software.amazon.awssdk.services.cognitoidentityprovider.model.RespondToAuthChallengeRequest Maven / Gradle / Ivy
Show all versions of cognitoidentityprovider Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.cognitoidentityprovider.model;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.traits.MapTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructMap;
import software.amazon.awssdk.core.util.SdkAutoConstructMap;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*
* The request to respond to an authentication challenge.
*
*/
@Generated("software.amazon.awssdk:codegen")
public final class RespondToAuthChallengeRequest extends CognitoIdentityProviderRequest implements
ToCopyableBuilder {
private static final SdkField CLIENT_ID_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("ClientId").getter(getter(RespondToAuthChallengeRequest::clientId)).setter(setter(Builder::clientId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ClientId").build()).build();
private static final SdkField CHALLENGE_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("ChallengeName").getter(getter(RespondToAuthChallengeRequest::challengeNameAsString))
.setter(setter(Builder::challengeName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ChallengeName").build()).build();
private static final SdkField SESSION_FIELD = SdkField. builder(MarshallingType.STRING).memberName("Session")
.getter(getter(RespondToAuthChallengeRequest::session)).setter(setter(Builder::session))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Session").build()).build();
private static final SdkField> CHALLENGE_RESPONSES_FIELD = SdkField
.> builder(MarshallingType.MAP)
.memberName("ChallengeResponses")
.getter(getter(RespondToAuthChallengeRequest::challengeResponses))
.setter(setter(Builder::challengeResponses))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ChallengeResponses").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build()).build()).build()).build();
private static final SdkField ANALYTICS_METADATA_FIELD = SdkField
. builder(MarshallingType.SDK_POJO).memberName("AnalyticsMetadata")
.getter(getter(RespondToAuthChallengeRequest::analyticsMetadata)).setter(setter(Builder::analyticsMetadata))
.constructor(AnalyticsMetadataType::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("AnalyticsMetadata").build()).build();
private static final SdkField USER_CONTEXT_DATA_FIELD = SdkField
. builder(MarshallingType.SDK_POJO).memberName("UserContextData")
.getter(getter(RespondToAuthChallengeRequest::userContextData)).setter(setter(Builder::userContextData))
.constructor(UserContextDataType::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("UserContextData").build()).build();
private static final SdkField> CLIENT_METADATA_FIELD = SdkField
.> builder(MarshallingType.MAP)
.memberName("ClientMetadata")
.getter(getter(RespondToAuthChallengeRequest::clientMetadata))
.setter(setter(Builder::clientMetadata))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ClientMetadata").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build()).build()).build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(CLIENT_ID_FIELD,
CHALLENGE_NAME_FIELD, SESSION_FIELD, CHALLENGE_RESPONSES_FIELD, ANALYTICS_METADATA_FIELD, USER_CONTEXT_DATA_FIELD,
CLIENT_METADATA_FIELD));
private static final Map> SDK_NAME_TO_FIELD = Collections
.unmodifiableMap(new HashMap>() {
{
put("ClientId", CLIENT_ID_FIELD);
put("ChallengeName", CHALLENGE_NAME_FIELD);
put("Session", SESSION_FIELD);
put("ChallengeResponses", CHALLENGE_RESPONSES_FIELD);
put("AnalyticsMetadata", ANALYTICS_METADATA_FIELD);
put("UserContextData", USER_CONTEXT_DATA_FIELD);
put("ClientMetadata", CLIENT_METADATA_FIELD);
}
});
private final String clientId;
private final String challengeName;
private final String session;
private final Map challengeResponses;
private final AnalyticsMetadataType analyticsMetadata;
private final UserContextDataType userContextData;
private final Map clientMetadata;
private RespondToAuthChallengeRequest(BuilderImpl builder) {
super(builder);
this.clientId = builder.clientId;
this.challengeName = builder.challengeName;
this.session = builder.session;
this.challengeResponses = builder.challengeResponses;
this.analyticsMetadata = builder.analyticsMetadata;
this.userContextData = builder.userContextData;
this.clientMetadata = builder.clientMetadata;
}
/**
*
* The app client ID.
*
*
* @return The app client ID.
