How to send error message from preSignUp trigger in cognito - amazon-cognito

I am verifying the already exists email using listUsers function in the preSignUp trigger in cognito. When I send a callback to Cognito(callback(Email Already Exists)). This displays PreSignUp failed with Email Already exists instead I want to display only 'Email Already Exists'.
Any help is appreciated.

Related

When is the CustomEmailSender_UpdateUserAttribute trigger source used?

I have set up a custom email sender function that currently just decrypts the code (if present) and logs the event.
I can see in the logs that the lambda is correctly triggered for the other trigger source types such as CustomEmailSender_AdminCreateUser when I run the aws cognito-idp admin-create-user CLI command, and the CustomEmailSender_ForgotPassword when I submit the Forgot Password form on the Hosted UI. However, I do not see any logs when user attributes are updated. I've tested with both the admin-update-user-attributes and the update-user-attributes commands, as well as in the AWS console.
When is the email with the CustomEmailSender_UpdateUserAttribute trigger source sent? Is there a configuration on my user pool or client that I am missing?
According to Cognito documentation on Custom message Lambda trigger sources:
CustomMessage_UpdateUserAttribute | Custom message – When a user's email or phone number is changed, this trigger sends a verification code automatically to the user. Cannot be used for other attributes.
So it only triggers with changes to the email or phone number fields, in order to verify them.

Passwordless Authentication with Cognito - How to determine if a user signed up with email or phone number

We have implemented the Custom Auth Triggers as described link here. We have the user pool set up to let users log in with either phone number or email.
The provided case is - the user has email & phone both verified in their Cognito account
The problem I am having is determining what medium (email or phone number) the user signed in
When observing the event passed into the define / create/verify auth triggers, it seems like doesn't pass through what the username was used to initiate the authentication flow.. only the user attributes which in my case there could be both email or phone. I need to know which one it is so I know if I need to send the code through SMS or Email.
I also read about ClientMetadata this key we can pass from in InitiateAuthCommandInput but it will provide a client metadata key only below these triggers
Pre signup
Pre-authentication
User migration
but it will not provide ClientMetadata in these triggers
Post authentication
Custom message
Pre token generation
Create auth challenge
Define auth challenge
Verify auth challenge
After googling it too much, I found an article which had a tricky solution:
here is the link
I am not able to implement the provided solution.
I found a similar question in stack overflow too Link but there is also no answer, Can anyone please help me with this.
This is a workaround by adding a custom attribute during passwordless login
Actually, the authenticationUser function needs to identify whether the user is adding email or phone during login
Step 1: during login process, before calling initiateAuthCommand, First set a custom attribute in Cognito user object - logged_in_by - email or phone
Step 2: once you add a key after that InitiateAuthCommand will be started and call the triggers
Step 3:
When createAuthChallenge runs at the time we will have userAttributes.logged_in_by.
If this attribute contains email this indicates that the user is trying to login with the email and we need to send OTP over email.
If this attribute contains phone this indicates that the user is trying to log in with the phone and we need to send OTP over the phone number.

Check if a username exists in Cognito User pool

i want to my flow authentication meet these scenarios : check username exist if exist then navigate to screen signIn otherwise signUp.
I cannot find documentation on how to check a username using AWS Cognito
You can use adminGetUser to pass the username and user pool id. If the user exists you will get a 200 success response. Just put an if condition based on the response.

Create Auth0 user

I'm using Management API V2 to create users and I'm setting their password in the creation process.
After that they're receiving an invitation email to confirm their email address because I'm setting the parameter "verify_email" to true.
What I need to do is:
Create User
Send the user an invitation email so they can confirm their email
address.
Giving them the option to set their own password, instead of me
setting it in the creation process "step 1"
I looked up in the community before asking, and I found that I can trigger password reset flow upon the creation, is there any different way to do it? because this doesn't look like the correct way to do it, there should be a way to do so.
Thanks
Triggering reset password email is the right approach. You can use authentication API to send the reset password email.
https://auth0.com/docs/api/authentication#change-password
More options are described here: https://auth0.com/docs/connections/database/password-change

AWS Cognito user migration email bug

I am testing Cognito for replacement of our existing auth code and have found a bug. I have a user pool and implemented the user migration lambda to test the migration process. The user pool is setup to use email as username.
From my client I login with existing credentials, the user migration lambda does the following:
event['response']['userAttributes'] = {
'preferred_username': "migrated guy"
}
event["finalUserStatus"] = "CONFIRMED"
event["messageAction"] = "SUPPRESS"
return event
Login is successful and my user is migrated to Cognito. However, the user immediately receives and email with the subject "Your temporary password" and body "Your username is *****#******.com and temporary password is ********." The temporary password in the email is one generated by Cognito, not the one entered/migrated. I can subsequently log in again with the original password while the one from the email does not work. I have tried this multiple times with the same result. This happens whether or not the migrated password meets my password strength requirements.
Is there at least a way to avoid having this erroneous email sent? Am I doing something wrong?
If you manage to get this resolved, the finalUserStatus and messageAction need to be set on event.response instead of on event:
event.response.finalUserStatus = "CONFIRMED";
event.response.messageAction = "SUPPRESS";
The event structure can be found here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html#cognito-user-pools-lambda-trigger-syntax-user-migration