Closed falloutcoder closed 3 years ago
Hi @yuntuowang any updates on this?
@falloutcoder,
Have you received any more related information from the Cognito service support center?
@falloutcoder +1. Did you manage to find a workaround for this? @jordanranz We got the same issue. Support asked me to submit a ticket here and I found this thread. case no: 5602646571.
It's been a year now, hasn't cognito found a fix for this???
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
For people reaching here, the workaround is to call remembering the current device before calling the setting up mfa api.
Same problem here. The workaround is appreciated but is not always an option. In our case, we allow the user to choose whether they would like the device to be remembered or not before or after they enable SMS MFA.
@falloutcoder @ruiyang @cshouts-tasc
I have just tried the latest version of amazon-cognito-identity-js
and it works for me on the browser.
I have this configuration on my user pool
In summary I have MFA: Optional, Device remember: Opt in User remember device to supress MFA: ON
Following is the full description of my User Pool
{
"UserPool": {
"Id": "us-west-2_xxxxxxx",
"Name": "xxxxxxxx-devm",
"Policies": {
"PasswordPolicy": {
"MinimumLength": 8,
"RequireUppercase": false,
"RequireLowercase": false,
"RequireNumbers": false,
"RequireSymbols": false,
"TemporaryPasswordValidityDays": 7
}
},
"LambdaConfig": {},
"LastModifiedDate": "2020-05-07T19:34:53.764000-07:00",
"CreationDate": "2020-05-07T11:20:14.286000-07:00",
"SchemaAttributes": [
{
"Name": "sub",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": false,
"Required": true,
"StringAttributeConstraints": {
"MinLength": "1",
"MaxLength": "2048"
}
},
{
"Name": "name",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "given_name",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "family_name",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "middle_name",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "nickname",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "preferred_username",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "profile",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "picture",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "website",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "email",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": true,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "email_verified",
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false
},
{
"Name": "gender",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "birthdate",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "10",
"MaxLength": "10"
}
},
{
"Name": "zoneinfo",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "locale",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "phone_number",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "phone_number_verified",
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false
},
{
"Name": "address",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "updated_at",
"AttributeDataType": "Number",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"NumberAttributeConstraints": {
"MinValue": "0"
}
}
],
"AutoVerifiedAttributes": [
"email"
],
"SmsVerificationMessage": "Your verification code is {####}",
"EmailVerificationMessage": "Your verification code is {####}",
"EmailVerificationSubject": "Your verification code",
"VerificationMessageTemplate": {
"SmsMessage": "Your verification code is {####}",
"EmailMessage": "Your verification code is {####}",
"EmailSubject": "Your verification code",
"DefaultEmailOption": "CONFIRM_WITH_CODE"
},
"MfaConfiguration": "OPTIONAL",
"DeviceConfiguration": {
"ChallengeRequiredOnNewDevice": true,
"DeviceOnlyRememberedOnUserPrompt": true
},
"EstimatedNumberOfUsers": 1,
"EmailConfiguration": {
"EmailSendingAccount": "COGNITO_DEFAULT"
},
"SmsConfiguration": {
"SnsCallerArn": "arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx-devm",
"ExternalId": "xxxxxxxxx_role_external_id"
},
"UserPoolTags": {},
"AdminCreateUserConfig": {
"AllowAdminCreateUserOnly": false,
"UnusedAccountValidityDays": 7
},
"Arn": "arn:aws:cognito-idp:us-west-2:xxxxxxxxx:userpool/us-west-2_xxxxxxx",
"AccountRecoverySetting": {}
}
}
On my App I did this with the CognitoUser
First
authenticateUser
completeNewPasswordChallenge
(I created the user manually on the console)Second
authenticateUser
setUserMfaPreference
-> to enable MFAThird
authenticateUser
sendMFACode
setDeviceStatusRemembered
Fourth
authenticateUser
-> Immediately signed without requiring MFAI tried disabling setDeviceStatusNotRemember
and that also worked as expected.
@elorzafe Thanks for the update. Will try it out on the latest version of amazon-cognito-identity-js
once https://github.com/aws-amplify/amplify-js/issues/4515 is resolved. We're stuck on Amplify v2.2.7 for now because we need to support IE11.
This doesn't seem to have been successfully reproduced. If anyone encounters this issue with the latest version, please open a new issue and it will be a priority. Thank you.
This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.
Looking for a help forum? We recommend joining the Amplify Community Discord server *-help
channels or Discussions for those types of questions.
Do you want to request a feature or report a bug? Bug
Note: This issue has already been reported to Cognito Development team via support centre and it was suggested to create an issue on Github repo for SDK as well for monitoring.
What is the current behavior?
This issue occurs with the device that user uses to change the password at the first sign-in only. Marking that device as remembered (while MFA is enabled for that user) does not suppress the MFA challenge on next logins. User has to complete MFA challenge one more time while device is marked as remembered in order for it suppress MFA challenges on future logins. User pool settings are below:
This issue does not occur on any subsequent devices tracked by Congito. As mentioned above this is only for device used for password reset required scenario. Below is the screencast of this issue reproduction
Steps performed in screencast: 1) New user logs in (new user is required to change password) 2) User fills his info for password change (User is prompted for name only. Rest of the info is preconfigured programmatically) 3) User logs out -> logs in again and enables MFA for his verified phone number 4) User logs out and on next login is prompted for MFA code to login as expected 5) User logs out and on next login ticks the checkbox to set the device as remembered 6) User is prompted for MFA challenge upon which user's device is marked as remembered (From AWS console it can be verified that there is only one device being tracked on which user initial sign-in password change was done and that is marked as
remembered
as well) 7) Log out and login again 8) User is prompted for MFA challenge Again!! Even though his device is marked as remembered and as per user pool configuration, user should not be asked for MFA challenge on remembered deviceWhat is the expected behavior? Once device is marked as remembered, then it should not ask for MFA challenge on that device again.
Which versions of Amplify, and which browser / OS are affected by this issue? Did this work in previous versions?
amazon-cognito-identity-js 2.0.3