github ministackorg/ministack v1.1.8
on GitHub

latest releases: v1.3.42, v1.3.41, v1.3.40...
one month ago

[1.1.8] — 2026-03-30

Added

  • Cognito TOTP MFA — full end-to-end Software Token MFA flow now works with CDK and boto3
    • AssociateSoftwareToken returns a stub TOTP secret + session (accepts AccessToken or Session)
    • VerifySoftwareToken accepts any code and marks the user as TOTP-enrolled (_mfa_enabled, _preferred_mfa)
    • AdminSetUserMFAPreference — new: enables/disables TOTP or SMS MFA per user and sets preferred method
    • SetUserMFAPreference — new: public (AccessToken-based) equivalent of the above
    • AdminInitiateAuth / InitiateAuth now issue SOFTWARE_TOKEN_MFA challenge after password auth when pool MfaConfiguration is ON or OPTIONAL and user has TOTP enrolled
    • AdminRespondToAuthChallenge / RespondToAuthChallenge accept any TOTP code for SOFTWARE_TOKEN_MFA and return tokens (emulator — no real TOTP validation)
    • AdminGetUser / GetUser now return real UserMFASettingList and PreferredMfaSetting fields
    • MFA_SETUP challenge handled in both respond endpoints (for pool ON + unenrolled users)

Tests

  • 4 new integration tests: full TOTP flow, OPTIONAL MFA, AdminGetUser MFA fields, SetUserMFAPreference via token — 714 tests total, all passing
Check out latest releases or
releases around ministackorg/ministack v1.1.8

Don't miss a new ministack release

NewReleases is sending notifications on new releases.

Get notifications