AWS recently updated how Amazon Cognito user pools are created so that new user pools are case insensitive by default. An Amazon Cognito user pool is a user directory that helps you manage end-user identities. With this new feature, the native user name, email alias, and preferred user name alias are marked as case insensitive when a new user pool is created. For example, [email protected] is now treated the same as [email protected].
If you want to create a user pool that is case sensitive, you can change the default setting.
Note: This new feature does not change the behavior of existing user pools, which remain case sensitive.
When you create a new user pool, enabling case insensitivity is selected by default, creating a user pool that is case insensitive (see Figure 1). To create a user pool that is case sensitive, clear the case-insensitive option.
Note: Case sensitivity can’t be changed after the user pool has been created.
How to migrate to a new user pool
Case-sensitive user pools can have conflicting identities, so there is no automated migration path to change user pools from case-sensitive to case-insensitive. Migration to a new user pool requires scenario-based logic to handle conflicts. To make an existing user pool case insensitive, you can create a new user pool that is case insensitive, and then use the Migrate User Lambda Trigger to migrate existing users to the new pool. The trigger will allow you to migrate users at the time of sign-in or during the “forgot-password” flow. It will also allow you to handle conflicts. For more details, see the documentation.
If you have feedback about this blog post, submit comments in the Comments section below. If you have questions about this blog post, start a new thread on the Amazon Cognito forums.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.
from AWS Security Blog: https://aws.amazon.com/blogs/security/how-to-set-case-sensitivity-in-the-amazon-cognito-console/