Change User Status from FORCE_CHANGE_PASSWORD in Cognito

avatar

Borislav Hadzhiev

Fri Sep 24 20212 min read

banner

Photo by Alex Jumper

Change User Status from FORCE_CHANGE_PASSWORD in Cognito #

In order to change a Cognito user's status from FORCE_CHANGE_PASSWORD to CONFIRMED, we have to change their password. To change a cognito user's password, use the admin-set-password command, setting the --permanent parameter.

shell
aws cognito-idp admin-set-user-password --user-pool-id YOUR_USER_POOL_ID --username john@gmail.com --password "cats-and-dogs-123" --permanent

change user password

The admin-set-user-password command allows us to set a user's password as an administrator.

We can set the user's password to be a temporary or permanent one. If we set a temporary password, the user's status is set to FORCE_CHANGE_PASSWORD, which means that the next time they try to log in, they will be required to change their password.

In case a user whose account is in the FORCE_CHANGE_PASSWORD gets prompted to update their password on sign in and they don't, the challenge expires and only an admin can update their password.

By setting the --permanent parameter in the command, we've updated the user's status from FORCE_CHANGE_PASSWORD to CONFIRMED.

To verify that the user's status has been changed to CONFIRMED, run the admin-get-user command.

shell
aws cognito-idp admin-get-user --user-pool-id YOUR_USER_POOL_ID --username john@gmail.com --query "UserStatus"

verify user status confirmed

The admin-get-user command returns information about the cognito user, however we're only interested in the user's status so we've used the --query parameter to filter the output to only the UserStatus.

Further Reading #

Join my newsletter

I'll send you 1 email a week with links to all of the articles I've written that week

Buy Me A Coffee