Class InitiateAuthRequest
- All Implemented Interfaces:
SdkPojo
,ToCopyableBuilder<InitiateAuthRequest.Builder,
InitiateAuthRequest>
Initiates the authentication request.
-
Nested Class Summary
Nested Classes -
Method Summary
Modifier and TypeMethodDescriptionfinal AnalyticsMetadataType
Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID.final AuthFlowType
authFlow()
The authentication flow that you want to initiate.final String
The authentication flow that you want to initiate.The authentication parameters.static InitiateAuthRequest.Builder
builder()
final String
clientId()
The ID of the app client that your user wants to sign in to.A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.final boolean
final boolean
equalsBySdkFields
(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final <T> Optional
<T> getValueForField
(String fieldName, Class<T> clazz) Used to retrieve the value of a field from any class that extendsSdkRequest
.final boolean
For responses, this returns true if the service returned a value for the AuthParameters property.final boolean
For responses, this returns true if the service returned a value for the ClientMetadata property.final int
hashCode()
static Class
<? extends InitiateAuthRequest.Builder> final String
session()
The optional session ID from aConfirmSignUp
API request.Take this object and create a builder that contains all of the current property values of this object.final String
toString()
Returns a string representation of this object.final UserContextDataType
Contextual data about your user session like the device fingerprint, IP address, or location.Methods inherited from class software.amazon.awssdk.awscore.AwsRequest
overrideConfiguration
Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
authFlow
The authentication flow that you want to initiate. Each
AuthFlow
has linkedAuthParameters
that you must submit. The following are some example flows.- USER_AUTH
-
The entry point for choice-based authentication with passwords, one-time passwords, and WebAuthn authenticators. Request a preferred authentication type or review available authentication types. From the offered authentication types, select one in a challenge response and then authenticate with that method in an additional challenge response. To activate this setting, your user pool must be in the Essentials tier or higher.
- USER_SRP_AUTH
-
Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP password verification in custom authentication flow.
- REFRESH_TOKEN_AUTH and REFRESH_TOKEN
-
Receive new ID and access tokens when you pass a
REFRESH_TOKEN
parameter with a valid refresh token as the value. For more information, see Using the refresh token. - CUSTOM_AUTH
-
Custom authentication with Lambda triggers. For more information, see Custom authentication challenge Lambda triggers.
- USER_PASSWORD_AUTH
-
Client-side username-password authentication with the password sent directly in the request. For more information about client-side and server-side authentication, see SDK authorization models.
ADMIN_USER_PASSWORD_AUTH
is a flow type ofAdminInitiateAuth
and isn't valid for InitiateAuth.ADMIN_NO_SRP_AUTH
is a legacy server-side username-password flow and isn't valid for InitiateAuth.If the service returns an enum value that is not available in the current SDK version,
authFlow
will returnAuthFlowType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromauthFlowAsString()
.- Returns:
- The authentication flow that you want to initiate. Each
AuthFlow
has linkedAuthParameters
that you must submit. The following are some example flows.- USER_AUTH
-
The entry point for choice-based authentication with passwords, one-time passwords, and WebAuthn authenticators. Request a preferred authentication type or review available authentication types. From the offered authentication types, select one in a challenge response and then authenticate with that method in an additional challenge response. To activate this setting, your user pool must be in the Essentials tier or higher.
- USER_SRP_AUTH
-
Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP password verification in custom authentication flow.
- REFRESH_TOKEN_AUTH and REFRESH_TOKEN
-
Receive new ID and access tokens when you pass a
REFRESH_TOKEN
parameter with a valid refresh token as the value. For more information, see Using the refresh token. - CUSTOM_AUTH
-
Custom authentication with Lambda triggers. For more information, see Custom authentication challenge Lambda triggers.
- USER_PASSWORD_AUTH
-
Client-side username-password authentication with the password sent directly in the request. For more information about client-side and server-side authentication, see SDK authorization models.
ADMIN_USER_PASSWORD_AUTH
is a flow type ofAdminInitiateAuth
and isn't valid for InitiateAuth.ADMIN_NO_SRP_AUTH
is a legacy server-side username-password flow and isn't valid for InitiateAuth. - See Also:
-
authFlowAsString
The authentication flow that you want to initiate. Each
AuthFlow
has linkedAuthParameters
that you must submit. The following are some example flows.- USER_AUTH
-
The entry point for choice-based authentication with passwords, one-time passwords, and WebAuthn authenticators. Request a preferred authentication type or review available authentication types. From the offered authentication types, select one in a challenge response and then authenticate with that method in an additional challenge response. To activate this setting, your user pool must be in the Essentials tier or higher.
- USER_SRP_AUTH
-
Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP password verification in custom authentication flow.
- REFRESH_TOKEN_AUTH and REFRESH_TOKEN
-
Receive new ID and access tokens when you pass a
REFRESH_TOKEN
parameter with a valid refresh token as the value. For more information, see Using the refresh token. - CUSTOM_AUTH
-
Custom authentication with Lambda triggers. For more information, see Custom authentication challenge Lambda triggers.