*/
public final String clientId() {
return clientId;
}
/**
*
* The challenge name. For more information, see InitiateAuth.
*
*
* ADMIN_NO_SRP_AUTH isn't a valid value.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #challengeName}
* will return {@link ChallengeNameType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available
* from {@link #challengeNameAsString}.
*
*
* @return The challenge name. For more information, see InitiateAuth.
*
* ADMIN_NO_SRP_AUTH isn't a valid value.
* @see ChallengeNameType
*/
public final ChallengeNameType challengeName() {
return ChallengeNameType.fromValue(challengeName);
}
/**
*
* The challenge name. For more information, see InitiateAuth.
*
*
* ADMIN_NO_SRP_AUTH isn't a valid value.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #challengeName}
* will return {@link ChallengeNameType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available
* from {@link #challengeNameAsString}.
*
*
* @return The challenge name. For more information, see InitiateAuth.
*
* ADMIN_NO_SRP_AUTH isn't a valid value.
* @see ChallengeNameType
*/
public final String challengeNameAsString() {
return challengeName;
}
/**
*
* The session that should be passed both ways in challenge-response calls to the service. If
* InitiateAuth or RespondToAuthChallenge API call determines that the caller must pass
* another challenge, they return a session with other challenge parameters. This session should be passed as it is
* to the next RespondToAuthChallenge API call.
*
*
* @return The session that should be passed both ways in challenge-response calls to the service. If
* InitiateAuth or RespondToAuthChallenge API call determines that the caller must
* pass another challenge, they return a session with other challenge parameters. This session should be
* passed as it is to the next RespondToAuthChallenge API call.
*/
public final String session() {
return session;
}
/**
* For responses, this returns true if the service returned a value for the ChallengeResponses property. This DOES
* NOT check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasChallengeResponses() {
return challengeResponses != null && !(challengeResponses instanceof SdkAutoConstructMap);
}
/**
*
* The responses to the challenge that you received in the previous request. Each challenge has its own required
* response parameters. The following examples are partial JSON request bodies that highlight challenge-response
* parameters.
*
*
*
* You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret.
*
*
*
* - SMS_MFA
* -
*
* "ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"}
*
*
* - EMAIL_OTP
* -
*
* "ChallengeName": "EMAIL_OTP", "ChallengeResponses": {"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"}
*
*
* - PASSWORD_VERIFIER
* -
*
* This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this
* challenge within a few seconds. When the response time exceeds this period, your user pool returns a
* NotAuthorizedException error.
*
*
* "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
*
*
* Add "DEVICE_KEY" when you sign in with a remembered device.
*
*
* - CUSTOM_CHALLENGE
* -
*
* "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[challenge_answer]"}
*
*
* Add "DEVICE_KEY" when you sign in with a remembered device.
*
*
* - NEW_PASSWORD_REQUIRED
* -
*
* "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD": "[new_password]", "USERNAME": "[username]"}
*
*
* To set any required attributes that InitiateAuth returned in an requiredAttributes
* parameter, add "userAttributes.[attribute_name]": "[attribute_value]". This parameter can also set
* values for writable attributes that aren't required by your user pool.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already
* has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the
* requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify
* the value of any additional attributes.
*
*
* - SOFTWARE_TOKEN_MFA
* -
*
* "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME": "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]}
*
*
* - DEVICE_SRP_AUTH
* -
*
* "ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"}
*
*
* - DEVICE_PASSWORD_VERIFIER
* -
*
* "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY": "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
*
*
* - MFA_SETUP
* -
*
* "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"}, "SESSION": "[Session ID from VerifySoftwareToken]"
*
*
* - SELECT_MFA_TYPE
* -
*
* "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"}
*
*
*
*
* For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasChallengeResponses} method.
*
*
* @return The responses to the challenge that you received in the previous request. Each challenge has its own
* required response parameters. The following examples are partial JSON request bodies that highlight
* challenge-response parameters.
*
* You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client
* secret.
*
*
*
* - SMS_MFA
* -
*
* "ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"}
*
*
* - EMAIL_OTP
* -
*
* "ChallengeName": "EMAIL_OTP", "ChallengeResponses": {"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"}
*
*
* - PASSWORD_VERIFIER
* -
*
* This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to
* this challenge within a few seconds. When the response time exceeds this period, your user pool returns a
* NotAuthorizedException error.
