amazon-cognito-identity-js icon indicating copy to clipboard operation
amazon-cognito-identity-js copied to clipboard

Published 20 hours ago verified publisher icon amazon-archives

Cognito no longer firing newPasswordRequired for AdminCreated users (on first log in)

Open hagen opened this issue 8 years ago • 9 comments

Previously, on cognitoUser.authenticateUser where the Cognito User had just been created by Admin (i.e. in FORCE_PASSWORD_CHANGE, but enabled), the callback result would fire newPasswordRequired. This is no longer happening. The callback immediately fires onSuccess, with all three tokens available. Users created by an Admin are no longer prompted for a new password, and are also unable to perform forgot passwords, or any other account activities while they remain in FORCE_PASSWORD_CHANGE. Anyone else seeing this? My endpoint is in ap-northeast-1

hagen avatar Jul 31 '17 04:07 hagen

Thanks for reporting this. Can you email me the user pool ID for this? Also can you give more details about your setup? How are you creating the users (using the CLI, the console etc). Do you have any lambda functions to confirm users, verify email, verify phone etc? Is this a newly created user pool? Are you using aliases?

itrestian avatar Jul 31 '17 17:07 itrestian

Have PMd you :)

hagen avatar Aug 04 '17 00:08 hagen

Thanks! :+1:

itrestian avatar Aug 04 '17 00:08 itrestian

Same problem here, "Use case 23" of the README is not working for users created from the console on a fresh cognito pool (no lambda functions, etc.). authenticateUser throw an error if newPasswordRequired key is missing but does not seem to call the function when it is provided, which is strange... Do you have an update on this? Thanks!

martinv13 avatar Aug 29 '17 09:08 martinv13

I'm not entirely sure this is the same problem. @hagen mentions that he is getting tokens immediately without firing the new password challenge while you say the function is not called. Can you check if the newPasswordRequired is indeed a function in your case?

itrestian avatar Aug 30 '17 17:08 itrestian

You are right I didn't manage to reproduce the issue I thought I had. Everything works fine. Thank you

martinv13 avatar Sep 05 '17 11:09 martinv13

is this still an issue? is there a workaround?

iksnae avatar Nov 01 '17 03:11 iksnae

What symptoms are you experiencing @iksnae ?

pgerlich avatar Nov 05 '17 22:11 pgerlich

I have the same problem. When I create users from the console, they are never prompted to enter a new password. It was working some time ago..

buccfer avatar Dec 09 '17 22:12 buccfer