{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CognitoIdentityProvider.AdminRespondToAuthChallenge
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Responds to an authentication challenge, as an administrator.
--
-- This action might generate an SMS text message. Starting June 1, 2021,
-- U.S. telecom carriers require that you register an origination phone
-- number before you can send SMS messages to U.S. phone numbers. If you
-- use SMS text messages in Amazon Cognito, you must register a phone
-- number with
-- <https://console.aws.amazon.com/pinpoint/home/ Amazon Pinpoint>. Cognito
-- will use the the registered number automatically. Otherwise, Cognito
-- users that must receive SMS messages might be unable to sign up,
-- activate their accounts, or sign in.
--
-- If you have never used SMS text messages with Amazon Cognito or any
-- other Amazon Web Service, Amazon SNS might place your account in SMS
-- sandbox. In
-- /<https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html sandbox mode>/
-- , you’ll have limitations, such as sending messages to only verified
-- phone numbers. After testing in the sandbox environment, you can move
-- out of the SMS sandbox and into production. For more information, see
-- <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html SMS message settings for Cognito User Pools>
-- in the /Amazon Cognito Developer Guide/.
--
-- Calling this action requires developer credentials.
module Amazonka.CognitoIdentityProvider.AdminRespondToAuthChallenge
  ( -- * Creating a Request
    AdminRespondToAuthChallenge (..),
    newAdminRespondToAuthChallenge,

    -- * Request Lenses
    adminRespondToAuthChallenge_clientMetadata,
    adminRespondToAuthChallenge_contextData,
    adminRespondToAuthChallenge_analyticsMetadata,
    adminRespondToAuthChallenge_challengeResponses,
    adminRespondToAuthChallenge_session,
    adminRespondToAuthChallenge_userPoolId,
    adminRespondToAuthChallenge_clientId,
    adminRespondToAuthChallenge_challengeName,

    -- * Destructuring the Response
    AdminRespondToAuthChallengeResponse (..),
    newAdminRespondToAuthChallengeResponse,

    -- * Response Lenses
    adminRespondToAuthChallengeResponse_challengeName,
    adminRespondToAuthChallengeResponse_challengeParameters,
    adminRespondToAuthChallengeResponse_authenticationResult,
    adminRespondToAuthChallengeResponse_session,
    adminRespondToAuthChallengeResponse_httpStatus,
  )
where

