feat(auth, authenticator): Add support for Email OTP MFA (#5449) (#5472)

* feat: Added support for Email OTP MFA

.gitattributes

@@ -74,6 +74,7 @@
 
 ## Generated SDK files
 packages/**/lib/src/sdk/src/**              linguist-generated
+packages/auth/amplify_auth_cognito_dart/lib/src/sdk/sdk_exception.dart linguist-generated
 
 ## Generated Swift Plugins
 packages/amplify_datastore/ios/internal/**  linguist-generated

infra-gen2/backends/auth/mfa-optional-email-sms/.gitignore

@@ -0,0 +1,5 @@
+# amplify
+node_modules
+.amplify
+amplify_outputs*
+amplifyconfiguration*

infra-gen2/backends/auth/mfa-optional-email-sms/amplify/auth/resource.ts

@@ -0,0 +1,18 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineAuth } from "@aws-amplify/backend";
+
+export const auth = defineAuth({
+  name: "mfa-optional-email-sms",
+  loginWith: {
+    email: true,
+  },
+
+  // TODO(khatruong2009): Uncomment the following line when the feature is ready.
+  // multifactor: {
+  //   mode: "OPTIONAL",
+  //   email: true,
+  //   sms: true,
+  // },
+});

infra-gen2/backends/auth/mfa-optional-email-sms/amplify/backend.ts

@@ -0,0 +1,25 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineBackend } from "@aws-amplify/backend";
+import { addAuthUserExtensions } from "infra-common";
+import { auth } from "./auth/resource";
+
+const backend = defineBackend({
+  auth,
+});
+
+const resources = backend.auth.resources;
+const { userPool, cfnResources } = resources;
+const { stack } = userPool;
+const { cfnUserPool } = cfnResources;
+
+// Adds infra for creating/deleting users via App Sync and fetching confirmation
+// and MFA codes from App Sync.
+const customOutputs = addAuthUserExtensions({
+  name: "mfa-optional-email-sms",
+  stack,
+  userPool,
+  cfnUserPool,
+});
+backend.addOutput(customOutputs);

infra-gen2/backends/auth/mfa-optional-email-sms/amplify/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

infra-gen2/backends/auth/mfa-optional-email-sms/amplify/tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "target": "es2022",
+    "module": "es2022",
+    "moduleResolution": "bundler",
+    "resolveJsonModule": true,
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "paths": {
+      "$amplify/*": [
+        "../.amplify/generated/*"
+      ]
+    }
+  }
+}

infra-gen2/backends/auth/mfa-optional-email-sms/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "mfa-optional-email-sms",
+  "version": "1.0.0",
+  "main": "index.js"
+}

infra-gen2/backends/auth/mfa-optional-email-totp/.gitignore

@@ -0,0 +1,5 @@
+# amplify
+node_modules
+.amplify
+amplify_outputs*
+amplifyconfiguration*

infra-gen2/backends/auth/mfa-optional-email-totp/amplify/auth/resource.ts

@@ -0,0 +1,18 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineAuth } from "@aws-amplify/backend";
+
+export const auth = defineAuth({
+  name: "mfa-optional-email-totp",
+  loginWith: {
+    email: true,
+  },
+
+  // TODO(khatruong2009): Uncomment the following line when the feature is ready.
+  // multifactor: {
+  //   mode: "OPTIONAL",
+  //   email: true,
+  //   totp: true,
+  // },
+});

infra-gen2/backends/auth/mfa-optional-email-totp/amplify/backend.ts

@@ -0,0 +1,25 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineBackend } from "@aws-amplify/backend";
+import { addAuthUserExtensions } from "infra-common";
+import { auth } from "./auth/resource";
+
+const backend = defineBackend({
+  auth,
+});
+
+const resources = backend.auth.resources;
+const { userPool, cfnResources } = resources;
+const { stack } = userPool;
+const { cfnUserPool } = cfnResources;
+
+// Adds infra for creating/deleting users via App Sync and fetching confirmation
+// and MFA codes from App Sync.
+const customOutputs = addAuthUserExtensions({
+  name: "mfa-optional-email-totp",
+  stack,
+  userPool,
+  cfnUserPool,
+});
+backend.addOutput(customOutputs);

infra-gen2/backends/auth/mfa-optional-email-totp/amplify/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

infra-gen2/backends/auth/mfa-optional-email-totp/amplify/tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "target": "es2022",
+    "module": "es2022",
+    "moduleResolution": "bundler",
+    "resolveJsonModule": true,
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "paths": {
+      "$amplify/*": [
+        "../.amplify/generated/*"
+      ]
+    }
+  }
+}

infra-gen2/backends/auth/mfa-optional-email-totp/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "mfa-optional-email-totp",
+  "version": "1.0.0",
+  "main": "index.js"
+}

infra-gen2/backends/auth/mfa-optional-email/.gitignore

@@ -0,0 +1,5 @@
+# amplify
+node_modules
+.amplify
+amplify_outputs*
+amplifyconfiguration*

infra-gen2/backends/auth/mfa-optional-email/amplify/auth/resource.ts

@@ -0,0 +1,17 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineAuth } from "@aws-amplify/backend";
+
+export const auth = defineAuth({
+  name: "mfa-optional-email",
+  loginWith: {
+    email: true,
+  },
+
+  // TODO(khatruong2009): Uncomment the following line when the feature is ready.
+  // multifactor: {
+  //   mode: "OPTIONAL",
+  //   email: true,
+  // },
+});

