Resend MFA Code API

[aoloo]

Is your feature request related to a problem? Please describe. Our workflow MFA is required in Cognito via (SMS). The user enters the login username and password and is redirected to verify the MFA code page. Now comes the edge case where a user does not receive the MFA code due to network issues or other interference. Therefore we need to provide users with the option to resend an MFA code.

Describe the solution you'd like A method to resend MFA Code due to some edge case a user does not receive a code within the initial sign In flow. A similar hook to Auth.resendSignUp() but for MFA Code.

Describe alternatives you've considered Calling the Auth.SignIn() to resend MFA Code is not ideal because signIn requires a username and password.

[elorzafe]

@aoloo

doing Auth.signIn(..) will resend the code, in that case you will need to store in memory the username and password for that purpose.

[aoloo]

@elorzafe @amhinson we are currently implementing that, but the authentication code does not always get sent. There some instances where calling Auth.signIn() does not work.

try {
  const user = await Auth.signIn(username,password);
} catch (err) {
   `Code was not sent successfully!`
 }

This is my current implementation within a on click event when a user clicks a resend-mfa code on a form. It will be really nice to have a resendMFA api call. This can benefit the community implementing MFA.

[aoloo]

@elorzafe Just to note when calling Auth.signIn it returns {"__type":"CodeMismatchException","message":"Invalid code or auth state for the user."}. So it is crucial that we have an api for re sending mfa authentication code.

[mitchgillin]

Seconding! This is an issue for me as well. Would be great if I could resend confirmation codes, without having to make users re-sign in.

[pinpointpanda]

Yeah, also seeing this. We'll workaround with posting to Auth.logIn again, but it does feel like there ought to be an api method for this - it's the only part of the sign up/sign in/reset password etc... workflows that doesn't have a re-send.

[cezarcarvalhaes]

This has been an issue for us for quite some time. I don't like having to hold on to a password in order to call Auth.signIn again for this feature, and asking users to sign in again is really clunky.

[aoloo]

@harrysolovay @elorzafe any movement on this?

[MaxwellOldshein]

Has anyone heard any update on this issue?

[martinlanglois]

Just want to add my name to the list of people who would need this feature. I am not using the Amplify framework though. Only the php SDK. But it's visibly kind of all the same !

[chaawlaapooja]

Just want to add my name to the list of people who require this feature. This is a blocker for my project.

[Thomsen-c]

This is a blocker on one of my projects as well.

[pedrohff360]

Same here... there's some update?

[justinslalom]

+1, this is a needed feature

[sfratini]

+1 This is very basic feature request at this point. Specially since we would like to send a code to actually validate the MFA before actually enabling it, to confirm the user has access to the phone/email. AWS enabled it right away, without validating anything. And it is funny, since AWS actually ask you for TWO codes before enabling.

[tigrenok00]

+1

[eugendorin]

+1

[jwelfare]

+1

[44mkashif]

Any update on this issue? This is a blocker on one of my projects as well.

[gluonfield]

Need update on this

[Levisnkyyyy]

Seeking update as well

[madlerpar]

Is there any update on this? The given "workaround" of using Auth.SignIn() does not seem to actually work.

[Muzammil98]

+1, this is a needed feature

[JJ810]

If anyone is still looking for this solution here is my workaround/solution.

So to resend OTP code you should do Auth.signIn(email, password) again and update the user object with new response and do Auth.confirmSignIn(user, otp, user.challengename) with updated user object.

Here is my code:

...
const [user, setUser] = useState()
...
 const handleSubmitMfa = async () => {
    if (user) {
      if (user.challengeName === 'SMS_MFA' || user.challengeName === 'SOFTWARE_TOKEN_MFA') {
        try {
          await Auth.confirmSignIn(user, otp, user.challengeName)
          router.push('/')
        } catch (err: any) {
          if (err.code === 'CodeMismatchException') {
            setError('Invalid OTP Code')
          }
        }
      } else if (user.challengeName === 'MFA_SETUP') {
        Auth.setupTOTP(user)
      }
    }
  }

  const handleResend = async () => {
    if (user && user.challengeName === 'SMS_MFA') {
      const userRes = await Auth.signIn(values.email, values.password)
      // Update user object to confirm sign in with newly received code.
      setUser(userRes)
    }
  }

Hope it helps!

[LazyAfternoons]

The solution provided by @JJ810 seems to work just fine (thank you) but we really need this feature.

[abdallahshaban557]

Hello everyone! Our team is working on introducing this as a feature of our library in a future iteration. We will provide an update on this Github issue when a new version is out. We do not yet have exact timelines, but we will share them once they are known to us!

[kceb]

I too need a solution that does not require me to cache the password... seems pretty insecure. Thankfully I'm doing this server-side. Still would prefer an API that would just resend the code

[ovidiu-a]

+1, this is a needed feature

[erinleigh90]

Cognito does not currently provide the ability for us to resend the MFA code. Until they provide this functionality, we cannot implement in amplify. We will continue to stress the importance of this issue internally and provide an update as soon as we have one.

[abdallahshaban557]

Closing this as a duplicate of #2010

[aoloo]

@abdallahshaban557 I would prefer we close #2010 and keep this one open. It is more active and recent. Thanks!