Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amazon.IdentityStore CreateUser Not Sending Email Verification Link #3280

Closed
feardobeardo2 opened this issue Apr 10, 2024 · 2 comments
Closed

Amazon.IdentityStore CreateUser Not Sending Email Verification Link #3280

feardobeardo2 opened this issue Apr 10, 2024 · 2 comments
Assignees
@ashishdhingra
Labels
bug This issue is a bug. module/sdk-generated response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@feardobeardo2
Copy link

feardobeardo2 commented Apr 10, 2024
edited
Loading

Describe the bug

When creating a user with the Amazon.IdentityStore API the user does not receive the email verification, we have to go in and manually send it. Not really seeing the point of this API if the end user cannot verify to login. I have also tried enabling Send email OTP just to see if it works and it does not. Only way for the user to get the email is by clicking the button in the IAM Identity Center console.

Expected Behavior

Create user via API, email is sent to user so they can login.

Current Behavior

Create User via API, no email is sent to the user.

Reproduction Steps

CODE SAMPLE

public Amazon.IdentityStore.Model.CreateUserResponse CreateIdentityStoreUser( string emailAddress, string displayName, string firstName, string lastName )
    {
      var identityService = new AmazonIdentityStoreClient( AccessKeyID, accessKeySecret, Amazon.RegionEndpoint.GetBySystemName( RegionEndpoint ) );
      var createUserRequest = new Amazon.IdentityStore.Model.CreateUserRequest
      {
        IdentityStoreId = identityStoreId,
        UserName = emailAddress,
        Emails = new List<Amazon.IdentityStore.Model.Email>
        {
          new Amazon.IdentityStore.Model.Email()
          {
             Primary = true,
             Type = "Work",
             Value = emailAddress
          }
        },
        DisplayName = displayName,
        Name = new Amazon.IdentityStore.Model.Name()
        {
          FamilyName = lastName,
          GivenName = firstName
        }
      };
      var createUserResponse = identityService.CreateUser( createUserRequest );

      return createUserResponse;

    }

Possible Solution

No response

Additional Information/Context

No response

AWS .NET SDK and/or Package version used

AWSSDK.IdentityStore 3.7.300.68

Targeted .NET Platform

net452

Operating System and version

Windows
@feardobeardo2 feardobeardo2 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 10, 2024
@ashishdhingra ashishdhingra added needs-reproduction This issue needs reproduction. module/sdk-generated and removed needs-triage This issue or PR still needs to be triaged. labels Apr 10, 2024
@ashishdhingra
Copy link
Contributor

AWSSDK.IdentityStore package is autogenerated from service model. Most likely a service API or configuration issue. Needs reproduction.

@ashishdhingra
Copy link
Contributor

@feardobeardo2 Good afternoon. Thanks for reporting the issue. This appears to be reproducible using code below:

using Amazon;
using Amazon.IdentityStore;
using Amazon.IdentityStore.Model;

var response = await CreateIdentityStoreUser("d-<<some-id>>", RegionEndpoint.USEast1, "[email protected]", "Test User", "Test", "User");
Console.WriteLine(response.UserId);
async Task<CreateUserResponse> CreateIdentityStoreUser(string identityStoreId, RegionEndpoint regionEndpoint, string emailAddress, string displayName, string firstName, string lastName)
{
    var identityService = new AmazonIdentityStoreClient(regionEndpoint);
    var createUserRequest = new CreateUserRequest
    {
        IdentityStoreId = identityStoreId,
        UserName = emailAddress,
        Emails = new List<Email>
        {
          new Email()
          {
             Primary = true,
             Type = "Work",
             Value = emailAddress
          }
        },
        DisplayName = displayName,
        Name = new Name()
        {
            FamilyName = lastName,
            GivenName = firstName
        }
    };
    return await identityService.CreateUserAsync(createUserRequest);
}

After user is successfully created, examining user details in AWS console displays below banner at the top:

Email not verified
Users must first verify their email address before they can begin to use certain features such as completing email-based two-step verification during sign-in.

There doesn't appear to be any service API operation per Identity Store API Reference to send email verification link to user.

Upon investigating further (thanks for article Add a layer of security for AWS IAM Identity Center user portal sign-in with context-aware email-based verification), here are the additional steps required:

  • Enable email OTP for standard authentication.
    Identity Store - Email Verification setting
  • After user is created using CreateUser API (i.e. using above code), they can try login using AWS access portal URL. This is available from Identity Center settings and looks something like https://<<identity-store-id>>.awsapps.com/start.
  • Once user tries to login using their registered email address, they would be prompted to verify email using verification code. This is when the verification email with OTP would be sent.
    • Once verified, user would be prompted to setup new password and username.

So CreateUser only creates users and depending on the Identity Store setting, verification link is sent to users while they try to sign-in for the first time.

I was able to test the above flow at my end and verified that it works successfully.

Hope this helps.

Thanks,
Ashish

@ashishdhingra ashishdhingra self-assigned this Apr 15, 2024
@ashishdhingra ashishdhingra added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-reproduction This issue needs reproduction. labels Apr 15, 2024
@aws aws locked and limited conversation to collaborators Apr 18, 2024
@ashishdhingra ashishdhingra converted this issue into discussion #3288 Apr 18, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees

@ashishdhingra ashishdhingra

Labels
bug This issue is a bug. module/sdk-generated response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ashishdhingra @feardobeardo2