AWS code-library documentation change
Summary
Added Swift SDK code example for AdminInitiateAuth API with admin user password authentication flow
Security assessment
The change adds documentation for implementing authentication flows with MFA challenge handling. While it demonstrates secure authentication practices, there's no evidence of addressing a specific security vulnerability.
Diff
diff --git a/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md b/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md index 4770597c7..b7a333e2a 100644 --- a//code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md +++ b//code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md @@ -350,0 +351,69 @@ There's more on GitHub. Find the complete example and learn how to set up and ru +Swift + + +**SDK for Swift** + + +###### Note + +There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). + + + import AWSCognitoIdentityProvider + + /// Begin an authentication session. + /// + /// - Parameters: + /// - cipClient: The `CongitoIdentityProviderClient` to use. + /// - clientId: The app client ID to use. + /// - userName: The username to check. + /// - password: The user's password. + /// - userPoolId: The user pool to use. + /// + /// - Returns: The session token associated with this authentication + /// session. + func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String, + userName: String, password: String, + userPoolId: String) async -> String? { + var authParams: [String: String] = [:] + + authParams["USERNAME"] = userName + authParams["PASSWORD"] = password + + do { + let output = try await cipClient.adminInitiateAuth( + input: AdminInitiateAuthInput( + authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth, + authParameters: authParams, + clientId: clientId, + userPoolId: userPoolId + ) + ) + + guard let challengeName = output.challengeName else { + print("*** Invalid response from the auth service.") + return nil + } + + print("=====> Response challenge is \(challengeName)") + + return output.session + } catch _ as UserNotFoundException { + print("*** The specified username, \(userName), doesn't exist.") + return nil + } catch _ as UserNotConfirmedException { + print("*** The user \(userName) has not been confirmed.") + return nil + } catch { + print("*** An unexpected error occurred.") + return nil + } + } + + + + * For API details, see [AdminInitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admininitiateauth\(input:\)) in _AWS SDK for Swift API reference_. + + + +