Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cognito MVP for Swift SDK #7201

Open
5 tasks
shepazon opened this issue Jan 21, 2025 · 0 comments
Open
5 tasks

Cognito MVP for Swift SDK #7201

shepazon opened this issue Jan 21, 2025 · 0 comments
Labels
Swift This issue relates to the AWS SDK for Swift

Comments

@shepazon
Copy link
Contributor

Implement the scenario and service action calls to create examples for each SDK.

Service actions

Service actions can either be pulled out as individual functions or can be incorporated into the scenario, but each service action must be included as an excerpt in the SOS output.

ConfirmSignUp
ConfirmDevice
AssociateSoftwareToken
AdminGetUser
ListUsers
ResendConfirmationCode
RespondToAuthChallenge
AdminRespondToAuthChallenge
SignUp
InitiateAuth
AdminInitiateAuth
VerifySoftwareToken

Scenario

A scenario runs at a command prompt and prints output to the user on the result of each service action. A scenario can run in one of two ways: straight through, printing out progress as it goes, or as an interactive question/answer script.

Scaffolding

CDK/CFN script to set up user pool is provided in resources/cdk/cognito_scenario_user_pool_with_mfa.

The script creates a user pool configured with:

  • self-sign up enabled
  • auto verify email
  • email required
  • sign in case insensitive
  • MFA required
  • MFA second factor OTP:true, SMS: false

And a client app added to the pool with two auth flows enabled:

  • ADMIN_USER_PASSWORD_AUTH
  • USER_PASSWORD_AUTH

Sign up users with MFA

  1. Sign up: SignUp
  2. [Optional] AdminGetUser to get user confirmation status if user exists.
  3. [Optional] ResendConfirmationCode if user needs another code.
  4. Confirm signup: ConfirmSignUp
  5. Sign in, get prompted to set up TOTP (Time-based one-time password) MFA: AdminInitiateAuth with ADMIN_USER_PASSWORD_AUTH (Response: “ChallengeName”: “MFA_SETUP”)
  6. Generate a TOTP MFA private key: AssociateSoftwareToken, Generate a QR code from response and display to user.
  7. Verify the TOTP and register for MFA: VerifySoftwareToken
  8. Sign in again, get prompted to submit TOTP: AdminInitiateAuth with ADMIN_USER_PASSWORD_AUTH (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”)
  9. Provide TOTP, get tokens: AdminRespondToAuthChallenge

[Bonus]

  1. Register user’s device: ConfirmDevice
  2. Sign in with device: InitiateAuth with USER_PASSWORD_AUTH (include DEVICE_KEY). Challenge response DEVICE_SRP_AUTH.
  3. RespondToAuthChallenge with DEVICE_SRP_AUTH, get DEVICE_PASSWORD_VERIFIER challenge.
  4. RespondToAuthChallenge with DEVICE_PASSWORD_VERIFIER (requires SRP calculations), get access tokens without the need to generate a new MFA code.
  • Runnable scenario code.
  • Service action code (may be same as scenario code).
  • Integration or unit tests.
  • Scenario and API examples tagged for SOS.
  • README
@shepazon shepazon added the Swift This issue relates to the AWS SDK for Swift label Jan 21, 2025
@shepazon shepazon mentioned this issue Jan 21, 2025
Closed
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Swift This issue relates to the AWS SDK for Swift
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shepazon