I have user pool set up to use email as user identifier (also configured to require email verification). Every main action / flow (login, signup, change password, reset password) seem to work fine and as expected.
The one important thing which does not work as one would expect is change email flow:
When email change is requested, Cognito sends verification code to the new email as expected, but it also updates email to the new value before verification.
This causes a problem when f.ex.: new email was mistyped (so verification code never arrives) and user forgets its password. There seem to be no way to recover from it. Am I missing, misconfigured or abuse something? There is a minimum user pool customisation I did (except case-insensitivity maybe).
What would be the reason that AWS allows to change email before verifying it (even if Cognito actually requires verification during signup, before account is created)?
Is there some user pool configuration settings (or lamba) or local SDK settings I am missing?
BTW: I am using AWSMobileClient
from iOS SDK as a client but this probably does not matter(?).