/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include namespace Aws { template class AmazonWebServiceResult; namespace Utils { namespace Json { class JsonValue; } // namespace Json } // namespace Utils namespace CognitoIdentityProvider { namespace Model { /** *

Initiates the authentication response.

SMS_MFA: Next challenge is to supply an * SMS_MFA_CODE, delivered via SMS.
* PASSWORD_VERIFIER: Next challenge is to supply * PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, * and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom * authentication flow determines that the user should pass another challenge * before tokens are issued.
DEVICE_SRP_AUTH: If * device tracking was activated on your user pool and the previous challenges were * passed, this challenge is returned so that Amazon Cognito can start tracking * this device.
DEVICE_PASSWORD_VERIFIER: Similar * to PASSWORD_VERIFIER, but for devices only.
* NEW_PASSWORD_REQUIRED: For users who are required to change their * passwords after successful first login.

Respond to this challenge with * NEW_PASSWORD and any required attributes that Amazon Cognito * returned in the requiredAttributes parameter. You can also set * values for attributes that aren't required by your user pool and that your app * client can write. For more information, see RespondToAuthChallenge.
*
In a NEW_PASSWORD_REQUIRED challenge response, you can't * modify a required attribute that already has a value. In * RespondToAuthChallenge, set a value for any keys that Amazon * Cognito returned in the requiredAttributes parameter, then use the * UpdateUserAttributes API operation to modify the value of any * additional attributes.
MFA_SETUP: For * users who are required to setup an MFA factor before they can sign in. The MFA * types activated for the user pool will be listed in the challenge parameters * MFA_CAN_SETUP value.

To set up software token MFA, use the * session returned here from InitiateAuth as an input to * AssociateSoftwareToken. Use the session returned by * VerifySoftwareToken as an input to * RespondToAuthChallenge with challenge name MFA_SETUP * to complete sign-in. To set up SMS MFA, an administrator should help the user to * add a phone number to their account, and then the user should call * InitiateAuth again to restart sign-in.

*/ inline const ChallengeNameType& GetChallengeName() const{ return m_challengeName; } /** *

The name of the challenge that you're responding to with this call. This name * is returned in the AdminInitiateAuth response if you must pass * another challenge.

Valid values include the following:

All * of the following challenges require USERNAME and * SECRET_HASH (if applicable) in the parameters.

SMS_MFA: Next challenge is to supply an * SMS_MFA_CODE, delivered via SMS.
* PASSWORD_VERIFIER: Next challenge is to supply * PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, * and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom * authentication flow determines that the user should pass another challenge * before tokens are issued.
DEVICE_SRP_AUTH: If * device tracking was activated on your user pool and the previous challenges were * passed, this challenge is returned so that Amazon Cognito can start tracking * this device.
DEVICE_PASSWORD_VERIFIER: Similar * to PASSWORD_VERIFIER, but for devices only.
* NEW_PASSWORD_REQUIRED: For users who are required to change their * passwords after successful first login.

Respond to this challenge with * NEW_PASSWORD and any required attributes that Amazon Cognito * returned in the requiredAttributes parameter. You can also set * values for attributes that aren't required by your user pool and that your app * client can write. For more information, see RespondToAuthChallenge.
*
In a NEW_PASSWORD_REQUIRED challenge response, you can't * modify a required attribute that already has a value. In * RespondToAuthChallenge, set a value for any keys that Amazon * Cognito returned in the requiredAttributes parameter, then use the * UpdateUserAttributes API operation to modify the value of any * additional attributes.
MFA_SETUP: For * users who are required to setup an MFA factor before they can sign in. The MFA * types activated for the user pool will be listed in the challenge parameters * MFA_CAN_SETUP value.

To set up software token MFA, use the * session returned here from InitiateAuth as an input to * AssociateSoftwareToken. Use the session returned by * VerifySoftwareToken as an input to * RespondToAuthChallenge with challenge name MFA_SETUP * to complete sign-in. To set up SMS MFA, an administrator should help the user to * add a phone number to their account, and then the user should call * InitiateAuth again to restart sign-in.

*/ inline void SetChallengeName(const ChallengeNameType& value) { m_challengeName = value; } /** *

The name of the challenge that you're responding to with this call. This name * is returned in the AdminInitiateAuth response if you must pass * another challenge.

Valid values include the following:

All * of the following challenges require USERNAME and * SECRET_HASH (if applicable) in the parameters.

SMS_MFA: Next challenge is to supply an * SMS_MFA_CODE, delivered via SMS.
* PASSWORD_VERIFIER: Next challenge is to supply * PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, * and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom * authentication flow determines that the user should pass another challenge * before tokens are issued.
DEVICE_SRP_AUTH: If * device tracking was activated on your user pool and the previous challenges were * passed, this challenge is returned so that Amazon Cognito can start tracking * this device.
DEVICE_PASSWORD_VERIFIER: Similar * to PASSWORD_VERIFIER, but for devices only.
* NEW_PASSWORD_REQUIRED: For users who are required to change their * passwords after successful first login.

Respond to this challenge with * NEW_PASSWORD and any required attributes that Amazon Cognito * returned in the requiredAttributes parameter. You can also set * values for attributes that aren't required by your user pool and that your app * client can write. For more information, see RespondToAuthChallenge.
*
In a NEW_PASSWORD_REQUIRED challenge response, you can't * modify a required attribute that already has a value. In * RespondToAuthChallenge, set a value for any keys that Amazon * Cognito returned in the requiredAttributes parameter, then use the * UpdateUserAttributes API operation to modify the value of any * additional attributes.
MFA_SETUP: For * users who are required to setup an MFA factor before they can sign in. The MFA * types activated for the user pool will be listed in the challenge parameters * MFA_CAN_SETUP value.

