software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthRequest Maven / Gradle / Ivy
Show all versions of cognitoidentityprovider Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.cognitoidentityprovider.model;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.traits.MapTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructMap;
import software.amazon.awssdk.core.util.SdkAutoConstructMap;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*
* Initiates the authorization request, as an administrator.
*
*/
@Generated("software.amazon.awssdk:codegen")
public final class AdminInitiateAuthRequest extends CognitoIdentityProviderRequest implements
ToCopyableBuilder {
private static final SdkField USER_POOL_ID_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("UserPoolId").getter(getter(AdminInitiateAuthRequest::userPoolId)).setter(setter(Builder::userPoolId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("UserPoolId").build()).build();
private static final SdkField CLIENT_ID_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("ClientId").getter(getter(AdminInitiateAuthRequest::clientId)).setter(setter(Builder::clientId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ClientId").build()).build();
private static final SdkField AUTH_FLOW_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("AuthFlow").getter(getter(AdminInitiateAuthRequest::authFlowAsString)).setter(setter(Builder::authFlow))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("AuthFlow").build()).build();
private static final SdkField> AUTH_PARAMETERS_FIELD = SdkField
.> builder(MarshallingType.MAP)
.memberName("AuthParameters")
.getter(getter(AdminInitiateAuthRequest::authParameters))
.setter(setter(Builder::authParameters))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("AuthParameters").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build()).build()).build()).build();
private static final SdkField> CLIENT_METADATA_FIELD = SdkField
.> builder(MarshallingType.MAP)
.memberName("ClientMetadata")
.getter(getter(AdminInitiateAuthRequest::clientMetadata))
.setter(setter(Builder::clientMetadata))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ClientMetadata").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build()).build()).build()).build();
private static final SdkField ANALYTICS_METADATA_FIELD = SdkField
. builder(MarshallingType.SDK_POJO).memberName("AnalyticsMetadata")
.getter(getter(AdminInitiateAuthRequest::analyticsMetadata)).setter(setter(Builder::analyticsMetadata))
.constructor(AnalyticsMetadataType::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("AnalyticsMetadata").build()).build();
private static final SdkField CONTEXT_DATA_FIELD = SdkField
. builder(MarshallingType.SDK_POJO).memberName("ContextData")
.getter(getter(AdminInitiateAuthRequest::contextData)).setter(setter(Builder::contextData))
.constructor(ContextDataType::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ContextData").build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(USER_POOL_ID_FIELD,
CLIENT_ID_FIELD, AUTH_FLOW_FIELD, AUTH_PARAMETERS_FIELD, CLIENT_METADATA_FIELD, ANALYTICS_METADATA_FIELD,
CONTEXT_DATA_FIELD));
private final String userPoolId;
private final String clientId;
private final String authFlow;
private final Map authParameters;
private final Map clientMetadata;
private final AnalyticsMetadataType analyticsMetadata;
private final ContextDataType contextData;
private AdminInitiateAuthRequest(BuilderImpl builder) {
super(builder);
this.userPoolId = builder.userPoolId;
this.clientId = builder.clientId;
this.authFlow = builder.authFlow;
this.authParameters = builder.authParameters;
this.clientMetadata = builder.clientMetadata;
this.analyticsMetadata = builder.analyticsMetadata;
this.contextData = builder.contextData;
}
/**
*
* The ID of the Amazon Cognito user pool.
*
*
* @return The ID of the Amazon Cognito user pool.
*/
public final String userPoolId() {
return userPoolId;
}
/**
*
* The app client ID.
*
*
* @return The app client ID.
*/
public final String clientId() {
return clientId;
}
/**
*
* The authentication flow for this call to run. The API action will depend on this value. For example:
*
*
* -
*
* REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.
*
*
* -
*
* USER_SRP_AUTH will take in USERNAME and SRP_A and return the Secure Remote
* Password (SRP) protocol variables to be used for next challenge execution.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the
* next challenge or tokens.
*
*
*
*
* Valid values include:
*
*
* -
*
* USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.
*
*
* -
*
* REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access token
* and ID token by supplying a valid refresh token.
*
*
* -
*
* CUSTOM_AUTH: Custom authentication flow.
