Auth v6 - How to respond to challenge_answer after redirecting back from Duo Security's URL?

[hanoj-budime]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

CUSTOM_WITH_SRP

Environment information

``` # Put output below this line System: OS: Windows 10 10.0.19045 CPU: (12) x64 AMD Ryzen 5 PRO 4650U with Radeon Graphics Memory: 3.37 GB / 15.23 GB Binaries: Node: 18.19.0 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.21 - ~\AppData\Roaming\npm\yarn.CMD npm: 9.6.3 - C:\Program Files\nodejs\npm.CMD Browsers: Edge: Chromium (123.0.2420.97) Internet Explorer: 11.0.19041.3636 npmPackages: @vitejs/plugin-react: ^4.2.0 => 4.2.1 aws-amplify: ^6.0.30 => 6.0.30 aws-amplify/adapter-core: undefined () aws-amplify/analytics: undefined () aws-amplify/analytics/kinesis: undefined () aws-amplify/analytics/kinesis-firehose: undefined () aws-amplify/analytics/personalize: undefined () aws-amplify/analytics/pinpoint: undefined () aws-amplify/api: undefined () aws-amplify/api/server: undefined () aws-amplify/auth: undefined () aws-amplify/auth/cognito: undefined () aws-amplify/auth/cognito/server: undefined () aws-amplify/auth/enable-oauth-listener: undefined () aws-amplify/auth/server: undefined () aws-amplify/data: undefined () aws-amplify/data/server: undefined () aws-amplify/datastore: undefined () aws-amplify/in-app-messaging: undefined () aws-amplify/in-app-messaging/pinpoint: undefined () aws-amplify/push-notifications: undefined () aws-amplify/push-notifications/pinpoint: undefined () aws-amplify/storage: undefined () aws-amplify/storage/s3: undefined () aws-amplify/storage/s3/server: undefined () aws-amplify/storage/server: undefined () aws-amplify/utils: undefined () react: ^18.x => 18.2.0 react-dom: ^18.x => 18.2.0 react-icons: ^4.11.0 => 4.12.0 react-router-dom: ^5.2.0 => 5.3.4 start-server-and-test: ^2.0.3 => 2.0.3 styled-components: ^5.0.1 => 5.3.11 styled-components/macro: undefined () styled-components/native: undefined () styled-components/primitives: undefined () vite: ^5.0.0 => 5.1.4 vite-plugin-node-polyfills: 0.17.0 => 0.17.0 npmGlobalPackages: @aws-amplify/cli: 10.4.1 npm: 9.6.3 nx: 16.7.4 ```

Describe the bug

How to configure Duo multi-factor authentication with Amplify ?

I found this article that explains how to set up and integrate Duo Security with Cognito. It's working fine based on the example they showcase here.. https://aws.amazon.com/blogs/security/how-to-configure-duo-multi-factor-authentication-with-amazon-cognito/

Now, the problem here is that they are referring to the legacy package 'amazon-cognito-identity.js', but we want to use Amplify.

Authentication flow

From the image above, the authentication flow from point 4 to 6: how do we manage the user session and respond with the challenge_answer to authenticate the user?

As it redirects to the 'Duo Authenticator' based on user MFA validation callbacks to the original application URL, does Amplify support managing the user sessions and update previous session user to answer challenge ?

Expected behavior

Reproduction steps

https://github.com/aws-samples/duomfa-with-amazon-cognito Example code, But we have to migrate Amplify v6..

[israx]

hello @hanoj-budime . Ideally you would need to call the confirmSignIn API on the step 6 from the sequence diagram above. Unfortunately at that point the current sign-in session might be lost due to the redirection from the DUO App to the client.

The good news is that we are currently working on a mechanism to persist the login session. This will allow you to resume the authentication flow.

[hanoj-budime]

Thanks, @israx , for the quick response. We're interested in the new feature "persist the login session," and I'm glad to hear that you guys are already working on it. Let's keep this issue open. We'll test your feature and let you know if we encounter any issues.

If possible, could you share your roadmap for this feature and when it will be generally available (GA)?

[cwomack]

@hanoj-budime, we don't have a roadmap or ETA for this feature that can be shared with this at this time. However, I'll bring this and potentially related issues within the repo to the team and provide any updates (or further questions for you) as we have them!

[hanoj-budime]

keep it, open.