/AWS1/IF_CGP=>ADMINSETUSERPASSWORD()¶
About AdminSetUserPassword¶
Sets the specified user's password in a user pool. This operation administratively
sets a temporary or permanent password for a user. With this operation, you can bypass
self-service password changes and permit immediate sign-in with the password that you
set. To do this, set Permanent to true.
You can also set a new temporary password in this request, send it to a user, and
require them to choose a new password on their next sign-in. To do this, set
Permanent to false.
If the password is temporary, the user's Status becomes
FORCE_CHANGE_PASSWORD. When the user next tries to sign in, the
InitiateAuth or AdminInitiateAuth response includes the
NEW_PASSWORD_REQUIRED challenge. If the user doesn't sign in
before the temporary password expires, they can no longer sign in and you must repeat
this operation to set a temporary or permanent password for them.
After the user sets a new password, or if you set a permanent password, their status
becomes Confirmed.
AdminSetUserPassword can set a password for the user profile that Amazon Cognito
creates for third-party federated users. When you set a password, the federated user's
status changes from EXTERNAL_PROVIDER to CONFIRMED. A user in
this state can sign in as a federated user, and initiate authentication flows in the API
like a linked native user. They can also modify their password and attributes in
token-authenticated API requests like ChangePassword and
UpdateUserAttributes. As a best security practice and to keep users in
sync with your external IdP, don't set passwords on federated user profiles. To set up a
federated user for native sign-in with a linked native user, refer to Linking federated users to an existing user
profile.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Method Signature¶
IMPORTING¶
Required arguments:¶
iv_userpoolid TYPE /AWS1/CGPUSERPOOLIDTYPE /AWS1/CGPUSERPOOLIDTYPE¶
The ID of the user pool where you want to set the user's password.
iv_username TYPE /AWS1/CGPUSERNAMETYPE /AWS1/CGPUSERNAMETYPE¶
The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If
usernameisn't an alias attribute in your user pool, this value must be thesubof a local user or the username of a user from a third-party IdP.
iv_password TYPE /AWS1/CGPPASSWORDTYPE /AWS1/CGPPASSWORDTYPE¶
The new temporary or permanent password that you want to set for the user. You can't remove the password for a user who already has a password so that they can only sign in with passwordless methods. In this scenario, you must create a new user without a password.
Optional arguments:¶
iv_permanent TYPE /AWS1/CGPBOOLEANTYPE /AWS1/CGPBOOLEANTYPE¶
Set to
trueto set a password that the user can immediately sign in with. Set tofalseto set a temporary password that the user must change on their next sign-in.
RETURNING¶
oo_output TYPE REF TO /aws1/cl_cgpadminsetuserpass01 /AWS1/CL_CGPADMINSETUSERPASS01¶
Domain /AWS1/RT_ACCOUNT_ID Primitive Type NUMC
Examples¶
Syntax Example¶
This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.
DATA(lo_result) = lo_client->/aws1/if_cgp~adminsetuserpassword(
iv_password = |string|
iv_permanent = ABAP_TRUE
iv_username = |string|
iv_userpoolid = |string|
).
This is an example of reading all possible response values
lo_result = lo_result.
IF lo_result IS NOT INITIAL.
ENDIF.