*
*
* -
*
* ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly
* if the flow is enabled for calling the app client.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH: Admin-based user password authentication. This replaces the
* ADMIN_NO_SRP_AUTH authentication flow. In this flow, Amazon Cognito receives the password in the
* request instead of using the SRP process to verify passwords.
*
*
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #authFlow} will
* return {@link AuthFlowType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available from
* {@link #authFlowAsString}.
*
*
* @return The authentication flow for this call to run. The API action will depend on this value. For example:
*
* -
*
* REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.
*
*
* -
*
* USER_SRP_AUTH will take in USERNAME and SRP_A and return the
* Secure Remote Password (SRP) protocol variables to be used for next challenge execution.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and
* return the next challenge or tokens.
*
*
*
*
* Valid values include:
*
*
* -
*
* USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.
*
*
* -
*
* REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access
* token and ID token by supplying a valid refresh token.
*
*
* -
*
* CUSTOM_AUTH: Custom authentication flow.
*
*
* -
*
* ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD
* directly if the flow is enabled for calling the app client.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH: Admin-based user password authentication. This replaces the
* ADMIN_NO_SRP_AUTH authentication flow. In this flow, Amazon Cognito receives the password in
* the request instead of using the SRP process to verify passwords.
*
*
* @see AuthFlowType
*/
public final AuthFlowType authFlow() {
return AuthFlowType.fromValue(authFlow);
}
/**
*
* The authentication flow for this call to run. The API action will depend on this value. For example:
*
*
* -
*
* REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.
*
*
* -
*
* USER_SRP_AUTH will take in USERNAME and SRP_A and return the Secure Remote
* Password (SRP) protocol variables to be used for next challenge execution.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the
* next challenge or tokens.
*
*
*
*
* Valid values include:
*
*
* -
*
* USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.
*
*
* -
*
* REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access token
* and ID token by supplying a valid refresh token.
*
*
* -
*
* CUSTOM_AUTH: Custom authentication flow.
*
*
* -
*
* ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly
* if the flow is enabled for calling the app client.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH: Admin-based user password authentication. This replaces the
* ADMIN_NO_SRP_AUTH authentication flow. In this flow, Amazon Cognito receives the password in the
* request instead of using the SRP process to verify passwords.
*
*
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #authFlow} will
* return {@link AuthFlowType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available from
* {@link #authFlowAsString}.
*
*
* @return The authentication flow for this call to run. The API action will depend on this value. For example:
*
* -
*
* REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.
*
*
* -
*
* USER_SRP_AUTH will take in USERNAME and SRP_A and return the
* Secure Remote Password (SRP) protocol variables to be used for next challenge execution.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and
* return the next challenge or tokens.
*
*
*
*
* Valid values include:
*
*
* -
*
* USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.
*
*
* -
*
* REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access
* token and ID token by supplying a valid refresh token.
*
*
* -
*
* CUSTOM_AUTH: Custom authentication flow.
*
*
* -
*
* ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD
* directly if the flow is enabled for calling the app client.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH: Admin-based user password authentication. This replaces the
* ADMIN_NO_SRP_AUTH authentication flow. In this flow, Amazon Cognito receives the password in
* the request instead of using the SRP process to verify passwords.
*
*
* @see AuthFlowType
*/
public final String authFlowAsString() {
return authFlow;
}
/**
* For responses, this returns true if the service returned a value for the AuthParameters property. This DOES NOT
* check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasAuthParameters() {
return authParameters != null && !(authParameters instanceof SdkAutoConstructMap);
}
/**
*
* The authentication parameters. These are inputs corresponding to the AuthFlow that you're invoking.
* The required values depend on the value of AuthFlow:
*
*
* -
*
* For USER_SRP_AUTH: USERNAME (required), SRP_A (required),
* SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY
* .
*
*
* -
*
* For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required),
* SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY
* .
*
*
* -
*
* For ADMIN_NO_SRP_AUTH: USERNAME (required), SECRET_HASH (if app client is
* configured with client secret), PASSWORD (required), DEVICE_KEY.
*
*
* -
*
* For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is
* configured with client secret), DEVICE_KEY. To start the authentication flow with password
* verification, include ChallengeName: SRP_A and SRP_A: (The SRP_A Value).
*
*
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasAuthParameters} method.