import Amazonka.CognitoIdentityProvider.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | The request to respond to the authentication challenge, as an
-- administrator.
--
-- /See:/ 'newAdminRespondToAuthChallenge' smart constructor.
data AdminRespondToAuthChallenge = AdminRespondToAuthChallenge'
  { -- | A map of custom key-value pairs that you can provide as input for any
    -- custom workflows that this action triggers.
    --
    -- You create custom workflows by assigning Lambda functions to user pool
    -- triggers. When you use the AdminRespondToAuthChallenge API action,
    -- Amazon Cognito invokes any functions that are assigned to the following
    -- triggers: /pre sign-up/, /custom message/, /post authentication/, /user
    -- migration/, /pre token generation/, /define auth challenge/, /create
    -- auth challenge/, and /verify auth challenge response/. When Amazon
    -- Cognito invokes any of these functions, it passes a JSON payload, which
    -- the function receives as input. This payload contains a @clientMetadata@
    -- attribute, which provides the data that you assigned to the
    -- ClientMetadata parameter in your AdminRespondToAuthChallenge request. In
    -- your function code in Lambda, you can process the @clientMetadata@ value
    -- to enhance your workflow for your specific needs.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html Customizing User Pool Workflows with Lambda Triggers>
    -- in the /Amazon Cognito Developer Guide/.
    --
    -- Take the following limitations into consideration when you use the
    -- ClientMetadata parameter:
    --
    -- -   Amazon Cognito does not store the ClientMetadata value. This data is
    --     available only to Lambda triggers that are assigned to a user pool
    --     to support custom workflows. If your user pool configuration does
    --     not include triggers, the ClientMetadata parameter serves no
    --     purpose.
    --
    -- -   Amazon Cognito does not validate the ClientMetadata value.
    --
    -- -   Amazon Cognito does not encrypt the the ClientMetadata value, so
    --     don\'t use it to provide sensitive information.
    AdminRespondToAuthChallenge -> Maybe (HashMap Text Text)
clientMetadata :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | Contextual data such as the user\'s device fingerprint, IP address, or
    -- location used for evaluating the risk of an unexpected event by Amazon
    -- Cognito advanced security.
    AdminRespondToAuthChallenge -> Maybe ContextDataType
contextData :: Prelude.Maybe ContextDataType,
    -- | The analytics metadata for collecting Amazon Pinpoint metrics for
    -- @AdminRespondToAuthChallenge@ calls.
    AdminRespondToAuthChallenge -> Maybe AnalyticsMetadataType
analyticsMetadata :: Prelude.Maybe AnalyticsMetadataType,
    -- | The challenge responses. These are inputs corresponding to the value of
    -- @ChallengeName@, for example:
    --
    -- -   @SMS_MFA@: @SMS_MFA_CODE@, @USERNAME@, @SECRET_HASH@ (if app client
    --     is configured with client secret).
    --
    -- -   @PASSWORD_VERIFIER@: @PASSWORD_CLAIM_SIGNATURE@,
    --     @PASSWORD_CLAIM_SECRET_BLOCK@, @TIMESTAMP@, @USERNAME@,
    --     @SECRET_HASH@ (if app client is configured with client secret).
    --
    -- -   @ADMIN_NO_SRP_AUTH@: @PASSWORD@, @USERNAME@, @SECRET_HASH@ (if app
    --     client is configured with client secret).
    --
    -- -   @NEW_PASSWORD_REQUIRED@: @NEW_PASSWORD@, any other required
    --     attributes, @USERNAME@, @SECRET_HASH@ (if app client is configured
    --     with client secret).
    --
    -- -   @MFA_SETUP@ requires @USERNAME@, plus you need to use the session
    --     value returned by @VerifySoftwareToken@ in the @Session@ parameter.
    --
    -- The value of the @USERNAME@ attribute must be the user\'s actual
    -- username, not an alias (such as email address or phone number). To make
    -- this easier, the @AdminInitiateAuth@ response includes the actual
    -- username value in the @USERNAMEUSER_ID_FOR_SRP@ attribute, even if you
    -- specified an alias in your call to @AdminInitiateAuth@.
    AdminRespondToAuthChallenge -> Maybe (HashMap Text Text)
challengeResponses :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | The session which should be passed both ways in challenge-response calls
    -- to the service. If @InitiateAuth@ or @RespondToAuthChallenge@ API call
    -- determines that the caller needs to go through another challenge, they
    -- return a session with other challenge parameters. This session should be
    -- passed as it is to the next @RespondToAuthChallenge@ API call.
    AdminRespondToAuthChallenge -> Maybe Text
session :: Prelude.Maybe Prelude.Text,
    -- | The ID of the Amazon Cognito user pool.
    AdminRespondToAuthChallenge -> Text
userPoolId :: Prelude.Text,
    -- | The app client ID.
    AdminRespondToAuthChallenge -> Sensitive Text
clientId :: Core.Sensitive Prelude.Text,
    -- | The challenge name. For more information, see
    -- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html AdminInitiateAuth>.
    AdminRespondToAuthChallenge -> ChallengeNameType
challengeName :: ChallengeNameType
  }
  deriving (AdminRespondToAuthChallenge -> AdminRespondToAuthChallenge -> Bool
(AdminRespondToAuthChallenge
 -> AdminRespondToAuthChallenge -> Bool)
-> (AdminRespondToAuthChallenge
    -> AdminRespondToAuthChallenge -> Bool)
-> Eq AdminRespondToAuthChallenge
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AdminRespondToAuthChallenge -> AdminRespondToAuthChallenge -> Bool
$c/= :: AdminRespondToAuthChallenge -> AdminRespondToAuthChallenge -> Bool
== :: AdminRespondToAuthChallenge -> AdminRespondToAuthChallenge -> Bool
$c== :: AdminRespondToAuthChallenge -> AdminRespondToAuthChallenge -> Bool
Prelude.Eq, Int -> AdminRespondToAuthChallenge -> ShowS
[AdminRespondToAuthChallenge] -> ShowS
AdminRespondToAuthChallenge -> String
(Int -> AdminRespondToAuthChallenge -> ShowS)
-> (AdminRespondToAuthChallenge -> String)
-> ([AdminRespondToAuthChallenge] -> ShowS)
-> Show AdminRespondToAuthChallenge
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AdminRespondToAuthChallenge] -> ShowS
$cshowList :: [AdminRespondToAuthChallenge] -> ShowS
show :: AdminRespondToAuthChallenge -> String
$cshow :: AdminRespondToAuthChallenge -> String
showsPrec :: Int -> AdminRespondToAuthChallenge -> ShowS
$cshowsPrec :: Int -> AdminRespondToAuthChallenge -> ShowS
Prelude.Show, (forall x.
 AdminRespondToAuthChallenge -> Rep AdminRespondToAuthChallenge x)
-> (forall x.
    Rep AdminRespondToAuthChallenge x -> AdminRespondToAuthChallenge)
-> Generic AdminRespondToAuthChallenge
forall x.
Rep AdminRespondToAuthChallenge x -> AdminRespondToAuthChallenge
forall x.
AdminRespondToAuthChallenge -> Rep AdminRespondToAuthChallenge x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep AdminRespondToAuthChallenge x -> AdminRespondToAuthChallenge
$cfrom :: forall x.
AdminRespondToAuthChallenge -> Rep AdminRespondToAuthChallenge x
Prelude.Generic)

