Cognito Migration from one pool to another - UserMigration_ForgotPassword flow results in error - "Error getting validation token for user {user's email}. Exception migrating user in app client.

Hello,

User Migration Exception can occur due to various reasons -

1. Invalid Username
2. Invalid Delivery Medium
3. Invalid Final User Status
4. Returning bad response (As reported externally here on third part forum as well in the past - "If you return a bad response the lambda will succeed but the trigger action will fail and Cognito will give you a fairly generic message.")

where one can see the following accompanying error message - Exception migrating user in app client like you noticed in your case.

---

---

But, in your specific use case, you are currently seeing a specific error for validation token -> "Error getting validation token for user {user's email}".

To be able to understand the root cause of your validation token error, we need to first understand -

1. Your lambda environment in regards to the SDK usage
2. Your lambda code snippet for UserMigration_ForgotPassword source [1]
3. How are you returning your response to Cognito in Lambda,
4. Finally your Lambda CloudWatch logs [2] to confirm that the error is not being up-streamed from Lambda to Cognito itself.

---

---

However, please do not post any sensitive information over re:Post since this is a public platform. Therefore, I would highly recommend you creating a support case with our Premium Support team so that we may discuss details on your resource configurations.

References:

[1] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html#user-pool-lambda-migrate-user-trigger-source

[2] https://docs.aws.amazon.com/lambda/latest/dg/monitoring-cloudwatchlogs.html