*
*
* @return The authentication parameters. These are inputs corresponding to the AuthFlow that you're
* invoking. The required values depend on the value of AuthFlow:
*
* -
*
* For USER_SRP_AUTH: USERNAME (required), SRP_A (required),
* SECRET_HASH (required if the app client is configured with a client secret),
* DEVICE_KEY.
*
*
* -
*
* For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required),
* SECRET_HASH (required if the app client is configured with a client secret),
* DEVICE_KEY.
*
*
* -
*
* For ADMIN_NO_SRP_AUTH: USERNAME (required), SECRET_HASH (if app
* client is configured with client secret), PASSWORD (required), DEVICE_KEY.
*
*
* -
*
* For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client
* is configured with client secret), DEVICE_KEY. To start the authentication flow with
* password verification, include ChallengeName: SRP_A and
* SRP_A: (The SRP_A Value).
*
*
*/
public final Map authParameters() {
return authParameters;
}
/**
* For responses, this returns true if the service returned a value for the ClientMetadata property. This DOES NOT
* check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasClientMetadata() {
return clientMetadata != null && !(clientMetadata instanceof SdkAutoConstructMap);
}
/**
*
* A map of custom key-value pairs that you can provide as input for certain custom workflows that this action
* triggers.
*
*
* You create custom workflows by assigning Lambda functions to user pool triggers. When you use the
* AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various
* triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
*
*
* -
*
* Pre signup
*
*
* -
*
* Pre authentication
*
*
* -
*
* User migration
*
*
*
*
* When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function
* receives as input. This payload contains a validationData attribute, which provides the data that
* you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda,
* you can process the validationData value to enhance your workflow for your specific needs.
*
*
* When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following
* triggers, but it doesn't provide the ClientMetadata value as input:
*
*
* -
*
* Post authentication
*
*
* -
*
* Custom message
*
*
* -
*
* Pre token generation
*
*
* -
*
* Create auth challenge
*
*
* -
*
* Define auth challenge
*
*
* -
*
* Verify auth challenge
*
*
*
*
* For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
*
*
*
* When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
*
*
* -
*
* Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool
* to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata
* parameter serves no purpose.
*
*
* -
*
* Validate the ClientMetadata value.
*
*
* -
*
* Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
*
*
*
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasClientMetadata} method.
*
*
* @return A map of custom key-value pairs that you can provide as input for certain custom workflows that this
* action triggers.
*
* You create custom workflows by assigning Lambda functions to user pool triggers. When you use the
* AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various
* triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
*
*
* -
*
* Pre signup
*
*
* -
*
* Pre authentication
*
*
* -
*
* User migration
*
*
*
*
* When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the
* function receives as input. This payload contains a validationData attribute, which provides
* the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your
* function code in Lambda, you can process the validationData value to enhance your workflow
* for your specific needs.
*
*
* When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the
* following triggers, but it doesn't provide the ClientMetadata value as input:
*
*
* -
*
* Post authentication
*
*
* -
*
* Custom message
*
*
* -
*
* Pre token generation
*
*
* -
*
* Create auth challenge
*
*
* -
*
* Define auth challenge
*
*
* -
*
* Verify auth challenge
*
*
*
*
* For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
*
*
*
* When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
*
*
* -
*
* Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a
* user pool to support custom workflows. If your user pool configuration doesn't include triggers, the
* ClientMetadata parameter serves no purpose.
*
*
* -
*
* Validate the ClientMetadata value.
*
*
* -
*
* Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
*
*
*
*/
public final Map clientMetadata() {
return clientMetadata;
}
/**
*
* The analytics metadata for collecting Amazon Pinpoint metrics for AdminInitiateAuth calls.
*
*
* @return The analytics metadata for collecting Amazon Pinpoint metrics for AdminInitiateAuth calls.
*/
public final AnalyticsMetadataType analyticsMetadata() {
return analyticsMetadata;
}
/**
*
* Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito
* advanced security evaluates the risk of an authentication event based on the context that your app generates and
* passes to Amazon Cognito when it makes API requests.
*
*
* @return Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon
* Cognito advanced security evaluates the risk of an authentication event based on the context that your
* app generates and passes to Amazon Cognito when it makes API requests.
