AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Resets the specified user's password in a user pool. This operation doesn't change the user's password, but sends a password-reset code. This operation is the administrative authentication API equivalent to ForgotPassword.
This operation deactivates a user's password, requiring them to change it. If a user
tries to sign in after the API request, Amazon Cognito responds with a PasswordResetRequiredException
error. Your app must then complete the forgot-password flow by prompting the user
for their code and a new password, then submitting those values in a ConfirmForgotPassword
request. In addition, if the user pool has phone verification selected and a verified
phone number exists for the user, or if email verification is selected and a verified
email exists for the user, calling this API will also result in sending a message
to the end user with the code to change their password.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
For .NET Core this operation is only available in asynchronous form. Please refer to AdminResetUserPasswordAsync.
Namespace: Amazon.CognitoIdentityProvider
Assembly: AWSSDK.CognitoIdentityProvider.dll
Version: 3.x.y.z
public virtual AdminResetUserPasswordResponse AdminResetUserPassword( AdminResetUserPasswordRequest request )
Container for the necessary parameters to execute the AdminResetUserPassword service method.
| Exception | Condition |
|---|---|
| InternalErrorException | This exception is thrown when Amazon Cognito encounters an internal error. |
| InvalidEmailRoleAccessPolicyException | This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: 400. |
| InvalidLambdaResponseException | This exception is thrown when Amazon Cognito encounters an invalid Lambda response. |
| InvalidParameterException | This exception is thrown when the Amazon Cognito service encounters an invalid parameter. |
| InvalidSmsRoleAccessPolicyException | This exception is returned when the role provided for SMS configuration doesn't have permission to publish using Amazon SNS. |
| InvalidSmsRoleTrustRelationshipException | This exception is thrown when the trust relationship is not valid for the role provided for SMS configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external ID provided in the role does not match what is provided in the SMS configuration for the user pool. |
| LimitExceededException | This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. |
| NotAuthorizedException | This exception is thrown when a user isn't authorized. |
| ResourceNotFoundException | This exception is thrown when the Amazon Cognito service can't find the requested resource. |
| TooManyRequestsException | This exception is thrown when the user has made too many requests for a given operation. |
| UnexpectedLambdaException | This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. |
| UserLambdaValidationException | This exception is thrown when the Amazon Cognito service encounters a user validation exception with the Lambda service. |
| UserNotFoundException | This exception is thrown when a user isn't found. |
.NET Framework:
Supported in: 4.5 and newer, 3.5