cognito | Ruby client for BlockScore Cognito API

I created a user pool in AWS Cognito with MFA set to optional

and adaptative authentication as Optional MFA.

The MFA method enabled for users is TOTP, which I enable by calling SetUserMFAPreference.

My use case requires that any user that uninstalls their TOTP app or buys a new mobile phone can install it again in their new device by generating a new valid TOTP token. The only way to generate a new TOTP valid token is by calling AssociateSoftwareToken, but it requires an access token that the user does not have as they are not signed in yet.

I tried with SetUserMFAPreference setting enabled=false but it did not work. Sign in still requires the TOTP challenge.

Is there any way to disable MFA or regenerate a new TOTP token to achieve below behaviour?

I'm building a Vue 3 app using the OptionsAPI along with a Pinia Store but I frequently run into an issue stating that I'm trying to access the store before createPinia() is called.

I've been following the documentation to use the Pinia store outside components as well, but maybe I'm not doing something the proper way.

Situation is as follows:

I have a login screen (/login) where I have a Cognito session manager, I click a link, go through Cognito's signup process, and then get redirected to a home route (/), in this route I also have a subroute that shows a Dashboard component where I make an API call.

On the Home component I call the store using useMainStore() and then update the state with information that came on the URL once I got redirected from Cognito, and then I want to use some of the state information in the API calls inside Dashboard.

This is my Home component, which works fine by itself, due to having const store = useMainStore(); inside the mounted() hook which I imagine is always called after the Pinia instance is created.

I've updated Nextjs to it's newest version and also updated next-auth and the prisma adapter as specified by the docs.

However, when I try to authenticate in the app with signIn I get the following error with the latest updates:

I'm trying to configure AWS Cognito to work with ADFS as a SAML provider in a dotnet core 3.1 MVC application. I believe I have ADFS and Cognito correctly configured as I can log into the application using a user in ADFS. I am at a stage where I can login and logout, however when logging out ADFS throws the error:

MSIS7054: The SAML logout did not complete properly.

This does still log the user out of ADFS. I think I’ve narrowed it down to the SAML logout messages ADFS receives need to be signed. References: here, here and here

Amazon describe how to do this from there end

To set up the SAML IdP to add a signing certificate: To get the certificate containing the public key which will be used by the identity provider to verify the signed logout request, choose Show signing certificate under Active SAML Providers on the SAML dialog under Identity providers on the Federation console page.

However, I’m not sure how I take their public key (which is just a string) and provided that to ADFS. The only thing I can seem to find is an encryption tab, that takes a certificate file (Is there some conversion thing I need to do?). I have tried this, which is putting the key inside a .cert file and adding to the relaying party encryption tab of ADFS, however this did not work.

Any help would be appreciated.

Thanks, Adam

**I am using AWS Appsync, AWS datastore, Aws Cognito, Aws API. When I am trying to save data on AWS Datastore it gives me this error "DataStoreError: The operation couldn’t be completed. (SQLite.Result error 0.)."

I have created a SAM template with a function in it. After deploying SAM the lambda function gets added and are also displayed while adding lambda function trigger in cognito but when I save it gives a 404 error.

SAM template

I'm trying to use AWS Cognito as an authorizer for my REST API in AWS API Gateway.

It asks me to fill in the Issuer URL:

I digged through the AWS Cognito User Pool page, there is no such thing.

I found a related answer here: AWS: Cognito integration with a beta HTTP API in API Gateway? and I quote:

I'm new to AWS and it's services. What I want to achieve is a multi-tenancy SaaS application. What my concept looks like: I use Cognito for user authentication. There all users no matter what tenant they belong to should use one frontend to login. For the tenant-recognition I use a custom attribute "custom:tenant" which I get from the JWT when the login is successful. For the applicantion itself I want to use VPCs and to ensure encapsulation each tenant should have their own VPC.

Example:

• User A of Tenant 1 login and gets back JWT with claim "custom:tenant":"1" should be routed to VPC 1
• User B of Tenant 2 login and gets back JWT with claim "custom:tenant":"2" should be routed to VPC 2

Now my question is: how do I achieve this routing from the success of the login to the appropriate VPC? Do I need further Services for that or where do I find these settings?

In an Android app which uses AWS services, if I deregister a registered ConnectivityManager.NetworkCallback, the app can no longer contact AWS services. I am uncertain why this is occurring, or how to contact the AWS services again. Currently, the only way to reconnect to AWS is to terminate the app and restart it.

To elaborate, one function of the app is to connect the user's Android device to a different WiFi network hotspot for the purposes of setting up an IoT device. At this moment of use, the user would be logged in using AWS's Cognito service. Because how an app can connect to WiFi was changed starting with API level 29, this associated code is only invoked on such devices and the problem is isolated to said devices. Here is the relevant snippet for how the connection is being created: