fix: MFA types to not require sms settings if turned off (#1303)

aws-amplify · Apr 16, 2024 · 65b516d · 65b516d
1 parent e7817b2
commit 65b516d
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 38 deletions.
diff --git a/.changeset/mean-news-beg.md b/.changeset/mean-news-beg.md
@@ -0,0 +1,5 @@
+---
+'@aws-amplify/auth-construct-alpha': patch
+---
+
+fix: MFA types to not require sms settings if turned off
diff --git a/packages/auth-construct/API.md b/packages/auth-construct/API.md
@@ -85,17 +85,28 @@ export type IdentityProviderProps = {
 
 // @public
 export type MFA = {
-    mode: 'OFF' | 'OPTIONAL' | 'REQUIRED';
-} & MFASettings;
+    mode: 'OFF';
+} | ({
+    mode: 'OPTIONAL' | 'REQUIRED';
+} & MFASettings);
 
 // @public
 export type MFASettings = {
-    totp?: boolean;
-    sms: boolean | {
-        smsMessage: (code: string) => string;
-    };
+    totp?: MFATotpSettings;
+    sms: MFASmsSettings;
+} | {
+    totp: MFATotpSettings;
+    sms?: MFASmsSettings;
+};
+
+// @public
+export type MFASmsSettings = boolean | {
+    smsMessage: (code: string) => string;
 };
 
+// @public
+export type MFATotpSettings = boolean;
+
 // @public
 export type OidcProviderProps = Omit<aws_cognito.UserPoolIdentityProviderOidcProps, 'userPool' | 'attributeRequestMethod' | 'attributeMapping'> & {
     readonly attributeRequestMethod?: 'GET' | 'POST';

diff --git a/packages/auth-construct/src/index.ts b/packages/auth-construct/src/index.ts
@@ -12,6 +12,8 @@ export {
   VerificationEmailWithCode,
   VerificationEmailWithLink,
   MFA,
+  MFASmsSettings,
+  MFATotpSettings,
   MFASettings,
   PhoneNumberLogin,
   TriggerEvent,

diff --git a/packages/auth-construct/src/types.ts b/packages/auth-construct/src/types.ts
@@ -80,41 +80,49 @@ export type PhoneNumberLogin =
     };
 
 /**
- * Configure the MFA types that users can use. Ignored if MFA mode is set to OFF.
+ * If true, or if a settings object is provided, the MFA token is sent to the user via SMS to their verified phone numbers.
+ * @see - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-text-message.html
  */
-export type MFASettings = {
-  /**
-   * If true, the MFA token is a time-based one time password that is generated by a hardware or software token
-   * @see - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html
-   * @default false
-   */
-  totp?: boolean;
-  /**
-   * If true, or if a settings object is provided, the MFA token is sent to the user via SMS to their verified phone numbers.
-   * @see - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-text-message.html
-   */
-  sms:
-    | boolean
-    | {
-        /**
-         * The SMS message template sent during MFA verification.
-         * Use the code parameter in the template where Cognito should insert the verification code.
-         * @default
-         * smsMessage: (code: string) => `Your authentication code is ${code}.`
-         */
-        smsMessage: (code: string) => string;
-      };
-};
+export type MFASmsSettings =
+  | boolean
+  | {
+      /**
+       * The SMS message template sent during MFA verification.
+       * Use the code parameter in the template where Cognito should insert the verification code.
+       * @default
+       * smsMessage: (code: string) => `Your authentication code is ${code}.`
+       */
+      smsMessage: (code: string) => string;
+    };
 /**
- * MFA Settings
+ * If true, the MFA token is a time-based one time password that is generated by a hardware or software token
+ * @see - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html
  */
-export type MFA = {
-  /**
-   * Configure whether users can or are required to use multifactor (MFA) to sign in.
-   * @default - 'OFF'
-   */
-  mode: 'OFF' | 'OPTIONAL' | 'REQUIRED';
-} & MFASettings;
+export type MFATotpSettings = boolean;
+/**
+ * Configure the MFA types that users can use. At least one of totp or sms is required.
+ */
+export type MFASettings =
+  | {
+      totp?: MFATotpSettings;
+      sms: MFASmsSettings;
+    }
+  | { totp: MFATotpSettings; sms?: MFASmsSettings };
+
+/**
+ * MFA configuration. MFA settings are required if the mode is either "OPTIONAL" or "REQUIRED"
+ */
+export type MFA =
+  | {
+      /**
+       * Configure whether users can or are required to use multifactor (MFA) to sign in.
+       * @default - 'OFF'
+       */
+      mode: 'OFF';
+    }
+  | ({
+      mode: 'OPTIONAL' | 'REQUIRED';
+    } & MFASettings);
 /**
  * Properties which all identity providers have
  */