Cognito Custom Email Sender code property url encoded

1

After a user is created and when our custom email sender is called, we're able to decrypt it, but if the code has characters like &, they come through url encoded like & or in the case of a > it would be >. I could write a routine to replace those with the single special characters, but I don't think they're supposed to come through like that, especially since it's the new users temporary password.

We're doing just like the documentation states which is essentially:

const {plaintext} = await decrypt(keyring, byteArray, {encoding: 'base64'})
已提問 2 年前檢視次數 913 次
1 個回答
0

Hello,

Cognito User Pool API uses characters that are typically html-escaped in the temporary passwords creates such as '>' and '&' . Accordingly, when Cognito User Pool sends these temporary passwords over email in invitation emails, it does a html-escape of the temporary password string, If the temporary password contain > or & , they will be replaced by 'gt' and 'amp'. I would like to inform you that the internal team is already aware of this issue and is currently working on this on priority. Thank you for providing your valuable feedback on the service.

Currently, not only the temporary password specified by the customer but also the temporary password automatically generated by Cognito may contain characters escaped by HTML. Therefore, we apologize for any inconvenience this may cause, and we would appreciate it if you could add a process to unescape/decode the HTML of the temporary password in the custom email sender's Lambda trigger.

Wish you an Awesome day ahead and stay safe !

Thank you

AWS
已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南