Follow-up from @cbeach47's review of PR #946. The "(If you don't see this in your inbox, please check Spam / Junk.)" hint in the customized Cognito verification email body is in the wrong surface area, and we should move it.
The gap cbeach identified
The spam-folder hint only helps a user who is in the waiting state — they've submitted registration and are looking for the 6-digit code. Once they're reading the email, the hint is redundant. If they can't find the email (because it's in spam), they'll never see the hint either.
The right surface area is the page where the user submitted registration and is now waiting for the email — i.e. our SPA, not the email body itself.
Why this isn't trivial
The verify-code step happens inside Cognito's hosted UI, not our SPA. Cognito's hosted UI is CSS-only customizable; we can't inject custom copy there.
The realistic SPA touchpoint is Login.tsx — specifically the moment a user clicks "Sign In / Register" and is about to be redirected to Cognito for the sign-up form. Adding a hint there is the closest we can get to "shown while the user is waiting for the code."
Proposed change
frontends/mdr-frontend/src/pages/Login.tsx, under the Cognito Sign In / Register button (only when isCognitoEnabled is true):
<Text size="1" color="gray" align="center">
After registering, you'll receive a 6-digit code by email.
Check your Spam folder if it doesn't arrive within a minute.
</Text>
Optional cleanup in the same PR — remove the now-redundant parenthetical from the email body in cloudformation/cognito-selfserve.yml:
- (If you don't see this in your inbox, please check Spam / Junk.)
Why not both?
Arguable that leaving the email parenthetical AS WELL is harmless belt-and-suspenders. Either way is fine; doing the SPA hint is the high-value half.
Related
Follow-up from @cbeach47's review of PR #946. The "(If you don't see this in your inbox, please check Spam / Junk.)" hint in the customized Cognito verification email body is in the wrong surface area, and we should move it.
The gap cbeach identified
The spam-folder hint only helps a user who is in the waiting state — they've submitted registration and are looking for the 6-digit code. Once they're reading the email, the hint is redundant. If they can't find the email (because it's in spam), they'll never see the hint either.
The right surface area is the page where the user submitted registration and is now waiting for the email — i.e. our SPA, not the email body itself.
Why this isn't trivial
The verify-code step happens inside Cognito's hosted UI, not our SPA. Cognito's hosted UI is CSS-only customizable; we can't inject custom copy there.
The realistic SPA touchpoint is
Login.tsx— specifically the moment a user clicks "Sign In / Register" and is about to be redirected to Cognito for the sign-up form. Adding a hint there is the closest we can get to "shown while the user is waiting for the code."Proposed change
frontends/mdr-frontend/src/pages/Login.tsx, under the Cognito Sign In / Register button (only whenisCognitoEnabledis true):Optional cleanup in the same PR — remove the now-redundant parenthetical from the email body in
cloudformation/cognito-selfserve.yml:- (If you don't see this in your inbox, please check Spam / Junk.)Why not both?
Arguable that leaving the email parenthetical AS WELL is harmless belt-and-suspenders. Either way is fine; doing the SPA hint is the high-value half.
Related