From ea581db54332478dbedbef3e88e17c1a91273be9 Mon Sep 17 00:00:00 2001
From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com>
Date: Tue, 17 Dec 2024 12:56:02 -0800
Subject: [PATCH 1/5] feat(authenticator): add initial email mfa types and
 confirm sign in with code flow

---
 .../ui/src/helpers/authenticator/textUtil.ts  |  4 ++
 .../authenticator/defaultTexts.ts             |  2 +
 .../ui/src/machines/authenticator/actions.ts  |  4 ++
 .../machines/authenticator/actors/signIn.ts   | 60 +++++++++++++++++++
 .../ui/src/machines/authenticator/guards.ts   | 11 +++-
 .../ui/src/machines/authenticator/types.ts    |  5 ++
 6 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/packages/ui/src/helpers/authenticator/textUtil.ts b/packages/ui/src/helpers/authenticator/textUtil.ts
index 173c1f5f807..8add8d66459 100644
--- a/packages/ui/src/helpers/authenticator/textUtil.ts
+++ b/packages/ui/src/helpers/authenticator/textUtil.ts
@@ -15,6 +15,10 @@ const getChallengeText = (challengeName?: ChallengeName): string => {
       return translate(DefaultTexts.CONFIRM_SMS);
     case 'SOFTWARE_TOKEN_MFA':
       return translate(DefaultTexts.CONFIRM_TOTP);
+    case 'EMAIL_OTP':
+      return translate(DefaultTexts.CONFIRM_EMAIL);
+    case 'SELECT_MFA_TYPE':
+      return translate(DefaultTexts.SELECT_MFA_TYPE);
     default:
       return translate(DefaultTexts.CONFIRM_MFA_DEFAULT);
   }
diff --git a/packages/ui/src/i18n/dictionaries/authenticator/defaultTexts.ts b/packages/ui/src/i18n/dictionaries/authenticator/defaultTexts.ts
index b040b9ceeda..45dfa6669ae 100644
--- a/packages/ui/src/i18n/dictionaries/authenticator/defaultTexts.ts
+++ b/packages/ui/src/i18n/dictionaries/authenticator/defaultTexts.ts
@@ -17,6 +17,8 @@ export const defaultTexts = {
   CONFIRM_RESET_PASSWORD_HEADING: 'Reset your Password',
   CONFIRM_SIGNUP_HEADING: 'Confirm Sign Up',
   CONFIRM_SMS: 'Confirm SMS Code',
+  CONFIRM_EMAIL: 'Confirm Email Code',
+  SELECT_MFA_TYPE: 'Select MFA Type',
   // If challenge name is not returned
   CONFIRM_MFA_DEFAULT: 'Confirm MFA Code',
   CONFIRM_TOTP: 'Confirm TOTP Code',
diff --git a/packages/ui/src/machines/authenticator/actions.ts b/packages/ui/src/machines/authenticator/actions.ts
index 18985d5109b..e6eae417a31 100644
--- a/packages/ui/src/machines/authenticator/actions.ts
+++ b/packages/ui/src/machines/authenticator/actions.ts
@@ -63,6 +63,10 @@ const setChallengeName = assign({
       ? 'SMS_MFA'
       : signInStep === 'CONFIRM_SIGN_IN_WITH_TOTP_CODE'
       ? 'SOFTWARE_TOKEN_MFA'
+      : signInStep === 'CONFIRM_SIGN_IN_WITH_EMAIL_CODE'
+      ? 'EMAIL_OTP'
+      : signInStep === 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'
+      ? 'SELECT_MFA_TYPE'
       : undefined;
   },
 });
diff --git a/packages/ui/src/machines/authenticator/actors/signIn.ts b/packages/ui/src/machines/authenticator/actors/signIn.ts
index 297254dafdc..a5f25001c22 100644
--- a/packages/ui/src/machines/authenticator/actors/signIn.ts
+++ b/packages/ui/src/machines/authenticator/actors/signIn.ts
@@ -90,10 +90,24 @@ export function signInActor({ services }: SignInMachineOptions) {
               cond: 'shouldConfirmSignIn',
               target: 'confirmSignIn',
             },
+            /*
+            {
+              cond: 'shouldSelectMfa',
+              target: 'confirmSignIn',
+            },
+            */
+            {
+              cond: 'shouldSelectMfa',
+              target: 'selectMfa',
+            },
             {
               cond: 'shouldSetupTotp',
               target: 'setupTotp',
             },
+            {
+              cond: 'shouldSetupEmailMfa',
+              target: 'setupEmailMfa', // implement this
+            },
             {
               cond: ({ step }) =>
                 step === 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED',
@@ -273,6 +287,52 @@ export function signInActor({ services }: SignInMachineOptions) {
             },
           },
         },
+        setupEmailMfa: {
+          initial: 'edit',
+          exit: ['clearFormValues', 'clearError', 'clearTouched'],
+          states: {
+            edit: {
+              entry: 'sendUpdate',
+              on: {
+                SUBMIT: { actions: 'handleSubmit', target: 'submit' },
+                SIGN_IN: '#signInActor.signIn',
+                CHANGE: { actions: 'handleInput' },
+              },
+            },
+            submit: {
+              tags: 'pending',
+              entry: ['sendUpdate', 'clearError'],
+              invoke: { src: 'confirmSignIn', ...handleSignInResponse },
+            },
+          },
+        },
+        selectMfa: {
+          initial: 'edit',
+          exit: [
+            'clearChallengeName',
+            'clearFormValues',
+            'clearError',
+            'clearTouched',
+          ],
+          states: {
+            edit: {
+              entry: 'sendUpdate',
+              on: {
+                SUBMIT: { actions: 'handleSubmit', target: 'submit' },
+                SIGN_IN: '#signInActor.signIn',
+                CHANGE: { actions: 'handleInput' },
+              },
+            },
+            submit: {
+              tags: 'pending',
+              entry: ['clearError', 'sendUpdate'],
+              invoke: {
+                src: 'confirmSignIn',
+                ...handleSignInResponse,
+              },
+            },
+          },
+        },
         resolved: {
           type: 'final',
           data: (context): ActorDoneData => ({
diff --git a/packages/ui/src/machines/authenticator/guards.ts b/packages/ui/src/machines/authenticator/guards.ts
index 7a215bcb130..83ab2a68bc6 100644
--- a/packages/ui/src/machines/authenticator/guards.ts
+++ b/packages/ui/src/machines/authenticator/guards.ts
@@ -12,6 +12,7 @@ import { AuthActorContext, AuthEvent } from './types';
 const SIGN_IN_STEP_MFA_CONFIRMATION: string[] = [
   'CONFIRM_SIGN_IN_WITH_SMS_CODE',
   'CONFIRM_SIGN_IN_WITH_TOTP_CODE',
+  'CONFIRM_SIGN_IN_WITH_EMAIL_CODE',
 ];
 
 // response next step guards
@@ -55,7 +56,7 @@ const isConfirmUserAttributeStep = (_: AuthActorContext, { data }: AuthEvent) =>
 
 const isShouldConfirmUserAttributeStep = (
   _: AuthActorContext,
-  { data }: AuthEvent
+  { data }: AuthEvent 
 ) => data?.step === 'SHOULD_CONFIRM_USER_ATTRIBUTE';
 
 const isResetPasswordStep = (_: AuthActorContext, { data }: AuthEvent) =>
@@ -80,6 +81,12 @@ const shouldConfirmResetPassword = ({ step }: AuthActorContext) =>
 const shouldConfirmSignUp = ({ step }: AuthActorContext) =>
   step === 'CONFIRM_SIGN_UP';
 