*/
public final ContextDataType contextData() {
return contextData;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + super.hashCode();
hashCode = 31 * hashCode + Objects.hashCode(userPoolId());
hashCode = 31 * hashCode + Objects.hashCode(clientId());
hashCode = 31 * hashCode + Objects.hashCode(authFlowAsString());
hashCode = 31 * hashCode + Objects.hashCode(hasAuthParameters() ? authParameters() : null);
hashCode = 31 * hashCode + Objects.hashCode(hasClientMetadata() ? clientMetadata() : null);
hashCode = 31 * hashCode + Objects.hashCode(analyticsMetadata());
hashCode = 31 * hashCode + Objects.hashCode(contextData());
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return super.equals(obj) && equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof AdminInitiateAuthRequest)) {
return false;
}
AdminInitiateAuthRequest other = (AdminInitiateAuthRequest) obj;
return Objects.equals(userPoolId(), other.userPoolId()) && Objects.equals(clientId(), other.clientId())
&& Objects.equals(authFlowAsString(), other.authFlowAsString())
&& hasAuthParameters() == other.hasAuthParameters() && Objects.equals(authParameters(), other.authParameters())
&& hasClientMetadata() == other.hasClientMetadata() && Objects.equals(clientMetadata(), other.clientMetadata())
&& Objects.equals(analyticsMetadata(), other.analyticsMetadata())
&& Objects.equals(contextData(), other.contextData());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("AdminInitiateAuthRequest").add("UserPoolId", userPoolId())
.add("ClientId", clientId() == null ? null : "*** Sensitive Data Redacted ***")
.add("AuthFlow", authFlowAsString())
.add("AuthParameters", authParameters() == null ? null : "*** Sensitive Data Redacted ***")
.add("ClientMetadata", hasClientMetadata() ? clientMetadata() : null)
.add("AnalyticsMetadata", analyticsMetadata()).add("ContextData", contextData()).build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "UserPoolId":
return Optional.ofNullable(clazz.cast(userPoolId()));
case "ClientId":
return Optional.ofNullable(clazz.cast(clientId()));
case "AuthFlow":
return Optional.ofNullable(clazz.cast(authFlowAsString()));
case "AuthParameters":
return Optional.ofNullable(clazz.cast(authParameters()));
case "ClientMetadata":
return Optional.ofNullable(clazz.cast(clientMetadata()));
case "AnalyticsMetadata":
return Optional.ofNullable(clazz.cast(analyticsMetadata()));
case "ContextData":
return Optional.ofNullable(clazz.cast(contextData()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((AdminInitiateAuthRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends CognitoIdentityProviderRequest.Builder, SdkPojo,
CopyableBuilder {
/**
*
* The ID of the Amazon Cognito user pool.
*
*
* @param userPoolId
* The ID of the Amazon Cognito user pool.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder userPoolId(String userPoolId);
/**
*
* The app client ID.
*
*
* @param clientId
* The app client ID.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder clientId(String clientId);
/**
*
* The authentication flow for this call to run. The API action will depend on this value. For example:
*
*
* -
*
* REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.
*
*
* -
*
* USER_SRP_AUTH will take in USERNAME and SRP_A and return the Secure
* Remote Password (SRP) protocol variables to be used for next challenge execution.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return
* the next challenge or tokens.
*
*
*
*
* Valid values include:
*
*
* -
*
* USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.
*
*
* -
*
* REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access
* token and ID token by supplying a valid refresh token.
*
*
* -
*
* CUSTOM_AUTH: Custom authentication flow.
*
*
* -
*
* ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD
* directly if the flow is enabled for calling the app client.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH: Admin-based user password authentication. This replaces the
* ADMIN_NO_SRP_AUTH authentication flow. In this flow, Amazon Cognito receives the password in the
* request instead of using the SRP process to verify passwords.
*
*
*
*
* @param authFlow
* The authentication flow for this call to run. The API action will depend on this value. For
* example:
*
* -
*
* REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.
*
*
* -
*
* USER_SRP_AUTH will take in USERNAME and SRP_A and return the
* Secure Remote Password (SRP) protocol variables to be used for next challenge execution.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and
* return the next challenge or tokens.
*
*
*
*
* Valid values include:
*
*
* -
*
* USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.
*
*
* -
*
* REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the
* access token and ID token by supplying a valid refresh token.