To set up software token MFA, use the * session returned here from InitiateAuth as an input to * AssociateSoftwareToken. Use the session returned by * VerifySoftwareToken as an input to * RespondToAuthChallenge with challenge name MFA_SETUP * to complete sign-in. To set up SMS MFA, an administrator should help the user to * add a phone number to their account, and then the user should call * InitiateAuth again to restart sign-in.

*/ inline void SetChallengeName(ChallengeNameType&& value) { m_challengeName = std::move(value); } /** *

The name of the challenge that you're responding to with this call. This name * is returned in the AdminInitiateAuth response if you must pass * another challenge.

Valid values include the following:

All * of the following challenges require USERNAME and * SECRET_HASH (if applicable) in the parameters.

SMS_MFA: Next challenge is to supply an * SMS_MFA_CODE, delivered via SMS.
* PASSWORD_VERIFIER: Next challenge is to supply * PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, * and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom * authentication flow determines that the user should pass another challenge * before tokens are issued.
DEVICE_SRP_AUTH: If * device tracking was activated on your user pool and the previous challenges were * passed, this challenge is returned so that Amazon Cognito can start tracking * this device.
DEVICE_PASSWORD_VERIFIER: Similar * to PASSWORD_VERIFIER, but for devices only.
* NEW_PASSWORD_REQUIRED: For users who are required to change their * passwords after successful first login.

Respond to this challenge with * NEW_PASSWORD and any required attributes that Amazon Cognito * returned in the requiredAttributes parameter. You can also set * values for attributes that aren't required by your user pool and that your app * client can write. For more information, see RespondToAuthChallenge.
*
In a NEW_PASSWORD_REQUIRED challenge response, you can't * modify a required attribute that already has a value. In * RespondToAuthChallenge, set a value for any keys that Amazon * Cognito returned in the requiredAttributes parameter, then use the * UpdateUserAttributes API operation to modify the value of any * additional attributes.
MFA_SETUP: For * users who are required to setup an MFA factor before they can sign in. The MFA * types activated for the user pool will be listed in the challenge parameters * MFA_CAN_SETUP value.

To set up software token MFA, use the * session returned here from InitiateAuth as an input to * AssociateSoftwareToken. Use the session returned by * VerifySoftwareToken as an input to * RespondToAuthChallenge with challenge name MFA_SETUP * to complete sign-in. To set up SMS MFA, an administrator should help the user to * add a phone number to their account, and then the user should call * InitiateAuth again to restart sign-in.

*/ inline InitiateAuthResult& WithChallengeName(const ChallengeNameType& value) { SetChallengeName(value); return *this;} /** *

The name of the challenge that you're responding to with this call. This name * is returned in the AdminInitiateAuth response if you must pass * another challenge.

Valid values include the following:

All * of the following challenges require USERNAME and * SECRET_HASH (if applicable) in the parameters.

SMS_MFA: Next challenge is to supply an * SMS_MFA_CODE, delivered via SMS.
* PASSWORD_VERIFIER: Next challenge is to supply * PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, * and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom * authentication flow determines that the user should pass another challenge * before tokens are issued.
DEVICE_SRP_AUTH: If * device tracking was activated on your user pool and the previous challenges were * passed, this challenge is returned so that Amazon Cognito can start tracking * this device.
DEVICE_PASSWORD_VERIFIER: Similar * to PASSWORD_VERIFIER, but for devices only.
* NEW_PASSWORD_REQUIRED: For users who are required to change their * passwords after successful first login.

Respond to this challenge with * NEW_PASSWORD and any required attributes that Amazon Cognito * returned in the requiredAttributes parameter. You can also set * values for attributes that aren't required by your user pool and that your app * client can write. For more information, see RespondToAuthChallenge.
*
In a NEW_PASSWORD_REQUIRED challenge response, you can't * modify a required attribute that already has a value. In * RespondToAuthChallenge, set a value for any keys that Amazon * Cognito returned in the requiredAttributes parameter, then use the * UpdateUserAttributes API operation to modify the value of any * additional attributes.
MFA_SETUP: For * users who are required to setup an MFA factor before they can sign in. The MFA * types activated for the user pool will be listed in the challenge parameters * MFA_CAN_SETUP value.

To set up software token MFA, use the * session returned here from InitiateAuth as an input to * AssociateSoftwareToken. Use the session returned by * VerifySoftwareToken as an input to * RespondToAuthChallenge with challenge name MFA_SETUP * to complete sign-in. To set up SMS MFA, an administrator should help the user to * add a phone number to their account, and then the user should call * InitiateAuth again to restart sign-in.

*/ inline InitiateAuthResult& WithChallengeName(ChallengeNameType&& value) { SetChallengeName(std::move(value)); return *this;} /** *

The session that should pass both ways in challenge-response calls to the * service. If the caller must pass another challenge, they return a session with * other challenge parameters. This session should be passed as it is to the next * RespondToAuthChallenge API call.

*/ inline const Aws::String& GetSession() const{ return m_session; } /** *

*/ inline void SetSession(const Aws::String& value) { m_session = value; } /** *

*/ inline void SetSession(Aws::String&& value) { m_session = std::move(value); } /** *

*/ inline void SetSession(const char* value) { m_session.assign(value); } /** *

*/ inline InitiateAuthResult& WithSession(const Aws::String& value) { SetSession(value); return *this;} /** *

*/ inline InitiateAuthResult& WithSession(Aws::String&& value) { SetSession(std::move(value)); return *this;} /** *

*/ inline InitiateAuthResult& WithSession(const char* value) { SetSession(value); return *this;} /** *

The challenge parameters. These are returned in the InitiateAuth * response if you must pass another challenge. The responses in this parameter * should be used to compute inputs to the next call * (RespondToAuthChallenge).