+const shouldSetupEmailMfa = ({ step }: AuthActorContext) =>
+  step === 'CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP'; // 'CONTINUE_SIGN_IN_WITH_EMAIL_SETUP' in js library
+
+const shouldSelectMfa = ({ step }: AuthActorContext) =>
+  step === 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION';
+
 // miscellaneous guards
 const shouldVerifyAttribute = (
   _: AuthActorContext,
@@ -132,6 +139,8 @@ const GUARDS: MachineOptions<AuthActorContext, AuthEvent>['guards'] = {
   shouldResetPassword,
   shouldResetPasswordFromSignIn,
   shouldSetupTotp,
+  shouldSetupEmailMfa,
+  shouldSelectMfa,
   shouldVerifyAttribute,
 };
 
diff --git a/packages/ui/src/machines/authenticator/types.ts b/packages/ui/src/machines/authenticator/types.ts
index 85da14cf88b..676916ad30c 100644
--- a/packages/ui/src/machines/authenticator/types.ts
+++ b/packages/ui/src/machines/authenticator/types.ts
@@ -19,6 +19,7 @@ import { defaultServices } from './defaultServices';
 export type ChallengeName =
   | 'SMS_MFA'
   | 'SOFTWARE_TOKEN_MFA'
+  | 'EMAIL_OTP'
   | 'SELECT_MFA_TYPE'
   | 'MFA_SETUP'
   | 'PASSWORD_VERIFIER'
@@ -147,6 +148,10 @@ export type SignInStep =
   | 'CONFIRM_SIGN_UP'
   | 'CONTINUE_SIGN_IN_WITH_TOTP_SETUP'
   | 'RESET_PASSWORD'
+  | 'CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION'
+  | 'CONTINUE_SIGN_IN_WITH_EMAIL_MFA_SETUP' // 'CONTINUE_SIGN_IN_WITH_EMAIL_SETUP' in js library
+  | 'CONTINUE_SIGN_IN_WITH_MFA_SELECTION'
+  | 'CONFIRM_SIGN_IN_WITH_EMAIL_CODE'
   | 'SIGN_IN_COMPLETE'; // 'DONE'
 
 export type ResetPasswordStep =

From eb2bb8b10f74b7874dd22f9c885fa7cc88509617 Mon Sep 17 00:00:00 2001
From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com>
Date: Tue, 17 Dec 2024 12:58:31 -0800
Subject: [PATCH 2/5] feat(authenticator): add initial mfa selection react page
 and ui type helpers

---
 .../hooks/__mocks__/components.ts             |  8 +++
 .../src/Authenticator/hooks/constants.ts      |  2 +
 .../src/Authenticator/hooks/types.ts          |  9 +++
 .../hooks/useAuthenticator/types.ts           |  1 +
 .../Authenticator/Router/Router.tsx           |  3 +
 .../Authenticator/SelectMfa/SelectMfa.tsx     | 69 +++++++++++++++++++
 .../Authenticator/SelectMfa/index.ts          |  1 +
 .../useCustomComponents/defaultComponents.tsx |  6 ++
 .../ui/src/helpers/authenticator/constants.ts |  8 +++
 .../ui/src/helpers/authenticator/facade.ts    |  1 +
 .../authenticator/formFields/defaults.ts      | 14 ++++
 .../ui/src/helpers/authenticator/getRoute.ts  |  3 +
 .../ui/src/types/authenticator/attributes.ts  |  2 +
 packages/ui/src/types/authenticator/form.ts   |  3 +
 14 files changed, 130 insertions(+)
 create mode 100644 packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx
 create mode 100644 packages/react/src/components/Authenticator/SelectMfa/index.ts

diff --git a/packages/react-core/src/Authenticator/hooks/__mocks__/components.ts b/packages/react-core/src/Authenticator/hooks/__mocks__/components.ts
index 9ed530cec11..0e2dae513f7 100644
--- a/packages/react-core/src/Authenticator/hooks/__mocks__/components.ts
+++ b/packages/react-core/src/Authenticator/hooks/__mocks__/components.ts
@@ -49,6 +49,13 @@ ForgotPassword.Footer = Footer;
 ForgotPassword.FormFields = FormFields;
 ForgotPassword.Header = Header;
 
+const SelectMfa: DefaultComponents<{}>['SelectMfa'] = () => {
+  return null;
+};
+SelectMfa.Footer = Footer;
+SelectMfa.FormFields = FormFields;
+SelectMfa.Header = Header;
+
 const SetupTotp: DefaultComponents<{}>['SetupTotp'] = () => {
   return null;
 };
@@ -84,6 +91,7 @@ export const DEFAULTS: DefaultComponents<{}> = {
   ConfirmVerifyUser,
   ForceNewPassword,
   ForgotPassword,
+  SelectMfa,
   SetupTotp,
   SignIn,
   SignUp,
diff --git a/packages/react-core/src/Authenticator/hooks/constants.ts b/packages/react-core/src/Authenticator/hooks/constants.ts
index 25dfeb63037..769fdc1f0ff 100644
--- a/packages/react-core/src/Authenticator/hooks/constants.ts
+++ b/packages/react-core/src/Authenticator/hooks/constants.ts
@@ -10,6 +10,7 @@ export const COMPONENT_ROUTE_KEYS: AuthenticatorRouteComponentKey[] = [
   'confirmVerifyUser',
   'forceNewPassword',
   'forgotPassword',
+  'selectMfa',
   'setupTotp',
   'signIn',
   'signUp',
@@ -23,6 +24,7 @@ export const COMPONENT_ROUTE_NAMES: AuthenticatorRouteComponentName[] = [
   'ConfirmVerifyUser',
   'ForceNewPassword',
   'ForgotPassword',
+  'SelectMfa',
   'SetupTotp',
   'SignIn',
   'SignUp',
diff --git a/packages/react-core/src/Authenticator/hooks/types.ts b/packages/react-core/src/Authenticator/hooks/types.ts
index 2f747ca9c86..c523afde948 100644
--- a/packages/react-core/src/Authenticator/hooks/types.ts
+++ b/packages/react-core/src/Authenticator/hooks/types.ts
@@ -15,6 +15,7 @@ export type AuthenticatorRouteComponentKey =
   | 'confirmVerifyUser'
   | 'forceNewPassword'
   | 'forgotPassword'
+  | 'selectMfa'
   | 'setupTotp'
   | 'signIn'
   | 'signUp'
@@ -123,6 +124,13 @@ export type ResetPasswordBaseProps<FieldType = {}> = {
   ComponentSlots<FieldType> &
   ValidationProps;
 
