Steps to validate user after Force change password

0

Hi team,

I created a new user in my Cognito user pool with AdminCreateUser AP call, the user is added with sates Force change password

then the user will be prompted with an angular front-end page to enter a new password.

I'm confused about which method I can use to confirm the user: adminConfirmSignUp, initiateAuth, adminInitiateAuth, AdminRespondToAuthChallenge or adminSetUserPassword

do the user need the temporary password received by email to signup? or only his new password? i don't see any SDK API that takes the 2 arguments:

1 - temporary password generated b Cognito

2 - the user chooses the new password

my goal is to give the user access, move away from Force change password status, and have a confirmed user who can log in and have an access token.

what are the API calls to do after the user receives the invitation message with a temporary password and gives his new password?

Thank you team for clarification

appreciate any example that helps me continue the process after AdminCreateUser and Force change password

Thank you!!

Jess
asked a year ago3856 views
1 Answer
0

Hello,

When the user authenticates (InitiateAuth) using the temporary password, Cognito will respond with a ChallengeName=NEW_PASSWORD_REQUIRED. You then need to use RespondToAuthChallenge to respond to the challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter.

Please see the ChallengeName Response Elements of InitiateAuth here [1].

[1] https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_ResponseElements

AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions