Custom authentication challenge Lambda triggers
These Lambda triggers issue and verify their own challenges as part of a user pool custom authentication flow.
- Define auth challenge
-
Amazon Cognito invokes this trigger to initiate the custom authentication flow.
- Create auth challenge
-
Amazon Cognito invokes this trigger after Define Auth Challenge to create a custom challenge.
- Verify auth challenge response
-
Amazon Cognito invokes this trigger to verify if the response from the end user for a custom challenge is valid or not.
You can incorporate new challenge types with these challenge Lambda triggers. For example, these challenge types might include CAPTCHAs or dynamic challenge questions.
You can generalize authentication into two common steps with the user pool InitiateAuth and RespondToAuthChallenge API methods.
In this flow, a user authenticates by answering successive challenges until authentication either fails or the user is issued tokens. These two API calls can be repeated to include different challenges.
Note
The Amazon Cognito hosted UI doesn't support custom authentication with custom authentication challenge Lambda triggers.