+export type SelectMfaBaseProps<FieldType = {}> = {
+  challengeName: ChallengeName | undefined;
+  toSignIn: UseAuthenticator['toSignIn'];
+} & CommonRouteProps &
+  ComponentSlots<FieldType> &
+  ValidationProps;
+
 export type SetupTotpBaseProps<FieldType = {}> = {
   toSignIn: UseAuthenticator['toSignIn'];
   totpSecretCode: UseAuthenticator['totpSecretCode'];
@@ -163,6 +171,7 @@ export interface DefaultProps<FieldType = {}> {
   ConfirmVerifyUser: ConfirmVerifyUserProps<FieldType>;
   ForceNewPassword: ForceResetPasswordBaseProps<FieldType>;
   ForgotPassword: ResetPasswordBaseProps<FieldType>;
+  SelectMfa: SelectMfaBaseProps<FieldType>;
   SetupTotp: SetupTotpBaseProps<FieldType>;
   SignIn: SignInBaseProps<FieldType>;
   SignUp: SignUpBaseProps<FieldType>;
diff --git a/packages/react-core/src/Authenticator/hooks/useAuthenticator/types.ts b/packages/react-core/src/Authenticator/hooks/useAuthenticator/types.ts
index 413ab7b2d5b..9ee3553620d 100644
--- a/packages/react-core/src/Authenticator/hooks/useAuthenticator/types.ts
+++ b/packages/react-core/src/Authenticator/hooks/useAuthenticator/types.ts
@@ -19,6 +19,7 @@ export type AuthenticatorRouteComponentKey =
   | 'confirmSignUp'
   | 'confirmVerifyUser'
   | 'forgotPassword'
+  | 'selectMfa'
   | 'setupTotp'
   | 'verifyUser';
 
diff --git a/packages/react/src/components/Authenticator/Router/Router.tsx b/packages/react/src/components/Authenticator/Router/Router.tsx
index 78c81018af2..c5c4df2915f 100644
--- a/packages/react/src/components/Authenticator/Router/Router.tsx
+++ b/packages/react/src/components/Authenticator/Router/Router.tsx
@@ -3,6 +3,7 @@ import React, { useMemo } from 'react';
 import { useAuthenticator } from '@aws-amplify/ui-react-core';
 import { ConfirmSignUp } from '../ConfirmSignUp';
 import { ForceNewPassword } from '../ForceNewPassword';
+import { SelectMfa } from '../SelectMfa';
 import { SetupTotp } from '../SetupTotp';
 import { SignInSignUpTabs } from '../shared';
 import { ConfirmVerifyUser, VerifyUser } from '../VerifyUser';
@@ -27,6 +28,8 @@ const getRouteComponent = (route: string): RouteComponent => {
       return RenderNothing;
     case 'confirmSignUp':
       return ConfirmSignUp;
+    case 'selectMfa':
+      return SelectMfa;
     case 'confirmSignIn':
       return ConfirmSignIn;
     case 'setupTotp':
diff --git a/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx b/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx
new file mode 100644
index 00000000000..960d8de8346
--- /dev/null
+++ b/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx
@@ -0,0 +1,69 @@
+import React from 'react';
+import { authenticatorTextUtil } from '@aws-amplify/ui';
+
+import { Flex } from '../../../primitives/Flex';
+import { Heading } from '../../../primitives/Heading';
+import { useAuthenticator } from '@aws-amplify/ui-react-core';
+import { useCustomComponents } from '../hooks/useCustomComponents';
+import { useFormHandlers } from '../hooks/useFormHandlers';
+import { FormFields } from '../shared/FormFields';
+import { ConfirmSignInFooter } from '../shared/ConfirmSignInFooter';
+import { RemoteErrorMessage } from '../shared/RemoteErrorMessage';
+import { RouteContainer, RouteProps } from '../RouteContainer';
+
+const { getChallengeText } = authenticatorTextUtil;
+
+export const SelectMfa = ({
+  className,
+  variation,
+}: RouteProps): JSX.Element => {
+  const { isPending } = useAuthenticator((context) => [context.isPending]);
+  const { handleChange, handleSubmit } = useFormHandlers();
+
+  const {
+    components: {
+      // @ts-ignore
+      SelectMfa: {
+        Header = SelectMfa.Header,
+        Footer = SelectMfa.Footer,
+      },
+    },
+  } = useCustomComponents();
+
+  return (
+    <RouteContainer className={className} variation={variation}>
+      <form
+        data-amplify-form=""
+        data-amplify-authenticator-select-mfa=""
+        method="post"
+        onChange={handleChange}
+        onSubmit={handleSubmit}
+      >
+        <Flex as="fieldset" direction="column" isDisabled={isPending}>
+          <Header />
+
+          <Flex direction="column">
+            <FormFields />
+            <RemoteErrorMessage />
+          </Flex>
+
+          <ConfirmSignInFooter />
+          <Footer />
+        </Flex>
+      </form>
+    </RouteContainer>
+  );
+};
+
+SelectMfa.Header = function Header(): JSX.Element {
+  const { challengeName } = useAuthenticator(({ challengeName }) => [
+    challengeName,
+  ]);
+
+  return <Heading level={3}>{getChallengeText(challengeName)}</Heading>;
+}
+
+SelectMfa.Footer = function Footer(): JSX.Element {
+  // @ts-ignore
+  return null;
+};
diff --git a/packages/react/src/components/Authenticator/SelectMfa/index.ts b/packages/react/src/components/Authenticator/SelectMfa/index.ts
new file mode 100644
index 00000000000..fd10efa63c0
--- /dev/null
+++ b/packages/react/src/components/Authenticator/SelectMfa/index.ts
@@ -0,0 +1 @@
+export * from './SelectMfa';
diff --git a/packages/react/src/components/Authenticator/hooks/useCustomComponents/defaultComponents.tsx b/packages/react/src/components/Authenticator/hooks/useCustomComponents/defaultComponents.tsx
index 81135a4d1da..01476ba13ae 100644
--- a/packages/react/src/components/Authenticator/hooks/useCustomComponents/defaultComponents.tsx
+++ b/packages/react/src/components/Authenticator/hooks/useCustomComponents/defaultComponents.tsx
@@ -6,6 +6,7 @@ import { SetupTotp } from '../../SetupTotp';
 import { ConfirmSignIn } from '../../ConfirmSignIn/ConfirmSignIn';
 import { ConfirmVerifyUser, VerifyUser } from '../../VerifyUser';
 import { ConfirmResetPassword, ForgotPassword } from '../../ForgotPassword';
+import { SelectMfa } from '../../SelectMfa';
 
