AWS code-library documentation change
Summary
Added Swift SDK code example for AdminRespondToAuthChallenge API with software token MFA handling
Security assessment
Documents MFA challenge response implementation but doesn't address any specific security vulnerability. Enhances documentation of security features by showing MFA verification process.
Diff
diff --git a/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md b/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md index 1f32414da..9729e2a39 100644 --- a//code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md +++ b//code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md @@ -374,0 +375,79 @@ Respond to an MFA challenge by providing a code generated by an associated MFA a +Swift + + +**SDK for Swift** + + +###### Note + +There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). + + + import AWSCognitoIdentityProvider + + /// Respond to the authentication challenge received from Cognito after + /// initiating an authentication session. This involves sending a current + /// MFA code to the service. + /// + /// - Parameters: + /// - cipClient: The `CognitoIdentityProviderClient` to use. + /// - userName: The user's username. + /// - clientId: The app client ID. + /// - userPoolId: The user pool to sign into. + /// - mfaCode: The 6-digit MFA code currently displayed by the user's + /// authenticator. + /// - session: The authentication session to continue processing. + func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String, + clientId: String, userPoolId: String, mfaCode: String, + session: String) async { + print("=====> SOFTWARE_TOKEN_MFA challenge is generated...") + + var challengeResponsesOb: [String: String] = [:] + challengeResponsesOb["USERNAME"] = userName + challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode + + do { + let output = try await cipClient.adminRespondToAuthChallenge( + input: AdminRespondToAuthChallengeInput( + challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa, + challengeResponses: challengeResponsesOb, + clientId: clientId, + session: session, + userPoolId: userPoolId + ) + ) + + guard let authenticationResult = output.authenticationResult else { + print("*** Unable to get authentication result.") + return + } + + print("=====> Authentication result (JWTs are redacted):") + print(authenticationResult) + } catch _ as SoftwareTokenMFANotFoundException { + print("*** The specified user pool isn't configured for MFA.") + return + } catch _ as CodeMismatchException { + print("*** The specified MFA code doesn't match the expected value.") + return + } catch _ as UserNotFoundException { + print("*** The specified username, \(userName), doesn't exist.") + return + } catch _ as UserNotConfirmedException { + print("*** The user \(userName) has not been confirmed.") + return + } catch let error as NotAuthorizedException { + print("*** Unauthorized access. Reason: \(error.properties.message ?? "<unknown>")") + } catch { + print("*** Error responding to the MFA challenge.") + return + } + } + + + + * For API details, see [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/adminrespondtoauthchallenge\(input:\)) in _AWS SDK for Swift API reference_. + + + +