/AWS1/IF_CGP=>ADMINSETUSERPASSWORD()

About AdminSetUserPassword

Sets the specified user's password in a user pool. This operation administratively sets a temporary or permanent password for a user. With this operation, you can bypass self-service password changes and permit immediate sign-in with the password that you set. To do this, set Permanent to true.

You can also set a new temporary password in this request, send it to a user, and require them to choose a new password on their next sign-in. To do this, set Permanent to false.

If the password is temporary, the user's Status becomes FORCE_CHANGE_PASSWORD. When the user next tries to sign in, the InitiateAuth or AdminInitiateAuth response includes the NEW_PASSWORD_REQUIRED challenge. If the user doesn't sign in before the temporary password expires, they can no longer sign in and you must repeat this operation to set a temporary or permanent password for them.

After the user sets a new password, or if you set a permanent password, their status becomes Confirmed.

AdminSetUserPassword can set a password for the user profile that Amazon Cognito creates for third-party federated users. When you set a password, the federated user's status changes from EXTERNAL_PROVIDER to CONFIRMED. A user in this state can sign in as a federated user, and initiate authentication flows in the API like a linked native user. They can also modify their password and attributes in token-authenticated API requests like ChangePassword and UpdateUserAttributes. As a best security practice and to keep users in sync with your external IdP, don't set passwords on federated user profiles. To set up a federated user for native sign-in with a linked native user, refer to Linking federated users to an existing user profile.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Method Signature

METHODS /AWS1/IF_CGP~ADMINSETUSERPASSWORD
  IMPORTING
    !IV_USERPOOLID TYPE /AWS1/CGPUSERPOOLIDTYPE OPTIONAL
    !IV_USERNAME TYPE /AWS1/CGPUSERNAMETYPE OPTIONAL
    !IV_PASSWORD TYPE /AWS1/CGPPASSWORDTYPE OPTIONAL
    !IV_PERMANENT TYPE /AWS1/CGPBOOLEANTYPE OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_cgpadminsetuserpass01
  RAISING
    /AWS1/CX_CGPINTERNALERROREX
    /AWS1/CX_CGPINVALIDPARAMETEREX
    /AWS1/CX_CGPINVALIDPASSWORDEX
    /AWS1/CX_CGPNOTAUTHORIZEDEX
    /AWS1/CX_CGPPASSWORDHISTORYP00
    /AWS1/CX_CGPRESOURCENOTFOUNDEX
    /AWS1/CX_CGPTOOMANYREQUESTSEX
    /AWS1/CX_CGPUSERNOTFOUNDEX
    /AWS1/CX_CGPCLIENTEXC
    /AWS1/CX_CGPSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_userpoolid TYPE /AWS1/CGPUSERPOOLIDTYPE /AWS1/CGPUSERPOOLIDTYPE

The ID of the user pool where you want to set the user's password.

iv_username TYPE /AWS1/CGPUSERNAMETYPE /AWS1/CGPUSERNAMETYPE

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

iv_password TYPE /AWS1/CGPPASSWORDTYPE /AWS1/CGPPASSWORDTYPE

The new temporary or permanent password that you want to set for the user. You can't remove the password for a user who already has a password so that they can only sign in with passwordless methods. In this scenario, you must create a new user without a password.

Optional arguments:

iv_permanent TYPE /AWS1/CGPBOOLEANTYPE /AWS1/CGPBOOLEANTYPE

Set to true to set a password that the user can immediately sign in with. Set to false to set a temporary password that the user must change on their next sign-in.

RETURNING

oo_output TYPE REF TO /aws1/cl_cgpadminsetuserpass01 /AWS1/CL_CGPADMINSETUSERPASS01

Domain	/AWS1/RT_ACCOUNT_ID
Primitive Type	NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->adminsetuserpassword(
  iv_password = |string|
  iv_permanent = ABAP_TRUE
  iv_username = |string|
  iv_userpoolid = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
ENDIF.