By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Can AWS Cognito allow SignIn with both email and phone number if only email is required for SignUp?

0

I am configuring an AWS Cognito user pool where I want users to be able to SignIn using either their email or phone number. However, I plan to set only the email as a required attribute for SignUp (not the phone number, because I want to add third party auth like Facebook).

My questions are:

1.If I configure SignIn to accept both email and phone number but require only the email attribute for SignUp, will users still be able to register and log in using either their phone number or email?

2.How will users be stored in the Cognito database in this case, especially if they register with a phone number? Will Cognito still properly associate the user accounts even though only the email is set as required?

I’m looking for guidance on whether this configuration will work correctly and how AWS Cognito handles these scenarios.

I tried adding Facebook as a third-party authentication provider in AWS Cognito. However, Facebook does not provide a phone number attribute, and as a result, I encountered an error during implementation. The error stated that Facebook authentication could not be set up because “PhoneNumber” is a required attribute for SignUp in Cognito.

I expected that by configuring Cognito to require only the email for SignUp, it would resolve the issue and still allow users to SignIn with either their email or phone number. However, I am unsure if this configuration will work as expected.

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementAmazon CognitoAWS IAM Identity Center
Language
English
Mark
asked 8 months ago151 views
1 Answer
0

Great questions! Let's break down your scenario and address each point:

1. SignIn with Both Email and Phone Number

If you configure AWS Cognito to accept both email and phone number for SignIn but require only the email attribute for SignUp, users will still be able to register and log in using either their email or phone number. This is because Cognito allows flexibility in SignIn options, and you can configure it to accept multiple identifiers for authentication.

2. User Storage in Cognito Database

When users register, even if they only provide an email during SignUp, they can later add a phone number to their account. Cognito will store both attributes and associate them with the same user account. This means that users can log in using either their email or phone number, and Cognito will correctly identify and authenticate them.

Handling Third-Party Authentication

Regarding the issue with Facebook authentication, the error occurs because Cognito expects a phone number if it's set as a required attribute. By configuring Cognito to require only the email for SignUp, you should be able to integrate Facebook authentication without issues. This setup will allow users to SignIn with either their email or phone number, even if they initially registered using Facebook (which doesn't provide a phone number attribute).

profile picture
EXPERT
Giovanni Lauria
answered 8 months ago
  • HB Sandeep
    19 days ago

    I'm creating an aws amplify gen 2 nextjs app, where I have similar usecase, I want the user to signup using either email or phone. Having said that, I have enabled both email and phone number for cognito user pool. I tried to signup with phone number, it is working fine. However, later I added my email, got it verified via code, it does not allow me to login with email and password now. I tried to add the email under preferred_username as well, still there is no luck. I'm not sure what exactly I'm missing

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content