Username parameter in verify email not escaped

[jasiustasiu]

I am surprised such error exists and can't find anyone complaining about this. Maybe I am doing something wrong.

• I have a user with username and email equal to jasiu.stasiu+test1@gmail.com
• I sign up using signUp SDK request
• I can see my user in cognito panel as unconfirmed
• I got verification email with verify link: https://my-poc.auth.eu-west-1.amazoncognito.com/confirmUser?client_id=123&user_name=jasiu.stasiu+test1@gmail.com&confirmation_code=123456

When I click this link I have an error:

1 validation error detected: Value at 'username' failed to satisfy constraint: Member must satisfy regular expression pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

The problem is that user_name is not escaped. If I manipulate link manually and replace jasiu.stasiu+test1@gmail.com with jasiu.stasiu%2Btest1%40gmail.com it works fine. Is ithere any workaround here? Any plans to fix it?

[yishafang]

Thanks for pointing this out, I'm able to reproduce this issue. We have a task created for it and will prioritize to fix the bug.

There is a work around for this. If you want to use email as username, you can select email addresses as "username" to sign up and sign in from General Settings -> Attributes in Cognito console. Now when user signs up with email as their username, service will generate a uuid as username and insert that into the verification link.