Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth v6 - How to respond to challenge_answer after redirecting back from Duo Security's URL? #13286

Open
3 tasks done
hanoj-budime opened this issue Apr 24, 2024 · 2 comments
Open
3 tasks done

Auth v6 - How to respond to challenge_answer after redirecting back from Duo Security's URL? #13286

hanoj-budime opened this issue Apr 24, 2024 · 2 comments
Assignees
@cwomack
Labels
Auth Related to Auth components/category question General question

Comments

@hanoj-budime
Copy link

hanoj-budime commented Apr 24, 2024
edited

Before opening, please confirm:

JavaScript Framework

React

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

CUSTOM_WITH_SRP

Environment information

# Put output below this line
  System:
    OS: Windows 10 10.0.19045
    CPU: (12) x64 AMD Ryzen 5 PRO 4650U with Radeon Graphics
    Memory: 3.37 GB / 15.23 GB
  Binaries:
    Node: 18.19.0 - C:\Program Files\nodejs\node.EXE        
    Yarn: 1.22.21 - ~\AppData\Roaming\npm\yarn.CMD
    npm: 9.6.3 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: Chromium (123.0.2420.97)
    Internet Explorer: 11.0.19041.3636
  npmPackages:
    @vitejs/plugin-react: ^4.2.0 => 4.2.1
    aws-amplify: ^6.0.30 => 6.0.30
    aws-amplify/adapter-core:  undefined ()
    aws-amplify/analytics:  undefined ()
    aws-amplify/analytics/kinesis:  undefined ()
    aws-amplify/analytics/kinesis-firehose:  undefined ()
    aws-amplify/analytics/personalize:  undefined ()
    aws-amplify/analytics/pinpoint:  undefined ()
    aws-amplify/api:  undefined ()
    aws-amplify/api/server:  undefined ()
    aws-amplify/auth:  undefined ()
    aws-amplify/auth/cognito:  undefined ()
    aws-amplify/auth/cognito/server:  undefined ()
    aws-amplify/auth/enable-oauth-listener:  undefined ()
    aws-amplify/auth/server:  undefined ()
    aws-amplify/data:  undefined ()
    aws-amplify/data/server:  undefined ()
    aws-amplify/datastore:  undefined ()
    aws-amplify/in-app-messaging:  undefined ()
    aws-amplify/in-app-messaging/pinpoint:  undefined ()
    aws-amplify/push-notifications:  undefined ()
    aws-amplify/push-notifications/pinpoint:  undefined ()
    aws-amplify/storage:  undefined ()
    aws-amplify/storage/s3:  undefined ()
    aws-amplify/storage/s3/server:  undefined ()
    aws-amplify/storage/server:  undefined ()
    aws-amplify/utils:  undefined ()
    react: ^18.x => 18.2.0
    react-dom: ^18.x => 18.2.0
    react-icons: ^4.11.0 => 4.12.0
    react-router-dom: ^5.2.0 => 5.3.4
    start-server-and-test: ^2.0.3 => 2.0.3
    styled-components: ^5.0.1 => 5.3.11
    styled-components/macro:  undefined ()
    styled-components/native:  undefined ()
    styled-components/primitives:  undefined ()
    vite: ^5.0.0 => 5.1.4
    vite-plugin-node-polyfills: 0.17.0 => 0.17.0
  npmGlobalPackages:
    @aws-amplify/cli: 10.4.1
    npm: 9.6.3
    nx: 16.7.4

Describe the bug

How to configure Duo multi-factor authentication with Amplify ?

I found this article that explains how to set up and integrate Duo Security with Cognito. It's working fine based on the example they showcase here..
https://aws.amazon.com/blogs/security/how-to-configure-duo-multi-factor-authentication-with-amazon-cognito/

Now, the problem here is that they are referring to the legacy package 'amazon-cognito-identity.js', but we want to use Amplify.

Authentication flow

image

From the image above, the authentication flow from point 4 to 6: how do we manage the user session and respond with the challenge_answer to authenticate the user?

As it redirects to the 'Duo Authenticator' based on user MFA validation callbacks to the original application URL, does Amplify support managing the user sessions and update previous session user to answer challenge ?

Expected behavior

image

Reproduction steps

https://github.com/aws-samples/duomfa-with-amazon-cognito
Example code, But we have to migrate Amplify v6..
@hanoj-budime hanoj-budime added the pending-triage Issue is pending triage label Apr 24, 2024
@cwomack cwomack self-assigned this Apr 24, 2024
@cwomack cwomack added the Auth Related to Auth components/category label Apr 24, 2024
@israx
Copy link
Contributor

israx commented Apr 24, 2024

hello @hanoj-budime . Ideally you would need to call the confirmSignIn API on the step 6 from the sequence diagram above. Unfortunately at that point the current sign-in session might be lost due to the redirection from the DUO App to the client.

The good news is that we are currently working on a mechanism to persist the login session. This will allow you to resume the authentication flow.

@cwomack cwomack added pending-response Issue is pending response from the issue requestor question General question and removed pending-triage Issue is pending triage labels Apr 24, 2024
@hanoj-budime
Copy link
Author

Thanks, @israx , for the quick response. We're interested in the new feature "persist the login session," and I'm glad to hear that you guys are already working on it. Let's keep this issue open. We'll test your feature and let you know if we encounter any issues.

If possible, could you share your roadmap for this feature and when it will be generally available (GA)?

@github-actions github-actions bot removed the pending-response Issue is pending response from the issue requestor label Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cwomack cwomack

Labels
Auth Related to Auth components/category question General question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hanoj-budime @cwomack @israx