Set up password change and recovery

Amplify iOS v1 is now in Maintenance Mode until May 31st, 2024. This means that we will continue to include updates to ensure compatibility with backend services and security. No new features will be introduced in v1.

Please use the latest version (v2) of Amplify Library for Swift to get started.

If you are currently using v1, follow these instructions to upgrade to v2.

Reset password

In order to reset your password, use the resetPassword api - this will send a code to the user attribute configured to receive such a reset code (e.g. email or SMS):

1func resetPassword(username: String) {
2    Amplify.Auth.resetPassword(for: username) { result in
3        do {
4            let resetResult = try result.get()
5            switch resetResult.nextStep {
6            case .confirmResetPasswordWithCode(let deliveryDetails, let info):
7                print("Confirm reset password with code send to - \(deliveryDetails) \(String(describing: info))")
8            case .done:
9                print("Reset completed")
10            }
11        } catch {
12            print("Reset password failed with error \(error)")
13        }
14    }
15}

Usually resetting the password require you to verify that it is the actual user that tried to reset the password. The next step above will be .confirmResetPasswordWithCode.

If you are using Cognito and would like to display a more specific view or messaging to your users based the error that occurred, you can handle this by downcasting the underlyingError to AWSCognitoAuthError.

1if let authError = error as? AuthError,
2    let cognitoAuthError = authError.underlyingError as? AWSCognitoAuthError {
3    switch cognitoAuthError {
4    case .userNotFound:
5        print("User not found")
6    case .invalidParameter:
7        print("Invalid Parameter)
8    default:
9        break
10    }
11}

For examples of what errors are returned from Cognito for this API, see ForgotPassword Errors

To complete the password reset process, invoke the confirmResetPassword api with the code you were sent and the new password you want.

1func confirmResetPassword(
2    username: String,
3    newPassword: String,
4    confirmationCode: String
5) {
6    Amplify.Auth.confirmResetPassword(
7        for: username,
8        with: newPassword,
9        confirmationCode: confirmationCode
10    ) { result in
11        switch result {
12        case .success:
13            print("Password reset confirmed")
14        case .failure(let error):
15            print("Reset password failed with error \(error)")
16        }
17    }
18}

Change password

A signed in user can update their password using the updatePassword api:

1func changePassword(oldPassword: String, newPassword: String) {
2    Amplify.Auth.update(oldPassword: oldPassword, to: newPassword) { result in
3        switch result {
4        case .success:
5            print("Change password succeeded")
6        case .failure(let error):
7            print("Change password failed with error \(error)")
8        }
9    }
10}

Manage user attributes

Remember a device