Remember device not working after associate SoftwareMFA

[namhvattanaakk]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.

Language and Async Model

Kotlin

Amplify Categories

Authentication

Gradle script dependencies

// Put output below this line

implementation 'com.amplifyframework:aws-auth-cognito:1.18.0'

Environment information

# Put output below this line

------------------------------------------------------------
Gradle 6.7.1
------------------------------------------------------------

Build time:   2020-11-16 17:09:24 UTC
Revision:     2972ff02f3210d2ceed2f1ea880f026acfbab5c0

Kotlin:       1.3.72
Groovy:       2.5.12
Ant:          Apache Ant(TM) version 1.10.8 compiled on May 10 2020
JVM:          17.0.8.1 (JetBrains s.r.o. 17.0.8.1+7-b1059.3)
OS:           Mac OS X 14.2.1 aarch64

Please include any relevant guides or documentation you're referencing

https://docs.amplify.aws/android/prev/build-a-backend/auth/remember-device/

Describe the bug

I have used Amplify SDK v1 for Authentication feature in Mobile (both Android & iOS)
After setup MFA, I called Auth.rememberDevice, it returns success but in next login, cognito asked for confirm otp code.

Reproduction steps (if applicable)

Step 1: Login user
User login with username & password, using amplify sdk v1

Step 2: Associate software token
Our back-end calls AssociateSoftwareToken and return secret code to Mobile via our api.
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html

Step 3: Verify software token
3.1 Our back-end calls VerifySoftwareToken with UserCode provided by client via our api
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html

3.2: Our back-end call AdminSetUserMFAPreference with option below
{ "SoftwareTokenMfaSettings": { "Enabled": true, "PreferredMfa": boolean }, "Username": "string", "UserPoolId": "string" }

Step 4: Remember device
Mobile app call Auth.rememberDevice and it return success

Step 5: Logout
Mobile app call Auth.logout and it return success

Step 6: Login again
Mobile app call Auth.signIn and it return fail with signInStep = CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

amplifyconfiguration.json

No response

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

No response

[tylerjroach]

@namhvattanaakk Amplify v1.18.0 is about 3.5 years old. There have been many updates and bug fixes since then. Amplify v1 is also currently in maintenance mode and will stop receiving updates after May 31st, 2024.

Please attempt to use Amplify v2 and let us know if your issue is resolved. If there is something that is currently blocking you from using Amplify v1, please attempt our latest v1 version (1.38.8).

[namhvattanaakk]

@namhvattanaakk Amplify v1.18.0 is about 3.5 years old. There have been many updates and bug fixes since then. Amplify v1 is also currently in maintenance mode and will stop receiving updates after May 31st, 2024.

Please attempt to use Amplify v2 and let us know if your issue is resolved. If there is something that is currently blocking you from using Amplify v1, please attempt our latest v1 version (1.38.8).

I know this information but I think the rememberDevice not working is not releate to sdk version

[mattcreaser]

@namhvattanaakk I have verified that rememberDevice is working correct in Amplify 2.14.9. If you're still seeing an issue after upgrading, here are a couple of things to check:

• Is device tracking enabled for your user pool? You can check under Edit device tracking. It should be "Always" or "User Opt-In".

• After calling the rememberDevice API, does the user in your user pool show as "Yes" for remembered?

[namhvattanaakk]

@namhvattanaakk I have verified that rememberDevice is working correct in Amplify 2.14.9. If you're still seeing an issue after upgrading, here are a couple of things to check:

• Is device tracking enabled for your user pool? You can check under Edit device tracking. It should be "Always" or "User Opt-In".

* After calling the `rememberDevice` API, does the user in your user pool show as "Yes" for remembered?

@mattcreaser The rememberDevice function works in normal case
signIn -> confirmSignIn -> rememberDevice

But not work with the use-case what I logged above

[tylerjroach]

@namhvattanaakk I apologize for the amount of time that has passed but I wanted to see if the issue was still present for you. Were you able to upgrade to Amplify v2 and try it out?

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.