*
*
* "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
*
*
* Add "DEVICE_KEY" when you sign in with a remembered device.
*
*
* - CUSTOM_CHALLENGE
* -
*
* "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[challenge_answer]"}
*
*
* Add "DEVICE_KEY" when you sign in with a remembered device.
*
*
* - NEW_PASSWORD_REQUIRED
* -
*
* "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD": "[new_password]", "USERNAME": "[username]"}
*
*
* To set any required attributes that InitiateAuth returned in an
* requiredAttributes parameter, add
* "userAttributes.[attribute_name]": "[attribute_value]". This parameter can also set values
* for writable attributes that aren't required by your user pool.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito
* returned in the requiredAttributes parameter, then use the UpdateUserAttributes
* API operation to modify the value of any additional attributes.
*
*
* - SOFTWARE_TOKEN_MFA
* -
*
* "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME": "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]}
*
*
* - DEVICE_SRP_AUTH
* -
*
* "ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"}
*
*
* - DEVICE_PASSWORD_VERIFIER
* -
*
* "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY": "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
*
*
* - MFA_SETUP
* -
*
* "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"}, "SESSION": "[Session ID from VerifySoftwareToken]"
*
*
* - SELECT_MFA_TYPE
* -
*
* "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"}
*
*
*
*
* For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
*/
public final Map challengeResponses() {
return challengeResponses;
}
/**
*
* The Amazon Pinpoint analytics metadata that contributes to your metrics for RespondToAuthChallenge
* calls.
*
*
* @return The Amazon Pinpoint analytics metadata that contributes to your metrics for
* RespondToAuthChallenge calls.
*/
public final AnalyticsMetadataType analyticsMetadata() {
return analyticsMetadata;
}
/**
*
* Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito
* advanced security evaluates the risk of an authentication event based on the context that your app generates and
* passes to Amazon Cognito when it makes API requests.
*
*
* @return Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon
* Cognito advanced security evaluates the risk of an authentication event based on the context that your
* app generates and passes to Amazon Cognito when it makes API requests.
*/
public final UserContextDataType userContextData() {
return userContextData;
}
/**
* For responses, this returns true if the service returned a value for the ClientMetadata property. This DOES NOT
* check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasClientMetadata() {
return clientMetadata != null && !(clientMetadata instanceof SdkAutoConstructMap);
}
/**
*
* A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
*
*
* You create custom workflows by assigning Lambda functions to user pool triggers. When you use the
* RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following
* triggers: post authentication, pre token generation, define auth challenge, create auth
* challenge, and verify auth challenge. When Amazon Cognito invokes any of these functions, it passes a
* JSON payload, which the function receives as input. This payload contains a clientMetadata
* attribute, which provides the data that you assigned to the ClientMetadata parameter in your
* RespondToAuthChallenge request. In your function code in Lambda, you can process the clientMetadata
* value to enhance your workflow for your specific needs.
*
*
* For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
*
*
*
* When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
*
*
* -
*
* Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool
* to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata
* parameter serves no purpose.
*
*
* -
*
* Validate the ClientMetadata value.
*
*
* -
*
* Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
*
*
*
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasClientMetadata} method.
*
*
* @return A map of custom key-value pairs that you can provide as input for any custom workflows that this action
* triggers.
*
* You create custom workflows by assigning Lambda functions to user pool triggers. When you use the
* RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the
* following triggers: post authentication, pre token generation, define auth
* challenge, create auth challenge, and verify auth challenge. When Amazon Cognito
* invokes any of these functions, it passes a JSON payload, which the function receives as input. This
* payload contains a clientMetadata attribute, which provides the data that you assigned to
* the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in Lambda, you
* can process the clientMetadata value to enhance your workflow for your specific needs.
*
*
* For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
*
*
*
* When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
*
*
* -
*
* Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a
* user pool to support custom workflows. If your user pool configuration doesn't include triggers, the
* ClientMetadata parameter serves no purpose.
