feat(client-cognito-identity-provider): Amazon Cognito now supports IP Address propagation for all unauthenticated APIs (e.g. SignUp, ForgotPassword).

Author: awstools

clients/client-cognito-identity-provider/src/CognitoIdentityProvider.ts

@@ -1537,15 +1537,22 @@ export class CognitoIdentityProvider extends CognitoIdentityProviderClient {
   }
 
   /**
-   * <p>Returns a unique generated shared secret key code for the user account. The request
-   *             takes an access token or a session string, but not both.</p>
+   * <p>Begins setup of time-based one-time password multi-factor authentication (TOTP MFA)
+   *             for a user, with a unique private key that Amazon Cognito generates and returns in the API
+   *             response. You can authorize an <code>AssociateSoftwareToken</code> request with either
+   *             the user's access token, or a session string from a challenge response that you received
+   *             from Amazon Cognito.</p>
    *         <note>
-   *             <p>Calling AssociateSoftwareToken immediately disassociates the existing software
-   *                 token from the user account. If the user doesn't subsequently verify the software
-   *                 token, their account is set up to authenticate without MFA. If MFA config is set to
-   *                 Optional at the user pool level, the user can then log in without MFA. However, if
-   *                 MFA is set to Required for the user pool, the user is asked to set up a new software
-   *                 token MFA during sign-in.</p>
+   *             <p>Amazon Cognito disassociates an existing software token when you verify the new token in a
+   *                     <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html"> VerifySoftwareToken</a> API request. If you don't verify the software
+   *                 token and your user pool doesn't require MFA, the user can then authenticate with
+   *                 user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito
+   *                 generates an <code>MFA_SETUP</code> or <code>SOFTWARE_TOKEN_SETUP</code> challenge
+   *                 each time your user signs. Complete setup with <code>AssociateSoftwareToken</code>
+   *                 and <code>VerifySoftwareToken</code>.</p>
+   *             <p>After you set up software token MFA for your user, Amazon Cognito generates a
+   *                     <code>SOFTWARE_TOKEN_MFA</code> challenge when they authenticate. Respond to
+   *                 this challenge with your user's TOTP.</p>
    *         </note>
    */
   public associateSoftwareToken(

clients/client-cognito-identity-provider/src/commands/AssociateSoftwareTokenCommand.ts

@@ -28,15 +28,22 @@ export interface AssociateSoftwareTokenCommandInput extends AssociateSoftwareTok
 export interface AssociateSoftwareTokenCommandOutput extends AssociateSoftwareTokenResponse, __MetadataBearer {}
 
 /**
- * <p>Returns a unique generated shared secret key code for the user account. The request
- *             takes an access token or a session string, but not both.</p>
+ * <p>Begins setup of time-based one-time password multi-factor authentication (TOTP MFA)
+ *             for a user, with a unique private key that Amazon Cognito generates and returns in the API
+ *             response. You can authorize an <code>AssociateSoftwareToken</code> request with either
+ *             the user's access token, or a session string from a challenge response that you received
+ *             from Amazon Cognito.</p>
  *         <note>
- *             <p>Calling AssociateSoftwareToken immediately disassociates the existing software
- *                 token from the user account. If the user doesn't subsequently verify the software
- *                 token, their account is set up to authenticate without MFA. If MFA config is set to
- *                 Optional at the user pool level, the user can then log in without MFA. However, if
- *                 MFA is set to Required for the user pool, the user is asked to set up a new software
- *                 token MFA during sign-in.</p>
+ *             <p>Amazon Cognito disassociates an existing software token when you verify the new token in a
+ *                     <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html"> VerifySoftwareToken</a> API request. If you don't verify the software
+ *                 token and your user pool doesn't require MFA, the user can then authenticate with
+ *                 user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito
+ *                 generates an <code>MFA_SETUP</code> or <code>SOFTWARE_TOKEN_SETUP</code> challenge
+ *                 each time your user signs. Complete setup with <code>AssociateSoftwareToken</code>
+ *                 and <code>VerifySoftwareToken</code>.</p>
+ *             <p>After you set up software token MFA for your user, Amazon Cognito generates a
+ *                     <code>SOFTWARE_TOKEN_MFA</code> challenge when they authenticate. Respond to
+ *                 this challenge with your user's TOTP.</p>
  *         </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.