Amplify.Auth.signIn not throwing userNotFound error

[YanZhaoNV]

Describe the bug
Using iOS signIn function with none existing account, expecting userNotFound error but throw notAuthorized. Using the same account testing on Android give back the right error type.

To Reproduce
Steps to reproduce the behavior:

1. try to sign in any cognito user db
2. login with none existing user
3. throw "notAuthorized" error

Observed Behavior

Expected Behavior
Should throw userNotFound as Android.

Stack Trace
Please provide a stack trace if applicable e.g. a crash is occurring.

Code Snippet

_ = Amplify.Auth.signIn(username: username, password: password) { result in
  switch result {
  case .success(let signInResult):
      if case .confirmSignUp(_) = signInResult.nextStep {
          confirm?()
      } else {
          success()
          UserDefaultsManager.shared.setValue(key: .userHasSignedIn, value: true)
      }
      DDLogDebug("Sign in succeeded")
  case .failure(let error):
      DDLogError("Sign in failed \(error)")
      switch error {
      case .service(let message, _, let uError):
          if let uError = uError as? AmplifyPlugins.AWSCognitoAuthError {
              switch uError {
              case .userNotFound:
                  failure(.usernameDoesntExist, message)
              default:
                  failure(.unknownError(underlyingError: error), message)
              }
          } else {
              failure(.unknownError(underlyingError: error), message)
          }
      case .notAuthorized(let description, _, _):
          failure(.notAuthorised, description)
          
      default:
          failure( .unknownError(underlyingError: error), error.errorDescription)
      }
  }

Environment(please complete the following information):

• SDK Version: 1.13.0
• Dependency Manager: Cocoapods
• Swift Version : 5
• Xcode Version: 12.5.1

Device Information (please complete the following information):

• Device: any
• iOS Version: any
• Specific to simulators:

Additional context
Add any other context about the problem here like your specific use case.

[ameter]

Thanks for the question. The error returned when attempting to sign in with a user that does not exist is configurable in the App Client settings of the Cognito User Pool. If you enable Prevent user existence errors for the App client, you will receive a .notAuthorized error:

If you do not enable this feature, you will receive the legacy .service error with the .userNotFound underlying error:

The reason for this change is to enable increased security by preventing disclosure of valid login ids while still supporting the legacy behavior if desired. Additional documentation is available here.