*
*
* -
*
* Validate the ClientMetadata value.
*
*
* -
*
* Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
*
*
*
*/
public final Map clientMetadata() {
return clientMetadata;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + super.hashCode();
hashCode = 31 * hashCode + Objects.hashCode(clientId());
hashCode = 31 * hashCode + Objects.hashCode(challengeNameAsString());
hashCode = 31 * hashCode + Objects.hashCode(session());
hashCode = 31 * hashCode + Objects.hashCode(hasChallengeResponses() ? challengeResponses() : null);
hashCode = 31 * hashCode + Objects.hashCode(analyticsMetadata());
hashCode = 31 * hashCode + Objects.hashCode(userContextData());
hashCode = 31 * hashCode + Objects.hashCode(hasClientMetadata() ? clientMetadata() : null);
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return super.equals(obj) && equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof RespondToAuthChallengeRequest)) {
return false;
}
RespondToAuthChallengeRequest other = (RespondToAuthChallengeRequest) obj;
return Objects.equals(clientId(), other.clientId())
&& Objects.equals(challengeNameAsString(), other.challengeNameAsString())
&& Objects.equals(session(), other.session()) && hasChallengeResponses() == other.hasChallengeResponses()
&& Objects.equals(challengeResponses(), other.challengeResponses())
&& Objects.equals(analyticsMetadata(), other.analyticsMetadata())
&& Objects.equals(userContextData(), other.userContextData()) && hasClientMetadata() == other.hasClientMetadata()
&& Objects.equals(clientMetadata(), other.clientMetadata());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("RespondToAuthChallengeRequest")
.add("ClientId", clientId() == null ? null : "*** Sensitive Data Redacted ***")
.add("ChallengeName", challengeNameAsString())
.add("Session", session() == null ? null : "*** Sensitive Data Redacted ***")
.add("ChallengeResponses", challengeResponses() == null ? null : "*** Sensitive Data Redacted ***")
.add("AnalyticsMetadata", analyticsMetadata())
.add("UserContextData", userContextData() == null ? null : "*** Sensitive Data Redacted ***")
.add("ClientMetadata", hasClientMetadata() ? clientMetadata() : null).build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "ClientId":
return Optional.ofNullable(clazz.cast(clientId()));
case "ChallengeName":
return Optional.ofNullable(clazz.cast(challengeNameAsString()));
case "Session":
return Optional.ofNullable(clazz.cast(session()));
case "ChallengeResponses":
return Optional.ofNullable(clazz.cast(challengeResponses()));
case "AnalyticsMetadata":
return Optional.ofNullable(clazz.cast(analyticsMetadata()));
case "UserContextData":
return Optional.ofNullable(clazz.cast(userContextData()));
case "ClientMetadata":
return Optional.ofNullable(clazz.cast(clientMetadata()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
@Override
public final Map> sdkFieldNameToField() {
return SDK_NAME_TO_FIELD;
}
private static Function getter(Function g) {
return obj -> g.apply((RespondToAuthChallengeRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends CognitoIdentityProviderRequest.Builder, SdkPojo,
CopyableBuilder {
/**
*
* The app client ID.
*
*
* @param clientId
* The app client ID.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder clientId(String clientId);
/**
*
* The challenge name. For more information, see InitiateAuth.
*
*
* ADMIN_NO_SRP_AUTH isn't a valid value.
*
*
* @param challengeName
* The challenge name. For more information, see InitiateAuth.
*
* ADMIN_NO_SRP_AUTH isn't a valid value.
* @see ChallengeNameType
* @return Returns a reference to this object so that method calls can be chained together.
* @see ChallengeNameType
*/
Builder challengeName(String challengeName);
/**
*
* The challenge name. For more information, see InitiateAuth.
*
*
* ADMIN_NO_SRP_AUTH isn't a valid value.
*
*
* @param challengeName
* The challenge name. For more information, see InitiateAuth.
*
* ADMIN_NO_SRP_AUTH isn't a valid value.
* @see ChallengeNameType
* @return Returns a reference to this object so that method calls can be chained together.
