File: api_op_RespondToAuthChallenge.go

package info (click to toggle)
golang-github-aws-aws-sdk-go-v2 1.17.1-3
links: PTS, VCS
area: main
in suites: bookworm
size: 384,244 kB
sloc: java: 13,538; makefile: 400; sh: 137
file content (234 lines) | stat: -rw-r--r-- 9,987 bytes
// Code generated by smithy-go-codegen DO NOT EDIT.

package cognitoidentityprovider

import (
	"context"
	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
	"github.com/aws/smithy-go/middleware"
	smithyhttp "github.com/aws/smithy-go/transport/http"
)

// Responds to the authentication challenge. This action might generate an SMS text
// message. Starting June 1, 2021, US telecom carriers require you to register an
// origination phone number before you can send SMS messages to US phone numbers.
// If you use SMS text messages in Amazon Cognito, you must register a phone number
// with Amazon Pinpoint (https://console.aws.amazon.com/pinpoint/home/). Amazon
// Cognito uses the registered number automatically. Otherwise, Amazon Cognito
// users who must receive SMS messages might not be able to sign up, activate their
// accounts, or sign in. If you have never used SMS text messages with Amazon
// Cognito or any other Amazon Web Service, Amazon Simple Notification Service
// might place your account in the SMS sandbox. In sandbox mode
// (https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html) , you can send
// messages only to verified phone numbers. After you test your app while in the
// sandbox environment, you can move out of the sandbox and into production. For
// more information, see  SMS message settings for Amazon Cognito user pools
// (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html)
// in the Amazon Cognito Developer Guide.
func (c *Client) RespondToAuthChallenge(ctx context.Context, params *RespondToAuthChallengeInput, optFns ...func(*Options)) (*RespondToAuthChallengeOutput, error) {
	if params == nil {
		params = &RespondToAuthChallengeInput{}
	}

	result, metadata, err := c.invokeOperation(ctx, "RespondToAuthChallenge", params, optFns, c.addOperationRespondToAuthChallengeMiddlewares)
	if err != nil {
		return nil, err
	}

	out := result.(*RespondToAuthChallengeOutput)
	out.ResultMetadata = metadata
	return out, nil
}

// The request to respond to an authentication challenge.
type RespondToAuthChallengeInput struct {

	// The challenge name. For more information, see InitiateAuth
	// (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html).
	// ADMIN_NO_SRP_AUTH isn't a valid value.
	//
	// This member is required.
	ChallengeName types.ChallengeNameType

	// The app client ID.
	//
	// This member is required.
	ClientId *string

	// The Amazon Pinpoint analytics metadata that contributes to your metrics for
	// RespondToAuthChallenge calls.
	AnalyticsMetadata *types.AnalyticsMetadataType

	// The challenge responses. These are inputs corresponding to the value of
	// ChallengeName, for example: SECRET_HASH (if app client is configured with client
	// secret) applies to all of the inputs that follow (including
	// SOFTWARE_TOKEN_MFA).
	//
	// * SMS_MFA: SMS_MFA_CODE, USERNAME.
	//
	// * PASSWORD_VERIFIER:
	// PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, TIMESTAMP, USERNAME.
	// PASSWORD_VERIFIER requires DEVICE_KEY when you sign in with a remembered
	// device.
	//
	// * NEW_PASSWORD_REQUIRED: NEW_PASSWORD, USERNAME, SECRET_HASH (if app
	// client is configured with client secret). To set any required attributes that
	// Amazon Cognito returned as requiredAttributes in the InitiateAuth response, add
	// a userAttributes.attributename  parameter. This parameter can also set values
	// for writable attributes that aren't required by your user pool. In a
	// NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute
	// that already has a value. In RespondToAuthChallenge, set a value for any keys
	// that Amazon Cognito returned in the requiredAttributes parameter, then use the
	// UpdateUserAttributes API operation to modify the value of any additional
	// attributes.
	//
	// * SOFTWARE_TOKEN_MFA: USERNAME and SOFTWARE_TOKEN_MFA_CODE are
	// required attributes.
	//
	// * DEVICE_SRP_AUTH requires USERNAME, DEVICE_KEY, SRP_A
	// (and SECRET_HASH).
	//
	// * DEVICE_PASSWORD_VERIFIER requires everything that
	// PASSWORD_VERIFIER requires, plus DEVICE_KEY.
	//
	// * MFA_SETUP requires USERNAME,
	// plus you must use the session value returned by VerifySoftwareToken in the
	// Session parameter.
	ChallengeResponses map[string]string