-- |
-- Create a value of 'AdminRespondToAuthChallenge' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'clientMetadata', 'adminRespondToAuthChallenge_clientMetadata' - A map of custom key-value pairs that you can provide as input for any
-- custom workflows that this action triggers.
--
-- You create custom workflows by assigning Lambda functions to user pool
-- triggers. When you use the AdminRespondToAuthChallenge API action,
-- Amazon Cognito invokes any functions that are assigned to the following
-- triggers: /pre sign-up/, /custom message/, /post authentication/, /user
-- migration/, /pre token generation/, /define auth challenge/, /create
-- auth challenge/, and /verify auth challenge response/. When Amazon
-- Cognito invokes any of these functions, it passes a JSON payload, which
-- the function receives as input. This payload contains a @clientMetadata@
-- attribute, which provides the data that you assigned to the
-- ClientMetadata parameter in your AdminRespondToAuthChallenge request. In
-- your function code in Lambda, you can process the @clientMetadata@ value
-- to enhance your workflow for your specific needs.
--
-- For more information, see
-- <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html Customizing User Pool Workflows with Lambda Triggers>
-- in the /Amazon Cognito Developer Guide/.
--
-- Take the following limitations into consideration when you use the
-- ClientMetadata parameter:
--
-- -   Amazon Cognito does not store the ClientMetadata value. This data is
--     available only to Lambda triggers that are assigned to a user pool
--     to support custom workflows. If your user pool configuration does
--     not include triggers, the ClientMetadata parameter serves no
--     purpose.
--
-- -   Amazon Cognito does not validate the ClientMetadata value.
--
-- -   Amazon Cognito does not encrypt the the ClientMetadata value, so
--     don\'t use it to provide sensitive information.
--
-- 'contextData', 'adminRespondToAuthChallenge_contextData' - Contextual data such as the user\'s device fingerprint, IP address, or
-- location used for evaluating the risk of an unexpected event by Amazon
-- Cognito advanced security.
--
-- 'analyticsMetadata', 'adminRespondToAuthChallenge_analyticsMetadata' - The analytics metadata for collecting Amazon Pinpoint metrics for
-- @AdminRespondToAuthChallenge@ calls.
--
-- 'challengeResponses', 'adminRespondToAuthChallenge_challengeResponses' - The challenge responses. These are inputs corresponding to the value of
-- @ChallengeName@, for example:
--
-- -   @SMS_MFA@: @SMS_MFA_CODE@, @USERNAME@, @SECRET_HASH@ (if app client
--     is configured with client secret).
--
-- -   @PASSWORD_VERIFIER@: @PASSWORD_CLAIM_SIGNATURE@,
--     @PASSWORD_CLAIM_SECRET_BLOCK@, @TIMESTAMP@, @USERNAME@,
--     @SECRET_HASH@ (if app client is configured with client secret).
--
-- -   @ADMIN_NO_SRP_AUTH@: @PASSWORD@, @USERNAME@, @SECRET_HASH@ (if app
--     client is configured with client secret).
--
-- -   @NEW_PASSWORD_REQUIRED@: @NEW_PASSWORD@, any other required
--     attributes, @USERNAME@, @SECRET_HASH@ (if app client is configured
--     with client secret).
--
-- -   @MFA_SETUP@ requires @USERNAME@, plus you need to use the session
--     value returned by @VerifySoftwareToken@ in the @Session@ parameter.
--
-- The value of the @USERNAME@ attribute must be the user\'s actual
-- username, not an alias (such as email address or phone number). To make
-- this easier, the @AdminInitiateAuth@ response includes the actual
-- username value in the @USERNAMEUSER_ID_FOR_SRP@ attribute, even if you
-- specified an alias in your call to @AdminInitiateAuth@.
--
-- 'session', 'adminRespondToAuthChallenge_session' - The session which should be passed both ways in challenge-response calls
-- to the service. If @InitiateAuth@ or @RespondToAuthChallenge@ API call
-- determines that the caller needs to go through another challenge, they
-- return a session with other challenge parameters. This session should be
-- passed as it is to the next @RespondToAuthChallenge@ API call.
--
-- 'userPoolId', 'adminRespondToAuthChallenge_userPoolId' - The ID of the Amazon Cognito user pool.
--
-- 'clientId', 'adminRespondToAuthChallenge_clientId' - The app client ID.
--
-- 'challengeName', 'adminRespondToAuthChallenge_challengeName' - The challenge name. For more information, see
-- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html AdminInitiateAuth>.
newAdminRespondToAuthChallenge ::
  -- | 'userPoolId'
  Prelude.Text ->
  -- | 'clientId'
  Prelude.Text ->
  -- | 'challengeName'
  ChallengeNameType ->
  AdminRespondToAuthChallenge
newAdminRespondToAuthChallenge :: Text -> Text -> ChallengeNameType -> AdminRespondToAuthChallenge
newAdminRespondToAuthChallenge
  Text
pUserPoolId_
  Text
pClientId_
  ChallengeNameType
pChallengeName_ =
    AdminRespondToAuthChallenge' :: Maybe (HashMap Text Text)
-> Maybe ContextDataType
-> Maybe AnalyticsMetadataType
-> Maybe (HashMap Text Text)
-> Maybe Text
-> Text
-> Sensitive Text
-> ChallengeNameType
-> AdminRespondToAuthChallenge
AdminRespondToAuthChallenge'
      { $sel:clientMetadata:AdminRespondToAuthChallenge' :: Maybe (HashMap Text Text)
clientMetadata =
          Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
        $sel:contextData:AdminRespondToAuthChallenge' :: Maybe ContextDataType
contextData = Maybe ContextDataType
forall a. Maybe a
Prelude.Nothing,
        $sel:analyticsMetadata:AdminRespondToAuthChallenge' :: Maybe AnalyticsMetadataType
analyticsMetadata = Maybe AnalyticsMetadataType
forall a. Maybe a
Prelude.Nothing,
        $sel:challengeResponses:AdminRespondToAuthChallenge' :: Maybe (HashMap Text Text)
challengeResponses = Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
        $sel:session:AdminRespondToAuthChallenge' :: Maybe Text
session = Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:userPoolId:AdminRespondToAuthChallenge' :: Text
userPoolId = Text
pUserPoolId_,
        $sel:clientId:AdminRespondToAuthChallenge' :: Sensitive Text
clientId = Tagged Text (Identity Text)
-> Tagged (Sensitive Text) (Identity (Sensitive Text))
forall a. Iso' (Sensitive a) a
Core._Sensitive (Tagged Text (Identity Text)
 -> Tagged (Sensitive Text) (Identity (Sensitive Text)))
-> Text -> Sensitive Text
forall t b. AReview t b -> b -> t
Lens.# Text
pClientId_,
        $sel:challengeName:AdminRespondToAuthChallenge' :: ChallengeNameType
challengeName = ChallengeNameType
pChallengeName_
      }