* @see ChallengeNameType
*/
Builder challengeName(ChallengeNameType challengeName);
/**
*
* The session that should be passed both ways in challenge-response calls to the service. If
* InitiateAuth or RespondToAuthChallenge API call determines that the caller must
* pass another challenge, they return a session with other challenge parameters. This session should be passed
* as it is to the next RespondToAuthChallenge API call.
*
*
* @param session
* The session that should be passed both ways in challenge-response calls to the service. If
* InitiateAuth or RespondToAuthChallenge API call determines that the caller
* must pass another challenge, they return a session with other challenge parameters. This session
* should be passed as it is to the next RespondToAuthChallenge API call.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder session(String session);
/**
*
* The responses to the challenge that you received in the previous request. Each challenge has its own required
* response parameters. The following examples are partial JSON request bodies that highlight challenge-response
* parameters.
*
*
*
* You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client
* secret.
*
*
*
* - SMS_MFA
* -
*
* "ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"}
*
*
* - EMAIL_OTP
* -
*
* "ChallengeName": "EMAIL_OTP", "ChallengeResponses": {"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"}
*
*
* - PASSWORD_VERIFIER
* -
*
* This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to
* this challenge within a few seconds. When the response time exceeds this period, your user pool returns a
* NotAuthorizedException error.
*
*
* "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
*
*
* Add "DEVICE_KEY" when you sign in with a remembered device.
*
*
* - CUSTOM_CHALLENGE
* -
*
* "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[challenge_answer]"}
*
*
* Add "DEVICE_KEY" when you sign in with a remembered device.
*
*
* - NEW_PASSWORD_REQUIRED
* -
*
* "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD": "[new_password]", "USERNAME": "[username]"}
*
*
* To set any required attributes that InitiateAuth returned in an requiredAttributes
* parameter, add "userAttributes.[attribute_name]": "[attribute_value]". This parameter can also
* set values for writable attributes that aren't required by your user pool.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito
* returned in the requiredAttributes parameter, then use the UpdateUserAttributes API
* operation to modify the value of any additional attributes.
*
*
* - SOFTWARE_TOKEN_MFA
* -
*
* "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME": "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]}
*
*
* - DEVICE_SRP_AUTH
* -
*
* "ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"}
*
*
* - DEVICE_PASSWORD_VERIFIER
* -
*
* "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY": "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
*
*
* - MFA_SETUP
* -
*
* "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"}, "SESSION": "[Session ID from VerifySoftwareToken]"
*
*
* - SELECT_MFA_TYPE
* -
*
* "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"}
*
*
*
*
* For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
*
*
* @param challengeResponses
* The responses to the challenge that you received in the previous request. Each challenge has its own
* required response parameters. The following examples are partial JSON request bodies that highlight
* challenge-response parameters.
*
* You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client
* secret.
*
*
*
* - SMS_MFA
* -
*
* "ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"}
*
*
* - EMAIL_OTP
* -
*
* "ChallengeName": "EMAIL_OTP", "ChallengeResponses": {"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"}
*
*
* - PASSWORD_VERIFIER
* -
*
* This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond
* to this challenge within a few seconds. When the response time exceeds this period, your user pool
* returns a NotAuthorizedException error.
*
*
* "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
*
*
* Add "DEVICE_KEY" when you sign in with a remembered device.
*
*
* - CUSTOM_CHALLENGE
* -
*
* "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[challenge_answer]"}
*
*
* Add "DEVICE_KEY" when you sign in with a remembered device.
*
*
* - NEW_PASSWORD_REQUIRED
* -
*
* "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD": "[new_password]", "USERNAME": "[username]"}
*
*
* To set any required attributes that InitiateAuth returned in an
* requiredAttributes parameter, add
* "userAttributes.[attribute_name]": "[attribute_value]". This parameter can also set
* values for writable attributes that aren't required by your user pool.
*
*
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon
* Cognito returned in the requiredAttributes parameter, then use the
* UpdateUserAttributes API operation to modify the value of any additional attributes.
