1 Answer
- Newest
- Most votes
- Most comments
0
Hi,
You are right, this behavior is to protect Cognito customers from username enumeration risks. The behavior is highlighted in the managing error messages page and applied when prevent user existence error is enabled.
When you enable custom error responses, Amazon Cognito authentication APIs return a generic authentication failure response. The error response tells you the user name or password is incorrect. Amazon Cognito account confirmation and password recovery APIs return a response indicating a code was sent to a simulated delivery medium.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago