2

The Amazon Cognito adminCreateUser documentation on TemporaryPassword states:

This parameter is not required. If you do not specify a value, Amazon Cognito generates one for you.

How does the user ever get it? At first I thought it would get emailed to the user, but that doesn't seem to be the case. Then I thought maybe it would come back in the response. Nope.

Here's the code I'm calling in my node JS Lambda function:

adminCreateUser(
{
    "UserPoolId": "us-east-1_XXXXXXXX",
    "Username": "roger__mailinator.com",
    "DesiredDeliveryMediums": [
        "EMAIL"
    ],
    "ForceAliasCreation": false,
    "MessageAction": "SUPPRESS",
    "UserAttributes": [
        {
            "Name": "given_name",
            "Value": "Rodger"
        },
        {
            "Name": "family_name",
            "Value": "Ribbit"
        },
        {
            "Name": "name",
            "Value": "Rodger Ribbit"
        },
        {
            "Name": "email",
            "Value": "roger@mailinator.com"
        },
        {
            "Name": "custom:title",
            "Value": "Animation Designer"
        },
        {
            "Name": "custom:company",
            "Value": "76"
        }
    ]
}, function(error, data) {
    if (error) {
      console.log("Error adding user to cognito: " + error, error.stack);
      //...
    } else {
      console.log("Received back from cognito: " + JSON.stringify(data));
      //...
    }
  });

and here's the response I get:

Received back from cognito:
{
    "User": {
        "Username": "roger__mailinator.com",
        "Attributes": [
            {
                "Name": "custom:title",
                "Value": "Animation Designer"
            },
            {
                "Name": "sub",
                "Value": "1cd612a0-0da0-4e7b-84c7-30570fab80a9"
            },
            {
                "Name": "name",
                "Value": "Rodger Ribbit"
            },
            {
                "Name": "given_name",
                "Value": "Rodger"
            },
            {
                "Name": "family_name",
                "Value": "Ribbit"
            },
            {
                "Name": "email",
                "Value": "roger@mailinator.com"
            },
            {
                "Name": "custom:company",
                "Value": "76"
            }
        ],
        "UserCreateDate": "2017-03-30T18:31:34.283Z",
        "UserLastModifiedDate": "2017-03-30T18:31:34.283Z",
        "Enabled": true,
        "UserStatus": "FORCE_CHANGE_PASSWORD"
    }
}

Where does the password go? Are we supposed to guess it? :-)

Ryan Shillington
  • 23,006
  • 14
  • 93
  • 108

2 Answers2

1

I think it's because you are passing "MessageAction": "SUPPRESS". That would suppress the sending of the email.

The temporary password is emailed to the user and he needs to reset it upon the first login.

Ionut Trestian
  • 5,473
  • 2
  • 20
  • 29
0

The answer is that the user email needs to be verified before they'll receive it. So you need to modify the user attribute on email to be verified. See: https://stackoverflow.com/a/43033722/491553

Ryan Shillington
  • 23,006
  • 14
  • 93
  • 108