Login/Register
AWS Cognito: How can I prevent multiple registrations with the same email address?
Asked Answered
Solved amazon-web-servicesauthenticationaws-lambdaamazon-cognito
S

2

6

In my user pool, I currently see two options for the login flow:

  1. Using username and email adress
  2. Using email adress or phone number

Option 1: The username is unique. You will get an error message if you try to register again with this username. BUT: The email address is not unique. You can try to register again with this email address. The user will then be created in the User Pool, but you will not be able to reconfirm this email address.

Option 2: The email address and / or phone number are unique. But the username can no longer be used to log in.

What do I want?

I need a mix of both options. I want my users to log in with username AND email address (which is the case with option 1), but I don't want to allow them to create multiple accounts with the same email address (they need a unique email as with option 2). Is there an easy way to accomplish this? I couldn't find anything in the Cognito Console and feel like I need something like a custom Lambda trigger .... Thanks for any tips!

Stomach answered 4/3, 2021 at 15:35 Comment(0)
D
8

Your are already going into the right direction. You need a pre-signup lambda to do the check of email uniqueness for you. Should be relatively straightforward Here is the link to the documentation about how to set up such lambda:

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html

Your Lambda needs to be able to execute actions on the User Pool to figure out if user with a specific email already exists.

The easiest way to search for such users is to use the ListUsers API (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html) with a filter to select only users having the email address in question.

Delouse answered 5/3, 2021 at 9:7 Comment(1)
Would you be able to give an example? Unfortunately, I do not have much experience with writing lambda functions ...Hydrocarbon
C
0

You should create a custom Lambda function and bind it to the Cognito Pre-Signup trigger. Basically, when a user tries to sign up, Cognito will trigger a event with user attributes and invoke a custom Lambda function to execute any task for your verification.

Recently, I faced similar issue in a simpler use case. I needed to avoid multiple usernames (email) through several Social Sign-in methods. So, I created and made public a github repository that may be a good starting point for related use cases: https://github.com/vhalbuquerque/pre-signup-lambda

I hope it could help anyone!

Cabby answered 14/4, 2023 at 1:23 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.