Passwordless Authentication with Cognito - How to determine if a user signed up with email or phone number

Question

We have implemented the Custom Auth Triggers as described link here. We have the user pool set up to let users log in with either phone number or email.

The provided case is - the user has email & phone both verified in their Cognito account

The problem I am having is determining what medium (email or phone number) the user signed in When observing the event passed into the define / create/verify auth triggers, it seems like doesn't pass through what the username was used to initiate the authentication flow.. only the user attributes which in my case there could be both email or phone. I need to know which one it is so I know if I need to send the code through SMS or Email.

I also read about ClientMetadata this key we can pass from in InitiateAuthCommandInput but it will provide a client metadata key only below these triggers

Pre signup
Pre-authentication
User migration

but it will not provide ClientMetadata in these triggers

Post authentication
Custom message
Pre token generation
Create auth challenge
Define auth challenge
Verify auth challenge

After googling it too much, I found an article which had a tricky solution: here is the link I am not able to implement the provided solution.

I found a similar question in stack overflow too Link but there is also no answer, Can anyone please help me with this.

Answer 1

This is a workaround by adding a custom attribute during passwordless login

Actually, the authenticationUser function needs to identify whether the user is adding email or phone during login

Step 1: during login process, before calling initiateAuthCommand, First set a custom attribute in Cognito user object - logged_in_by - email or phone

Step 2: once you add a key after that InitiateAuthCommand will be started and call the triggers

Step 3: When createAuthChallenge runs at the time we will have userAttributes.logged_in_by.

If this attribute contains email this indicates that the user is trying to login with the email and we need to send OTP over email.

If this attribute contains phone this indicates that the user is trying to log in with the phone and we need to send OTP over the phone number.