AWS Coginto API , Forgot Password Action not raising InvalidParameterException even if neither a verified phone number nor a verified email exists

Auth.forgotPassword(username)

should return some error message. as written in documentation

If neither a verified phone number nor a verified email exists, an InvalidParameterException is thrown.

but it's not raising an exception, instead, I receive a success response.

"CodeDeliveryDetails":{"AttributeName":"email","DeliveryMedium":"EMAIL","Destination":"m***@g***.com"}}

I dont receive the email though.

what can be the reason ?

Upvotes: 7

Answers (3)

Reputation: 1418

You need to make sure the email attribute for user is verified

Upvotes: 0

Reputation: 191

@ryan-hines Oh my god, thank you! I've been struggling with this for days.

We had a very similar issue:

User signs up via Google
User tries to reset password
We wanted to disallow this and tell them to use their social login (you'd think Cognito would handle this part, but no)
- In order to solve this, we wrote a custom Migration lambda to handle "UserMigration_ForgotPassword"
- Even though we were throwing an Error in the lambda, it was still showing a success message in the UI, but was not sending the email

In the newer Cognito UI, we had to go into:

App Integration
Click on app client
Click "Edit" in App client information section
At the bottom under "Advanced security configurations" uncheck "Prevent user existence errors"

Now the UI properly shows a failure when our lambda throws an error.

Upvotes: 1

Reputation: 81

I was seeing the same issue. It turned out to the related to this:

Use the PreventUserExistenceErrors setting of a user pool app client to enable or disable user existence related errors.

After changing that setting on the user pool to 'Legacy' from 'Enabled' I started seeing a 400 response:

{
  "__type": "UserNotFoundException",
  "message": "Username/client id combination not found."
}

Upvotes: 8