-- | A map of custom key-value pairs that you can provide as input for any
-- custom workflows that this action triggers.
--
-- You create custom workflows by assigning Lambda functions to user pool
-- triggers. When you use the AdminRespondToAuthChallenge API action,
-- Amazon Cognito invokes any functions that are assigned to the following
-- triggers: /pre sign-up/, /custom message/, /post authentication/, /user
-- migration/, /pre token generation/, /define auth challenge/, /create
-- auth challenge/, and /verify auth challenge response/. When Amazon
-- Cognito invokes any of these functions, it passes a JSON payload, which
-- the function receives as input. This payload contains a @clientMetadata@
-- attribute, which provides the data that you assigned to the
-- ClientMetadata parameter in your AdminRespondToAuthChallenge request. In
-- your function code in Lambda, you can process the @clientMetadata@ value
-- to enhance your workflow for your specific needs.
--
-- For more information, see
-- <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html Customizing User Pool Workflows with Lambda Triggers>
-- in the /Amazon Cognito Developer Guide/.
--
-- Take the following limitations into consideration when you use the
-- ClientMetadata parameter:
--
-- -   Amazon Cognito does not store the ClientMetadata value. This data is
--     available only to Lambda triggers that are assigned to a user pool
--     to support custom workflows. If your user pool configuration does
--     not include triggers, the ClientMetadata parameter serves no
--     purpose.
--
-- -   Amazon Cognito does not validate the ClientMetadata value.
--
-- -   Amazon Cognito does not encrypt the the ClientMetadata value, so
--     don\'t use it to provide sensitive information.
adminRespondToAuthChallenge_clientMetadata :: Lens.Lens' AdminRespondToAuthChallenge (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
adminRespondToAuthChallenge_clientMetadata :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge
adminRespondToAuthChallenge_clientMetadata = (AdminRespondToAuthChallenge -> Maybe (HashMap Text Text))
-> (AdminRespondToAuthChallenge
    -> Maybe (HashMap Text Text) -> AdminRespondToAuthChallenge)
-> Lens
     AdminRespondToAuthChallenge
     AdminRespondToAuthChallenge
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallenge' {Maybe (HashMap Text Text)
clientMetadata :: Maybe (HashMap Text Text)
$sel:clientMetadata:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe (HashMap Text Text)
clientMetadata} -> Maybe (HashMap Text Text)
clientMetadata) (\s :: AdminRespondToAuthChallenge
s@AdminRespondToAuthChallenge' {} Maybe (HashMap Text Text)
a -> AdminRespondToAuthChallenge
s {$sel:clientMetadata:AdminRespondToAuthChallenge' :: Maybe (HashMap Text Text)
clientMetadata = Maybe (HashMap Text Text)
a} :: AdminRespondToAuthChallenge) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> AdminRespondToAuthChallenge
-> f AdminRespondToAuthChallenge
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Contextual data such as the user\'s device fingerprint, IP address, or
-- location used for evaluating the risk of an unexpected event by Amazon
-- Cognito advanced security.
adminRespondToAuthChallenge_contextData :: Lens.Lens' AdminRespondToAuthChallenge (Prelude.Maybe ContextDataType)
adminRespondToAuthChallenge_contextData :: (Maybe ContextDataType -> f (Maybe ContextDataType))
-> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge
adminRespondToAuthChallenge_contextData = (AdminRespondToAuthChallenge -> Maybe ContextDataType)
-> (AdminRespondToAuthChallenge
    -> Maybe ContextDataType -> AdminRespondToAuthChallenge)
-> Lens
     AdminRespondToAuthChallenge
     AdminRespondToAuthChallenge
     (Maybe ContextDataType)
     (Maybe ContextDataType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallenge' {Maybe ContextDataType
contextData :: Maybe ContextDataType
$sel:contextData:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe ContextDataType
contextData} -> Maybe ContextDataType
contextData) (\s :: AdminRespondToAuthChallenge
s@AdminRespondToAuthChallenge' {} Maybe ContextDataType
a -> AdminRespondToAuthChallenge
s {$sel:contextData:AdminRespondToAuthChallenge' :: Maybe ContextDataType
contextData = Maybe ContextDataType
a} :: AdminRespondToAuthChallenge)

