software.amazon.awssdk.services.cognitoidentityprovider.model.InitiateAuthResponse Maven / Gradle / Ivy
Show all versions of cognitoidentityprovider Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.cognitoidentityprovider.model;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.traits.MapTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructMap;
import software.amazon.awssdk.core.util.SdkAutoConstructMap;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*
* Initiates the authentication response.
*
*/
@Generated("software.amazon.awssdk:codegen")
public final class InitiateAuthResponse extends CognitoIdentityProviderResponse implements
ToCopyableBuilder {
private static final SdkField CHALLENGE_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("ChallengeName").getter(getter(InitiateAuthResponse::challengeNameAsString))
.setter(setter(Builder::challengeName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ChallengeName").build()).build();
private static final SdkField SESSION_FIELD = SdkField. builder(MarshallingType.STRING).memberName("Session")
.getter(getter(InitiateAuthResponse::session)).setter(setter(Builder::session))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Session").build()).build();
private static final SdkField> CHALLENGE_PARAMETERS_FIELD = SdkField
.> builder(MarshallingType.MAP)
.memberName("ChallengeParameters")
.getter(getter(InitiateAuthResponse::challengeParameters))
.setter(setter(Builder::challengeParameters))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ChallengeParameters").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build()).build()).build()).build();
private static final SdkField AUTHENTICATION_RESULT_FIELD = SdkField
. builder(MarshallingType.SDK_POJO).memberName("AuthenticationResult")
.getter(getter(InitiateAuthResponse::authenticationResult)).setter(setter(Builder::authenticationResult))
.constructor(AuthenticationResultType::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("AuthenticationResult").build())
.build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(CHALLENGE_NAME_FIELD,
SESSION_FIELD, CHALLENGE_PARAMETERS_FIELD, AUTHENTICATION_RESULT_FIELD));
private static final Map> SDK_NAME_TO_FIELD = Collections
.unmodifiableMap(new HashMap>() {
{
put("ChallengeName", CHALLENGE_NAME_FIELD);
put("Session", SESSION_FIELD);
put("ChallengeParameters", CHALLENGE_PARAMETERS_FIELD);
put("AuthenticationResult", AUTHENTICATION_RESULT_FIELD);
}
});
private final String challengeName;
private final String session;
private final Map challengeParameters;
private final AuthenticationResultType authenticationResult;
private InitiateAuthResponse(BuilderImpl builder) {
super(builder);
this.challengeName = builder.challengeName;
this.session = builder.session;
this.challengeParameters = builder.challengeParameters;
this.authenticationResult = builder.authenticationResult;
}
/**
*
* The name of the challenge that you're responding to with this call. This name is returned in the
* InitiateAuth response if you must pass another challenge.
*
*
* Valid values include the following:
*
*
*
* All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the
* parameters.
*
*
*
* -
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool delivered in an
* SMS message.
*
*
* -
*
* EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool delivered
* in an email message.
*
*
* -
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
*
* -
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
*
* -
*
* DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges were
* passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
*
* -
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
*
* -
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first
* login.
*
*
* Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned
* in the requiredAttributes parameter. You can also set values for attributes that aren't required by
* your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already
* has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the
* requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify
* the value of any additional attributes.
*
*
* -
*
* MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types
* activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.
*
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input to
* RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS
* MFA, an administrator should help the user to add a phone number to their account, and then the user should call
* InitiateAuth again to restart sign-in.
*
*
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #challengeName}
* will return {@link ChallengeNameType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available
* from {@link #challengeNameAsString}.
*
*
* @return The name of the challenge that you're responding to with this call. This name is returned in the
* InitiateAuth response if you must pass another challenge.
*
* Valid values include the following:
*
*
*
* All of the following challenges require USERNAME and SECRET_HASH (if
* applicable) in the parameters.
*
*
*
* -
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool
* delivered in an SMS message.
*
*
* -
*
* EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool
* delivered in an email message.
*
*
* -
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP
* calculations.
*
*
* -
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the
* user should pass another challenge before tokens are issued.
