Skip to content

Verify Software Token

cognitoidentityprovider_verify_software_token R Documentation

Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool

Description

Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool. Marks the user's software token MFA status as "verified" if successful. The request takes an access token or a session string, but not both.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Usage

cognitoidentityprovider_verify_software_token(AccessToken, Session,
  UserCode, FriendlyDeviceName)

Arguments

AccessToken

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.
Session

The session ID from an associate_software_token request.
UserCode

[required] A TOTP that the user generated in their configured authenticator app.
FriendlyDeviceName

A friendly name for the device that's running the TOTP authenticator.

Value

A list with the following syntax:

list(
  Status = "SUCCESS"|"ERROR",
  Session = "string"
)

Request syntax

svc$verify_software_token(
  AccessToken = "string",
  Session = "string",
  UserCode = "string",
  FriendlyDeviceName = "string"
)