Redirect to url after clicking email verification link

[guanzo]

When the user clicks on the email verification link, they're taken to a confirmation page, located at

https://APP.auth.us-east-2.amazoncognito.com/confirmUser?client_id=CLIENT_ID&user_name=USERNAME&confirmation_code=CODE

I'd like the ability to specify a URL that the confirmation page will redirect to, thereby auto logging in the user. This will make the signup flow more streamlined. Perhaps there could be an extra parameter for the redirect url.

https://APP.auth.us-east-2.amazoncognito.com/confirmUser?client_id=CLIENT_ID&user_name=USERNAME&confirmation_code=CODE&redirect=URL

The way it works now is that after clicking the link, the user has to go back to my app and log in again, which is awkward.

[nidsharm]

Hi @guanzo ,

You can go to Cognito User Pool console for your pool, then on the left pane click on App Client Settings under App Integration. There is an option to set your Callback URL there.
We don't currently support specifying the Cognito settings on awsmobile-cli. I'm adding this to our backlog.
Let us know if you face any issues adding your url.

[guanzo]

@nidsharm That callback URL seems to be for cognito's hosted UI. I'm using my own UI.

[yuntuowang]

Hi @guanzo, yes, I understand your situation. It is a good point to add a parameter: https://APP.auth.us-east-2.amazoncognito.com/confirmUser?client_id=CLIENT_ID&user_name=USERNAME&confirmation_code=CODE&redirect=URL

I will mark this as a feature request. Thanks!

[ChandruNextbrain]

Hi @yuntuowang ,

Is that feature is implemented. Please respond asap. Thanks.

[yuntuowang]

Hi @ChandruNextbrain, this feature is not released yet. Thanks

[lxmaran]

Hello @yuntuowang ,
When do you expect to release this feature?

[yuntuowang]

Hi @lxmaran, at this point, we cannot comment on the release time.

[Chitrarekha]

Hi @guanzo @yuntuowang how to generate codeParameter values

I have the below link
https://domainname.amazoncognito.com/confirmUser?client_id=clientid3&user_name=heavenly&confirmation_code=undefined

conformation code is undefined i used "&confirmation_code=" + event.request.codeParameter+ clivk here
any help?

[Chitrarekha]

can anyone help me regarding how to customise the url link for email verification ?

[Deliforce]

That is auto generate by AWS. You can't customize as of now.

[Chitrarekha]

Hi @Deliforce , is there any option to how to achieve email verification ? i have to verify email and phoneno both. CustomMessage_SignUp triggerSource is not sending mail to verify, could you please help me .

[Deliforce]

In Cognito, After creating user pool go to MFA & Verification section. There you have option to set Email & Phone number verification.

[huihe]

Hi @yuntuowang, is there any update about redirect after confirmUser?

[guanzo]

I managed to implement the redirect myself with the help of this SO post: https://stackoverflow.com/questions/47159568/how-to-redirect-after-confirm-amazon-cognito-using-confirmation-url

In Cognito's "Message Customizations" tab, under the option "Do you want to customize your email verification messages?", select "Code".

Create a cognito trigger for "Custom message". Here's my lamba code:

exports.handler = (event, context, callback) => {
    // Identify why was this function invoked
    if(event.triggerSource === "CustomMessage_SignUp") {
        // Ensure that your message contains event.request.codeParameter. This is the placeholder for code that will be sent
        const { codeParameter } = event.request
        const { userName, region } = event
        const { clientId } = event.callerContext
        const { email } = event.request.userAttributes
        const url = 'https://example.com/api/confirmSignup'
        const link = `<a href="${url}?code=${codeParameter}&username=${userName}&clientId=${clientId}&region=${region}&email=${email}" target="_blank">here</a>`
        event.response.emailSubject = "Your verification link"; // event.request.codeParameter
        event.response.emailMessage = `Thank you for signing up. Click ${link} to verify your email.`;
    }

    // Return to Amazon Cognito
    callback(null, event);
};

More information about what kind of data is available to the function:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-message.html?shortFooter=true

The link directs the user to a server that you control. The server then sends a POST request to the Cognito API endpoint which verifies the users email. Check the SO post for what that request looks like.

