Skip to content

Cognito returns 200 instead of 401 when resending NEW_PASSWORD_REQUIRED challenge #12400

New issue
New issue
Open
Open
Cognito returns 200 instead of 401 when resending NEW_PASSWORD_REQUIRED challenge#12400
Assignees
giogranobaermat
Labels
aws:cognitoAmazon Cognitostatus: backlogTriaged but not yet being worked on
@SergeiDemyanenko

Description

@SergeiDemyanenko
SergeiDemyanenko
opened on Mar 17, 2025

Steps to reproduce:

  1. Create a user pool

awslocal cognito-idp create-user-pool
--pool-name "TestPortalPool"
--schema Name="userRole",AttributeDataType="String"
--username-attributes email
--auto-verified-attributes email
--region "${AWS_REGION}"

  1. Create a user

USER_EMAIL=test@email.com
USER_PASSWORD=Qwerty123!

awslocal cognito-idp admin-create-user
--user-pool-id "${USER_POOL_ID}"
--username "${USER_EMAIL}"
--temporary-password "${USER_PASSWORD}"
--user-attributes Name="custom:userRole",Value="SUPER"
--region "${AWS_REGION}"

  1. Get the token
  2. Send the NEW_PASSWORD_REQUIRED challenge
  3. Send the NEW_PASSWORD_REQUIRED challenge second time and get response status code 200

The status code for a repeated NEW_PASSWORD_REQUIRED challenge request should be 401.

Metadata

Metadata

Assignees

Labels

aws:cognitoAmazon Cognitostatus: backlogTriaged but not yet being worked on

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions