InitiateAuth request returns "User does not exist"

[mdesousa]

Hi, thanks for this great library! We are using the end-to-end-example/client code to go through email magic link authentication. We are stuck because the initial request to InitiateAuth is returning an error "User does not exist". The AuthParameters have USERNAME set to the user email, which exists in the pool. The pool has signInAliases: { email: true, phone: true }... so i'd expect that the email can be provided as the username.

Is this a bug? Or are we missing something in the cognito pool configuration? The request works fine if we set the USERNAME property to the cognito sub value... but this is an internal uuid that the user wouldn't know about.

Thanks for the help!

[ottokruse]

Hi mate. So you can sign in with sub, but not with email, even though the user pool is configured to use email as username alias?

Double check the user actually has that email address in the email attribute? And what is the value for email_verified?

Sounds like you didn't deploy the end to end sample but a tweaked version of it? If so, what's different?

[mdesousa]

Hi @ottokruse, thanks for your response! We deployed the frontend portion of the example, but the cdk was our own. The main difference is our user pool allows both email and phone as alias. Our users are initially created only with phone number, and they can later add the email. This scenario causes problems and the user can never sign in with email!

If the user is created with both email and phone from the start, then they can sign in with their email (but not their phone !?!). I have opened a support case with amazon to get clarity on this. Also found this article that explains the different sign in options..

In summary: don't think it's a bug with the passworless library... more of a "gotcha". Hope this explanation helps other people!

[ottokruse]

Ah that gotcha.

To not run into that I usually allow username as a sign in attribute next to eg email and phone, and when I don't want users to actually use that username I just put a random uuid in there on their behalf during signup (custom sign up page and not hosted ui).

[mdesousa]

thanks @ottokruse ! the aws support team made the same recommendation, so we are switching our userpool to use username + phone + email as aliases (vs. just phone + email).