CustomMessage_AdminCreateUser message templates has unfortunate dot at end of password. custom message requirements undocumented

[heeen]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

Not applicable

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

Amplify Gen 2

Environment information

# Put output below this line
 System:
    OS: Linux 6.11 Ubuntu 24.10 24.10 (Oracular Oriole)
    CPU: (20) x64 12th Gen Intel(R) Core(TM) i9-12900H
    Memory: 43.43 GB / 62.50 GB
    Container: Yes
    Shell: 5.2.32 - /bin/bash
  Binaries:
    Node: 18.20.4 - ~/.nvm/versions/node/v18.20.4/bin/node
    npm: 10.7.0 - ~/.nvm/versions/node/v18.20.4/bin/npm
  Browsers:
    Chrome: 131.0.6778.85
    Chromium: 131.0.6778.85
  npmPackages:
    %name%:  0.1.0 
    @aws-amplify/backend: ^1.1.1 => 1.1.1 
    @aws-amplify/backend-cli: ^1.2.4 => 1.2.5 
    @aws-amplify/ui-react: ^6.2.0 => 6.2.0 
    @aws-amplify/ui-react-internal:  undefined ()
    @aws-sdk/client-cognito-identity-provider: ^3.682.0 => 3.682.0 
    @aws-sdk/util-dynamodb: ^3.699.0 => 3.699.0 
    @types/react: ^18.2.66 => 18.3.4 
    @types/react-dom: ^18.2.22 => 18.3.0 
    @typescript-eslint/eslint-plugin: ^7.2.0 => 7.18.0 
    @typescript-eslint/parser: ^7.2.0 => 7.18.0 
    @vitejs/plugin-react: ^4.2.1 => 4.3.1 
    aws-amplify: ^6.5.2 => 6.5.2 
    aws-amplify/adapter-core:  undefined ()
    aws-amplify/analytics:  undefined ()
    aws-amplify/analytics/kinesis:  undefined ()
    aws-amplify/analytics/kinesis-firehose:  undefined ()
    aws-amplify/analytics/personalize:  undefined ()
    aws-amplify/analytics/pinpoint:  undefined ()
    aws-amplify/api:  undefined ()
    aws-amplify/api/server:  undefined ()
    aws-amplify/auth:  undefined ()
    aws-amplify/auth/cognito:  undefined ()
    aws-amplify/auth/cognito/server:  undefined ()
    aws-amplify/auth/enable-oauth-listener:  undefined ()
    aws-amplify/auth/server:  undefined ()
    aws-amplify/data:  undefined ()
    aws-amplify/data/server:  undefined ()
    aws-amplify/datastore:  undefined ()
    aws-amplify/in-app-messaging:  undefined ()
    aws-amplify/in-app-messaging/pinpoint:  undefined ()
    aws-amplify/push-notifications:  undefined ()
    aws-amplify/push-notifications/pinpoint:  undefined ()
    aws-amplify/storage:  undefined ()
    aws-amplify/storage/s3:  undefined ()
    aws-amplify/storage/s3/server:  undefined ()
    aws-amplify/storage/server:  undefined ()
    aws-amplify/utils:  undefined ()
    aws-cdk: ^2.138.0 => 2.154.1 
    aws-cdk-lib: ^2.138.0 => 2.154.1 
    constructs: ^10.3.0 => 10.3.0 
    esbuild: ^0.20.2 => 0.20.2 (0.23.1, 0.21.5)
    eslint: ^8.57.0 => 8.57.0 
    eslint-plugin-react-hooks: ^4.6.0 => 4.6.2 
    eslint-plugin-react-refresh: ^0.4.6 => 0.4.11 
    formik: ^2.4.6 => 2.4.6 
    prettier: ^3.3.3 => 3.3.3 (2.3.2, 2.8.8, 1.19.1)
    react: ^18.2.0 => 18.3.1 
    react-dom: ^18.2.0 => 18.3.1 
    tsx: ^4.7.2 => 4.17.0 
    typescript: ^5.4.5 => 5.5.4 (4.4.4, 4.9.5)
    vite: ^5.2.0 => 5.4.2 
    zod: ^3.23.8 => 3.23.8 (3.22.4)
  npmGlobalPackages:
    corepack: 0.28.0
    npm: 10.7.0

Describe the bug

The template for temporary password contains a dot at the end of the password, which can be confused as part of the password.

When writing a custom handler to generate the message following the docs (https://docs.amplify.aws/react/build-a-backend/functions/examples/custom-message/) you will notice that the emailMessage will get ignored without warning or error. You actually have to follow this third party documentation to udnerstand and make it work:
https://stackoverflow.com/questions/78602722/why-wont-cognito-send-custom-email-message-templates-in-the-admincreateuser-cas

Expected behavior

the user should be able to just select and copy the password without guessing about the dot.

The custom-message documentation should mention the requirements for the emailMessage, explain about the nature of the placeholder strings and show a fully working example.

Reproduction steps

1. use admincreateuser to create user
2. see message containing dot
3. attempt to modify emailMessage using handler

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[ashwinkumar6]

Hi @heeen thanks for raising the issue, will check with the team and get back

[jjarvisp]

Thanks for the suggestion @heeen. Apologies you ran into some difficultly getting this setup.

Currently, the documentation shows how to configure a custom message trigger handler for forgot password, however if you update the trigger source in this example to CustomMessage_AdminCreateUser (for your particular use case) the same principles should apply when inserting the codeParameter to replace the temporary password.

That being said, there are certainly a few gotchas here; I will look into getting the documentation updated to be more explicit about working with these substitutions.