I have an iOS application that I'm working on, and I'm using AWS Cognito to manage user authentication. I'm using the pre-made sign in interface. However, when a user is created in the AWS console, that user is assigned a temporary password, which the user will need to change on first log in. This is indicated by the status "FORCE_CHANGE_PASSWORD" in the "Users and groups" section of the User pool details in the AWS console.
When an admin-created user tries to sign in for the first time, a "NEW_PASSWORD_REQUIRED" challenge occurs. Since the pre-made sign in workflow apparently doesn't handle that challenge, I learned how to detect when it happens, and open a new view controller that will accept the username, current password, and a new password. In order to detect the challenge, I edited the library function that is called when that challenge occurs, and passed a notification through NotificationCenter. I realize that editing the library files is probably not best practice, but that's the only way that I could get to work so that my code would know when the challenge occurs.
The view controller attempts to change the user's password using user.changePassword(OLD_PASSWORD, proposedPassword: NEW_PASSWORD). This doesn't actually change the password though. Inside the .continueWith{ (response) -> Any? in callback, I find that response is as follows: <AWSTask: 0x7fd417e6ca90; completed = YES; cancelled = NO; faulted = YES; result = (null)>.
Nowhere can I find an answer to this problem. I have searched the AWS Documentation (finding a solution but for android: https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk-authenticate-admin-created-user.html ) as well as here on stack overflow, GitHub, and the web in general, but I haven't found any working solutions. I realize that this question: In AWS iOS SDK, how do I handle FORCE_CHANGE_PASSWORD User Status appears to be the same question, and is answered. I couldn't get my code working with that answer unfortunately. Here is the function that is called when the user taps the button to change their password with the provided information entered in text fields:
@IBAction func submitNewPassword(_ sender:AnyObject) {
print("Attempting to submit new password...")
let pool: AWSCognitoIdentityUserPool = AWSCognitoIdentityUserPool(forKey: userPoolID)
let user: AWSCognitoIdentityUser = pool.getUser(usernameInput.text!)
user.changePassword(oldPasswordInput.text!, proposedPassword: newPasswordInput.text!).continueWith { (response) -> Any? in
print("\n\nResponse is: \(response)\n\n")
}
}
I have been trying to figure out how to assume a different role and change the password that way, thinking that maybe this is an authorization issue, but I haven't been able to figure out how to do that. Any help will be greatly appreciated! This is definitely the most frustrating bug I've ever had!
