0 votes
1 view
in AWS by (19.2k points)

Using AWS Cognito, I want to create dummy users for testing purposes.

I then use the AWS Console to create such a user, but the user has its status set to FORCE_CHANGE_PASSWORD. With that value, this user cannot be authenticated.

Is there a way to change this status?

UPDATE the Same behaviour when creating a user from CLI

1 Answer

0 votes
by (44.6k points)

This is a multi-step process, where you use AWS CLI to change users passwords:

Step 1: For the desired user, get a session token:

aws cognito-idp admin-initiate-auth --user-pool-id user pool id --client-id app client id --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=username,PASSWORD=current-password

If error occurs like this "Unable to verify secret hash for client", then create another client without a secret and use that client ID.

Step 2: If only step 1 is successful, you will be responded with a challenge  "NEW_PASSWORD_REQUIRED", other parameters and user’s session key. After this, run the second command to issue the challenge response:

aws cognito-idp admin-respond-to-auth-challenge --user-pool-id user pool id --client-id client id --challenge-name NEW_PASSWORD_REQUIRED --challenge-responses NEW_PASSWORD=desired-password,USERNAME=users username --session “session key from previous command”

If you receive an error stating "Invalid attributes given, XXX is missing" pass the attributes which are missing using this format - userAttributes.$FIELD_NAME=$VALUE

A valid Authentication Result and appropriate Tokens will be produced.

You can also visit the AWS tutorial which is meant for beginners to learn AWS.

Welcome to Intellipaat Community. Get your technical queries answered by top developers !