 // use the very generic name of Components as this is a temporary interface and is not exported
 interface Components {
@@ -21,6 +22,7 @@ export interface DefaultComponents extends Omit<Components, 'FormFields'> {
   ConfirmVerifyUser?: Omit<Components, 'FormFields'>;
   ForceNewPassword?: Components;
   ForgotPassword?: Omit<Components, 'FormFields'>;
+  SelectMfa?: Omit<Components, 'FormFields'>;
   SetupTotp?: Omit<Components, 'FormFields'>;
   SignIn?: Omit<Components, 'FormFields'>;
   SignUp?: Components;
@@ -43,6 +45,10 @@ export const defaultComponents: DefaultComponents = {
     Header: ConfirmSignUp.Header,
     Footer: ConfirmSignUp.Footer,
   },
+  SelectMfa: {
+    Header: SelectMfa.Header,
+    Footer: SelectMfa.Footer,
+  },
   SetupTotp: {
     Header: SetupTotp.Header,
     Footer: SetupTotp.Footer,
diff --git a/packages/ui/src/helpers/authenticator/constants.ts b/packages/ui/src/helpers/authenticator/constants.ts
index 27df67d5f0b..8e4b8a4c871 100644
--- a/packages/ui/src/helpers/authenticator/constants.ts
+++ b/packages/ui/src/helpers/authenticator/constants.ts
@@ -17,6 +17,14 @@ export const defaultFormFieldOptions: DefaultFormFieldOptions = {
     autocomplete: 'bday',
     isRequired: true,
   },
+  select_mfa_email: {
+    label: 'Email MFA',
+    type: 'radio',
+  },
+  select_mfa_totp: {
+    label: 'TOTP MFA',
+    type: 'radio',
+  },
   confirmation_code: {
     label: 'Confirmation Code',
     placeholder: 'Enter your Confirmation Code',
diff --git a/packages/ui/src/helpers/authenticator/facade.ts b/packages/ui/src/helpers/authenticator/facade.ts
index ec9ee59b665..dcf263ccd74 100644
--- a/packages/ui/src/helpers/authenticator/facade.ts
+++ b/packages/ui/src/helpers/authenticator/facade.ts
@@ -41,6 +41,7 @@ export type AuthenticatorRoute =
   | 'forgotPassword'
   | 'setup'
   | 'signOut'
+  | 'selectMfa'
   | 'setupTotp'
   | 'signIn'
   | 'signUp'
diff --git a/packages/ui/src/helpers/authenticator/formFields/defaults.ts b/packages/ui/src/helpers/authenticator/formFields/defaults.ts
index 7e52f5ca3ff..7d8490f148c 100644
--- a/packages/ui/src/helpers/authenticator/formFields/defaults.ts
+++ b/packages/ui/src/helpers/authenticator/formFields/defaults.ts
@@ -53,6 +53,19 @@ const getConfirmationCodeFormFields = (_: AuthMachineState): FormFields => ({
   },
 });
 
+const getSelectionFormFields = (_: AuthMachineState): FormFields => ({
+  select_email: {
+    ...getDefaultFormField('select_mfa_email'),
+    label: 'Email Label',
+    value: 'EMAIL'
+  },
+  select_totp: {
+    ...getDefaultFormField('select_mfa_totp'),
+    label: 'TOTP Label',
+    value: 'wow'
+  },
+});
+
 const getSignInFormFields = (state: AuthMachineState): FormFields => ({
   username: { ...getAliasDefaultFormField(state) },
   password: {
@@ -179,5 +192,6 @@ export const defaultFormFieldsGetters: Record<
   forgotPassword: getForgotPasswordFormFields,
   confirmResetPassword: getConfirmResetPasswordFormFields,
   confirmVerifyUser: getConfirmationCodeFormFields,
+  selectMfa: getSelectionFormFields,
   setupTotp: getConfirmationCodeFormFields,
 };
diff --git a/packages/ui/src/helpers/authenticator/getRoute.ts b/packages/ui/src/helpers/authenticator/getRoute.ts
index b2858926507..4645643bfee 100644
--- a/packages/ui/src/helpers/authenticator/getRoute.ts
+++ b/packages/ui/src/helpers/authenticator/getRoute.ts
@@ -39,6 +39,9 @@ export const getRoute = (
       return 'confirmSignUp';
     case actorState?.matches('confirmSignIn'):
       return 'confirmSignIn';
+    case actorState?.matches('selectMfa.edit'):
+    case actorState?.matches('selectMfa.submit'):
+      return 'selectMfa';
     case actorState?.matches('setupTotp.edit'):
     case actorState?.matches('setupTotp.submit'):
       return 'setupTotp';
diff --git a/packages/ui/src/types/authenticator/attributes.ts b/packages/ui/src/types/authenticator/attributes.ts
index 00963d00d69..3875b93c8d8 100644
--- a/packages/ui/src/types/authenticator/attributes.ts
+++ b/packages/ui/src/types/authenticator/attributes.ts
@@ -61,6 +61,8 @@ export type SocialProvider = 'amazon' | 'apple' | 'facebook' | 'google';
 export const authFieldsWithDefaults = [
   ...LoginMechanismArray,
   ...signUpFieldsWithDefault,
+  'select_mfa_email',
+  'select_mfa_totp',
   'confirmation_code',
   'password',
   'confirm_password',
diff --git a/packages/ui/src/types/authenticator/form.ts b/packages/ui/src/types/authenticator/form.ts
index ff54f2dbf0d..bd07e86e9a4 100644
--- a/packages/ui/src/types/authenticator/form.ts
+++ b/packages/ui/src/types/authenticator/form.ts
@@ -19,6 +19,7 @@ export type FormFieldComponents =
   | 'confirmSignUp'
   | 'confirmVerifyUser'
   | 'forgotPassword'
+  | 'selectMfa'
   | 'setupTotp';
 
 /**
@@ -68,6 +69,8 @@ export interface FormFieldOptions {
   autocomplete?: string;
   /** Whether the first character is auto-capitalized */
   autocapitalize?: string;
+  /** Value to be passed by radio button */
+  value?: string;
 }
 
 export interface LegacyFormFieldOptions extends FormFieldOptions {

From 05cc57f4f150b80e62616266bd149502c65d8e20 Mon Sep 17 00:00:00 2001
From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com>
Date: Thu, 19 Dec 2024 10:56:12 -0800
Subject: [PATCH 3/5] feat(authenticator): functional select mfa screen with
 predefined buttons

---
 .../Authenticator/SelectMfa/SelectMfa.tsx     | 70 ++++++++++++++++++-
 .../ui/src/helpers/authenticator/constants.ts |  7 ++
 .../ui/src/helpers/authenticator/facade.ts    |  4 ++
 .../authenticator/formFields/defaults.ts      | 18 ++---
 .../machines/authenticator/actors/signIn.ts   |  8 ++-
 .../authenticator/getAuthenticatorConfig.ts   |  1 +
 .../ui/src/machines/authenticator/types.ts    |  2 +
 .../ui/src/types/authenticator/attributes.ts  |  6 ++
 packages/ui/src/types/authenticator/form.ts   |  2 -
 9 files changed, 101 insertions(+), 17 deletions(-)

diff --git a/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx b/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx
index 960d8de8346..b7b94b3b3a7 100644
--- a/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx
+++ b/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx
@@ -3,16 +3,56 @@ import { authenticatorTextUtil } from '@aws-amplify/ui';
 
 import { Flex } from '../../../primitives/Flex';
 import { Heading } from '../../../primitives/Heading';
+import { Radio } from '../../../primitives/Radio';
+import { RadioGroupField } from '../../../primitives/RadioGroupField';
 import { useAuthenticator } from '@aws-amplify/ui-react-core';
 import { useCustomComponents } from '../hooks/useCustomComponents';
 import { useFormHandlers } from '../hooks/useFormHandlers';
-import { FormFields } from '../shared/FormFields';
+// import { FormFields } from '../shared/FormFields';
 import { ConfirmSignInFooter } from '../shared/ConfirmSignInFooter';
 import { RemoteErrorMessage } from '../shared/RemoteErrorMessage';
 import { RouteContainer, RouteProps } from '../RouteContainer';
 
 const { getChallengeText } = authenticatorTextUtil;
 
