* Initiates the authentication response, as an administrator. *
* * @see AWS API * Documentation */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public class AdminInitiateAuthResult extends com.amazonaws.AmazonWebServiceResult
* The name of the challenge that you're responding to with this call. This is returned in the
* AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are
* presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to
* authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA,
* and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were
* passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first
* login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that aren't
* required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already
* has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned
* in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API
* operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types
* activated for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input
* to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up
* SMS MFA, users will need help from an administrator to add a phone number to their account and then call
* InitiateAuth again to restart sign-in.
*
* The session that should be passed both ways in challenge-response calls to the service. If
* AdminInitiateAuth or AdminRespondToAuthChallenge API call determines that the caller
* must pass another challenge, they return a session with other challenge parameters. This session should be passed
* as it is to the next AdminRespondToAuthChallenge API call.
*
* The challenge parameters. These are returned to you in the AdminInitiateAuth response if you must
* pass another challenge. The responses in this parameter should be used to compute inputs to the next call (
* AdminRespondToAuthChallenge).
*
* All challenges require USERNAME and SECRET_HASH (if applicable).
*
* The value of the USER_ID_FOR_SRP attribute is the user's actual username, not an alias (such as
* email address or phone number), even if you specified an alias in your call to AdminInitiateAuth.
* This happens because, in the AdminRespondToAuthChallenge API ChallengeResponses, the
* USERNAME attribute can't be an alias.
*
* The result of the authentication response. This is only returned if the caller doesn't need to pass another
* challenge. If the caller does need to pass another challenge before it gets tokens, ChallengeName,
* ChallengeParameters, and Session are returned.
*
* The name of the challenge that you're responding to with this call. This is returned in the
* AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are
* presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to
* authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA,
* and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were
* passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first
* login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that aren't
* required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already
* has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned
* in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API
* operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types
* activated for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input
* to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up
* SMS MFA, users will need help from an administrator to add a phone number to their account and then call
* InitiateAuth again to restart sign-in.
*
AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up
* are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to
* continue to authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text
* SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP
* calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the
* user should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous
* challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful
* first login. Respond to this challenge with NEW_PASSWORD and any required attributes that
* Amazon Cognito returned in the requiredAttributes parameter. You can also set values for
* attributes that aren't required by your user pool and that your app client can write. For more
* information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon
* Cognito returned in the requiredAttributes parameter, then use the
* AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The
* MFA types activated for the user pool will be listed in the challenge parameters
* MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as
* an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete
* sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their
* account and then call InitiateAuth again to restart sign-in.
*
* The name of the challenge that you're responding to with this call. This is returned in the
* AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are
* presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to
* authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA,
* and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were
* passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first
* login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that aren't
* required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already
* has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned
* in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API
* operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types
* activated for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input
* to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up
* SMS MFA, users will need help from an administrator to add a phone number to their account and then call
* InitiateAuth again to restart sign-in.
*
AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up
* are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to
* continue to authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text
* SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP
* calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the
* user should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous
* challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful
* first login. Respond to this challenge with NEW_PASSWORD and any required attributes that
* Amazon Cognito returned in the requiredAttributes parameter. You can also set values for
* attributes that aren't required by your user pool and that your app client can write. For more
* information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon
* Cognito returned in the requiredAttributes parameter, then use the
* AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The
* MFA types activated for the user pool will be listed in the challenge parameters
* MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as
* an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete
* sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their
* account and then call InitiateAuth again to restart sign-in.
*
* The name of the challenge that you're responding to with this call. This is returned in the
* AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are
* presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to
* authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA,
* and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were
* passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first
* login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that aren't
* required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already
* has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned
* in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API
* operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types
* activated for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input
* to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up
* SMS MFA, users will need help from an administrator to add a phone number to their account and then call
* InitiateAuth again to restart sign-in.
*
AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up
* are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to
* continue to authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text
* SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP
* calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the
* user should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous
* challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful
* first login. Respond to this challenge with NEW_PASSWORD and any required attributes that
* Amazon Cognito returned in the requiredAttributes parameter. You can also set values for
* attributes that aren't required by your user pool and that your app client can write. For more
* information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon
* Cognito returned in the requiredAttributes parameter, then use the
* AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The
* MFA types activated for the user pool will be listed in the challenge parameters
* MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as
* an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete
* sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their
* account and then call InitiateAuth again to restart sign-in.
*
* The name of the challenge that you're responding to with this call. This is returned in the
* AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are
* presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to
* authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA,
* and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were
* passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first
* login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that aren't
* required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already
* has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned
* in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API
* operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types
* activated for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input
* to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up
* SMS MFA, users will need help from an administrator to add a phone number to their account and then call
* InitiateAuth again to restart sign-in.