Since you now control the request, redirect the user wherever you like.

Hopefully AWS implements this feature soon, because this is an annoying workaround for such a simple feature.

[bmoquist]

Hi @yuntuowang - is there any update on this? This is a basic feature for so many applications and significantly improves the user experience. Furthermore, it has been a feature request from your customers for a long time (the above SO article is from Nov. 2017).

[bmoquist]

@guanzo - Your solution worked brilliantly!

Create the Lambda function above. Then, in the Cognito User Pool UI, set the Message Customization trigger to that function under the Triggers section and set the verification type to code in Message Customizations section.

Here is the second half needed on the server (Node here) using the AWS SDK for everyone's reference:

'use strict';
var AWS = require('aws-sdk');
AWS.config.setPromisesDependency(require('bluebird'));
var CognitoIdentityServiceProvider = new AWS.CognitoIdentityServiceProvider({ apiVersion: '2016-04-19', region: process.env.COGNITO_AWS_REGION });

exports.verifyEmailAddress = function(req, res, next) {

  const confirmationCode = req.query.code
  const username = req.query.username
  const clientId = req.query.clientId
  const region = req.query.region
  const email = req.query.email

  let params = {
    ClientId: clientId,
    ConfirmationCode: confirmationCode,
    Username: username
  }

  var confirmSignUp = CognitoIdentityServiceProvider.confirmSignUp(params).promise()

  confirmSignUp.then(
    (data) => {
      let redirectUrl = process.env.POST_REGISTRATION_VERIFICATION_REDIRECT_URL
      res.redirect(redirectUrl);
    }
  ).catch(
    (error) => {
      next(error)
    }
  )
}

[holtc]

Why was this closed? As far as I can tell, it still has not been implemented

[lexicalparadoxx]

I tried to reproduce this workaround, but cognito post sign up still sends the default content from the Message Customization panel.

I also have a custom message function here for ForgotPassword, does it affect the triggering for the SignUp?
It shouldn't be experienced cause of the condition for the event.triggerSource, right?

Really weird that it doesn't got triggered.

[cliffordh]

Does this solution require the user to login again? I would prefer that once the user creates their account, clicks the email link, that they are "signed in" and can then use the app. To require them to enter their credentials again seems like a bad UX.

[cliffordh]

@bmoquist In your second half example, is your code a Lambda? If so, what trigger is it associated with?

[bmoquist]

No, the code is an API controller in Node Express. The Lambda function written by guanzo sends an email with the API url. The user clicks on the link in the email and is redirected to the API (my code above). The server conducts verification on behalf of the user and redirects the user to a new url. You could apply the same logic of my code using Lambda as the API.

Yes, the user will be required to login again - it would be a better UX experience if they didn't need to.

[cliffordh]

This Lambda snippet (found on SO) auto confirms the user:

exports.handler = (event, context, callback) => {
    event.response.autoConfirmUser = true;
    //https://stackoverflow.com/questions/47361948/how-to-confirm-user-in-cognito-user-pools-without-verifying-email-or-phone
    //event.response.autoVerifyEmail = true;  // this is NOT needed if e-mail is not in attributeList
    //event.response.autoVerifyPhone = true;  // this is NOT needed if phone # is not in attributeList
    context.done(null, event);
};

Could we combine these two approaches, auto-confirm the user which lets them use the app without requiring a new login, but then also trigger email verification? Accounts which are not verified would have limited access and/or delete after a period of time.

[bush]

Has there been any movement on this? It looks like cognito really needs the extra redirect parameter ... I really think this should be re-opened. If its not going to be reopened it would be nice to confirm there is an actual feature request in the backlog.

[justinbrush702]

Whether you add a redirect parameter to the AmazonCognitoIdentity.CognitoUserPool or just let us add a custom url in the Cognito user pool UI, this feature should be added ASAP!

[elorzafe]

@bush @justinbrush702 there is a RFC on this issue, we are discussing auth enhancements there.

[bush]

@elorzafe thanks for the update! Appreciate the feedback.

[giomarino]

Still here...

