What is Amazon Cognito?
Amazon Cognito is a AWS service provide authentication and authorization with various provider as email/password or social OAuth (Google, Facebook, ...)
What is TOPT?
TOPT is shorthand for
Time-based one-time password
It will generate a temporary unique passcode (is generated with a standardized algorithm that uses the current time as an input ) and it is valid in a short time( normally 30 seconds), after that, It will automatically expire.
Enable TOPT Software token MFA feature on Amazon Cognito?
- Create a
User pooland setting MFA for it like below.
App client without
secret code and make sure that 'ALLOW_USER_SRP_AUTH' is checked.
3. Create a sample user.
Connect Amazon Cognito for setup MFA Software token using Javacript
The result of code execution:
TOTP MFA considerations and limitations at currently
- AWS Coginito built-in UI currently does not support TOTP setup. Our application must provide this feature. After the user setups and verifies a TOTP software token in our application, they can input their passcode in the built-in UI.
- AWS Coginito only supports software token MFA or SMS MFA. It does not support hardware-base MFA.
Thanks you for reading!