Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add GetUserData to obtain PreferredMfaSetting #1204

Closed
MiroslavPetrik opened this issue Jul 11, 2018 · 3 comments · Fixed by #1254
Closed

Add GetUserData to obtain PreferredMfaSetting #1204

MiroslavPetrik opened this issue Jul 11, 2018 · 3 comments · Fixed by #1254
Labels
Auth Related to Auth components/category feature-request Request a new feature

Comments

@MiroslavPetrik
Copy link

Do you want to request a feature or report a bug?
feature
What is the current behavior?
When MFA is enabled with TOTP, the getMFAOptions returns undefined.
#360

However I need to know whether the MFA is enabled... I am able to get PreferredMfaSetting: "SOFTWARE_TOKEN_MFA" from a call to cognitoUser.getUserData
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html

or use case 31 in
https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js

but there is no respective method in amplify so would be nice to have it, or enhance the getMFAOptions.

What is the expected behavior?
getMFAOptions returns info about TOTP.
@powerful23 powerful23 self-assigned this Jul 11, 2018
@powerful23 powerful23 added Auth Related to Auth components/category feature-request Request a new feature labels Jul 11, 2018
@CHR15-
Copy link

CHR15- commented Jul 18, 2018
edited
Loading

@powerful23 || @hyandell

I'm really confused at how this is supposed to work... We've got 2 flows:

PATH 1: Auth.setPreferredMFA(user, SMS)
PATH 2: Auth.setPreferredMFA(user, TOTP);

when we run Auth.currentAuthenticatedUser() after these flows to get the mfa preference.. we get the following response:

PATH 1

{  
   "MFAOptions":[  
      {  
         "AttributeName":"phone_number",
         "DeliveryMedium":"SMS"
      }
   ],
   "UserAttributes":[  
      {  
         "Name":"sub",
         "Value":"uuid"
      },
      {  
         "Name":"email_verified",
         "Value":"true"
      },
      {  
         "Name":"name",
         "Value":"chris"
      },
      {  
         "Name":"phone_number_verified",
         "Value":"false"
      },
      {  
         "Name":"phone_number",
         "Value":"XXX"
      },
      {  
         "Name":"custom:signupdomain",
         "Value":"http://localhost:9001"
      },
      {  
         "Name":"email",
         "Value":"chris@example.com"
      }
   ],
   "Username":"UUID"
}

PATH 2:

{
   "PreferredMfaSetting":"SOFTWARE_TOKEN_MFA",
   "UserAttributes":[
      {
         "Name":"sub",
         "Value":"uuid"
      },
      {
         "Name":"email_verified",
         "Value":"true"
      },
      {
         "Name":"name",
         "Value":"chris"
      },
      {
         "Name":"custom:signupdomain",
         "Value":"http://localhost:9001"
      },
      {
         "Name":"email",
         "Value":"chris@example.com"
      }
   ],
   "UserMFASettingList":[
      "SOFTWARE_TOKEN_MFA"
   ],
   "Username":"uuid"
}

Surely both should follow the same response format? they are currently completely different.

What adds even more complexity to this is if I now set SMS after I've enabled TOTP, I get the following response:

{  
   "PreferredMfaSetting":"SMS_MFA",
   "UserAttributes":[  
      {  
         "Name":"sub",
         "Value":"uuid"
      },
      {  
         "Name":"email_verified",
         "Value":"true"
      },
      {  
         "Name":"name",
         "Value":"chris"
      },
      {  
         "Name":"phone_number_verified",
         "Value":"false"
      },
      {  
         "Name":"phone_number",
         "Value":"xxx"
      },
      {  
         "Name":"custom:signupdomain",
         "Value":"http://localhost:9001"
      },
      {  
         "Name":"email",
         "Value":"chris@example.com"
      }
   ],
   "UserMFASettingList":[  
      "SMS_MFA"
   ],
   "Username":"uuid"
}

So now we have 1 flow for SMS, 1 flow for TOTP... 2 completely different responses.. If I overwrite the TOTP path with SMS.. I get the correct response back for both flows.. but not the initial SMS setup (PATH1)..

Auth.getMFAOptions also seems to be broken for TOTP options returning too as mentioned above, so currently there isn't a standardised way of retrieving the MFA selection for a given authed user, right? I wouldn't say it's feature request, more of a bug.

#1259 raised here

@CHR15- CHR15- mentioned this issue Jul 18, 2018
Closed
@powerful23
Copy link
Contributor

@MiroslavPetrik I agree. I created a new api for developers to get the current preferred mfa type: #1254

@powerful23 powerful23 mentioned this issue Jul 18, 2018
Merged
This was referenced Apr 27, 2021
Merged
Merged
@github-actions
Copy link

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 13, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Auth Related to Auth components/category feature-request Request a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix for 1165 powerful23/aws-amplify
3 participants
@CHR15- @powerful23 @MiroslavPetrik