How do I reset a Cognito user's password that has expired?
The commands admin-reset-user-password
and admin-enable-user
do not work for an expired user.
The way you reset an expired user is to call admin-create-user
again with the parameter MessageAction value = 'RESEND'
For example via CLI command:
aws cognito-idp admin-create-user --region us-east-1 --user-pool-id us-east-1_youruserpoolid --username theusername --message-action RESEND
From the documentation:
"Set to 'RESEND' to resend the invitation message to a user that already exists and reset the expiration limit on the user's account."
Once you have reset the user, the user will need to change the temporary password otherwise they will be put back into this state again once they have exceeded the expiration time period (by default 7 days according to AWS documentation).
Related videos on Youtube
Ryan Shillington
This is my next start-up. I'm very excited about it: QbDVision by CherryCircle Software, Inc. Find me on LinkedIn: https://www.linkedin.com/in/ryanshillington/
Updated on July 20, 2022Comments
-
Ryan Shillington almost 2 years
We're using Cognito. All is well. I added a user using the AdminCreateUser API, and they received their temporary password. Unfortunately they waited over a month to login, and now when they try to login with their temporary password, Cognito returns this error:
User account has expired, it must be reset by an administrator.
How do I do that? I don't see any reset button in the Cognito UI. Is there a CLI or API that I can call?
-
Jean-Baptiste over 3 yearsAnd there you saved my day! ;)
-
Chris Christensen over 3 yearsAnd this is why I love stackoverflow. Thanks Ryan!
-
Orestis Kapar about 3 yearsAny way to do this for the AWS Console?
-
Ryan Shillington about 3 years@OrestesKappa Not that I know of.