+/*
+interface MfaOptions {
+  email: string;
+  username: string;
+}
+
+const opt: MfaOptions = {
+  email: 'EMAIL',
+  username: 'Totp Prop',
+};
+
+type MfaType = 'EMAIL' | 'wow';
+*/
+/*
+const generateRadioGroup = (
+  attributes: MfaOptions
+): JSX.Element[] => {
+  return Object.entries(attributes).map(
+    ([key, value]: [string, string], index) => {
+      const MfaType = (
+        defaultFormFieldOptions[key] as { label: MfaType }
+      ).label;
+      return (
+        <Radio
+          name="MfaAtt"
+          value={key}
+          key={key}
+          defaultChecked={index === 0}
+        >
+          {MfaType}:{' '}
+          {value}
+        </Radio>
+      );
+    }
+  );
+};
+*/
+
 export const SelectMfa = ({
   className,
   variation,
@@ -30,6 +70,29 @@ export const SelectMfa = ({
     },
   } = useCustomComponents();
 
+  const verificationRadioGroup = (
+    <RadioGroupField
+      legend="What up peeps"
+      name="figure it out"
+      isDisabled={isPending}
+    >
+      <Radio
+        name="mfa_selection"
+        value="EMAIL"
+        key="EMAIL"
+      >
+        email:EMAIL
+      </Radio>
+      <Radio
+        name="mfa_selection"
+        value="TOTP"
+        key="wow"
+      >
+        totp:wow
+      </Radio>
+    </RadioGroupField>
+  );
+
   return (
     <RouteContainer className={className} variation={variation}>
       <form
@@ -43,7 +106,8 @@ export const SelectMfa = ({
           <Header />
 
           <Flex direction="column">
-            <FormFields />
+            {verificationRadioGroup}
+
             <RemoteErrorMessage />
           </Flex>
 
@@ -67,3 +131,5 @@ SelectMfa.Footer = function Footer(): JSX.Element {
   // @ts-ignore
   return null;
 };
+
+// <FormFields />
diff --git a/packages/ui/src/helpers/authenticator/constants.ts b/packages/ui/src/helpers/authenticator/constants.ts
index 8e4b8a4c871..f7206c1b6d1 100644
--- a/packages/ui/src/helpers/authenticator/constants.ts
+++ b/packages/ui/src/helpers/authenticator/constants.ts
@@ -17,6 +17,7 @@ export const defaultFormFieldOptions: DefaultFormFieldOptions = {
     autocomplete: 'bday',
     isRequired: true,
   },
+  /*
   select_mfa_email: {
     label: 'Email MFA',
     type: 'radio',
@@ -25,6 +26,12 @@ export const defaultFormFieldOptions: DefaultFormFieldOptions = {
     label: 'TOTP MFA',
     type: 'radio',
   },
+  */
+  mfa_selection: {
+    label: 'MFA Selection',
+    type: 'text',
+    isRequired: true,
+  },
   confirmation_code: {
     label: 'Confirmation Code',
     placeholder: 'Enter your Confirmation Code',
diff --git a/packages/ui/src/helpers/authenticator/facade.ts b/packages/ui/src/helpers/authenticator/facade.ts
index dcf263ccd74..84666281d98 100644
--- a/packages/ui/src/helpers/authenticator/facade.ts
+++ b/packages/ui/src/helpers/authenticator/facade.ts
@@ -11,6 +11,7 @@ import {
   FederatedProvider,
   LoginMechanism,
   SocialProvider,
+  MfaMethod,
   UnverifiedUserAttributes,
   ValidationError,
 } from '../../types';
@@ -60,6 +61,7 @@ interface AuthenticatorServiceContextFacade {
   isPending: boolean;
   route: AuthenticatorRoute;
   socialProviders: SocialProvider[];
+  mfaMethods: MfaMethod[];
   totpSecretCode: string | null;
   unverifiedUserAttributes: UnverifiedUserAttributes;
   user: AuthUser;
@@ -183,6 +185,7 @@ export const getServiceContextFacade = (
   } = actorContext;
 
   const { socialProviders = [] } = state.context?.config ?? {};
+  const { mfaMethods = [] } = state.context?.config ?? {};
 
   // check for user in actorContext prior to state context. actorContext is more "up to date",
   // but is not available on all states
@@ -220,6 +223,7 @@ export const getServiceContextFacade = (
     isPending,
     route,
     socialProviders,
+    mfaMethods,
     totpSecretCode,
     unverifiedUserAttributes,
     user,
diff --git a/packages/ui/src/helpers/authenticator/formFields/defaults.ts b/packages/ui/src/helpers/authenticator/formFields/defaults.ts
index 7d8490f148c..646bf78c28b 100644
--- a/packages/ui/src/helpers/authenticator/formFields/defaults.ts
+++ b/packages/ui/src/helpers/authenticator/formFields/defaults.ts
@@ -53,17 +53,11 @@ const getConfirmationCodeFormFields = (_: AuthMachineState): FormFields => ({
   },
 });
 
-const getSelectionFormFields = (_: AuthMachineState): FormFields => ({
-  select_email: {
-    ...getDefaultFormField('select_mfa_email'),
-    label: 'Email Label',
-    value: 'EMAIL'
-  },
-  select_totp: {
-    ...getDefaultFormField('select_mfa_totp'),
-    label: 'TOTP Label',
-    value: 'wow'
-  },
+const getMfaSelectionFormFields = (_: AuthMachineState): FormFields => ({
+  mfa_selection: {
+    ...getDefaultFormField('mfa_selection'),
+    label: 'MFA Selection!'
+  }
 });
 
 const getSignInFormFields = (state: AuthMachineState): FormFields => ({
@@ -192,6 +186,6 @@ export const defaultFormFieldsGetters: Record<
   forgotPassword: getForgotPasswordFormFields,
   confirmResetPassword: getConfirmResetPasswordFormFields,
   confirmVerifyUser: getConfirmationCodeFormFields,
-  selectMfa: getSelectionFormFields,
+  selectMfa: getMfaSelectionFormFields,
   setupTotp: getConfirmationCodeFormFields,
 };
diff --git a/packages/ui/src/machines/authenticator/actors/signIn.ts b/packages/ui/src/machines/authenticator/actors/signIn.ts
index a5f25001c22..379907400bb 100644
--- a/packages/ui/src/machines/authenticator/actors/signIn.ts
+++ b/packages/ui/src/machines/authenticator/actors/signIn.ts
@@ -327,7 +327,7 @@ export function signInActor({ services }: SignInMachineOptions) {
               tags: 'pending',
               entry: ['clearError', 'sendUpdate'],
               invoke: {
-                src: 'confirmSignIn',
+                src: 'selectMfa',
                 ...handleSignInResponse,
               },
             },
@@ -365,6 +365,12 @@ export function signInActor({ services }: SignInMachineOptions) {
         },
         confirmSignIn({ formValues }) {
           const { confirmation_code: challengeResponse } = formValues;
+          console.log('this is in the state machine - confirm sign in:', challengeResponse);
+          return services.handleConfirmSignIn({ challengeResponse });
+        },
+        selectMfa({ formValues }) {
+          const { mfa_selection: challengeResponse } = formValues;
+          console.log('this is in the state machine - select mfa:', challengeResponse);
           return services.handleConfirmSignIn({ challengeResponse });
         },
         async handleForceChangePassword({ formValues }) {
diff --git a/packages/ui/src/machines/authenticator/getAuthenticatorConfig.ts b/packages/ui/src/machines/authenticator/getAuthenticatorConfig.ts
index a61403bba9b..2c77d3df8eb 100644
--- a/packages/ui/src/machines/authenticator/getAuthenticatorConfig.ts
+++ b/packages/ui/src/machines/authenticator/getAuthenticatorConfig.ts
@@ -10,6 +10,7 @@ export interface LegacyConfig {
   aws_cognito_signup_attributes?: string[];
   aws_cognito_verification_mechanisms?: string[];
   aws_cognito_social_providers?: string[];
+  aws_cognito_mfa_types?: string[];
   aws_cognito_password_protection_settings?: Record<string, any>;
 }
 
