verify_software_token
Validate time-based one-time passwords (TOTP) for multi-factor authentication in AWS Cognito user pools to enhance account security.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| username | Yes | ||
| totpCode | Yes |
Implementation Reference
- index.ts:854-914 (handler)The handler function implements the core logic for verifying the software token (TOTP code) using AWS Cognito's verifySoftwareToken method after retrieving the user session.
async ({ username, totpCode }) => { return new Promise((resolve, reject) => { const cognitoUser = new CognitoUser({ Username: username, Pool: userPool }); cognitoUser.getSession((err: Error | null, _session: CognitoUserSession) => { if (err) { reject({ content: [ { type: "text" as const, text: `Error getting session: ${err.message}`, } ] }); return; } cognitoUser.verifySoftwareToken(totpCode, 'TOTP Authenticator App', { onSuccess: (result) => { resolve({ content: [ { type: "text" as const, text: "TOTP token verified successfully", }, { type: "text" as const, text: `Username: ${username}`, }, { type: "text" as const, text: `Status: ${result || 'SUCCESS'}`, }, { type: "text" as const, text: `Time: ${new Date().toISOString()}`, } ] }); }, onFailure: (err) => { reject({ content: [ { type: "text" as const, text: `Failed to verify TOTP token: ${err.message}`, }, { type: "text" as const, text: `Error code: ${(err as any).code || 'Unknown'}`, } ] }); } }); }); }); } - index.ts:850-852 (schema)The input schema defining parameters 'username' and 'totpCode' validated with Zod.
{ username: z.string(), totpCode: z.string() - index.ts:848-915 (registration)The registration of the 'verify_software_token' tool using server.tool(), specifying name, input schema, and handler function.
server.tool( "verify_software_token", { username: z.string(), totpCode: z.string() }, async ({ username, totpCode }) => { return new Promise((resolve, reject) => { const cognitoUser = new CognitoUser({ Username: username, Pool: userPool }); cognitoUser.getSession((err: Error | null, _session: CognitoUserSession) => { if (err) { reject({ content: [ { type: "text" as const, text: `Error getting session: ${err.message}`, } ] }); return; } cognitoUser.verifySoftwareToken(totpCode, 'TOTP Authenticator App', { onSuccess: (result) => { resolve({ content: [ { type: "text" as const, text: "TOTP token verified successfully", }, { type: "text" as const, text: `Username: ${username}`, }, { type: "text" as const, text: `Status: ${result || 'SUCCESS'}`, }, { type: "text" as const, text: `Time: ${new Date().toISOString()}`, } ] }); }, onFailure: (err) => { reject({ content: [ { type: "text" as const, text: `Failed to verify TOTP token: ${err.message}`, }, { type: "text" as const, text: `Error code: ${(err as any).code || 'Unknown'}`, } ] }); } }); }); }); } )