search

aws-amplify / amplify-flutter

A declarative library with an easy-to-use interface for building Flutter applications on AWS.
https://docs.amplify.aws
Apache License 2.0
1.31k stars 242 forks source link

AWS amplify wrong password while user is not verified #4170

Open MuhammadMusa22 opened 9 months ago

MuhammadMusa22 commented 9 months ago

Description

Here is the scenario, when user register with a given email address and password, then onto the verification process, but just at that step, when user leave that screen without verification of OTP. Next time user come again to register themself, error message occur that user is already registered, so user have to login and in this case, user next step is confirm sign up, but user can go ahead with login process with any password and next step will be a verification screen. In such scenarios, we need to reLogin user when user is verified from OTP screen which is kind of bad UX that is extra step in such case.

Kindly if someone can confirm this, and if there is any better alternative.

Categories

Steps to Reproduce

No response

Screenshots

No response

Platforms

Flutter Version

3.10.1

Amplify Flutter Version

1.6.0

Deployment Method

Amplify CLI

Schema

No response

khatruong2009 commented 9 months ago

Hi @MuhammadMusa22, This issue looks like a duplicate of #3407. Please take a look at that issue and let me know if you have additional questions.

Transparent-Prophet commented 9 months ago

I read #3407 and I agree that PREVENT_EXISTENCE_USER should be enabled by default. The current setup leaves a massive security risk for unconfirmed accounts being accessed by users who don't own it. I'm currently using amplify auth and fixing this issue is very important for my app. Having us manually configure it for something that should be a staple for the authentication process is making this pointlessly complicated.

haverchuck commented 9 months ago

@Transparent-Prophet I have created a feature request for the "Prevent User Existence Exception" change you've requested on the Amplify CLI repo: https://github.com/aws-amplify/amplify-cli/issues/13444

Please weigh in on that issue regarding this change.

haverchuck commented 9 months ago

@MuhammadMusa22 We are marking this as a feature request.