diff --git a/packages/ui/src/machines/authenticator/types.ts b/packages/ui/src/machines/authenticator/types.ts
index 676916ad30c..8c14b1e7202 100644
--- a/packages/ui/src/machines/authenticator/types.ts
+++ b/packages/ui/src/machines/authenticator/types.ts
@@ -5,6 +5,7 @@ import {
   LoginMechanism,
   SignUpAttribute,
   SocialProvider,
+  MfaMethod,
   UnverifiedUserAttributes,
   AuthFormData,
   AuthFormFields,
@@ -127,6 +128,7 @@ export interface AuthContext {
     loginMechanisms?: LoginMechanism[];
     signUpAttributes?: SignUpAttribute[];
     socialProviders?: SocialProvider[];
+    mfaMethods?: MfaMethod[];
     formFields?: AuthFormFields;
     initialState?: 'signIn' | 'signUp' | 'forgotPassword';
     passwordSettings?: PasswordSettings;
diff --git a/packages/ui/src/types/authenticator/attributes.ts b/packages/ui/src/types/authenticator/attributes.ts
index 3875b93c8d8..181213254c3 100644
--- a/packages/ui/src/types/authenticator/attributes.ts
+++ b/packages/ui/src/types/authenticator/attributes.ts
@@ -58,11 +58,17 @@ export type LoginMechanism = (typeof LoginMechanismArray)[number];
 /** List of social provider Authenticator supports */
 export type SocialProvider = 'amazon' | 'apple' | 'facebook' | 'google';
 
+/** Utility type for selecting MFA method with which to confirm sign in */
+export type MfaMethod = 'EMAIL' | 'SMS' | 'TOTP';
+
 export const authFieldsWithDefaults = [
   ...LoginMechanismArray,
   ...signUpFieldsWithDefault,
+  /*
   'select_mfa_email',
   'select_mfa_totp',
+  */
+  'mfa_selection',
   'confirmation_code',
   'password',
   'confirm_password',
diff --git a/packages/ui/src/types/authenticator/form.ts b/packages/ui/src/types/authenticator/form.ts
index bd07e86e9a4..8b77b0dc553 100644
--- a/packages/ui/src/types/authenticator/form.ts
+++ b/packages/ui/src/types/authenticator/form.ts
@@ -69,8 +69,6 @@ export interface FormFieldOptions {
   autocomplete?: string;
   /** Whether the first character is auto-capitalized */
   autocapitalize?: string;
-  /** Value to be passed by radio button */
-  value?: string;
 }
 
 export interface LegacyFormFieldOptions extends FormFieldOptions {

From 97669f8f0ee806edc773dc909112b9f4dd6aea68 Mon Sep 17 00:00:00 2001
From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com>
Date: Fri, 20 Dec 2024 08:15:18 -0800
Subject: [PATCH 4/5] feat(authenticator): select mfa flow displays available
 mfa methods based on api response

---
 .../Authenticator/SelectMfa/SelectMfa.tsx     | 61 ++++++++++++++++---
 .../hooks/useFormHandlers/useFormHandlers.ts  |  6 +-
 .../ui/src/helpers/authenticator/facade.ts    |  9 +--
 .../ui/src/machines/authenticator/actions.ts  | 14 +++++
 .../machines/authenticator/actors/signIn.ts   |  1 +
 .../machines/authenticator/defaultServices.ts |  9 +++
 .../ui/src/machines/authenticator/types.ts    |  4 +-
 .../ui/src/types/authenticator/attributes.ts  |  2 +-
 8 files changed, 89 insertions(+), 17 deletions(-)

diff --git a/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx b/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx
index b7b94b3b3a7..6073882207f 100644
--- a/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx
+++ b/packages/react/src/components/Authenticator/SelectMfa/SelectMfa.tsx
@@ -1,5 +1,5 @@
 import React from 'react';
-import { authenticatorTextUtil } from '@aws-amplify/ui';
+import { authenticatorTextUtil, MfaType } from '@aws-amplify/ui';
 
 import { Flex } from '../../../primitives/Flex';
 import { Heading } from '../../../primitives/Heading';
@@ -12,9 +12,18 @@ import { useFormHandlers } from '../hooks/useFormHandlers';
 import { ConfirmSignInFooter } from '../shared/ConfirmSignInFooter';
 import { RemoteErrorMessage } from '../shared/RemoteErrorMessage';
 import { RouteContainer, RouteProps } from '../RouteContainer';
+import { toLower } from 'lodash';
 
 const { getChallengeText } = authenticatorTextUtil;
 
+function parseMfaTypes(types?: MfaType[]): string {
+  if(types) {
+    return types.join();
+  } else {
+    return 'types was undefined.';
+  }
+}
+
 /*
 interface MfaOptions {
   email: string;
@@ -28,15 +37,29 @@ const opt: MfaOptions = {
 
 type MfaType = 'EMAIL' | 'wow';
 */
-/*
+
 const generateRadioGroup = (
-  attributes: MfaOptions
+  attributes?: MfaType[]
 ): JSX.Element[] => {
-  return Object.entries(attributes).map(
+  const elements: JSX.Element[] = [];
+  console.log('print attributes: ', attributes);
+  attributes.forEach((value, index) => {
+    console.log('print value and index: ', value, index);
+    elements.push((
+      <Radio
+        name="mfa_selection"
+        value={value}
+        key={value}
+      >
+        Option {index}: {value}
+      </Radio>
+    ));
+  });
+  return elements;
+  /*
+  return attributes.map
     ([key, value]: [string, string], index) => {
-      const MfaType = (
-        defaultFormFieldOptions[key] as { label: MfaType }
-      ).label;
+      const MfaType = 
       return (
         <Radio
           name="MfaAtt"
@@ -50,14 +73,19 @@ const generateRadioGroup = (
       );
     }
   );
+  */
 };
-*/
+
 
 export const SelectMfa = ({
   className,
   variation,
 }: RouteProps): JSX.Element => {
   const { isPending } = useAuthenticator((context) => [context.isPending]);
+  const { allowedMFATypes } = useAuthenticator(({ allowedMFATypes }) => [
+    allowedMFATypes,
+  ]);
+
   const { handleChange, handleSubmit } = useFormHandlers();
 
   const {
@@ -71,6 +99,15 @@ export const SelectMfa = ({
   } = useCustomComponents();
 
   const verificationRadioGroup = (
+    <RadioGroupField
+      legend="What up peeps"
+      name="figure it out"
+      isDisabled={isPending}
+    >
+      {generateRadioGroup(allowedMFATypes)}
+    </RadioGroupField>
+    
+    /*
     <RadioGroupField
       legend="What up peeps"
       name="figure it out"
@@ -91,6 +128,8 @@ export const SelectMfa = ({
         totp:wow
       </Radio>
     </RadioGroupField>
+
+    */
   );
 
   return (
@@ -124,7 +163,11 @@ SelectMfa.Header = function Header(): JSX.Element {
     challengeName,
   ]);
 