- USER_PASSWORD_AUTH
-
Client-side username-password authentication with the password sent directly in the request. For more information about client-side and server-side authentication, see SDK authorization models.
ADMIN_USER_PASSWORD_AUTH
is a flow type ofAdminInitiateAuth
and isn't valid for InitiateAuth.ADMIN_NO_SRP_AUTH
is a legacy server-side username-password flow and isn't valid for InitiateAuth.If the service returns an enum value that is not available in the current SDK version,
authFlow
will returnAuthFlowType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromauthFlowAsString()
.- Returns:
- The authentication flow that you want to initiate. Each
AuthFlow
has linkedAuthParameters
that you must submit. The following are some example flows.- USER_AUTH
-
The entry point for choice-based authentication with passwords, one-time passwords, and WebAuthn authenticators. Request a preferred authentication type or review available authentication types. From the offered authentication types, select one in a challenge response and then authenticate with that method in an additional challenge response. To activate this setting, your user pool must be in the Essentials tier or higher.
- USER_SRP_AUTH
-
Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP password verification in custom authentication flow.
- REFRESH_TOKEN_AUTH and REFRESH_TOKEN
-
Receive new ID and access tokens when you pass a
REFRESH_TOKEN
parameter with a valid refresh token as the value. For more information, see Using the refresh token. - CUSTOM_AUTH
-
Custom authentication with Lambda triggers. For more information, see Custom authentication challenge Lambda triggers.
- USER_PASSWORD_AUTH
-
Client-side username-password authentication with the password sent directly in the request. For more information about client-side and server-side authentication, see SDK authorization models.
ADMIN_USER_PASSWORD_AUTH
is a flow type ofAdminInitiateAuth
and isn't valid for InitiateAuth.ADMIN_NO_SRP_AUTH
is a legacy server-side username-password flow and isn't valid for InitiateAuth. - See Also:
-
hasAuthParameters
public final boolean hasAuthParameters()For responses, this returns true if the service returned a value for the AuthParameters property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
authParameters
The authentication parameters. These are inputs corresponding to the
AuthFlow
that you're invoking.The required values are specific to the InitiateAuthRequest$AuthFlow.
The following are some authentication flows and their parameters. Add a
SECRET_HASH
parameter if your app client has a client secret.-
USER_AUTH
:USERNAME
(required),PREFERRED_CHALLENGE
. If you don't provide a value forPREFERRED_CHALLENGE
, Amazon Cognito responds with theAvailableChallenges
parameter that specifies the available sign-in methods. -
USER_SRP_AUTH
:USERNAME
(required),SRP_A
(required),DEVICE_KEY
. -
USER_PASSWORD_AUTH
:USERNAME
(required),PASSWORD
(required),DEVICE_KEY
. -
REFRESH_TOKEN_AUTH/REFRESH_TOKEN
:REFRESH_TOKEN
(required),DEVICE_KEY
. -
CUSTOM_AUTH
:USERNAME
(required),SECRET_HASH
(if app client is configured with client secret),DEVICE_KEY
. To start the authentication flow with password verification, includeChallengeName: SRP_A
andSRP_A: (The SRP_A Value)
.
For more information about
SECRET_HASH
, see Computing secret hash values. For information aboutDEVICE_KEY
, see Working with user devices in your user pool.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasAuthParameters()
method.- Returns:
- The authentication parameters. These are inputs corresponding to the
AuthFlow
that you're invoking.The required values are specific to the InitiateAuthRequest$AuthFlow.
The following are some authentication flows and their parameters. Add a
SECRET_HASH
parameter if your app client has a client secret.-
USER_AUTH
:USERNAME
(required),PREFERRED_CHALLENGE
. If you don't provide a value forPREFERRED_CHALLENGE
, Amazon Cognito responds with theAvailableChallenges
parameter that specifies the available sign-in methods. -
USER_SRP_AUTH
:USERNAME
(required),SRP_A
(required),DEVICE_KEY
. -
USER_PASSWORD_AUTH
:USERNAME
(required),PASSWORD
(required),DEVICE_KEY
. -
REFRESH_TOKEN_AUTH/REFRESH_TOKEN
:REFRESH_TOKEN
(required),DEVICE_KEY
. -
CUSTOM_AUTH
:USERNAME
(required),SECRET_HASH
(if app client is configured with client secret),DEVICE_KEY
. To start the authentication flow with password verification, includeChallengeName: SRP_A
andSRP_A: (The SRP_A Value)
.
