Amplify-js: Is it possible to let user select mfa preference in login when both TOTP and SMS are enabled ? I did not see setUserMfaPreference in amplify Auth class. Is there any way to enable both totp and sms but not give preference to any (let user select it in login) ?
* Which Category is your question related to? *
Auth
* What AWS Services are you utilizing? *
Cognito
* Provide additional details e.g. code snippets *
aws-amplify version: ^1.1.38
Edit:
I am not using withAuthenticator HOC or Authenticator components. Just using Auth class and implementing protected routes manually by checking for user object.
akromswn
All 6 comments
Hey @akromswn,
This is possible using the utility component: SelectMfaType.
Under the hood this uses: Auth.setPreferredMFA, if you would like to continue just using the Auth class with custom UI
jordanranz
on 27 Dec 2019
@jordanranz Thanks for the response. But it seems you did not understand my question. I am already using Auth.setPreferredMFA to set preferred mfa method but it only has three options ( "TOTP" | "SMS" | "NOMFA" ). But what I want is that I want to enable both TOTP and SMS but I do not want to set preference so that user can select it while he is logging in.
akromswn
on 29 Dec 2019
It is how binance.com does mfa for example (although I don't think they Cognito ).
akromswn
on 29 Dec 2019
Ok, apologies for misunderstanding. To clarify, you would like a single user to have the option to perform MFA with the option of both TOTP and SMS?
jordanranz
on 30 Dec 2019
@jordanranz yes that's right, at the moment I can set preference to TOTP or SMS while user is logged and they will be verified depending on that preference next time. So Even if they have set up both methods of mfa, they can only login using preferred method.
But I would like the user to be able to login using any of both methods if he has set up both MFA methods.
I was told that it is possible to do that using cognitoUser.setUserMfaPreference by enabling both methods but setting preference to false.
Sample code in amazon-cognito-identity-js
const smsMfaSettings = {
PreferredMfa: false,
Enabled: true,
};
const totpMfaSettings = {
PreferredMfa: false,
Enabled: true,
};
cognitoUser.setUserMfaPreference(smsMfaSettings, totpMfaSettings, function(err, result) {
if (err) {
alert(err.message || JSON.stringify(err));
}
console.log('call result ' + result);
});
I think amplify uses amazon-cognito-identity-js at its core so I was wondering if it is possible to do something similar.
akromswn
on 31 Dec 2019
This specific use case would probably need a code change in Amplify. Here is the code in question:
https://github.com/aws-amplify/amplify-js/blob/510f86ef39bae3fba9a17deb630237a64c9dc7dc/packages/auth/src/Auth.ts#L694-L784
It seems to only allow a single MFA type to be passed into the function. Maybe we can override the function to allow for multiple MFA types to be set.
I'll mark this as a feature request.
jordanranz
on 31 Dec 2019
Related issues
simon998yang
路
3Comments
josoroma
路
3Comments
rygo6
路
3Comments
TheRealRed7
路
3Comments
oste
路
3Comments
Most helpful comment
This specific use case would probably need a code change in Amplify. Here is the code in question:
https://github.com/aws-amplify/amplify-js/blob/510f86ef39bae3fba9a17deb630237a64c9dc7dc/packages/auth/src/Auth.ts#L694-L784
It seems to only allow a single MFA type to be passed into the function. Maybe we can override the function to allow for multiple MFA types to be set.
I'll mark this as a feature request.