*
*
* -
*
* CUSTOM_AUTH: Custom authentication flow.
*
*
* -
*
* ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD
* directly if the flow is enabled for calling the app client.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH: Admin-based user password authentication. This replaces the
* ADMIN_NO_SRP_AUTH authentication flow. In this flow, Amazon Cognito receives the password
* in the request instead of using the SRP process to verify passwords.
*
*
* @see AuthFlowType
* @return Returns a reference to this object so that method calls can be chained together.
* @see AuthFlowType
*/
Builder authFlow(String authFlow);
/**
*
* The authentication flow for this call to run. The API action will depend on this value. For example:
*
*
* -
*
* REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.
*
*
* -
*
* USER_SRP_AUTH will take in USERNAME and SRP_A and return the Secure
* Remote Password (SRP) protocol variables to be used for next challenge execution.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return
* the next challenge or tokens.
*
*
*
*
* Valid values include:
*
*
* -
*
* USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.
*
*
* -
*
* REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access
* token and ID token by supplying a valid refresh token.
*
*
* -
*
* CUSTOM_AUTH: Custom authentication flow.
*
*
* -
*
* ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD
* directly if the flow is enabled for calling the app client.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH: Admin-based user password authentication. This replaces the
* ADMIN_NO_SRP_AUTH authentication flow. In this flow, Amazon Cognito receives the password in the
* request instead of using the SRP process to verify passwords.
*
*
*
*
* @param authFlow
* The authentication flow for this call to run. The API action will depend on this value. For
* example:
*
* -
*
* REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.
*
*
* -
*
* USER_SRP_AUTH will take in USERNAME and SRP_A and return the
* Secure Remote Password (SRP) protocol variables to be used for next challenge execution.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and
* return the next challenge or tokens.
*
*
*
*
* Valid values include:
*
*
* -
*
* USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.
*
*
* -
*
* REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the
* access token and ID token by supplying a valid refresh token.
*
*
* -
*
* CUSTOM_AUTH: Custom authentication flow.
*
*
* -
*
* ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD
* directly if the flow is enabled for calling the app client.
*
*
* -
*
* ADMIN_USER_PASSWORD_AUTH: Admin-based user password authentication. This replaces the
* ADMIN_NO_SRP_AUTH authentication flow. In this flow, Amazon Cognito receives the password
* in the request instead of using the SRP process to verify passwords.
*
*
* @see AuthFlowType
* @return Returns a reference to this object so that method calls can be chained together.
* @see AuthFlowType
*/
Builder authFlow(AuthFlowType authFlow);
/**
*
* The authentication parameters. These are inputs corresponding to the AuthFlow that you're
* invoking. The required values depend on the value of AuthFlow:
*
*
* -
*
* For USER_SRP_AUTH: USERNAME (required), SRP_A (required),
* SECRET_HASH (required if the app client is configured with a client secret),
* DEVICE_KEY.
*
*
* -
*
* For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required),
* SECRET_HASH (required if the app client is configured with a client secret),
* DEVICE_KEY.
*
*
* -
*
* For ADMIN_NO_SRP_AUTH: USERNAME (required), SECRET_HASH (if app client
* is configured with client secret), PASSWORD (required), DEVICE_KEY.
*
*
* -
*
* For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is
* configured with client secret), DEVICE_KEY. To start the authentication flow with password
* verification, include ChallengeName: SRP_A and SRP_A: (The SRP_A Value).
*
*
*
*
* @param authParameters
* The authentication parameters. These are inputs corresponding to the AuthFlow that you're
* invoking. The required values depend on the value of AuthFlow:
*
* -
*
* For USER_SRP_AUTH: USERNAME (required), SRP_A (required),
* SECRET_HASH (required if the app client is configured with a client secret),
* DEVICE_KEY.
*
*
* -
*
* For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required),
* SECRET_HASH (required if the app client is configured with a client secret),
* DEVICE_KEY.
*
*
* -
*
* For ADMIN_NO_SRP_AUTH: USERNAME (required), SECRET_HASH (if app
* client is configured with client secret), PASSWORD (required), DEVICE_KEY.
*
*
* -
*
* For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app
* client is configured with client secret), DEVICE_KEY. To start the authentication flow
* with password verification, include ChallengeName: SRP_A and
* SRP_A: (The SRP_A Value).
