Amazon Cognito
Developer Guide (Version Last Updated: 08/26/2017)

Example: Authenticate and Set a New Password for a User Created with the AdminCreateUser API in the SDK for JavaScript

To support the user sign-in flow for users created by administrators (using the AdminCreateUser API), implement a newPasswordRequired callback method to set the new password when the user first signs in. The user first attempts to sign in with the temporary password he or she received in the invitation and the SDK calls your newPasswordRequired callback. Gather the required inputs, including the new password and required attributes, and then call the completeNewPasswordChallenge method, which is available in the CognitoUser class.

The newPasswordRequired callback takes two parameters: userAttributes and requiredAttributes.

cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { // User authentication was successful }, onFailure: function(err) { // User authentication was not successful }, mfaRequired: function(codeDeliveryDetails) { // MFA is required to complete user authentication. // Get the code from user and call cognitoUser.sendMFACode(mfaCode, this) }, newPasswordRequired: function(userAttributes, requiredAttributes) { // User was signed up by an admin and must provide new // password and required attributes, if any, to complete // authentication. // userAttributes: object, which is the user's current profile. It will list all attributes that are associated with the user. // Required attributes according to schema, which don’t have any values yet, will have blank values. // requiredAttributes: list of attributes that must be set by the user along with new password to complete the sign-in. // Get these details and call // newPassword: password that user has given // attributesData: object with key as attribute name and value that the user has given. cognitoUser.completeNewPasswordChallenge(newPassword, attributesData, this) } });