Package software.amazon.awssdk.services.cognitoidentityprovider.model

Class ChallengeResponseType

java.lang.Object

software.amazon.awssdk.services.cognitoidentityprovider.model.ChallengeResponseType

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<ChallengeResponseType.Builder,ChallengeResponseType>

@Generated("software.amazon.awssdk:codegen")
public final class ChallengeResponseType
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<ChallengeResponseType.Builder,ChallengeResponseType>

The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.

You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. Include a DEVICE_KEY for device authentication.

SELECT_CHALLENGE

"ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "USERNAME": "[username]", "ANSWER": "[Challenge name]"}

Available challenges are PASSWORD, PASSWORD_SRP, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

Complete authentication in the SELECT_CHALLENGE response for PASSWORD, PASSWORD_SRP, and WEB_AUTHN:

• "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "WEB_AUTHN", "USERNAME": "[username]", "CREDENTIAL": "[AuthenticationResponseJSON]"}

  See AuthenticationResponseJSON.

• "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "PASSWORD", "USERNAME": "[username]", "PASSWORD": "[password]"}

• "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "PASSWORD_SRP", "USERNAME": "[username]", "SRP_A": "[SRP_A]"}

For SMS_OTP and EMAIL_OTP, respond with the username and answer. Your user pool will send a code for the user to submit in the next challenge response.

• "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "SMS_OTP", "USERNAME": "[username]"}

• "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "EMAIL_OTP", "USERNAME": "[username]"}

SMS_OTP

"ChallengeName": "SMS_OTP", "ChallengeResponses": {"SMS_OTP_CODE": "[code]", "USERNAME": "[username]"}

EMAIL_OTP

"ChallengeName": "EMAIL_OTP", "ChallengeResponses": {"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"}

SMS_MFA

"ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"}

PASSWORD_VERIFIER

This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.

"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}

Add "DEVICE_KEY" when you sign in with a remembered device.

CUSTOM_CHALLENGE

"ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[challenge_answer]"}

Add "DEVICE_KEY" when you sign in with a remembered device.

NEW_PASSWORD_REQUIRED

"ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD": "[new_password]", "USERNAME": "[username]"}

To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add "userAttributes.[attribute_name]": "[attribute_value]". This parameter can also set values for writable attributes that aren't required by your user pool.

In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.

SOFTWARE_TOKEN_MFA

"ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME": "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]}

DEVICE_SRP_AUTH

"ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"}

DEVICE_PASSWORD_VERIFIER

"ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY": "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}

MFA_SETUP

"ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"}, "SESSION": "[Session ID from VerifySoftwareToken]"

SELECT_MFA_TYPE

"ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"}

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

This data type is a request parameter of RespondToAuthChallenge and AdminRespondToAuthChallenge.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	ChallengeResponseType.Builder

Method Summary

Modifier and Type	Method	Description
static ChallengeResponseType.Builder	builder()
ChallengeName	challengeName()	The type of challenge that your previous authentication request returned in the parameter ChallengeName, for example SMS_MFA.
String	challengeNameAsString()	The type of challenge that your previous authentication request returned in the parameter ChallengeName, for example SMS_MFA.
ChallengeResponse	challengeResponse()	The set of key-value pairs that provides a response to the requested challenge.
String	challengeResponseAsString()	The set of key-value pairs that provides a response to the requested challenge.
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj)
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
int	hashCode()
Map<String,SdkField<?>>	sdkFieldNameToField()
List<SdkField<?>>	sdkFields()
static Class<? extends ChallengeResponseType.Builder>	serializableBuilderClass()
ChallengeResponseType.Builder	toBuilder()
String	toString()	Returns a string representation of this object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

challengeName

public final ChallengeName challengeName()

The type of challenge that your previous authentication request returned in the parameter ChallengeName, for example SMS_MFA.

If the service returns an enum value that is not available in the current SDK version, challengeName will return ChallengeName.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from challengeNameAsString().

Returns:

The type of challenge that your previous authentication request returned in the parameter ChallengeName, for example SMS_MFA.

See Also:

ChallengeName

challengeNameAsString

public final String challengeNameAsString()

The type of challenge that your previous authentication request returned in the parameter ChallengeName, for example SMS_MFA.

If the service returns an enum value that is not available in the current SDK version, challengeName will return ChallengeName.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from challengeNameAsString().

Returns:

The type of challenge that your previous authentication request returned in the parameter ChallengeName, for example SMS_MFA.

See Also:

ChallengeName

challengeResponse

public final ChallengeResponse challengeResponse()

The set of key-value pairs that provides a response to the requested challenge.

If the service returns an enum value that is not available in the current SDK version, challengeResponse will return ChallengeResponse.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from challengeResponseAsString().

Returns:

The set of key-value pairs that provides a response to the requested challenge.

See Also:

ChallengeResponse

challengeResponseAsString

public final String challengeResponseAsString()

The set of key-value pairs that provides a response to the requested challenge.

If the service returns an enum value that is not available in the current SDK version, challengeResponse will return ChallengeResponse.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from challengeResponseAsString().

Returns:

The set of key-value pairs that provides a response to the requested challenge.

See Also:

ChallengeResponse

toBuilder

public ChallengeResponseType.Builder toBuilder()

Specified by:

toBuilder in interface ToCopyableBuilder<ChallengeResponseType.Builder,ChallengeResponseType>

builder

public static ChallengeResponseType.Builder builder()

serializableBuilderClass

public static Class<? extends ChallengeResponseType.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Specified by:

equalsBySdkFields in interface SdkPojo

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
                                              Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo

sdkFieldNameToField

public final Map<String,SdkField<?>> sdkFieldNameToField()

Specified by:

sdkFieldNameToField in interface SdkPojo