feat(auth): TOTP MFA #3146
feat(auth): TOTP MFA #3146
Conversation
dnys1
force-pushed
the
feat/auth/totp
branch
5 times, most recently
from
8d6f87b
to
282b1c0
Compare
|
@dnys1 Thanks for taking care of this! When do you think this feature will be released? |
|
@Kaspear I don't have any firm timeframe yet, but it is one of our highest priority issues! |
dnys1
force-pushed
the
feat/auth/totp
branch
2 times, most recently
from
80ba8b4
to
76c343b
Compare
packages/auth/amplify_auth_cognito_dart/example/bin/example.dart
Outdated
Show resolved
Hide resolved
packages/test/amplify_auth_integration_test/lib/src/mfa_environments.dart
Outdated
Show resolved
Hide resolved
packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart
Outdated
Show resolved
Hide resolved
packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart
Outdated
Show resolved
Hide resolved
packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/totp_setup_state_machine.dart
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Love all these test 🎉
Can we make this test file more digestible and easier to maintain? Maybe consider adding contextual comments to each scenario or breaking it up into two at least two files based on the testRunners. Either case I think would help provide better maintainer DX imo
There was a problem hiding this comment.
I've split the tests into multiple files. I've tried to leave rationale for many of the expectations. Given they all follow the same pattern (lots of copy/paste between the tests), I think grokking one test makes the rest simple to understand.
|
that looks great! I also sit for last couple of week on branch feat/auth/totp and seem like totp with authenticator app is all working so can't wait for release. Thank you for your hard work @dnys1 |
dnys1
force-pushed
the
feat/auth/totp
branch
2 times, most recently
from
c19fd2e
to
d06e6b0
Compare
| const UserMfaPreference({ | ||
| Set<MfaType>? enabled, | ||
| this.preferred, | ||
| }) : enabled = enabled ?? const {}; |
There was a problem hiding this comment.
Maybe I am missing something. Why not:
const UserMfaPreference({
this.enabled = const {},
this.preferred,
});There was a problem hiding this comment.
I was wanting passing null before because it makes things like list?.map(...).toSet() cleaner if I don't have to duplicate ?? const {} everywhere. But I changed it since I'm not doing that any more.
|
|
||
| @override | ||
| Map<String, Object?> toJson() => { | ||
| 'enabled': enabled.map((typ) => typ.name.toUpperCase()).toList(), |
There was a problem hiding this comment.
Is this supposed to be type?
There was a problem hiding this comment.
Either way. Updated to type.
| /// Initiates setup of a time-based one-time passcode (TOTP) MFA method for the | ||
| /// current user. | ||
| /// | ||
| /// Your backend must be set up with TOTP MFA enabled prior to calling this method. |
There was a problem hiding this comment.
What exception is thrown if the back end isn't set up for totp mfa?
There was a problem hiding this comment.
SoftwareTokenMFANotFoundException
| String? accountName, | ||
| }) => | ||
| Uri( | ||
| scheme: 'otpauth', |
There was a problem hiding this comment.
This scheme is used by all authenticator apps (or, at least all popular ones - MS, Google, Authy, Last Pass, etc.)?
There was a problem hiding this comment.
Yes, while there isn't a formal specification for otp URIs, this is the commonly used schema. The popular apps recognize this schema, this is made clear by their apps opening via native platform API calls with this schema. Which is exactly what we are doing in our Authenticator TOTP work.
|
Hi, we are deciding if we are going to use Amplify - Flutter and MFA with TOTP is a requirement, do you guys have an ETA for this feature to be deployed? if not I think we will not be able to use Amplify for our project. thanks! |
|
Hi @luigi198 - we are getting really close to shipping this, we are doing our internal rounds of reviews. When would you like this to be available by? |
|
@abdallahshaban557 We are working on a PoC to prove we can use this tech, we will be implementing MFA probably in September, we noticed you guys deployed a new version today, that's a good sign for my boss, if I can get a written confirmation MFA TOTP will be supported for September (we are flexible with the month, we can work on other features meanwhile), we are probably good to go |
|
Hi @luigi198 - we should have it ready by then. Thank you for letting us know! |
dnys1
force-pushed
the
feat/auth/totp
branch
2 times, most recently
from
72f11e9
to
263ae08
Compare
Expands E2E backends for all TOTP/SMS MFA combinations.
Fix casing when mapping SDK exceptions.
Adds TOTP MFA support to the `signIn` and `confirmSignIn` flows and adds two new methods to the Cognito plugin for fetching and updating the user's MFA preferences: `fetchMfaPreference` and `updateMfaPreference`.
Adds E2E tests for TOTP MFA and splits existing MFA tests by backend configuration: SMS, TOTP, and SMS/TOTP.
| @@ -199,6 +215,23 @@ Future<void> confirmMfaUser(String mfaCode) async { | |||
| } | |||
| // #enddocregion confirm-signin | |||
|
|
|||
| // #docregion handle-mfa-selection | |||
| Future<MfaType> _promptUserPreference(Set<MfaType> allowedTypes) async { | |||
| throw UnimplementedError(); | |||
There was a problem hiding this comment.
Updated in favor of // ...
| @@ -155,7 +155,7 @@ | |||
| 97C146E61CF9000F007C117D /* Project object */ = { | |||
| isa = PBXProject; | |||
| attributes = { | |||
| LastUpgradeCheck = 1300; | |||
| LastUpgradeCheck = 1430; | |||
There was a problem hiding this comment.
Been seeing this change locally. Does this typically get committed? If so, what's the significance?
There was a problem hiding this comment.
Yeah, it should be committed. Flutter and Xcode updates can modify the project settings.
| /// The [TotpSetupDetails] returned contains a [TotpSetupDetails.getSetupUri] | ||
| /// method which can be used to display a QR code or render a button to open | ||
| /// the user's installed authenticator app. After setup is complete on the user's | ||
| /// end, call [verifyTotpSetup] with a one-time code to complete registration. |
There was a problem hiding this comment.
I might reword this section to make it clear TotpSetupDetails.getSetupUri return's the URI. Right now it reads like it shows the relevant QR code.
| /// The [TotpSetupDetails] returned contains a [TotpSetupDetails.getSetupUri] | |
| /// method which can be used to display a QR code or render a button to open | |
| /// the user's installed authenticator app. After setup is complete on the user's | |
| /// end, call [verifyTotpSetup] with a one-time code to complete registration. | |
| /// The [TotpSetupDetails] returned contains a [TotpSetupDetails.getSetupUri] | |
| /// method for retrieving the setup URI. Which can be used to build a QR code or | |
| /// a button to open the user's installed authenticator app. After setup is complete | |
| /// on the user's end, call [verifyTotpSetup] with a one-time code to complete registration. |
|
@Kaspear @mikolaj1982 @luigi198 - Just wanted to make sure you are aware that this feature has now been launched! It is available from the Amplify Flutter library and the Authenticator UI component. |
|
@dnys1 |
signInflow.signInflow.