cognito-local
cognito-local copied to clipboard
jagregory
InitiateAuth should not allow users that are unconfirmed
Kudos to all the hardwork on this project! It really make my local environment so much easier to work with!
As stated in title, I tested the behavior on Cognito and with this repository. It seems like on Cognito, after registering the user has the status of "unconfirmed" and when you try to login, you get "UserNotConfirmedException".
However, it did not happen in cognito-local, even though you have written InitiateAuth as partially implemented, I thought it might be nice to notice you about the difference
Popped in to request this feature as well! And then found that @chunleng has already logged it. Thanks!
It looks to me like the solution would be to check the UserStatus for confirmation somewhere in this general area: https://github.com/jagregory/cognito-local/blob/fc62e8f6328863e8fde549aec73f40c8c27c457b/src/targets/initiateAuth.ts#L169
By the looks of it, a 400 UserNotConfirmedException would be the expected server-side response. https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
LMK if this is a feature you are thinking of adding @jagregory
Appreciate what you have done here so much!
Hey @RobHoman, definitely just an oversight on my part. PRs definitely welcome if you're up to it, otherwise I'll give it a go when I can.
@jagregory Totally makes sense! I haven't yet taken the time to become fully acquainted with your development setup, and furthermore I'm a bit n00b at node.js (mostly focused on golang over here)
All that to say - while I think at some point I'll explore and begin to contribute a bit here, for the near feature you can at least anticipate that I'll continue to do my best to log quality feature requests & issues as they come up in my work.
@jagregory Is there anything holding you back from merging @paullallier's contribution of PR #337 to fix this issue?