Amplify-js: Can't change the status of "FORCE_CHANGE_PASSWORD" users
I'm developing a React app, and implementing the authentication with AWS Amplify and Cognito. I'm not using the withAuthenticator HOC because of a custom sign-in page. I sign up users as an administrator with the AWS CLI, which means they receive the FORCE_CHANGE_PASSWORD status by default.
On the login page, I'd like to detect the user's status after capturing their login details so the app would redirect the user to the forgot password flow in case of a FORCE_CHANGE_PASSWORD status.
However, I find absolutely no way to retrieve the status of a user. All of the following methods omit this parameter: currentAuthenticatedUser(), currentSession(), currentUserInfo(), currentUserPoolUser(), currentCredentials().
I even added a custom attribute "isConfirmed" that would be initialized with a "no" value but the Auth.currentAuthenticatedUser() (as well as other similar methods) don't return a user object for users with the state FORCE_CHANGE_PASSWORD.
Secondly, I can't seem to find any way to initiate the Auth.forgotPassword method for a user with the state FORCE_CHANGE_PASSWORD. If I call the forgotPassword method for a new user, I get the following message: User password cannot be reset in the current state.
To sum up:
1: I can't detect the state of the user.
2: I can't call the forgotPassword method for users with the FORCE_CHANGE_PASSWORD STATE.
Any help would be greatly appreciated.
blazsek
All 6 comments
@blazsek the user need to sign in with the temporary password first, the flow is like:
Auth.signIn(username, temp_password)
.then(user => {
if (user.challengeName === 'NEW_PASSWORD_REQUIRED') {
Auth.completeNewPassword(user, new_password, requiredAttributes)
.then(user => {
});
}
}
Maybe you can have look at this and this
Sorry for now it's not in the documentation. Will mark it as document enhancement.
powerful23
on 31 Jul 2018
Hi @powerful23 I have a similar problem but I get "Password cannot be empty", I'm using aws-amplify v1.1.17...
This ia a code snippet of what I have:
await Auth.signIn({username:this.state.email,password:this.state.password})
.then(user => {
console.log(user);
if (user.challengeName === 'NEW_PASSWORD_REQUIRED'){
this.setState({passwordChallenge: true,isLoading: false});
Auth.completeNewPassword({
user,
//password: this.state.password,
newPassword: this.state.newPassword
}).then(user => {
window.LOG_LEVEL='DEBUG'
Auth.signIn({username: user.username,password: this.state.newPassword })
window.LOG_LEVEL='DEBUG'
this.props.userHasAuthenticated(true);
}).catch(e => {
window.LOG_LEVEL='DEBUG'
console.log(this.state);
console.log(e);
});
Any help would be great..
AmoDinho
on 17 Jan 2019
looks like it's not possible to reset the user password if they are in the FORCE_CHANGE_PASSWORD state
unfortunately, might have to use the aws-sdk with a cloud function to handle this. otherwise I can see a solution where you create users with the same initial password and automatically complete the Auth.completeNewPassword function. wouldn't be very secure.
zyzski
on 20 Feb 2019
The initial question seems to have been answered. Closing. Please reopen this if you have any further questions or concerns.
jordanranz
on 26 Apr 2019
Hi @powerful23 I have a similar problem but I get
"Password cannot be empty", I'm usingaws-amplify v1.1.17...This ia a code snippet of what I have:
await Auth.signIn({username:this.state.email,password:this.state.password}) .then(user => { console.log(user); if (user.challengeName === 'NEW_PASSWORD_REQUIRED'){ this.setState({passwordChallenge: true,isLoading: false}); Auth.completeNewPassword({ user, //password: this.state.password, newPassword: this.state.newPassword }).then(user => { window.LOG_LEVEL='DEBUG' Auth.signIn({username: user.username,password: this.state.newPassword }) window.LOG_LEVEL='DEBUG' this.props.userHasAuthenticated(true); }).catch(e => { window.LOG_LEVEL='DEBUG' console.log(this.state); console.log(e); });Any help would be great..
As they say better late, then never ;)
You should call (pass list of params, not an object)
Auth.completeNewPassword(user,newPassword: this.state.newPassword)
not
Auth.completeNewPassword({
user,
newPassword: this.state.newPassword
})
this should solve Your issue
ludwikd
on 3 Oct 2019
@blazsek the user need to sign in with the temporary password first, the flow is like:
Auth.signIn(username, temp_password) .then(user => { if (user.challengeName === 'NEW_PASSWORD_REQUIRED') { Auth.completeNewPassword(user, new_password, requiredAttributes) .then(user => { }); } }Maybe you can have look at this and this
Sorry for now it's not in the documentation. Will mark it as document enhancement.
this does not work unless you pass the arguments as UsernamePasswordOpts. https://aws-amplify.github.io/amplify-js/api/globals.html#usernamepasswordopts
Auth.signIn({ username: string, password: string })
jonalexander
on 18 Dec 2019
Related issues
ddemoll
路
3Comments
romainquellec
路
3Comments
rayhaanq
路
3Comments
simon998yang
路
3Comments
DougWoodCDS
路
3Comments
Most helpful comment
@blazsek the user need to sign in with the temporary password first, the flow is like:
Maybe you can have look at this and this
Sorry for now it's not in the documentation. Will mark it as document enhancement.