I know admin can reset user's temporary password from console using the following command
aws cognito-idp admin-create-user --region us-east-1 --user-pool-id us-east-1_youruserpoolid --username theusername --message-action RESEND
But here I need something where user have a trigger option, and after that trigger he should get new temp password to his email. It is something like self service option, where user don't have to call admin for resetting his temp password.
I tried using resendConfirmationCode from
https://github.com/aws-amplify/amplify-js/blob/master/packages/amazon-cognito-identity-js/src/CognitoUser.js
with request :
{ClientId: "v3miuf2k********", Username: "suni*********"}
getting response as:
{code: "NotAuthorizedException", name: "NotAuthorizedException", message: "Can't resend confirmation code for this user"}
code: "NotAuthorizedException"
message: "Can't resend confirmation code for this user"
name: "NotAuthorizedException"
Just wanted to put out the official response from AWS support, if someone needs the answer in the future.
I can see the error is caused by the API resendConfirmationCode which supposed to be called without any credentials, however, the error indication message said "NotAuthorizedException". Is this API called many times? That may trigger AWS backend side protection of anonymous attacking.
Can you have a try to create a new user with the same email and use the same API to send confirmation code? If there is an existing user with the same email address but not confirmed, it's fine to create a new user with the same email address.
来源:https://stackoverflow.com/questions/52335925/giving-user-capability-of-resetting-expired-temporary-password-in-cognito