Suppose a Cognito user forgets to verify their account (Via email) and attempts to sign in. Can they still sign and and can the API check that their account needs to be verified? Also is there an API that can be invoke that will invoke a new verification code?
Also is there a way to detect the edge case where someone signs, but since they did not verify their account, the account gets deleted right after they sign in. So if they try to resend the confirm code, it cannot be done since the account was deleted. Or is there a way to check if a user is signed in, and prohibit the account from getting deleted in this case.
Also if Amazon is going to cleanup / delete an unverified account does it lock it first, such that no one can sign in?
You can only sign in if your account has been verified. You can either do this by clicking on the verification link/code or the admin can change user attributes to set email_verified=True and/or phone_number_verified=true. User's verified status is stored in their attriubtes so no additional API call is needed to check if user has verified email/mobile.
You can use ResendConfirmationCode to generate new verification code.
AWS does not delete unverified accounts. You can do it if you need this feature by creating a lambda that will run daily and check if user has been unverified for too long.