Change temporary password - chicken and egg???

OK, this is a really stupid and basic question…

1. Create a new user in a user pool.
2. User tried to authenticate using temporary password.
3. Exception is raised about force password change
4. Try to change password - Can’t without access token

Can’t get an access token without authenticating. Can’t get access token without changing password.

How do we get around this?

I see a number of posts here 25, 13, 14 and 29 but is is still not making sense to my noobie brain.

import boto3
from warrant import Cognito

identity_pool_id = 'us-east-1_XXXXXXXXXX'
app_client_id = 'XXXXXXXXXXXXXXXXXXXXXXX'
username = 'erics'
password = 'XXXXXXXX'
new_password = 'newXXXXXXXX'

cog = Cognito(identity_pool_id, app_client_id, username)

try:
    cog.authenticate(password=password)
except:
    cog.change_password(password, new_password)

Traceback (most recent call last): File "C:\Users\Eric\Documents\cognito.py", line 15, in <module> cog.change_password(password, new_password) File "C:\Users\Eric\AppData\Local\Programs\Python\Python36\lib\site-packages\warrant\__init__.py", line 613, in change_password self.check_token() File "C:\Users\Eric\AppData\Local\Programs\Python\Python36\lib\site-packages\warrant\__init__.py", line 253, in check_token raise AttributeError('Access Token Required to Check Token') AttributeError: Access Token Required to Check Token