I'm following this tutorial https://serverless-stack.com/chapters/test-the-apis.html to create a react js app with AWS.
I followed every steps but now I'm facing a challenge, when i want to test my api with npx command with a user I created in the user pool, it needs to change his password.
npx aws-api-gateway-cli-test --username='mail#example.com' --password='password' --user-pool-id='user-pool-id' --app-client-id='app-client-id' --cognito-region='region' --identity-pool-id='identity-pool' --invoke-url='url' --api-gateway-region='region' --path-template='/notes' --method='POST' --body='{"content":"hello world","attachment":"hello.jpg"}'
npx: installed 106 in 7.229s
Authenticating with User Pool
Given user needs to set a new password
All ids are hidden in the command.
How can I do that ? I tried the change password command but it needs an access token and I don't know where to found it.
Thanks for your help
Related
The way I'm logging in to my app is by entering a username and then aws amplify generates and send the one-time password to the registered email address of the user and then the user is asked to enter the one-time password.
What I want is to test my scenario automatically.
Searched a lot but what I git is a simple username and password login using the Cognito strategy of the cypress.
Any help is appreciated.
I've created a user pool for our development environment, wherein I've made MFA required. Then I create a new user using AdminCreateUser where I pass the phone_number and email of the user.
The problem I'm facing is only during e2e Cypress tests. After the user is created, I'm able to login with the temporary password, but in the next step it takes me to the SMS_MFA challenge. I've no way to proceed further with SMS_MFA during e2e tests.
But if I had the option of setting up SOFTWARE_TOKEN_MFA after setting the permanent password, that'd solve the problem for the e2e tests. For SOFTWARE_TOKEN_MFA, I'm using an OTP generator NodeJS library which takes in the secret code and gives me an OTP.
Anyone know how can I setup SOFTWARE_TOKEN_MFA setting up permanent password in AWS Cognito?
I accidentally added the Google Social Login with OAuth to Aws Cognito, and now every time I run amplify pull I receive this message -
"You've opted to allow users to authenticate via Google. If you
haven't already, you'll need to go to
https://developers.google.com/identity and create an App ID."
I would like to remove the Google Social Login so I could pull without inputting the client ID, does anyone know how to do this?
From the command line, run: amplify update auth
Select: ❯ Update OAuth social providers.
Arrow-down to "Google", and hit the space bar to deselect it, so that ❯◉ Google becomes ❯◯ Google.
Hit enter.
Run amplify push.
I am implementing a simple sign-up sign-in system in my Android app using AWS Amplify and Kotlin. Everything seems to work fine except for one thing that when the user tries to sign-in they can use any password to do so. If they type in a registered and confirmed username the successfully log in which is obviously not what I want. I want them to type in the correct password as well. Do I need to change something in my AWS User Pool settings to achieve this or do I handle this in Kotlin somehow?
Amplify.Auth.signIn(inputEmail.text.toString(), inputPassword.text.toString(), {}, {})
I found the error. AWS Amplify keeps a cached version of the previous successful login which is prioritized over the current attempted login. So at some point I have to call Amplify.Auth.signOut()
Amplify CLI authentication with Cognito user pools currently has two main modes, signin with username or with email. In the former case email uniqueness as a required user attribute is not being enforced.
Cognito service by itself supports the "Also allow sign in with verified email address" option (AWS Console, User Pool Attributes-section) but it can be set only upon user pool creation (i.e. can not be modified later - checkboxes are disabled). Is it possible to enforce no duplicate emails within the user pool while allowing users to authenticate with username or with email?
To summarize, my use case requires:
Verifying/enforcing email attribute uniqueness at the Cognito level when signing up users via Amplify's Auth.SignUp;
Keeping username-based login but allowing users to login with their email as well (that is, Auth.SignIn with email or username supplied as the username-argument).
When you add the user pool with amplify add auth choose 'Username' as the method with which you want users to sign in when prompted.
If you aren't prompted with this choice, you might need to try amplify add auth again but this time choose Manual configuration when prompted at the beginning.
Once you've completed the entire auth set up via amplify add auth, BEFORE you run amplify push for the first time, run amplify override auth.
This creates a new override.ts file which you can edit with AWS CDK code to customise your Cognito resources beyond the abilities the CLI allows.
You can find the override.ts file at:
amplify\backend\auth\<your_app_name>\override.ts
Inside the override file, add the following line into the empty function that's made for you:
resources.userPool.aliasAttributes = ['email'];
Now you can save the file, and run amplify push and hopefully your new user pool will show in the AWS Console that you've successfully configured it to allow user name and email sign in together.
You have to make sure you write the override code before amplify push or your user pool will be created in the cloud, and attempting to override this sign in functionality after the user pool has been created throws an error as it's read only.
If you find yourself in that position, you'll need to create a new user pool, you can't modify the existing one.