Amplify-js: Resend MFA Code Hook
Is your feature request related to a problem? Please describe.
When authorizing a new device and, for whatever reason, the user wants to manually resend themselves a code:
1) user signs in
2) new device, user is sent SMS and needs to confirm challenge
3) for whatever reason, let鈥檚 say user didn鈥檛 receive initial SMS, they
want to be able to resend it to themselves
4) user uses second code and successfully completes MFA challenge,
effectively registering a new device
The old library had a hook for this, no idea why Amplify doesn't. This is not a duplicate of https://github.com/aws-amplify/amplify-js/issues/1614#issuecomment-428647588, it is different as discussed in last comment.
Describe the solution you'd like
The old library used to have code that we implemented pretty horribly, so would love this to have more attention. I'd like it if I could implement as such:
public resendMfaCode(
username: string
): Observable<boolean> {
return fromPromise(Auth.resendMfaCode(username))
.pipe(
map(
(result: any) => {
// expect result to be true if it was sent successfully
return result;
}),
catchError(
(error) => {
console.error(error);
return of(false);
}
)
);
}
Describe alternatives you've considered
There is none in amplify. It existed in amazon-cognito-identity-js, which it appears is all Amplify is just a layer over, so assume this would be an easy hook?
Additional context
N/A
mrowles
All 17 comments
@mrowles Hey can you provide the code snippet about how you are using the old library to achieve that? That would help us a lot to understand this request.
powerful23
on 1 Nov 2018
It wasn't a pretty implementation to be honest, my average code coupled with the problems that the last library had (example) came up with the following:
import {Observable} from 'rxjs';
import {CognitoUser, CognitoUserPool, ICognitoUserData} from 'amazon-cognito-identity-js';
class AuthService {
private cognitoUser: CognitoUser;
private userPool: CognitoUserPool;
resendCode(attribute: string, emailAddress?: string): Observable<any> {
return new Observable((observer) => {
// check if no active user session / MFA is still required on this device
if (this.cognitoUser === null) {
const userData: ICognitoUserData = {
Username: emailAddress,
Pool: this.userPool
};
this.cognitoUser = new CognitoUser(userData);
this.cognitoUser.resendConfirmationCode(
(resendConfirmationError: Error, result: "SUCCESS"): void => {
if (resendConfirmationError) {
observer.error(resendConfirmationError);
} else {
observer.next(result);
}
observer.complete();
});
} else {
this.cognitoUser.getSession(
(sessionError: Error): void => {
if (sessionError) {
observer.error(sessionError);
observer.complete();
} else {
this.cognitoUser.getAttributeVerificationCode(attribute,
{
onSuccess: (): void => {
observer.next();
observer.complete();
},
onFailure: (err: Error): void => {
observer.error(err);
observer.complete();
},
inputVerificationCode: () => {
// user to input on another screen
}
});
}
});
}
});
}
}
@powerful23 Any word on this? It's a pretty critical feature
mrowles
on 6 Nov 2018
@mrowles hey from your code I can tell you want to invode this method resendConfirmationCode to get the mfa code right? As I know this method is mainly used to resend the confirmation (for confirmation of registration) to a specific user in the user pool according to https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ResendConfirmationCode.html
In Amplify we have a wrapper method for that which is Auth.resendSignUp(username). Also we have Auth.verifyUserAttribute() to initiate the attributes confirmation request which is a wrapper for this.cognitoUser.getAttributeVerificationCode Can you try those methods?
powerful23
on 8 Nov 2018
@powerful23 Understand you're trying to help, but you kind of told me to open up a new request for this last week because it was different to the above suggestions: https://github.com/aws-amplify/amplify-js/issues/1614#issuecomment-428680927
verifyUserAttribute doesn't work as it requires a currentUser - meaning, without MFA you can't have a user session because you can't sign in.
/**
* Initiate an attribute confirmation request
* @param {Object} user - The CognitoUser
* @param {Object} attr - The attributes to be verified
* @return - A promise resolves to callback data if success
*/
verifyUserAttribute(user: CognitoUser | any, attr: string): Promise<void>;
@powerful23 Any updates?
mrowles
on 27 Nov 2018
@mrowles As a work around, you could call Auth.signIn again.
alecOAM
on 28 Mar 2019
@mrowles As a work around, you could call
Auth.signInagain.
which means you need to save the password incase user wants to resend confirm code?
LeoMoonStar
on 10 Apr 2019
@mrcoles Hi, really sorry about the late response. So from your description, what you want to do is to be able to resend the SMS code when signing in, not signing up, right? Because if you want to resend the confirmation code during registration, I am pretty sure you can do that by using Auth.resendUp(username).
powerful23
on 21 May 2019
For anyone who does use the 'use Auth.signIn() again' workaround to resend a code. You have to ensure that your subsequent call to Auth.confirmSignIn(user, code) passes in the user returned from the corresponding Auth.signIn() call.
MikeAlexMartinez
on 30 May 2019
Any updates on when we can expect this? This functionality is pretty crucial, and the 'use Auth.signIn()' again workaround would require temporarily storing or passing username and password info across different views, which isn't something we want to do.
There is a resendConfirmationCode hook, but that is only for confirming new users, not for MFA.
cezarcarvalhaes
on 19 Aug 2019
Hello @powerful23 ,
This issue is blocker for our project. Can you please confirm if there is any plan to add this feature in upcoming release?
Our workflow
1) MFA is set to required in cognito.( through SMS )
2) User enters Login username and password
3) user is redirected to Verify MFA code page
4) Now comes the edge case where user doesn't receives code on phone due to network issues
Hence we need to provide user with option to resend MFA code
kaushik-raina
on 16 Sep 2019
Having the same issue for MFA.
Resending OTP is possible for signup, forgot/reset password, verify email/phone number but currently NOT possible for MFA.
richmondu
on 25 Jun 2020
Any movement on this issue? I am on the same boat as @mrowles .
aoloo
on 28 Aug 2020
This is a problem for us too. Definitely do not like the idea of holding onto the password in order to trigger a secondary request for signing in. Which means, there's no sensible way to re-send the MFA code during a sign in operation. Other than asking the user to login again, which is a pretty horrible UX.
Seems a bit of a miss not to have an MFA resend option.
pinpointpanda
on 8 Sep 2020
@pinpointpanda I created another feature request issue https://github.com/aws-amplify/amplify-js/issues/6676 . If you can comment or get other developers needing this feature to comment on the feature request it can motivate the amplify team to get this done for us. Thanks!
aoloo
on 8 Sep 2020
@mrowles As a work around, you could call
Auth.signInagain.
this worked for me
saideep1011
on 3 Nov 2020
Related issues
shinnapatthesix
路
3Comments
ddemoll
路
3Comments
josoroma
路
3Comments
epicfaace
路
3Comments
karlmosenbacher
路
3Comments
Most helpful comment
Hello @powerful23 ,
This issue is blocker for our project. Can you please confirm if there is any plan to add this feature in upcoming release?
Our workflow
1) MFA is set to required in cognito.( through SMS )
2) User enters Login username and password
3) user is redirected to Verify MFA code page
4) Now comes the edge case where user doesn't receives code on phone due to network issues
Hence we need to provide user with option to resend MFA code