- Newest
- Most votes
- Most comments
Can the first challenge be something handled by another Backend API built by your own? - eg. a separate lambda function? Inside that lambda function, you can call AWS APIs if desired, you can check email domains if you want.
For example, I had a passwordless login (magic email link login) portal. The first API call is sending to my own rest api endpoint - 'https://myapi.domain.com/checkuser' with the email address entered. If the user does not exist in current userpool (adminGetUser), then create a new user (adminCreateUser). Once the first API responses back to frontend, frontend triggers custom_auth_flow of initiateAuth with the email entered.
It won't be able to avoid user input fake email address, unless in the checkuser
lambda has a list to do correct filter before adminCreateUser
.
Userpool does not too care about user amount, it's charged for monthly active user. If a user created by never signed-in successfully, it would not be counted for charge.
adminCreateUser would create a user in FORCE_CHANGE_PASSWORD state. It might be possible to execute a regular user clean up by checking whether the user ever successfully login after creation.
Relevant content
- AWS OFFICIALUpdated 14 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
Thank you for your answer! This makes a lot of sense as a work around - creating the user at the point of login. My only question is how do you ensure that the email entered by the user is correct and they haven't made a spelling mistake - because then wouldn't the user pool end up being filled with incorrect accounts, which I guess isn't the biggest issue but still just wondering if there is a way to prevent that. But anyway I have gone with the same work around as you!