-- | The analytics metadata for collecting Amazon Pinpoint metrics for
-- @AdminRespondToAuthChallenge@ calls.
adminRespondToAuthChallenge_analyticsMetadata :: Lens.Lens' AdminRespondToAuthChallenge (Prelude.Maybe AnalyticsMetadataType)
adminRespondToAuthChallenge_analyticsMetadata :: (Maybe AnalyticsMetadataType -> f (Maybe AnalyticsMetadataType))
-> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge
adminRespondToAuthChallenge_analyticsMetadata = (AdminRespondToAuthChallenge -> Maybe AnalyticsMetadataType)
-> (AdminRespondToAuthChallenge
    -> Maybe AnalyticsMetadataType -> AdminRespondToAuthChallenge)
-> Lens
     AdminRespondToAuthChallenge
     AdminRespondToAuthChallenge
     (Maybe AnalyticsMetadataType)
     (Maybe AnalyticsMetadataType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallenge' {Maybe AnalyticsMetadataType
analyticsMetadata :: Maybe AnalyticsMetadataType
$sel:analyticsMetadata:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe AnalyticsMetadataType
analyticsMetadata} -> Maybe AnalyticsMetadataType
analyticsMetadata) (\s :: AdminRespondToAuthChallenge
s@AdminRespondToAuthChallenge' {} Maybe AnalyticsMetadataType
a -> AdminRespondToAuthChallenge
s {$sel:analyticsMetadata:AdminRespondToAuthChallenge' :: Maybe AnalyticsMetadataType
analyticsMetadata = Maybe AnalyticsMetadataType
a} :: AdminRespondToAuthChallenge)

