AWS code-library documentation change
Summary
Added SAP ABAP code example for AdminInitiateAuth operation, including authentication parameters and SECRET_HASH handling
Security assessment
Demonstrates proper implementation of authentication flow with SECRET_HASH parameter, improving security documentation but not fixing a specific vulnerability
Diff
diff --git a/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md b/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md index 3d40c9300..884fb14f3 100644 --- a//code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md +++ b//code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md @@ -350,0 +351,59 @@ There's more on GitHub. Find the complete example and learn how to set up and ru +SAP ABAP + + +**SDK for SAP ABAP** + + +###### Note + +There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). + + + TRY. + " Set up authentication parameters + DATA(lt_auth_params) = VALUE /aws1/cl_cgpauthparamstype_w=>tt_authparameterstype( + ( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow( + key = 'USERNAME' + value = NEW /aws1/cl_cgpauthparamstype_w( iv_user_name ) ) ) + ( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow( + key = 'PASSWORD' + value = NEW /aws1/cl_cgpauthparamstype_w( iv_password ) ) ) + ). + + " Add SECRET_HASH if provided + IF iv_secret_hash IS NOT INITIAL. + INSERT VALUE #( + key = 'SECRET_HASH' + value = NEW /aws1/cl_cgpauthparamstype_w( iv_secret_hash ) + ) INTO TABLE lt_auth_params. + ENDIF. + + oo_result = lo_cgp->admininitiateauth( + iv_userpoolid = iv_user_pool_id + iv_clientid = iv_client_id + iv_authflow = 'ADMIN_USER_PASSWORD_AUTH' + it_authparameters = lt_auth_params + ). + + DATA(lv_challenge) = oo_result->get_challengename( ). + + IF lv_challenge IS INITIAL. + MESSAGE 'User successfully signed in.' TYPE 'I'. + ELSE. + MESSAGE |Authentication challenge required: { lv_challenge }.| TYPE 'I'. + ENDIF. + + CATCH /aws1/cx_cgpusernotfoundex INTO DATA(lo_user_ex). + MESSAGE |User { iv_user_name } not found.| TYPE 'E'. + + CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex). + MESSAGE 'Not authorized. Check credentials.' TYPE 'E'. + ENDTRY. + + + + * For API details, see [AdminInitiateAuth](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in _AWS SDK for SAP ABAP API reference_. + + + +