Edit on GitHub

Page updated Nov 20, 2023

Set up password change and recovery

Amplify Auth provides a secure way for your users to change their password or recover a forgotten password.

If you have not yet created an Amplify (Gen 2) app, visit the quickstart.

Understand password default settings

By default, your users can retrieve access to their accounts if they forgot their password by using either their phone or email. The following are the default account recovery methods used when either phone or email are used as login options.

Login optionUser account verification channel
phonePhone Number
emailEmail
email and phoneEmail

Override the default user account verification channel

You can always change the channel used by your authentication resources by overriding the following setting.

// amplify/auth/resource.ts import { defineAuth } from '@aws-amplify/backend'; export const auth = defineAuth({ loginWith: { email: true }, + accountRecovery: 'EMAIL_ONLY' });
1// amplify/auth/resource.ts
2import { defineAuth } from '@aws-amplify/backend';
3

4export const auth = defineAuth({
5  loginWith: {
6    email: true
7  },
8+ accountRecovery: 'EMAIL_ONLY'
9});

Reset Password

To reset a user's password, use the resetPassword API which will send a reset code to the destination (e.g. email or SMS) based on the user's settings.

import { resetPassword, type ResetPasswordOutput } from 'aws-amplify/auth'; async function handleResetPassword(username: string) { try { const output = await resetPassword({ username }); handleResetPasswordNextSteps(output); } catch (error) { console.log(error); } } function handleResetPasswordNextSteps(output: ResetPasswordOutput) { const { nextStep } = output; switch (nextStep.resetPasswordStep) { case 'CONFIRM_RESET_PASSWORD_WITH_CODE': const codeDeliveryDetails = nextStep.codeDeliveryDetails; console.log( `Confirmation code was sent to ${codeDeliveryDetails.deliveryMedium}` ); // Collect the confirmation code from the user and pass to confirmResetPassword. break; case 'DONE': console.log('Successfully reset password.'); break; } }
1import { resetPassword, type ResetPasswordOutput } from 'aws-amplify/auth';
2

3async function handleResetPassword(username: string) {
4  try {
5    const output = await resetPassword({ username });
6    handleResetPasswordNextSteps(output);
7  } catch (error) {
8    console.log(error);
9  }
10}
11

12function handleResetPasswordNextSteps(output: ResetPasswordOutput) {
13  const { nextStep } = output;
14  switch (nextStep.resetPasswordStep) {
15    case 'CONFIRM_RESET_PASSWORD_WITH_CODE':
16      const codeDeliveryDetails = nextStep.codeDeliveryDetails;
17      console.log(
18        `Confirmation code was sent to ${codeDeliveryDetails.deliveryMedium}`
19      );
20      // Collect the confirmation code from the user and pass to confirmResetPassword.
21      break;
22    case 'DONE':
23      console.log('Successfully reset password.');
24      break;
25  }
26}

To complete the password reset process, invoke the confirmResetPassword API with the code your user received and the new password they want to set.

import { confirmResetPassword, type ConfirmResetPasswordInput } from 'aws-amplify/auth'; async function handleConfirmResetPassword({ username, confirmationCode, newPassword }: ConfirmResetPasswordInput) { try { await confirmResetPassword({ username, confirmationCode, newPassword }); } catch (error) { console.log(error); } }
1import {
2  confirmResetPassword,
3  type ConfirmResetPasswordInput
4} from 'aws-amplify/auth';
5

6async function handleConfirmResetPassword({
7  username,
8  confirmationCode,
9  newPassword
10}: ConfirmResetPasswordInput) {
11  try {
12    await confirmResetPassword({ username, confirmationCode, newPassword });
13  } catch (error) {
14    console.log(error);
15  }
16}

Update password

You can update a signed in user's password using the updatePassword API.

import { updatePassword, type UpdatePasswordInput } from 'aws-amplify/auth'; async function handleUpdatePassword({ oldPassword, newPassword }: UpdatePasswordInput) { try { await updatePassword({ oldPassword, newPassword }); } catch (err) { console.log(err); } }
1import { updatePassword, type UpdatePasswordInput } from 'aws-amplify/auth';
2

3async function handleUpdatePassword({
4  oldPassword,
5  newPassword
6}: UpdatePasswordInput) {
7  try {
8    await updatePassword({ oldPassword, newPassword });
9  } catch (err) {
10    console.log(err);
11  }
12}

Conclusion

Congratulations! You finished the Set up user password change and recovery guide. In this guide, you learned how to enable password changes by your users and help them recover their account and replace their password using a registered email or phone number.

Next steps

Now that you enabled password management you may also want to add some additional features. We recommend you learn more about:

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2023, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.