Class: Aws::CognitoIdentityProvider::Types::RespondToAuthChallengeResponse
- Inherits:
-
Struct
- Object
- Struct
- Aws::CognitoIdentityProvider::Types::RespondToAuthChallengeResponse
- Defined in:
- gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/types.rb
Overview
The response to respond to the authentication challenge.
Constant Summary collapse
- SENSITIVE =
[:session]
Instance Attribute Summary collapse
-
#authentication_result ⇒ Types::AuthenticationResultType
The outcome of a successful authentication process.
-
#challenge_name ⇒ String
The name of the next challenge that you must respond to.
-
#challenge_parameters ⇒ Hash<String,String>
The parameters that define your response to the next challenge.
-
#session ⇒ String
The session identifier that maintains the state of authentication requests and challenge responses.
Instance Attribute Details
#authentication_result ⇒ Types::AuthenticationResultType
The outcome of a successful authentication process. After your
application has passed all challenges, Amazon Cognito returns an
AuthenticationResult
with the JSON web tokens (JWTs) that indicate
successful sign-in.
9769 9770 9771 9772 9773 9774 9775 9776 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/types.rb', line 9769 class RespondToAuthChallengeResponse < Struct.new( :challenge_name, :session, :challenge_parameters, :authentication_result) SENSITIVE = [:session] include Aws::Structure end |
#challenge_name ⇒ String
The name of the next challenge that you must respond to.
Possible challenges include the following:
USERNAME
and, when the app
client has a client secret, SECRET_HASH
in the parameters. Include
a DEVICE_KEY
for device authentication.
WEB_AUTHN
: Respond to the challenge with the results of a successful authentication with a WebAuthn authenticator, or passkey, asCREDENTIAL
. Examples of WebAuthn authenticators include biometric devices and security keys.PASSWORD
: Respond with the user's password asPASSWORD
.PASSWORD_SRP
: Respond with the initial SRP secret asSRP_A
.SELECT_CHALLENGE
: Respond with a challenge selection asANSWER
. It must be one of the challenge types in theAvailableChallenges
response parameter. Add the parameters of the selected challenge, for exampleUSERNAME
andSMS_OTP
.SMS_MFA
: Respond with the code that your user pool delivered in an SMS message, asSMS_MFA_CODE
EMAIL_MFA
: Respond with the code that your user pool delivered in an email message, asEMAIL_MFA_CODE
EMAIL_OTP
: Respond with the code that your user pool delivered in an email message, asEMAIL_OTP_CODE
.SMS_OTP
: Respond with the code that your user pool delivered in an SMS message, asSMS_OTP_CODE
.PASSWORD_VERIFIER
: Respond with the second stage of SRP secrets asPASSWORD_CLAIM_SIGNATURE
,PASSWORD_CLAIM_SECRET_BLOCK
, andTIMESTAMP
.CUSTOM_CHALLENGE
: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. The parameters of the challenge are determined by your Lambda function and issued in theChallengeParameters
of a challenge response.DEVICE_SRP_AUTH
: Respond with the initial parameters of device SRP authentication. For more information, see Signing in with a device.DEVICE_PASSWORD_VERIFIER
: Respond withPASSWORD_CLAIM_SIGNATURE
,PASSWORD_CLAIM_SECRET_BLOCK
, andTIMESTAMP
after client-side SRP calculations. For more information, see Signing in with a device.NEW_PASSWORD_REQUIRED
: For users who are required to change their passwords after successful first login. Respond to this challenge withNEW_PASSWORD
and any required attributes that Amazon Cognito returned in therequiredAttributes
parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write.Amazon Cognito only returns this challenge for users who have temporary passwords. When you create passwordless users, you must provide values for all required attributes.
In a NEW_PASSWORD_REQUIRED
challenge response, you can't modify a required attribute that already has a value. InAdminRespondToAuthChallenge
orRespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in therequiredAttributes
parameter, then use theAdminUpdateUserAttributes
orUpdateUserAttributes
API operation to modify the value of any additional attributes.MFA_SETUP
: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parametersMFAS_CAN_SETUP
value.To set up time-based one-time password (TOTP) MFA, use the session returned in this challenge from
InitiateAuth
orAdminInitiateAuth
as an input toAssociateSoftwareToken
. Then, use the session returned byVerifySoftwareToken
as an input toRespondToAuthChallenge
orAdminRespondToAuthChallenge
with challenge nameMFA_SETUP
to complete sign-in.To set up SMS or email MFA, collect a
phone_number
oremail
attribute for the user. Then restart the authentication flow with anInitiateAuth
orAdminInitiateAuth
request.
9769 9770 9771 9772 9773 9774 9775 9776 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/types.rb', line 9769 class RespondToAuthChallengeResponse < Struct.new( :challenge_name, :session, :challenge_parameters, :authentication_result) SENSITIVE = [:session] include Aws::Structure end |
#challenge_parameters ⇒ Hash<String,String>
The parameters that define your response to the next challenge.
9769 9770 9771 9772 9773 9774 9775 9776 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/types.rb', line 9769 class RespondToAuthChallengeResponse < Struct.new( :challenge_name, :session, :challenge_parameters, :authentication_result) SENSITIVE = [:session] include Aws::Structure end |
#session ⇒ String
The session identifier that maintains the state of authentication
requests and challenge responses. If an InitiateAuth
or
RespondToAuthChallenge
API request results in a determination that
your application must pass another challenge, Amazon Cognito returns
a session with other challenge parameters. Send this session
identifier, unmodified, to the next RespondToAuthChallenge
request.
9769 9770 9771 9772 9773 9774 9775 9776 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/types.rb', line 9769 class RespondToAuthChallengeResponse < Struct.new( :challenge_name, :session, :challenge_parameters, :authentication_result) SENSITIVE = [:session] include Aws::Structure end |