Custom authentication challenge Lambda triggers - Amazon Cognito

Custom authentication challenge Lambda triggers


            Challenge Lambda triggers

These Lambda triggers issue and verify their own challenges as part of a user pool custom authentication flow.

Define auth challenge

Amazon Cognito invokes this trigger to initiate the custom authentication flow.

Create auth challenge

Amazon Cognito invokes this trigger after Define Auth Challenge to create a custom challenge.

Verify auth challenge response

Amazon Cognito invokes this trigger to verify if the response from the end user for a custom challenge is valid or not.

You can incorporate new challenge types with these challenge Lambda triggers. For example, these challenge types might include CAPTCHAs or dynamic challenge questions.

You can generalize authentication into two common steps with the user pool InitiateAuth and RespondToAuthChallenge API methods.

In this flow, a user authenticates by answering successive challenges until authentication either fails or the user is issued tokens. These two API calls can be repeated to include different challenges.

Note

The Amazon Cognito hosted UI doesn't support custom authentication with custom authentication challenge Lambda triggers.