Open vasylk opened 7 years ago
itrestian
commented
7 years ago At this point, I think you can implement as the first step in the DefineAuthChallenge, basically form it as a question to the user to which he can give any of the answers you mentioned. You can pass different challenge types in the challenge metadata.
vasylk
commented
7 years ago Ionut, thanks for answer.
I tried the approach you suggested but it does not seem working or I might misunderstand something.
If I understand correctly the authentication flow is defined in DefineAuthChallenge Trigger. In my case the flow is:
In the CreateAuthChallengeTrigger for MFA_METHOD_QUESTION I can set challenge type in challengeMetadata. But at this stage I don't know the user answer yet.
User answer for CUSTOM_CHALLENGE/MFA_METHOD_QUESTION becomes available only in VerifyAuthChallenge Trigger but the only response I can provide is AnwerCorrect (true/false). It does not look like it is possible to modify challengeMetadata with the user answer value in the VerifyAuthChallengeTrigger.
So in DefineAuthChallenge - Step 4 I cannot decide the next challenge since I cannot lookup what was the user answer in the previous step 3.
Do you see any mistake here?
itrestian
commented
7 years ago No, it seems correct to me and I will discuss within the team. I guess at this point the implication is that since the output is binary you can only make a choice between 2 MFA methods or break the selection in multiple steps.
Hi,
we need to implement several MFA methods, so the user can choose a convenient one on the login page, e.g. SMS pincode, E-mail pincode, other custom codes.
I am wondering how can I pass a "user-selected" MFA method parameter to the DefineAuthChallenge in order to construct the required authentication flow?
Thanks
Vasyl