// Code generated by smithy-go-codegen DO NOT EDIT.

package cognitoidentityprovider

import (
	"context"
	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
	"github.com/aws/smithy-go/middleware"
	smithyhttp "github.com/aws/smithy-go/transport/http"
)

// Responds to the authentication challenge. This action might generate an SMS
// text message. Starting June 1, 2021, US telecom carriers require you to register
// an origination phone number before you can send SMS messages to US phone
// numbers. If you use SMS text messages in Amazon Cognito, you must register a
// phone number with Amazon Pinpoint (https://console.aws.amazon.com/pinpoint/home/)
// . Amazon Cognito uses the registered number automatically. Otherwise, Amazon
// Cognito users who must receive SMS messages might not be able to sign up,
// activate their accounts, or sign in. If you have never used SMS text messages
// with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification
// Service might place your account in the SMS sandbox. In sandbox mode (https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html)
// , you can send messages only to verified phone numbers. After you test your app
// while in the sandbox environment, you can move out of the sandbox and into
// production. For more information, see SMS message settings for Amazon Cognito
// user pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html)
// in the Amazon Cognito Developer Guide.
func (c *Client) RespondToAuthChallenge(ctx context.Context, params *RespondToAuthChallengeInput, optFns ...func(*Options)) (*RespondToAuthChallengeOutput, error) {
	if params == nil {
		params = &RespondToAuthChallengeInput{}
	}

	result, metadata, err := c.invokeOperation(ctx, "RespondToAuthChallenge", params, optFns, c.addOperationRespondToAuthChallengeMiddlewares)
	if err != nil {
		return nil, err
	}

	out := result.(*RespondToAuthChallengeOutput)
	out.ResultMetadata = metadata
	return out, nil
}

// The request to respond to an authentication challenge.
type RespondToAuthChallengeInput struct {

	// The challenge name. For more information, see InitiateAuth (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html)
	// . ADMIN_NO_SRP_AUTH isn't a valid value.
	//
	// This member is required.
	ChallengeName types.ChallengeNameType

	// The app client ID.
	//
	// This member is required.
	ClientId *string

	// The Amazon Pinpoint analytics metadata that contributes to your metrics for
	// RespondToAuthChallenge calls.
	AnalyticsMetadata *types.AnalyticsMetadataType

	// The challenge responses. These are inputs corresponding to the value of
	// ChallengeName , for example: SECRET_HASH (if app client is configured with
	// client secret) applies to all of the inputs that follow (including
	// SOFTWARE_TOKEN_MFA ).
	//   - SMS_MFA : SMS_MFA_CODE , USERNAME .
	//   - PASSWORD_VERIFIER : PASSWORD_CLAIM_SIGNATURE , PASSWORD_CLAIM_SECRET_BLOCK ,
	//   TIMESTAMP , USERNAME . PASSWORD_VERIFIER requires DEVICE_KEY when you sign in
	//   with a remembered device.
	//   - NEW_PASSWORD_REQUIRED : NEW_PASSWORD , USERNAME , SECRET_HASH (if app client
	//   is configured with client secret). To set any required attributes that Amazon
	//   Cognito returned as requiredAttributes in the InitiateAuth response, add a
	//   userAttributes.attributename parameter. This parameter can also set values
	//   for writable attributes that aren't required by your user pool. In a
	//   NEW_PASSWORD_REQUIRED challenge response, you can't modify a required
	//   attribute that already has a value. In RespondToAuthChallenge , set a value
	//   for any keys that Amazon Cognito returned in the requiredAttributes parameter,
	//   then use the UpdateUserAttributes API operation to modify the value of any
	//   additional attributes.
	//   - SOFTWARE_TOKEN_MFA : USERNAME and SOFTWARE_TOKEN_MFA_CODE are required
	//   attributes.
	//   - DEVICE_SRP_AUTH requires USERNAME , DEVICE_KEY , SRP_A (and SECRET_HASH ).
	//   - DEVICE_PASSWORD_VERIFIER requires everything that PASSWORD_VERIFIER
	//   requires, plus DEVICE_KEY .
	//   - MFA_SETUP requires USERNAME , plus you must use the session value returned
	//   by VerifySoftwareToken in the Session parameter.
	ChallengeResponses map[string]string