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder authParameters(Map authParameters);
/**
*
* A map of custom key-value pairs that you can provide as input for certain custom workflows that this action
* triggers.
*
*
* You create custom workflows by assigning Lambda functions to user pool triggers. When you use the
* AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various
* triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
*
*
* -
*
* Pre signup
*
*
* -
*
* Pre authentication
*
*
* -
*
* User migration
*
*
*
*
* When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function
* receives as input. This payload contains a validationData attribute, which provides the data
* that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in
* Lambda, you can process the validationData value to enhance your workflow for your specific
* needs.
*
*
* When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following
* triggers, but it doesn't provide the ClientMetadata value as input:
*
*
* -
*
* Post authentication
*
*
* -
*
* Custom message
*
*
* -
*
* Pre token generation
*
*
* -
*
* Create auth challenge
*
*
* -
*
* Define auth challenge
*
*
* -
*
* Verify auth challenge
*
*
*
*
* For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
*
*
*
* When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
*
*
* -
*
* Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user
* pool to support custom workflows. If your user pool configuration doesn't include triggers, the
* ClientMetadata parameter serves no purpose.
*
*
* -
*
* Validate the ClientMetadata value.
*
*
* -
*
* Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
*
*
*
*
*
* @param clientMetadata
* A map of custom key-value pairs that you can provide as input for certain custom workflows that this
* action triggers.
*
* You create custom workflows by assigning Lambda functions to user pool triggers. When you use the
* AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for
* various triggers. The ClientMetadata value is passed as input to the functions for only the following
* triggers:
*
*
* -
*
* Pre signup
*
*
* -
*
* Pre authentication
*
*
* -
*
* User migration
*
*
*
*
* When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the
* function receives as input. This payload contains a validationData attribute, which
* provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request.
* In your function code in Lambda, you can process the validationData value to enhance your
* workflow for your specific needs.
*
*
* When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the
* following triggers, but it doesn't provide the ClientMetadata value as input:
*
*
* -
*
* Post authentication
*
*
* -
*
* Custom message
*
*
* -
*
* Pre token generation
*
*
* -
*
* Create auth challenge
*
*
* -
*
* Define auth challenge
*
*
* -
*
* Verify auth challenge
*
*
*
*
* For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer
* Guide.
*
*
*
* When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
*
*
* -
*
* Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a
* user pool to support custom workflows. If your user pool configuration doesn't include triggers, the
* ClientMetadata parameter serves no purpose.
*
*
* -
*
* Validate the ClientMetadata value.
*
*
* -
*
* Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder clientMetadata(Map clientMetadata);
/**
*
* The analytics metadata for collecting Amazon Pinpoint metrics for AdminInitiateAuth calls.
*
*
* @param analyticsMetadata
* The analytics metadata for collecting Amazon Pinpoint metrics for AdminInitiateAuth
* calls.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder analyticsMetadata(AnalyticsMetadataType analyticsMetadata);
/**
*
* The analytics metadata for collecting Amazon Pinpoint metrics for AdminInitiateAuth calls.
*
* This is a convenience method that creates an instance of the {@link AnalyticsMetadataType.Builder} avoiding
* the need to create one manually via {@link AnalyticsMetadataType#builder()}.
*
*
* When the {@link Consumer} completes, {@link AnalyticsMetadataType.Builder#build()} is called immediately and
* its result is passed to {@link #analyticsMetadata(AnalyticsMetadataType)}.
*
* @param analyticsMetadata
* a consumer that will call methods on {@link AnalyticsMetadataType.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #analyticsMetadata(AnalyticsMetadataType)
*/
default Builder analyticsMetadata(Consumer analyticsMetadata) {
return analyticsMetadata(AnalyticsMetadataType.builder().applyMutation(analyticsMetadata).build());
}
/**
*
* Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon
* Cognito advanced security evaluates the risk of an authentication event based on the context that your app
* generates and passes to Amazon Cognito when it makes API requests.
*
*
* @param contextData
* Contextual data about your user session, such as the device fingerprint, IP address, or location.
