Reputation: 141
Use Cognito Forgot password cannot receive any code with Email
I m the first time on use the AWS Cognito Auth.
- created a User Pool (succeed)
- use AdminCreateUser API to create a user in pool (succeed)
- try to use AdminInitiateAuth API and AdminRespondToAuthChallenge API to got a access token (succeed)
- try to use ForgotPassword API to reset password, but it does not work at all.
here is my code for ForgotPassword in JAVA:
ForgotPasswordRequest request = ForgotPasswordRequest.builder()
.clientId(GetUserPoolClientId(companyCode))
.username(userEmail)
.build();
ForgotPasswordResponse response = cognitoClient.forgotPassword(request);
the response give me ***@gmail.com, but I do not receive any emails.
Upvotes: 14
Views: 11406
Answers (2)
Reputation: 19
I encountered a similar issue where I needed to resend the email with the temporary password to a user who hadn't changed it. Setting the email as verified didn't work for me either. After some research, I found the following solution:
My scenario:
I use the AdminCreateUser API to create a user in the pool (this works).
The user receives an email with a temporary password (this works).
The user either loses the email or doesn't receive it.
The admin needs to resend the email with a temporary password.
Solution for step 4:
To resend the temporary password email, you can reinvoke the "AdminCreateUser" API with the "MessageAction" attribute set to "RESEND":
AdminCreateUserRequest adminCreateUserRequest =
new AdminCreateUserRequest()
.withUserPoolId(userPoolId)
.withUsername(email);
// Parameter "resend" is false the first time the user is created,
// true when you need to resend a temporary password
if (resend) {
adminCreateUserRequest.withMessageAction(MessageActionType.RESEND);
}
This should trigger a new email with the temporary password.
Upvotes: 0
Reputation: 427
I've been struggling with this for a couple of days now but finally found an answer. It seems that we can't send forgotPassword email to a user that doesn't have the email verified, and that can happen when you use the AdminCreateUser API since user only receives the email for temporary password and not for email verification.
Verification of a phone or email is necessary to automatically confirm users and enable recovery from forgotten passwords.
Solution:
When you call the AdminCreateUser method you can actually pass the email verified flag as another attribute:
{
//AminCreateUser request ...
"UserAttributes": [
// other user attributes ...
{
"Name": "email_verified",
"Value": "true"
}
],
}
It should also be possible to update the email_verified status with the AdminUpdateUserAttributes API.
Upvotes: 30
Related Questions
- How long does AWS Cognito ForgotPassword verification code last?
- How do I reset a Cognito user's password that has expired?
- AWS cognito forgot password flow
- AWS Cognito - Admin Reset User Password WITHOUT Sending Email
- Forgot Password in cognito (if email is not verified)
- How can I resend email verification code in Cognito?
- Cognito Forgot password fails
- Cognito user is unable to reset his password, or ask for resent if his is in "force_change_password" status
- User Not receiving temporary password in email
- Cognito - How to get a user based on forget password code?