amazon-cognito-identity-js icon indicating copy to clipboard operation
amazon-cognito-identity-js copied to clipboard

Published 20 hours ago verified publisher icon amazon-archives

Need clarification on entire TOTP setup process

Open ffxsam opened this issue 6 years ago • 2 comments

I'm having trouble figuring out how to set up TOTP from start to finish:

  1. User enables MFA.
  2. User gets presented with a TOTP code (which I assume I can run through a QR code library to generate a QR).
  3. User syncs code with their choice of MFA software (Authy, 1Password, etc).
  4. User gets prompted to enter verification code from MFA device to confirm.

The documentation for this repo is pretty lacking, and it's quite difficult to figure out how to do all this.

Also, do they have to set up SMS first? I would hope that users don't need to do that, because many may not want to use their phone number, not to mention it's unreliable to depend on text message for 2FA (someone might be in a place with no cell access).

ffxsam avatar Feb 06 '18 17:02 ffxsam

No, SMS is not needed for TOTP. You would pretty much need to follow use case 26 to 28 on the readme for associating, verifying and enabling TOTP.

itrestian avatar Feb 06 '18 18:02 itrestian

@itrestian Thanks for the help, I'll give it a try!

ffxsam avatar Feb 06 '18 19:02 ffxsam