How to disable or delete user

[nnurmano]

I could not find info on how to disable or delete user. Could you please provide a documentation link or update documentation?

[nihp]

@Kim ford

My question is after disabling the user, I need to get any response from amplify.

Steps:

1. User already signedIn and he is in the app
2. Admin disabled the user
3. Here I need any response shows any error from aws
4. But it not return anything
5. User can able to access the app for 1 hour
6. Here my question is any option to get the user state immediately after disabling the user. Then only I can able to make the user to signOut the app.

Then only I can immediately make the user to logout the app. Else he can able to access the app up to 1 hour.

So I need any error response immediately after disabling the user.

[kimfucious]

Hi @nihp

What I believe you want is for the user to be immediately logged out of the app (and their tokens invalidated) when the user is disabled by an admin in the Cognito user pool. While I'm not 100% sure, I don't think this is possible at present.

There's a much discussed issue here, which you've already read.

The above mentions a way to invalidate tokens, found here, but I've never tried to do it.

As I've never gone down this path, I'm afraid I can't offer much help other than sharing the above.

You may also wish to explore using AdminDisableUser & AdminGlobalUserSignOut in a lambda, but from the looks of it you'll still have that one hour token issue.

I've not tried this either, so your mileage may vary.

Good luck.

[nihp]

@kimfucious Thanks. Will check

[djom202]

I'm trying to implement all the User options as Enable, Disabled, Resend invitation and Delete them without found solutions for that, so from my perspective they are options that Amplify-js must have.

[tomaszczechowski]

I'm handling this in such a way:

1. When a user requests an account to be deleted then it's marked in the DB as deleted
2. User is logged out immediately
3. When tries to log in the pre-auth Cognito hook function verifies the status of the user (DB) and if it's deleted then refuses to let him in.
4. Lamda function (runs each 10 minutes) removes the user from Cognito like this:

const cleanUpCognito = async (usersUuid) => {
    const removedUsers = [];

    async function* removeUsers(users) {
        for (const uuid of users) {
            const [error] = await to(cognito.adminDeleteUser({
                UserPoolId: process.env.AUTH_YOUR_POOL_ID_USERPOOLID,
                Username: uuid
            }).promise());

            if (error) {
                console.log(`❌ [Error] - cognito error: `, error);
                continue;
            }

            yield uuid;
        }
    }

    for await (const userUuid of removeUsers(usersUuid)) {
        removedUsers.push(userUuid);
    }

    console.log("✅ Removed users from cognito:", removedUsers);

    return Promise.resolve();
};`

[github-actions[bot]]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

[tannerabread]

Related #3431