How does case sensitivity affect different sign-in methods for my Cognito user pool?

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Case sensitivity differs depending on how you create your user pool. After you create a user pool, you can't modify case sensitivity settings.

By default, user pools that you create on the Amazon Cognito console aren't case sensitive. To create case-sensitive user pools, use the CreateUserPool API or the create-user-pool AWS CLI command. To use the AWS CLI to create a user pool that isn't case sensitive, set the CaseSensitive parameter to false.

Username sign-in

If you set the CaseSensitive parameter to false in the UsernameConfigurationType API, then users can sign in with different capitalizations of their username.

For example, for case-sensitive user pools, User123 and user123 are different accounts. For case-insensitive user pools, User123 and user123 sign in to the same account. The case sensitivity setup affects both username creation and sign-in.

Note: Password authentication is always case-sensitive, regardless of the username configuration.

Email address sign-in

When CaseSensitive is false, the email alias also becomes case-insensitive. For example, user@example.com and User@Example.com always sign in to the same account. Amazon Cognito stores the email address as you entered it, but handles it as case-insensitive for authentication.

Phone number sign-in

Phone numbers don't use case sensitivity. Phone numbers must follow the E.164 format. The format of the phone number affects authentication. For more information, see Configuring email or phone verification.

Related information

Authentication with Amazon Cognito user pools

Creating user accounts as administrator

Create a new application in the Amazon Cognito console

Customizing sign-in attributes