he has to create a new account providing a valid email, so that the next time he forgets password, he can reset it by receiving an email to his valid email id.
   (This was the requirement in our case.)
2. On the other hand, If you want the user to be always able to reset his password, then you should not allow him to enter a fake email id at signup. That is, you should not override the email verify status for him, and instead perform the email verification, so that you are sure its a valid email id. Then when he requests a forgot password, he will receive the reset password email to his valid email id, which he can use to reset his password.

Go through the documentations here for more details

Go to Cognito > triggers > Pre sign-up
Add this lambda:

exports.handler = (event, context, callback) => {
    event.response.autoConfirmUser = true;
    context.done(null, event);
};

Here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html

Hi Guys,

I am using email and phone number as username for my mobile APP. I am using cognito extension for dotnet and trying to finish challenges in while loop as per article: https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/cognito-authentication-extension.html

I only need to verify Phone number not email id however I need both as username.

I am running following lambda pre sign up trigger to autoverify email but it gives an error.
Pre Signup Lambda:
var response = require('cfn-response'); exports.handler = function(event, context, callback) { if (event.triggerSource === 'PreSignUp_SignUp') { if (event.request.userAttributes.hasOwnProperty('email')) { event.response.autoVerifyEmail = true; } callback(null, event); return } callback(Misconfigured Cognito Trigger ${ event.triggerSource }) };
Error:
Phone or email cannot be auto verified, when user is not being auto confirmed.

If I confirm user in above lambda trigger using:
event.response.autoConfirmUser = true;
then email is verified. However since user is also confirmed, it doesn't sent SMS for phone verification.

could anyone please help/suggest?

Here's the Lambda function to achieve this: https://github.com/vbudilov/cognito-autoconfirm-user

Can't i do it in by Calling the userPool.signUp() function ?

@ijustyce Yes you can override email verification in the following ways:

• Use autoVerifyEmail = true in your pre-signup lambda trigger.
  OR
• Call the adminUpdateUserAttributes API and pass email_verified = true as an attribute to it.

Just for future reference, this is how I solved this using the AWS cli:

aws cognito-idp admin-update-user-attributes --user-pool-id <pool_id> --username <username> --user-attributes Name=email_verified,Value=true