Amazon Cognito
Developer Guide

Example: Handling Users Created Using the AdminCreateUser API in the Mobile SDK for Android

Amazon Cognito Your User Pools allows administrators to create new users and invite the users to sign in. The user must set his or her password during the first sign-in. Also during the first sign-in, the user must provide values for any required attributes that don't already have values.

The Mobile SDK for Android (version 2.3.2 and later) supports this feature. To support this feature in your apps, you must implement the AuthenticationChallenge callback method. The user authentication process for these users has not changed. However, after the initial password verification, the SDK invokes the AuthenticationChallenge callback, which you can implement to read the new password from the user. You can then allow the user to set required attributes and change user attributes that were already set by the administrator.

The continuation object passed to the AuthenticationChallenge callback method is of the type NewPasswordContinuation. The NewPasswordContinuation class is a child of ChallengeContinuation. The ChallengeContinuation class provides easier access to the challenge attributes.

When the AuthenticationChallenge callback is invoked during the user authentication process, first check the Challenge name. The challenge name, NEW_PASSWORD_REQUIRED, indicates that the user is trying to sign in for the first time after the administrator created the user's account. To get the challenge name, call continuation.getChallengeName.

To complete the sign-in process, the user must set a new password and provide any missing values for user attributes that were marked as required when the user pool was created or updated. To get the list of all required attributes, call continuation.getRequiredAttributes. To get the attributes and the values that were already set by the administrator, call continuation.getCurrentUserAttributes.

Call continuation.setPassword and continuation.setUserAttribute, respectively, to set the user's new password and attributes (including required attributes).

Call continuation.continueTask to complete the sign-in process.

@Override public void authenticationChallenge(final ChallengeContinuation continuation) { // Check the challenge name if("NEW_PASSWORD_REQUIRED".equals(continuation.getChallengeName()) { // A new user is trying to sign in for the first time after // admin has created the user’s account // Cast to NewPasswordContinuation for easier access to challenge parameters NewPasswordContinuation newPasswordContinuation = (NewPasswordContinuation) continuation; // Get the list of required parameters List<String> requiredAttributes = newPasswordContinuation.getRequiredAttributes() // Get the current user attributes Map<String, String> currUserAttributes = newPasswordContinuation.getCurrentUserAttributes(); // Prompt user to set a new password and values for required attributes // Set new user password newPasswordContinuation.setPassword(); // Set user attributes newPasswordContinuation.setUserAttribute(attributeName, attributeValue); // Set user attributes newPasswordContinuation.setUserAttribute(anotherAttribute, valueOfAnotherAttribute); // Allow the sign-in to complete newPasswordContinuation.continueTask(); } // Set the challenge responses // Call continueTask() method to respond to the challenge and continue with authentication. }