verifySoftwareToken method
Use this API to register a user's entered TOTP code and mark the user's software token MFA status as "verified" if successful. The request takes an access token or a session string, but not both.
May throw InvalidParameterException. May throw ResourceNotFoundException. May throw InvalidUserPoolConfigurationException. May throw NotAuthorizedException. May throw TooManyRequestsException. May throw PasswordResetRequiredException. May throw UserNotFoundException. May throw UserNotConfirmedException. May throw InternalErrorException. May throw EnableSoftwareTokenMFAException. May throw NotAuthorizedException. May throw SoftwareTokenMFANotFoundException. May throw CodeMismatchException.
Parameter userCode :
The one time password computed using the secret code returned by AssociateSoftwareToken".
Parameter accessToken :
The access token.
Parameter friendlyDeviceName :
The friendly device name.
Parameter session :
The session which should be passed both ways in challenge-response calls
to the service.
Implementation
Future<VerifySoftwareTokenResponse> verifySoftwareToken({
required String userCode,
String? accessToken,
String? friendlyDeviceName,
String? session,
}) async {
ArgumentError.checkNotNull(userCode, 'userCode');
_s.validateStringLength(
'userCode',
userCode,
6,
6,
isRequired: true,
);
_s.validateStringLength(
'session',
session,
20,
2048,
);
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'AWSCognitoIdentityProviderService.VerifySoftwareToken'
};
final jsonResponse = await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'UserCode': userCode,
if (accessToken != null) 'AccessToken': accessToken,
if (friendlyDeviceName != null)
'FriendlyDeviceName': friendlyDeviceName,
if (session != null) 'Session': session,
},
);
return VerifySoftwareTokenResponse.fromJson(jsonResponse.body);
}