Cognito user pool Unexpected Behaviour

I had an interesting experience with AWS Cognito User Pools. It typically registers unique email IDs to identify users, and if you attempt to register with the same email, it throws an error indicating that the user already exists.

However, a friend and I simultaneously used the Auth.signup function with the same email but different passwords. Surprisingly, Cognito registered both users with the same email. When we tried to log in, it allowed access for my friend, who registered first, but I encountered an 'incorrect password' error.

I decided to delete my friend's entry from the user pool, thinking that I could now log in. To my surprise, Cognito considered my account non-existent.

This behavior is quite unexpected, and I'm unsure if it's a bug or an intended feature.

Topics

Security, Identity, & Compliance Management & Governance

Relevant content

Unable to create Cognito User Pool
kevireilly
asked 4 years ago
unique identities in cognito user pool
Navin GV
asked 2 years ago
Cognito user pool migration
rePost-User-7596114
asked a year ago
Is Cognito pool user sub attribute globally unique?
Slavomir Tecl
asked a year ago
How do I integrate IAM Identity Center with an Amazon Cognito user pool?
AWS OFFICIALUpdated a year ago
What's the difference between Amazon Cognito user pools and identity pools?
AWS OFFICIALUpdated 5 months ago
How do I integrate a multi-Region and multi-account Amazon Cognito user pool with an Amazon Cognito identity pool?
AWS OFFICIALUpdated a year ago
How do I integrate Amazon SES with an Amazon Cognito user pool?
AWS OFFICIALUpdated a year ago
AWS Cognito Finally Supports Custom Claims for Access Tokens
EXPERT
Antonio_Lagrotteria
published a month ago
How to Implement OpenID on AWS
EXPERT
Sedat Salman
published a year ago