AWS cognito documentation change
Summary
Updated password reset instructions to recommend AdminSetUserPassword API instead of user deletion
Security assessment
Improves security documentation by promoting secure password reset practices, but no evidence of addressing a specific vulnerability.
Diff
diff --git a/cognito/latest/developerguide/managing-users-passwords.md b/cognito/latest/developerguide/managing-users-passwords.md index e92de75cf..b0baf75e6 100644 --- a//cognito/latest/developerguide/managing-users-passwords.md +++ b//cognito/latest/developerguide/managing-users-passwords.md @@ -151 +151 @@ To reset access for an expired user account, do one of the following: - * Delete the user profile and create a new one. + * Send a new temporary password and reset the expiration period with an [AdminCreateUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html) API request that has `MessageAction` set to `RESEND`. @@ -153 +153 @@ To reset access for an expired user account, do one of the following: - * Set a new permanent password in an [AdminSetUserPassword](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html) API request. + * Delete the user profile and create a new one.