Verification codes other than the first one are not working

[MixaKonan]

Describe the bug

I'm not actually sure whether this is SDK or Cognito problem or maybe I just missed something, but any help would be much appreciated.

I have a user pool set up in AWS Cognito. I've created a user and made it confirmed be changing the password via RespondToNewPasswordRequiredAsync.

I'm trying to implement 'Forgot Password' feature in my system. After making a 'ForgotPasswordAsync' I successfully receive a verification code.

However, I also try to implement a 'Resend verification code' feature. And whilst I do receive a new code, I get an 'Invalid verification code' exception. And this happens for every code other than the first one.

I thought that maybe there is some time that enables new codes, but I've tried to wait 1, 5 and 10 minutes and no success was accomplished.

As I said, the first one received is working with no issues whatsoever.

Expected Behavior

Any received code should work or at least the latest one.

Current Behavior

Only the first code received works

Reproduction Steps

1. Create a user pool in AWS Cognito.
2. Create a new user with verified email.
3. Change this user's password so it becomes 'Confirmed'.
4. Make a 'Forgot Password' request with SDK.
5. Receive a code but ignore it
6. Make a 'Resend confirmation code' request with SDK.
7. Make a 'Confirm Forgot Password' request with the latest code received

Possible Solution

No solutions were found

Additional Information/Context

No response

AWS .NET SDK and/or Package version used

Amazon.Extensions.CognitoAuthentication: 2.5.2
AWSSDK.CognitoIdentity: 3.7.300.10
AWSSDK.CognitoIdentityProvider: 3.7.300.10
AWSSDK.Core: 3.7.300.10

Targeted .NET Platform

.NET 6

Operating System and version

Windows 10, AmazonLinux (docker container)

[ashishdhingra]

Needs investigation.

[ashishdhingra]

@MixaKonan Good afternoon. I'm not sure if you are using the correct logic. The ConfirmForgotPassword is the service API operation invoked by CognitoUser.ConfirmForgotPasswordAsync().

How are you sending the verification code?

• Are you using CognitoUser.ForgotPasswordAsync(), which invokes ForgotPassword service API call, OR
• Are you using CognitoUser.ResendConfirmationCodeAsync(), which invokes service API operation ResendConfirmationCode.

The ResendConfirmationCode API call Resends the confirmation (for confirmation of registration) to a specific user in the user pool.. In your use case, user is already registered. So ResendConfirmationCode is not valid for forgot password scenario. You should try re-invoking the CognitoUser.ForgotPasswordAsync() to resend forgot password verification code and it should resend the code (if Cognito supports it). Please let me know if it works.

Thanks,
Ashish

[MixaKonan]

@ashishdhingra Good afternoon to you too. Indeed you were correct in your assumptions and I was actually using incorrect flow. I missed the difference between 'confirmation code' and 'password reset code' and it's actually stated in the documentation that 'ResendConfirmationCode' is used for registration only.

Resends the confirmation (for confirmation of registration) to a specific user in the user pool.

The issue is resolved and I will close it. Thank you very much for your support and the time wasted.

[github-actions[bot]]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.