Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to change password of AWS Cognito User?

Tags:

I'm developing a web application which uses the AWS services backend side. I'm using AWS Cognito to manage the users but I have a problem. When I create a new user (with a temporary password) it is required that I change this password manually to make it definitive. The only way I have to change the password is using AWS Cli, as explained here:

https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/change-password.html

I have to type in the shell the old password, the new password and the Access Token. The problem is: where I find this "Access token"? I don't know what to type in the shell! The AWS Cognito console doen't help.

like image 914
claudioz Avatar asked Sep 20 '17 13:09

claudioz

People also ask

Is it possible to get AWS Cognito user password?

It is not possible to get a user password from AWS Cognito. Cognito just lets the user reset his password but it has got no API call to perform password retrieval and it's not meant to do that for security reasons.

How do I change user in Cognito?

To update a cognito user's attributes use the admin-update-user-attributes command, specifying the user-pool-id , username and user-attributes parameters. Copied! In the example above, we've set the gender attribute of the user to m and their name attribute to john smith .

How does AWS Cognito hash passwords?

Cognito Identity does not receive or store user credentials. Cognito Identity uses the token from the identity provider to obtain a unique identifier for the user and then hashes it using a one-way hash so that the same user can be recognized again in the future without storing the actual user identifier.

1 Answers

The aws cognito-idp change-password can only be used with a user who is able to sign in, because you need the Access token from aws cognito-idp admin-initiate-auth.

But since the user has a temporary password, it will face the NEW_PASSWORD_REQUIRED challenge when trying to sign in.

Here's how I did it:

$ aws cognito-idp admin-create-user  --user-pool-id USERPOOLID  --username [email protected] --desired-delivery-mediums EMAIL --user-attributes Name=email,[email protected]  $ aws cognito-idp initiate-auth --client-id CLIENTID --auth-flow USER_PASSWORD_AUTH --auth-parameters [email protected],PASSWORD="tempPassword"

Now you get a NEW_PASSWORD_REQUIRED challenge and a very long session token. Use that one to respond to the challenge:

$ aws cognito-idp admin-respond-to-auth-challenge --user-pool-id USERPOOLID --client-id CLIENTID   --challenge-responses "NEW_PASSWORD=LaLaLaLa1234!!!!,[email protected]" --challenge-name NEW_PASSWORD_REQUIRED --session "YourLongSessionToken"
like image 60
Esben von Buchwald Avatar answered Oct 03 '22 21:10

Esben von Buchwald
Sign in to Comment

Related questions

How do you force HTTPS with Namecheap and Heroku?
How to give default value as integer in @RequestParam()
Release build in Visual Studio Code
Which one to choose Apache Oozie or Apache Airflow? Need a comparison
http Post request with Typescript
Using 'ref' on React Styled Components is not working
Setting up an email while hosting on Netlify
Python3.6 error: ModuleNotFoundError: No module named 'src'
Is SQS short polling ever preferable to long polling?
Differences between SCSS and LESS
typeof generic and casted type [duplicate]
What does 'ApiExpception: 7' mean when using Google sign-in through Firebase?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!