Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modify handling of Unconfirmed Users #8583

Closed
2 tasks done
robertjcolley opened this issue Jul 13, 2021 · 2 comments
Closed
2 tasks done

Modify handling of Unconfirmed Users #8583

robertjcolley opened this issue Jul 13, 2021 · 2 comments
Assignees
Labels
Auth Related to Auth components/category feature-request Request a new feature question General question

Comments

@robertjcolley
Copy link

Is this related to a new or existing framework?

No response

Is this related to a new or existing API?

Authentication

Is this related to another service?

No

Describe the feature you'd like to request

We hit a case recently where Auth.signIn(username, password); sent an email, and a user was unable to confirm because they exited the verification code flow. When trying to sign in, the user would get a "UserNotConfirmedException"

As the developer, I am trying to build an experience which catches the UserNotConfirmedException and gracefully recover from the error by allowing a user to enter the verification code sent to their email.

Describe the solution you'd like

Currently, PASSWORD_RESET_REQUIRED shows up as a "Challenge" rather than an Exception. The challenge object is slightly different from the user object, but has key properties:

{
  "username": "1234",
  "challengeName": "PASSWORD_RESET_REQUIRED",
  ...
}

I propose that UserNotConfirmedExceptions be treated similarly to password reset challenges. This would mean an Object which includes the sub/username property from Cognito like below:

{
  "username": "1234",
  "challengeName": "USER_NOT_CONFIRMED",
  ...
}

This will allow a developer to gracefully handle unconfirmed users from verification codes and reduce the number of users leaving because they get stuck as an unconfirmed user.

Describe alternatives you've considered

We provide support for any users which may come across this and use the admin commands to confirm users. However, this could be faked and we take a risk each time we have to do this.

Additional context

No response

Is this something that you'd be interested in working on?

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change
@nadetastic
Copy link
Member

#8585

@nadetastic nadetastic self-assigned this Jan 24, 2023
@nadetastic
Copy link
Member

Closing this issue as we are tracking this on #8585

@nadetastic nadetastic closed this as not planned Won't fix, can't repro, duplicate, stale Jan 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Auth Related to Auth components/category feature-request Request a new feature question General question
Projects
None yet
Development

No branches or pull requests

3 participants