7

I need to check that a user-provided input matches the current password (from Cognito User Pool). I'm implementing a confirmation dialog that requires the user to provide their password again (user must be logged in to access this functionality), and check if it's valid.

I am using the AWS SDK for Java on Android and the current implementation does the following:

getUserPool() // com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUserPool
    .getCurrentUser()
    .changePasswordInBackground(
        password, // oldUserPassword
        password, // newUserPassword
        new GenericHandler() {
            @Override
            public void onSuccess() {
                // provided password is correct
            }
            @Override
            public void onFailure(Exception e) {
                // provided password is incorrect
            }
        }
    );

However, this feels like a hack, and is subject to Failed Attempt Limits, which makes automating some test cases unfeasible.

Is there an API within the SDK that I can use for this?

Thank you!

Sergio Leon
  • 71
  • 1
  • 3
  • Why not just re-login? – Bram Jan 04 '19 at 18:59
  • 1
    @Bram that might be a healthier solution, but I'm concerned about additional challenges that might be added in the future for login (e.g.: Google Authenticator). The desired solution would be for the SDK to expose a `checkPassword` API. – Sergio Leon Jan 04 '19 at 20:53
  • Cognito does not support any mechanism to retrieve the user's current password - the only way to validate that a password is correct is to authenticate with it – Brian Winant Jan 07 '19 at 09:29
  • @bwinant I'm aware of that, and I believe it's a nice-to-have feature for compliance reasons. I was going for a 'Check Password' API, that lets me know whether a user-supplied input matches the current password. – Sergio Leon Jan 07 '19 at 17:08
  • @Sergio Leon - There is an open RFC on the AWS Android SDK repository https://github.com/aws-amplify/aws-sdk-android/issues/634. I would recommend that you post this there as a feature request. – Bommas Jan 23 '19 at 23:18

0 Answers0