import { Command as $Command } from "@smithy/core/client"; import type { MetadataBearer as __MetadataBearer } from "@smithy/types"; import type { CognitoIdentityProviderClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CognitoIdentityProviderClient"; import type { InitiateAuthRequest, InitiateAuthResponse } from "../models/models_0"; /** * @public */ export type { __MetadataBearer }; export { $Command }; /** * @public * * The input for {@link InitiateAuthCommand}. */ export interface InitiateAuthCommandInput extends InitiateAuthRequest { } /** * @public * * The output of {@link InitiateAuthCommand}. */ export interface InitiateAuthCommandOutput extends InitiateAuthResponse, __MetadataBearer { } declare const InitiateAuthCommand_base: { new (input: InitiateAuthCommandInput): import("@smithy/core/client").CommandImpl; new (input: InitiateAuthCommandInput): import("@smithy/core/client").CommandImpl; getEndpointParameterInstructions(): { [x: string]: unknown; }; }; /** *

Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user * directory. Amazon Cognito might respond with an additional challenge or an * AuthenticationResult that contains the outcome of a successful * authentication. You can't sign in a user with a federated IdP with * InitiateAuth. For more information, see Authentication.

* *

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you can't use IAM credentials to authorize requests, and you can't * grant IAM permissions in policies. For more information about authorization models in * Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

*
* *

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers * require you to register an origination phone number before you can send SMS messages * to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a * phone number with Amazon Pinpoint. * Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must * receive SMS messages might not be able to sign up, activate their accounts, or sign * in.

*

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, * Amazon Simple Notification Service might place your account in the SMS sandbox. In * sandbox * mode * , you can send messages only to verified phone * numbers. After you test your app while in the sandbox environment, you can move out * of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito * Developer Guide.

*
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript * import { CognitoIdentityProviderClient, InitiateAuthCommand } from "@aws-sdk/client-cognito-identity-provider"; // ES Modules import * // const { CognitoIdentityProviderClient, InitiateAuthCommand } = require("@aws-sdk/client-cognito-identity-provider"); // CommonJS import * // import type { CognitoIdentityProviderClientConfig } from "@aws-sdk/client-cognito-identity-provider"; * const config = {}; // type is CognitoIdentityProviderClientConfig * const client = new CognitoIdentityProviderClient(config); * const input = { // InitiateAuthRequest * AuthFlow: "USER_SRP_AUTH" || "REFRESH_TOKEN_AUTH" || "REFRESH_TOKEN" || "CUSTOM_AUTH" || "ADMIN_NO_SRP_AUTH" || "USER_PASSWORD_AUTH" || "ADMIN_USER_PASSWORD_AUTH" || "USER_AUTH", // required * AuthParameters: { // AuthParametersType * "": "STRING_VALUE", * }, * ClientMetadata: { // ClientMetadataType * "": "STRING_VALUE", * }, * ClientId: "STRING_VALUE", // required * AnalyticsMetadata: { // AnalyticsMetadataType * AnalyticsEndpointId: "STRING_VALUE", * }, * UserContextData: { // UserContextDataType * IpAddress: "STRING_VALUE", * EncodedData: "STRING_VALUE", * }, * Session: "STRING_VALUE", * }; * const command = new InitiateAuthCommand(input); * const response = await client.send(command); * // { // InitiateAuthResponse * // ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "SELECT_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED" || "SMS_OTP" || "PASSWORD" || "WEB_AUTHN" || "PASSWORD_SRP", * // Session: "STRING_VALUE", * // ChallengeParameters: { // ChallengeParametersType * // "": "STRING_VALUE", * // }, * // AuthenticationResult: { // AuthenticationResultType * // AccessToken: "STRING_VALUE", * // ExpiresIn: Number("int"), * // TokenType: "STRING_VALUE", * // RefreshToken: "STRING_VALUE", * // IdToken: "STRING_VALUE", * // NewDeviceMetadata: { // NewDeviceMetadataType * // DeviceKey: "STRING_VALUE", * // DeviceGroupKey: "STRING_VALUE", * // }, * // }, * // AvailableChallenges: [ // AvailableChallengeListType * // "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "SELECT_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED" || "SMS_OTP" || "PASSWORD" || "WEB_AUTHN" || "PASSWORD_SRP", * // ], * // }; * * ``` * * @param InitiateAuthCommandInput - {@link InitiateAuthCommandInput} * @returns {@link InitiateAuthCommandOutput} * @see {@link InitiateAuthCommandInput} for command's `input` shape. * @see {@link InitiateAuthCommandOutput} for command's `response` shape. * @see {@link CognitoIdentityProviderClientResolvedConfig | config} for CognitoIdentityProviderClient's `config` shape. * * @throws {@link ForbiddenException} (client fault) *

This exception is thrown when WAF doesn't allow your request based on a web * ACL that's associated with your user pool.

* * @throws {@link InternalErrorException} (server fault) *

This exception is thrown when Amazon Cognito encounters an internal error.

* * @throws {@link InvalidEmailRoleAccessPolicyException} (client fault) *

This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP * status code: 400.

* * @throws {@link InvalidLambdaResponseException} (client fault) *

This exception is thrown when Amazon Cognito encounters an invalid Lambda response.

* * @throws {@link InvalidParameterException} (client fault) *

This exception is thrown when the Amazon Cognito service encounters an invalid * parameter.

* * @throws {@link InvalidSmsRoleAccessPolicyException} (client fault) *

This exception is returned when the role provided for SMS configuration doesn't have * permission to publish using Amazon SNS.

