Email verification only sending code, not link

[yannicklaclau]

Describe the bug

• Email verification is sent with a Code, not a Link

To Reproduce Steps to reproduce the behavior: 1- Cognito user pool and app client are created; sign in with with either Email or Phone 2- MFA is set to Optional 3- SMS is enabled 4- Attributes to verify: Email or Phone 5- Message customizations: Phone verification is with SMS, but for Email verifcation, "Link" is selected

Expected behavior The UI is meant to work this way:

• user is asked to sign up with Phone & password
• phone is validated with an SMS confirmation code
• then user is asked to add email address as backup
• then user received email validation

Everything works exactly as expected, except that the email validation is only sending a confirmation code; there is no link.

I've tried the following to make the email send a link for validation instead of code:

• set message customization to Link
• added a domain name for an Amazon Cognito Domain
• in the App Client settings, selected:
• Amazon Cognito User Pool as enabled identity provider
• Authorization code grant for allowed OAuth flow
• aws.cognito.signin.user.admin for awllowed OAuth scope
• app client has full read/write permissions on all attributes

I'm at a loss of what could be going wrong and what to do to get a link sent instead of code for the verification email.

Screenshots n/a

Desktop (please complete the following information): n/a

Smartphone (please complete the following information):

• using amplify and amplify-react-native
• emulator with iPhone X

[yannicklaclau]

"tweet" length summary of this problem: doing Auth with first SMS for phone number, then with Link for email....seems impossible.

Once you have SMS validating the phone number, it appears you are stuck with SMS...(on amplify at least...)

[yannicklaclau]

BTW, I have a hacked together workaround that involves using lambda, api gateway, and dynamoDB. Not as bad as it sounds. If anyone finds this message and is interested in details, reply and I'll write it up here

[jordanranz]

I believe there may be something missing in the Cognito API that would allow us to support this. I'll mark this as a feature request for us to follow up with the Cognito service.

Thank you for the feedback @yannicklaclau

[mfernand0]

BTW, I have a hacked together workaround that involves using lambda, api gateway, and dynamoDB. Not as bad as it sounds. If anyone finds this message and is interested in details, reply and I'll write it up here

Hi @yannicklaclau , so do you have an example of this code of yours?

[airlaser]

@yannicklaclau would love details on that workaround

I'm also unable to get link verif to send, it insists on sending a code.

[pkoeppen]

Here's a useless +1. I'm sure there's another more "manual" way to do this, but that's why I'm using this library, isn't it?

[airlaser]

For reference, the workaround that I ended up doing was to use a combination of the Pre sign-up and Custom Message cognito triggers to generate my own verification links. I would use the custom message to create a link with the email etc encoded and then my own endpoint that used admin cognito to verify the user. Gives more control anyways.

[JakubRakus]

I don't think this is an Amplify or even AWS Cognito API problem. I've tried to change user email using python warrant library and result is the same: user have new email address, marked as unverified and the Cognito automatically sends verification code instead of link. No matter what I choose at Message customizations tab in user pool settings page at AWS Console. Looks like internal Cognito problem/bug.

[vinyoliver]

Same problem here... Any news on this?

[10001oleg]

up

[ksloan]

Still having this problem

[anselpeters]

same problem.. does not work in the AWS Console

[bhaweshtanna]

do we have any time line on this? we have selected verification link in cognito. however user is getting passcode to verify email

[DheerajArora5]

Hi yannicklaclau Email verification type set to Code .

With the current specification defined in the AWS Docs - it is very much unclear on how to set the Verification Type to Link - the solution provided seems to be hanging around.

After doing a bit of research - finally I got to a workaround:

Replace the

EmailVerificationType: Link

With

VerificationMessageTemplate:
        DefaultEmailOption: CONFIRM_WITH_LINK

The Code will look like :

UserPool:
    Type: "AWS::Cognito::UserPool"
    Properties:
      UserPoolName:
        Fn::If:
          - IsDevelopment
          - !Sub "${ApplicationName}-${Environment}-${User}-${Module}-user-pool"
          - !Sub "${ApplicationName}-${Environment}-${Module}-user-pool"
      UsernameAttributes: [email]
      AutoVerifiedAttributes:
        - email
      VerificationMessageTemplate:
        DefaultEmailOption: CONFIRM_WITH_LINK
      EmailVerificationSubject: verify your email id for ${ApplicationName}
      EmailVerificationMessage: Please click the link below to verify your email address. {####}

This seems to be working for me.

[alexandrzavalii]

Hi @DheerajArora5 You solution looks promising, however I didnt find EmailVerificationType: Link in my backend/auth/awsapp/awsapp.yml file. In the meantime is there a config option in amplify cli that would set it?

[DheerajArora5]

Hi @alexandrzavalii , Given template is using CloudFormation Deployment for the Cognito setup, creating the UserPool-setting up the EmailVerification Type as Link . Is there a way, I am not sure how we can achieve this using Amplify.

[alexandrzavalii]

I actually found a cli option to send verification as email link. It links to lambda function which verifies the user and redirects back to your app.

