Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Aws Cognito- User pools, how to recover / set password for a user when it has no email or phone

Tags:

authentication

amazon-web-services

amazon-cognito

Aws Cognito- User pools, how to recover / set password for a user when it has no email or phone.

I am using this on the web for a small business locally. and want user to use only username.
not use email and phone.

On the verification tab, I leave both checkboxes: phone and email blank.

Then it displays the following red warning.

You have not selected either email or phone number verification,
so your users will not be able to
recover their passwords without contacting you for support.

So it is okay that I want them to contact support. But I cannot find and API to set their password or recovery by admin.

If users contact me, how can I do it?

like image 953
riseres Avatar asked Jan 31 '26 14:01

riseres

1 Answers

At the moment, there is a workaround through the API. Just set an email/phone where you/the admin can receive the one-off confirmation code (eg: [email protected])

Just tested on an old cognito user pool that for some unknown reason, gets the emailed_verified attribute set to false every now and then (ref).

The User pool has the same configuration: No verification options are enabled.

However, you can ensure the email_verified attribute is ok, through an AWS user with dev credentials.

Example using CLI (tested on aws-cli/1.16.3 Python/2.7.10 Darwin/18.2.0 botocore/1.11.3):

[email protected]
POOL_ID=us_east_1-123
POOL_APP_CLIENT_ID=fake123

# Ensure the email_verified attribute is set to true
# https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/admin-update-user-attributes.html
aws cognito-idp admin-update-user-attributes --user-pool-id $POOL_ID --username $USER --user-attributes Name=email_verified,Value=true

# Check the attribute is set/added if missing
# https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/list-users.html
aws cognito-idp list-users --user-pool-id $POOL_ID --query 'Users[?Username==`$USER`].[*]'

# Run Admin Reset PWD
# https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/admin-reset-user-password.html
aws cognito-idp admin-reset-user-password --user-pool-id <Pool ID> --username <USER>
# The email/phone for the user should get a confirmation code
# Set the new pwd
# https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/confirm-forgot-password.html
aws cognito-idp confirm-forgot-password --confirmation-code <Code> --password <New PWD> --username $USER --client-id $POOL_APP_CLIENT_ID
like image 74
Efren Avatar answered Feb 03 '26 04:02

Efren
Sign in to Comment

Related questions

Node EADDRINUSE on AWS regardless of port
AWS PHP SDK upload file to S3 confusing errors

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!