AWS Code Sample
Catalog

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

EnableMFAForCognitoUser.java

EnableMFAForCognitoUser.java demonstrates how to enable MFA in Cognito Userpool which MFA is optional to users

/* Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ package aws.example.cognito; import com.amazonaws.services.cognitoidp.AWSCognitoIdentityProvider; import com.amazonaws.services.cognitoidp.AWSCognitoIdentityProviderClientBuilder; import com.amazonaws.services.cognitoidp.model.*; import java.util.Arrays; public class EnableMFAForCognitoUser { // TODO - Add your data here! static String USERNAME = ""; // Input an unique username for the UserPool static String PHONE_NUMBER = ""; // Input the user phone number for the user Attribute static String USERPOOL_ID = ""; // Input the UserPool Id, e.g. us-east-1_xxxxxxxx static String USER_TEMP_PASSWORD = ""; // Input the temporary password for the user static String USER_EMAIL = ""; // Input the email for the user attribute public static void main(String[] args) { AWSCognitoIdentityProvider cognitoIdentityProvider = AWSCognitoIdentityProviderClientBuilder.defaultClient(); // Create User in UserPool using AdminCreateUser // @see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html">label</a> cognitoIdentityProvider.adminCreateUser( new AdminCreateUserRequest() .withUserPoolId(USERPOOL_ID) .withUsername(USERNAME) .withTemporaryPassword(USER_TEMP_PASSWORD) .withUserAttributes( new AttributeType() .withName("phone_number") .withValue(PHONE_NUMBER), new AttributeType() .withName("phone_number_verified") .withValue("true"), new AttributeType() .withName("email") .withValue(USER_EMAIL))); SMSMfaSettingsType sMSMfaSettings = new SMSMfaSettingsType().withPreferredMfa(Boolean.TRUE).withEnabled(Boolean.TRUE); // Set MFA preferred type for the User using AdminSetUserMFAPreference // @see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html">label</a> cognitoIdentityProvider.adminSetUserMFAPreference( new AdminSetUserMFAPreferenceRequest() .withSMSMfaSettings(sMSMfaSettings) .withUserPoolId(USERPOOL_ID) .withUsername(USERNAME)); // Add MFA Options type for the User using AdminSetUserSettings // @see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserSettings.html">label</a> cognitoIdentityProvider.adminSetUserSettings( new AdminSetUserSettingsRequest() .withUserPoolId(USERPOOL_ID) .withUsername(USERNAME) .withMFAOptions(Arrays.asList( new MFAOptionType() .withDeliveryMedium("SMS") .withAttributeName("phone_number")))); // Validate the data created/updated in this class. AdminGetUserResult user = cognitoIdentityProvider.adminGetUser( new AdminGetUserRequest() .withUserPoolId(USERPOOL_ID) .withUsername(USERNAME)); assert (user.getUsername().equals(USERNAME)); assert (!user.getMFAOptions().isEmpty()); assert (user.getMFAOptions().get(0).getDeliveryMedium().equals("SMS")); assert (user.getPreferredMfaSetting().equals("SMS_MFA")); assert (user.getEnabled()); } }

Sample Details

Service: cognito

Last tested: 2019-06-20

Author: wenzaca

Type: full-example

On this page: