amplify-js icon indicating copy to clipboard operation
amplify-js copied to clipboard
verified publisher icon aws-amplify

Additional step to receive OTP just after SMS MFA enables (not for marking the phone number as verified).

Open UdithWijegunavardhana opened this issue 1 year ago • 3 comments

Is this related to a new or existing framework?

React, React Native

Is this related to a new or existing API?

Authentication

Is this related to another service?

Cognito MFA

Describe the feature you'd like to request

I'm working with MFA for couple of weeks and implemented the SMS MFA for the client application. There are some additional requirement form the client to add another step to receive and enter the OTP just after enabling MFA for better sense for the users.

The current flow of enabling MFA according to your documentations is just only enables MFA status by calling updateMFAPreference({ sms: 'ENABLED' }) , and it not provides such kind of step to receive the code. (Correct me if I'm wrong and if it has such kind of way)

To receive the code we need to sign-out the user and sign-in back by calling signIn({ username: values.email, password: values.password })

I tried various ways to trigger this and get the code by calling signIn({ username: values.email, password: values.password }) again, adding some post auth Lambda triggers as well. But I'm still unable to match the functionality with the requirement.

This is not just to be verified the phone number. The additional step is required by the client each and every time when user enabling MFA. It may be whether the phone number verified or not.

Describe the solution you'd like

We' would like and suggest you to have optional nextStep to updateMFAPreference method that can be managed according to the user needs to receive OTP code just after enabling MFA, just like doing in signIn method: const { isSignedIn, nextStep } = await signIn({ username: values.email, password: values.password })

Describe alternatives you've considered

I tried various ways to trigger this and get the code by calling signIn({ username: values.email, password: values.password }) again, adding some post auth Lambda triggers as well.

Additional context

No response

Is this something that you'd be interested in working on?

  • [ ] 👋 I may be able to implement this feature request
  • [ ] ⚠️ This feature might incur a breaking change

UdithWijegunavardhana avatar Jan 23 '25 07:01 UdithWijegunavardhana

Hi @UdithWijegunavardhana thank you very much for opening this request with detailed explanation, we will look into this.

HuiSF avatar Jan 24 '25 17:01 HuiSF

Hi @HuiSF, any update on this?

UdithWijegunavardhana avatar May 19 '25 09:05 UdithWijegunavardhana

Hi @UdithWijegunavardhana ,

Thanks for reaching out, let me discuss this internally with the team and will let you know as soon as I have an update!

yuhengshs avatar May 19 '25 14:05 yuhengshs