How to programmatically enable or disable MFA for a logged user in AWS Cognito user pool in Java?

Question

I am using the following code, but it doesn't change anything in the AWS, although it returns nothing as stated in the documentation. https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html

public boolean changeMfaStatus(String username, Boolean status) {
    final SMSMfaSettingsType smsMfaSettings = SMSMfaSettingsType.builder()
            .preferredMfa(true)
            .enabled(true)
            .build();
    final AdminSetUserMfaPreferenceRequest setUserMFAPreferenceRequest = AdminSetUserMfaPreferenceRequest.builder()
            .userPoolId(userPoolID)
            .smsMfaSettings(smsMfaSettings)
            .username(username)
            .build();
    LOG.warn(setUserMFAPreferenceRequest);
    try {
        cognitoClient.adminSetUserMFAPreference(setUserMFAPreferenceRequest);
    } catch (Exception e) {
        LOG.warn(e);
        return false;
    }
    return true;
}

Update: Actually, this code changes the SMS MFA Status, but the changes cannot be seen in the UI of the Cognito user pool. As the same thing from aws-cli also changes the status, but not in UI.

Update-0: At the application level, it works fine. When I enable MFA, I got the code, and when I disable it, I don't get the code. My problem is MFA Status doesn't change in the UI of Cognito Amazon Console, as shown in the above picture.

What is the difference between admin-set-user-mfa-preference and set-user-mfa-preference?

set-user-mfa-preference requires token compulsory as shown in the picture below. But in the code, I have used admin-set-user-mfa-preference

Does that make any differences?

Actually, whether you enable/disable SMS MFA status, it doesn't matter. It works according to the status sent from the application level.

But my concern is -> Is this okay that UI's operation not working?

Answer 1

The simple solution will be for this to enable or disable MFA programmatically,as we know the status of SMS MFA will not change using code, so you can create a custom status field on userpool and change the value for that fields according to code result, for example if the code enables MFA change the field value as Enabled, and if code disable MFA change field value to disabled, and if in backend you need status of MFA then you can take value from custom field you created and maintaining field value according to your code.... for me it was life saver.