Closed jamie-digital closed 6 years ago
In case the MFA is optional, you need to also use setUserMfaPreference to set TOTP as enabled after verifying (it can be done with or without user input). This is use case 29 in the README.
Closing this, feel free to reopen if necessary.
Sorry, I meant to mention in my original message that I was calling setUserMfaPreference
to enable and "prefer" TOTP after calling verifySoftwareToken
. Without this, the totpRequired
callback isn't called during signin. I don't think I can reopen the issue; sorry.
@itrestian is it possible to reopen this? Thanks.
Yes, sorry about that, I was pretty sure the missing step you had in your original description caused this. One question, are you using aliases?
No, the User Pool uses the email address as the user ID, so you sign in with email and the account gets an auto-generated UUID.
@itrestian I don't suppose there's any progress on this? I want to be able to turn on MFA but can't yet. Thanks
We root caused the issue and are in the process of fixing it. Will update once the fix is deployed.
Fantastic, thanks for all your work :)
This is fixed.
This repo is archived but feel free to open an issue on the aws-amplify repo if it still an issue.
I'm trying to sign in as a user with TOTP-based MFA enabled, in a UserPool with MFA optional and TOTP only.
cognitoUser.associateSoftwareToken
to produce a new secret code, which the user adds to their TOTP device.cognitoUser.verifySoftwareToken
, which successfully adds the new device.totpRequired
callback is called to indicate that an MFA code is required. This also includes aSession
parameter, which I store.cognitoUser.sendMFACode(code, callbacks, "SOFTWARE_TOKEN_MFA")
, with theSession
set oncognitoUser
.RespondToAuthChallenge
API with the relevant parameters, but the server is responding withSoftwareTokenMFANotFoundException: Software Token MFA does not exist for the user.
. The documentation indicates that this exception means that TOTP-based MFA is not enabled for the user pool, but the message suggests it's a problem with this specific user.I'm happy to provide any more info that would be helpful. Thanks for your help.