CODEWITHSUNDEEP
aws-sdk
Mark Richman
Mark Richman

Reputation: 29720

Cognito AdminCreateUser set password and confirmed

When using Cognito's AdminCreateUser how can I specify a permanent password at user creation time? Further, how can I set this user to "confirmed"?

Upvotes: 4

Views: 3571

Answers (2)

Valera
Valera

Reputation: 619

Another option is to invoke AdminSetUserPassword command after user was created with Permanent: true parameter.

Ref: AdminSetUserPassword documentation

Upvotes: 3

Atanas Rusenov
Atanas Rusenov

Reputation: 31

From digging a lot into the docs it's at least a 2 step process - create the user with a temporary password and 'complete' their registration by setting a permanent one. Posting a NodeJS solution.

  1. First you create the user with a temporary (not really used) password using the SDK:
import { CognitoIdentityServiceProvider } from 'aws-sdk';

const adminCreateUser = async (
  username: string,
  password: string
): Promise<void> => {
  return new Promise<void>((resolve, reject) => {
    new CognitoIdentityServiceProvider({
      region: '<Pool region>',
      accessKeyId: '<AWS user access key id>',
      secretAccessKey: '<AWS user access secret>',
    }).adminCreateUser(
      {
        Username: username,
        TemporaryPassword: password,
        UserPoolId: '<Cognito User Pool ID>',
      },
      (err, result) => {
        if (err) {
          return reject(err);
        }

        resolve();
      }
    );
  });
};
  1. As per the docs we need to call authenticateUser to trigger a newPassowrdRequired callback in which case we call completeNewPasswordChallenge with the permanent password:
import {
  AuthenticationDetails,
  CognitoUser,
  CognitoUserPool,
} from 'amazon-cognito-identity-js';

export const cognitoPool: CognitoUserPool = new CognitoUserPool({
  UserPoolId: '<Cognito Pool ID>',
  ClientId: '<Cognito App Client ID>',
});

export const adminConfirmUser = async (
  username: string,
  password: string
): Promise<void> => {
  return new Promise<void>((resolve, reject) => {
    const cognitoUser = new CognitoUser({
      Username: username,
      Pool: cognitoPool,
    });

    cognitoUser.authenticateUser(
      new AuthenticationDetails({
        Username: username,
        Password: password,
      }),
      {
        onSuccess: (session, userConfirmationNecessary) => {
          // User is already confirmed
          resolve();
        },
        onFailure: err => {
          // An error
          reject(err);
        },
        newPasswordRequired: (userAttributes, requiredAttributes) => {
          cognitoUser.completeNewPasswordChallenge(password, null, {
            onSuccess: session => {
              // User confirmed
              resolve();
            },
            onFailure: err => {
              // Error confirming user
              reject(err);
            },
          });
        },
      }
    );
  });
};

Note that you may need to pass required attributes when confirming the user registration depending on how you've setup your Cognito pool.

Upvotes: 3

Related Questions