Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Oct 14, 2024

Manage passwords

Amplify Auth provides a secure way for your users to change their password or recover a forgotten password.

Understand password default settings

By default, your users can retrieve access to their accounts if they forgot their password by using either their phone or email. The following are the default account recovery methods used when either phone or email are used as login options.

Login optionUser account verification channel
phonePhone Number
emailEmail
email and phoneEmail

Reset Password

To reset a user's password, use the resetPassword API which will send a reset code to the destination (e.g. email or SMS) based on the user's settings.

Future<void> resetPassword(String username) async {
try {
final result = await Amplify.Auth.resetPassword(
username: username,
);
await _handleResetPasswordResult(result);
} on AuthException catch (e) {
safePrint('Error resetting password: ${e.message}');
}
}
Future<void> _handleResetPasswordResult(ResetPasswordResult result) async {
switch (result.nextStep.updateStep) {
case AuthResetPasswordStep.confirmResetPasswordWithCode:
final codeDeliveryDetails = result.nextStep.codeDeliveryDetails!;
_handleCodeDelivery(codeDeliveryDetails);
break;
case AuthResetPasswordStep.done:
safePrint('Successfully reset password');
break;
}
}

To complete the password reset process, invoke the confirmResetPassword API with the code your user received and the new password they want to set.

Future<void> confirmResetPassword({
required String username,
required String newPassword,
required String confirmationCode,
}) async {
try {
final result = await Amplify.Auth.confirmResetPassword(
username: username,
newPassword: newPassword,
confirmationCode: confirmationCode,
);
safePrint('Password reset complete: ${result.isPasswordReset}');
} on AuthException catch (e) {
safePrint('Error resetting password: ${e.message}');
}
}

Update password

You can update a signed in user's password using the updatePassword API.

Future<void> updatePassword({
required String oldPassword,
required String newPassword,
}) async {
try {
await Amplify.Auth.updatePassword(
oldPassword: oldPassword,
newPassword: newPassword,
);
} on AuthException catch (e) {
safePrint('Error updating password: ${e.message}');
}
}

Override default user account verification channel

You can always change the channel used by your authentication resources by overriding the following setting.

amplify/auth/resource.ts
import { defineAuth } from '@aws-amplify/backend';
export const auth = defineAuth({
loginWith: {
email: true
},
accountRecovery: 'EMAIL_ONLY'
});

Override default password policy

By default your password policy is set to the following:

  • MinLength: 8 characters
  • requireLowercase: true
  • requireUppercase: true
  • requireNumbers: true
  • requireSymbols: true
  • tempPasswordValidity: 3 days

You can customize the password format acceptable by your auth resource by modifying the underlying cfnUserPool resource:

amplify/backend.ts
import { defineBackend } from '@aws-amplify/backend';
import { auth } from './auth/resource';
const backend = defineBackend({
auth,
});
// extract L1 CfnUserPool resources
const { cfnUserPool } = backend.auth.resources.cfnResources;
// modify cfnUserPool policies directly
cfnUserPool.policies = {
passwordPolicy: {
minimumLength: 32,
requireLowercase: true,
requireNumbers: true,
requireSymbols: true,
requireUppercase: true,
temporaryPasswordValidityDays: 20,
},
};