From 25292a01ef396f19c7ec5eb7d2717c52d98e0a9a Mon Sep 17 00:00:00 2001
From: Nick Cipollina <ncipollina@gmail.com>
Date: Fri, 3 Apr 2026 22:29:38 -0400
Subject: [PATCH] feat(cognito): add MfaSecondFactor support to
 CognitoUserPoolConstruct

Adds MfaSecondFactor property to ICognitoUserPoolConstructProps and
CognitoUserPoolConstructProps, wired through to UserPoolProps, enabling
callers to configure TOTP or SMS as a second factor when Mfa is OPTIONAL
or REQUIRED. Bumps version to 2.3.0.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 Directory.Build.props                                         | 2 +-
 src/LayeredCraft.Cdk.Constructs/CognitoUserPoolConstruct.cs   | 1 +
 .../Models/CognitoUserPoolConstructProps.cs                   | 4 ++++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 3b22822..cbf1825 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -1,6 +1,6 @@
 <Project>
     <PropertyGroup>
-        <VersionPrefix>2.2.0</VersionPrefix>
+        <VersionPrefix>2.3.0</VersionPrefix>
         <!-- SPDX license identifier for MIT -->
         <PackageLicenseExpression>MIT</PackageLicenseExpression>
 
diff --git a/src/LayeredCraft.Cdk.Constructs/CognitoUserPoolConstruct.cs b/src/LayeredCraft.Cdk.Constructs/CognitoUserPoolConstruct.cs
index 1ca1836..65ac0a6 100644
--- a/src/LayeredCraft.Cdk.Constructs/CognitoUserPoolConstruct.cs
+++ b/src/LayeredCraft.Cdk.Constructs/CognitoUserPoolConstruct.cs
@@ -59,6 +59,7 @@ public CognitoUserPoolConstruct(
             },
             AccountRecovery = AccountRecovery.EMAIL_ONLY,
             Mfa = props.Mfa,
+            MfaSecondFactor = props.MfaSecondFactor,
             RemovalPolicy = props.RemovalPolicy,
         });
 
diff --git a/src/LayeredCraft.Cdk.Constructs/Models/CognitoUserPoolConstructProps.cs b/src/LayeredCraft.Cdk.Constructs/Models/CognitoUserPoolConstructProps.cs
index 30ade03..9f43e13 100644
--- a/src/LayeredCraft.Cdk.Constructs/Models/CognitoUserPoolConstructProps.cs
+++ b/src/LayeredCraft.Cdk.Constructs/Models/CognitoUserPoolConstructProps.cs
@@ -13,6 +13,8 @@ public interface ICognitoUserPoolConstructProps
 
     Mfa Mfa { get; }
 
+    MfaSecondFactor? MfaSecondFactor { get; }
+
     int PasswordMinLength { get; }
     
     IReadOnlyList<ICognitoResourceServerProps> ResourceServers { get; }
@@ -31,6 +33,8 @@ public sealed record CognitoUserPoolConstructProps : ICognitoUserPoolConstructPr
 
     public Mfa Mfa { get; init; } = Mfa.OFF;
 
+    public MfaSecondFactor? MfaSecondFactor { get; init; }
+
     public int PasswordMinLength { get; init; } = 12;
     public IReadOnlyList<ICognitoResourceServerProps> ResourceServers { get; init; } = [];
     public IReadOnlyList<ICognitoUserPoolAppClientProps> AppClients { get; init; } = [];