How to setup the "mfa_setup" challenge on amazon cognito's multi factor authentication?

Question

I am stuck on setting up the mfa for amazon cognito with google authenticator. Did I miss any step?

I have tried following this guide "https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html".

I passed the session to the "associate_software_token" and got the secret key, converted it into a QR Code.

After converting it into QR, I downloaded the google authenticator from playstore and tried to proceed. Sadly this is where I'm stuck, google authenticator doesn't recognize the QR Code.

def get(self):
    # This is where the secret key which will be later used as password.
    data = request.args
    client = boto3.client('cognito-idp')
    secret_response = client.associate_software_token(Session=data["session"])
    # Create QR
    try:
        img = qrcode.make(secret_response.get('SecretCode'))
    except ClientError as e:
        return self.handle_boto_error(e)

    temp_assets = os.path.join(ASSETS_DIRS, 'temp/')

    filename = secure_filename(secret_response.get('SecretCode') + '.png')
    to_save_on = os.path.join(temp_assets, filename)
    print(secret_response.get('SecretCode'))
    img.save(to_save_on)

    return send_file(to_save_on, mimetype='image/png'), status.HTTP_200_OK

I expected it to give me the TOTP, which will complete the whole authentication process of the Congito Pool.

Answer 1

Fixed this by converting the qr into the right format, which is:

"link = f"otpauth://totp/{SITE_NAME}:{username}?secret={secret_code}&issuer={SITE_NAME}"

Instead of directly parsing the secret code to QR Code.