Open Meags27 opened 10 months ago
Hi @Meags27 thank you for opening this issue. I've marked it as a feature request and will discuss with the team and follow up soon. Let me know if you have any other questions in the meantime.
Thanks Nade, I realized I can get this info if I call AdminGetUser from Cognito directly, which I may do in the meantime, but I feel others may want to be able to get all the info on the server that this call returns in Amplify instead such as "enabled, preferredmfasetting, usercreatedate, userlastmodifieddate, userstatus" etc.
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetUser.html
Is this related to a new or existing framework?
Next.js
Is this related to a new or existing API?
Authentication
Is this related to another service?
No response
Describe the feature you'd like to request
I need to check on a server component if a user has MFA preference turned on to enforce on login to set up their MFA. I can check await fetchMFAPreference() but it only works on the client, so easily bypassable.
As I can't use "required MFA" otherwise there's issues if a user loses their device (and I don't want to force a user to setup SMS)
fetchUserAttributes() just returns sub, custom attributes and email and getCurrentUser() just returns username and userid.
Edit: I also need this as if a user goes to the /setup page to setup their MFA and two-factor with a QR code, if they visit this page again, it allows them to setup MFA on another device and replace the old one. I want to prevent that from happening as otherwise a hacker could swap someone's MFA to theirs. So I need to check on the server if they've already setup MFA, and if so, prevent them from viewing this page.
Describe the solution you'd like
Perhaps getCurrentUser() on the server can return the MFA preference.
Describe alternatives you've considered
Running it on the client, but it's bypassable
Additional context
No response
Is this something that you'd be interested in working on?