AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-04-23 · Documentation medium

File: cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md

Summary

Added Swift SDK code example for VerifySoftwareToken API with MFA validation logic

Security assessment

The change documents implementation of multi-factor authentication (MFA) verification using TOTP, which is a security feature. However, there is no evidence of addressing a specific security vulnerability.

Diff

diff --git a/cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md b/cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md
index e4e4d7a14..080e93424 100644
--- a//cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md
+++ b//cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md
@@ -293,0 +294,61 @@ There's more on GitHub. Find the complete example and learn how to set up and ru
+Swift
+    
+
+**SDK for Swift**
+    
+
+###### Note
+
+There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). 
+    
+    
+    import AWSCognitoIdentityProvider
+    
+        /// Confirm that the user's TOTP authenticator is configured correctly by
+        /// sending a code to it to check that it matches successfully.
+        /// 
+        /// - Parameters:
+        ///   - cipClient: The `CongnitoIdentityProviderClient` to use.
+        ///   - session: An authentication session previously returned by an
+        ///     `associateSoftwareToken()` call.
+        ///   - mfaCode: The 6-digit code currently displayed by the user's
+        ///     authenticator, as provided by the user.
+        func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async {
+            do {
+                let output = try await cipClient.verifySoftwareToken(
+                    input: VerifySoftwareTokenInput(
+                        session: session,
+                        userCode: mfaCode
+                    )
+                )
+    
+                guard let tokenStatus = output.status else {
+                    print("*** Unable to get the token's status.")
+                    return
+                }
+                print("=====> The token's status is: \(tokenStatus)")
+            } catch _ as SoftwareTokenMFANotFoundException {
+                print("*** The specified user pool isn't configured for MFA.")
+                return
+            } catch _ as CodeMismatchException {
+                print("*** The specified MFA code doesn't match the expected value.")
+                return
+            } catch _ as UserNotFoundException {
+                print("*** The specified username doesn't exist.")
+                return
+            } catch _ as UserNotConfirmedException {
+                print("*** The user has not been confirmed.")
+                return
+            } catch {
+                print("*** Error verifying the MFA token!")
+                return
+            }
+        }
+    
+    
+
+  * For API details, see [VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken\(input:\)) in _AWS SDK for Swift API reference_. 
+
+
+
+