Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cognito Email Verification Not Working

0

I have a Web App that uses Amazon Cognito for user authentication. The app’s login flow includes the “Forgot Password” feature, which uses Cognito’s built-in email verification process. When users select Forgot Password, they enter their email address and click a button to reset their password. Cognito is then expected to send a verification code to their email, which they use to complete the password reset process.

The issue I’m facing is that only one user (me, the engineer) is successfully receiving the verification email. All other users report that they are not receiving any email. They have all checked their spam folders and verified that there are no filters or blocking rules preventing delivery.

After doing some research, it seemed this might be related to Amazon SES email verification. I verified each user’s email address in SES, and I can see them listed as verified. However, the issue still persists—no emails are being delivered to users other than the one mentioned above.

My next step was to review the SES sandbox settings. It appears my SES account is still in sandbox mode, and my request to move to production was denied. I’d like clarification on the following:

  1. Can SES sandbox still be used for sending Cognito emails if the total number of users is small (in this case, fewer than 12)?
  2. Is there a configuration issue between Cognito and SES that could explain why only one user receives emails while others do not?
  3. Are there any recommended troubleshooting steps for verifying Cognito’s email delivery path when SES is in sandbox mode?

I’d appreciate any help diagnosing and resolving this issue so all users can receive their password reset verification emails and log in successfully.

Thank you for your time and help!

Topics
Front-End Web & MobileBusiness ApplicationsSecurity, Identity, & Compliance
Tags
Amazon CognitoAmazon Simple Email Service
Language
English
asked 12 days ago21 views
2 Answers
0

When SES is in sandbox mode, it has significant restrictions that affect Cognito's ability to send emails. Here's what's happening in your situation:

  1. SES Sandbox Limitations: While in sandbox mode, SES can only send emails to verified email addresses or domains. This explains why you (as a verified address) are receiving emails, but other users are not. Even though you've verified individual user email addresses in SES, Cognito's integration with SES may not be leveraging these individual verifications properly.

  2. Cognito and SES Integration: When your SES account is in sandbox mode, Cognito can only send emails to verified email addresses. This is a fundamental limitation of the sandbox environment, regardless of the number of users (even fewer than 12).

  3. Troubleshooting Steps:

  • Confirm all recipient email addresses are properly verified in SES
  • Check if the user exists in the user pool
  • Verify that users' status isn't set to FORCE_CHANGE_PASSWORD
  • Check that users have verified email attributes in Cognito
  • Check your SES message-sending quota
  • Ensure your SMS and SES configurations have been properly set up

The most likely cause of your issue is that SES is in sandbox mode. While you've verified individual email addresses, the most reliable solution would be to:

  1. Reapply to move your SES account out of sandbox mode, providing more detailed information about your use case
  2. Alternatively, verify the domain(s) of your users' email addresses rather than individual addresses
  3. As a temporary workaround, you could implement a custom verification system using a Custom Message Lambda Trigger to handle the verification process

The verification code sent by Cognito is valid for 24 hours, so timing out shouldn't be the issue here. The core problem is almost certainly related to SES sandbox restrictions limiting email delivery to non-verified addresses.
Sources
Configuring email or phone verification - Amazon Cognito
Troubleshoot Amazon Cognito - Amazon Cognito
Cognito support for verification code configuration | AWS re:Post
Email address and domain verification problems - Amazon Simple Email Service
Cognito forget password through AWS Console error | AWS re:Post

answered 12 days ago
0

As part of the troubleshooting steps, here are the responses to each:

  • Confirm all recipient email addresses are properly verified in SES (all verified)
  • Check if the user exists in the user pool (user exists in user pool)
  • Verify that users' status isn't set to FORCE_CHANGE_PASSWORD (user status is "confirmed")
  • Check that users have verified email attributes in Cognito (Yep, verified)
  • Check your SES message-sending quota (SES message quota has not been reached)
  • Ensure your SMS and SES configurations have been properly set up (Need more specifics, given 1 email is working I assume it's setup correct)
answered 12 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content