By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS Cognito fails to resetPassword() for verified email

1

I'm having an issue with Cognito from AWS. After creating new identity and user pools for, and registering them for MFA (email), I cannot use the "resetPassword" functionality. It does not work even from the console, when I click onto the user and try to manually reset their password from the AWS GUI, I get this error message:

Cannot reset password for the user as there is no registered/verified email or phone_number

However, I've checked multiple times and the email is verified, I see this displayed in the console:

verified

I also see email_verified: true when I query AWS directly with aws cognito-idp. I've also gone through the signIn process with this account, and encountered no errors. I can also receive MFA confirmation codes and they work. resetPassword is the one thing that does not seem to work.

However, no matter what I do I keep getting an error that there is no "registered/verified email or phone_number". phone_number isn't required anywhere in my user or identity pool.

For what it's worth, we use Amazon SES for delivering the MFA codes, and it's how I'd expect to receive an email containing "reset password" instructions.

Any help would be appreciated, thanks.

  • Balamanikandan S
    2 months ago

    It looks like you're facing an issue with AWS Cognito's resetPassword() function for a verified email. Can you provide more details, such as:

    Error Message: Are you receiving a specific error response?

    SDK/Library Used: Are you using AWS Amplify, AWS SDK (JavaScript, Python, etc.), or calling the API directly?

    User Status: Is the user status "CONFIRMED" in Cognito? Unconfirmed users might not be able to reset passwords.

    App Client Settings: Do you have "Allow user password reset" enabled in your Cognito user pool?

    Code Snippet: Can you share the code snippet you're using to call resetPassword()?

  • fordat
    2 months ago

    @Balamanikandan yes, I've amended my question to include the error message, which is: Cannot reset password for the user as there is no registered/verified email or phone_number

    SDK/Library Used: This is happening on my console. I cannot manually reset the password. But I discovered the issue initially by using AWS Amplify.

    User Status: yes it is confirmed, as I state in my question. I also verified this using aws cognito-idp.

    App Client settings: this is happening in the AWS console. I think that is the root issue.

Topics
Security, Identity, & ComplianceFront-End Web & MobileBusiness Applications
Tags
Amazon CognitoAmazon Simple Email ServiceAmazon Cognito User Pools
Language
English
fordat
asked 2 months ago81 views
1 Answer
0

The issue you're experiencing with Cognito's password reset functionality is unexpected and inconsistent with its standard behavior. Typically, if a user has a verified email address, they should be able to reset their password without any problems, even if they don't have a phone number associated with their account.

Here are a few things to check and try:

  1. Verify that the account recovery settings in your user pool are correctly configured. Make sure that email is included as a recovery mechanism and that it's set to "Email only" or includes email as an option.

  2. Double-check that the user's email is actually marked as verified in the Cognito user pool. Sometimes there can be a discrepancy between what appears to be verified and the actual status in the system.

  3. Ensure that your SES email configuration is correctly set up and linked to your Cognito user pool. Test sending a test email through SES to confirm that email sending is functioning correctly.

  4. Check if the issue is specific to one user or affects all users in the pool. Try initiating the password reset process for a different user to see if the problem is user-specific or affects the entire pool.

  5. Review your user pool's account recovery settings to ensure email is prioritized for password recovery.

If the problem persists after these checks, it could potentially be due to a recent change or bug in the Cognito service. In this case, it would be advisable to contact AWS Support for further assistance, as this behavior is inconsistent with Cognito's documented functionality. They may be able to investigate if there's an underlying issue with the service or your specific configuration that's causing this unexpected error.

Remember, forcing users to provide a phone number should not be necessary if they have a verified email address, based on Cognito's standard functionality. The situation you're describing appears to be anomalous and may require further investigation by AWS.
Sources
Cognito forget password through AWS Console error | AWS re:Post
Cognito - unable to reset password with no phone number added | AWS re:Post
Passwords, account recovery, and password policies - Amazon Cognito

profile picture
re:Post Agent
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content