Missing prompt for MFA serial number in delete request using MFA code

[DanSega1]

I try to delete a file or directory in MFA enabled s3 bucket and I got an error after adding my MFA code.
My IAM user have policy attached that included s3:Delete & s3:DeleteObjectVersion with aws:MultiFactorAuthPresent.

To Reproduce
Steps to reproduce the behavior:

1. find file I want to delete
2. right-click on the mouse and choose to delete from the menu
3. MFA pop-up to fill the MFA code
4. Error Pop-up

Expected behavior
using mfa to delete the file/directory from the cyberduck

Screenshots

Desktop (please complete the following information):

• OS: MacOS Sonoma
• Cyberduck Version 9.0.1

Log Files

2024-08-28 13:48:08,982 [Thread-302] DEBUG org.jets3t.service.impl.rest.httpclient.RestStorageService - Rethrowing as a ServiceException error in performRequest: org.jets3t.service.ServiceException: Service Error Message. -- ResponseCode: 400, ResponseStatus: null, XML Error Message: InvalidArgumentMfa header is invalid -- the header should be formatted as {serialNumber}(space){tokenCode}x-amz-mfa970589APA0HGV56CGKYM3SNXyPQotnvCIpixZZ6H5JeYldjzjaQOnm9gtyHZe5kf+wSb+MpS7dH3SSkQmFlWkZxVOBdhDXWQA=

Additional context
This is by api issue or mission the permission in aws? how to solve it?

[dkocher]

The error message the header should be formatted as {serialNumber}(space){tokenCode} indicates we are missing the serial number of the MFA device which is not queried in the prompt. This seems to be a regression from f9d2a41 and subsequently df87c45.

[DanSega1]

I'm sorry, i'm not sure that I understood you.
this is issue in the program that will be fix? or there is an issue with the permissions/requirements that i can change to solve it?

[dkocher]

I'm sorry, i'm not sure that I understood you. this is issue in the program that will be fix? or there is an issue with the permissions/requirements that i can change to solve it?

The issue should be fixed in the current snapshot build.

Can you please try if still see this issue with the current snapshot build by updating from within Cyberduck in Preferences → Update → Automatically check for updates in → Snapshot Builds.

[DanSega1]

I update it to the latest snapshot build and still get the same error.

[dkocher]

I update it to the latest snapshot build and still get the same error.

Please make sure to update to build 9.1.0.42045.

[DanSega1]

Oh, I had another update, now I have option to add the mfa arn and then the code.
My error now is,

This operation may only be performed by the bucket owner. Please contact your web hosting service provider for assistance.

I try to delete directory in MFA enabled bucket, using regular user (not root) with policy attached that included s3:Delete & s3:DeleteObjectVersion with aws:MultiFactorAuthPresent.
There are other permissions I need to add the policy? As I said, I can delete it from the s3 console