Skip to content

Cognito MVP for Swift SDK #7201

New issue
New issue
Open
Feature
Open
Cognito MVP for Swift SDK#7201
Feature
Assignees
shepazon
Labels
SwiftThis issue relates to the AWS SDK for Swift
@shepazon

Description

@shepazon
shepazon
opened on Jan 21, 2025

Implement the scenario and service action calls to create examples for each SDK.

Service actions

Service actions can either be pulled out as individual functions or can be incorporated into the scenario, but each service action must be included as an excerpt in the SOS output.

  • ConfirmSignUp
  • ConfirmDevice
  • AssociateSoftwareToken
  • AdminGetUser
  • ListUsers
  • ResendConfirmationCode
  • RespondToAuthChallenge
  • AdminRespondToAuthChallenge
  • SignUp
  • InitiateAuth
  • AdminInitiateAuth
  • VerifySoftwareToken

Scenario

A scenario runs at a command prompt and prints output to the user on the result of each service action. A scenario can run in one of two ways: straight through, printing out progress as it goes, or as an interactive question/answer script.

Scaffolding

CDK/CFN script to set up user pool is provided in resources/cdk/cognito_scenario_user_pool_with_mfa.

The script creates a user pool configured with:

  • self-sign up enabled
  • auto verify email
  • email required
  • sign in case insensitive
  • MFA required
  • MFA second factor OTP:true, SMS: false

And a client app added to the pool with two auth flows enabled:

  • ADMIN_USER_PASSWORD_AUTH
  • USER_PASSWORD_AUTH

Sign up users with MFA

  1. Sign up: SignUp
  2. [Optional] AdminGetUser to get user confirmation status if user exists.
  3. [Optional] ResendConfirmationCode if user needs another code.
  4. Confirm signup: ConfirmSignUp
  5. Sign in, get prompted to set up TOTP (Time-based one-time password) MFA: AdminInitiateAuth with ADMIN_USER_PASSWORD_AUTH (Response: “ChallengeName”: “MFA_SETUP”)
  6. Generate a TOTP MFA private key: AssociateSoftwareToken, Generate a QR code from response and display to user.
  7. Verify the TOTP and register for MFA: VerifySoftwareToken
  8. Sign in again, get prompted to submit TOTP: AdminInitiateAuth with ADMIN_USER_PASSWORD_AUTH (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”)
  9. Provide TOTP, get tokens: AdminRespondToAuthChallenge

[Bonus]

  1. Register user’s device: ConfirmDevice
  2. Sign in with device: InitiateAuth with USER_PASSWORD_AUTH (include DEVICE_KEY). Challenge response DEVICE_SRP_AUTH.
  3. RespondToAuthChallenge with DEVICE_SRP_AUTH, get DEVICE_PASSWORD_VERIFIER challenge.
  4. RespondToAuthChallenge with DEVICE_PASSWORD_VERIFIER (requires SRP calculations), get access tokens without the need to generate a new MFA code.
  • Runnable scenario code.
  • Service action code (may be same as scenario code).
  • Integration or unit tests.
  • Scenario and API examples tagged for SOS.
  • README

Metadata

Metadata

Assignees

Labels

SwiftThis issue relates to the AWS SDK for Swift

Type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions