Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Change cognito user pool user status

Is it possible to change with my android App, Cognito user pool user status from FORCE_CHANGE_PASSWORD to CONFIRMED? or from RESET_REQUIRED to CONFIRMED? If yes which API call can I use? In fact, I imported users to Cognito and I don't find a way or any example on how to turn them to CONFIRMED status using my App. Thanks

like image 812
Felini500 Avatar asked Nov 02 '16 14:11

Felini500


People also ask

How do I change my status in Cognito?

You can also just use the Hosted UI of Cognito in case you have one for your application. Just login with the desired user and you will be prompted to change your password. After that the users status is confirmed and you can proceed as normal.

How do I change user attributes in Cognito?

To update a cognito user's attributes use the admin-update-user-attributes command, specifying the user-pool-id , username and user-attributes parameters.

Can Cognito username be changed?

The user name is a fixed value that users can't change. If you mark an attribute as an alias, users can sign in with that attribute in place of the user name. You can mark the email address, phone number, and preferred username attributes as aliases.

How do I verify a user in Cognito?

When a user updates their email address or phone number in your app, Amazon Cognito immediately sends a message with a verification code to a user if you configured your user pool to automatically verify that attribute. The user must then provide the code from the verification message to your app.


1 Answers

To change the cognito user pool user status from FORCE_CHANGE_PASSWORD to CONFIRMED-

1.with aws-cli:

  • get a session token with the temporary password

    aws cognito-idp admin-initiate-auth --user-pool-id us-west-2_xxxxxxx --client-id xxxxxxx --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=xxx,PASSWORD=xxx
    
  • set new password with the session token

    aws cognito-idp admin-respond-to-auth-challenge --user-pool-id xxxx --client-id xxxx --challenge-name NEW_PASSWORD_REQUIRED --challenge-responses NEW_PASSWORD=xxx,USERNAME=xxx --session session_key_from_previous_token
    

2.with aws-sdk:

  • get a session token with the temporary password

    cognitoidentityserviceprovider.adminInitiateAuth(
    { 
       AuthFlow: 'ADMIN_NO_SRP_AUTH', 
       ClientId: 'xxx', 
       UserPoolId: 'xxx', 
       AuthParameters: 
         { USERNAME: 'xxx', PASSWORD: 'temporary_password' } 
    },  function(err, data) {
      if (err) console.log(err, err.stack); // an error occurred
      else     console.log(data);           // successful response
    }); 
    
  • set new password with the session token

    var params = {
      ChallengeName: 'NEW_PASSWORD_REQUIRED', 
      ClientId: 'xxxx',
      ChallengeResponses: {
      USERNAME: 'xxx',
      NEW_PASSWORD: 'xxx'
    },
    Session: 'session_key_from_previous_token'
    };
    
    cognitoidentityserviceprovider.respondToAuthChallenge(params,   function(err, data) {
       if (err) console.log(err, err.stack); // an error occurred
       else     console.log(data);           // successful response
    });
    

Note: If get an error about "Unable to verify secret hash for client", create another app client without a secret and use that.

like image 175
Mahbubur Rahman Avatar answered Sep 18 '22 13:09

Mahbubur Rahman