* Amazon Cognito advanced security evaluates the risk of an authentication event based on the context
* that your app generates and passes to Amazon Cognito when it makes API requests.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder contextData(ContextDataType contextData);
/**
*
* Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon
* Cognito advanced security evaluates the risk of an authentication event based on the context that your app
* generates and passes to Amazon Cognito when it makes API requests.
*
* This is a convenience method that creates an instance of the {@link ContextDataType.Builder} avoiding the
* need to create one manually via {@link ContextDataType#builder()}.
*
*
* When the {@link Consumer} completes, {@link ContextDataType.Builder#build()} is called immediately and its
* result is passed to {@link #contextData(ContextDataType)}.
*
* @param contextData
* a consumer that will call methods on {@link ContextDataType.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #contextData(ContextDataType)
*/
default Builder contextData(Consumer contextData) {
return contextData(ContextDataType.builder().applyMutation(contextData).build());
}
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends CognitoIdentityProviderRequest.BuilderImpl implements Builder {
private String userPoolId;
private String clientId;
private String authFlow;
private Map authParameters = DefaultSdkAutoConstructMap.getInstance();
private Map clientMetadata = DefaultSdkAutoConstructMap.getInstance();
private AnalyticsMetadataType analyticsMetadata;
private ContextDataType contextData;
private BuilderImpl() {
}
private BuilderImpl(AdminInitiateAuthRequest model) {
super(model);
userPoolId(model.userPoolId);
clientId(model.clientId);
authFlow(model.authFlow);
authParameters(model.authParameters);
clientMetadata(model.clientMetadata);
analyticsMetadata(model.analyticsMetadata);
contextData(model.contextData);
}
public final String getUserPoolId() {
return userPoolId;
}
public final void setUserPoolId(String userPoolId) {
this.userPoolId = userPoolId;
}
@Override
public final Builder userPoolId(String userPoolId) {
this.userPoolId = userPoolId;
return this;
}
public final String getClientId() {
return clientId;
}
public final void setClientId(String clientId) {
this.clientId = clientId;
}
@Override
public final Builder clientId(String clientId) {
this.clientId = clientId;
return this;
}
public final String getAuthFlow() {
return authFlow;
}
public final void setAuthFlow(String authFlow) {
this.authFlow = authFlow;
}
@Override
public final Builder authFlow(String authFlow) {
this.authFlow = authFlow;
return this;
}
@Override
public final Builder authFlow(AuthFlowType authFlow) {
this.authFlow(authFlow == null ? null : authFlow.toString());
return this;
}
public final Map getAuthParameters() {
if (authParameters instanceof SdkAutoConstructMap) {
return null;
}
return authParameters;
}
public final void setAuthParameters(Map authParameters) {
this.authParameters = AuthParametersTypeCopier.copy(authParameters);
}
@Override
public final Builder authParameters(Map authParameters) {
this.authParameters = AuthParametersTypeCopier.copy(authParameters);
return this;
}
public final Map getClientMetadata() {
if (clientMetadata instanceof SdkAutoConstructMap) {
return null;
}
return clientMetadata;
}
public final void setClientMetadata(Map clientMetadata) {
this.clientMetadata = ClientMetadataTypeCopier.copy(clientMetadata);
}
@Override
public final Builder clientMetadata(Map clientMetadata) {
this.clientMetadata = ClientMetadataTypeCopier.copy(clientMetadata);
return this;
}
public final AnalyticsMetadataType.Builder getAnalyticsMetadata() {
return analyticsMetadata != null ? analyticsMetadata.toBuilder() : null;
}
public final void setAnalyticsMetadata(AnalyticsMetadataType.BuilderImpl analyticsMetadata) {
this.analyticsMetadata = analyticsMetadata != null ? analyticsMetadata.build() : null;
}
@Override
public final Builder analyticsMetadata(AnalyticsMetadataType analyticsMetadata) {
this.analyticsMetadata = analyticsMetadata;
return this;
}
public final ContextDataType.Builder getContextData() {
return contextData != null ? contextData.toBuilder() : null;
}
public final void setContextData(ContextDataType.BuilderImpl contextData) {
this.contextData = contextData != null ? contextData.build() : null;
}
@Override
public final Builder contextData(ContextDataType contextData) {
this.contextData = contextData;
return this;
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public AdminInitiateAuthRequest build() {
return new AdminInitiateAuthRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}