Admin Set User Password
cognitoidentityprovider_admin_set_user_password | R Documentation |
Sets the specified user's password in a user pool¶
Description¶
Sets the specified user's password in a user pool. This operation
administratively sets a temporary or permanent password for a user. With
this operation, you can bypass self-service password changes and permit
immediate sign-in with the password that you set. To do this, set
Permanent
to true
.
You can also set a new temporary password in this request, send it to a
user, and require them to choose a new password on their next sign-in.
To do this, set Permanent
to false
.
If the password is temporary, the user's Status
becomes
FORCE_CHANGE_PASSWORD
. When the user next tries to sign in, the
initiate_auth
or admin_initiate_auth
response includes the
NEW_PASSWORD_REQUIRED
challenge. If the user doesn't sign in before
the temporary password expires, they can no longer sign in and you must
repeat this operation to set a temporary or permanent password for them.
After the user sets a new password, or if you set a permanent password,
their status becomes Confirmed
.
admin_set_user_password
can set a password for the user profile that
Amazon Cognito creates for third-party federated users. When you set a
password, the federated user's status changes from EXTERNAL_PROVIDER
to CONFIRMED
. A user in this state can sign in as a federated user,
and initiate authentication flows in the API like a linked native user.
They can also modify their password and attributes in
token-authenticated API requests like change_password
and
update_user_attributes
. As a best security practice and to keep users
in sync with your external IdP, don't set passwords on federated user
profiles. To set up a federated user for native sign-in with a linked
native user, refer to Linking federated users to an existing user
profile.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Usage¶
Arguments¶
UserPoolId
[required] The ID of the user pool where you want to set the user's password.
Username
[required] The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If
username
isn't an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.Password
[required] The new temporary or permanent password that you want to set for the user. You can't remove the password for a user who already has a password so that they can only sign in with passwordless methods. In this scenario, you must create a new user without a password.
Permanent
Set to
true
to set a password that the user can immediately sign in with. Set tofalse
to set a temporary password that the user must change on their next sign-in.
Value¶
An empty list.