Want to use an AWS Cognito User Pool without putting a password for an easier approach

Question

I want to use a phone number as the username for my app and I want it to make it simple to sign up by just having to verify the phone number each time anyone want to login (don't want to remember any huge passwords)

How to do I do this with AWS Cognito User Pool as its asking me to mandatorily configure a password for each an every user.

Then I used a dummy password for each user and configure mandatory user verification. Every time the user sign out I can "Unverify" the user so that next time they would automatically be asked to verify the phone number. Also, I would wire up my app to only "login" if the user is verified.

Please let me know if it's an appropriate approach.

Thanks !!

Cloud gunner · Answer 1 · May 4, 2018

Currently, AWS Cognito is not supporting passwordless authentication you need to put up some efforts with some random passwords which are stored externally.
You can implement the authentication flow as follows.

After user Signup -> Also ask for the mobile number and make it mandatory ->store the Mobile number -> Username and Password also in Dynamodb encrypted with AWS KMS for an added security

Use MFA with a mobile number for authentication
If planning to implement the flow manually without using MFA to send the SMS & validation, you may use AWS SNS for that

Check the following code sample to understand the insight of MFA :

 var userData = { 
        Username : 'username',
        Pool : userPool
    };

    cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);

    var authenticationData = {
        Username : 'username',
        Password : 'password',
    };

    var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);

    cognitoUser.authenticateUser(authenticationDetails, {
        onSuccess: function (result) {
            alert('authentication successful!')
        },

        onFailure: function(err) {
            alert(err);
        },

        mfaRequired: function(codeDeliveryDetails) {
            var verificationCode = prompt('Please input verification code' ,'');
            cognitoUser.sendMFACode(verificationCode, this);
        }

    });

Note: Here the MFA with a mobile number is not used for the purpose of MFA but as a workaround to meet your requirement.