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the RespondToAuthChallenge
	// API action, Amazon Cognito invokes any functions that are assigned to the
	// following triggers: post authentication, pre token generation, define auth
	// challenge, create auth challenge, and verify auth challenge. When Amazon Cognito
	// invokes any of these functions, it passes a JSON payload, which the function
	// receives as input. This payload contains a clientMetadata attribute, which
	// provides the data that you assigned to the ClientMetadata parameter in your
	// RespondToAuthChallenge request. In your function code in Lambda, you can process
	// the clientMetadata value to enhance your workflow for your specific needs. For
	// more information, see Customizing user pool Workflows with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string

	// The session that should be passed both ways in challenge-response calls to the
	// service. If InitiateAuth or RespondToAuthChallenge API call determines that the
	// caller must pass another challenge, they return a session with other challenge
	// parameters. This session should be passed as it is to the next
	// RespondToAuthChallenge API call.
	Session *string

	// Contextual data about your user session, such as the device fingerprint, IP
	// address, or location. Amazon Cognito advanced security evaluates the risk of an
	// authentication event based on the context that your app generates and passes to
	// Amazon Cognito when it makes API requests.
	UserContextData *types.UserContextDataType

	noSmithyDocumentSerde
}

// The response to respond to the authentication challenge.
type RespondToAuthChallengeOutput struct {

	// The result returned by the server in response to the request to respond to the
	// authentication challenge.
	AuthenticationResult *types.AuthenticationResultType

	// The challenge name. For more information, see InitiateAuth (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html)
	// .
	ChallengeName types.ChallengeNameType

	// The challenge parameters. For more information, see InitiateAuth (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html)
	// .
	ChallengeParameters map[string]string

	// The session that should be passed both ways in challenge-response calls to the
	// service. If the caller must pass another challenge, they return a session with
	// other challenge parameters. This session should be passed as it is to the next
	// RespondToAuthChallenge API call.
	Session *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata

	noSmithyDocumentSerde
}

func (c *Client) addOperationRespondToAuthChallengeMiddlewares(stack *middleware.Stack, options Options) (err error) {
	err = stack.Serialize.Add(&awsAwsjson11_serializeOpRespondToAuthChallenge{}, middleware.After)
	if err != nil {
		return err
	}
	err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpRespondToAuthChallenge{}, middleware.After)
	if err != nil {
		return err
	}
	if err = addSetLoggerMiddleware(stack, options); err != nil {
		return err
	}
	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
		return err
	}
	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
		return err
	}
	if err = addResolveEndpointMiddleware(stack, options); err != nil {
		return err
	}
	if err = addRetryMiddlewares(stack, options); err != nil {
		return err
	}
	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
		return err
	}
	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
		return err
	}
	if err = addClientUserAgent(stack, options); err != nil {
		return err
	}
	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
		return err
	}
	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
		return err
	}
	if err = addOpRespondToAuthChallengeValidationMiddleware(stack); err != nil {
		return err
	}
	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opRespondToAuthChallenge(options.Region), middleware.Before); err != nil {
		return err
	}
	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
		return err
	}
	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
		return err
	}
	if err = addResponseErrorMiddleware(stack); err != nil {
		return err
	}
	if err = addRequestResponseLogging(stack, options); err != nil {
		return err
	}
	return nil
}

func newServiceMetadataMiddleware_opRespondToAuthChallenge(region string) *awsmiddleware.RegisterServiceMetadata {
	return &awsmiddleware.RegisterServiceMetadata{
		Region:        region,
		ServiceID:     ServiceID,
		OperationName: "RespondToAuthChallenge",
	}
}