Questions tagged with Serverless

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Auth Cognito user without temporary password

Hi all, I created a new user in my Cognito user pool using `AdminCreateUser` AP call, the user is added with sates `Force change password` then I will send a custom link to the user, the user will be prompted with an angular front-end page with only 2 inputs new password and confirm new password (no temporary password input). so I want to store the temporary password in my backend (Redis cache) and then only ask the user for his new password. Then authenticate the user using the temporary password(stored on the backend Redis cache) and the new password(provided by the user via the front-end application) the issue with this is that if I don't include both the user name and temporary password on the invitation message Cognito will not send the email and it will send the default Cognito email. as I understood the custom email **needs** to have those 2 variables (user name and temporary password) to be sent by Cognito, otherwise, it will not and the default Cognito invitation message will be sent instead. is there a way to be able to send the custom email without containing the temporary password? **so that the end user can focus only on providing the new password** my second question is: all my backend is serverless using lambdas, so how can I pass the user's password from the front end to the backend securely either as a request body or as a URL parameter? Thank you so much team, appreciate your help!
asked 2 months ago