Skip to content

feat(auth): add email MFA support #2908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(auth): add email MFA support #2908

wants to merge 2 commits into from

Conversation

anivar
Copy link

@anivar anivar commented Jul 21, 2025

Description

This PR adds support for email-based multi-factor authentication (MFA) using AWS Cognito's EMAIL_OTP feature.

Changes

  • Type Definitions: Added MFAEmailSettings type as a boolean flag
  • Core Implementation: Enable EMAIL_OTP in UserPool configuration when email MFA is enabled
  • Output Mapping: Map EMAIL_OTP to EMAIL in client output
  • Tests: Added comprehensive test coverage for email MFA scenarios
  • Documentation: Updated README with usage examples

Implementation Details

The implementation uses CloudFormation overrides to enable EMAIL_OTP as direct CDK support is limited. Custom email templates require Lambda triggers and are not included in this minimal implementation.

Usage Example

new AmplifyAuth(stack, 'Auth', {
  loginWith: {
    email: true,
  },
  multifactor: {
    mode: 'OPTIONAL',
    email: true,
  },
});

Testing

  • Unit tests added for email MFA enablement
  • Tests for combined MFA (SMS + TOTP + Email)
  • Output validation tests

Related Issues

Resolves #2159

Checklist

  • Changes are covered by unit tests
  • Documentation has been updated
  • Implementation follows existing patterns
  • No breaking changes introduced

anivar added 2 commits July 21, 2025 13:19
@anivar
feat(auth): add email MFA support
6b70e52 
Add support for email-based multi-factor authentication (MFA) using AWS Cognito's EMAIL_OTP feature.

Changes:
- Add MFAEmailSettings type definition
- Enable EMAIL_OTP in UserPool configuration when email MFA is enabled
- Map EMAIL_OTP to EMAIL in client output
- Add comprehensive test coverage
- Update documentation with usage examples

Implementation uses CloudFormation overrides to enable EMAIL_OTP as CDK direct support is limited.
Custom email templates require Lambda triggers and are not included in this minimal implementation.

Resolves: aws-amplify#2159
@anivar
chore: add changeset for email MFA support
46865ce
@anivar anivar requested a review from a team as a code owner July 21, 2025 10:44
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jul 21, 2025

🦋 Changeset detected

Latest commit: 46865ce

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@aws-amplify/auth-construct Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

support email mfa
1 participant
@anivar