First, we will set up a user pool client for SMS verification; then, we will do user sign-up with SMS verification:
- Create a user pool client, as follows:
aws cognito-idp create-user-pool-client
--user-pool-id us-east-1_n5USdCHNf
--explicit-auth-flows USER_PASSWORD_AUTH
--client-name user-pool-client-signup
--profile admin
You can use describe-user-pool-client to get the details of the user pool client.
- Do user sign-up with a phone number as the username, as follows:
aws cognito-idp sign-up
--client-id 6amm4ins1md8fo5tvhtmel183h
--username +917411174114
--password Passw0rd$
You will need to start the phone number with a +, followed by the country code (for example, +44 for the United Kingdom and +91 for India).
If this is successful, you should get the following response:
You will now get a confirmation code SMS at the phone number you specified.
If you do not receive a confirmation authentication code after waiting for some time, or if the one that you received expires, you can use the resend-confirmation-code command, as follows:
aws cognito-idp resend-confirmation-code
--client-id 6amm4ins1md8fo5tvhtmel183h
--username +917411174114
- Confirm the user sign-up with the confirmation authentication code that was received in the previous step:
aws cognito-idp confirm-sign-up
--client-id 6amm4ins1md8fo5tvhtmel183h
--username +917411174114
--confirmation-code 432348
- Initiate the authentication flow, as follows:
aws cognito-idp initiate-auth
--client-id 6amm4ins1md8fo5tvhtmel183h
--auth-flow USER_PASSWORD_AUTH
--auth-parameters USERNAME=+917411174114,PASSWORD=Passw0rd$
As we have enabled MFA, you should get back an authentication challenge in the response, as shown in the following screenshot:
You will now receive an SMS with an authentication code.
- Respond to the authentication challenge with the authentication code that you received in an SMS and the session value that you received in the previous step:
aws cognito-idp respond-to-auth-challenge
--client-id 6amm4ins1md8fo5tvhtmel183h
--challenge-name SMS_MFA
--challenge-responses USERNAME=+917411174114,SMS_MFA_CODE=650598
--session <session>
If this is successful, you should get a response with the AccessToken, RefreshToken, and IdToken. You can use these for further operations, including deleting the user.