*
*
* -
*
* DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous
* challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
*
* -
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
*
* -
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful
* first login.
*
*
* Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that
* aren't required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito
* returned in the requiredAttributes parameter, then use the UpdateUserAttributes
* API operation to modify the value of any additional attributes.
*
*
* -
*
* MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The
* MFA types activated for the user pool will be listed in the challenge parameters
* MFAS_CAN_SETUP value.
*
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an
* input to RespondToAuthChallenge with challenge name MFA_SETUP to complete
* sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account,
* and then the user should call InitiateAuth again to restart sign-in.
*
*
* @see ChallengeNameType
*/
public final ChallengeNameType challengeName() {
return ChallengeNameType.fromValue(challengeName);
}
/**
*
* The name of the challenge that you're responding to with this call. This name is returned in the
* InitiateAuth response if you must pass another challenge.
*
*
* Valid values include the following:
*
*
*
* All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the
* parameters.
*
*
*
* -
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool delivered in an
* SMS message.
*
*
* -
*
* EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool delivered
* in an email message.
*
*
* -
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
*
* -
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
*
* -
*
* DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges were
* passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
*
* -
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
*
* -
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first
* login.
*
*
* Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned
* in the requiredAttributes parameter. You can also set values for attributes that aren't required by
* your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already
* has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the
* requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify
* the value of any additional attributes.
*
*
* -
*
* MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types
* activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.
*
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input to
* RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS
* MFA, an administrator should help the user to add a phone number to their account, and then the user should call
* InitiateAuth again to restart sign-in.
*
*
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #challengeName}
* will return {@link ChallengeNameType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available
* from {@link #challengeNameAsString}.
*
*
* @return The name of the challenge that you're responding to with this call. This name is returned in the
* InitiateAuth response if you must pass another challenge.
*
* Valid values include the following:
*
*
*
* All of the following challenges require USERNAME and SECRET_HASH (if
* applicable) in the parameters.
*
*
*
* -
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool
* delivered in an SMS message.
*
*
* -
*
* EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool
* delivered in an email message.
*
*
* -
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP
* calculations.
*
*
* -
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the
* user should pass another challenge before tokens are issued.
*
*
* -
*
* DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous
* challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
*
* -
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
*
* -
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful
* first login.
*
*
* Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that
* aren't required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito
* returned in the requiredAttributes parameter, then use the UpdateUserAttributes
* API operation to modify the value of any additional attributes.
*
*
* -
*
* MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The
* MFA types activated for the user pool will be listed in the challenge parameters
* MFAS_CAN_SETUP value.
*
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an
* input to RespondToAuthChallenge with challenge name MFA_SETUP to complete
* sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account,
* and then the user should call InitiateAuth again to restart sign-in.
*
*
* @see ChallengeNameType
*/
public final String challengeNameAsString() {
return challengeName;
}
/**
*
* The session that should pass both ways in challenge-response calls to the service. If the caller must pass
* another challenge, they return a session with other challenge parameters. This session should be passed as it is
* to the next RespondToAuthChallenge API call.
*
*
* @return The session that should pass both ways in challenge-response calls to the service. If the caller must
* pass another challenge, they return a session with other challenge parameters. This session should be
* passed as it is to the next RespondToAuthChallenge API call.
*/
public final String session() {
return session;
}
/**
* For responses, this returns true if the service returned a value for the ChallengeParameters property. This DOES
* NOT check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasChallengeParameters() {
return challengeParameters != null && !(challengeParameters instanceof SdkAutoConstructMap);
}
/**
*
* The challenge parameters. These are returned in the InitiateAuth response if you must pass another
* challenge. The responses in this parameter should be used to compute inputs to the next call (
* RespondToAuthChallenge).
*
*
* All challenges require USERNAME and SECRET_HASH (if applicable).
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasChallengeParameters} method.
*
*
* @return The challenge parameters. These are returned in the InitiateAuth response if you must pass
* another challenge. The responses in this parameter should be used to compute inputs to the next call (
* RespondToAuthChallenge).
