Comments (3)
I found out that when the phone number is verified sendMFACode works as expected and I can authenticate.
Since https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-text-message.html stated that 'When a user successfully goes through the SMS text message MFA flow, their phone number is also marked as verified.' I thought it was not necessary but i guess it is.
To avoid such a problem (the error message from cognito is extremely missleading) in future it would be good to do at least one of the following
- document that a verified phone number is highly recommended when activating SMS-MFA and changing attributes.
- reject activation if the number is not verified and reject editing phone_number attribute without disabeling SMS-MFA
- trigger attribute verification if necessary during MFA setup and when changing phone_number attribute.
from amazon-cognito-identity-dart-2.
@moonshinephoenix thank you for your investigation.
Could you please create a PR to readme and code?
from amazon-cognito-identity-dart-2.
@furaiev I will but please be a bit patient with me. This is my first time to contribute to open source and using git so it might take me a little to get it right.
The change itself seems easy enough though. Do you have any preferrences as to which route I should go with the code change? I think i prefer the second one throwing a qualified exception when entering a state in which the process is incomplete (similar to initAuth).
from amazon-cognito-identity-dart-2.
Related Issues (20)
- SSO w/ Flutter AWS Cognito HOT 2
- zip file broken HOT 2
- use case 19 HOT 2
- Unauthorized/Anonymus user token HOT 2
- Forgot Password HOT 2
- Melos version bump? HOT 5
- [ASK] Is it possible to getSession with only `refreshToken` value ? HOT 2
- Use case 19 HOT 3
- CognitoUserDeviceConfirmationNecessaryException is not being thrown HOT 3
- Enabling TOTP for MFA HOT 5
- how to solve custom challenge? HOT 3
- Federated Login... Refresh Access Token HOT 2
- AuthenticationDetails.validationData not transmitted HOT 5
- VerifyDevice request fails if username used in sendMFA() is email or phone number HOT 2
- MFA_SETUP challenge when user pool has "required MFA" HOT 3
- sendMFACode method requires SECRET_HASH HOT 2
- How to verify Password Only without session? HOT 2
- "Missing required parameter Session" while MFA is required HOT 6
- Mismatched key prefix when caching and restoring device HOT 6
- Issue when UserConfirmationNecessary is true HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amazon-cognito-identity-dart-2.