Requiring imported users to reset their passwords - Amazon Cognito

Requiring imported users to reset their passwords

The first time each imported user signs in and enters any password, they are required to enter a new password. The following procedure describes the user experience in a custom app with local users after you import a CSV file. If your users sign in with the hosted UI, Amazon Cognito prompts them to set a new password when they first sign in.

Requiring imported users to reset their passwords
  1. In your app, silently attempt sign-in for the current user with InitiateAuth using a random password.

  2. Amazon Cognito returns a NotAuthorizedException when PreventUserExistenceErrors is enabled. Otherwise, it returns PasswordResetRequiredException.

  3. Your app makes a ForgotPassword API request and resets the user's password.

    1. The app submits the username in a ForgotPassword API request.

    2. Amazon Cognito sends a code to the verified email or phone number. The destination depends on the values you provided for email_verified and phone_number_verified in your CSV file. The response to the ForgotPassword request indicates the destination of the code.

      Note

      Your user pool must be configured to verify emails or phone numbers. For more information, see Signing up and confirming user accounts.

    3. Your app displays a message to your user to check the location where the code was sent, and prompts your user to enter the code and a new password.

    4. The user enters the code and new password in the app.

    5. The app submits the code and new password in a ConfirmForgotPassword API request.

    6. Your app redirects your user to sign-in.