*
* All challenges require USERNAME and SECRET_HASH (if applicable).
*/
public final Map challengeParameters() {
return challengeParameters;
}
/**
*
* The result of the authentication response. This result is only returned if the caller doesn't need to pass
* another challenge. If the caller does need to pass another challenge before it gets tokens,
* ChallengeName, ChallengeParameters, and Session are returned.
*
*
* @return The result of the authentication response. This result is only returned if the caller doesn't need to
* pass another challenge. If the caller does need to pass another challenge before it gets tokens,
* ChallengeName, ChallengeParameters, and Session are returned.
*/
public final AuthenticationResultType authenticationResult() {
return authenticationResult;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + super.hashCode();
hashCode = 31 * hashCode + Objects.hashCode(challengeNameAsString());
hashCode = 31 * hashCode + Objects.hashCode(session());
hashCode = 31 * hashCode + Objects.hashCode(hasChallengeParameters() ? challengeParameters() : null);
hashCode = 31 * hashCode + Objects.hashCode(authenticationResult());
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return super.equals(obj) && equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof InitiateAuthResponse)) {
return false;
}
InitiateAuthResponse other = (InitiateAuthResponse) obj;
return Objects.equals(challengeNameAsString(), other.challengeNameAsString())
&& Objects.equals(session(), other.session()) && hasChallengeParameters() == other.hasChallengeParameters()
&& Objects.equals(challengeParameters(), other.challengeParameters())
&& Objects.equals(authenticationResult(), other.authenticationResult());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("InitiateAuthResponse").add("ChallengeName", challengeNameAsString())
.add("Session", session() == null ? null : "*** Sensitive Data Redacted ***")
.add("ChallengeParameters", hasChallengeParameters() ? challengeParameters() : null)
.add("AuthenticationResult", authenticationResult()).build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "ChallengeName":
return Optional.ofNullable(clazz.cast(challengeNameAsString()));
case "Session":
return Optional.ofNullable(clazz.cast(session()));
case "ChallengeParameters":
return Optional.ofNullable(clazz.cast(challengeParameters()));
case "AuthenticationResult":
return Optional.ofNullable(clazz.cast(authenticationResult()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
@Override
public final Map> sdkFieldNameToField() {
return SDK_NAME_TO_FIELD;
}
private static Function getter(Function g) {
return obj -> g.apply((InitiateAuthResponse) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends CognitoIdentityProviderResponse.Builder, SdkPojo,
CopyableBuilder {
/**
*
* The name of the challenge that you're responding to with this call. This name is returned in the
* InitiateAuth response if you must pass another challenge.
*
*
* Valid values include the following:
*
*
*
* All of the following challenges require USERNAME and SECRET_HASH (if applicable) in
* the parameters.
*
*
*
* -
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool delivered
* in an SMS message.
*
*
* -
*
* EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool
* delivered in an email message.
*
*
* -
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
*
* -
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
*
* -
*
* DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges
* were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
*
* -
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
*
* -
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful
* first login.
*
*
* Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that aren't
* required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito
* returned in the requiredAttributes parameter, then use the UpdateUserAttributes API
* operation to modify the value of any additional attributes.
*
*
* -
*
* MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA
* types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP
* value.
*
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input
* to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set
* up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user
* should call InitiateAuth again to restart sign-in.
*
*
*
*
* @param challengeName
* The name of the challenge that you're responding to with this call. This name is returned in the
* InitiateAuth response if you must pass another challenge.
*
* Valid values include the following:
*
*
*
* All of the following challenges require USERNAME and SECRET_HASH (if
* applicable) in the parameters.
*
*
*
* -
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool
* delivered in an SMS message.
*
*
* -
*
* EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool
* delivered in an email message.
*
*
* -
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP
* calculations.
*
*
* -
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the
* user should pass another challenge before tokens are issued.
*
*
* -
*
* DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous
* challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this
* device.
*
*
* -
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices
* only.
*
*
* -
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after
* successful first login.
*
*
* Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon
* Cognito returned in the requiredAttributes parameter. You can also set values for
* attributes that aren't required by your user pool and that your app client can write. For more
* information, see RespondToAuthChallenge.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon
* Cognito returned in the requiredAttributes parameter, then use the
* UpdateUserAttributes API operation to modify the value of any additional attributes.
*
*
* -
*
* MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The
* MFA types activated for the user pool will be listed in the challenge parameters
* MFAS_CAN_SETUP value.
*
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input
* to AssociateSoftwareToken. Use the session returned by VerifySoftwareToken
* as an input to RespondToAuthChallenge with challenge name MFA_SETUP to
* complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to
* their account, and then the user should call InitiateAuth again to restart sign-in.
*
*
* @see ChallengeNameType
* @return Returns a reference to this object so that method calls can be chained together.
* @see ChallengeNameType
*/
Builder challengeName(String challengeName);
/**
*
* The name of the challenge that you're responding to with this call. This name is returned in the
* InitiateAuth response if you must pass another challenge.
*
*
* Valid values include the following:
*
*
*
* All of the following challenges require USERNAME and SECRET_HASH (if applicable) in
* the parameters.
*
*
*
* -
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool delivered
* in an SMS message.
*
*
* -
*
* EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool
* delivered in an email message.
*
*
* -
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
*
* -
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
*
* -
*
* DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges
* were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
*
* -
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
*
* -
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful
* first login.
*
*
* Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that aren't
* required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito
* returned in the requiredAttributes parameter, then use the UpdateUserAttributes API
* operation to modify the value of any additional attributes.
*
*
* -
*
* MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA
* types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP
* value.
*
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input
* to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set
* up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user
* should call InitiateAuth again to restart sign-in.
*
*
*
*
* @param challengeName
* The name of the challenge that you're responding to with this call. This name is returned in the
* InitiateAuth response if you must pass another challenge.
*
* Valid values include the following:
*
*
*
* All of the following challenges require USERNAME and SECRET_HASH (if
* applicable) in the parameters.
*
*
*
* -
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool
* delivered in an SMS message.
*
*
* -
*
* EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool
* delivered in an email message.
*
*
* -
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP
* calculations.
*
*
* -
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the
* user should pass another challenge before tokens are issued.
*
*
* -
*
* DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous
* challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this
* device.
*
*
* -
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices
* only.
*
*
* -
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after
* successful first login.
*
*
* Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon
* Cognito returned in the requiredAttributes parameter. You can also set values for
* attributes that aren't required by your user pool and that your app client can write. For more
* information, see RespondToAuthChallenge.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon
* Cognito returned in the requiredAttributes parameter, then use the
* UpdateUserAttributes API operation to modify the value of any additional attributes.
*
*
* -
*
* MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The
* MFA types activated for the user pool will be listed in the challenge parameters
* MFAS_CAN_SETUP value.
*
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input
* to AssociateSoftwareToken. Use the session returned by VerifySoftwareToken
* as an input to RespondToAuthChallenge with challenge name MFA_SETUP to
* complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to
* their account, and then the user should call InitiateAuth again to restart sign-in.
*
*
* @see ChallengeNameType
* @return Returns a reference to this object so that method calls can be chained together.
* @see ChallengeNameType
*/
Builder challengeName(ChallengeNameType challengeName);
/**
*
* The session that should pass both ways in challenge-response calls to the service. If the caller must pass
* another challenge, they return a session with other challenge parameters. This session should be passed as it
* is to the next RespondToAuthChallenge API call.
*
*
* @param session
* The session that should pass both ways in challenge-response calls to the service. If the caller must
* pass another challenge, they return a session with other challenge parameters. This session should be
* passed as it is to the next RespondToAuthChallenge API call.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder session(String session);
/**
*
* The challenge parameters. These are returned in the InitiateAuth response if you must pass
* another challenge. The responses in this parameter should be used to compute inputs to the next call (
* RespondToAuthChallenge).
