1 Answer
- Newest
- Most votes
- Most comments
0
Hi,
You are right, this behavior is to protect Cognito customers from username enumeration risks. The behavior is highlighted in the managing error messages page and applied when prevent user existence error is enabled.
When you enable custom error responses, Amazon Cognito authentication APIs return a generic authentication failure response. The error response tells you the user name or password is incorrect. Amazon Cognito account confirmation and password recovery APIs return a response indicating a code was sent to a simulated delivery medium.
Relevant content
- Accepted Answerasked 13 days ago
- asked 19 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 10 months ago