I am using
USER_PASSWORD_AUTH
for authFlow. Currently Im receiving OTP for login. How can I bypass OTP
Want to stop receiving OTP for login, instead get OTP during signup
You should be able to disable the MFA for Cognito.
One of the options is to do so via CLI
aws cognito-idp set-user-pool-mfa-config --mfa-configuration OFF --user-pool-id <your_user_pool_id>
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-user-pool-mfa-config.html
Related
I have an app use trustlogin(https://portal.trustlogin.com/) to authenticate with amazon cognito user pool
I use this article to setup authentication: authorization-endpoint
and add it into trustlogin app
In my application, I use aws-amplify for authentication
the problem is: when I signout in my app, it work fine with aws-amplify configure, but when signout/change account in trustlogin portal, the account in my app still the previous account,even if I re-authenticate with the above endpoint(authorization-endpoint), it still doesn't work.
I have try to get accessToken after re-authenticate but user data not change
I'm using firebase as my OTP, whenever I log-in thru my app it always send OTP....can I create a code that can check if the number is already signed in on the console so it won't send OTP again??
Firebase automatically persists and restores the user's credentials when the app is restarted, so you should not have to send an OTP each time.
Check on how to detect the user's authentication state for your platform the first snippet in the documentation for Android, iOS, and Web
I'm working on building a mobile / web app and would like to utilize AWS Cognito for authentication.
I wanted to do a Proof Of concept before implementing it completely. As part of that, I have setup a user pool and used Amplify to Signup, SignIn users.
As part of Sign up I was able to verify the user using verification code to either a phone (or) email.
Also as part of Sign In, I received the MFA tokens in my phone/email and validated the MFA before logging in.
My question is, I would like to differentiate email/phone verification methodology(SignUp) vs MFA Token methodology(SignIn).
Is it possible to verify user email via a verification link (SignUp) and utilize token based MFA for SignIn ?
I tried changing the user pool MFA message from code to link. I m getting a verification link in my email, however I m not getting an MFA - because I have used email as my verification method.
Per the documentation, email verification doesn't trigger MFA as part of SignIn.
In your user pool, if you have selected both email and phone as required,phone is given more priority. At the time of sign up and sign in, you are just given a MFA code via sms but not email.
But if you want to use Email for sign up and phone MFA sms code for signing in, please read this-
You need to call 3 methods(GetUser,GetUserAttributeVerificationCode and VerifyUserAttribute) from the AWS SDK to verify the other attribute.
Referfence Article - AWS Docs
Hope it helps.
Problem:
I am using Aws Cognito using google as external federated identity for auth of my application:
problem is it logs me in with the last user when having only one signed in google account. Basically it seem its simply not able to logout the user completely.
Heres what is happening :
I am logged into google with e.g user a#gmail.com
I login into cognito via the external federated identity use the above email and login. All iz well.
I now logout and want to login into cognito using 'b#gmail.com', now say I created the account using another browser and never used the current browser, so browser does not know about this.(In short I am logged into just one gmail account in this browser.)
When I try to signin I am shown the option to 'Signin with Google' but it never presents me the account selection screen and directly logs me in.
I am using the screen cognito shows at https://mydomain.auth.auth.us-east-1.amazoncognito.com/login
Using Prompt:
I see that google itself has a way to force the user to select an account using the 'prompt' : select_account option. But I see no way to specify this anywhere in cognito.
Question :
- Anyone have any fix / workaround to above problem? I need a way to 'always' show the account selection so that he can choose or use a different account.
Did you try the logout endpoint from cognito ?
- Yes, This is happening even after I send the user to the logout endpoint of cognito, which is probably supposed to logout the user.
Social providers authenticate users passively (i.e: you open their login page and get redirected after login to a redirect uri you specify that contains the login token or failure message).
How can I:
1. launch the authentication request to a social providers uri from within flutter.
2. after login success/failure read the response from the redirect uri provided as part of the login request.
For Facebook, you can open a browser with the url_launcher plugin. Check out this post: Facebook Oauth login flow with Flutter.
For Google Sign-In, there's a google_sign_in plugin that will let you authenticate with the native Google Sign-In SDK.
You may also rely on Firebase Auth Plugins :
https://github.com/flutter/firebase_auth
Thanks #collin