By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Assistance Needed: Simultaneous Validation of Email and Mobile Number Using Cognito and SNS

0

Dear AWS Community,

I hope this message finds you well. We are currently working on a sign-up process for our platform and are facing a challenge regarding the validation of both email and mobile numbers using AWS services.

Our aim is to require users to validate both their email and mobile number by entering OTPs (One-Time Passwords) during the registration process. To accomplish this, we plan to utilize Amazon Cognito for email notifications and Amazon SNS for sending SMS OTPs.

However, our development team has encountered a roadblock. According to our developer, it seems impossible to validate both the email and mobile number simultaneously within Cognito due to its limitations. This limitation has raised concerns within our team as we firmly believe that in today's technological landscape, there should be a solution to enable such validations without constraints.

We are reaching out to seek guidance and suggestions from the AWS community on how we can achieve simultaneous validation of both email and mobile numbers during the user registration process using Cognito and SNS. We aim to implement a robust and secure verification workflow that ensures users validate both contact points before accessing our platform.

Our primary objectives are:

To trigger email notifications for email validation using Amazon Cognito. To send SMS OTPs for mobile number validation using Amazon SNS. To enable a seamless process where users must validate both their email and mobile number before completing the sign-up process. Any insights, suggestions, or recommended approaches from your experiences or expertise in working with AWS services would be immensely appreciated. We are open to exploring custom solutions or alternative methodologies that could help us overcome this challenge.

Thank you in advance for your time and assistance. Your contributions to this matter would be invaluable to our project's success.

Topics
Security, Identity, & ComplianceApplication Integration
Tags
Amazon CognitoAmazon Simple Notification Service (SNS)
Language
English
Rocky
asked 5 months ago164 views
1 Answer
1

Hi Rocky, Although I never implemented an app that requires three factor authentications (assuming that you are using password as the first factor + sms + email) the Cognito documentation cover this use-case.

Excerpt from the Cognito Documentation. Important If a user signs up with both a phone number and an email address, and your user pool settings require verification of both attributes, Amazon Cognito sends a verification code to the phone number through SMS message. Amazon Cognito hasn't yet verified the email address, so your app must call GetUser to see if an email address awaits verification. If it does require verification, the app must call GetUserAttributeVerificationCode to initiate the email verification flow. Then it must submit the verification code by calling VerifyUserAttribute.

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html

profile pictureAWS
EXPERT
Eduardo Oliveira
answered 5 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed 11 days ago
  • Rocky
    5 months ago

    Thanks for your assistance

  • NareshKumar
    5 months ago

    Hi Eduardo Oliveira, How do I get user input values in the Create Auth challenge lambda for login? because my requirement was the same as well and users can log in with both email and phone numbers.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content