I just went through this chapter and in testing it with google chrome, everytime I reset my password chrome saves the confirmation code as a username in my saved passwords. Looking at the code, I have not yet determined how to prevent this. Has anyone else encountered this?
I’m guessing the password manager thinks that the confirmation code field is a password field? There should be a way to prevent this. If you find something please report back and we’ll add it to the guide.
Is there a way to have the user click on a verify link from the email sent to them instead of having to enter a confirmation code and then change their password?
That would also be easier during the signup up process, the user just click a verify link and is logged in automatically.
AFAIK, Cognito does not support this. I haven’t check recently. But if somebody else has looked into it, hopefully they can chime in.