'AWS Cognito: Verify deletion of user
We need a verification step for user deletion through AWS Cognito.
Upon requesting delete a verification code should be sent to the users email address (like it's done with sign-up).
All AWS Cognito offers is:
- DeleteUser: only needs a access token
- AdminDeleteUser: only needs a username
How would you incorporate the verification step for deletion into AWS Cognito?
Side note: We're using Lambda in combination with API Gateway to handle all our requests to Cognito.
Solution 1:[1]
This flow is not natively supported by Cognito, meaning, if you want to achieve this, you'll have to implement this flow manually as one (or two) endpoints on your API Gateway and a Lambda which in turn uses the AdminDeleteUser
functionality.
Simple example:
- GET /user/delete: Create a JWT token, send an email to the user with a link, including a token to verify the deletion request. The token can contain the username and an expiration time. (You can use Amazon SES to send the email).
- GET /user/delete?token=verificationToken: Extract the username from the token and execute
AdminDeleteUser
using the username.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | stijndepestel |