hamidonos
Reputation: 1
AWS Cognito: Verify deletion of user
We need a verification step for user deletion through AWS Cognito.
Upon requesting delete a verification code should be sent to the users email address (like it's done with sign-up).
All AWS Cognito offers is:
- DeleteUser: only needs a access token
- AdminDeleteUser: only needs a username
How would you incorporate the verification step for deletion into AWS Cognito?
Side note: We're using Lambda in combination with API Gateway to handle all our requests to Cognito.
Upvotes: 0
Views: 726
Answers (1)
stijndepestel
Reputation: 3544
This flow is not natively supported by Cognito, meaning, if you want to achieve this, you'll have to implement this flow manually as one (or two) endpoints on your API Gateway and a Lambda which in turn uses the AdminDeleteUser functionality.
Simple example:
- GET /user/delete: Create a JWT token, send an email to the user with a link, including a token to verify the deletion request. The token can contain the username and an expiration time. (You can use Amazon SES to send the email).
- GET /user/delete?token=verificationToken: Extract the username from the token and execute
AdminDeleteUserusing the username.
Upvotes: 1
Related Questions
- Acessing user identity in AWS Lambda
- Using AWS Lambda to delete a Cognito User
- How to get validate Cognito Access Token in AWS Lambda to allow Gateway API call?
- AWS API Gateway 401 Unauthorized when lambda fails
- Disable cognito user through Lambda
- Triggering a Lambda function upon deleting a user on AWS Cognito User Pool
- AWS API Gateway + Cognito + Lambda - $context.authorizer.principalId empty
- How to delete amazon cognito user using C#?
- Why i signOut in aws cognito didn't revoke access token in lambda
- Missing Cognito user information when invoking a Lambda from API Gateway