I'm setting up a web application and want to use AWS Cognito to handle the user authentication portion.
This is the flow that I want.
- New end user visits web app and clicks Sign Up.
- End user enters email and password and clicks Create Account.
- User sees message on screen "Email has been sent to your account. Please confirm email."
- User goes to email, sees the new email from AWS. Inside there's a link. User clicks the link.
- New page opens up with message "Email has been verified. An admin will review your account and an email will be sent to your account when it's ready."
- Admin sees that a new user created an account and needs to be approved (on some dashboard).
- Admin accepts the user.
- User gets an email letting he/her know that the account is ready for login.
My problem happens at step 5. This is because the link that AWS Cognito creates and sends in the email to the user simultaneously verifies AND the confirms the account. Please see the picture below of what actually happens when the user clicks the link.
In the screenshot table above,
user_one is the result of the user doing steps 1-3. Meanwhile,
user_two is the result of the user completing step 4.
Now the problem with this is that
user_two doesn't need an admin to confirm his/her account since that link did it automatically.
What I would like to know is how to JUST verify the email and NOT simultaneously confirm account. That way, I can actually implement steps 5-8.