Infrastructure changes for MFA support

Eximchain / terraform-aws-dappbot

Terraform infrastructure to run ABI Clerk

Other

0 stars 1 forks source link

Infrastructure changes for MFA support #18

Closed Lsquared13 closed 4 years ago

Lsquared13 commented 5 years ago

We should be able to support MFA for users logging into Cognito

john-osullivan commented 5 years ago

This issue probably ought to be on dappbot-api-lambda, but that aside, the new /auth endpoint actually implements most of the server-side handling for this. It's hardcoded to SMS_MFA, so I don't know if it would correctly handle other user preferences, but we implement the methods for setting up & validating MFA with Cognito. Next step would be to implement the client-side logic on dappbot-management-spa, see if it all behaves together.

Lsquared13 commented 4 years ago

We need to spec this out a bit. Ideally we aren't limited to SMS MFA

Lsquared13 commented 4 years ago

Here's instructions for doing this with Google Authenticator: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html

Lsquared13 commented 4 years ago

Software Token: https://docs.amazonaws.cn/en_us/cognito/latest/developerguide/user-pool-settings-mfa-totp.html

SMS: https://docs.amazonaws.cn/en_us/cognito/latest/developerguide/user-pool-settings-mfa-sms-text-message.html