Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cognito Managed Login has no recovery path for unconfirmed users

0

Amazon Cognito Managed Login has a UX gap in the sign-up confirmation flow that can leave users stranded.

Reproduction steps:

  1. User signs up via Managed Login
  2. User is prompted to enter an email confirmation code
  3. User closes the screen before entering the code
  4. Later, user tries to sign in

Current behavior:

  • The user sees "User is not confirmed"
  • There is no visible option to enter the confirmation code
  • There is no option to resend the confirmation code
  • The user cannot proceed without external support or custom implementation

Expected behavior:

  • From the "User is not confirmed" state, provide:
    • A way to enter the confirmation code
    • A way to resend the confirmation code

Impact: This creates a dead end for legitimate users and increases production support burden, as users cannot recover by themselves. It can also lead to lost user conversions in real-world applications.

This issue makes managed login unsuitable for fully self-service onboarding flows without additional custom implementation.

This is not just a UX improvement request, but a necessary recovery path for real-world usage.

Is there any official workaround for this using managed login only?

Current guidance (including community answers) often suggests deleting the user from the Cognito console as a workaround. However, this is not a viable solution in production, as it requires manual intervention and does not scale for real users.

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito
Language
English
asked a month ago35 views
1 Answer
1

How about using the ResendConfirmationCode API and ConfirmSignUp flow to allow the user to re-enter or request a new confirmation code:

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ResendConfirmationCode.html

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html

EXPERT
answered a month ago
EXPERT
reviewed a month ago
  • Akey Skywalker
    a month ago

    Thanks for your response.

    The APIs you mentioned are indeed valid, but they require building a custom flow.

    My question specifically refers to the Managed Login experience without additional custom implementation.

    In its current form, Managed Login does not provide a recovery path for users in the "User is not confirmed" state, which creates a dead-end in a fully managed, self-service onboarding flow.

    The issue is not about whether it is technically possible to implement a workaround using APIs, but that this recovery path is missing from the managed login flow itself.

    Is there any built-in way to handle this scenario within Managed Login only?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content