*
*
* - SOFTWARE_TOKEN_MFA
* -
*
* "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME": "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]}
*
*
* - DEVICE_SRP_AUTH
* -
*
* "ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"}
*
*
* - DEVICE_PASSWORD_VERIFIER
* -
*
* "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY": "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}
*
*
* - MFA_SETUP
* -
*
* "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"}, "SESSION": "[Session ID from VerifySoftwareToken]"
*
*
* - SELECT_MFA_TYPE
* -
*
* "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"}
*
*
*
*
* For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder challengeResponses(Map challengeResponses);
/**
*
* The Amazon Pinpoint analytics metadata that contributes to your metrics for
* RespondToAuthChallenge calls.
*
*
* @param analyticsMetadata
* The Amazon Pinpoint analytics metadata that contributes to your metrics for
* RespondToAuthChallenge calls.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder analyticsMetadata(AnalyticsMetadataType analyticsMetadata);
/**
*
* The Amazon Pinpoint analytics metadata that contributes to your metrics for
* RespondToAuthChallenge calls.
*
* This is a convenience method that creates an instance of the {@link AnalyticsMetadataType.Builder} avoiding
* the need to create one manually via {@link AnalyticsMetadataType#builder()}.
*
*
* When the {@link Consumer} completes, {@link AnalyticsMetadataType.Builder#build()} is called immediately and
* its result is passed to {@link #analyticsMetadata(AnalyticsMetadataType)}.
*
* @param analyticsMetadata
* a consumer that will call methods on {@link AnalyticsMetadataType.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #analyticsMetadata(AnalyticsMetadataType)
*/
default Builder analyticsMetadata(Consumer analyticsMetadata) {
return analyticsMetadata(AnalyticsMetadataType.builder().applyMutation(analyticsMetadata).build());
}
/**
*
* Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon
* Cognito advanced security evaluates the risk of an authentication event based on the context that your app
* generates and passes to Amazon Cognito when it makes API requests.
*
*
* @param userContextData
* Contextual data about your user session, such as the device fingerprint, IP address, or location.
* Amazon Cognito advanced security evaluates the risk of an authentication event based on the context
* that your app generates and passes to Amazon Cognito when it makes API requests.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder userContextData(UserContextDataType userContextData);
/**
*
* Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon
* Cognito advanced security evaluates the risk of an authentication event based on the context that your app
* generates and passes to Amazon Cognito when it makes API requests.
*
* This is a convenience method that creates an instance of the {@link UserContextDataType.Builder} avoiding the
* need to create one manually via {@link UserContextDataType#builder()}.
*
*
* When the {@link Consumer} completes, {@link UserContextDataType.Builder#build()} is called immediately and
* its result is passed to {@link #userContextData(UserContextDataType)}.
*
* @param userContextData
* a consumer that will call methods on {@link UserContextDataType.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #userContextData(UserContextDataType)
*/
default Builder userContextData(Consumer userContextData) {
return userContextData(UserContextDataType.builder().applyMutation(userContextData).build());
}
/**
*
* A map of custom key-value pairs that you can provide as input for any custom workflows that this action
* triggers.
*
*
* You create custom workflows by assigning Lambda functions to user pool triggers. When you use the
* RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following
* triggers: post authentication, pre token generation, define auth challenge, create
* auth challenge, and verify auth challenge. When Amazon Cognito invokes any of these functions, it
* passes a JSON payload, which the function receives as input. This payload contains a
* clientMetadata attribute, which provides the data that you assigned to the ClientMetadata
* parameter in your RespondToAuthChallenge request. In your function code in Lambda, you can process the
* clientMetadata value to enhance your workflow for your specific needs.
*
*
* For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
*
*
*
* When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
*
*
* -
*
* Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user
* pool to support custom workflows. If your user pool configuration doesn't include triggers, the
* ClientMetadata parameter serves no purpose.
*
*
* -
*
* Validate the ClientMetadata value.
*
*
* -
*
* Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
*
*
*
*
*
* @param clientMetadata
* A map of custom key-value pairs that you can provide as input for any custom workflows that this
* action triggers.
*
* You create custom workflows by assigning Lambda functions to user pool triggers. When you use the
* RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the
* following triggers: post authentication, pre token generation, define auth
* challenge, create auth challenge, and verify auth challenge. When Amazon Cognito
* invokes any of these functions, it passes a JSON payload, which the function receives as input. This
* payload contains a clientMetadata attribute, which provides the data that you assigned to
* the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in Lambda,
* you can process the clientMetadata value to enhance your workflow for your specific
* needs.