-- | The challenge responses. These are inputs corresponding to the value of
-- @ChallengeName@, for example:
--
-- -   @SMS_MFA@: @SMS_MFA_CODE@, @USERNAME@, @SECRET_HASH@ (if app client
--     is configured with client secret).
--
-- -   @PASSWORD_VERIFIER@: @PASSWORD_CLAIM_SIGNATURE@,
--     @PASSWORD_CLAIM_SECRET_BLOCK@, @TIMESTAMP@, @USERNAME@,
--     @SECRET_HASH@ (if app client is configured with client secret).
--
-- -   @ADMIN_NO_SRP_AUTH@: @PASSWORD@, @USERNAME@, @SECRET_HASH@ (if app
--     client is configured with client secret).
--
-- -   @NEW_PASSWORD_REQUIRED@: @NEW_PASSWORD@, any other required
--     attributes, @USERNAME@, @SECRET_HASH@ (if app client is configured
--     with client secret).
--
-- -   @MFA_SETUP@ requires @USERNAME@, plus you need to use the session
--     value returned by @VerifySoftwareToken@ in the @Session@ parameter.
--
-- The value of the @USERNAME@ attribute must be the user\'s actual
-- username, not an alias (such as email address or phone number). To make
-- this easier, the @AdminInitiateAuth@ response includes the actual
-- username value in the @USERNAMEUSER_ID_FOR_SRP@ attribute, even if you
-- specified an alias in your call to @AdminInitiateAuth@.
adminRespondToAuthChallenge_challengeResponses :: Lens.Lens' AdminRespondToAuthChallenge (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
adminRespondToAuthChallenge_challengeResponses :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge
adminRespondToAuthChallenge_challengeResponses = (AdminRespondToAuthChallenge -> Maybe (HashMap Text Text))
-> (AdminRespondToAuthChallenge
    -> Maybe (HashMap Text Text) -> AdminRespondToAuthChallenge)
-> Lens
     AdminRespondToAuthChallenge
     AdminRespondToAuthChallenge
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallenge' {Maybe (HashMap Text Text)
challengeResponses :: Maybe (HashMap Text Text)
$sel:challengeResponses:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe (HashMap Text Text)
challengeResponses} -> Maybe (HashMap Text Text)
challengeResponses) (\s :: AdminRespondToAuthChallenge
s@AdminRespondToAuthChallenge' {} Maybe (HashMap Text Text)
a -> AdminRespondToAuthChallenge
s {$sel:challengeResponses:AdminRespondToAuthChallenge' :: Maybe (HashMap Text Text)
challengeResponses = Maybe (HashMap Text Text)
a} :: AdminRespondToAuthChallenge) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> AdminRespondToAuthChallenge
-> f AdminRespondToAuthChallenge
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The session which should be passed both ways in challenge-response calls
-- to the service. If @InitiateAuth@ or @RespondToAuthChallenge@ API call
-- determines that the caller needs to go through another challenge, they
-- return a session with other challenge parameters. This session should be
-- passed as it is to the next @RespondToAuthChallenge@ API call.
adminRespondToAuthChallenge_session :: Lens.Lens' AdminRespondToAuthChallenge (Prelude.Maybe Prelude.Text)
adminRespondToAuthChallenge_session :: (Maybe Text -> f (Maybe Text))
-> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge
adminRespondToAuthChallenge_session = (AdminRespondToAuthChallenge -> Maybe Text)
-> (AdminRespondToAuthChallenge
    -> Maybe Text -> AdminRespondToAuthChallenge)
-> Lens
     AdminRespondToAuthChallenge
     AdminRespondToAuthChallenge
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallenge' {Maybe Text
session :: Maybe Text
$sel:session:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe Text
session} -> Maybe Text
session) (\s :: AdminRespondToAuthChallenge
s@AdminRespondToAuthChallenge' {} Maybe Text
a -> AdminRespondToAuthChallenge
s {$sel:session:AdminRespondToAuthChallenge' :: Maybe Text
session = Maybe Text
a} :: AdminRespondToAuthChallenge)

-- | The ID of the Amazon Cognito user pool.
adminRespondToAuthChallenge_userPoolId :: Lens.Lens' AdminRespondToAuthChallenge Prelude.Text
adminRespondToAuthChallenge_userPoolId :: (Text -> f Text)
-> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge
adminRespondToAuthChallenge_userPoolId = (AdminRespondToAuthChallenge -> Text)
-> (AdminRespondToAuthChallenge
    -> Text -> AdminRespondToAuthChallenge)
-> Lens
     AdminRespondToAuthChallenge AdminRespondToAuthChallenge Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallenge' {Text
userPoolId :: Text
$sel:userPoolId:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Text
userPoolId} -> Text
userPoolId) (\s :: AdminRespondToAuthChallenge
s@AdminRespondToAuthChallenge' {} Text
a -> AdminRespondToAuthChallenge
s {$sel:userPoolId:AdminRespondToAuthChallenge' :: Text
userPoolId = Text
a} :: AdminRespondToAuthChallenge)

