Hi @davidgatti, thanks for raising the issue, and apologies for the time you (and others) have had to spend on this.

I am not sure from your post whether you are using the amazon-cognito-identity-js SDK by itself or with the Amplify JS framework. If you are using the Amplify JS framework and your users have the option of choosing their MFA type (which I believe is your case if I’m reading your issue correctly), you can try using Auth.getPreferredMFA to see if the user has already setup their MFA preference.

If you are using amazon-cognito-identity-js only, then yes - the PR you cited seems to be required. We have tested the PR and will be discussing it internally before merging.

Please let us know if you require anything further. We will update this issue once the PR you’ve cited has been merged.

@haverchuck I updated the original message, to make it more clear.

@davidgatti - Thank you. We made some headway on this problem today and will continue to update this issue.

Run your code at least once before committing the code to the public.

Indeed. So many glaring bugs in... everything.

@davidgatti Quick update - we are continuing to investigate the cause of this issue.

@davidgatti - Cognito should only return a value for MFAOptions if SMS MFA is enabled (it should include the code delivery details - essentially the phone number for the user). The UserMFASettingList value should have more comprehensive details about MFA Settings. We will be communicating with the author of the PR you cited to discuss some changes.

@haverchuck what you say dose not match your documentation for .getMFAOptions(). Regarding .UserMFASettingList() I'm unable to find any reference in the documentation https://github.com/aws-amplify/amplify-js/tree/master/packages/amazon-cognito-identity-js. Could you provide a link where this function is mentioned and explained?

David, we have identified an issue in Amazon Cognito where the Admin/GetUser service response doesn’t correctly populate MFAOptions when on a pool with MFA required and the end user uses SMS MFA. We are actively working on the fix and will circle back when the service update is completed.

We understand the frustration caused by the longer time it took to respond, and we are happy to hear any feedback you may have on how we can improve. You can reach me, directly, at rachitd_AT_amazon.com.

Rachit,
Development Manager, Amazon Cognito

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

LOL :D new technique to pretend Issues are being solved? Love It! :D

We have updated the MFAOptions in the response of GetUser and AdminGetUser actions. MFA options now returns the user's SMS MFA configuration irrespective of the MFA setting for the user pool. Please note that MFAOptions only provides information about SMS MFA. It does not return TOTP software token MFA. To look up information about either type of MFA configuration, please use the AdminGetUser:UserMFASettingList or GetUser:UserMFASettingList responses. We have updated the documentation to clarify this.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.