Stop Unauthenticated Cognito Identity User Pool Signup
Question
I've been playing around with the new Cognito User Pools to manage user accounts and I'm trying to build a system where users have to log in to use the system, and new users can only be added by existing users (ie no public signup).
Currently there seems to be no way of stopping an unauthenticated user from calling signUp. I've changed it so that the Pool doesn't allow unauthenticated users but this doesn't seem to make any difference (as setting the accessKeyId and secretAccessKey to anything makes it run).
Have I missed something?
2 answers
solution1
2 2016-05-10 22:23:30
First of all, I think you are confused between an Identity Pool and a User Pool . Cognito user pools do not have a concept of allowing or not allowing "unauthenticated" access, identity pool does.
Now to answer your actual question, Cognito user pools is an authentication provider which implicitly means that the sign up process has to be unauthenticated. There is no way to authenticate a sign up call.
Although, if your use case is to build some sort of an invite based sign up process you can use the Lambda trigger functionality with User Pools and validate each SignUp call in the PreSignUp trigger. This validation could check the existence of a valid invitation code in the validation map and accept the call only in that case.
solution2
2 ACCPTED 2017-10-17 15:58:28
After a long time, this has been solved by the AWS team. They have now added in an option User sign ups allowed? Setting this to: Only administrators can create users means that no-one can just sign up to the user pool.
In order to add a user now you will need to use the aws cognito sdk and the various functions starting with 'admin' (eg. adminAddUser).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.