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the RespondToAuthChallenge
	// API action, Amazon Cognito invokes any functions that are assigned to the
	// following triggers: post authentication, pre token generation, define auth
	// challenge, create auth challenge, and verify auth challenge. When Amazon Cognito
	// invokes any of these functions, it passes a JSON payload, which the function
	// receives as input. This payload contains a clientMetadata attribute, which
	// provides the data that you assigned to the ClientMetadata parameter in your
	// RespondToAuthChallenge request. In your function code in Lambda, you can process
	// the clientMetadata value to enhance your workflow for your specific needs. For
	// more information, see  Customizing user pool Workflows with Lambda Triggers
	// (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//
	// * Store the
	// ClientMetadata value. This data is available only to Lambda triggers that are
	// assigned to a user pool to support custom workflows. If your user pool
	// configuration doesn't include triggers, the ClientMetadata parameter serves no
	// purpose.
	//
	// * Validate the ClientMetadata value.
	//
	// * Encrypt the ClientMetadata
	// value. Don't use Amazon Cognito to provide sensitive information.
	ClientMetadata map[string]string

	// The session that should be passed both ways in challenge-response calls to the
	// service. If InitiateAuth or RespondToAuthChallenge API call determines that the
	// caller must pass another challenge, they return a session with other challenge
	// parameters. This session should be passed as it is to the next
	// RespondToAuthChallenge API call.
	Session *string

	// Contextual data about your user session, such as the device fingerprint, IP
	// address, or location. Amazon Cognito advanced security evaluates the risk of an
	// authentication event based on the context that your app generates and passes to
	// Amazon Cognito when it makes API requests.
	UserContextData *types.UserContextDataType

	noSmithyDocumentSerde
}

// The response to respond to the authentication challenge.
type RespondToAuthChallengeOutput struct {

	// The result returned by the server in response to the request to respond to the
	// authentication challenge.
	AuthenticationResult *types.AuthenticationResultType

	// The challenge name. For more information, see InitiateAuth
	// (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html).
	ChallengeName types.ChallengeNameType

	// The challenge parameters. For more information, see InitiateAuth
	// (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html).
	ChallengeParameters map[string]string

	// The session that should be passed both ways in challenge-response calls to the
	// service. If the caller must pass another challenge, they return a session with
	// other challenge parameters. This session should be passed as it is to the next
	// RespondToAuthChallenge API call.
	Session *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata

	noSmithyDocumentSerde
}

func (c *Client) addOperationRespondToAuthChallengeMiddlewares(stack *middleware.Stack, options Options) (err error) {
	err = stack.Serialize.Add(&awsAwsjson11_serializeOpRespondToAuthChallenge{}, middleware.After)
	if err != nil {
		return err
	}
	err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpRespondToAuthChallenge{}, middleware.After)
	if err != nil {
		return err
	}
	if err = addSetLoggerMiddleware(stack, options); err != nil {
		return err
	}
	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
		return err
	}
	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
		return err
	}
	if err = addResolveEndpointMiddleware(stack, options); err != nil {
		return err
	}
	if err = addRetryMiddlewares(stack, options); err != nil {
		return err
	}
	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
		return err
	}
	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
		return err
	}
	if err = addClientUserAgent(stack); err != nil {
		return err
	}
	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
		return err
	}
	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
		return err
	}
	if err = addOpRespondToAuthChallengeValidationMiddleware(stack); err != nil {
		return err
	}
	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opRespondToAuthChallenge(options.Region), middleware.Before); err != nil {
		return err
	}
	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
		return err
	}
	if err = addResponseErrorMiddleware(stack); err != nil {
		return err
	}
	if err = addRequestResponseLogging(stack, options); err != nil {
		return err
	}
	return nil
}

func newServiceMetadataMiddleware_opRespondToAuthChallenge(region string) *awsmiddleware.RegisterServiceMetadata {
	return &awsmiddleware.RegisterServiceMetadata{
		Region:        region,
		ServiceID:     ServiceID,
		OperationName: "RespondToAuthChallenge",
	}
}