Restore password for FORCE_CHANGE_PASSWORD status

amazon-web-services amazon-cognito
Bogdan picture Bogdan · Dec 5, 2017 · Viewed 8.7k times · Source

I need to restore or reset user password when his status is FORCE_CHANGE_PASSWORD. This situation happened when user try to restore password using "forgot password" feature and he lost email with temporary password. Now he can't do anything because he don't remember password and he can't reset password again

This code handle forgot password

return CognitoIdentitySP.forgotPassword(params, (err, resp) => {
  if (err) { ... }
  ...
})

And I receive error (in case of FORCE_CHANGE_PASSWORD status)

NotAuthorizedException: User password cannot be reset in the current state.

Is there any way to reset password in such state?

Answer

Qinjie picture Qinjie · Nov 1, 2018

You can use aws-cli to do it. Here is a sample command, replace POOL_ID and EMAIL_ADDRESS accordingly:

aws cognito-idp admin-create-user --user-pool-id <POOL_ID> --username <EMAIL_ADDRESS> --message-action RESEND --profile <AWS_PROFILE>

Related questions

Unable to verify secret hash for client in Amazon Cognito Userpools

I am stuck at "Amazon Cognito Identity user pools" process. I tried all possible codes for authenticating user in cognito userpools. But I always get error saying "Error: Unable to verify secret hash for client 4b*******fd". Here is code: …

Read More
How to change User Status FORCE_CHANGE_PASSWORD?

Using AWS Cognito, I want to create dummy users for testing purposes. I then use the AWS Console to create such user, but the user has its status set to FORCE_CHANGE_PASSWORD. With that value, this user cannot be …

Read More
How to get user attributes (username, email, etc.) using cognito identity id

I have AWS Cognito Identity Pool that is configured with Cognito User Pool as an authentication provider. Assume I have identity ID of an identity in Cognito Identity Pool (e.g. us-east-1:XXaXcXXa-XXXX-XXXX-XXX-XXXXXXXXXXXX) where this identity has a linked login …

Read More