AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Initiates sign-in for a user in the Amazon Cognito user directory. You can't sign
in a user with a federated IdP with
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Servicesservice, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
InitiateAuth
. For more information, see
Adding user pool sign-in through a third party.
For .NET Core this operation is only available in asynchronous form. Please refer to InitiateAuthAsync.
Namespace: Amazon.CognitoIdentityProvider
Assembly: AWSSDK.CognitoIdentityProvider.dll
Version: 3.x.y.z
public virtual InitiateAuthResponse InitiateAuth( InitiateAuthRequest request )
Container for the necessary parameters to execute the InitiateAuth service method.
Exception | Condition |
---|---|
ForbiddenException | This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with your user pool. |
InternalErrorException | This exception is thrown when Amazon Cognito encounters an internal error. |
InvalidEmailRoleAccessPolicyException | This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: 400. |
InvalidLambdaResponseException | This exception is thrown when Amazon Cognito encounters an invalid Lambda response. |
InvalidParameterException | This exception is thrown when the Amazon Cognito service encounters an invalid parameter. |
InvalidSmsRoleAccessPolicyException | This exception is returned when the role provided for SMS configuration doesn't have permission to publish using Amazon SNS. |
InvalidSmsRoleTrustRelationshipException | This exception is thrown when the trust relationship is not valid for the role provided for SMS configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external ID provided in the role does not match what is provided in the SMS configuration for the user pool. |
InvalidUserPoolConfigurationException | This exception is thrown when the user pool configuration is not valid. |
NotAuthorizedException | This exception is thrown when a user isn't authorized. |
PasswordResetRequiredException | This exception is thrown when a password reset is required. |
ResourceNotFoundException | This exception is thrown when the Amazon Cognito service can't find the requested resource. |
TooManyRequestsException | This exception is thrown when the user has made too many requests for a given operation. |
UnexpectedLambdaException | This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. |
UserLambdaValidationException | This exception is thrown when the Amazon Cognito service encounters a user validation exception with the Lambda service. |
UserNotConfirmedException | This exception is thrown when a user isn't confirmed successfully. |
UserNotFoundException | This exception is thrown when a user isn't found. |
The following example signs in the user mytestuser with analytics data, client metadata, and user context data for advanced security.
var client = new AmazonCognitoIdentityProviderClient(); var response = client.InitiateAuth(new InitiateAuthRequest { AnalyticsMetadata = new AnalyticsMetadataType { AnalyticsEndpointId = "d70b2ba36a8c4dc5a04a0451a31a1e12" }, AuthFlow = "USER_PASSWORD_AUTH", AuthParameters = new Dictionary<string, string> { { "PASSWORD", "This-is-my-test-99!" }, { "SECRET_HASH", "oT5ZkS8ctnrhYeeGsGTvOzPhoc/Jd1cO5fueBWFVmp8=" }, { "USERNAME", "mytestuser" } }, ClientId = "1example23456789", ClientMetadata = new Dictionary<string, string> { { "MyTestKey", "MyTestValue" } }, UserContextData = new UserContextDataType { EncodedData = "AmazonCognitoAdvancedSecurityData_object", IpAddress = "192.0.2.1" } }); string challengeName = response.ChallengeName; Dictionary<string, string> challengeParameters = response.ChallengeParameters; string session = response.Session;
.NET Framework:
Supported in: 4.5 and newer, 3.5