Menu
Amazon Cognito
Developer Guide

Define Auth Challenge Lambda Parameters

Amazon Cognito invokes this trigger to initiate the custom authentication flow.

The request contains session, which is an array containing all of the challenges that are presented to the user in the authentication process that is underway, along with the corresponding result. The challenge details (ChallengeResult) are stored in chronological order in the session array, with session[0] representing the first challenge that is presented to the user.

"request": { "userAttributes": { "string": "string", .... }, "session": { [ ChallengeResult ] } }
userAttributes

One or more name-value pairs representing user attributes.

session

The session element is an array of ChallengeResult elements, each of which contains the following elements:

challengeName

The challenge type. One of: "CUSTOM_CHALLENGE", "PASSWORD_VERIFIER", "SMS_MFA", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", or "ADMIN_NO_SRP_AUTH".

challengeResult

Set to true if the user successfully completed the challenge, or false otherwise.

challengeMetaData

Your name for the custom challenge. Used only if challengeName is "CUSTOM_CHALLENGE".

In the response, you can return the next stage of the authentication process.

"response": { "challengeName": "string", "issueTokens": boolean, "failAuthentication": boolean }
challengeName

A string containing the name of the next challenge. If you want to present a new challenge to your user, specify the challenge name here.

issueTokens

Set to true if you determine that the user has sufficiently authenticated by completing the challenges, or false otherwise.

failAuthentication

Set to true if you want to terminate the current authentication process, or false otherwise.