AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Some API operations in a user pool generate a challenge, like a prompt for an MFA
code, for device authentication that bypasses MFA, or for a custom authentication
challenge. A RespondToAuthChallenge
API request provides the answer to that
challenge, like a code or a secure remote password (SRP). The parameters of a response
to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
This is an asynchronous operation using the standard naming convention for .NET 4.5 or higher. For .NET 3.5 the operation is implemented as a pair of methods using the standard naming convention of BeginRespondToAuthChallenge and EndRespondToAuthChallenge.
Namespace: Amazon.CognitoIdentityProvider
Assembly: AWSSDK.CognitoIdentityProvider.dll
Version: 3.x.y.z
public virtual Task<RespondToAuthChallengeResponse> RespondToAuthChallengeAsync( RespondToAuthChallengeRequest request, CancellationToken cancellationToken )
Container for the necessary parameters to execute the RespondToAuthChallenge service method.
A cancellation token that can be used by other objects or threads to receive notice of cancellation.
Exception | Condition |
---|---|
AliasExistsException | This exception is thrown when a user tries to confirm the account with an email address or phone number that has already been supplied as an alias for a different user profile. This exception indicates that an account with this email address or phone already exists in a user pool that you've configured to use email address or phone number as a sign-in alias. |
CodeMismatchException | This exception is thrown if the provided code doesn't match what the server was expecting. |
ExpiredCodeException | This exception is thrown if a code has expired. |
ForbiddenException | This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with your user pool. |
InternalErrorException | This exception is thrown when Amazon Cognito encounters an internal error. |
InvalidLambdaResponseException | This exception is thrown when Amazon Cognito encounters an invalid Lambda response. |
InvalidParameterException | This exception is thrown when the Amazon Cognito service encounters an invalid parameter. |
InvalidPasswordException | This exception is thrown when Amazon Cognito encounters an invalid password. |
InvalidSmsRoleAccessPolicyException | This exception is returned when the role provided for SMS configuration doesn't have permission to publish using Amazon SNS. |
InvalidSmsRoleTrustRelationshipException | This exception is thrown when the trust relationship is not valid for the role provided for SMS configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external ID provided in the role does not match what is provided in the SMS configuration for the user pool. |
InvalidUserPoolConfigurationException | This exception is thrown when the user pool configuration is not valid. |
MFAMethodNotFoundException | This exception is thrown when Amazon Cognito can't find a multi-factor authentication (MFA) method. |
NotAuthorizedException | This exception is thrown when a user isn't authorized. |
PasswordResetRequiredException | This exception is thrown when a password reset is required. |
ResourceNotFoundException | This exception is thrown when the Amazon Cognito service can't find the requested resource. |
SoftwareTokenMFANotFoundException | This exception is thrown when the software token time-based one-time password (TOTP) multi-factor authentication (MFA) isn't activated for the user pool. |
TooManyRequestsException | This exception is thrown when the user has made too many requests for a given operation. |
UnexpectedLambdaException | This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. |
UserLambdaValidationException | This exception is thrown when the Amazon Cognito service encounters a user validation exception with the Lambda service. |
UserNotConfirmedException | This exception is thrown when a user isn't confirmed successfully. |
UserNotFoundException | This exception is thrown when a user isn't found. |
.NET Core App:
Supported in: 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5