Cognito unable to signup users that have unconfirmed status already
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
A Cognito User Pool is configured for the users to use their "email address" to sign up and sign in.
If a user signs up with the email of someone else then that email will get stuck in UNCONFIRMED state and the owner will not be able to use it appropriately.
Having said that let me provide an example with the following scenario:
- User signs in with an email address the user doesn't own, let's say it is someone@mail.com. In this step (registration form) some more data is sent like organization name, and user full name.
- Verification code is sent to the email
- Now the user that owns someone@email.com wants to create an account (maybe some days in the future), so he goes and fills the registration form but an error is thrown by cognito
{"__type":"UsernameExistsException","message":"An account with the given email already exists."}
Thinks to consider:
* If the email already exists but is in unconfirmed state then provide the user the option to resend the link. This option is not optimal because additional data might be already in the user profile as the 1st step exemplifies.
* A custom lambda can be done to delete the unconfirmed user before signup or as a maintenance process every day, but I am not sure if this is the best approach.
There is also this configuration under Policies in cognito consol: "How quickly should user accounts created by administrators expire if not used?", but as he name implies this setting will only apply to users if they are invited by admins.
Is there a proper solution for this predicament?
amazon-cognito
asked Nov 26 '18 at 22:15
Nestor TobonNestor Tobon
63
add a comment |
A Cognito User Pool is configured for the users to use their "email address" to sign up and sign in.
If a user signs up with the email of someone else then that email will get stuck in UNCONFIRMED state and the owner will not be able to use it appropriately.
Having said that let me provide an example with the following scenario:
- User signs in with an email address the user doesn't own, let's say it is someone@mail.com. In this step (registration form) some more data is sent like organization name, and user full name.
- Verification code is sent to the email
- Now the user that owns someone@email.com wants to create an account (maybe some days in the future), so he goes and fills the registration form but an error is thrown by cognito
{"__type":"UsernameExistsException","message":"An account with the given email already exists."}
Thinks to consider:
* If the email already exists but is in unconfirmed state then provide the user the option to resend the link. This option is not optimal because additional data might be already in the user profile as the 1st step exemplifies.
* A custom lambda can be done to delete the unconfirmed user before signup or as a maintenance process every day, but I am not sure if this is the best approach.
There is also this configuration under Policies in cognito consol: "How quickly should user accounts created by administrators expire if not used?", but as he name implies this setting will only apply to users if they are invited by admins.
Is there a proper solution for this predicament?
amazon-cognito
asked Nov 26 '18 at 22:15
Nestor TobonNestor Tobon
63
I think the way it currently works in correct. The options you have are:1) Admin has to delete the user manually 2) User signs in with the password received, then corrects his information
– Deepthi
Nov 27 '18 at 15:32
add a comment |
A Cognito User Pool is configured for the users to use their "email address" to sign up and sign in.
If a user signs up with the email of someone else then that email will get stuck in UNCONFIRMED state and the owner will not be able to use it appropriately.
Having said that let me provide an example with the following scenario:
- User signs in with an email address the user doesn't own, let's say it is someone@mail.com. In this step (registration form) some more data is sent like organization name, and user full name.
- Verification code is sent to the email
- Now the user that owns someone@email.com wants to create an account (maybe some days in the future), so he goes and fills the registration form but an error is thrown by cognito
{"__type":"UsernameExistsException","message":"An account with the given email already exists."}
Thinks to consider:
* If the email already exists but is in unconfirmed state then provide the user the option to resend the link. This option is not optimal because additional data might be already in the user profile as the 1st step exemplifies.
* A custom lambda can be done to delete the unconfirmed user before signup or as a maintenance process every day, but I am not sure if this is the best approach.
There is also this configuration under Policies in cognito consol: "How quickly should user accounts created by administrators expire if not used?", but as he name implies this setting will only apply to users if they are invited by admins.
Is there a proper solution for this predicament?
amazon-cognito
asked Nov 26 '18 at 22:15
Nestor TobonNestor Tobon
63
A Cognito User Pool is configured for the users to use their "email address" to sign up and sign in.
If a user signs up with the email of someone else then that email will get stuck in UNCONFIRMED state and the owner will not be able to use it appropriately.
Having said that let me provide an example with the following scenario:
- User signs in with an email address the user doesn't own, let's say it is someone@mail.com. In this step (registration form) some more data is sent like organization name, and user full name.
- Verification code is sent to the email
- Now the user that owns someone@email.com wants to create an account (maybe some days in the future), so he goes and fills the registration form but an error is thrown by cognito
{"__type":"UsernameExistsException","message":"An account with the given email already exists."}
Thinks to consider:
* If the email already exists but is in unconfirmed state then provide the user the option to resend the link. This option is not optimal because additional data might be already in the user profile as the 1st step exemplifies.
* A custom lambda can be done to delete the unconfirmed user before signup or as a maintenance process every day, but I am not sure if this is the best approach.
There is also this configuration under Policies in cognito consol: "How quickly should user accounts created by administrators expire if not used?", but as he name implies this setting will only apply to users if they are invited by admins.
Is there a proper solution for this predicament?
amazon-cognito
amazon-cognito
asked Nov 26 '18 at 22:15
Nestor TobonNestor Tobon
63
asked Nov 26 '18 at 22:15
Nestor TobonNestor Tobon
63
asked Nov 26 '18 at 22:15
Nestor TobonNestor Tobon
63
asked Nov 26 '18 at 22:15
Nestor TobonNestor Tobon
63
asked Nov 26 '18 at 22:15
Nestor TobonNestor Tobon
63
63
I think the way it currently works in correct. The options you have are:1) Admin has to delete the user manually 2) User signs in with the password received, then corrects his information
– Deepthi
Nov 27 '18 at 15:32
add a comment |
I think the way it currently works in correct. The options you have are:1) Admin has to delete the user manually 2) User signs in with the password received, then corrects his information
– Deepthi
Nov 27 '18 at 15:32
I think the way it currently works in correct. The options you have are:1) Admin has to delete the user manually 2) User signs in with the password received, then corrects his information
– Deepthi
Nov 27 '18 at 15:32
I think the way it currently works in correct. The options you have are:1) Admin has to delete the user manually 2) User signs in with the password received, then corrects his information
– Deepthi
Nov 27 '18 at 15:32
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53489940%2fcognito-unable-to-signup-users-that-have-unconfirmed-status-already%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53489940%2fcognito-unable-to-signup-users-that-have-unconfirmed-status-already%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I think the way it currently works in correct. The options you have are:1) Admin has to delete the user manually 2) User signs in with the password received, then corrects his information
– Deepthi
Nov 27 '18 at 15:32