SMS-MFA fails when pool allows users to sign in using email about amazon-cognito-identity-dart-2 HOT 3 CLOSED

I found out that when the phone number is verified sendMFACode works as expected and I can authenticate.
Since https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-text-message.html stated that 'When a user successfully goes through the SMS text message MFA flow, their phone number is also marked as verified.' I thought it was not necessary but i guess it is.

To avoid such a problem (the error message from cognito is extremely missleading) in future it would be good to do at least one of the following

• document that a verified phone number is highly recommended when activating SMS-MFA and changing attributes.
• reject activation if the number is not verified and reject editing phone_number attribute without disabeling SMS-MFA
• trigger attribute verification if necessary during MFA setup and when changing phone_number attribute.

from amazon-cognito-identity-dart-2.

@moonshinephoenix thank you for your investigation.
Could you please create a PR to readme and code?

from amazon-cognito-identity-dart-2.

@furaiev I will but please be a bit patient with me. This is my first time to contribute to open source and using git so it might take me a little to get it right.

The change itself seems easy enough though. Do you have any preferrences as to which route I should go with the code change? I think i prefer the second one throwing a qualified exception when entering a state in which the process is incomplete (similar to initAuth).

from amazon-cognito-identity-dart-2.