I'm using AuthFlow='ADMIN_NO_SRP_AUTH' to set up Cognito MFA authentication.
I wonder if Is there any way that I can ignore the MFA authentication?
Which AdminInitiateAuth request should I use?
For example:
I create a user, then register that user to my UserPool, enable MFA for that user, and now MFA is working fine.
But what if on a bad day, I don't want to use MFA Authentication anymore, but I also don't want to disable MFA for my user because I want to use it on another beautiful day.
May not be the answer you are hoping for but... You can't do it. And it wouldn't even make sense.
The MFA is either enable or disabled. If it's enabled, you need to authenticated with it. Think about it. You set it up to protect user's account. But the user is able to say - oh, I actually don't want to use it just this time. The thing is - a bad actor could do exactly the same. Just send a request saying not to use MFA. That would defeat the purpose of MFA entirely.
That's why this decision is left to either an administrator of the pool or the user who can disable it, but only as long as he/she is signed it (depending on pool's configuration).
That's why you can only either have it enabled or disabled. And you cannot disable it ad hoc per request.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments