#✅ - Implementing Resend OTP with Lock Mechanism for Passwordless Authentication in AWS Cognito

5 messages · Page 1 of 1 (latest)

analog grove
#

Hi everyone,

I've built a passwordless authentication system following the blog Implementing Passwordless Email Authentication with Amazon Cognito[https://aws.amazon.com/blogs/mobile/implementing-passwordless-email-authentication-with-amazon-cognito/]. I'm using the signIn and confirmSignIn methods from aws-amplify/auth to start and complete my authentication flow[https://docs.amplify.aws/react-native/build-a-backend/auth/connect-your-frontend/sign-in/].

I need to implement a resend OTP feature with a lock mechanism to block users for a certain time if they exceed a defined limit for OTP requests during the sign-in process. I've found that Cognito doesn't support resending codes during sign-in.

What's the best way to build this mechanism?

Thank you!

eternal lion
#

https://aws.amazon.com/blogs/mobile/implementing-passwordless-email-authentication-with-amazon-cognito/#:~:text=Create Auth Challenge trigger,a new login code.

Is it possible for you to create a trigger that is wrapped with your own custom handler say like a button that activates the trigger and the trigger can only be pressed a certain amount of times using a counter to keep track of the number of times it's been clicked.

There might be a better way than this one that I am suggesting but I just thought I can share so that you have more ideas.

Amazon Web Services
Implementing passwordless email authentication with Amazon Cognito ...

June 27, 2024: This blog post covers Amplify Gen 1. For new Amplify apps, we recommend using Amplify Gen 2. You can learn more about Gen 2 in our launch blog post. Having to remember passwords can be a pain, especially for passwords that you don’t use often. Like most people, you too are probably […]

analog grove
#

Hi @eternal lion ,

Thank you for the response. Currently, I am using the following custom triggers based on the passwordless authentication blog for Cognito: [https://aws.amazon.com/blogs/mobile/implementing-passwordless-email-authentication-with-amazon-cognito/]

triggers: {
createAuthChallenge,
defineAuthChallenge,
verifyAuthChallengeResponse,
preSignUp,
}

Are you suggesting that in the createAuthChallenge handler, I should track OTP requests for each login username and store this data in a DynamoDB table to manage rate limits and implement lockout logic?

To request a new OTP, we can call the signIn method again from aws-amplify/auth as shown below:

import { signIn } from "aws-amplify/auth";

const resendOtp = async () => {
await signIn({
username: userName,
options: {
authFlowType: "CUSTOM_WITHOUT_SRP",
},
});
};

I though of this approach but am unsure if it is optimal or if there is a better solution.

Thank you!

subtle heath
#

@analog grove, we have a couple of feature requests tracking the "resend OTP" feature with Cognito (essentially an ad-hoc MFA request). Feel free to upvote the following issues or give them any additional comments to help us gain traction on them!

https://github.com/aws-amplify/amplify-js/issues/6676

https://github.com/aws-amplify/amplify-js/issues/11447

I'll also add that internally we are trying to advocate for this as well with Cognito after seeing how many times our community asks about this feature. We'll update those Github issues with any progress that's made.

GitHub
Resend MFA Code API · Issue #6676 · aws-amplify/amplify-js

Is your feature request related to a problem? Please describe. Our workflow MFA is required in Cognito via (SMS). The user enters the login username and password and is redirected to verify the MFA...

GitHub
Ad hoc MFA Auth Challenges · Issue #11447 · aws-amplify/amplify-js

Is this related to a new or existing framework? React Is this related to a new or existing API? Authentication Is this related to another service? Cognito Describe the feature you'd like to req...

wanton drumBOT
#

✅ - Implementing Resend OTP with Lock Mechanism for Passwordless Authentication in AWS Cognito