Reputation: 117
Enabling SOFTWARE_TOKEN_MFA through Python Boto3 for a cognito user
I need to enable MFA for Cognito users as per their requirements. I tried SMS MFA & it worked perfectly, but when it comes to Software MFA (SOFTWARE_TOKEN_MFA) i couldn't find any proper documents or examples on how to enable it through code. Either through Javascript or through python (Boto3)
The above-mentioned picture represents my MFA settings for the Cognito user pool. i tried some examples for javascript, but some functions threw errors
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function(result) {
var accessToken = result.getAccessToken().getJwtToken();
},
onFailure: function(err) {
alert(err.message || JSON.stringify(err));
},
mfaSetup: function(challengeName, challengeParameters) {
cognitoUser.associateSoftwareToken(this);
},
associateSecretCode: function(secretCode) {
var challengeAnswer = prompt('Please input the TOTP code.', '');
cognitoUser.verifySoftwareToken(challengeAnswer, 'My TOTP device', this);
},
selectMFAType: function(challengeName, challengeParameters) {
var mfaType = prompt('Please select the MFA method.', ''); // valid values for mfaType is "SMS_MFA", "SOFTWARE_TOKEN_MFA"
cognitoUser.sendMFASelectionAnswer(mfaType, this);
},
totpRequired: function(secretCode) {
var challengeAnswer = prompt('Please input the TOTP code.', '');
cognitoUser.sendMFACode(challengeAnswer, this, 'SOFTWARE_TOKEN_MFA');
},
mfaRequired: function(codeDeliveryDetails) {
var verificationCode = prompt('Please input verification code', '');
cognitoUser.sendMFACode(verificationCode, this);
},
});
cognitoUser.sendMFASelectionAnswer(mfaType, this);
throws an error
var challengeAnswer = prompt('Please input the TOTP code.', '');
cognitoUser.verifySoftwareToken(challengeAnswer, 'My TOTP device', this);
}
throws an error
I even tried the same to enable it from the python
response = client.set_user_mfa_preference(
SMSMfaSettings={
'Enabled': True|False,
'PreferredMfa': True|False
},
SoftwareTokenMfaSettings={
'Enabled': True|False,
'PreferredMfa': True|False
},
AccessToken=token_
)
But it says invalid access token, token_ = 'eqQwo59dnjwj*******'
Upvotes: 2
Views: 1964
Answers (1)
Reputation: 117
After a detailed study on cognito with boto3 (Python), i found a solution to enable Software MFA
- Associate software token to the user
response = client.associate_software_token(
AccessToken=user_as_json['access_token'],
)
Which return a secret code. use otpauth to make the secret code into a qrcode
- Verify the token received from the use
response = client.verify_software_token(
AccessToken=user_as_json['access_token'],
UserCode='Code received from the user',
FriendlyDeviceName='ABC'
)
- Set user MFA Preference
response_1 = client.set_user_mfa_preference(
SMSMfaSettings={
'Enabled': False,
'PreferredMfa': False
},
SoftwareTokenMfaSettings={
'Enabled': True,
'PreferredMfa': True
},
AccessToken='Access Token'
)
Note: Preferred MFA can be set only if either of the MFA is enabled.
Note: Both the MFA can be Enabled, But only one can be set to preferred at a time
Upvotes: 3
Related Questions
- implementing USER_SRP_AUTH with python boto3 for AWS Cognito
- AWS Cognito Authentication USER_PASSWORD_AUTH flow not enabled for this client
- AWS boto3 Cognito Invalid Access Token Error
- How can I get a JWT Access Token from AWS Cognito as admin in Python with boto3?
- Is there a boto3 funciton to convert authorization_code into authorization_token
- How to I access Security token for Python SDK boto3
- NoCredentialsError when connecting to Cognito with Python and boto3
- How to get authenticated identity response from AWS Cognito using boto3
- Boto3 - Authenticating with Amazon Cognito without using access keys
- obtaining AWS credentials using cognito in python boto