What is Amazon Cognito?
Amazon Cognito is a simple user identity and data synchronization service that provides authentication, authorization, and user management, helping us securely manage app data across applications for our users.
Amazon Cognito allows us to control permissions for different user groups in our applications to ensure that they have appropriate access to back-end AWS resources.
Table of Content :
- Introduction
- What is Amazon Cognito?
- Maven dependencies
- Create CognitoClient Instance
- Remove/Reset the TOTP Token
- Reset SMS MFA
- Articles/Questions related to AWS Cognito Reset User MFA Using Java
- Summary
We have users configured in the amazon Cognito pool and Some users are enabled SMS MFA and some users enabled TOTP Software Token MFA.
If the Mobile device is lost, then both MFA login .ie SMA MFA and Software MFA will not work.
To work with such cases we need to reset the MFA for the Cognito users.
In the following example, we used Java SDK for Amazon Cognito to remove/reset MFA for the Cognito users.
Maven dependency
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-core</artifactId>
<version>1.11.764</version>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-cognitoidp</artifactId>
<version>1.11.764</version>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk</artifactId>
<version>1.11.360</version>
</dependency>
Create CognitoClient Instance
public static AWSCognitoIdentityProvider getAWSCognitoIdentityClient() {
System.setProperty("aws.accessKeyId", "-- your accessKey Id--");//these are root account credentials
System.setProperty("aws.secretKey", "-- your secret Key--");
AWSCognitoIdentityProvider cognitoClient = AWSCognitoIdentityProviderClientBuilder.standard().withRegion(Regions.AP_SOUTH_1).withCredentials(new SystemPropertiesCredentialsProvider()).build();
return client;
}
Remove/Reset the TOTP Token
We need to delete the entry of APP MFA from the google Authentication app if the TOTP Software Token MFA is enabled for the user. Then we have to set MFA preferences for the Cognito user as false.
public static void resetSoftwareMFA(String username){
AWSCognitoIdentityProvider client = getAWSCognitoIdentityClient();
final SoftwareTokenMfaSettingsType sw = new SoftwareTokenMfaSettingsType().withEnabled(false)
.withPreferredMfa(false);
final AdminSetUserMFAPreferenceRequest adminsetusermfapreferencerequest = new AdminSetUserMFAPreferenceRequest()
.withUsername(username).withSoftwareTokenMfaSettings(sw).withUserPoolId(userpoolId);
client.adminSetUserMFAPreference(adminsetusermfapreferencerequest);
}
Reset SMS MFA
To reset SMS MFA we need to update the MFA preference as given below.
public static void resetSMSMFA(String username){
AWSCognitoIdentityProvider client = getAWSCognitoIdentityClient();
final SMSMfaSettingsType sMSMfaSettings = new SMSMfaSettingsType().withEnabled(false).withPreferredMfa(
false);
final AdminSetUserMFAPreferenceRequest adminsetusermfapreferencerequest = new AdminSetUserMFAPreferenceRequest()
.withUsername(username).withSMSMfaSettings(sMSMfaSettings).withUserPoolId(userpoolId);
client.adminSetUserMFAPreference(adminsetusermfapreferencerequest);
}
Articles/Questions related to AWS Cognito Reset User MFA Using Java
Create a Cognito user pool in AWS Console | Set up an Amazon Cognito user poolAWS Cognito Change User password Using Java
Cognito Confirming User Accounts using Java
AWS Cognito TOTP Software Token MFA Using Java
AWS Cognito Change User Email for Phone using Java
AWS Cognito SignUp and SignIn Example Using Java
AWS Cognito Enable SMS MFA Using Java
AWS Cognito Change User Email for Phone using Java
How to list all Amazon Cognito Users using Java
AWSCognitoIdentityProvider Method Example for Cognito User Pools API
In this article, we have seen AWS Cognito Reset User MFA Using Java. All source code in the article can be found in the GitHub repository.
0 Comments
Post a Comment