Change User Status from FORCE_CHANGE_PASSWORD in Cognito

Borislav Hadzhiev

Last updated: Aug 15, 2022
2 min


# Change User Status from FORCE_CHANGE_PASSWORD in Cognito

To change a Cognito user's status from FORCE_CHANGE_PASSWORD to CONFIRMED, we have to change their password. To change a Cognito user's password, use the admin-set-password command, setting the --permanent parameter.

aws cognito-idp admin-set-user-password --user-pool-id YOUR_USER_POOL_ID --username --password "cats-and-dogs-123" --permanent

change user password

The admin-set-user-password command allows us to set a user's password as an administrator.

We can set the user's password to a temporary or permanent one. If we set a temporary password, the user's status is set to FORCE_CHANGE_PASSWORD.

The next time they try to log in, they will be required to change their password.

If a user whose account is in the FORCE_CHANGE_PASSWORD state gets prompted to update their password on sign-in and they don't, the challenge expires and only an admin can update their password.

By setting the --permanent parameter in the command, we've updated the user's status from FORCE_CHANGE_PASSWORD to CONFIRMED.

To verify that the user's status has been changed to CONFIRMED, run the admin-get-user command.

aws cognito-idp admin-get-user --user-pool-id YOUR_USER_POOL_ID --username --query "UserStatus"

verify user status confirmed

The admin-get-user command returns information about the Cognito user.

We're only interested in the user's status, so we used the --query parameter to filter the output.

# Additional Resources

You can learn more about the related topics by checking out the following tutorials:

I wrote a book in which I share everything I know about how to become a better, more efficient programmer.
book cover
You can use the search field on my Home Page to filter through all of my articles.