79551238

Date: 2025-04-02 17:49:46
Score: 1
Natty:
Report link

It turns out that the `phone_number` and `phone_number_verified` were both required by my user pool. From the AWS docs:

For example, users can’t set up email MFA when your recovery option is Email only. This is because you can't enable email MFA and set the recovery option to Email only in the same user pool. When you set this option to Email if available, otherwise SMS, email is the priority recovery option but your user pool can fall back to SMS message when a user isn't eligible for email-message recovery.

Ultimately the problem was that you cannot have MFA with email only and have it be the only recovery option. SMS is required in those cases.

Source: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html

Reasons:
  • Long answer (-0.5):
  • No code block (0.5):
  • Self-answer (0.5):
  • Low reputation (0.5):
Posted by: fordat