Modify handling of Unconfirmed Users #8583
Labels
Auth
Related to Auth components/category
feature-request
Request a new feature
question
General question
Is this related to a new or existing framework?
No response
Is this related to a new or existing API?
Authentication
Is this related to another service?
No
Describe the feature you'd like to request
We hit a case recently where
Auth.signIn(username, password);
sent an email, and a user was unable to confirm because they exited the verification code flow. When trying to sign in, the user would get a "UserNotConfirmedException"As the developer, I am trying to build an experience which catches the UserNotConfirmedException and gracefully recover from the error by allowing a user to enter the verification code sent to their email.
Describe the solution you'd like
Currently, PASSWORD_RESET_REQUIRED shows up as a "Challenge" rather than an Exception. The challenge object is slightly different from the user object, but has key properties:
I propose that UserNotConfirmedExceptions be treated similarly to password reset challenges. This would mean an Object which includes the sub/username property from Cognito like below:
This will allow a developer to gracefully handle unconfirmed users from verification codes and reduce the number of users leaving because they get stuck as an unconfirmed user.
Describe alternatives you've considered
We provide support for any users which may come across this and use the admin commands to confirm users. However, this could be faked and we take a risk each time we have to do this.
Additional context
No response
Is this something that you'd be interested in working on?
The text was updated successfully, but these errors were encountered: