AWS cognito documentation change
Summary
Added Swift SDK code example for VerifySoftwareToken API with MFA validation logic
Security assessment
The change documents implementation of multi-factor authentication (MFA) verification using TOTP, which is a security feature. However, there is no evidence of addressing a specific security vulnerability.
Diff
diff --git a/cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md b/cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md index e4e4d7a14..080e93424 100644 --- a//cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md +++ b//cognito/latest/developerguide/cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md @@ -293,0 +294,61 @@ There's more on GitHub. Find the complete example and learn how to set up and ru +Swift + + +**SDK for Swift** + + +###### Note + +There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). + + + import AWSCognitoIdentityProvider + + /// Confirm that the user's TOTP authenticator is configured correctly by + /// sending a code to it to check that it matches successfully. + /// + /// - Parameters: + /// - cipClient: The `CongnitoIdentityProviderClient` to use. + /// - session: An authentication session previously returned by an + /// `associateSoftwareToken()` call. + /// - mfaCode: The 6-digit code currently displayed by the user's + /// authenticator, as provided by the user. + func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async { + do { + let output = try await cipClient.verifySoftwareToken( + input: VerifySoftwareTokenInput( + session: session, + userCode: mfaCode + ) + ) + + guard let tokenStatus = output.status else { + print("*** Unable to get the token's status.") + return + } + print("=====> The token's status is: \(tokenStatus)") + } catch _ as SoftwareTokenMFANotFoundException { + print("*** The specified user pool isn't configured for MFA.") + return + } catch _ as CodeMismatchException { + print("*** The specified MFA code doesn't match the expected value.") + return + } catch _ as UserNotFoundException { + print("*** The specified username doesn't exist.") + return + } catch _ as UserNotConfirmedException { + print("*** The user has not been confirmed.") + return + } catch { + print("*** Error verifying the MFA token!") + return + } + } + + + + * For API details, see [VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken\(input:\)) in _AWS SDK for Swift API reference_. + + + +