AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Start-CGIPAuthAdmin-ClientId <String>-AnalyticsMetadata_AnalyticsEndpointId <String>-AuthFlow <AuthFlowType>-AuthParameter <Hashtable>-ClientMetadata <Hashtable>-ContextData_EncodedData <String>-ContextData_HttpHeader <HttpHeader[]>-ContextData_IpAddress <String>-ContextData_ServerName <String>-ContextData_ServerPath <String>-UserPoolId <String>-Select <String>-PassThru <SwitchParameter>-Force <SwitchParameter>-ClientConfig <AmazonCognitoIdentityProviderConfig>
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
REFRESH_TOKEN_AUTH
will take in a valid refresh token and return new tokens.USER_SRP_AUTH
will take in USERNAME
and SRP_A
and return the Secure Remote Password (SRP) protocol variables to be used for next challenge execution.ADMIN_USER_PASSWORD_AUTH
will take in USERNAME
and PASSWORD
and return the next challenge or tokens.USER_SRP_AUTH
: Authentication flow for the Secure Remote Password (SRP) protocol.REFRESH_TOKEN_AUTH
/REFRESH_TOKEN
: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.CUSTOM_AUTH
: Custom authentication flow.ADMIN_NO_SRP_AUTH
: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly if the flow is enabled for calling the app client.ADMIN_USER_PASSWORD_AUTH
: Admin-based user password authentication. This replaces the ADMIN_NO_SRP_AUTH
authentication flow. In this flow, Amazon Cognito receives the password in the request instead of using the SRP process to verify passwords.Required? | True |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
AuthFlow
that you're invoking. The required values depend on the value of AuthFlow
:USER_SRP_AUTH
: USERNAME
(required), SRP_A
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
.REFRESH_TOKEN_AUTH/REFRESH_TOKEN
: REFRESH_TOKEN
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
.ADMIN_NO_SRP_AUTH
: USERNAME
(required), SECRET_HASH
(if app client is configured with client secret), PASSWORD
(required), DEVICE_KEY
.CUSTOM_AUTH
: USERNAME
(required), SECRET_HASH
(if app client is configured with client secret), DEVICE_KEY
. To start the authentication flow with password verification, include ChallengeName: SRP_A
and SRP_A: (The SRP_A Value)
.Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AuthParameters |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | True |
Position? | 1 |
Accept pipeline input? | True (ByValue, ByPropertyName) |
validationData
attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process the validationData
value to enhance your workflow for your specific needs.When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | ContextData_HttpHeaders |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | True |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AK |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByValue, ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByValue, ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AWSProfilesLocation, ProfilesLocation |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | StoredCredentials, AWSProfileName |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | RegionToCall |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | SK, SecretAccessKey |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | ST |
AWS Tools for PowerShell: 2.x.y.z