User Pool Config - Can't reset passwords

[gonwi]

Hi,

After successfully deploying the app. Everything works just fine but the default cognito user configuration. Doesn't allow for email confirm or to reset passwords.

When trying reset the passwords I get.

Could not reset password for the account, please contact support or try again

As I understand, you can't change cognito user pool attributes after a pool is created.

• Is there any option to change this before deployment, or make changes to the stack template after in order to fix?

• Does someone else encounter this problem?

Thanks

[rutabagaman]

I ran into something similar; basically Cognito is pretty brittle and won't let you change some basic UserPool properties after it's been created. For instance you can't:

• change allowing users to sign in with email/phone number/preferred username
• update which attributes are required/optional
• delete custom attributes(though you can always add new ones)

In the Cognito documentation they basically advocate creating a new UserPool and creating a lambda function to migrate users from the old to the new. Pretty clunky.

If you're still playing with it in dev, you can delete the UserPool by first deleting the domain under App integration:Domain Name in the console, then delete the UserPool proper. Once that's finished, you can kick off the CloudFormation deploy to re-create it.

[rutabagaman]

FYI, your cloudformation YAML would look something like this to configure the app for logging in with validated email addresses and forgot password enabled:

  CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName: !Ref CognitoIdentityPoolName
      AutoVerifiedAttributes:
        - email
      LambdaConfig:
        PreSignUp: !GetAtt CognitoUserPoolsConfirmationStrategyFunction.Arn
      Policies:
        PasswordPolicy:
          MinimumLength: 12
          RequireLowercase: true
          RequireNumbers: true
      UsernameAttributes:
        - email

[rutabagaman]

Oh yeah, and you have to change the pre-sign-up hook in lambdas/cognito-user-pools-confirmation-strategy/index.js to always return false to verify their email:

 exports.handler = (event, context, callback) => {
     event.response = { autoConfirmUser: false }; callback(null, event);

[ngalchemist]

Oh yeah, and you have to change the pre-sign-up hook in lambdas/cognito-user-pools-confirmation-strategy/index.js to always return false to verify their email:

 exports.handler = (event, context, callback) => {
     event.response = { autoConfirmUser: false }; callback(null, event);

This solution worked for me, thank you!

I spent way too much time just trying to get to the point where I understood that it was possible to do this without modifying the UI.

[ghost]

Using the latest version, you can manually reset passwords through Cognito by going to the user pool, searching for the user in question (by email, usually - the default is by username, but that's pretty useless for our needs as they're all GUIDs), opening them up, and clicking "Reset Password".

Not sure how it'd work with prior versions as I only tested this against the latest version, but I suspect it would work similarly. If this still doesn't work and you're on the latest version, please feel free to reply here and one of us can re-open.

[jamesdavidson]

Could not reset password for the account, please contact support or try again

If you find yourself in this situation then do check that "self-service account recovery" is not in fact disabled as was the case for me just now.