6

I am working on a Xamarin app that uses AWS Cognito for user authentication. I'm trying to implement a forgot password, and the MFA is setup to use an email confirmation code.

However, when I try entering and using the confirmation code with a new password, I always get the

Invalid code provided, please request a code again. ExpiredCodeException

What I have found through testing is that nothing I send or when I send it changes the error message. If I send a 1 character string(which is obviously not correct) or the actual confirmation code, I get the same error. If I try to use the confirmation code immediately after receiving the email or I wait a few minutes, I get the same error.

The code is pretty simple..

public async Task<bool> ConfirmResetPasswordCodeAsync(string username, string code, string password, BasePageModel pageModel)
{
    try {
        await client.ConfirmForgotPasswordAsync(new ConfirmForgotPasswordRequest { Username = username, ConfirmationCode = code, ClientId = ClientId, Password = password });
        return true;
    } catch(Exception ex) {
        // handle the exception
    }

    return false;
}

So I'm not sure what I am doing wrong. Am I missing a setting somewhere in the AWS admin?

Ryan Alford
  • 7,514
  • 6
  • 42
  • 56
  • 2
    Seems to be more like an AWS issue rather than Xamarin, did you try getting in touch with the Amazon Team with regards to this? or tried their [Forum](https://forums.aws.amazon.com/index.jspa)? – FreakyAli Apr 02 '19 at 12:53
  • 2
    @G.hakim I went to the Github page for the aws-sdk-net repo and they recommended posting questions on SO instead of their github. – Ryan Alford Apr 03 '19 at 02:14
  • I don't remember how this it's done on aws, but on Azure AD for instance, you have to create a different user flow for password reset, maybe it's something like that on aws – FabriBertani Feb 08 '21 at 21:39

0 Answers0