AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Send-CGIPAuthChallengeResponse-ClientId <String>-AnalyticsMetadata_AnalyticsEndpointId <String>-ChallengeName <ChallengeNameType>-ChallengeResponse <Hashtable>-ClientMetadata <Hashtable>-UserContextData_EncodedData <String>-UserContextData_IpAddress <String>-Session <String>-Select <String>-PassThru <SwitchParameter>-Force <SwitchParameter>-ClientConfig <AmazonCognitoIdentityProviderConfig>
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
ADMIN_NO_SRP_AUTH
isn't a valid value. Required? | True |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
ChallengeName
, for example:SECRET_HASH
(if app client is configured with client secret) applies to all of the inputs that follow (including SOFTWARE_TOKEN_MFA
).SMS_MFA
: SMS_MFA_CODE
, USERNAME
.PASSWORD_VERIFIER
: PASSWORD_CLAIM_SIGNATURE
, PASSWORD_CLAIM_SECRET_BLOCK
, TIMESTAMP
, USERNAME
.PASSWORD_VERIFIER
requires DEVICE_KEY
when you sign in with a remembered device.NEW_PASSWORD_REQUIRED
: NEW_PASSWORD
, USERNAME
, SECRET_HASH
(if app client is configured with client secret). To set any required attributes that Amazon Cognito returned as requiredAttributes
in the InitiateAuth
response, add a userAttributes.attributename
parameter. This parameter can also set values for writable attributes that aren't required by your user pool.In a NEW_PASSWORD_REQUIRED
challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in the requiredAttributes
parameter, then use the UpdateUserAttributes
API operation to modify the value of any additional attributes.SOFTWARE_TOKEN_MFA
: USERNAME
and SOFTWARE_TOKEN_MFA_CODE
are required attributes.DEVICE_SRP_AUTH
requires USERNAME
, DEVICE_KEY
, SRP_A
(and SECRET_HASH
).DEVICE_PASSWORD_VERIFIER
requires everything that PASSWORD_VERIFIER
requires, plus DEVICE_KEY
.MFA_SETUP
requires USERNAME
, plus you must use the session value returned by VerifySoftwareToken
in the Session
parameter.Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | ChallengeResponses |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | True |
Position? | 1 |
Accept pipeline input? | True (ByValue, ByPropertyName) |
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in Lambda, you can process the clientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
InitiateAuth
or RespondToAuthChallenge
API call determines that the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge
API call. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AK |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByValue, ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByValue, ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AWSProfilesLocation, ProfilesLocation |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | StoredCredentials, AWSProfileName |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | RegionToCall |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | SK, SecretAccessKey |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | ST |
AWS Tools for PowerShell: 2.x.y.z