AWS Cognito MFA可选用户池-为什么默认情况下未启用MFA

Question

我的AWS控制台始终显示对用户禁用的SMS MFA STATUS，即使它在通过api登录期间要求提供MFA令牌。 遵循的步骤

我通过带有MFA可选

的aws控制台创建了一个用户池

我通过附加的api代码在此userpool下创建了一个用户

通过api登录，在接受NEW_PASSWORD_REQUIRED挑战后，我收到了所有令牌

 我通过API更改了MFA偏好设置

现在我登录了，这一次它要求提供MFA代码

我的问题是

1. 无论通过api启用或禁用MFA，我的AWS控制台始终针对该用户显示已禁用的MFA状态。
2. 我的另一个问题是，我想将MFA默认设置为启用，然后用户在首次使用MFA登录后可以禁用MFA。现在，默认情况下MFA已禁用。
   我的注册代码如下

AdminCreateUserRequest cognitoRequest = new AdminCreateUserRequest()
.withUserPoolId(cognitoConfig.getUserPoolId())<br>
// .withUserPoolId("us-east-1_vhXDAMWwN")<br>
.withUsername(signUpRequest.getUsername())<br>
.withUserAttributes(new AttributeType().withName(EMAIL).withValue(signUpRequest.getEmail()),<br>
new AttributeType().withName(NAME).withValue(signUpRequest.getName()),<br>
new AttributeType().withName(FAMILY_NAME).withValue(signUpRequest.getLastname()),<br>
new AttributeType().withName(PHONE_NUMBER).withValue(signUpRequest.getPhoneNumber()),<br>
new AttributeType().withName(EMAIL_VERIFIED).withValue(Boolean.TRUE.toString()))<br>
.withTemporaryPassword(cognitoConfig.getTempPassword())<br>
//uncomment this line to suppress welcome email and sms<br>
//.withMessageAction(MESSAGE_ACTION_SUPPRESS)<br>
.withDesiredDeliveryMediums(DeliveryMediumType.EMAIL, DeliveryMediumType.SMS)<br>
.withForceAliasCreation(Boolean.FALSE);<br>
UserSignUpResponse userSignUpResponse = new UserSignUpResponse();<br>
try {<br>
AdminCreateUserResult createUserResult = cognitoClient.adminCreateUser(cognitoRequest);<br>
UserType cognitoUser = createUserResult.getUser();<br>
if (cognitoUser != null && cognitoUser.getUserStatus().equals(FORCE_CHANGE_PASSWORD)) {<br>
//save / update user into rex db<br>
populateAndSaveUser(signUpRequest);<br>
userSignUpResponse.setName(cognitoUser.getUsername());<br>
userSignUpResponse.setResult(SUCCESS);<br>
userSignUpResponse.setStatus(FORCE_CHANGE_PASSWORD);<br>
}<br>
} catch (Exception ex) {<br>
throw new UserApiException(USER001, COGNITO_EXCEPTION, ex.toString());<br>
}<br>
code for setting mfa preference<br>
//add the new password to the params map<br>
Map<String,String> challengeParams = new HashMap<String,String>();<br>
challengeParams.put(USERNAME, username);<br>
challengeParams.put(PASSWORD, password);<br>
challengeParams.put(SMS_MFA_CODE, mfaCode);<br>
//populate the challenge response<br>
final AdminRespondToAuthChallengeRequest challengeRequest = new AdminRespondToAuthChallengeRequest();<br>
challengeRequest.withChallengeName(ChallengeNameType.SMS_MFA)<br>
.withClientId(cognitoConfig.getClientId())<br>
.withChallengeResponses(challengeParams)<br>
.withUserPoolId(cognitoConfig.getUserPoolId())<br>
.withSession(mySession);