Cognito email verification

Question

I'm working on building a mobile / web app and would like to utilize AWS Cognito for authentication.

I wanted to do a Proof Of concept before implementing it completely. As part of that, I have setup a user pool and used Amplify to Signup, SignIn users.

As part of Sign up I was able to verify the user using verification code to either a phone (or) email.

Also as part of Sign In, I received the MFA tokens in my phone/email and validated the MFA before logging in.

My question is, I would like to differentiate email/phone verification methodology(SignUp) vs MFA Token methodology(SignIn).

Is it possible to verify user email via a verification link (SignUp) and utilize token based MFA for SignIn ?

I tried changing the user pool MFA message from code to link. I m getting a verification link in my email, however I m not getting an MFA - because I have used email as my verification method.

Per the documentation, email verification doesn't trigger MFA as part of SignIn.

Answer 1

In your user pool, if you have selected both email and phone as required,phone is given more priority. At the time of sign up and sign in, you are just given a MFA code via sms but not email. But if you want to use Email for sign up and phone MFA sms code for signing in, please read this-

You need to call 3 methods(GetUser,GetUserAttributeVerificationCode and VerifyUserAttribute) from the AWS SDK to verify the other attribute.

Referfence Article - AWS Docs

Hope it helps.