-- | The app client ID.
adminRespondToAuthChallenge_clientId :: Lens.Lens' AdminRespondToAuthChallenge Prelude.Text
adminRespondToAuthChallenge_clientId :: (Text -> f Text)
-> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge
adminRespondToAuthChallenge_clientId = (AdminRespondToAuthChallenge -> Sensitive Text)
-> (AdminRespondToAuthChallenge
    -> Sensitive Text -> AdminRespondToAuthChallenge)
-> Lens
     AdminRespondToAuthChallenge
     AdminRespondToAuthChallenge
     (Sensitive Text)
     (Sensitive Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallenge' {Sensitive Text
clientId :: Sensitive Text
$sel:clientId:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Sensitive Text
clientId} -> Sensitive Text
clientId) (\s :: AdminRespondToAuthChallenge
s@AdminRespondToAuthChallenge' {} Sensitive Text
a -> AdminRespondToAuthChallenge
s {$sel:clientId:AdminRespondToAuthChallenge' :: Sensitive Text
clientId = Sensitive Text
a} :: AdminRespondToAuthChallenge) ((Sensitive Text -> f (Sensitive Text))
 -> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge)
-> ((Text -> f Text) -> Sensitive Text -> f (Sensitive Text))
-> (Text -> f Text)
-> AdminRespondToAuthChallenge
-> f AdminRespondToAuthChallenge
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (Text -> f Text) -> Sensitive Text -> f (Sensitive Text)
forall a. Iso' (Sensitive a) a
Core._Sensitive

-- | The challenge name. For more information, see
-- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html AdminInitiateAuth>.
adminRespondToAuthChallenge_challengeName :: Lens.Lens' AdminRespondToAuthChallenge ChallengeNameType
adminRespondToAuthChallenge_challengeName :: (ChallengeNameType -> f ChallengeNameType)
-> AdminRespondToAuthChallenge -> f AdminRespondToAuthChallenge
adminRespondToAuthChallenge_challengeName = (AdminRespondToAuthChallenge -> ChallengeNameType)
-> (AdminRespondToAuthChallenge
    -> ChallengeNameType -> AdminRespondToAuthChallenge)
-> Lens
     AdminRespondToAuthChallenge
     AdminRespondToAuthChallenge
     ChallengeNameType
     ChallengeNameType
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallenge' {ChallengeNameType
challengeName :: ChallengeNameType
$sel:challengeName:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> ChallengeNameType
challengeName} -> ChallengeNameType
challengeName) (\s :: AdminRespondToAuthChallenge
s@AdminRespondToAuthChallenge' {} ChallengeNameType
a -> AdminRespondToAuthChallenge
s {$sel:challengeName:AdminRespondToAuthChallenge' :: ChallengeNameType
challengeName = ChallengeNameType
a} :: AdminRespondToAuthChallenge)