[timello]

I actually found a cli option to send verification as email link. It links to lambda function which verifies the user and redirects back to your app.

Hi @alexandrzavalii, did you manage to fix the problem? What cli option is it? I would be glad to see what you have done. Thank you.

[alexandrzavalii]

@timello when you run amplify update auth one of the options is custom email link.

[amuresia]

I have got as far as creating the custom resource to send out the link. I receive the email and the link looks of (as far as I can tell) but when I click on it nothing happens. The spinner never stops and the user remains UNCONFIRMED in the Cognito user pool

[davidbiller]

I have got as far as creating the custom resource to send out the link. I receive the email and the link looks of (as far as I can tell) but when I click on it nothing happens. The spinner never stops and the user remains UNCONFIRMED in the Cognito user pool

same here...

send Mail per customMessage trigger

Error: NotAuthorizedException: User cannot be confirmed. Current status is CONFIRMED i can see here is this code: cognitoidentityserviceprovider.confirmSignUp()

Check this: https://github.com/aws-amplify/amplify-cli/issues/4534

[woodjme]

@timello when you run amplify update auth one of the options is custom email link.

I found the problem with this method is that you then don't get send a verification code when a user wants to do a password reset. Do you have this use case / find a way round this?

[Robert-Murphy]

+1. Verification link is set in my cognito user pool console to be sent for the verification email. This is successful on the initial account creation, however when updating the email address a verification code is sent.

[panayi]

This works:

UserPool:
  Type: AWS::Cognito::UserPool
  Properties:
    VerificationMessageTemplate:
      DefaultEmailOption: CONFIRM_WITH_LINK
      EmailMessage: !Ref emailVerificationMessage
      EmailMessageByLink: Please click the link below to verify your email address. {##Verify Email##}
      EmailSubject: !Ref emailVerificationSubject
      EmailSubjectByLink: !Ref emailVerificationSubject

Don't change emailVerificationMessage in parameters.json as it will fail to push. Instead, use a separate email message (see EmailMessageByLink above). See docs for VerificationMessageTemplate here.

[borisdayma]

Verification link is set in my cognito user pool console to be sent for the verification email. This is successful on the initial account creation, however when updating the email address a verification code is sent.

You can just edit verification-link.js by adding

if (
    event.triggerSource === 'CustomMessage_SignUp' ||
    event.triggerSource === 'CustomMessage_ResendCode'
  )

[borisdayma]

@panayi Your approach is interesting. I'm wondering why the CLI does it through lambda triggers. Maybe for more flexibility?

Does it also work when users need to reset passwords? Did you have any other limitations?

Also I'm wondering if you had to build a custom UI.

EDIT: after testing both methods, here are pro/cons:

• with @panayi's method (equivalent to setting the option in the console), we can set up a custom domain for the verification link easier
• CLI's method (using lambda trigger) seems to be the only way to redirect users to a custom url after confirmation

[ChihweiLHBird]

I made Cognito send verification link on AWS Online Console but Amplify in my ReactJS is still asking users for verification code after signing up email sent, and way to disable the confirm page that requires verification code.

[thearnabmondal]

I made Cognito send verification link on AWS Online Console but Amplify in my ReactJS is still asking users for verification code after signing up email sent, and way to disable the confirm page that requires verification code.

Any solution to fix this?

[paulmeisterx]

eply and I'll w

Hi, would you please provide the solution for this issue using lambda, api gateway, and dynamoDB ? Thank you

[AXSJ]

Is anyone else pissed that AWS hasn't done anything to fix this? Such a glaring problem and nothing has been done. I don't want hacks or workarounds. I want a solution

[abdallahshaban557]

@AXSJ - we apologize for your frustration, we are aware that this is an important feature for modern web apps. We have not yet landed on a solution for it, however we do have teams looking at enabling this feature in the future. We will update this ticket once we have some expected timelines.

[xsamurai]

Was considering amplify for a new app but it seems it's back to Firebase. Landing on a solution for a verification link takes how long? This was brought up in 2019? Anyhow thanks for wasting my time, now to rip out amplify*.

[manglide]

Any solution to this yet? Still experiencing this issue.

[danderson00]

Folks, this issue has been open for almost 3 and a half YEARS now.

The console is quite misleading, the setting for using a verification link instead of a code simply does not do anything. At the very least, the option to send verification links instead of codes should be disabled to prevent confusion and wasted hours.

[rspears74]

Surprised to see this issue still open after almost 4 years. I'm running into it currently. I can successfully get a link and verify the user, but the UI still asks the user for a code. Shame - amplify seemed like a nice easy way to get a web app up and running.

[LukeFerris]

Just adding my +1.. and just to reiterate.. the cloud formation / amplify part is not the challenge - even if you set the method to "Link" in the AWS Cognito Console manually it still doesn't work and sends the code instead.

Crazy frustrating.

[bradclawson]

Can confirm +1. Still an issue. Seems so basic. It is frustrating spending days trying to get features to work as documented, only to find threads like this. Please for the sake of our sanity, update the documentation and remove the features from the cli if it can't be fixed.

[weitang2022]

It's been more than five years. I still see this issue. This should be an important basic feature.