'how to set expiration of password in aws-cognito with node js

I am trying to do something like -

  All user passwords should expire every 90 days.
  Users should be forced to reset their expired passwords upon login to share with last password.

anybody have any idea, how to do it in aws-cognito with nodejs ?

thanks in advance.

node.jsamazon-cognito


Solution 1:[1]

Cognito does not have an option for password expiration, but you can add the custom user attribute "custom:passwordUpdateDate" where you are going to check when the password was updated and use AdminResetUserPassword. Amazon Cognito: Enforcing password expiration policy

Solution 2:[2]

you can use api of aws-cognito user:

aws cognito-idp admin-get-user --user-pool-id us-east-1poolID --username youUser name or email --profile default

const AWS = require('aws-sdk');
AWS.config.update({region:'us-east-1'});
var http = require('http')

const express = require('express');
const app = express();

/*Initializing CognitoIdentityServiceProvider from AWS SDK JS*/
var RecivedData = {}

// var server = http.createServer(function (req, res) {   //create web server
//     if (req.url == '/') { //check the URL of the current request
        
        
    
//     }
// }
// )
const cognito = new AWS.CognitoIdentityServiceProvider({
    apiVersion: "2016-04-18",
});



const USERPOOLID = "you-pool id here";


const Check = async (event, context) => {
    const EMAIL = "your email or user name ";
    const cognitoParams = {
        UserPoolId: USERPOOLID,
        Username: EMAIL
    };

    let response = await cognito.adminGetUser(cognitoParams).promise();
    console.log(JSON.stringify(response, null, 2));
    RecivedData = {...RecivedData,response}
    console.log(RecivedData)
}
(async ()=>{Check();})();
app.get('/' , (req,res)=>{
    // Server will send resonse
    res.send(RecivedData); 
 })
   
 // Server setup
 app.listen(4000 , ()=>{
     console.log("server running 4000");
 });

you will response in response you will get like this

{
  response: {
    Username: 'something',
    UserAttributes: [ [Object], [Object], [Object] ],
    UserCreateDate: 2022-03-21T13:17:05.246Z,
    UserLastModifiedDate: 2022-03-21T13:42:09.303Z,
    Enabled: true,
    UserStatus: 'CONFIRMED'
  }
}

here you see UserLastModifiedDate using this you can set password expiry of the aws-cognito user. hope this will help you

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Dragan Velkovski
Solution 2 Umer Farooq

Related Questions