*
*
* For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer
* Guide.
*
*
*
* When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
*
*
* -
*
* Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a
* user pool to support custom workflows. If your user pool configuration doesn't include triggers, the
* ClientMetadata parameter serves no purpose.
*
*
* -
*
* Validate the ClientMetadata value.
*
*
* -
*
* Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder clientMetadata(Map clientMetadata);
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends CognitoIdentityProviderRequest.BuilderImpl implements Builder {
private String clientId;
private String challengeName;
private String session;
private Map challengeResponses = DefaultSdkAutoConstructMap.getInstance();
private AnalyticsMetadataType analyticsMetadata;
private UserContextDataType userContextData;
private Map clientMetadata = DefaultSdkAutoConstructMap.getInstance();
private BuilderImpl() {
}
private BuilderImpl(RespondToAuthChallengeRequest model) {
super(model);
clientId(model.clientId);
challengeName(model.challengeName);
session(model.session);
challengeResponses(model.challengeResponses);
analyticsMetadata(model.analyticsMetadata);
userContextData(model.userContextData);
clientMetadata(model.clientMetadata);
}
public final String getClientId() {
return clientId;
}
public final void setClientId(String clientId) {
this.clientId = clientId;
}
@Override
public final Builder clientId(String clientId) {
this.clientId = clientId;
return this;
}
public final String getChallengeName() {
return challengeName;
}
public final void setChallengeName(String challengeName) {
this.challengeName = challengeName;
}
@Override
public final Builder challengeName(String challengeName) {
this.challengeName = challengeName;
return this;
}
@Override
public final Builder challengeName(ChallengeNameType challengeName) {
this.challengeName(challengeName == null ? null : challengeName.toString());
return this;
}
public final String getSession() {
return session;
}
public final void setSession(String session) {
this.session = session;
}
@Override
public final Builder session(String session) {
this.session = session;
return this;
}
public final Map getChallengeResponses() {
if (challengeResponses instanceof SdkAutoConstructMap) {
return null;
}
return challengeResponses;
}
public final void setChallengeResponses(Map challengeResponses) {
this.challengeResponses = ChallengeResponsesTypeCopier.copy(challengeResponses);
}
@Override
public final Builder challengeResponses(Map challengeResponses) {
this.challengeResponses = ChallengeResponsesTypeCopier.copy(challengeResponses);
return this;
}
public final AnalyticsMetadataType.Builder getAnalyticsMetadata() {
return analyticsMetadata != null ? analyticsMetadata.toBuilder() : null;
}
public final void setAnalyticsMetadata(AnalyticsMetadataType.BuilderImpl analyticsMetadata) {
this.analyticsMetadata = analyticsMetadata != null ? analyticsMetadata.build() : null;
}
@Override
public final Builder analyticsMetadata(AnalyticsMetadataType analyticsMetadata) {
this.analyticsMetadata = analyticsMetadata;
return this;
}
public final UserContextDataType.Builder getUserContextData() {
return userContextData != null ? userContextData.toBuilder() : null;
}
public final void setUserContextData(UserContextDataType.BuilderImpl userContextData) {
this.userContextData = userContextData != null ? userContextData.build() : null;
}
@Override
public final Builder userContextData(UserContextDataType userContextData) {
this.userContextData = userContextData;
return this;
}
public final Map getClientMetadata() {
if (clientMetadata instanceof SdkAutoConstructMap) {
return null;
}
return clientMetadata;
}
public final void setClientMetadata(Map clientMetadata) {
this.clientMetadata = ClientMetadataTypeCopier.copy(clientMetadata);
}
@Override
public final Builder clientMetadata(Map clientMetadata) {
this.clientMetadata = ClientMetadataTypeCopier.copy(clientMetadata);
return this;
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public RespondToAuthChallengeRequest build() {
return new RespondToAuthChallengeRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
@Override
public Map> sdkFieldNameToField() {
return SDK_NAME_TO_FIELD;
}
}
}