I am testing Cognito for replacement of our existing auth code and have found a bug. I have a user pool and implemented the user migration lambda to test the migration process. The user pool is setup to use email as username.
From my client I login with existing credentials, the user migration lambda does the following:
event['response']['userAttributes'] = {
'preferred_username': "migrated guy"
}
event["finalUserStatus"] = "CONFIRMED"
event["messageAction"] = "SUPPRESS"
return event
Login is successful and my user is migrated to Cognito. However, the user immediately receives and email with the subject "Your temporary password" and body "Your username is *****@******.com and temporary password is ********." The temporary password in the email is one generated by Cognito, not the one entered/migrated. I can subsequently log in again with the original password while the one from the email does not work. I have tried this multiple times with the same result. This happens whether or not the migrated password meets my password strength requirements.
Is there at least a way to avoid having this erroneous email sent? Am I doing something wrong?