For more information about
SECRET_HASH
, see Computing secret hash values. For information aboutDEVICE_KEY
, see Working with user devices in your user pool. -
-
-
hasClientMetadata
public final boolean hasClientMetadata()For responses, this returns true if the service returned a value for the ClientMetadata property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
clientMetadata
A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you send an
InitiateAuth
request, Amazon Cognito invokes the Lambda functions that are specified for various triggers. TheClientMetadata
value is passed as input to the functions for only the following triggers.-
Pre sign-up
-
Pre authentication
-
User migration
When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload as input to the function. This payload contains a
validationData
attribute with the data that you assigned to theClientMetadata
parameter in yourInitiateAuth
request. In your function,validationData
can contribute to operations that require data that isn't in the default payload.InitiateAuth
requests invokes the following triggers withoutClientMetadata
as input.-
Post authentication
-
Custom message
-
Pre token generation
-
Create auth challenge
-
Define auth challenge
-
Custom email sender
-
Custom SMS sender
For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.
When you use the
ClientMetadata
parameter, note that Amazon Cognito won't do the following:-
Store the
ClientMetadata
value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, theClientMetadata
parameter serves no purpose. -
Validate the
ClientMetadata
value. -
Encrypt the
ClientMetadata
value. Don't send sensitive information in this parameter.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasClientMetadata()
method.- Returns:
- A map of custom key-value pairs that you can provide as input for certain custom workflows that this
action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you send an
InitiateAuth
request, Amazon Cognito invokes the Lambda functions that are specified for various triggers. TheClientMetadata
value is passed as input to the functions for only the following triggers.-
Pre sign-up
-
Pre authentication
-
User migration
When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload as input to the function. This payload contains a
validationData
attribute with the data that you assigned to theClientMetadata
parameter in yourInitiateAuth
request. In your function,validationData
can contribute to operations that require data that isn't in the default payload.InitiateAuth
requests invokes the following triggers withoutClientMetadata
as input.-
Post authentication
-
Custom message
-
Pre token generation
-
Create auth challenge
-
Define auth challenge
-
Custom email sender
-
Custom SMS sender
For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.
When you use the
ClientMetadata
parameter, note that Amazon Cognito won't do the following:-
Store the
ClientMetadata
value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, theClientMetadata
parameter serves no purpose. -
Validate the
ClientMetadata
value. -
Encrypt the
ClientMetadata
value. Don't send sensitive information in this parameter.
-
-
-
clientId
The ID of the app client that your user wants to sign in to.
- Returns:
- The ID of the app client that your user wants to sign in to.
-
analyticsMetadata
Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.
- Returns:
- Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.
-
userContextData
Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
For more information, see Collecting data for threat protection in applications.
- Returns:
- Contextual data about your user session like the device fingerprint, IP address, or location. Amazon
Cognito threat protection evaluates the risk of an authentication event based on the context that your
app generates and passes to Amazon Cognito when it makes API requests.
For more information, see Collecting data for threat protection in applications.
-
session
The optional session ID from a
ConfirmSignUp
API request. You can sign in a user directly from the sign-up process with theUSER_AUTH
authentication flow. When you pass the session ID toInitiateAuth
, Amazon Cognito assumes the SMS or email message one-time verification password fromConfirmSignUp
as the primary authentication factor. You're not required to submit this code a second time. This option is only valid for users who have confirmed their sign-up and are signing in for the first time within the authentication flow session duration of the session ID.- Returns:
- The optional session ID from a
ConfirmSignUp
API request. You can sign in a user directly from the sign-up process with theUSER_AUTH
authentication flow. When you pass the session ID toInitiateAuth
, Amazon Cognito assumes the SMS or email message one-time verification password fromConfirmSignUp
as the primary authentication factor. You're not required to submit this code a second time. This option is only valid for users who have confirmed their sign-up and are signing in for the first time within the authentication flow session duration of the session ID.
-
toBuilder
Description copied from interface:ToCopyableBuilder
Take this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilder
in interfaceToCopyableBuilder<InitiateAuthRequest.Builder,
InitiateAuthRequest> - Specified by:
toBuilder
in classCognitoIdentityProviderRequest
- Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
public final int hashCode()- Overrides:
hashCode
in classAwsRequest
-
equals
- Overrides:
equals
in classAwsRequest
-
equalsBySdkFields
Description copied from interface:SdkPojo
Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojo
class, and is generated based on a service model.If an
SdkPojo
class does not have any inherited fields,equalsBySdkFields
andequals
are essentially the same.- Specified by:
equalsBySdkFields
in interfaceSdkPojo
- Parameters:
obj
- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
-
getValueForField
Description copied from class:SdkRequest
Used to retrieve the value of a field from any class that extendsSdkRequest
. The field name specified should match the member name from the corresponding service-2.json model specified in the codegen-resources folder for a given service. The class specifies what class to cast the returned value to. If the returned value is also a modeled class, theSdkRequest.getValueForField(String, Class)
method will again be available.- Overrides:
getValueForField
in classSdkRequest
- Parameters:
fieldName
- The name of the member to be retrieved.clazz
- The class to cast the returned object to.- Returns:
- Optional containing the casted return value
-
sdkFields
-
sdkFieldNameToField
- Specified by:
sdkFieldNameToField
in interfaceSdkPojo
- Returns:
- The mapping between the field name and its corresponding field.
-