React: ConfirmSignUp asks for email confirmation even when confirmation disabled

[thevangelist]

Before creating a new issue, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.

On which framework/platform are you having an issue?

React

Which UI component?

Authenticator

How is your app built?

CRA

Please describe your bug.

I have disabled the setting Allow Cognito to automatically send messages to verify and confirm in Attribute verification and user account confirmation in my user pool sign-up experience.

Thus I need a manual confirmation of account from my admin in Amplify in order for user to be able to sign in.

I am using with custom components, but cannot figure a way to customize the second step (besides Header and Footer). Here's a screenshot of what is shown on second step in sign-up experience.

I have resorted to hiding the ConfirmSignUp step with CSS as follows, and displaying my instructions for the mentioned admin-approval in Header element.

[data-amplify-authenticator-confirmsignup] fieldset .amplify-flex {
  display: none;
}

Is this a missing feature or am not understanding something?

I have now been able to make a fully functional workflow for user management, but I am not satisfied with my CSS-hiding solution. Could I use these somehow to solve the issue? https://ui.docs.amplify.aws/components/authenticator#override-function-calls

What's the expected behaviour?

Attribute verification and user account confirmation settings in Cognito should be reflected on ConfirmSignUp component

Help us reproduce the bug!

• Create a user pool that has "Attribute verification and user account confirmation" as disabled.
• Allow self-signup
• Use that pool in your
• Check ConfirmSignUp step of your self-signup and realize there's no way for user to proceed there before the user has been confirmed

Code Snippet

// Put your code below this line.

Additional information and screenshots

No response

[ErikCH]

Hi @thevangelist !

Thanks for bringing this up.

Typically customer who are looking to turn off attribute verification, like you did, will also add in a Pre sign-up Lambda trigger that will automatically verify the email, and confirm the user during sign up. Here are some directions on how to do that. This will allow you to skip the verification page.

On the other hand, are you looking to have a user sign up, with the verification turned off in the user pool, and then have it redirect to a new page that explains to them that their account still needs to be verified, and to contact an administrator? We could add something like that, is that the correct customer experience you want for your users?

We could also add another slot for the Confirm Sign Up page, that would allow you to override more of the page.

Or were you expecting it to give an error message and redirect back to login?

Otherwise, I'd recommend setting up the pre-sign up cognito trigger, so you don't have the additional step of having to have the administrator verify them.

Another thought too, if you must have the administrator verify each account, then the administrator should probably create the accounts too. In that case they can create the account in the Userpool, and verify them at the same time. Then an email will be sent to the user to log in. During the first login they'll be asked for a new password, and they shouldn't be asked to verify their email again.

Let me know your thoughts.

[thevangelist]

@ErikCH, our current setup indeed is like this:

attribute verification is off, users sign up but are confirmed by admins and added to correct groups to get access to items that belong to them. Not the jazziest UX, but it's what the customer wanted.

are you looking to have a user sign up, with the verification turned off in the user pool, and then have it redirect to a new page that explains to them that their account still needs to be verified, and to contact an administrator?

Yes. or have the amplify-ui/react to reflect the actual state of cognito in this case. Maybe the easiest way to implement it for you is to just have the slots customized in confirm sign up as well.

[ErikCH]

Hi @thevangelist !

We are working on a larger holistic way of overriding components, instead of adding more slots. I'll have some more information soon on it! We'll keep you posted as we get closer.

[thevangelist]

Thanks, let me know if you need some ideas.