If a cognito user lost his confirmation email is unable to reset his password, or ask for resent if his is in "force_change_password" status, and no error is displayed to him.
Is there any known fix on that?
Asked
Active
Viewed 8,171 times
2 Answers
4
Doesn't completely solve my issue, but it does provide an error message to the user.
If you go to User Pool -> General Settings -> App clients -> under Prevent User Existence Errors -> change from enabled to legacy.
So when the user clicks on the forget password will see this error message "Could not reset password for the account, please contact support or try again".
Skpan
- 101
- 1
- 8
3
If a user is in "force_change_password" it is often because you performed an Admin create user operation, where the user is then sent a temporary password to use. After using that temp password the user will be asked to set a new password.
If this is the password you are referring to you can perform admin create user again for the same user and set MessageAction to 'RESEND' [1].
"Set to "RESEND" to resend the invitation message to a user that already exists and reset the expiration limit on the user's account."
[1] https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html
callo
- 1,374
- 8
- 12
-
I perform admin create in preSingUp lambda trigger, so I do it once (to have a native cognito user already created and be able to link him with a federated one). So when a user tries to login with google for example 2 users are created, the native one and the google one and I link them, using AdminLink function So my app knows only the native user and my user receives an email, (with the verification code for his native cognito user) which if get lost, he should contact with the admin as neither reset not resent are available/working at this status "force_change_password". – Skpan Aug 20 '20 at 06:36