*
AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up
* are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to
* continue to authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text
* SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP
* calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the
* user should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous
* challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful
* first login. Respond to this challenge with NEW_PASSWORD and any required attributes that
* Amazon Cognito returned in the requiredAttributes parameter. You can also set values for
* attributes that aren't required by your user pool and that your app client can write. For more
* information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon
* Cognito returned in the requiredAttributes parameter, then use the
* AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The
* MFA types activated for the user pool will be listed in the challenge parameters
* MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as
* an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete
* sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their
* account and then call InitiateAuth again to restart sign-in.
*
* The name of the challenge that you're responding to with this call. This is returned in the
* AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are
* presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to
* authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA,
* and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user
* should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were
* passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first
* login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito
* returned in the requiredAttributes parameter. You can also set values for attributes that aren't
* required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already
* has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned
* in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API
* operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types
* activated for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input
* to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up
* SMS MFA, users will need help from an administrator to add a phone number to their account and then call
* InitiateAuth again to restart sign-in.
*
AdminInitiateAuth response if you must pass another challenge.
*
* MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up
* are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to
* continue to authenticate.
*
* SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text
* SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
*
* SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
*
* PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,
* PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP
* calculations.
*
* CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the
* user should pass another challenge before tokens are issued.
*
* DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous
* challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
*
* DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
*
* ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and
* PASSWORD directly. An app client must be enabled to use this flow.
*
* NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful
* first login. Respond to this challenge with NEW_PASSWORD and any required attributes that
* Amazon Cognito returned in the requiredAttributes parameter. You can also set values for
* attributes that aren't required by your user pool and that your app client can write. For more
* information, see AdminRespondToAuthChallenge.
*
* In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that
* already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon
* Cognito returned in the requiredAttributes parameter, then use the
* AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
*
* MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The
* MFA types activated for the user pool will be listed in the challenge parameters
* MFA_CAN_SETUP value.
*
* To set up software token MFA, use the session returned here from InitiateAuth as an input to
* AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as
* an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete
* sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their
* account and then call InitiateAuth again to restart sign-in.
*
* The session that should be passed both ways in challenge-response calls to the service. If
* AdminInitiateAuth or AdminRespondToAuthChallenge API call determines that the caller
* must pass another challenge, they return a session with other challenge parameters. This session should be passed
* as it is to the next AdminRespondToAuthChallenge API call.
*
AdminInitiateAuth or AdminRespondToAuthChallenge API call determines that the
* caller must pass another challenge, they return a session with other challenge parameters. This session
* should be passed as it is to the next AdminRespondToAuthChallenge API call.
*/
public void setSession(String session) {
this.session = session;
}
/**
*
* The session that should be passed both ways in challenge-response calls to the service. If
* AdminInitiateAuth or AdminRespondToAuthChallenge API call determines that the caller
* must pass another challenge, they return a session with other challenge parameters. This session should be passed
* as it is to the next AdminRespondToAuthChallenge API call.
*
AdminInitiateAuth or AdminRespondToAuthChallenge API call determines that the
* caller must pass another challenge, they return a session with other challenge parameters. This session
* should be passed as it is to the next AdminRespondToAuthChallenge API call.
*/
public String getSession() {
return this.session;
}
/**
*
* The session that should be passed both ways in challenge-response calls to the service. If
* AdminInitiateAuth or AdminRespondToAuthChallenge API call determines that the caller
* must pass another challenge, they return a session with other challenge parameters. This session should be passed
* as it is to the next AdminRespondToAuthChallenge API call.
*
AdminInitiateAuth or AdminRespondToAuthChallenge API call determines that the
* caller must pass another challenge, they return a session with other challenge parameters. This session
* should be passed as it is to the next AdminRespondToAuthChallenge API call.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AdminInitiateAuthResult withSession(String session) {
setSession(session);
return this;
}
/**
*
* The challenge parameters. These are returned to you in the AdminInitiateAuth response if you must
* pass another challenge. The responses in this parameter should be used to compute inputs to the next call (
* AdminRespondToAuthChallenge).
*
* All challenges require USERNAME and SECRET_HASH (if applicable).
*
* The value of the USER_ID_FOR_SRP attribute is the user's actual username, not an alias (such as
* email address or phone number), even if you specified an alias in your call to AdminInitiateAuth.
* This happens because, in the AdminRespondToAuthChallenge API ChallengeResponses, the
* USERNAME attribute can't be an alias.
*
AdminInitiateAuth response if you
* must pass another challenge. The responses in this parameter should be used to compute inputs to the next
* call (AdminRespondToAuthChallenge).
*
* All challenges require USERNAME and SECRET_HASH (if applicable).
*
* The value of the
* The challenge parameters. These are returned to you in the
* All challenges require
* The value of the USER_ID_FOR_SRP attribute is the user's actual username, not an alias (such
* as email address or phone number), even if you specified an alias in your call to
* AdminInitiateAuth. This happens because, in the AdminRespondToAuthChallenge API
* ChallengeResponses, the USERNAME attribute can't be an alias.
*/
public java.util.MapAdminInitiateAuth response if you must
* pass another challenge. The responses in this parameter should be used to compute inputs to the next call (
* AdminRespondToAuthChallenge).
* USERNAME and SECRET_HASH (if applicable).
