Open MuhammadMusa22 opened 9 months ago
Hi @MuhammadMusa22, This issue looks like a duplicate of #3407. Please take a look at that issue and let me know if you have additional questions.
I read #3407 and I agree that PREVENT_EXISTENCE_USER should be enabled by default. The current setup leaves a massive security risk for unconfirmed accounts being accessed by users who don't own it. I'm currently using amplify auth and fixing this issue is very important for my app. Having us manually configure it for something that should be a staple for the authentication process is making this pointlessly complicated.
@Transparent-Prophet I have created a feature request for the "Prevent User Existence Exception" change you've requested on the Amplify CLI repo: https://github.com/aws-amplify/amplify-cli/issues/13444
Please weigh in on that issue regarding this change.
@MuhammadMusa22 We are marking this as a feature request.
Description
Here is the scenario, when user register with a given email address and password, then onto the verification process, but just at that step, when user leave that screen without verification of OTP. Next time user come again to register themself, error message occur that user is already registered, so user have to login and in this case, user next step is confirm sign up, but user can go ahead with login process with any password and next step will be a verification screen. In such scenarios, we need to reLogin user when user is verified from OTP screen which is kind of bad UX that is extra step in such case.
Kindly if someone can confirm this, and if there is any better alternative.
Categories
Steps to Reproduce
No response
Screenshots
No response
Platforms
Flutter Version
3.10.1
Amplify Flutter Version
1.6.0
Deployment Method
Amplify CLI
Schema
No response