- Newest
- Most votes
- Most comments
Using admin_set_user_password (AdminSetUserPassword API) sets the specified user's password in a user pool as an administrator so no password authentication is required. To check for compromised credentials using Advanced Security, Amazon Cognito checks sign-ins that use the AdminInitiateAuth API with ADMIN_USER_PASSWORD_AUTH flow, and the InitiateAuth API with USER_PASSWORD_AUTH flow, for compromised credentials.
Amazon Cognito doesn't have access to passwords internally, so it can only evaluate a password that your client passes to it in plaintext.
See details here: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-compromised-credentials.html
However, consider creating a temporary password when creating a new user using admin_create_user unless your application backend logic requires a setting a password after a new user is created. You can specify a temporary password or have Amazon Cognito generate one for you if you don't specify a value when creating a new user.
Relevant content
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago