AWS cognito documentation change
Summary
Added Swift SDK code example for AssociateSoftwareToken API to demonstrate MFA token setup
Security assessment
The change adds documentation for implementing multi-factor authentication (MFA) using software tokens, which is a security feature. However, there is no evidence of addressing a specific security vulnerability.
Diff
diff --git a/cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md b/cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md index f49e1633c..b7fdeb0ba 100644 --- a//cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md +++ b//cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md @@ -283,0 +284,54 @@ There's more on GitHub. Find the complete example and learn how to set up and ru +Swift + + +**SDK for Swift** + + +###### Note + +There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). + + + import AWSCognitoIdentityProvider + + /// Request and display an MFA secret token that the user should enter + /// into their authenticator to set it up for the user account. + /// + /// - Parameters: + /// - cipClient: The `CognitoIdentityProviderClient` to use. + /// - authSession: The authentication session to request an MFA secret + /// for. + /// + /// - Returns: A string containing the MFA secret token that should be + /// entered into the authenticator software. + func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? { + do { + let output = try await cipClient.associateSoftwareToken( + input: AssociateSoftwareTokenInput( + session: authSession + ) + ) + + guard let secretCode = output.secretCode else { + print("*** Unable to get the secret code") + return nil + } + + print("=====> Enter this token into Google Authenticator: \(secretCode)") + return output.session + } catch _ as SoftwareTokenMFANotFoundException { + print("*** The specified user pool isn't configured for MFA.") + return nil + } catch { + print("*** An unexpected error occurred getting the secret for the app's MFA.") + return nil + } + } + + + + * For API details, see [AssociateSoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/associatesoftwaretoken\(input:\)) in _AWS SDK for Swift API reference_. + + + +