Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a username and password, or through a third party such as Facebook, Amazon, Google, or Apple.

We can configure Amazon Cognito in such a way that users can sign in with their email, phone, or user name. If you enable sign-in with a user name, you can set a "preferred user name" attribute (preferred_username) which will work as an alternate value for the username attribute (username).

We have users registered in Amazon Cognito, whose password is missing or forgotten, Then we need to reset the password.

If a user wants to change the password for security purposes then we have ChangePasswordRequest and adminResetUserPasswordRequest API from aws-java-sdk-cognitoidp jar.

Table of Content :



Change Cognito User password using ChangePasswordRequest

This Changes the password for a specified user in a user pool.

ChangePasswordResult changePassword(ChangePasswordRequest changePasswordRequest)

changePasswordRequest - Represents the request to change a user password.

Request Syntax

{ "AccessToken": "string", "PreviousPassword": "string", "ProposedPassword": "string" }

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Maven dependencies

Here is the required maven dependency, we need to add this in the pom.xml file

<dependency> <groupId>com.amazonaws</groupId> <artifactId>aws-java-sdk-core</artifactId> <version>1.11.764</version> </dependency> <dependency> <groupId>com.amazonaws</groupId> <artifactId>aws-java-sdk-cognitoidp</artifactId> <version>1.11.764</version> </dependency> <dependency> <groupId>com.amazonaws</groupId> <artifactId>aws-java-sdk</artifactId> <version>1.11.360</version> </dependency>


Create AWSCognitoIdentityProvider Object

We have an AWSCognitoIdentityProvider instance

public static AWSCognitoIdentityProvider getAWSCognitoIdentityClient() { System.setProperty("aws.accessKeyId", "-- your accessKey Id--"); System.setProperty("aws.secretKey", "-- your secret Key--"); AWSCognitoIdentityProvider cognitoClient = AWSCognitoIdentityProviderClientBuilder.standard().withRegion(Regions.AP_SOUTH_1).withCredentials(new SystemPropertiesCredentialsProvider()).build(); return client; }

Now we have code for that

public void changePassword(final String acessToken, final String oldPassword,final String newPassword ) { final AWSCognitoIdentityProvider client = getAWSCognitoIdentityClient(); try { final ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest().withAccessToken(acessToken) .withPreviousPassword(oldPassword).withProposedPassword(newPassword); client.changePassword(changePasswordRequest); } catch (final Exception e) { log.error("Exception Occured during changing the password"); } finally { client.shutdown(); } }


AdminResetUserPassword

Resets the specified user's password in a user pool as an administrator. Works on any user.

When this API is called, the current password is invalidated, so it must be changed.

If a user tries to sign in after the API is called, the app will get a PasswordResetRequiredException exception back and should direct the user down the flow to reset the password, which is the same as the forgot password flow.

In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.

public User changeUserPasswordByAdmin(final String username, final String username,String newPassword) { final AWSCognitoIdentityProvider client = getAWSCognitoIdentityClient(); try { final AdminSetUserPasswordRequest adminResetUserPasswordRequest = new AdminSetUserPasswordRequest() .withUserPoolId(userpoolId).withUsername(username).withPassword(newPassword) .withPermanent(true); client.adminSetUserPassword(adminResetUserPasswordRequest); } catch (final Exception e) { log.error("Exception Occured during changing the user password"); } finally { cognitoClient.shutdown(); } return user; }

In this article, we have seen AWS Cognito Change User password using Java. All source code in the article can be found in the GitHub repository.