infra-gen2/backends/auth/mfa-optional-email/amplify/backend.ts

@@ -0,0 +1,25 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineBackend } from "@aws-amplify/backend";
+import { addAuthUserExtensions } from "infra-common";
+import { auth } from "./auth/resource";
+
+const backend = defineBackend({
+  auth,
+});
+
+const resources = backend.auth.resources;
+const { userPool, cfnResources } = resources;
+const { stack } = userPool;
+const { cfnUserPool } = cfnResources;
+
+// Adds infra for creating/deleting users via App Sync and fetching confirmation
+// and MFA codes from App Sync.
+const customOutputs = addAuthUserExtensions({
+  name: "mfa-optional-email",
+  stack,
+  userPool,
+  cfnUserPool,
+});
+backend.addOutput(customOutputs);

infra-gen2/backends/auth/mfa-optional-email/amplify/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

infra-gen2/backends/auth/mfa-optional-email/amplify/tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "target": "es2022",
+    "module": "es2022",
+    "moduleResolution": "bundler",
+    "resolveJsonModule": true,
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "paths": {
+      "$amplify/*": [
+        "../.amplify/generated/*"
+      ]
+    }
+  }
+}

infra-gen2/backends/auth/mfa-optional-email/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "mfa-optional-email",
+  "version": "1.0.0",
+  "main": "index.js"
+}

infra-gen2/backends/auth/mfa-required-email-sms/.gitignore

@@ -0,0 +1,5 @@
+# amplify
+node_modules
+.amplify
+amplify_outputs*
+amplifyconfiguration*

infra-gen2/backends/auth/mfa-required-email-sms/amplify/auth/resource.ts

@@ -0,0 +1,17 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineAuth } from "@aws-amplify/backend";
+
+export const auth = defineAuth({
+  name: "mfa-required-email-sms",
+  loginWith: {
+    email: true,
+  },
+  // TODO(khatruong2009): Uncomment the following line when the feature is ready.
+  // multifactor: {
+  //   mode: "REQUIRED",
+  //   email: true,
+  //   sms: true,
+  // },
+});

infra-gen2/backends/auth/mfa-required-email-sms/amplify/backend.ts

@@ -0,0 +1,25 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineBackend } from "@aws-amplify/backend";
+import { addAuthUserExtensions } from "infra-common";
+import { auth } from "./auth/resource";
+
+const backend = defineBackend({
+  auth,
+});
+
+const resources = backend.auth.resources;
+const { userPool, cfnResources } = resources;
+const { stack } = userPool;
+const { cfnUserPool } = cfnResources;
+
+// Adds infra for creating/deleting users via App Sync and fetching confirmation
+// and MFA codes from App Sync.
+const customOutputs = addAuthUserExtensions({
+  name: "mfa-required-email-sms",
+  stack,
+  userPool,
+  cfnUserPool,
+});
+backend.addOutput(customOutputs);

infra-gen2/backends/auth/mfa-required-email-sms/amplify/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

infra-gen2/backends/auth/mfa-required-email-sms/amplify/tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "target": "es2022",
+    "module": "es2022",
+    "moduleResolution": "bundler",
+    "resolveJsonModule": true,
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "paths": {
+      "$amplify/*": [
+        "../.amplify/generated/*"
+      ]
+    }
+  }
+}

infra-gen2/backends/auth/mfa-required-email-sms/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "mfa-required-email-sms",
+  "version": "1.0.0",
+  "main": "index.js"
+}

infra-gen2/backends/auth/mfa-required-email-totp/.gitignore

@@ -0,0 +1,5 @@
+# amplify
+node_modules
+.amplify
+amplify_outputs*
+amplifyconfiguration*

infra-gen2/backends/auth/mfa-required-email-totp/amplify/auth/resource.ts

@@ -0,0 +1,17 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineAuth } from "@aws-amplify/backend";
+
+export const auth = defineAuth({
+  name: "mfa-required-email-totp",
+  loginWith: {
+    email: true,
+  },
+  // TODO(khatruong2009): Uncomment the following line when the feature is ready.
+  // multifactor: {
+  //   mode: "REQUIRED",
+  //   email: true,
+  //   totp: true,
+  // },
+});

infra-gen2/backends/auth/mfa-required-email-totp/amplify/backend.ts

@@ -0,0 +1,25 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { defineBackend } from "@aws-amplify/backend";
+import { addAuthUserExtensions } from "infra-common";
+import { auth } from "./auth/resource";
+
+const backend = defineBackend({
+  auth,
+});
+
+const resources = backend.auth.resources;
+const { userPool, cfnResources } = resources;
+const { stack } = userPool;
+const { cfnUserPool } = cfnResources;
+
+// Adds infra for creating/deleting users via App Sync and fetching confirmation
+// and MFA codes from App Sync.
+const customOutputs = addAuthUserExtensions({
+  name: "mfa-required-email-totp",
+  stack,
+  userPool,
+  cfnUserPool,
+});
+backend.addOutput(customOutputs);

infra-gen2/backends/auth/mfa-required-email-totp/amplify/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}