How do I reset a Cognito user's password that has expired?

aws-cognito

17,751

The commands admin-reset-user-password and admin-enable-user do not work for an expired user.

The way you reset an expired user is to call admin-create-user again with the parameter MessageAction value = 'RESEND'

For example via CLI command:

aws cognito-idp admin-create-user --region us-east-1 --user-pool-id us-east-1_youruserpoolid --username theusername --message-action RESEND

From the documentation:

"Set to 'RESEND' to resend the invitation message to a user that already exists and reset the expiration limit on the user's account."

Once you have reset the user, the user will need to change the temporary password otherwise they will be put back into this state again once they have exceeded the expiration time period (by default 7 days according to AWS documentation).

17,751

Ryan Shillington

This is my next start-up. I'm very excited about it: QbDVision by CherryCircle Software, Inc. Find me on LinkedIn: https://www.linkedin.com/in/ryanshillington/

Updated on July 20, 2022

Comments

Ryan Shillington almost 2 years
We're using Cognito. All is well. I added a user using the AdminCreateUser API, and they received their temporary password. Unfortunately they waited over a month to login, and now when they try to login with their temporary password, Cognito returns this error:
```
User account has expired, it must be reset by an administrator.
```
How do I do that? I don't see any reset button in the Cognito UI. Is there a CLI or API that I can call?
Jean-Baptiste over 3 years

And there you saved my day! ;)
Chris Christensen over 3 years

And this is why I love stackoverflow. Thanks Ryan!
Orestis Kapar about 3 years

Any way to do this for the AWS Console?
Ryan Shillington about 3 years

@OrestesKappa Not that I know of.