2

In Cognito, is there any way where I can allow a user (Account status: External provider) to create a password for their account and do login using username and password. I am using a Hosted UI.

Consider a case where a user logged in using the Google sign-in method and the user pool has a user entry. I have given the user a preferred username and email options to sign in. but since it does not have a password yet, the user should be able to reset their password using forgot password method. But I get the error "User password cannot be reset in the current state." Can you please suggest if there is any method or workaround for this.

Thanks.

Johan Rin
  • 1,900
  • 2
  • 20
  • 42
Aman Gupta
  • 1,764
  • 4
  • 30
  • 58
  • Does this answer your question? [AWS Cognito: Best practice to handle same user (with same email address) signing in from different identity providers (Google, Facebook)](https://stackoverflow.com/questions/59635482/aws-cognito-best-practice-to-handle-same-user-with-same-email-address-signing) – Himanshu Patil Feb 07 '22 at 11:52

1 Answers1

2

You cannot create a password for an EXTERNAL_PROVIDER user. The password is handled directly by your provider and Cognito Hosted UI only retrieve the user fields you previously mapped in the configuration.

If you try to change the password of your user connected by Google, you will get the following error :

User is not authorized to change password.

Because the password can only be changed with the provider.

Johan Rin
  • 1,900
  • 2
  • 20
  • 42
  • Thank you for the help. What I want to do is allow a user who first got into my application using google can now do so using his google email id and some password. Isn't there a way to convert an EXTERNAL_PROVIDER user into cognito user? – Aman Gupta Dec 24 '18 at 05:49
  • I also asked myself if there was a way to link these two. I also tried on other websites like Airbnb: 1) first sign in with my Google account, then sign out ; 2) Try with the same email used previously. And the conclusion was the sign in by Google is not linked to your email. I think we only retrieve a token from the provider. So I guess it is not possible to convert an EXTERNAL_PROVIDER user into Cognito user. – Johan Rin Dec 24 '18 at 07:51
  • I checked AirBnb, and it was able to detect that i have an google account with the given email address, and it gave me two options either to login with google or to reset password. Upon reset i was able to login with both google and email/password. – Aman Gupta Dec 24 '18 at 08:16
  • 1
    I am able to merge a provider user into the existing cognito user using AdminLinkProviderForUser method. I am looking for the reverse way. – Aman Gupta Dec 24 '18 at 08:17
  • @AmanGupta, did you find any solution for it? Thank you. – Vladyslav Turak Jul 22 '20 at 19:34
  • @VladyslavTurak did you able to achieve this? I also want the same functionality. – HackRx Dec 17 '21 at 20:50
  • use the solution as proposed here https://stackoverflow.com/a/65986760/9740955 – Himanshu Patil Feb 07 '22 at 11:52