如果我们已经通过Google与AWS Cognito签署了用户协议,那么我们以后可以通过AWS Amplify API激活MFA。如果是,API签名是什么?
总体思路是允许用户首先通过社交服务提供商登录,如果他们访问的平台/功能需要MFA安全,则可以通过其用户个人资料将其启用来启用它。
>答案 0 :(得分:0)
这来自AWS Amplify API documentation的“启用TOTP”部分
import { Auth } from 'aws-amplify';
// To setup TOTP, first you need to get a `authorization code` from Amazon Cognito
// `user` is the current Authenticated user
Auth.setupTOTP(user).then((code) => {
// You can directly display the `code` to the user or convert it to a QR code to be scanned.
// E.g., use following code sample to render a QR code with `qrcode.react` component:
// import QRCode from 'qrcode.react';
// const str = "otpauth://totp/AWSCognito:"+ username + "?secret=" + code + "&issuer=" + issuer;
// <QRCode value={str}/>
});
// ...
// Then you will have your TOTP account in your TOTP-generating app (like Google Authenticator)
// Use the generated one-time password to verify the setup
Auth.verifyTotpToken(user, challengeAnswer).then(() => {
// don't forget to set TOTP as the preferred MFA method
Auth.setPreferredMFA(user, 'TOTP');
// ...
}).catch( e => {
// Token is not verified
});