authentication amazon-cognito email-confirmation

Cognito user is unable to reset his password, or ask for resent if his is in "force_change_password" status

If a cognito user lost his confirmation email is unable to reset his password, or ask for resent if his is in "force_change_password" status, and no error is displayed to him.

Is there any known fix on that?

Solution

Doesn't completely solve my issue, but it does provide an error message to the user.

If you go to User Pool -> General Settings -> App clients -> under Prevent User Existence Errors -> change from enabled to legacy.

So when the user clicks on the forget password will see this error message "Could not reset password for the account, please contact support or try again".

Enable password and unix_socket authentication for MariaDB root user?
How to consume from an eventsource API requiring auth headers?
How to display an Error message when logging in fails in Reactjs
Notify navbar of authenticated status when logged in (Angular)
Proper way to store a token retrieved client-side in nextjs 13 "App Router" version?
Signout and login not working in auth.js in Next14 with middleware and server actions
Laravel: Auth::user()->id trying to get a property of a non-object
404 page not found when running firebase deploy
.NET 8 Blazor Server - role authorization with Windows Authentication
Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
Symfony2: How to change Entity Manager just before doing login_check
JWT signature verification failing
SMAppService register() - How to detect launch at startup/login vs regular launch?
AppwriteException: User (role: guest) missing scope (account), not able to get account after creating a session
authMiddleware doesn't exist after installing clerk
Stop request in CookieAuthenticationEvents.OnValidatePrincipal after response body has been written to
Blazor Hosted WebAssembly with Keycloak and Basic Authentication Issue
How to change the app name for Firebase authentication (what the user sees)
How do I restrict Apache/SVN access to specific users (LDAP/file-based authentication)?
Unexpected authorization behaviour in a Blazor Web App with .NET 8
MongoDB: Understand createUser and db admin
Update react context without refreshing page on state update
What is the standard/modern way to use CAC/PIV card authentication in Java/Tomcat web applications?
Keycloak retrieve custom attributes to KeycloakPrincipal
Secure Google Cloud Functions http trigger with auth
Cannot authenticate in fresh installed Laravel 11 with MySQL/MariaDB
authentication with only username (id) in laravel
Having problem Authorizing Authenticated user account in Web API
What is the purpose of a "Refresh Token"?
AuthenticationHandler's ChallengeAsync does not contain the failures