CognitoIdentityProvider / Client / admin_set_user_password
admin_set_user_password#
- CognitoIdentityProvider.Client.admin_set_user_password(**kwargs)#
Sets the specified user’s password in a user pool. This operation administratively sets a temporary or permanent password for a user. With this operation, you can bypass self-service password changes and permit immediate sign-in with the password that you set. To do this, set
Permanenttotrue.You can also set a new temporary password in this request, send it to a user, and require them to choose a new password on their next sign-in. To do this, set
Permanenttofalse.If the password is temporary, the user’s
StatusbecomesFORCE_CHANGE_PASSWORD. When the user next tries to sign in, theInitiateAuthorAdminInitiateAuthresponse includes theNEW_PASSWORD_REQUIREDchallenge. If the user doesn’t sign in before the temporary password expires, they can no longer sign in and you must repeat this operation to set a temporary or permanent password for them.After the user sets a new password, or if you set a permanent password, their status becomes
Confirmed.AdminSetUserPasswordcan set a password for the user profile that Amazon Cognito creates for third-party federated users. When you set a password, the federated user’s status changes fromEXTERNAL_PROVIDERtoCONFIRMED. A user in this state can sign in as a federated user, and initiate authentication flows in the API like a linked native user. They can also modify their password and attributes in token-authenticated API requests likeChangePasswordandUpdateUserAttributes. As a best security practice and to keep users in sync with your external IdP, don’t set passwords on federated user profiles. To set up a federated user for native sign-in with a linked native user, refer to Linking federated users to an existing user profile.Note
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
See also: AWS API Documentation
Request Syntax
response = client.admin_set_user_password( UserPoolId='string', Username='string', Password='string', Permanent=True|False )
- Parameters:
UserPoolId (string) –
[REQUIRED]
The ID of the user pool where you want to set the user’s password.
Username (string) –
[REQUIRED]
The username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
usernameisn’t an alias attribute in your user pool, this value must be thesubof a local user or the username of a user from a third-party IdP.Password (string) –
[REQUIRED]
The new temporary or permanent password that you want to set for the user. You can’t remove the password for a user who already has a password so that they can only sign in with passwordless methods. In this scenario, you must create a new user without a password.
Permanent (boolean) – Set to
trueto set a password that the user can immediately sign in with. Set tofalseto set a temporary password that the user must change on their next sign-in.
- Return type:
dict
- Returns:
Response Syntax
{}Response Structure
(dict) –
Exceptions
CognitoIdentityProvider.Client.exceptions.ResourceNotFoundExceptionCognitoIdentityProvider.Client.exceptions.NotAuthorizedExceptionCognitoIdentityProvider.Client.exceptions.UserNotFoundExceptionCognitoIdentityProvider.Client.exceptions.InternalErrorExceptionCognitoIdentityProvider.Client.exceptions.TooManyRequestsExceptionCognitoIdentityProvider.Client.exceptions.InvalidParameterExceptionCognitoIdentityProvider.Client.exceptions.InvalidPasswordExceptionCognitoIdentityProvider.Client.exceptions.PasswordHistoryPolicyViolationException