*
*
* All challenges require USERNAME and SECRET_HASH (if applicable).
*
*
* @param challengeParameters
* The challenge parameters. These are returned in the InitiateAuth response if you must
* pass another challenge. The responses in this parameter should be used to compute inputs to the next
* call (RespondToAuthChallenge).
*
* All challenges require USERNAME and SECRET_HASH (if applicable).
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder challengeParameters(Map challengeParameters);
/**
*
* The result of the authentication response. This result is only returned if the caller doesn't need to pass
* another challenge. If the caller does need to pass another challenge before it gets tokens,
* ChallengeName, ChallengeParameters, and Session are returned.
*
*
* @param authenticationResult
* The result of the authentication response. This result is only returned if the caller doesn't need to
* pass another challenge. If the caller does need to pass another challenge before it gets tokens,
* ChallengeName, ChallengeParameters, and Session are returned.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder authenticationResult(AuthenticationResultType authenticationResult);
/**
*
* The result of the authentication response. This result is only returned if the caller doesn't need to pass
* another challenge. If the caller does need to pass another challenge before it gets tokens,
* ChallengeName, ChallengeParameters, and Session are returned.
*
* This is a convenience method that creates an instance of the {@link AuthenticationResultType.Builder}
* avoiding the need to create one manually via {@link AuthenticationResultType#builder()}.
*
*
* When the {@link Consumer} completes, {@link AuthenticationResultType.Builder#build()} is called immediately
* and its result is passed to {@link #authenticationResult(AuthenticationResultType)}.
*
* @param authenticationResult
* a consumer that will call methods on {@link AuthenticationResultType.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #authenticationResult(AuthenticationResultType)
*/
default Builder authenticationResult(Consumer authenticationResult) {
return authenticationResult(AuthenticationResultType.builder().applyMutation(authenticationResult).build());
}
}
static final class BuilderImpl extends CognitoIdentityProviderResponse.BuilderImpl implements Builder {
private String challengeName;
private String session;
private Map challengeParameters = DefaultSdkAutoConstructMap.getInstance();
private AuthenticationResultType authenticationResult;
private BuilderImpl() {
}
private BuilderImpl(InitiateAuthResponse model) {
super(model);
challengeName(model.challengeName);
session(model.session);
challengeParameters(model.challengeParameters);
authenticationResult(model.authenticationResult);
}
public final String getChallengeName() {
return challengeName;
}
public final void setChallengeName(String challengeName) {
this.challengeName = challengeName;
}
@Override
public final Builder challengeName(String challengeName) {
this.challengeName = challengeName;
return this;
}
@Override
public final Builder challengeName(ChallengeNameType challengeName) {
this.challengeName(challengeName == null ? null : challengeName.toString());
return this;
}
public final String getSession() {
return session;
}
public final void setSession(String session) {
this.session = session;
}
@Override
public final Builder session(String session) {
this.session = session;
return this;
}
public final Map getChallengeParameters() {
if (challengeParameters instanceof SdkAutoConstructMap) {
return null;
}
return challengeParameters;
}
public final void setChallengeParameters(Map challengeParameters) {
this.challengeParameters = ChallengeParametersTypeCopier.copy(challengeParameters);
}
@Override
public final Builder challengeParameters(Map challengeParameters) {
this.challengeParameters = ChallengeParametersTypeCopier.copy(challengeParameters);
return this;
}
public final AuthenticationResultType.Builder getAuthenticationResult() {
return authenticationResult != null ? authenticationResult.toBuilder() : null;
}
public final void setAuthenticationResult(AuthenticationResultType.BuilderImpl authenticationResult) {
this.authenticationResult = authenticationResult != null ? authenticationResult.build() : null;
}
@Override
public final Builder authenticationResult(AuthenticationResultType authenticationResult) {
this.authenticationResult = authenticationResult;
return this;
}
@Override
public InitiateAuthResponse build() {
return new InitiateAuthResponse(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
@Override
public Map> sdkFieldNameToField() {
return SDK_NAME_TO_FIELD;
}
}
}