How to get user's MFA status

[diegolacarta]

Hi, I'm need to know if the user has MFA enabled, and can't see any function that provides that functionality. I guess it should be getMFAOptions but it returns undefined (despite the network call coming back with {"PreferredMfaSetting":"SOFTWARE_TOKEN_MFA"}.

On the other hand, the network request always returns the same regardless of the status being enabled or disabled.

Is there anything I'm missing?

[adam-snyder]

I just ran into the same issue. It looks as if the aws-cognito-sdk bundled with this it a bit behind. It is missing a few of the attributes in the shape that parses the GetUser response.

As a workaround, you can generate your own aws-sdk from the latest and exclude the bundled one.

[diegolacarta]

Yeah, the problem is the backend always returns the same, as I mentioned.

[adam-snyder]

I believe the PreferredMfaSetting is not an indicator or enabled or disabled MFA status, but rather which method (SMS or Software token) the user prefers to use when it is enabled for authentication. The call to CognitoUser.setUserMFAPreference should adjust that value.

I don't know this for certain because I ended up implementing my own tracking of the preference through custom attributes because of the SDK out of date issue.

[itrestian]

The MFA settings set using the setUserMFAPreference API can be retrieved using the getUser call. They will be in the PreferredMfaSetting and the UserMFASettingList fields.