* * @throws {@link InvalidSmsRoleTrustRelationshipException} (client fault) *

This exception is thrown when the trust relationship is not valid for the role * provided for SMS configuration. This can happen if you don't trust * cognito-idp.amazonaws.com or the external ID provided in the role does * not match what is provided in the SMS configuration for the user pool.

* * @throws {@link InvalidUserPoolConfigurationException} (client fault) *

This exception is thrown when the user pool configuration is not valid.

* * @throws {@link NotAuthorizedException} (client fault) *

This exception is thrown when a user isn't authorized.

* * @throws {@link OperationNotEnabledException} (client fault) *

This exception is thrown when an operation is not available in the current region or for the current user pool configuration. This can occur when attempting to perform operations that are not supported in secondary replica regions.

* * @throws {@link PasswordResetRequiredException} (client fault) *

This exception is thrown when a password reset is required.

* * @throws {@link ResourceNotFoundException} (client fault) *

This exception is thrown when the Amazon Cognito service can't find the requested * resource.

* * @throws {@link TooManyRequestsException} (client fault) *

This exception is thrown when the user has made too many requests for a given * operation.

* * @throws {@link UnexpectedLambdaException} (client fault) *

This exception is thrown when Amazon Cognito encounters an unexpected exception with * Lambda.

* * @throws {@link UnsupportedOperationException} (client fault) *

Exception that is thrown when you attempt to perform an operation that isn't enabled * for the user pool client.

* * @throws {@link UserLambdaValidationException} (client fault) *

This exception is thrown when the Amazon Cognito service encounters a user validation exception * with the Lambda service.

* * @throws {@link UserNotConfirmedException} (client fault) *

This exception is thrown when a user isn't confirmed successfully.

* * @throws {@link UserNotFoundException} (client fault) *

This exception is thrown when a user isn't found.

* * @throws {@link CognitoIdentityProviderServiceException} *

Base exception class for all service exceptions from CognitoIdentityProvider service.

* * * @example Example username and password sign-in for a user who has TOTP MFA * ```javascript * // The following example signs in the user mytestuser with analytics data, client metadata, and user context data for advanced security. * const input = { * AnalyticsMetadata: { * AnalyticsEndpointId: "d70b2ba36a8c4dc5a04a0451a31a1e12" * }, * AuthFlow: "USER_PASSWORD_AUTH", * AuthParameters: { * PASSWORD: "This-is-my-test-99!", * SECRET_HASH: "oT5ZkS8ctnrhYeeGsGTvOzPhoc/Jd1cO5fueBWFVmp8=", * USERNAME: "mytestuser" * }, * ClientId: "1example23456789", * ClientMetadata: { * MyTestKey: "MyTestValue" * }, * UserContextData: { * EncodedData: "AmazonCognitoAdvancedSecurityData_object", * IpAddress: "192.0.2.1" * } * }; * const command = new InitiateAuthCommand(input); * const response = await client.send(command); * /* response is * { * ChallengeName: "SOFTWARE_TOKEN_MFA", * ChallengeParameters: { * FRIENDLY_DEVICE_NAME: "mytestauthenticator", * USER_ID_FOR_SRP: "mytestuser" * }, * Session: "AYABeC1-y8qooiuysEv0uM4wAqQAHQABAAdTZXJ2aWNlABBDb2duaXRvVXNlclBvb2xzAAEAB2F3cy1rbXMAS2Fybjphd3M6a21zOnVzLXdlc3QtMjowMTU3MzY3MjcxOTg6a2V5LzI5OTFhNGE5LTM5YTAtNDQ0Mi04MWU4LWRkYjY4NTllMTg2MQC4AQIBAHhjxv5lVLhE2_WNrC1zuomqn08qDUUp3z9v4EGAjazZ-wGP3HuBF5Izvxf-9WkCT5uyAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMeQoT5e6Dpfh52caqAgEQgDvuL8uLMhPt0WmQpZnkNED1gob6xbqt5LaQo_H4L5CuT4Kj499dGCoZ1q1trmlZSRgRm0wwGGG8lFU37QIAAAAADAAAEAAAAAAAAAAAAAAAAADuLe9_UJ4oZAMsQYr0ntiT_____wAAAAEAAAAAAAAAAAAAAAEAAADnLDGmKBQtsCafNokRmPLgl2itBKuKR2dfZBQb5ucCYkzThM5HOfQUSEL-A3dZzfYDC0IODsrcMkrbeeVyMJk-FCzsxS9Og8BEBVnvi9WjZkPJ4mF0YS6FUXnoPSBV5oUqGzRaT-tJ169SUFZAUfFM1fGeJ8T57-QdCxjyISRCWV1VG5_7TiCioyRGfWwzNVWh7exJortF3ccfOyiEyxeqJ2VJvJq3m_w8NP24_PMDpktpRMKftObIMlD5ewRTNCdrUXQ1BW5KIxhJLGjYfRzJDZuKzmEgS-VHsKz0z76w-AlAgdfvdAjflLnsgduU5kUX4YP6jqnetg" * } * *\/ * ``` * * @public */ export declare class InitiateAuthCommand extends InitiateAuthCommand_base { /** @internal type navigation helper, not in runtime. */ protected static __types: { api: { input: InitiateAuthRequest; output: InitiateAuthResponse; }; sdk: { input: InitiateAuthCommandInput; output: InitiateAuthCommandOutput; }; }; }