Cognito Custom Email Sender code property url encoded

Question

After a user is created and when our custom email sender is called, we're able to decrypt it, but if the code has characters like &, they come through url encoded like & or in the case of a > it would be >. I could write a routine to replace those with the single special characters, but I don't think they're supposed to come through like that, especially since it's the new users temporary password.

We're doing just like the documentation states which is essentially:

const {plaintext} = await decrypt(keyring, byteArray, {encoding: 'base64'})

We're doing just like the documentation states which is essentially:

```
const {plaintext} = await decrypt(keyring, byteArray, {encoding: 'base64'})
```

Answer

Hello,

Cognito User Pool API uses characters that are typically html-escaped in the temporary passwords creates such as '>' and '&' . Accordingly, when Cognito User Pool sends these temporary passwords over email in invitation emails, it does a html-escape of the temporary password string, If the temporary password contain > or & , they will be replaced by 'gt' and 'amp'. I would like to inform you that the internal team is already aware of this issue and is currently working on this on priority. Thank you for providing your valuable feedback on the service.

Currently, not only the temporary password specified by the customer but also the temporary password automatically generated by Cognito may contain characters escaped by HTML. Therefore, we apologize for any inconvenience this may cause, and we would appreciate it if you could add a process to unescape/decode the HTML of the temporary password in the custom email sender's Lambda trigger.

Wish you an Awesome day ahead and stay safe !

Thank you

Cognito Custom Email Sender code property url encoded

Relevant content