-  return <Heading level={3}>{getChallengeText(challengeName)}</Heading>;
+  const { allowedMFATypes } = useAuthenticator(({ allowedMFATypes }) => [
+    allowedMFATypes,
+  ]);
+
+  return <Heading level={3}>{getChallengeText(challengeName)}<br/>MFA types: {parseMfaTypes(allowedMFATypes)}</Heading>;
 }
 
 SelectMfa.Footer = function Footer(): JSX.Element {
diff --git a/packages/react/src/components/Authenticator/hooks/useFormHandlers/useFormHandlers.ts b/packages/react/src/components/Authenticator/hooks/useFormHandlers/useFormHandlers.ts
index 722e9be910d..f276432e274 100644
--- a/packages/react/src/components/Authenticator/hooks/useFormHandlers/useFormHandlers.ts
+++ b/packages/react/src/components/Authenticator/hooks/useFormHandlers/useFormHandlers.ts
@@ -27,6 +27,7 @@ export function useFormHandlers(): {
     ({
       target: { checked, name, type, value },
     }: React.ChangeEvent<HTMLFormElement>) => {
+      console.log(checked, name, type, value);
       const isUncheckedCheckbox = type === 'checkbox' && !checked;
       updateForm({
         name,
@@ -39,7 +40,10 @@ export function useFormHandlers(): {
   const handleSubmit = useCallback(
     (event: React.FormEvent<HTMLFormElement>) => {
       event.preventDefault();
-      submitForm(getFormDataFromEvent(event));
+      const a  = getFormDataFromEvent(event);
+      console.log(a);
+      submitForm(a);
+      //submitForm(getFormDataFromEvent(event));
     },
     [submitForm]
   );
diff --git a/packages/ui/src/helpers/authenticator/facade.ts b/packages/ui/src/helpers/authenticator/facade.ts
index 84666281d98..63a6b3c13d1 100644
--- a/packages/ui/src/helpers/authenticator/facade.ts
+++ b/packages/ui/src/helpers/authenticator/facade.ts
@@ -11,9 +11,9 @@ import {
   FederatedProvider,
   LoginMechanism,
   SocialProvider,
-  MfaMethod,
   UnverifiedUserAttributes,
   ValidationError,
+  MfaType,
 } from '../../types';
 
 import {
@@ -61,7 +61,7 @@ interface AuthenticatorServiceContextFacade {
   isPending: boolean;
   route: AuthenticatorRoute;
   socialProviders: SocialProvider[];
-  mfaMethods: MfaMethod[];
+  allowedMFATypes: MfaType[] | undefined;
   totpSecretCode: string | null;
   unverifiedUserAttributes: UnverifiedUserAttributes;
   user: AuthUser;
@@ -176,6 +176,7 @@ export const getServiceContextFacade = (
   const actorContext = (getActorContext(state) ?? {}) as AuthActorContext;
   const {
     challengeName,
+    allowedMFATypes,
     codeDeliveryDetails,
     remoteError: error,
     validationError: validationErrors,
@@ -185,7 +186,7 @@ export const getServiceContextFacade = (
   } = actorContext;
 
   const { socialProviders = [] } = state.context?.config ?? {};
-  const { mfaMethods = [] } = state.context?.config ?? {};
+  // const { mfaMethods = [] } = state.context?.config ?? {};
 
   // check for user in actorContext prior to state context. actorContext is more "up to date",
   // but is not available on all states
@@ -223,7 +224,7 @@ export const getServiceContextFacade = (
     isPending,
     route,
     socialProviders,
-    mfaMethods,
+    allowedMFATypes,
     totpSecretCode,
     unverifiedUserAttributes,
     user,
diff --git a/packages/ui/src/machines/authenticator/actions.ts b/packages/ui/src/machines/authenticator/actions.ts
index e6eae417a31..a3d2c8c96f2 100644
--- a/packages/ui/src/machines/authenticator/actions.ts
+++ b/packages/ui/src/machines/authenticator/actions.ts
@@ -22,6 +22,7 @@ import {
   V5CodeDeliveryDetails,
 } from './types';
 import { getUsernameSignUp, sanitizePhoneNumber } from './utils';
+import { MfaType } from '../../types';
 
 const { assign } = xStateActions;
 
@@ -58,6 +59,7 @@ const setConfirmAttributeCompleteStep = assign({
 // map v6 `signInStep` to v5 `challengeName`
 const setChallengeName = assign({
   challengeName: (_, { data }: AuthEvent): ChallengeName | undefined => {
+    console.log('log data from challengeName action: ', data);
     const { signInStep } = (data as SignInOutput).nextStep;
     return signInStep === 'CONFIRM_SIGN_IN_WITH_SMS_CODE'
       ? 'SMS_MFA'
@@ -71,6 +73,16 @@ const setChallengeName = assign({
   },
 });
 
+const clearAllowedMFATypes = assign({ allowedMFATypes: {} });
+
+const setAllowedMFATypes = assign({
+  allowedMFATypes: (_, { data }: AuthEvent): MfaType[] => {
+    console.log('log data from mfa action: ', data);
+    const { allowedMFATypes } = (data as SignInOutput).nextStep;
+    return allowedMFATypes;
+  },
+});
+
 const setUsernameForgotPassword = assign({
   username: ({ formValues, loginMechanisms }: AuthActorContext) => {
     const loginMechanism = loginMechanisms[0];
@@ -225,6 +237,7 @@ const ACTIONS: MachineOptions<AuthActorContext, AuthEvent>['actions'] = {
   clearTouched,
   clearUser,
   clearValidationError,
+  clearAllowedMFATypes,
   handleBlur,
   handleInput,
   handleSubmit,
@@ -242,6 +255,7 @@ const ACTIONS: MachineOptions<AuthActorContext, AuthEvent>['actions'] = {
   setSelectedUserAttribute,
   setSignInStep,
   setTotpSecretCode,
+  setAllowedMFATypes,
   setUser,
   setUnverifiedUserAttributes,
   setUsernameForgotPassword,
diff --git a/packages/ui/src/machines/authenticator/actors/signIn.ts b/packages/ui/src/machines/authenticator/actors/signIn.ts
index 379907400bb..3c31a0cbde1 100644
--- a/packages/ui/src/machines/authenticator/actors/signIn.ts
+++ b/packages/ui/src/machines/authenticator/actors/signIn.ts
@@ -49,6 +49,7 @@ const handleSignInResponse = {
         'setMissingAttributes',
         'setNextSignInStep',
         'setTotpSecretCode',
+        'setAllowedMFATypes',
       ],
       target: '#signInActor.init',
     },
diff --git a/packages/ui/src/machines/authenticator/defaultServices.ts b/packages/ui/src/machines/authenticator/defaultServices.ts
index c7a3cb02940..5e0923a2ed7 100644
--- a/packages/ui/src/machines/authenticator/defaultServices.ts
+++ b/packages/ui/src/machines/authenticator/defaultServices.ts
@@ -75,6 +75,15 @@ export const defaultServices = {
         ) as SocialProvider[])
       : undefined;
 
