By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to get OTP when resetting password cognito user pool ?

0

Hi, I have implemented logic for adding user and generating temporary password, when user login using temporary password they get session token and. by the session token i am setting password for the user.

Now the issue is user forgot there password and i need to send otp to users email adderess to reset password but otp is not received on email. I have tried with multiple email but not receving the otp.

Blow is the implementation code.

import { CognitoIdentityProviderClient, ForgotPasswordCommand } from '@aws-sdk/client-cognito-identity-provider';

const config = {
	region: 'ap-southeast-2', // Replace with your desired region
	credentials: {
		accessKeyId: 'AKIA3UWX65VUBRKJ', // Replace with your AWS Access Key ID
		secretAccessKey: '8SD+2uTrYlt4XKt3EV9mvZg/tIgw3h', // Replace with your AWS Secret Access Key
	},
};

const client = new CognitoIdentityProviderClient(config);

export const requestOtp = async (request) => {
	if (request.method === 'POST') {
		const requestBody = await request.text();
		const body = JSON.parse(requestBody);

		const { email, clientId } = body;

		const forgotPasswordParams = {
			ClientId: clientId,
			Username: email,
		};

		try {
			const forgotPasswordCommand = new ForgotPasswordCommand(forgotPasswordParams);
			const result = await client.send(forgotPasswordCommand);

			return new Response(JSON.stringify({ message: 'otp sent successful', result }), {
				status: 200,
				headers: { 'Content-Type': 'application/json' },
			});
		} catch (error) {
			return new Response(JSON.stringify({ error: 'otp sent failed', object: error }), {
				status: 401,
				headers: { 'Content-Type': 'application/json' },
			});
		}
	} else {
		return new Response('Invalid request method', { status: 405 });
	}
};

Response I am getting from the api endpoint.

{
    "message": "otp sent successful",
    "result": {
        "$metadata": {
            "httpStatusCode": 200,
            "requestId": "fdedd24f-dd1e-4b3b-a706-c5c9f7464eb5",
            "attempts": 1,
            "totalRetryDelay": 0
        },
        "CodeDeliveryDetails": {
            "AttributeName": "email",
            "DeliveryMedium": "EMAIL",
            "Destination": "a***@b***"
        }
    }
}

But the issue is i am not getting otp.

Topics
Security, Identity, & ComplianceFront-End Web & MobileBusiness Applications
Tags
Amazon CognitoAmazon Simple Email ServiceIAM PoliciesMulti-factor AuthenticationAmazon Cognito User Pools
Language
English
MD AMIR SOHAIL
asked 9 months ago334 views
1 Answer
0

Hello, is your code sent to Email? Is your SES in sandbox mode and this mailbox is not in SES's list of verified mailboxes?

In addition, I found that you have directly disclosed your accessKeyId & secretAccessKey in config, for the sake of safety, I suggest you disable this AKSK immediately.

WangQinYang
answered 9 months ago
  • MD AMIR SOHAIL
    9 months ago

    Hi, The email address are not verified, and when i verify the email manually from the cognito dashboard i am able to get otp but the issue is i am not able to verify the user email when user changes there password after first login.

    I need to automaticaly verify user email as he sets the password first time with session token.

  • WangQinYang
    9 months ago

    Sorry for the late reply. I did not receive the notification reminder. I tried to use the signup command to register the user, which includes setting the password and verifying the email verification code. After the registration is completed, the email automatically becomes verified. Was your user created using admin? Can you set email verification to true when creating it?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content