unique identities in cognito user pool

2

We are experimenting with cognito user pool. We set email or mobile number to be used as user name. We created user with email and mobile number. When we used the same email and mobile number for second user, cognito threw error. This is expected.

After the users are added to cognito with different user email and phone number, we updated the same mobile number and email, it doesn't threw any error. I launched the hosted UI from cognito portal and login with email and password, it picked one account and logged in.

This doesn't seem to be expected output.

  1. Why the cognito doesn't throw error when duplicate phone number is updated ?
  2. When we login using email how does the cognito picked the account ?
  • I'm also wondering how to ensure unique identities with federated login options. I setup a pool with email only and enabled Apple and Google sign in along with the ability to self-register. If I manually create a user in the pool and then Sign In with Apple or Google using the same e-mail, I end up with multiple users in the pool with the same verified email address.

asked 2 years ago1784 views
1 Answer
1

Hi,

When email or phone is used as Alias, email and phone can be marked as verified to only one user in the user pool. If you attempt to assign the same phone/email to another user, you will be able to do so but you will not be able to mark it as verified (you will get an error if you attempt to verify the email/phone). You can force the verification to go through and this will mark the email/mobile for the other user as not-verified and will move the alias to the new user.

Cognito chooses the user with verified email/mobile when you attempt to sign-in using email/mobile.

AWS
EXPERT
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions