AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-04-23 · Documentation low

File: cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md

Summary

Added Swift SDK code example for AssociateSoftwareToken API to demonstrate MFA token setup

Security assessment

The change adds documentation for implementing multi-factor authentication (MFA) using software tokens, which is a security feature. However, there is no evidence of addressing a specific security vulnerability.

Diff

diff --git a/cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md b/cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md
index f49e1633c..b7fdeb0ba 100644
--- a//cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md
+++ b//cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md
@@ -283,0 +284,54 @@ There's more on GitHub. Find the complete example and learn how to set up and ru
+Swift
+    
+
+**SDK for Swift**
+    
+
+###### Note
+
+There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). 
+    
+    
+    import AWSCognitoIdentityProvider
+    
+        /// Request and display an MFA secret token that the user should enter
+        /// into their authenticator to set it up for the user account.
+        /// 
+        /// - Parameters:
+        ///   - cipClient: The `CognitoIdentityProviderClient` to use.
+        ///   - authSession: The authentication session to request an MFA secret
+        ///     for.
+        ///
+        /// - Returns: A string containing the MFA secret token that should be
+        ///   entered into the authenticator software.
+        func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? {
+            do {
+                let output = try await cipClient.associateSoftwareToken(
+                    input: AssociateSoftwareTokenInput(
+                        session: authSession
+                    )
+                )
+    
+                guard let secretCode = output.secretCode else {
+                    print("*** Unable to get the secret code")
+                    return nil
+                }
+    
+                print("=====> Enter this token into Google Authenticator: \(secretCode)")
+                return output.session
+            } catch _ as SoftwareTokenMFANotFoundException {
+                print("*** The specified user pool isn't configured for MFA.")
+                return nil
+            } catch {
+                print("*** An unexpected error occurred getting the secret for the app's MFA.")
+                return nil
+            }
+        }
+    
+    
+
+  * For API details, see [AssociateSoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/associatesoftwaretoken\(input:\)) in _AWS SDK for Swift API reference_. 
+
+
+
+