Which "code" is invalid: the QR or the TOTP?
I have generated QR codes which both "Duo Mobile" and "Google Authenticator" find acceptable (and that took a while)
but when I enter the 6-digit response I get
"Invalid code provided, please request a code again."
Entering a second POTP doesn't help, nor does starting over with a new QR (after deleting account).
The QR comes from
qr_code = "otpauth://totp/AWSCognito:" + user.username + "?secret=" + code + "&issuer=Cognito";
The name and password pass cognito check.
Cognito configs:
Allowed flows: Authorization code grant, Implicit grant
Allowed scopes: phone, openid
Edited by: segmented on Jul 6, 2020 6:59 PM
AWS 官方已更新 1 年前