AWS Cognito Workflow: Using email alias for primary username

AJ Venturella picture AJ Venturella · Feb 28, 2017 · Viewed 7.3k times · Source

So I am trying to get my head around AWS Cognito but I have hit some walls.

So, right now I can register an account, and verify it and sign in. Simple enough. The edge cases are where my walls are.

Here's the info I have so far:

Here in lies my edge case.

If a user signs up, but does NOT immediately verify:

  • they get called away
  • maybe the app crashes
  • they lose connectivity
  • their battery dies
  • they force quit
  • app get's accidentally deleted.

In their mind they have signed up just not verified their account. At this point it effectively leaves no way to verify their account they thought they signed up for. I guess it could be solved with messaging:

"Warning your account will not be created until you verify your email address." or something along those lines. Anyway...

  • They can't attempt to sign in as they won't know the UUID that was randomly assigned as their username.
  • Even if that wasn't the case, they provided their email address as their username. From the user's POV they would have no idea what their username could even be since they only entered their email address.
  • The best they could hope for is to try to sign up again. (Assuming they read the verification warning above) In this case now Cognito potentially has abandoned unconfirmed accounts piling up.

"Piling up" may be too strong a phrase, this is likely a pretty fringe case.

Now the plus side is, since they have not "verified" their email they can sign up again with the same email address since the email doesn't get uniquely constrained until it's verified. If someone tries to verify an address that has already been verified they get a AliasExistsException. This actually brings up an interesting point which I just tested as well.

I can register with an email address, then verify that email address so the account becomes confirmed. I can then turn right around and sign up with the same email address and I don't get an official AWS error until I try go to verify that account with the duplicate email address. There isn't any way to surface this error earlier? I guess the expectation is that it's on the developer to write a verification service in the Pre-Signup Trigger:

This trigger is invoked when a user submits their information to sign up, allowing you to perform custom validation to accept or deny the sign up request.

To sum up, and to restate the question:

It seems to be required, practically speaking, that when using an email address with Cognito a Pre-Signup Lambda is required to ensure an account with an email doesn't already exist since the AWS Exception won't be handled until a verification attempt is made.

Is my assumption here correct? By required here I think it's pretty reasonable to let a user know an email address is not available as soon as possible. For example:

John Doe : [email protected]
Jane Doe : [email protected]

Answer

jWang1 picture jWang1 · Apr 17, 2019

You are correct. Another solution is to create a lambda (not triggered by preSignUp) and called whenever the user finished typing into the email field. And getting a response "This email is already used" or "This email is available" before even sending the sign-up event.

Referring the first part of your question. If the user does not immediately verify their email. You probably mean confirmation by code. I prefer using confirmation by link sent to email which avoids this problem.