Support SOFTWARE_TOKEN_MFA challenge in AWSSRP

Question

Support SOFTWARE_TOKEN_MFA challenge in AWSSRP

kornpow opened this issue 3 years ago · 0 comments

Found this library and it has been helpful. I noticed I had to do a little bit of custom code to get it working with SOFTWARE_TOKEN_MFA.

Here is the code I used to get it working:

from warrant.aws_srp import AWSSRP
import boto3

cognito = boto3.client('cognito-idp')

user_pool_id = "us-west-2_blah"
app_client_id = "app-client-id-1234"
username = "kornpow@mydomain.com


aws = AWSSRP(
    username=username,
    password={redacted}, 
    pool_id=user_pool_id,
    client_id=app_client_id,
    client=cognito
)

tokens = aws.authenticate_user()


response = cognito.respond_to_auth_challenge(
    ClientId=app_client_id,
    ChallengeName="SOFTWARE_TOKEN_MFA",
    Session=tokens["Session"],
    ChallengeResponses={"SOFTWARE_TOKEN_MFA_CODE":"{redacted}", "USERNAME": username}
)

I noticed this problem, since tokens = aws.authenticate_user() returned a dict with a Session key instead of what I was expecting.