Resend MFA Code Hook

[mrowles]

Is your feature request related to a problem? Please describe.

When authorizing a new device and, for whatever reason, the user wants to manually resend themselves a code:

1. user signs in
2. new device, user is sent SMS and needs to confirm challenge
3. for whatever reason, let’s say user didn’t receive initial SMS, they
   want to be able to resend it to themselves
4. user uses second code and successfully completes MFA challenge,
   effectively registering a new device

The old library had a hook for this, no idea why Amplify doesn't. This is not a duplicate of #1614 (comment), it is different as discussed in last comment.

Describe the solution you'd like

The old library used to have code that we implemented pretty horribly, so would love this to have more attention. I'd like it if I could implement as such:

public resendMfaCode(
    username: string
  ): Observable<boolean> {
    return fromPromise(Auth.resendMfaCode(username))
      .pipe(
        map(
          (result: any) => {
            // expect result to be true if it was sent successfully
            return result;
          }),
        catchError(
          (error) => {
            console.error(error);
            return of(false);
          }
        )
      );
  }

Describe alternatives you've considered

There is none in amplify. It existed in amazon-cognito-identity-js, which it appears is all Amplify is just a layer over, so assume this would be an easy hook?

Additional context
N/A

[powerful23]

@mrowles Hey can you provide the code snippet about how you are using the old library to achieve that? That would help us a lot to understand this request.

[mrowles]

It wasn't a pretty implementation to be honest, my average code coupled with the problems that the last library had (example) came up with the following:

import {Observable} from 'rxjs';
import {CognitoUser, CognitoUserPool, ICognitoUserData} from 'amazon-cognito-identity-js';

class AuthService {
    private cognitoUser: CognitoUser;
    private userPool: CognitoUserPool;

    resendCode(attribute: string, emailAddress?: string): Observable<any> {
        return new Observable((observer) => {
            
            // check if no active user session / MFA is still required on this device
            if (this.cognitoUser === null) {
                const userData: ICognitoUserData = {
                    Username: emailAddress,
                    Pool: this.userPool
                };

                this.cognitoUser = new CognitoUser(userData);

                this.cognitoUser.resendConfirmationCode(
                    (resendConfirmationError: Error, result: "SUCCESS"): void => {
                        if (resendConfirmationError) {
                            observer.error(resendConfirmationError);
                        } else {
                            observer.next(result);
                        }

                        observer.complete();
                    });

            } else {
                this.cognitoUser.getSession(
                    (sessionError: Error): void => {
                        if (sessionError) {
                            observer.error(sessionError);
                            observer.complete();
                        } else {
                            this.cognitoUser.getAttributeVerificationCode(attribute,
                                {
                                    onSuccess: (): void => {
                                        observer.next();
                                        observer.complete();
                                    },
                                    onFailure: (err: Error): void => {
                                        observer.error(err);
                                        observer.complete();
                                    },
                                    inputVerificationCode: () => {
                                        // user to input on another screen
                                    }
                                });
                        }
                    });
            }
        });
    }
}

[mrowles]

@powerful23 Any word on this? It's a pretty critical feature

[powerful23]

@mrowles hey from your code I can tell you want to invode this method resendConfirmationCode to get the mfa code right? As I know this method is mainly used to resend the confirmation (for confirmation of registration) to a specific user in the user pool according to https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ResendConfirmationCode.html

In Amplify we have a wrapper method for that which is Auth.resendSignUp(username). Also we have Auth.verifyUserAttribute() to initiate the attributes confirmation request which is a wrapper for this.cognitoUser.getAttributeVerificationCode Can you try those methods?

[mrowles]

@powerful23 Understand you're trying to help, but you kind of told me to open up a new request for this last week because it was different to the above suggestions: #1614 (comment)

verifyUserAttribute doesn't work as it requires a currentUser - meaning, without MFA you can't have a user session because you can't sign in.

/**
     * Initiate an attribute confirmation request
     * @param {Object} user - The CognitoUser
     * @param {Object} attr - The attributes to be verified
     * @return - A promise resolves to callback data if success
     */
    verifyUserAttribute(user: CognitoUser | any, attr: string): Promise<void>;

[mrowles]

@powerful23 Any updates?

[alecOAM]

@mrowles As a work around, you could call Auth.signIn again.

[LeoMoonStar]

@mrowles As a work around, you could call Auth.signIn again.

which means you need to save the password incase user wants to resend confirm code?

[powerful23]

@mrcoles Hi, really sorry about the late response. So from your description, what you want to do is to be able to resend the SMS code when signing in, not signing up, right? Because if you want to resend the confirmation code during registration, I am pretty sure you can do that by using Auth.resendUp(username).

[MikeAlexMartinez]

For anyone who does use the 'use Auth.signIn() again' workaround to resend a code. You have to ensure that your subsequent call to Auth.confirmSignIn(user, code) passes in the user returned from the corresponding Auth.signIn() call.

[cezarcarvalhaes]

Any updates on when we can expect this? This functionality is pretty crucial, and the 'use Auth.signIn()' again workaround would require temporarily storing or passing username and password info across different views, which isn't something we want to do.

There is a resendConfirmationCode hook, but that is only for confirming new users, not for MFA.

[kaushik-raina]

Hello @powerful23 ,
This issue is blocker for our project. Can you please confirm if there is any plan to add this feature in upcoming release?

Our workflow

1. MFA is set to required in cognito.( through SMS )
2. User enters Login username and password
3. user is redirected to Verify MFA code page
4. Now comes the edge case where user doesn't receives code on phone due to network issues
   Hence we need to provide user with option to resend MFA code

[richmondu]

Having the same issue for MFA.
Resending OTP is possible for signup, forgot/reset password, verify email/phone number but currently NOT possible for MFA.

[aoloo]

Any movement on this issue? I am on the same boat as @mrowles .

[pinpointpanda]

This is a problem for us too. Definitely do not like the idea of holding onto the password in order to trigger a secondary request for signing in. Which means, there's no sensible way to re-send the MFA code during a sign in operation. Other than asking the user to login again, which is a pretty horrible UX.

Seems a bit of a miss not to have an MFA resend option.

[aoloo]

@pinpointpanda I created another feature request issue #6676 . If you can comment or get other developers needing this feature to comment on the feature request it can motivate the amplify team to get this done for us. Thanks!

[saideep1011]

@mrowles As a work around, you could call Auth.signIn again.

this worked for me

[44mkashif]

Any update on this issue? This is a blocker on one of my projects as well.

[kceb]

Any updates?

Thankfully I'm doing this flow server-side, but it still requires me to temporarily save the password in the encrypted session, a signed cookie, or somehow hack my way around using POST requests

In my flow, after username/pw login form, I redirect to MFA code entry page (a GET). I'd like to avoid redirecting to this page via a POST or having password in the URL...

[abdallahshaban557]

Closing as a duplicate of #6676