+    const { mfa } = result.Auth?.Cognito ?? {};
+    console.log('default service mfa: ', mfa);
+    console.log('default service rest of it: ', {
+      ...cliConfig,
+      loginMechanisms: parsedLoginMechanisms,
+      signUpAttributes: parsedSignupAttributes,
+      socialProviders: parsedSocialProviders,
+    });
+
     return {
       ...cliConfig,
       loginMechanisms: parsedLoginMechanisms,
diff --git a/packages/ui/src/machines/authenticator/types.ts b/packages/ui/src/machines/authenticator/types.ts
index 8c14b1e7202..1533da47c0e 100644
--- a/packages/ui/src/machines/authenticator/types.ts
+++ b/packages/ui/src/machines/authenticator/types.ts
@@ -5,7 +5,7 @@ import {
   LoginMechanism,
   SignUpAttribute,
   SocialProvider,
-  MfaMethod,
+  MfaType,
   UnverifiedUserAttributes,
   AuthFormData,
   AuthFormFields,
@@ -128,7 +128,6 @@ export interface AuthContext {
     loginMechanisms?: LoginMechanism[];
     signUpAttributes?: SignUpAttribute[];
     socialProviders?: SocialProvider[];
-    mfaMethods?: MfaMethod[];
     formFields?: AuthFormFields;
     initialState?: 'signIn' | 'signUp' | 'forgotPassword';
     passwordSettings?: PasswordSettings;
@@ -188,6 +187,7 @@ interface BaseFormContext {
   step: Step;
   totpSecretCode?: string;
   unverifiedUserAttributes?: UnverifiedUserAttributes;
+  allowedMFATypes?: MfaType[];
 
   // kept in memory for submission to relevnat APIs
   username?: string;
diff --git a/packages/ui/src/types/authenticator/attributes.ts b/packages/ui/src/types/authenticator/attributes.ts
index 181213254c3..ba2209ce8b6 100644
--- a/packages/ui/src/types/authenticator/attributes.ts
+++ b/packages/ui/src/types/authenticator/attributes.ts
@@ -59,7 +59,7 @@ export type LoginMechanism = (typeof LoginMechanismArray)[number];
 export type SocialProvider = 'amazon' | 'apple' | 'facebook' | 'google';
 
 /** Utility type for selecting MFA method with which to confirm sign in */
-export type MfaMethod = 'EMAIL' | 'SMS' | 'TOTP';
+export type MfaType = 'SMS' | 'TOTP' | 'EMAIL';
 
 export const authFieldsWithDefaults = [
   ...LoginMechanismArray,

From 373daee3c0ac1f45a48fd46ecdf90512352ff26a Mon Sep 17 00:00:00 2001
From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com>
Date: Fri, 20 Dec 2024 08:24:23 -0800
Subject: [PATCH 5/5] chore: clean up comments and extraneous types

---
 packages/ui/src/helpers/authenticator/constants.ts     | 10 ----------
 packages/ui/src/helpers/authenticator/facade.ts        |  1 -
 .../ui/src/machines/authenticator/actors/signIn.ts     |  6 ------
 .../machines/authenticator/getAuthenticatorConfig.ts   |  1 -
 packages/ui/src/machines/authenticator/guards.ts       |  2 +-
 packages/ui/src/types/authenticator/attributes.ts      |  4 ----
 6 files changed, 1 insertion(+), 23 deletions(-)

diff --git a/packages/ui/src/helpers/authenticator/constants.ts b/packages/ui/src/helpers/authenticator/constants.ts
index f7206c1b6d1..062ed778a81 100644
--- a/packages/ui/src/helpers/authenticator/constants.ts
+++ b/packages/ui/src/helpers/authenticator/constants.ts
@@ -17,16 +17,6 @@ export const defaultFormFieldOptions: DefaultFormFieldOptions = {
     autocomplete: 'bday',
     isRequired: true,
   },
-  /*
-  select_mfa_email: {
-    label: 'Email MFA',
-    type: 'radio',
-  },
-  select_mfa_totp: {
-    label: 'TOTP MFA',
-    type: 'radio',
-  },
-  */
   mfa_selection: {
     label: 'MFA Selection',
     type: 'text',
diff --git a/packages/ui/src/helpers/authenticator/facade.ts b/packages/ui/src/helpers/authenticator/facade.ts
index 63a6b3c13d1..d024fde8814 100644
--- a/packages/ui/src/helpers/authenticator/facade.ts
+++ b/packages/ui/src/helpers/authenticator/facade.ts
@@ -186,7 +186,6 @@ export const getServiceContextFacade = (
   } = actorContext;
 
   const { socialProviders = [] } = state.context?.config ?? {};
-  // const { mfaMethods = [] } = state.context?.config ?? {};
 
   // check for user in actorContext prior to state context. actorContext is more "up to date",
   // but is not available on all states
diff --git a/packages/ui/src/machines/authenticator/actors/signIn.ts b/packages/ui/src/machines/authenticator/actors/signIn.ts
index 3c31a0cbde1..727a60ec613 100644
--- a/packages/ui/src/machines/authenticator/actors/signIn.ts
+++ b/packages/ui/src/machines/authenticator/actors/signIn.ts
@@ -91,12 +91,6 @@ export function signInActor({ services }: SignInMachineOptions) {
               cond: 'shouldConfirmSignIn',
               target: 'confirmSignIn',
             },
-            /*
-            {
-              cond: 'shouldSelectMfa',
-              target: 'confirmSignIn',
-            },
-            */
             {
               cond: 'shouldSelectMfa',
               target: 'selectMfa',
diff --git a/packages/ui/src/machines/authenticator/getAuthenticatorConfig.ts b/packages/ui/src/machines/authenticator/getAuthenticatorConfig.ts
index 2c77d3df8eb..a61403bba9b 100644
--- a/packages/ui/src/machines/authenticator/getAuthenticatorConfig.ts
+++ b/packages/ui/src/machines/authenticator/getAuthenticatorConfig.ts
@@ -10,7 +10,6 @@ export interface LegacyConfig {
   aws_cognito_signup_attributes?: string[];
   aws_cognito_verification_mechanisms?: string[];
   aws_cognito_social_providers?: string[];
-  aws_cognito_mfa_types?: string[];
   aws_cognito_password_protection_settings?: Record<string, any>;
 }
 
diff --git a/packages/ui/src/machines/authenticator/guards.ts b/packages/ui/src/machines/authenticator/guards.ts
index 83ab2a68bc6..37eb9691ae8 100644
--- a/packages/ui/src/machines/authenticator/guards.ts
+++ b/packages/ui/src/machines/authenticator/guards.ts
@@ -56,7 +56,7 @@ const isConfirmUserAttributeStep = (_: AuthActorContext, { data }: AuthEvent) =>
 
 const isShouldConfirmUserAttributeStep = (
   _: AuthActorContext,
-  { data }: AuthEvent 
+  { data }: AuthEvent
 ) => data?.step === 'SHOULD_CONFIRM_USER_ATTRIBUTE';
 
 const isResetPasswordStep = (_: AuthActorContext, { data }: AuthEvent) =>
diff --git a/packages/ui/src/types/authenticator/attributes.ts b/packages/ui/src/types/authenticator/attributes.ts
index ba2209ce8b6..94b724a79d1 100644
--- a/packages/ui/src/types/authenticator/attributes.ts
+++ b/packages/ui/src/types/authenticator/attributes.ts
@@ -64,10 +64,6 @@ export type MfaType = 'SMS' | 'TOTP' | 'EMAIL';
 export const authFieldsWithDefaults = [
   ...LoginMechanismArray,
   ...signUpFieldsWithDefault,
-  /*
-  'select_mfa_email',
-  'select_mfa_totp',
-  */
   'mfa_selection',
   'confirmation_code',
   'password',