Closed jasiustasiu closed 6 years ago
Thanks for pointing this out, I'm able to reproduce this issue. We have a task created for it and will prioritize to fix the bug.
There is a work around for this. If you want to use email as username, you can select email addresses as "username" to sign up and sign in from General Settings -> Attributes in Cognito console. Now when user signs up with email as their username, service will generate a uuid as username and insert that into the verification link.
I am surprised such error exists and can't find anyone complaining about this. Maybe I am doing something wrong.
https://my-poc.auth.eu-west-1.amazoncognito.com/confirmUser?client_id=123&user_name=jasiu.stasiu+test1@gmail.com&confirmation_code=123456
When I click this link I have an error:
The problem is that user_name is not escaped. If I manipulate link manually and replace jasiu.stasiu+test1@gmail.com with jasiu.stasiu%2Btest1%40gmail.com it works fine. Is ithere any workaround here? Any plans to fix it?