CognitoIdentityProvider / Client / verify_software_token
verify_software_token#
- CognitoIdentityProvider.Client.verify_software_token(**kwargs)#
Registers the current user’s time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that’s supplied by your user pool. Marks the user’s software token MFA status as “verified” if successful. The request takes an access token or a session string, but not both.
Note
Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
See also: AWS API Documentation
Request Syntax
response = client.verify_software_token( AccessToken='string', Session='string', UserCode='string', FriendlyDeviceName='string' )
- Parameters:
AccessToken (string) – A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
aws.cognito.signin.user.admin
.Session (string) – The session ID from an
AssociateSoftwareToken
request.UserCode (string) –
[REQUIRED]
A TOTP that the user generated in their configured authenticator app.
FriendlyDeviceName (string) – A friendly name for the device that’s running the TOTP authenticator.
- Return type:
dict
- Returns:
Response Syntax
{ 'Status': 'SUCCESS'|'ERROR', 'Session': 'string' }
Response Structure
(dict) –
Status (string) –
Amazon Cognito can accept or reject the code that you provide. This response parameter indicates the success of TOTP verification. Some reasons that this operation might return an error are clock skew on the user’s device and excessive retries.
Session (string) –
This session ID satisfies an
MFA_SETUP
challenge. Supply the session ID in your challenge response.
Exceptions
CognitoIdentityProvider.Client.exceptions.InvalidParameterException
CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException
CognitoIdentityProvider.Client.exceptions.InvalidUserPoolConfigurationException
CognitoIdentityProvider.Client.exceptions.NotAuthorizedException
CognitoIdentityProvider.Client.exceptions.TooManyRequestsException
CognitoIdentityProvider.Client.exceptions.PasswordResetRequiredException
CognitoIdentityProvider.Client.exceptions.UserNotFoundException
CognitoIdentityProvider.Client.exceptions.UserNotConfirmedException
CognitoIdentityProvider.Client.exceptions.InternalErrorException
CognitoIdentityProvider.Client.exceptions.EnableSoftwareTokenMFAException
CognitoIdentityProvider.Client.exceptions.NotAuthorizedException
CognitoIdentityProvider.Client.exceptions.SoftwareTokenMFANotFoundException
CognitoIdentityProvider.Client.exceptions.CodeMismatchException
CognitoIdentityProvider.Client.exceptions.ForbiddenException