- Newest
- Most votes
- Most comments
Hi,
When email or phone is used as Alias, email and phone can be marked as verified to only one user in the user pool. If you attempt to assign the same phone/email to another user, you will be able to do so but you will not be able to mark it as verified (you will get an error if you attempt to verify the email/phone). You can force the verification to go through and this will mark the email/mobile for the other user as not-verified and will move the alias to the new user.
Cognito chooses the user with verified email/mobile when you attempt to sign-in using email/mobile.
Just verified now, I have 2 users with same email and phone number combination and both are in verified state.
I have this same problem. Surprised Cognito team did not address it even after 10 months. https://repost.aws/questions/QU6F7QTvrnTf6wSHePSkX5Pg/cognito-allows-duplicate-email-alias
Relevant content
- asked 4 years ago
- asked 6 months ago
- asked 10 months ago
AWS OFFICIALUpdated 8 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
I'm also wondering how to ensure unique identities with federated login options. I setup a pool with email only and enabled Apple and Google sign in along with the ability to self-register. If I manually create a user in the pool and then Sign In with Apple or Google using the same e-mail, I end up with multiple users in the pool with the same verified email address.