aws-amplify-react: User cannot be confirm. Current status is CONFIRMED

[kennu]

Scenario: User signs up with aws-amplify-react and enters the Confirm Sign Up view, where they are expected to enter the confirmation code from an email.

While in this view, let's say the user is simultaneously confirmed by an alternative method, such as link-based confirmation (which opens in another browser window).

In this situation the user will get stuck in the sign-up flow with this error:

User cannot be confirm. Current status is CONFIRMED

If they try to resend the code, they get another error:

User is already confirmed.

My proposal is that aws-amplify-react understands that the user has already been confirmed by an alternative method and moves them forward in the sign-up flow, instead of keeping asking for confirmation which cannot happen.

[powerful23]

@kennu I will mark this as feature/enhancement request as the user could still go back to the sign in page by clicking the link in the sign up component. Thanks for your feedback!

[jordanranz]

FYI, we have started an RFC discussion for a proposed Amplify UI Component refactor to increase customizability and flexibility for our components. Please feel free to add any additional comments to the following issue:

aws-amplify/amplify-js#3279

[nite]

"User cannot be confirm"

You could at the very least proof-read your copy - this is effectively a commercial product, the front line of Cognito - I'm assuming you're being paid by them.

[siolfyr]

I don't understand. I'm getting this same error message when a user clicks on the link that Cognito sends via E-mail. Shouldn't it just redirect back to the site, or at least tell the user they're confirmed? Why just die there with an error message, when the user has been confirmed? From the user's point of view, this is what they want: their account is confirmed. Why error?

I.E. the user is not confirmed, the user clicks on the link in the E-mail, now the user is confirmed, yet, they see this error message. It seems like everything worked fine except this error is displayed, so users think something went wrong.

I don't know what could be wrong on my part for configuration, as the Message Customization section of Cognito is just using defaults with Verification Type 'Link' selected.

Am I right in saying that I could get around this by using custom code that uses Auth.confirmSignUp(...) ? ...And then customizing the message to link to a page that calls that code, instead? I need to get around this ASAP, so that's what I'm going to try to do first.

-- Note -- This is from an outlook E-mail address. The actual clickable link been modified by outlook into something like this: https://na01.safelinks.protection.outlook.com/?url=<etc, cognito url goes here> ...Is it possible this is why Cognito is reporting that the user has already been confirmed? If so, that's unfortunate, but I can't tell my users not to use Outlook.

Is there any easy way of getting around this?

[eddiekeller]

This is actually an interesting scenario. Cognito doesn't communicate through their API if a User Pool is set up to use a confirmation code or a link for account verification - it just tells us that the user is not confirmed. Additionally, the links that they generate and send out are not tied to a specific app or domain link, so they don't redirect back to your app for re-verification. Can't do much about the second point, but the first point is something to look in to, since showing a screen to enter a confirmation code when the user pool is set up with link verification is a bad user experience.

[eddiekeller]

Cognito does have a different api endpoint called DescribeUserPool which does contain the email template settings. This does show a property of DefaultEmailOption: CONFIRM_WITH_LINK. Not sure how accurate this will be (Cognito API's are sometimes not entirely reliable)…but it is an option to detect this.

[eddiekeller]

However, for now, it should be easy enough to detect that "User is already confirmed" error and just proceed through the sign up flow. I'll work on a fix now.

[eddiekeller]

Merged in fix for the "User is already confirmed" bug. We will have to track the issue regarding a UI specifically for when user pools are set up with link verification in another ticket, since that will be a more complicated task.

[nickordoodle]

I experience this error from Cognito hosted web authentication UI under the same conditions. Is there a solution to avoiding this or redirecting or does this logic need to be handled manually?

[csrs]

@nickordoodle Maybe this helps: I had a similar problem but it went away after I did amplify pull, since I was using an outdated version of the amplify configs which were interfering with the signup code.