CognitoIdentityProvider / Client / verify_software_token

verify_software_token#

CognitoIdentityProvider.Client.verify_software_token(**kwargs)#

Use this API to register a user’s entered time-based one-time password (TOTP) code and mark the user’s software token MFA status as “verified” if successful. The request takes an access token or a session string, but not both.

Note

Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

See also: AWS API Documentation

Request Syntax

response = client.verify_software_token(
    AccessToken='string',
    Session='string',
    UserCode='string',
    FriendlyDeviceName='string'
)
Parameters:
  • AccessToken (string) – A valid access token that Amazon Cognito issued to the user whose software token you want to verify.

  • Session (string) – The session that should be passed both ways in challenge-response calls to the service.

  • UserCode (string) –

    [REQUIRED]

    The one- time password computed using the secret code returned by AssociateSoftwareToken.

  • FriendlyDeviceName (string) – The friendly device name.

Return type:

dict

Returns:

Response Syntax

{
    'Status': 'SUCCESS'|'ERROR',
    'Session': 'string'
}

Response Structure

  • (dict) –

    • Status (string) –

      The status of the verify software token.

    • Session (string) –

      The session that should be passed both ways in challenge-response calls to the service.

Exceptions