In AWS iOS SDK, how do I handle FORCE_CHANGE_PASSWORD User Status

Question

I have followed the sample here

https://github.com/awslabs/aws-sdk-ios-samples/tree/master/CognitoYourUserPools-Sample

To integrate interactive cognito login to my iOS app. This is all working well, but when a new user is created in the pool, they initially have a FORCE_CHANGE_PASSWORD status.

For android you can follow the procedure below

http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk-authenticate-admin-created-user.html

But for iOS I can't find out how to do this. Using the sample, if I attempt to login with a user in FORCE_CHANGE_PASSWORD status, I see the following output in the console logs (with some values removed for brevity):

{"ChallengeName":"NEW_PASSWORD_REQUIRED","ChallengeParameters":{"requiredAttributes":"[]","userAttributes":"{\"email_verified\":\"true\",\"custom:autoconfirm\":\"Y\","Session":"xyz"}

The following is the code from the SignInViewController from the sample detailed above.

import Foundation
import AWSCognitoIdentityProvider

class SignInViewController: UIViewController {
    @IBOutlet weak var username: UITextField!
    @IBOutlet weak var password: UITextField!
    var passwordAuthenticationCompletion: AWSTaskCompletionSource<AWSCognitoIdentityPasswordAuthenticationDetails>?
    var usernameText: String?

    override func viewWillAppear(_ animated: Bool) {
        super.viewWillAppear(animated)
        self.password.text = nil
        self.username.text = usernameText
        self.navigationController?.setNavigationBarHidden(true,   animated: false)
    }

    @IBAction func signInPressed(_ sender: AnyObject) {
        if (self.username.text != nil && self.password.text != nil) {
            let authDetails = AWSCognitoIdentityPasswordAuthenticationDetails(username: self.username.text!, password: self.password.text! )
            self.passwordAuthenticationCompletion?.set(result: authDetails)
        } else {
            let alertController = UIAlertController(title: "Missing information",
                                                message: "Please enter a valid user name and password",
                                                preferredStyle: .alert)
            let retryAction = UIAlertAction(title: "Retry", style: .default, handler: nil)
            alertController.addAction(retryAction)
        }
    }
}

extension SignInViewController: AWSCognitoIdentityPasswordAuthentication {

    public func getDetails(_ authenticationInput: AWSCognitoIdentityPasswordAuthenticationInput, passwordAuthenticationCompletionSource: AWSTaskCompletionSource<AWSCognitoIdentityPasswordAuthenticationDetails>)     {
        self.passwordAuthenticationCompletion = passwordAuthenticationCompletionSource
        DispatchQueue.main.async {
            if (self.usernameText == nil) {
                self.usernameText = authenticationInput.lastKnownUsername
            }
        }
    }

    public func didCompleteStepWithError(_ error: Error?) {
        DispatchQueue.main.async {
        if let error = error as? NSError {
            let alertController = UIAlertController(title: error.userInfo["__type"] as? String,
                                                    message: error.userInfo["message"] as? String,
                                                    preferredStyle: .alert)
            let retryAction = UIAlertAction(title: "Retry", style: .default, handler: nil)
            alertController.addAction(retryAction)

            self.present(alertController, animated: true, completion:  nil)
            } else {
                self.username.text = nil
                self.dismiss(animated: true, completion: nil)
            }
        }
    }
}

When didCompleteStepWithError executes, error is null where I would expect it to indicate something to tell us that the user is required to change password.

My question is really how to catch the "ChallengeName":"NEW_PASSWORD_REQUIRED" json that is output to the console?

Answer 1

Sorted this now. Posting it here in case it helps anyone else.

First, you need to create a view controller that will allow the user to specify the new password. The ViewController should have a AWSTaskCompletionSource<AWSCognitoIdentityNewPasswordRequiredDetails> as a property:

var newPasswordCompletion: AWSTaskCompletionSource<AWSCognitoIdentityNewPasswordRequiredDetails>?

Following the pattern in the sample referred to in the question, I then implemented AWSCognitoIdentityNewPasswordRequired as an extension to the view controller as follows:

extension NewPasswordRequiredViewController: AWSCognitoIdentityNewPasswordRequired {
    func getNewPasswordDetails(_ newPasswordRequiredInput: AWSCognitoIdentityNewPasswordRequiredInput, newPasswordRequiredCompletionSource:
    AWSTaskCompletionSource<AWSCognitoIdentityNewPasswordRequiredDetails>) {                    
        self.newPasswordCompletion = newPasswordRequiredCompletionSource
    }

    func didCompleteNewPasswordStepWithError(_ error: Error?) {
        if let error = error as? NSError {
            // Handle error
        } else {
            // Handle success, in my case simply dismiss the view controller
            self.dismiss(animated: true, completion: nil)
        }
    }

}

Again following the design of the sample detailed in the question, add a function to the AWSCognitoIdentityInteractiveAuthenticationDelegate extension to AppDelegate:

extension AppDelegate: AWSCognitoIdentityInteractiveAuthenticationDelegate {
    func startPasswordAuthentication() -> AWSCognitoIdentityPasswordAuthentication {
        //Existing implementation
    }
    func startNewPasswordRequired() -> AWSCognitoIdentityNewPasswordRequired {
        // Your code to handle how the NewPasswordRequiredViewController is created / presented, the view controller should be returned
        return self.newPasswordRequiredViewController!
    }
}