AmplifyAuthenticator - Verify Contact Information Screen displays "[email protected]" about amplify-ui HOT 13 CLOSED

After discussion with Jordan, we decided to re-open because the underlying issue is not solved.

To me the issue is that using Auth.federatedSignIn the AuthState the UI get in return is always verifyContact.
I assume it is due to the fact that for all external IdP Cognito mark the email_verified as false and Amplify use that to decide what state to go on.

This does not make sense. Since the identity is managed by a trusted IdP we have no valid reason to ask for email confirmation.
So, Amplify Auth should instead look at the Account Status and not go for verifyContact if the value is Enabled / EXTERNAL_PROVIDER

from amplify-ui.

Confirmed that this behavior exists and is undesirable.

1. Clicking "Sign in with Google"

   

2. After the redirect, I'm prompted to verify my email:

   

3. However, when refreshing the page, I get the desired experience:

   

from amplify-ui.

It shouldn't! Federated sign in flows through its own logic path in our state machine, so it really shouldn't ever transition to that "verify" screen. I've included a video showing the federated behavior on the new authenticator. Closing this issue since this is fixed in the new version of the authenticator and you aren't working with amplify anymore.

from amplify-ui.

Hey @liamaws, unfortunately I don't have access to that repo but It seems it is you are using Translations to customize the SIGN_UP_EMAIL_PLACEHOLDER or VERIFY_CONTACT_EMAIL_LABEL and that might cause a conflict for retrieving the correct value here. Can you find [email protected] in your codebase and share the code with me?

from amplify-ui.

Oh good catch. I searched [email protected] in the amplify-js repo and couldn't find where it was coming from but I didn't think to look in my own code. 🤦‍♂️

I will pm you the code.

from amplify-ui.

After speaking offline, we determined that this was a translation assignment in your application. Going to close this particular issue as the originally described issue is solved.

from amplify-ui.

Guys what the status on this issue. I am facing same issue while connecting Cognito with my custom IDP(Keycloack)

from amplify-ui.

Summarizing the problem: When adding the federal entity of Apple Id, the Verify contact screen always appears every time you login even though the email is already verified.

The problem occurs because in the mapping of the attributes in Apple there is no email_verified field, therefore every time it is consulted in amplify's login it asks for it to be verified.

If you try removing the email_verified mapping in google, the Verify Contact screen will always appear when logging in with google as well.

The solution to this problem is to create a lambda function that adds the attribute automatically and configure it in the userpool triggers called “Post authentication” and “Post confirm”.

This publication explains the solution to this problem in a complete way.

Something that is not considered in the referenced manual is the security policy, in which you must be given access to the lambda function so that you can update the attributes of the cognito users.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cognito-idp:AdminUpdateUserAttributes",
],
"Resource": "cognito_user_pool_arn"
}
]
}

from amplify-ui.

Commenting here again that this is still an issue. I was able to reproduce it this morning. I will be taking a deeper look at it.

I noticed that I did get an error back from OAuth after logging in with Google. I'm guessing that this error is being caught and so even though the login through Google was successful, it isn't hitting our piece of code that would correctly change the auth state to recognize the user as already being verified.

from amplify-ui.

Just a small update - I haven't found a super reliable fix for this yet. This will require a bit further investigation from our side.

from amplify-ui.

This comes up repeatedly, so as we validate behavior for our @next release we need to determine:

1. If verification is skipped for social sign-ins (or if we can even determine that in the UI)

2. If this is a documentation/configuration issue that can be resolved to successfully allow verification:

   https://bobbyhadz.com/blog/aws-cognito-verify-google-email

from amplify-ui.

Hey everyone, @liamaws , this shouldn't be a problem any longer in the new version of our authenticator (under the @next tag). Here are our docs if you want to take a look - https://ui.docs.amplify.aws/ui/getting-started/installation?platform=react

Screenshot of what the VerifyContact screen should look like now -

If you'd like, you can give the new version a shot and see if it takes care of your issue for you.

from amplify-ui.

Ok great. I'm not actively working with Amplify anymore, but I'm wondering if this screen is still showing up after sign in with a federated identity?

from amplify-ui.