I have confirmed users with their mail and updating login if authenticated. Any clue why it's happening?
Your question is not very clear. Can you elaborate on what you are doing and what is happening?
Some code and exception would also help.
sure, here's my authenticate function
userLogin: function (email, password, success, failure) {
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails({
Username: email,
Password: password
});
new AWSCognito.CognitoIdentityServiceProvider.CognitoUser({
Username: email,
Pool: UserPool
}).authenticateUser(authenticationDetails, {
onSuccess: function (result) {
updateLogin(result.getIdToken().getJwtToken());
success(result.getAccessToken().getJwtToken());
},
onFailure: function (err) {
failure(err);
}
});
},
var updateLogin = function (token) {
var credentials = {};
var url = 'cognito-idp.' + config.region + '.amazonaws.com/' + config.userPoolId;
credentials['Logins'] = {};
credentials['Logins'][url] = token;
credentials['IdentityPoolId'] = config.identityPoolId;
AWSCognito.config.update({
credentials: new AWS.CognitoIdentityCredentials(credentials)
});
}
and here's my change passoword function which throws "Error: User is not authenticated(…)"
changePassword: function (email, oldPassword, newPassword, success, failure) {
new AWSCognito.CognitoIdentityServiceProvider.CognitoUser({
Username: email,
Pool: UserPool
}).changePassword(oldPassword, newPassword, function (err, result) {
return err ? failure(err) : success(result.user());
});
},
Anything else I can help you with?
You are creating a new CognitoUser object in the changePassword method. For the SDK, this is a new user who does not have any session. If you use the same user instance which authenticated, this should work.
This example also uses an already existing cognitoUser instance to call changePassword or any other API for that matter.
Thanks for your reply. I've seen the example. But as I said earlier, I am trying to change password of a user whom I authenticated using email verification. So taking new cognitoUser instance (with same id and userPool) of that user should work fine. But it is not.
any clue?
whom I authenticated using email verification
This statement is incorrect. Email verification is not an authentication. It is just verifying the email address in the user profile not authenticating the user. Authentication is when a user uses his username and password combination and get valid tokens from Cognito User Pools.
Change password or any other user authenticated operations are only possible if you have valid tokens associated to that user. Hope this clarifies the difference between email verification and authentication.
Thanks for the clarification. However, I am still unable to use the changePassword API.
Here's how I authenticated user
userLogin: function (email, password, success, failure) {
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails({
Username: email,
Password: password
});
new AWSCognito.CognitoIdentityServiceProvider.CognitoUser({
Username: email,
Pool: UserPool
}).authenticateUser(authenticationDetails, {
onSuccess: function (result) {
updateLogin(result.getIdToken().getJwtToken());
success(result.getAccessToken().getJwtToken());
},
onFailure: function (err) {
failure(err);
}
});
},
var updateLogin = function (token) {
var credentials = {};
var url = 'cognito-idp.' + config.region + '.amazonaws.com/' + config.userPoolId;
credentials['Logins'] = {};
credentials['Logins'][url] = token;
credentials['IdentityPoolId'] = config.identityPoolId;
AWSCognito.config.update({
credentials: new AWS.CognitoIdentityCredentials(credentials)
});
}
I tried 2 ways to change password
changePassword: function (email, oldPassword, newPassword, success, failure) {
new AWSCognito.CognitoIdentityServiceProvider.CognitoUser({
Username: email,
Pool: UserPool
}).changePassword(oldPassword, newPassword, function (err, result) {
return err ? failure(err) : success(result.user());
});
}
changePassword: function (email, oldPassword, newPassword, success, failure) {
UserPool.getCurrentUser().changePassword(oldPassword, newPassword, function (err, result) {
return err ? failure(err) : success(result.user());
});
},
Both says "Error: User is not authenticated(…)"
Here what userPool.getCurrentUser() shows
{
"username": "userName",
"AuthState": null,
"signInUserSession": null
}
Is AuthState and signInUserSession supposed to be null?
You have just found the reason for ChangePassword() to fail. When you create a new CognitoUser object, the object does not have any stored tokens (i.e. signInUserSession). Without valid tokens , the API will not be able to perform that access user's data.
The user object gets tokens only after authentication. However, after successful authentication the user object caches the tokens in the local store.
For ChangePassword() to work try any of these:
1) User the same CognitoUser object on which you authenticated, i.e. called getSession().
2) If you have to create a new CognitoUser object with an already authenticated username, then call getSession() on this new CognitoUser object before calling ChangePassword(). getSession() will load valid tokens cached in the local store, if they are available. Otherwise getSession() will trigger the password authentication process.
Hi @imnasif , what's the difference in your update login function between config.userPoolId and config.identityPoolId ?
if (cognitoUser != null) {
cognitoUser.getSession(function (err, session) {
if (err) {
alert(err);
return;
}
});
cognitoUser.deleteUser(function (err, result) {
if (err) {
alert(err);
return;
}
console.log('user delete result: ' + result);
});
}
Most helpful comment
You have just found the reason for ChangePassword() to fail. When you create a new CognitoUser object, the object does not have any stored tokens (i.e. signInUserSession). Without valid tokens , the API will not be able to perform that access user's data.
The user object gets tokens only after authentication. However, after successful authentication the user object caches the tokens in the local store.
For ChangePassword() to work try any of these:
1) User the same CognitoUser object on which you authenticated, i.e. called getSession().
2) If you have to create a new CognitoUser object with an already authenticated username, then call getSession() on this new CognitoUser object before calling ChangePassword(). getSession() will load valid tokens cached in the local store, if they are available. Otherwise getSession() will trigger the password authentication process.