Set up password change and recovery
Amplify Auth provides a secure way for your users to change their password or recover a forgotten password. This securely reduces friction for your users and improves their experience accessing your application.
Before you begin, you will need:
- An Amplify project with the Auth category configured
- The Amplify libraries installed and configured
Allow your users to replace a forgotten password
Your users may want to retrieve access to their account and replace a forgotten password. They can either perform self-service and reset the password after verifying ownership of the account, or request an Admin to reset the password for their account.
Change to a new password via self-service
You can enable self-service by using the forgotPassword method. This will send a confirmation code to your user's email or phone number (depending on which attributes are verified in your Cognito user pool) and they can then enter that confirmation code with a new password using the forgotPasswordSubmit method. This will allow the user to reset their password and sign in with the new password.
1import { Auth } from 'aws-amplify';2
3// Send confirmation code to user's email or phone number4async function forgotPassword(username: string) {5 try {6 const data = await Auth.forgotPassword(username);7 console.log(data);8 } catch (err) {9 console.log(err);10 }11}12
13// Collect confirmation code and new password14async function forgotPasswordSubmit(15 username: string,16 code: string,17 newPassword: string18) {19 try {20 const data = await Auth.forgotPasswordSubmit(username, code, newPassword);21 console.log(data);22 } catch (err) {23 console.log(err);24 }25}1import { Auth } from 'aws-amplify';2
3// Send confirmation code to user's email4async function forgotPassword(username) {5 try {6 const data = await Auth.forgotPassword(username);7 console.log(data);8 } catch (err) {9 console.log(err);10 }11}12
13// Collect confirmation code and new password14async function forgotPasswordSubmit(username, code, newPassword) {15 try {16 const data = await Auth.forgotPasswordSubmit(username, code, newPassword);17 console.log(data);18 } catch (err) {19 console.log(err);20 }21}Change to a new password after Admin reset
In the case where the user's account password needs to be reset by an Admin, a confirmation code will be sent to your user's email or phone number (depending on which attributes are verified in your Cognito user pool) as soon as the reset is triggered. They can then enter that confirmation code with a new password using the forgotPasswordSubmit method. This will allow the user to reset their password and sign in with the new password.
1import { Auth } from 'aws-amplify';2
3async function forgotPasswordSubmit(4 username: string,5 code: string,6 newPassword: string7) {8 try {9 const data = await Auth.forgotPasswordSubmit(username, code, newPassword);10 console.log(data);11 } catch (err) {12 console.log(err);13 }14}1import { Auth } from 'aws-amplify';2
3async function forgotPasswordSubmit(username, code, newPassword) {4 try {5 const data = await Auth.forgotPasswordSubmit(username, code, newPassword);6 console.log(data);7 } catch (err) {8 console.log(err);9 }10}Your users can now recover their account and reset to a new password.
Allow your users to change their password
In other instances you may want your users to be able to change their password over time. You can set this up using the Amplify Libraries.
Change a password while signed into their account
You can enable your users to change passwords using the changePassword method. This will prompt the user to enter their current password oldPassword and a new password newPassword. If successful, the password will be updated.
1import { Auth } from 'aws-amplify';2
3async function changePassword(oldPassword: string, newPassword: string) {4 try {5 const user = await Auth.currentAuthenticatedUser();6 const data = await Auth.changePassword(user, oldPassword, newPassword);7 console.log(data);8 } catch (err) {9 console.log(err);10 }11}1import { Auth } from 'aws-amplify';2
3async function changePassword(oldPassword, newPassword) {4 try {5 const user = await Auth.currentAuthenticatedUser();6 const data = await Auth.changePassword(user, oldPassword, newPassword);7 console.log(data);8 } catch (err) {9 console.log(err);10 }11}Now, your users have the ability to change their passwords.
TroubleshootingTroubleshooting validation errors
You may get form validation errors when your user enters an invalid password that does not meet the requirements you have set. For example, if you require a minimum length of eight characters, you'll need to display an error message if the user enters less than eight.
You will also want to wrap your API calls with try and catch blocks to catch any errors. You can then display user-friendly error messages in the UI so your users know what happened. This will make sure you don't have any silent failures in your user experience.
Conclusion
Congratulations! You finished the Set up user password change and recovery guide. In this guide, you learned how to enable password changes by your users and help them recover their account and replace their password using a registered email or phone number.
Next steps
Now that you enabled password management you may also want to add some additional features. We recommend you learn more about: