/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include namespace Aws { namespace CognitoIdentityProvider { namespace Model { /** *

The request to respond to an authentication challenge.

See * Also:

AWS * API Reference

*/ class RespondToAuthChallengeRequest : public CognitoIdentityProviderRequest { public: AWS_COGNITOIDENTITYPROVIDER_API RespondToAuthChallengeRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "RespondToAuthChallenge"; } AWS_COGNITOIDENTITYPROVIDER_API Aws::String SerializePayload() const override; AWS_COGNITOIDENTITYPROVIDER_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; ///@{ /** *

The app client ID.

*/ inline const Aws::String& GetClientId() const{ return m_clientId; } inline bool ClientIdHasBeenSet() const { return m_clientIdHasBeenSet; } inline void SetClientId(const Aws::String& value) { m_clientIdHasBeenSet = true; m_clientId = value; } inline void SetClientId(Aws::String&& value) { m_clientIdHasBeenSet = true; m_clientId = std::move(value); } inline void SetClientId(const char* value) { m_clientIdHasBeenSet = true; m_clientId.assign(value); } inline RespondToAuthChallengeRequest& WithClientId(const Aws::String& value) { SetClientId(value); return *this;} inline RespondToAuthChallengeRequest& WithClientId(Aws::String&& value) { SetClientId(std::move(value)); return *this;} inline RespondToAuthChallengeRequest& WithClientId(const char* value) { SetClientId(value); return *this;} ///@} ///@{ /** *

The challenge name. For more information, see InitiateAuth.

ADMIN_NO_SRP_AUTH isn't a valid value.

*/ inline const ChallengeNameType& GetChallengeName() const{ return m_challengeName; } inline bool ChallengeNameHasBeenSet() const { return m_challengeNameHasBeenSet; } inline void SetChallengeName(const ChallengeNameType& value) { m_challengeNameHasBeenSet = true; m_challengeName = value; } inline void SetChallengeName(ChallengeNameType&& value) { m_challengeNameHasBeenSet = true; m_challengeName = std::move(value); } inline RespondToAuthChallengeRequest& WithChallengeName(const ChallengeNameType& value) { SetChallengeName(value); return *this;} inline RespondToAuthChallengeRequest& WithChallengeName(ChallengeNameType&& value) { SetChallengeName(std::move(value)); return *this;} ///@} ///@{ /** *

The session that should be passed both ways in challenge-response calls to * the service. If InitiateAuth or RespondToAuthChallenge * API call determines that the caller must pass another challenge, they return a * session with other challenge parameters. This session should be passed as it is * to the next RespondToAuthChallenge API call.

*/ inline const Aws::String& GetSession() const{ return m_session; } inline bool SessionHasBeenSet() const { return m_sessionHasBeenSet; } inline void SetSession(const Aws::String& value) { m_sessionHasBeenSet = true; m_session = value; } inline void SetSession(Aws::String&& value) { m_sessionHasBeenSet = true; m_session = std::move(value); } inline void SetSession(const char* value) { m_sessionHasBeenSet = true; m_session.assign(value); } inline RespondToAuthChallengeRequest& WithSession(const Aws::String& value) { SetSession(value); return *this;} inline RespondToAuthChallengeRequest& WithSession(Aws::String&& value) { SetSession(std::move(value)); return *this;} inline RespondToAuthChallengeRequest& WithSession(const char* value) { SetSession(value); return *this;} ///@} ///@{ /** *

The responses to the challenge that you received in the previous request. * Each challenge has its own required response parameters. The following examples * are partial JSON request bodies that highlight challenge-response * parameters.

You must provide a SECRET_HASH parameter in all * challenge responses to an app client that has a client secret.

SMS_MFA

"ChallengeName": "SMS_MFA", * "ChallengeResponses": {"SMS_MFA_CODE": "[code]", "USERNAME": * "[username]"}

EMAIL_OTP

* "ChallengeName": "EMAIL_OTP", "ChallengeResponses": {"EMAIL_OTP_CODE": * "[code]", "USERNAME": "[username]"}

PASSWORD_VERIFIER

This challenge response is part of the SRP flow. Amazon Cognito requires * that your application respond to this challenge within a few seconds. When the * response time exceeds this period, your user pool returns a * NotAuthorizedException error.

"ChallengeName": * "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": * "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", * "TIMESTAMP": [timestamp], "USERNAME": "[username]"}

Add * "DEVICE_KEY" when you sign in with a remembered device.

CUSTOM_CHALLENGE

"ChallengeName": "CUSTOM_CHALLENGE", * "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": * "[challenge_answer]"}

Add "DEVICE_KEY" when you sign * in with a remembered device.

NEW_PASSWORD_REQUIRED

* "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": * {"NEW_PASSWORD": "[new_password]", "USERNAME": "[username]"}

To * set any required attributes that InitiateAuth returned in an * requiredAttributes parameter, add * "userAttributes.[attribute_name]": "[attribute_value]". This * parameter can also set values for writable attributes that aren't required by * your user pool.

In a NEW_PASSWORD_REQUIRED challenge * response, you can't modify a required attribute that already has a value. In * RespondToAuthChallenge, set a value for any keys that Amazon * Cognito returned in the requiredAttributes parameter, then use the * UpdateUserAttributes API operation to modify the value of any * additional attributes.

SOFTWARE_TOKEN_MFA

* "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME": * "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]}

DEVICE_SRP_AUTH

"ChallengeName": "DEVICE_SRP_AUTH", * "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]", * "SRP_A": "[srp_a]"}

DEVICE_PASSWORD_VERIFIER

* "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": * {"DEVICE_KEY": "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", * "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], * "USERNAME": "[username]"}

MFA_SETUP

* "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": * "[username]"}, "SESSION": "[Session ID from VerifySoftwareToken]"

SELECT_MFA_TYPE

"ChallengeName": * "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": * "[SMS_MFA or SOFTWARE_TOKEN_MFA]"}

For more * information about SECRET_HASH, see Computing * secret hash values. For information about DEVICE_KEY, see Working * with user devices in your user pool.

*/ inline const Aws::Map& GetChallengeResponses() const{ return m_challengeResponses; } inline bool ChallengeResponsesHasBeenSet() const { return m_challengeResponsesHasBeenSet; } inline void SetChallengeResponses(const Aws::Map& value) { m_challengeResponsesHasBeenSet = true; m_challengeResponses = value; } inline void SetChallengeResponses(Aws::Map&& value) { m_challengeResponsesHasBeenSet = true; m_challengeResponses = std::move(value); } inline RespondToAuthChallengeRequest& WithChallengeResponses(const Aws::Map& value) { SetChallengeResponses(value); return *this;} inline RespondToAuthChallengeRequest& WithChallengeResponses(Aws::Map&& value) { SetChallengeResponses(std::move(value)); return *this;} inline RespondToAuthChallengeRequest& AddChallengeResponses(const Aws::String& key, const Aws::String& value) { m_challengeResponsesHasBeenSet = true; m_challengeResponses.emplace(key, value); return *this; } inline RespondToAuthChallengeRequest& AddChallengeResponses(Aws::String&& key, const Aws::String& value) { m_challengeResponsesHasBeenSet = true; m_challengeResponses.emplace(std::move(key), value); return *this; } inline RespondToAuthChallengeRequest& AddChallengeResponses(const Aws::String& key, Aws::String&& value) { m_challengeResponsesHasBeenSet = true; m_challengeResponses.emplace(key, std::move(value)); return *this; } inline RespondToAuthChallengeRequest& AddChallengeResponses(Aws::String&& key, Aws::String&& value) { m_challengeResponsesHasBeenSet = true; m_challengeResponses.emplace(std::move(key), std::move(value)); return *this; } inline RespondToAuthChallengeRequest& AddChallengeResponses(const char* key, Aws::String&& value) { m_challengeResponsesHasBeenSet = true; m_challengeResponses.emplace(key, std::move(value)); return *this; } inline RespondToAuthChallengeRequest& AddChallengeResponses(Aws::String&& key, const char* value) { m_challengeResponsesHasBeenSet = true; m_challengeResponses.emplace(std::move(key), value); return *this; } inline RespondToAuthChallengeRequest& AddChallengeResponses(const char* key, const char* value) { m_challengeResponsesHasBeenSet = true; m_challengeResponses.emplace(key, value); return *this; } ///@} ///@{ /** *

The Amazon Pinpoint analytics metadata that contributes to your metrics for * RespondToAuthChallenge calls.

*/ inline const AnalyticsMetadataType& GetAnalyticsMetadata() const{ return m_analyticsMetadata; } inline bool AnalyticsMetadataHasBeenSet() const { return m_analyticsMetadataHasBeenSet; } inline void SetAnalyticsMetadata(const AnalyticsMetadataType& value) { m_analyticsMetadataHasBeenSet = true; m_analyticsMetadata = value; } inline void SetAnalyticsMetadata(AnalyticsMetadataType&& value) { m_analyticsMetadataHasBeenSet = true; m_analyticsMetadata = std::move(value); } inline RespondToAuthChallengeRequest& WithAnalyticsMetadata(const AnalyticsMetadataType& value) { SetAnalyticsMetadata(value); return *this;} inline RespondToAuthChallengeRequest& WithAnalyticsMetadata(AnalyticsMetadataType&& value) { SetAnalyticsMetadata(std::move(value)); return *this;} ///@} ///@{ /** *

Contextual data about your user session, such as the device fingerprint, IP * address, or location. Amazon Cognito advanced security evaluates the risk of an * authentication event based on the context that your app generates and passes to * Amazon Cognito when it makes API requests.

*/ inline const UserContextDataType& GetUserContextData() const{ return m_userContextData; } inline bool UserContextDataHasBeenSet() const { return m_userContextDataHasBeenSet; } inline void SetUserContextData(const UserContextDataType& value) { m_userContextDataHasBeenSet = true; m_userContextData = value; } inline void SetUserContextData(UserContextDataType&& value) { m_userContextDataHasBeenSet = true; m_userContextData = std::move(value); } inline RespondToAuthChallengeRequest& WithUserContextData(const UserContextDataType& value) { SetUserContextData(value); return *this;} inline RespondToAuthChallengeRequest& WithUserContextData(UserContextDataType&& value) { SetUserContextData(std::move(value)); return *this;} ///@} ///@{ /** *

A map of custom key-value pairs that you can provide as input for any custom * workflows that this action triggers.

You create custom workflows by * assigning Lambda functions to user pool triggers. When you use the * RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are * assigned to the following triggers: post authentication, pre token * generation, define auth challenge, create auth challenge, and * verify auth challenge. When Amazon Cognito invokes any of these * functions, it passes a JSON payload, which the function receives as input. This * payload contains a clientMetadata attribute, which provides the * data that you assigned to the ClientMetadata parameter in your * RespondToAuthChallenge request. In your function code in Lambda, you can process * the clientMetadata value to enhance your workflow for your specific * needs.

For more information, see * Customizing user pool Workflows with Lambda Triggers in the Amazon * Cognito Developer Guide.

When you use the ClientMetadata * parameter, remember that Amazon Cognito won't do the following:

*
Store the ClientMetadata value. This data is available only to Lambda * triggers that are assigned to a user pool to support custom workflows. If your * user pool configuration doesn't include triggers, the ClientMetadata parameter * serves no purpose.
Validate the ClientMetadata value.
*
Encrypt the ClientMetadata value. Don't use Amazon Cognito to * provide sensitive information.

*/ inline const Aws::Map& GetClientMetadata() const{ return m_clientMetadata; } inline bool ClientMetadataHasBeenSet() const { return m_clientMetadataHasBeenSet; } inline void SetClientMetadata(const Aws::Map& value) { m_clientMetadataHasBeenSet = true; m_clientMetadata = value; } inline void SetClientMetadata(Aws::Map&& value) { m_clientMetadataHasBeenSet = true; m_clientMetadata = std::move(value); } inline RespondToAuthChallengeRequest& WithClientMetadata(const Aws::Map& value) { SetClientMetadata(value); return *this;} inline RespondToAuthChallengeRequest& WithClientMetadata(Aws::Map&& value) { SetClientMetadata(std::move(value)); return *this;} inline RespondToAuthChallengeRequest& AddClientMetadata(const Aws::String& key, const Aws::String& value) { m_clientMetadataHasBeenSet = true; m_clientMetadata.emplace(key, value); return *this; } inline RespondToAuthChallengeRequest& AddClientMetadata(Aws::String&& key, const Aws::String& value) { m_clientMetadataHasBeenSet = true; m_clientMetadata.emplace(std::move(key), value); return *this; } inline RespondToAuthChallengeRequest& AddClientMetadata(const Aws::String& key, Aws::String&& value) { m_clientMetadataHasBeenSet = true; m_clientMetadata.emplace(key, std::move(value)); return *this; } inline RespondToAuthChallengeRequest& AddClientMetadata(Aws::String&& key, Aws::String&& value) { m_clientMetadataHasBeenSet = true; m_clientMetadata.emplace(std::move(key), std::move(value)); return *this; } inline RespondToAuthChallengeRequest& AddClientMetadata(const char* key, Aws::String&& value) { m_clientMetadataHasBeenSet = true; m_clientMetadata.emplace(key, std::move(value)); return *this; } inline RespondToAuthChallengeRequest& AddClientMetadata(Aws::String&& key, const char* value) { m_clientMetadataHasBeenSet = true; m_clientMetadata.emplace(std::move(key), value); return *this; } inline RespondToAuthChallengeRequest& AddClientMetadata(const char* key, const char* value) { m_clientMetadataHasBeenSet = true; m_clientMetadata.emplace(key, value); return *this; } ///@} private: Aws::String m_clientId; bool m_clientIdHasBeenSet = false; ChallengeNameType m_challengeName; bool m_challengeNameHasBeenSet = false; Aws::String m_session; bool m_sessionHasBeenSet = false; Aws::Map m_challengeResponses; bool m_challengeResponsesHasBeenSet = false; AnalyticsMetadataType m_analyticsMetadata; bool m_analyticsMetadataHasBeenSet = false; UserContextDataType m_userContextData; bool m_userContextDataHasBeenSet = false; Aws::Map m_clientMetadata; bool m_clientMetadataHasBeenSet = false; }; } // namespace Model } // namespace CognitoIdentityProvider } // namespace Aws