search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.43k stars 2.12k forks source link

amplify v6 - expose user's username in setup TOTP step #13075

Open oliverjohns opened 7 months ago

oliverjohns commented 7 months ago

Is this related to a new or existing framework?

No response

Is this related to a new or existing API?

Authentication

Is this related to another service?

Cognito

Describe the feature you'd like to request

I want the user's username to be available in the v6 library in the setup TOTP step (after logging in, but before finishing the setup TOTP challenge). In v6, all relevant library functions result in a "you must be authenticated" error.

In v5 it works just fine by fetching the current user even though TOTP setup is not finished.

Describe the solution you'd like

Return the user's username in the totpSetupDetails object or expose it via some library function.

Describe alternatives you've considered

Right now I am doing this

const username = user.nextStep.totpSetupDetails.getSetupUri('test').pathname.split('test:')[1];

Which is an absolutely ridiculous way of getting this piece of information that obviously is available at this setup step.

Additional context

No response

Is this something that you'd be interested in working on?

cwomack commented 7 months ago

Hello, @oliverjohns and thank you for opening this issue. I've marked this as a feature request that has a version parity difference from v5 to v6 and will review this with our team. We'll follow up with any further comments or questions we have.

cshfang commented 7 months ago

Hi @oliverjohns can I please ask you to help me learn more about your flow at a high level? I am trying to understand where best to expose this username and also to clarify your need for it during sign in - would this be the same username as the one passed into the signIn API call?

oliverjohns commented 1 week ago

Hi @oliverjohns can I please ask you to help me learn more about your flow at a high level? I am trying to understand where best to expose this username and also to clarify your need for it during sign in - would this be the same username as the one passed into the signIn API call?

Yes correct.

We used it in order to fetch some user settings to be used in the MFA setup step.

However, we decided to replace cognito with passport since cognito is such a horrible service.

cwomack commented 1 week ago

@oliverjohns, we appreciate any and all feedback. I'll review this with our team internally again as we assess how to make the upgrade/migration experience from v5 to v6 more seamless.