@aws-sdk/client-cognito-identity-provider

import { Command as $Command } from "@smithy/smithy-client"; import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { CognitoIdentityProviderClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CognitoIdentityProviderClient"; import { AdminRespondToAuthChallengeRequest, AdminRespondToAuthChallengeResponse } from "../models/models_0"; /** * @public */ export type { __MetadataBearer }; export { $Command }; /** * @public * * The input for {@link AdminRespondToAuthChallengeCommand}. */ export interface AdminRespondToAuthChallengeCommandInput extends AdminRespondToAuthChallengeRequest { } /** * @public * * The output of {@link AdminRespondToAuthChallengeCommand}. */ export interface AdminRespondToAuthChallengeCommandOutput extends AdminRespondToAuthChallengeResponse, __MetadataBearer { } declare const AdminRespondToAuthChallengeCommand_base: { new (input: AdminRespondToAuthChallengeCommandInput): import("@smithy/smithy-client").CommandImpl<AdminRespondToAuthChallengeCommandInput, AdminRespondToAuthChallengeCommandOutput, CognitoIdentityProviderClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>; new (input: AdminRespondToAuthChallengeCommandInput): import("@smithy/smithy-client").CommandImpl<AdminRespondToAuthChallengeCommandInput, AdminRespondToAuthChallengeCommandOutput, CognitoIdentityProviderClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>; getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions; }; /** * Some API operations in a user pool generate a challenge, like a prompt for an MFA * code, for device authentication that bypasses MFA, or for a custom authentication * challenge. An <code>AdminRespondToAuthChallenge</code> API request provides the answer * to that challenge, like a code or a secure remote password (SRP). The parameters of a * response to an authentication challenge vary with the type of challenge. * For more information about custom authentication challenges, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html">Custom * authentication challenge Lambda triggers</a>. * <note> * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers * require you to register an origination phone number before you can send SMS messages * to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a * phone number with <a href="https://console.aws.amazon.com/pinpoint/home/">Amazon Pinpoint</a>. * Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must * receive SMS messages might not be able to sign up, activate their accounts, or sign * in. * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, * Amazon Simple Notification Service might place your account in the SMS sandbox. In * <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox * mode</a> * , you can send messages only to verified phone * numbers. After you test your app while in the sandbox environment, you can move out * of the sandbox and into production. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html"> SMS message settings for Amazon Cognito user pools</a> in the Amazon Cognito * Developer Guide. * </note> * <note> * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must * grant yourself the corresponding IAM permission in a policy. * * Learn more * * <ul> * <li> * * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html">Signing Amazon Web Services API Requests</a> * * </li> * <li> * * <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html">Using the Amazon Cognito user pools API and user pool endpoints</a> * * </li> * </ul> * </note> * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript * import { CognitoIdentityProviderClient, AdminRespondToAuthChallengeCommand } from "@aws-sdk/client-cognito-identity-provider"; // ES Modules import * // const { CognitoIdentityProviderClient, AdminRespondToAuthChallengeCommand } = require("@aws-sdk/client-cognito-identity-provider"); // CommonJS import * const client = new CognitoIdentityProviderClient(config); * const input = { // AdminRespondToAuthChallengeRequest * UserPoolId: "STRING_VALUE", // required * ClientId: "STRING_VALUE", // required * ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "SELECT_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED" || "SMS_OTP" || "PASSWORD" || "WEB_AUTHN" || "PASSWORD_SRP", // required * ChallengeResponses: { // ChallengeResponsesType * "<keys>": "STRING_VALUE", * }, * Session: "STRING_VALUE", * AnalyticsMetadata: { // AnalyticsMetadataType * AnalyticsEndpointId: "STRING_VALUE", * }, * ContextData: { // ContextDataType * IpAddress: "STRING_VALUE", // required * ServerName: "STRING_VALUE", // required * ServerPath: "STRING_VALUE", // required * HttpHeaders: [ // HttpHeaderList // required * { // HttpHeader * headerName: "STRING_VALUE", * headerValue: "STRING_VALUE", * }, * ], * EncodedData: "STRING_VALUE", * }, * ClientMetadata: { // ClientMetadataType * "<keys>": "STRING_VALUE", * }, * }; * const command = new AdminRespondToAuthChallengeCommand(input); * const response = await client.send(command); * // { // AdminRespondToAuthChallengeResponse * // ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "SELECT_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED" || "SMS_OTP" || "PASSWORD" || "WEB_AUTHN" || "PASSWORD_SRP", * // Session: "STRING_VALUE", * // ChallengeParameters: { // ChallengeParametersType * // "<keys>": "STRING_VALUE", * // }, * // AuthenticationResult: { // AuthenticationResultType * // AccessToken: "STRING_VALUE", * // ExpiresIn: Number("int"), * // TokenType: "STRING_VALUE", * // RefreshToken: "STRING_VALUE", * // IdToken: "STRING_VALUE", * // NewDeviceMetadata: { // NewDeviceMetadataType * // DeviceKey: "STRING_VALUE", * // DeviceGroupKey: "STRING_VALUE", * // }, * // }, * // }; * * ``` * * @param AdminRespondToAuthChallengeCommandInput - {@link AdminRespondToAuthChallengeCommandInput} * @returns {@link AdminRespondToAuthChallengeCommandOutput} * @see {@link AdminRespondToAuthChallengeCommandInput} for command's `input` shape. * @see {@link AdminRespondToAuthChallengeCommandOutput} for command's `response` shape. * @see {@link CognitoIdentityProviderClientResolvedConfig | config} for CognitoIdentityProviderClient's `config` shape. * * @throws {@link AliasExistsException} (client fault) * This exception is thrown when a user tries to confirm the account with an email * address or phone number that has already been supplied as an alias for a different user * profile. This exception indicates that an account with this email address or phone * already exists in a user pool that you've configured to use email address or phone * number as a sign-in alias. * * @throws {@link CodeMismatchException} (client fault) * This exception is thrown if the provided code doesn't match what the server was * expecting. * * @throws {@link ExpiredCodeException} (client fault) * This exception is thrown if a code has expired. * * @throws {@link InternalErrorException} (server fault) * This exception is thrown when Amazon Cognito encounters an internal error. * * @throws {@link InvalidEmailRoleAccessPolicyException} (client fault) * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP * status code: 400. * * @throws {@link InvalidLambdaResponseException} (client fault) * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * * @throws {@link InvalidParameterException} (client fault) * This exception is thrown when the Amazon Cognito service encounters an invalid * parameter. * * @throws {@link InvalidPasswordException} (client fault) * This exception is thrown when Amazon Cognito encounters an invalid password. * * @throws {@link InvalidSmsRoleAccessPolicyException} (client fault) * This exception is returned when the role provided for SMS configuration doesn't have * permission to publish using Amazon SNS. * * @throws {@link InvalidSmsRoleTrustRelationshipException} (client fault) * This exception is thrown when the trust relationship is not valid for the role * provided for SMS configuration. This can happen if you don't trust * <code>cognito-idp.amazonaws.com</code> or the external ID provided in the role does * not match what is provided in the SMS configuration for the user pool. * * @throws {@link InvalidUserPoolConfigurationException} (client fault) * This exception is thrown when the user pool configuration is not valid. * * @throws {@link MFAMethodNotFoundException} (client fault) * This exception is thrown when Amazon Cognito can't find a multi-factor authentication * (MFA) method. * * @throws {@link NotAuthorizedException} (client fault) * This exception is thrown when a user isn't authorized. * * @throws {@link PasswordHistoryPolicyViolationException} (client fault) * The message returned when a user's new password matches a previous password and * doesn't comply with the password-history policy. * * @throws {@link PasswordResetRequiredException} (client fault) * This exception is thrown when a password reset is required. * * @throws {@link ResourceNotFoundException} (client fault) * This exception is thrown when the Amazon Cognito service can't find the requested * resource. * * @throws {@link SoftwareTokenMFANotFoundException} (client fault) * This exception is thrown when the software token time-based one-time password (TOTP) * multi-factor authentication (MFA) isn't activated for the user pool. * * @throws {@link TooManyRequestsException} (client fault) * This exception is thrown when the user has made too many requests for a given * operation. * * @throws {@link UnexpectedLambdaException} (client fault) * This exception is thrown when Amazon Cognito encounters an unexpected exception with * Lambda. * * @throws {@link UserLambdaValidationException} (client fault) * This exception is thrown when the Amazon Cognito service encounters a user validation exception * with the Lambda service. * * @throws {@link UserNotConfirmedException} (client fault) * This exception is thrown when a user isn't confirmed successfully. * * @throws {@link UserNotFoundException} (client fault) * This exception is thrown when a user isn't found. * * @throws {@link CognitoIdentityProviderServiceException} * Base exception class for all service exceptions from CognitoIdentityProvider service. * * * @public */ export declare class AdminRespondToAuthChallengeCommand extends AdminRespondToAuthChallengeCommand_base { /** @internal type navigation helper, not in runtime. */ protected static __types: { api: { input: AdminRespondToAuthChallengeRequest; output: AdminRespondToAuthChallengeResponse; }; sdk: { input: AdminRespondToAuthChallengeCommandInput; output: AdminRespondToAuthChallengeCommandOutput; }; }; }