I'm currently implementing email verification for a Node-based application using AWS Cognito. We use an external email sender service to send our verification emails, and I've already configured this using a Cognito Lambda hook.
Currently, when sending this email, we generate a link along the lines of:
https://my-frontend.com/verify-email?code=000000&[email protected]
The frontend then sends the necessary data to our Node backend, which should be able to verify the code with Cognito and then use something like the following if necessary:
CognitoIdentityProvider.AdminUpdateUserAttributes({
UserAttributes: [{
Name: 'email_verified',
Value: 'true'
}],
UserPoolId: 'COGNITO_USER_POOL_ID_HERE',
Username: 'USERNAME'
});`
However, I'm struggling to find a way of either getting the verification code to check ourselves, or sending the code off for checking by Cognito as an 'admin' - the only function I can find is CognitoIdentityProvider.GetUserAttributeVerificationCode, which requires a valid user access token.
So, my question is: is it possible to have a custom email sender (and preferably a verify-email page on our frontend) whilst still using verification codes generated by Cognito, or will we have to generate and store our own verification codes on the backend? Alternatively, is there a way of getting Cognito to generate a link and send that to our custom email service instead? Such an option would be great if we could configure it to redirect back to our frontend afterwards. I haven't found that option yet though - using the 'message customisation' options doesn't seem to affect non-SES email senders.
Thanks in advance :)
Updating this question a while after implementing - we ended up just generating the verification codes ourselves. I couldn't find any mention of a way to do what I'm asking for with Cognito, so we just handle verification on our end and tell it the user is verified once complete.