amazon-web-services amazon-cognito aws-amplify

How to use AWS amplify securely

I'm experimenting with AWS amplify. In particular, looking to provide a means for a user to change their cognito password. I don't understand how that is done in a secure fashion given the client id is exposed.

What am I missing?

Here are the docs for what I'm using....

https://github.com/aws-amplify/amplify-js/tree/main/packages/amazon-cognito-identity-js

Solution

Amplify uses amazon-cognito-identity-js under the hood. So use Auth module from Amplify(aws-amplify).

import { Auth } from 'aws-amplify'

then you can let users change their password since they're already signed in and all necessary information is already in there(browser).

const currentUser = await Auth.currentAuthenticatedUser();

const currentPassword = "";
const newPassword = "";

await Auth.changePassword(
  currentUser,
  currentPassword,
  newPassword
);

AWS Elastic Beanstalk and Secret Manager
Unable to upload data using sagemaker_session.upload_data in s3 bucket that I created, it is getting stored in default s3 bucket
Parse Aws IoT message in python
How to temporarily switch profiles for AWS CLI?
Python Sqlalchemy insert data into AWS Redshift
Using AWS Bedrock Prompt Management with InvokeCommand
How to skip IAM change confirmation during a cdk deploy?
Restarting AWS lambda function to clear cache
How to send data to API Post to be used by Lambda Function
Why is postman showing error message but react app not showing it?
Terraform shows `InvalidGroup.NotFound` while creating an EC2 instance
How to delete keys matching pattern in AWS Elasticache Valkey
I can't delete my VPC
SemaphoreCI OIDC AWS connection
Proper way of passing in variables to CloudFormation
Missing Build settings in AWS Amplify Hosting for Flutter Web Apps deployment
How can I quickly and effectively debug CloudFormation templates?
Use AWS CLI to import existing resources into CloudFormation
How to delete a Module from the AWS CloudFormation Registry?
How to get public URL after uploading image to S3?
Why does S3 file upload not trigger event to SNS topic?
AWS step functions and optional parameters
Downloading an entire S3 bucket?
DynamoDB vs Redis for persistent storage?
Route53 and Cloudfront The request could not be satisfied?
Lambda unable to delete object from s3 in another account
Use Cloudshell to get instances in specific AZ
EC2 Userdata script : nvm cannot find .bashrc
Cannot RDP to Amazon EC2 instance(windows server)
Reducing memory consumption of mysql on ubuntu@aws micro instance