I'm implementing MFA authentication in a nodejs back-end application.
Method:
public async respondToAuthChallenge(payload: RespondToAuthChallengeDto) {
const params = {
ClientId: this.clientId,
ChallengeName: 'SOFTWARE_TOKEN_MFA',
ChallengeResponses: {
SOFTWARE_TOKEN_MFA_CODE: payload.mfaCode,
},
Session: payload.session
};
return this.cognitoIdentityServiceProvider.respondToAuthChallenge(params).promise();
}
Respose error:
Client [ID_CLIENT] is configured with secret but SECRET_HASH was not received
But if I add the secret hash I have this error
Unexpected key 'SECRET_HASH' found in params
The problem is that the params of the 'respondToAuthChallenge' method do not have the SecretHash, but my application aware has the secret client enabled. Do I need to disable client secretion to use MFA?