Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to allow users to request a new verification code when using Cognito Managed Login?

0

Hi,

I chose to use Cognito Managed Login in my application because it seemed like the recommended and more hassle-free approach, compared to building my own authentication UI.

However, I’m facing a UX issue regarding email verification:

  • If a user signs up with an email but does not confirm their email, there seems to be no route or way for them to request a new verification code.
  • If the user tries to sign up again with the same email, Cognito returns “user already exists.”
  • If the user tries to reset their password, Cognito says the email is not confirmed.

As a result, the user is “stuck” and cannot verify their account or proceed, unless they contact the app developer/admin.

Is there a built-in solution, configuration, or best practice to allow users to request a new confirmation code in this Managed Login flow? Or is this a gap in the Managed Login approach that requires a custom workaround?

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito
Language
English
asked a year ago228 views
2 Answers
0

In Amazon Cognito, you can enable users to request a new verification code when they haven't confirmed their account through the ResendConfirmationCode API operation.

For users who have signed up but haven't confirmed their accounts yet, this operation sends a new confirmation code to their email address or phone number (whichever is set as an auto-verified attribute). The code is valid for 24 hours.

If you're using Cognito Managed Login, there are a few approaches to handle this situation:

  1. If you're using Amplify Authenticator UI, you can customize the verification flow to include a "Resend code" option that calls the ResendConfirmationCode API when clicked.

  2. For a more custom solution, you can implement a client-side handler that detects when a user is in the unconfirmed state and provides them with an option to request a new code.

  3. You can also implement a post-confirmation Lambda trigger to create a more seamless experience after verification.

Without this functionality, users who don't receive or lose their verification code would indeed be stuck in an unconfirmed state, unable to fully access your application. They wouldn't be able to sign up again (as the account already exists) or reset their password (as the email isn't confirmed).

For administrator-assisted recovery, an admin can mark a user's email or phone as verified through the Amazon Cognito console by editing the user's attributes and checking "Mark email address as verified" or by setting the email_verified attribute to true using the AdminUpdateUserAttributes API.
Sources
ResendConfirmationCode - Amazon Cognito User Pools
Authenticator is not redirecting user to login page after account verification code is entered | AWS re:Post
Passwords, account recovery, and password policies - Amazon Cognito
Configuring verification and invitation messages - Amazon Cognito

answered a year ago
0

Feature Request: "Resend Code" Button on Cognito Managed Login

Hello AWS Cognito team,

I would like to request a much-needed feature for the Cognito Managed Login flow:

- Please add a "Resend Code" button on the email/phone verification screen.

Currently, if a user does not receive (or loses) their verification code during sign-up, there is no way for them to request a new code directly from the Managed Login flow.

As a result, users are stuck in an unconfirmed state and cannot proceed or recover without developer/admin assistance, which leads to a poor user experience.

Many competing authentication providers include this feature by default.

This addition would make the Managed Login flow much more hassle-free and production-ready, especially for teams who want to avoid building a fully custom authentication UI.

Thank you for considering this improvement!

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content