Forgot password link from aws cognito
Its possible I have achieved this in my project.
Its done via triggers in aws cognito.
In Custom message trigger set lambda function you want to trigger.
const AWS = require('aws-sdk');
exports.handler = (event, context, callback) => {
var CustomMessage_ForgotPassword = `<style>
p {
display: block;
margin-block-start: 1em;
margin-block-end: 1em;
margin-inline-start: 0px;
margin-inline-end: 0px;
}
</style>
<div id=":x9" class="a3s aXjCH " role="gridcell" tabindex="-1"><p>Hello,</p>
<p>Follow this link to reset your Password. </p>
<p><a href="https://your-website.com/reset-password?confirmation_code=${event.request.codeParameter}&user_name=${event.userName}"> Reset Password </a></p>
<p>If you didn’t ask to change password, you can ignore this email.</p>
<p>Thanks,</p>
<p>Your website team</p>
</div>`
if (event.triggerSource === "CustomMessage_ForgotPassword") {
event.response.emailMessage = CustomMessage_ForgotPassword;
}
callback(null, event);
};
Then on your website make one route which will handle this code.
I forgot about this question which I asked few months back, thought of updating it with the answer. So, according to the AWS documentation:
"Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the Username parameter, you can use the username or user alias. If a verified phone number exists for the user, the confirmation code is sent to the phone number. Otherwise, if a verified email exists, the confirmation code is sent to the email. If neither a verified phone number nor a verified email exists, InvalidParameterException is thrown. "
Here is the link to AWS doc.
So there might be some workaround to achieve it, but sending a self verification link for forgot password is not supported by AWS Cognito for now.
I know that this question has been answered and accepted, and while it is true that Cognito does not do this out of the box, I wanted to find a way to get this to work seamlessly.
Here's what I came up with:
- Create a page in on your website with an email input box. When the user submits, use the user pool and email to create a
CognitoUser
instance and call theforgotPassword
function on the user. - Create an email interceptor Lambda as described in the answer by Mayur Shingare.
- Hook this Lambda up to the Custom Message trigger. The user should now receive a mail with your custom email, containing the verification code and his email in the query parameters, and not the standard verification code email.
- When the user clicks the link a browser window should open to your site. You then pull these query parameters from the URL. On this page have two boxes so that the user can type and confirm his password.
- On submission of the new password, use the user pool, email and verification code (from the query parameters) to get the
CognitoUser
instance and call theconfirmPassword
function. - On success either log the user in programatically using the new password or redirect the user to log in manually.
Any thoughts on this? I have used the same kind of mechanism to get user registration to work in a seamless fashion, although that required a bit more work.
Yes. You can make a call to the ForgotPassword endpoint:
{
"AnalyticsMetadata": {
"AnalyticsEndpointId": "string"
},
"ClientId": "string",
"SecretHash": "string",
"Username": "string"
}
You then need to make a call (from your website code) to the ConfirmForgotPassword endpoint to reset the password:
{
"AnalyticsMetadata": {
"AnalyticsEndpointId": "string"
},
"ClientId": "string",
"ConfirmationCode": "string",
"Password": "string",
"SecretHash": "string",
"Username": "string"
}