I leave this comment in case someone faces the same issue in the future. In order to have the TOTP MFA method to work, you have to do an extra step (apart the ones I described). More specific, after you have called the associateSoftwareToken to get a key and added it in your authenticator application, you must verify one TOTP code. So, in your application you should call the VerifySoftwareToken function with a valid accessToken and a valid TOTP code. If everything is successful, the next time you try to login (in my case using adminInitiateAuth ), you get the SOFTWARE_TOKEN_MFA challenge.
Edited by: ktzevelekidis on May 6, 2020 4:21 AM
In your case is it working for all logins? I have a problem where the TOTP challenge is only sent on the first login after activation, did you find anything about it?
No, in my case it works as expected. Each time I try to login, it asks for the SOFTWARE_TOKEN_MFA challenge. In case it helps, I am using the adminInitiateAuth function for the login process.
AWS Cognito and empty device listasked 3 months ago
Problem creating Cognito user pool with optional MFA without SMS optionasked 5 months ago
Cognito set user MFA required when using TOTP onlyasked 8 months ago
Cognito Hosted UI TOTP or Amplifyasked a year ago
Setup TOTP screen for Hosted UIasked 9 months ago
Remember device to suppress MFA challenge using Cognito Hosted UIasked 4 months ago
Cognito TOTP MFA issueasked 3 years ago
Not able to Enable and Verfiy TOTP based MFA token using Cognitoasked 7 months ago
MFA trouble, QR or TOTP not acceptedasked 2 years ago
What IAM policies need my backend application written in Java to work with Cognito ?asked 4 months ago