AWS Security ChangesHomeSearch

AWS code-library documentation change

Service: code-library · 2025-04-23 · Documentation medium

File: code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md

Summary

Added Swift code example for verifying TOTP (Time-based One-Time Password) with Cognito

Security assessment

The change documents how to verify TOTP tokens, which is part of multi-factor authentication (MFA) setup. MFA is a security feature, but the change does not address a specific vulnerability.

Diff

diff --git a/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md b/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md
index aa7e96588..41ff69664 100644
--- a//code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md
+++ b//code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md
@@ -295,0 +296,61 @@ There's more on GitHub. Find the complete example and learn how to set up and ru
+Swift
+    
+
+**SDK for Swift**
+    
+
+###### Note
+
+There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). 
+    
+    
+    import AWSCognitoIdentityProvider
+    
+        /// Confirm that the user's TOTP authenticator is configured correctly by
+        /// sending a code to it to check that it matches successfully.
+        /// 
+        /// - Parameters:
+        ///   - cipClient: The `CongnitoIdentityProviderClient` to use.
+        ///   - session: An authentication session previously returned by an
+        ///     `associateSoftwareToken()` call.
+        ///   - mfaCode: The 6-digit code currently displayed by the user's
+        ///     authenticator, as provided by the user.
+        func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async {
+            do {
+                let output = try await cipClient.verifySoftwareToken(
+                    input: VerifySoftwareTokenInput(
+                        session: session,
+                        userCode: mfaCode
+                    )
+                )
+    
+                guard let tokenStatus = output.status else {
+                    print("*** Unable to get the token's status.")
+                    return
+                }
+                print("=====> The token's status is: \(tokenStatus)")
+            } catch _ as SoftwareTokenMFANotFoundException {
+                print("*** The specified user pool isn't configured for MFA.")
+                return
+            } catch _ as CodeMismatchException {
+                print("*** The specified MFA code doesn't match the expected value.")
+                return
+            } catch _ as UserNotFoundException {
+                print("*** The specified username doesn't exist.")
+                return
+            } catch _ as UserNotConfirmedException {
+                print("*** The user has not been confirmed.")
+                return
+            } catch {
+                print("*** Error verifying the MFA token!")
+                return
+            }
+        }
+    
+    
+
+  * For API details, see [VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken\(input:\)) in _AWS SDK for Swift API reference_. 
+
+
+
+