[purbanow]

+1

[kangleon-karl]

+1

[sverraest]

@sammartinez Any feedback from the Amplify team, it's becoming a bit embarrassing.

[czetsuya]

+1 for this ticket. I'm now concern about using Cognito, considering that this is a basic requirement for signup.

[generalpaulinski]

+1

[RomainRothier]

+1

[TheRedshift]

+1, I'm literally meeting with AWS at their offices tomorrow to discuss a new platform we're working on with them and I'm going to bring this (and many other Amplify/Cognito issues I've seen) as a concern, since they've suggested we use both for our new service.

[anil1712]

@TheRedshift how was your meeting with AWS team regarding this issue?

[sverraest]

@sammartinez Can we at least re-open this, it's clearly an issue / missing basic functionality that is causing a lot of concern for a lot of developers. Why leave it closed (and completely ignore it)?

[Seanmclem]

@sammartinez Can we at least re-open this, it's clearly an issue / missing basic functionality that is causing a lot of concern for a lot of developers. Why leave it closed (and completely ignore it)?

I literally just spoke with the new product manager for AWS Amplify on the phone for a half an hour yesterday, almost entirely about this exact issue. I referenced it directly and she was able to look it up. We'll see if they do anything about it.

[sammartinez]

Thanks for this feedback. Here is what we currently have and support for this use case within Amplify:

In our latest UI Components, we handle the auto signing in once a user confirms their sign up on your application. This is strictly with the UI Components on the client side.

As for the redirect URL, we recommend using our Cognito Lambda Triggers in order to accomplish this. We have a section on Email Verification Link with Redirect under this documentation you can follow for setup.

As for feature requests for the Hosted UI, Amplify JS acts as a proxy to the Amazon Cognito service, and we do not control the Hosted UI feature. That being stated, we can raise a feature request internally to Cognito but it may be best to ask them for a feature request via the Amazon Cognito forums.

Hello folks, please see the above comment that I posted on March of this year. This is what we currently support and our recommendations. Since we do not have control over the Hosted UI experience as this is owned by the Amazon Cognito team, we still recommend to open a feature request via the Amazon Cognito forums.

[BernhardSmuts]

I really want to buy into amplify, been trying to use it for 1.5 years now, but it feels like it's been forgotten about and it would almost be easier to just custom code everything.
Mocking not working most of the time.
Auth is a nightmare and not easy to use unless you jump through the exact hoops they want you to (ie: THIS 2 YEAR OLD ISSUE).
Docs cover 0.1% of the details needed to implement anything.

It seemed like such a promising framework to get my teeth stuck into but just keeps disappointing me.

[Talhafayyaz11]

still waiting!!

[Sultandi]

waiting too...........

[CristopherVidalMachado]

Still no updates;

[sverraest]

At this point I'm convinced Half Life 3 will be released before this feature is implemented.

[Israelhrs]

Still waiting..

[abdallahshaban557]

Hello everyone, we have internal conversations started on supporting this feature. We will provide an update when this feature is available!

[rchristiemtt]

@abdallahshaban557 if you are starting conversations about supporting this feature, can this issue remain open until then

[sverraest]

@abdallahshaban557 that's a great first step on such a widely requested and anticipated feature. Echo'ing @rchristiemtt comments to re-open this issue as a lot of people are tracking this.

[abdallahshaban557]

Hi @rchristiemtt and @sverraest - the reason this is closed because we have another issue we are using to track this ask #9006.

[Harsh4999]

Waiting ++.....

[KundaiClayton]

Any updates on this?

[ledgerdevelop]

Amplify Team : Please this in high demand and the UX without it is terrible. The workarounds are also not dev friendly at all. It's been over 4 years now since this has been requested. Come on.

[Wigglor]

Any updates on this? Do we still need to use lambda triggers?

[gh-samadkhan]

Hi , any update on this issue it's 2023 October. Do I still need to use lambda triggers for redirecting my users after clicking on verification link or is there any option to add it from Dashboard. I can see re-direct URL but that's for cognito hosted UI

[ViniciusgCaetano]

January, 2024. Almost 6 years...urgh.

[asyschikov]

How is the internal conversation going?