@aws-sdk/client-cognito-identity-provider

import { Command as $Command } from "@smithy/smithy-client"; import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { CognitoIdentityProviderClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CognitoIdentityProviderClient"; import { InitiateAuthRequest, InitiateAuthResponse } from "../models/models_1"; /** * @public */ export type { __MetadataBearer }; export { $Command }; /** * @public * * The input for {@link InitiateAuthCommand}. */ export interface InitiateAuthCommandInput extends InitiateAuthRequest { } /** * @public * * The output of {@link InitiateAuthCommand}. */ export interface InitiateAuthCommandOutput extends InitiateAuthResponse, __MetadataBearer { } declare const InitiateAuthCommand_base: { new (input: InitiateAuthCommandInput): import("@smithy/smithy-client").CommandImpl<InitiateAuthCommandInput, InitiateAuthCommandOutput, CognitoIdentityProviderClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>; new (input: InitiateAuthCommandInput): import("@smithy/smithy-client").CommandImpl<InitiateAuthCommandInput, InitiateAuthCommandOutput, CognitoIdentityProviderClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>; getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions; }; /** * Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user * directory. Amazon Cognito might respond with an additional challenge or an * <code>AuthenticationResult</code> that contains the outcome of a successful * authentication. You can't sign in a user with a federated IdP with * <code>InitiateAuth</code>. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html">Authentication</a>. * <note> * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you can't use IAM credentials to authorize requests, and you can't * grant IAM permissions in policies. For more information about authorization models in * Amazon Cognito, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html">Using the Amazon Cognito user pools API and user pool endpoints</a>. * </note> * <note> * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers * require you to register an origination phone number before you can send SMS messages * to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a * phone number with <a href="https://console.aws.amazon.com/pinpoint/home/">Amazon Pinpoint</a>. * Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must * receive SMS messages might not be able to sign up, activate their accounts, or sign * in. * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, * Amazon Simple Notification Service might place your account in the SMS sandbox. In * <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox * mode</a> * , you can send messages only to verified phone * numbers. After you test your app while in the sandbox environment, you can move out * of the sandbox and into production. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html"> SMS message settings for Amazon Cognito user pools</a> in the Amazon Cognito * Developer Guide. * </note> * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript * import { CognitoIdentityProviderClient, InitiateAuthCommand } from "@aws-sdk/client-cognito-identity-provider"; // ES Modules import * // const { CognitoIdentityProviderClient, InitiateAuthCommand } = require("@aws-sdk/client-cognito-identity-provider"); // CommonJS import * const client = new CognitoIdentityProviderClient(config); * const input = { // InitiateAuthRequest * AuthFlow: "USER_SRP_AUTH" || "REFRESH_TOKEN_AUTH" || "REFRESH_TOKEN" || "CUSTOM_AUTH" || "ADMIN_NO_SRP_AUTH" || "USER_PASSWORD_AUTH" || "ADMIN_USER_PASSWORD_AUTH" || "USER_AUTH", // required * AuthParameters: { // AuthParametersType * "<keys>": "STRING_VALUE", * }, * ClientMetadata: { // ClientMetadataType * "<keys>": "STRING_VALUE", * }, * ClientId: "STRING_VALUE", // required * AnalyticsMetadata: { // AnalyticsMetadataType * AnalyticsEndpointId: "STRING_VALUE", * }, * UserContextData: { // UserContextDataType * IpAddress: "STRING_VALUE", * EncodedData: "STRING_VALUE", * }, * Session: "STRING_VALUE", * }; * const command = new InitiateAuthCommand(input); * const response = await client.send(command); * // { // InitiateAuthResponse * // ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "SELECT_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED" || "SMS_OTP" || "PASSWORD" || "WEB_AUTHN" || "PASSWORD_SRP", * // Session: "STRING_VALUE", * // ChallengeParameters: { // ChallengeParametersType * // "<keys>": "STRING_VALUE", * // }, * // AuthenticationResult: { // AuthenticationResultType * // AccessToken: "STRING_VALUE", * // ExpiresIn: Number("int"), * // TokenType: "STRING_VALUE", * // RefreshToken: "STRING_VALUE", * // IdToken: "STRING_VALUE", * // NewDeviceMetadata: { // NewDeviceMetadataType * // DeviceKey: "STRING_VALUE", * // DeviceGroupKey: "STRING_VALUE", * // }, * // }, * // AvailableChallenges: [ // AvailableChallengeListType * // "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "SELECT_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED" || "SMS_OTP" || "PASSWORD" || "WEB_AUTHN" || "PASSWORD_SRP", * // ], * // }; * * ``` * * @param InitiateAuthCommandInput - {@link InitiateAuthCommandInput} * @returns {@link InitiateAuthCommandOutput} * @see {@link InitiateAuthCommandInput} for command's `input` shape. * @see {@link InitiateAuthCommandOutput} for command's `response` shape. * @see {@link CognitoIdentityProviderClientResolvedConfig | config} for CognitoIdentityProviderClient's `config` shape. * * @throws {@link ForbiddenException} (client fault) * This exception is thrown when WAF doesn't allow your request based on a web * ACL that's associated with your user pool. * * @throws {@link InternalErrorException} (server fault) * This exception is thrown when Amazon Cognito encounters an internal error. * * @throws {@link InvalidEmailRoleAccessPolicyException} (client fault) * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP * status code: 400. * * @throws {@link InvalidLambdaResponseException} (client fault) * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * * @throws {@link InvalidParameterException} (client fault) * This exception is thrown when the Amazon Cognito service encounters an invalid * parameter. * * @throws {@link InvalidSmsRoleAccessPolicyException} (client fault) * This exception is returned when the role provided for SMS configuration doesn't have * permission to publish using Amazon SNS. * * @throws {@link InvalidSmsRoleTrustRelationshipException} (client fault) * This exception is thrown when the trust relationship is not valid for the role * provided for SMS configuration. This can happen if you don't trust * <code>cognito-idp.amazonaws.com</code> or the external ID provided in the role does * not match what is provided in the SMS configuration for the user pool. * * @throws {@link InvalidUserPoolConfigurationException} (client fault) * This exception is thrown when the user pool configuration is not valid. * * @throws {@link NotAuthorizedException} (client fault) * This exception is thrown when a user isn't authorized. * * @throws {@link PasswordResetRequiredException} (client fault) * This exception is thrown when a password reset is required. * * @throws {@link ResourceNotFoundException} (client fault) * This exception is thrown when the Amazon Cognito service can't find the requested * resource. * * @throws {@link TooManyRequestsException} (client fault) * This exception is thrown when the user has made too many requests for a given * operation. * * @throws {@link UnexpectedLambdaException} (client fault) * This exception is thrown when Amazon Cognito encounters an unexpected exception with * Lambda. * * @throws {@link UnsupportedOperationException} (client fault) * Exception that is thrown when you attempt to perform an operation that isn't enabled * for the user pool client. * * @throws {@link UserLambdaValidationException} (client fault) * This exception is thrown when the Amazon Cognito service encounters a user validation exception * with the Lambda service. * * @throws {@link UserNotConfirmedException} (client fault) * This exception is thrown when a user isn't confirmed successfully. * * @throws {@link UserNotFoundException} (client fault) * This exception is thrown when a user isn't found. * * @throws {@link CognitoIdentityProviderServiceException} * Base exception class for all service exceptions from CognitoIdentityProvider service. * * * @example Example username and password sign-in for a user who has TOTP MFA * ```javascript * // The following example signs in the user mytestuser with analytics data, client metadata, and user context data for advanced security. * const input = { * AnalyticsMetadata: { * AnalyticsEndpointId: "d70b2ba36a8c4dc5a04a0451a31a1e12" * }, * AuthFlow: "USER_PASSWORD_AUTH", * AuthParameters: { * PASSWORD: "This-is-my-test-99!", * SECRET_HASH: "oT5ZkS8ctnrhYeeGsGTvOzPhoc/Jd1cO5fueBWFVmp8=", * USERNAME: "mytestuser" * }, * ClientId: "1example23456789", * ClientMetadata: { * MyTestKey: "MyTestValue" * }, * UserContextData: { * EncodedData: "AmazonCognitoAdvancedSecurityData_object", * IpAddress: "192.0.2.1" * } * }; * const command = new InitiateAuthCommand(input); * const response = await client.send(command); * /* response is * { * ChallengeName: "SOFTWARE_TOKEN_MFA", * ChallengeParameters: { * FRIENDLY_DEVICE_NAME: "mytestauthenticator", * USER_ID_FOR_SRP: "mytestuser" * }, * Session: "AYABeC1-y8qooiuysEv0uM4wAqQAHQABAAdTZXJ2aWNlABBDb2duaXRvVXNlclBvb2xzAAEAB2F3cy1rbXMAS2Fybjphd3M6a21zOnVzLXdlc3QtMjowMTU3MzY3MjcxOTg6a2V5LzI5OTFhNGE5LTM5YTAtNDQ0Mi04MWU4LWRkYjY4NTllMTg2MQC4AQIBAHhjxv5lVLhE2_WNrC1zuomqn08qDUUp3z9v4EGAjazZ-wGP3HuBF5Izvxf-9WkCT5uyAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMeQoT5e6Dpfh52caqAgEQgDvuL8uLMhPt0WmQpZnkNED1gob6xbqt5LaQo_H4L5CuT4Kj499dGCoZ1q1trmlZSRgRm0wwGGG8lFU37QIAAAAADAAAEAAAAAAAAAAAAAAAAADuLe9_UJ4oZAMsQYr0ntiT_____wAAAAEAAAAAAAAAAAAAAAEAAADnLDGmKBQtsCafNokRmPLgl2itBKuKR2dfZBQb5ucCYkzThM5HOfQUSEL-A3dZzfYDC0IODsrcMkrbeeVyMJk-FCzsxS9Og8BEBVnvi9WjZkPJ4mF0YS6FUXnoPSBV5oUqGzRaT-tJ169SUFZAUfFM1fGeJ8T57-QdCxjyISRCWV1VG5_7TiCioyRGfWwzNVWh7exJortF3ccfOyiEyxeqJ2VJvJq3m_w8NP24_PMDpktpRMKftObIMlD5ewRTNCdrUXQ1BW5KIxhJLGjYfRzJDZuKzmEgS-VHsKz0z76w-AlAgdfvdAjflLnsgduU5kUX4YP6jqnetg" * } * *\/ * ``` * * @public */ export declare class InitiateAuthCommand extends InitiateAuthCommand_base { /** @internal type navigation helper, not in runtime. */ protected static __types: { api: { input: InitiateAuthRequest; output: InitiateAuthResponse; }; sdk: { input: InitiateAuthCommandInput; output: InitiateAuthCommandOutput; }; }; }