# Amazon Cognito Identity Provider examples using SDK for SAP ABAP Amazon Cognito Identity Provider The following code examples show you how to perform actions and implement common scenarios by using the AWS SDK for SAP ABAP with Amazon Cognito Identity Provider. *Actions* are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios. Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context. **Topics** + [Actions](#actions) ## Actions Actions ### `AdminInitiateAuth` `AdminInitiateAuth` The following code example shows how to use `AdminInitiateAuth`. **SDK for SAP ABAP** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. " Set up authentication parameters DATA(lt_auth_params) = VALUE /aws1/cl_cgpauthparamstype_w=>tt_authparameterstype( ( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow( key = 'USERNAME' value = NEW /aws1/cl_cgpauthparamstype_w( iv_user_name ) ) ) ( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow( key = 'PASSWORD' value = NEW /aws1/cl_cgpauthparamstype_w( iv_password ) ) ) ). " Add SECRET_HASH if provided IF iv_secret_hash IS NOT INITIAL. INSERT VALUE #( key = 'SECRET_HASH' value = NEW /aws1/cl_cgpauthparamstype_w( iv_secret_hash ) ) INTO TABLE lt_auth_params. ENDIF. oo_result = lo_cgp->admininitiateauth( iv_userpoolid = iv_user_pool_id iv_clientid = iv_client_id iv_authflow = 'ADMIN_USER_PASSWORD_AUTH' it_authparameters = lt_auth_params ). DATA(lv_challenge) = oo_result->get_challengename( ). IF lv_challenge IS INITIAL. MESSAGE 'User successfully signed in.' TYPE 'I'. ELSE. MESSAGE |Authentication challenge required: { lv_challenge }.| TYPE 'I'. ENDIF. CATCH /aws1/cx_cgpusernotfoundex INTO DATA(lo_user_ex). MESSAGE |User { iv_user_name } not found.| TYPE 'E'. CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex). MESSAGE 'Not authorized. Check credentials.' TYPE 'E'. ENDTRY. ``` + For API details, see [AdminInitiateAuth](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*. ### `AdminRespondToAuthChallenge` `AdminRespondToAuthChallenge` The following code example shows how to use `AdminRespondToAuthChallenge`. **SDK for SAP ABAP** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. " Build challenge responses DATA(lt_challenge_responses) = VALUE /aws1/cl_cgpchallengerspstyp00=>tt_challengeresponsestype( ( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow( key = 'USERNAME' value = NEW /aws1/cl_cgpchallengerspstyp00( iv_user_name ) ) ) ( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow( key = 'SOFTWARE_TOKEN_MFA_CODE' value = NEW /aws1/cl_cgpchallengerspstyp00( iv_mfa_code ) ) ) ). " Add SECRET_HASH if provided IF iv_secret_hash IS NOT INITIAL. INSERT VALUE #( key = 'SECRET_HASH' value = NEW /aws1/cl_cgpchallengerspstyp00( iv_secret_hash ) ) INTO TABLE lt_challenge_responses. ENDIF. DATA(lo_result) = lo_cgp->adminrespondtoauthchallenge( iv_userpoolid = iv_user_pool_id iv_clientid = iv_client_id iv_challengename = 'SOFTWARE_TOKEN_MFA' it_challengeresponses = lt_challenge_responses iv_session = iv_session ). oo_auth_result = lo_result->get_authenticationresult( ). IF oo_auth_result IS BOUND. MESSAGE 'MFA challenge completed successfully.' TYPE 'I'. ELSE. " Another challenge might be required DATA(lv_next_challenge) = lo_result->get_challengename( ). MESSAGE |Additional challenge required: { lv_next_challenge }.| TYPE 'I'. ENDIF. CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex). MESSAGE 'Invalid MFA code provided.' TYPE 'E'. CATCH /aws1/cx_cgpexpiredcodeex INTO DATA(lo_expired_ex). MESSAGE 'MFA code has expired.' TYPE 'E'. CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex). MESSAGE 'Not authorized. Check MFA configuration.' TYPE 'E'. ENDTRY. ``` + For API details, see [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*. ### `AssociateSoftwareToken` `AssociateSoftwareToken` The following code example shows how to use `AssociateSoftwareToken`. **SDK for SAP ABAP** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. DATA(lo_result) = lo_cgp->associatesoftwaretoken( iv_session = iv_session ). ov_secret_code = lo_result->get_secretcode( ). MESSAGE 'MFA secret code generated successfully.' TYPE 'I'. CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex). MESSAGE 'Session not found or expired.' TYPE 'E'. CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex). MESSAGE 'Not authorized to associate software token.' TYPE 'E'. ENDTRY. ``` + For API details, see [AssociateSoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*. ### `ListUsers` `ListUsers` The following code example shows how to use `ListUsers`. **SDK for SAP ABAP** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. DATA(lo_result) = lo_cgp->listusers( iv_userpoolid = iv_user_pool_id ). ot_users = lo_result->get_users( ). MESSAGE |Found { lines( ot_users ) } users in the pool.| TYPE 'I'. CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex). MESSAGE |User pool { iv_user_pool_id } not found.| TYPE 'E'. CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex). MESSAGE 'Not authorized to list users.' TYPE 'E'. ENDTRY. ``` + For API details, see [ListUsers](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*. ### `VerifySoftwareToken` `VerifySoftwareToken` The following code example shows how to use `VerifySoftwareToken`. **SDK for SAP ABAP** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. DATA(lo_result) = lo_cgp->verifysoftwaretoken( iv_session = iv_session iv_usercode = iv_user_code ). ov_status = lo_result->get_status( ). IF ov_status = 'SUCCESS'. MESSAGE 'MFA token verified successfully.' TYPE 'I'. ELSE. MESSAGE |MFA verification status: { ov_status }.| TYPE 'I'. ENDIF. CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex). MESSAGE 'Invalid MFA code provided.' TYPE 'E'. CATCH /aws1/cx_cgpenbsoftwaretokmf00 INTO DATA(lo_enabled_ex). MESSAGE 'Software token MFA is already enabled.' TYPE 'E'. ENDTRY. ``` + For API details, see [VerifySoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*.