* USER_ID_FOR_SRP attribute is the user's actual username, not an alias (such as
* email address or phone number), even if you specified an alias in your call to AdminInitiateAuth.
* This happens because, in the AdminRespondToAuthChallenge API ChallengeResponses, the
* USERNAME attribute can't be an alias.
* AdminInitiateAuth response if you
* must pass another challenge. The responses in this parameter should be used to compute inputs to the next
* call (AdminRespondToAuthChallenge).
* All challenges require USERNAME and SECRET_HASH (if applicable).
*
* The value of the
* The challenge parameters. These are returned to you in the
* All challenges require
* The value of the USER_ID_FOR_SRP attribute is the user's actual username, not an alias (such
* as email address or phone number), even if you specified an alias in your call to
* AdminInitiateAuth. This happens because, in the AdminRespondToAuthChallenge API
* ChallengeResponses, the USERNAME attribute can't be an alias.
*/
public void setChallengeParameters(java.util.MapAdminInitiateAuth response if you must
* pass another challenge. The responses in this parameter should be used to compute inputs to the next call (
* AdminRespondToAuthChallenge).
* USERNAME and SECRET_HASH (if applicable).
* USER_ID_FOR_SRP attribute is the user's actual username, not an alias (such as
* email address or phone number), even if you specified an alias in your call to AdminInitiateAuth.
* This happens because, in the AdminRespondToAuthChallenge API ChallengeResponses, the
* USERNAME attribute can't be an alias.
* AdminInitiateAuth response if you
* must pass another challenge. The responses in this parameter should be used to compute inputs to the next
* call (AdminRespondToAuthChallenge).
* All challenges require USERNAME and SECRET_HASH (if applicable).
*
* The value of the
* The result of the authentication response. This is only returned if the caller doesn't need to pass another
* challenge. If the caller does need to pass another challenge before it gets tokens,
* The result of the authentication response. This is only returned if the caller doesn't need to pass another
* challenge. If the caller does need to pass another challenge before it gets tokens,
* The result of the authentication response. This is only returned if the caller doesn't need to pass another
* challenge. If the caller does need to pass another challenge before it gets tokens, USER_ID_FOR_SRP attribute is the user's actual username, not an alias (such
* as email address or phone number), even if you specified an alias in your call to
* AdminInitiateAuth. This happens because, in the AdminRespondToAuthChallenge API
* ChallengeResponses, the USERNAME attribute can't be an alias.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AdminInitiateAuthResult withChallengeParameters(java.util.MapChallengeName,
* ChallengeParameters, and Session are returned.
* ChallengeName, ChallengeParameters, and Session are returned.
*/
public void setAuthenticationResult(AuthenticationResultType authenticationResult) {
this.authenticationResult = authenticationResult;
}
/**
* ChallengeName,
* ChallengeParameters, and Session are returned.
* ChallengeName, ChallengeParameters, and Session are returned.
*/
public AuthenticationResultType getAuthenticationResult() {
return this.authenticationResult;
}
/**
* ChallengeName,
* ChallengeParameters, and Session are returned.
* ChallengeName, ChallengeParameters, and Session are returned.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AdminInitiateAuthResult withAuthenticationResult(AuthenticationResultType authenticationResult) {
setAuthenticationResult(authenticationResult);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getChallengeName() != null)
sb.append("ChallengeName: ").append(getChallengeName()).append(",");
if (getSession() != null)
sb.append("Session: ").append("***Sensitive Data Redacted***").append(",");
if (getChallengeParameters() != null)
sb.append("ChallengeParameters: ").append(getChallengeParameters()).append(",");
if (getAuthenticationResult() != null)
sb.append("AuthenticationResult: ").append(getAuthenticationResult());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof AdminInitiateAuthResult == false)
return false;
AdminInitiateAuthResult other = (AdminInitiateAuthResult) obj;
if (other.getChallengeName() == null ^ this.getChallengeName() == null)
return false;
if (other.getChallengeName() != null && other.getChallengeName().equals(this.getChallengeName()) == false)
return false;
if (other.getSession() == null ^ this.getSession() == null)
return false;
if (other.getSession() != null && other.getSession().equals(this.getSession()) == false)
return false;
if (other.getChallengeParameters() == null ^ this.getChallengeParameters() == null)
return false;
if (other.getChallengeParameters() != null && other.getChallengeParameters().equals(this.getChallengeParameters()) == false)
return false;
if (other.getAuthenticationResult() == null ^ this.getAuthenticationResult() == null)
return false;
if (other.getAuthenticationResult() != null && other.getAuthenticationResult().equals(this.getAuthenticationResult()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getChallengeName() == null) ? 0 : getChallengeName().hashCode());
hashCode = prime * hashCode + ((getSession() == null) ? 0 : getSession().hashCode());
hashCode = prime * hashCode + ((getChallengeParameters() == null) ? 0 : getChallengeParameters().hashCode());
hashCode = prime * hashCode + ((getAuthenticationResult() == null) ? 0 : getAuthenticationResult().hashCode());
return hashCode;
}
@Override
public AdminInitiateAuthResult clone() {
try {
return (AdminInitiateAuthResult) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
}