amazon-cognito-identity-js - forgot password for Invalid User
Question
I am using amazon-cognito-identity-js node module for forgot password implementation. Below is my service code.
var userData = {
Username: '<username>',
Pool: '<userpool id>',
}
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData)
return new Promise(function (resolve, reject) {
cognitoUser.forgotPassword({
onSuccess: function (data) {
resolve({
statusCode: 200, response: {
ForgotPasswordResponse: {
Status: 'Success',
Destination: data.CodeDeliveryDetails.Destination
},
}
})
},
onFailure: function (err) {
resolve({
statusCode: 400, response: {
ForgotPasswordResponse: {
Status: 'failure',
Error: err.message
},
}
})
}
});
})
}
If I pass username which is not in pool, code still goes in onSuccess function and have no idea to which destination it is sending verification code. Same thing happens if I pass username whose status in cognito userpool is FORCE_CHANGE_PASSWORD. Kindly suggest to handle this scenario.
1 answers
solution1
0 2022-09-30 19:57:33
Wen using amazon-cognito-identity-js to integrate Congito into a website for authentication, the forgotPassword method will not work properly if certain settings are flagged in the Cognito Pool.
Original Congtio interface navigation to settings Cognito User Pool -> General Settings - > App Clients -> Show Details -> Security Configuration -> Prevent User Existence Errors
If you select "Enabled (Recommended)" then the forgotPassword API will never return a failure when submitting a user that does not exist in the User Pool.
If you switch it back to "Legacy" then the forgotPassword API works properly once again.
I have notified AWS of the issue, hopefully they will consider a fix.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.