I am using Custom Challenge for MFA because i wanted to use Twilio instead of AMAZON SNS. i have successfully implemented it. It works fine but When a user enters wrong OTP code. The user session is expired. means that he has to again provide phone number and request a OTP again. Whereas i want it to retry for atleast 3 time. before he need to request another OTP. My Response verify trigger is as simple as below, is there something that we can do.
(event, context, callback) => {
if (event.request.privateChallengeParameters.answer == event.request.challengeAnswer) {
event.response.answerCorrect = true;
} else {
event.response.answerCorrect = false;
}
callback(null, event);
}
I acheived this by adding the answer as a variable into challengeMetaData - which so far as I can see is not returned to the client but is available on subsequent calls, I also have a variable named attempts to track how many times the user has entered an incorrect value.My code is below - I hope it helps
const AWS = require("aws-sdk");
exports.handler = (event, context, callback) => {
const session = event.request.session;
const currentSession = session ? session.length - 1 : 0
switch (event.triggerSource) {
case 'DefineAuthChallenge_Authentication':
console.log("DefineAuthChallenge_Authentication");
console.log(event);
if (session.length === 0) {
event.response = {
challengeName: 'CUSTOM_CHALLENGE',
failAuthentication: false,
issueTokens: false
};
}
else {
if (session[currentSession].challengeName === 'CUSTOM_CHALLENGE') {
if (session[currentSession].challengeResult === true) {
event.response.issueTokens = true;
event.response.failAuthentication = false;
}
else {
let metaData = JSON.parse(session[currentSession].challengeMetadata);
if (metaData.attempts <= 3) {
event.response = {
challengeName: 'CUSTOM_CHALLENGE',
failAuthentication: false,
issueTokens: false
};
}
else {
event.response.issueTokens = false;
event.response.failAuthentication = true;
}
}
}
}
console.log(event);
break;
case 'CreateAuthChallenge_Authentication':
if (event.request.challengeName === 'CUSTOM_CHALLENGE') {
console.log("CreateAuthChallenge_Authentication");
console.log(event);
if (session.length === 0) {
let answer = Math.random().toString(10).substr(2, 6);
//Your logic to send a message goes here
event.response.publicChallengeParameters = { challengeType: 'SMS_CODE' };
event.response.privateChallengeParameters = { answer: answer };
event.response.challengeMetadata = JSON.stringify({ '_sid': answer, 'challengeType': 'SMS_CODE', attempts: 1 });
}
else {
let metaData = JSON.parse(session[currentSession].challengeMetadata);
if (metaData.attempts <= 3) {
event.response.publicChallengeParameters = { challengeType: 'SMS_CODE', errorCode: 'NotAuthorizedException' };
event.response.privateChallengeParameters = { answer: metaData._sid };
event.response.challengeMetadata = JSON.stringify({ '_sid': metaData._sid, 'challengeType': 'SMS_CODE', attempts: metaData.attempts + 1 });
}
}
}
console.log(event);
break;
default:
console.log("VerifyAuthChallenge_Authentication");
console.log(event);
if (event.request.privateChallengeParameters.answer === event.request.challengeAnswer) {
event.response.answerCorrect = true;
}
else { event.response.answerCorrect = false; }
console.log(event);
break;
}
callback(null, event);
};
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With