In this recipe, we first created an app client with the authentication flow as USER_PASSWORD_AUTH using the create-user-pool-client sub-command. Next, we created the user using administrator credentials with the admin-create-user sub-command. You may use a user created through self-signup as well. 

After that, we initiated the authentication flow using the initiate-auth sub-command. As we saw, the forced change in the password is required when users are created using admin APIs. Therefore, we changed the password using the respond-to-auth-challenge sub-command. We also signed in using the new username and password.