Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Use Cognito Forgot password cannot receive any code with Email

I m the first time on use the AWS Cognito Auth.

  1. created a User Pool (succeed)
  2. use AdminCreateUser API to create a user in pool (succeed)
  3. try to use AdminInitiateAuth API and AdminRespondToAuthChallenge API to got a access token (succeed)
  4. try to use ForgotPassword API to reset password, but it does not work at all.

here is my code for ForgotPassword in JAVA:

ForgotPasswordRequest request = ForgotPasswordRequest.builder()
  .clientId(GetUserPoolClientId(companyCode))
  .username(userEmail)
  .build();
ForgotPasswordResponse response = cognitoClient.forgotPassword(request);

the response give me ***@gmail.com, but I do not receive any emails.

like image 439
Tony Kent Avatar asked Mar 23 '20 08:03

Tony Kent


People also ask

How do I find my Cognito verification code?

If a user signs up with both a phone number and an email address, and your user pool settings require verification of both attributes, Amazon Cognito sends a verification code to the phone number through SMS message.

Is it possible to get AWS Cognito user password?

It is not possible to get a user password from AWS Cognito. Cognito just lets the user reset his password but it has got no API call to perform password retrieval and it's not meant to do that for security reasons.


1 Answers

I've been struggling with this for a couple of days now but finally found an answer. It seems that we can't send forgotPassword email to a user that doesn't have the email verified, and that can happen when you use the AdminCreateUser API since user only receives the email for temporary password and not for email verification.

Verification of a phone or email is necessary to automatically confirm users and enable recovery from forgotten passwords.

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html?icmpid=docs_cognito_console

Solution:

When you call the AdminCreateUser method you can actually pass the email verified flag as another attribute:

{
  //AminCreateUser request ...
  "UserAttributes": [
    // other user attributes ...
    { 
     "Name": "email_verified",
     "Value": "true"
    }
  ],
}

It should also be possible to update the email_verified status with the AdminUpdateUserAttributes API.

like image 127
Adrian Covarrubias Avatar answered Oct 01 '22 12:10

Adrian Covarrubias