instance Core.AWSRequest AdminRespondToAuthChallenge where
  type
    AWSResponse AdminRespondToAuthChallenge =
      AdminRespondToAuthChallengeResponse
  request :: AdminRespondToAuthChallenge -> Request AdminRespondToAuthChallenge
request = Service
-> AdminRespondToAuthChallenge
-> Request AdminRespondToAuthChallenge
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy AdminRespondToAuthChallenge
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse AdminRespondToAuthChallenge)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse AdminRespondToAuthChallenge))
-> Logger
-> Service
-> Proxy AdminRespondToAuthChallenge
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse AdminRespondToAuthChallenge)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe ChallengeNameType
-> Maybe (HashMap Text Text)
-> Maybe AuthenticationResultType
-> Maybe Text
-> Int
-> AdminRespondToAuthChallengeResponse
AdminRespondToAuthChallengeResponse'
            (Maybe ChallengeNameType
 -> Maybe (HashMap Text Text)
 -> Maybe AuthenticationResultType
 -> Maybe Text
 -> Int
 -> AdminRespondToAuthChallengeResponse)
-> Either String (Maybe ChallengeNameType)
-> Either
     String
     (Maybe (HashMap Text Text)
      -> Maybe AuthenticationResultType
      -> Maybe Text
      -> Int
      -> AdminRespondToAuthChallengeResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe ChallengeNameType)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"ChallengeName")
            Either
  String
  (Maybe (HashMap Text Text)
   -> Maybe AuthenticationResultType
   -> Maybe Text
   -> Int
   -> AdminRespondToAuthChallengeResponse)
-> Either String (Maybe (HashMap Text Text))
-> Either
     String
     (Maybe AuthenticationResultType
      -> Maybe Text -> Int -> AdminRespondToAuthChallengeResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x Object -> Text -> Either String (Maybe (Maybe (HashMap Text Text)))
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"ChallengeParameters"
                            Either String (Maybe (Maybe (HashMap Text Text)))
-> Maybe (HashMap Text Text)
-> Either String (Maybe (HashMap Text Text))
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ Maybe (HashMap Text Text)
forall a. Monoid a => a
Prelude.mempty
                        )
            Either
  String
  (Maybe AuthenticationResultType
   -> Maybe Text -> Int -> AdminRespondToAuthChallengeResponse)
-> Either String (Maybe AuthenticationResultType)
-> Either
     String (Maybe Text -> Int -> AdminRespondToAuthChallengeResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe AuthenticationResultType)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"AuthenticationResult")
            Either
  String (Maybe Text -> Int -> AdminRespondToAuthChallengeResponse)
-> Either String (Maybe Text)
-> Either String (Int -> AdminRespondToAuthChallengeResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"Session")
            Either String (Int -> AdminRespondToAuthChallengeResponse)
-> Either String Int
-> Either String AdminRespondToAuthChallengeResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable AdminRespondToAuthChallenge

instance Prelude.NFData AdminRespondToAuthChallenge

instance Core.ToHeaders AdminRespondToAuthChallenge where
  toHeaders :: AdminRespondToAuthChallenge -> ResponseHeaders
toHeaders =
    ResponseHeaders -> AdminRespondToAuthChallenge -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"AWSCognitoIdentityProviderService.AdminRespondToAuthChallenge" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON AdminRespondToAuthChallenge where
  toJSON :: AdminRespondToAuthChallenge -> Value
toJSON AdminRespondToAuthChallenge' {Maybe Text
Maybe (HashMap Text Text)
Maybe AnalyticsMetadataType
Maybe ContextDataType
Text
Sensitive Text
ChallengeNameType
challengeName :: ChallengeNameType
clientId :: Sensitive Text
userPoolId :: Text
session :: Maybe Text
challengeResponses :: Maybe (HashMap Text Text)
analyticsMetadata :: Maybe AnalyticsMetadataType
contextData :: Maybe ContextDataType
clientMetadata :: Maybe (HashMap Text Text)
$sel:challengeName:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> ChallengeNameType
$sel:clientId:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Sensitive Text
$sel:userPoolId:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Text
$sel:session:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe Text
$sel:challengeResponses:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe (HashMap Text Text)
$sel:analyticsMetadata:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe AnalyticsMetadataType
$sel:contextData:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe ContextDataType
$sel:clientMetadata:AdminRespondToAuthChallenge' :: AdminRespondToAuthChallenge -> Maybe (HashMap Text Text)
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"ClientMetadata" Text -> HashMap Text Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (HashMap Text Text -> Pair)
-> Maybe (HashMap Text Text) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
clientMetadata,
            (Text
"ContextData" Text -> ContextDataType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (ContextDataType -> Pair) -> Maybe ContextDataType -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe ContextDataType
contextData,
            (Text
"AnalyticsMetadata" Text -> AnalyticsMetadataType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (AnalyticsMetadataType -> Pair)
-> Maybe AnalyticsMetadataType -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe AnalyticsMetadataType
analyticsMetadata,
            (Text
"ChallengeResponses" Text -> HashMap Text Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (HashMap Text Text -> Pair)
-> Maybe (HashMap Text Text) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
challengeResponses,
            (Text
"Session" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
session,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"UserPoolId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
userPoolId),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"ClientId" Text -> Sensitive Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Sensitive Text
clientId),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"ChallengeName" Text -> ChallengeNameType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= ChallengeNameType
challengeName)
          ]
      )

instance Core.ToPath AdminRespondToAuthChallenge where
  toPath :: AdminRespondToAuthChallenge -> ByteString
toPath = ByteString -> AdminRespondToAuthChallenge -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery AdminRespondToAuthChallenge where
  toQuery :: AdminRespondToAuthChallenge -> QueryString
toQuery = QueryString -> AdminRespondToAuthChallenge -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | Responds to the authentication challenge, as an administrator.
--
-- /See:/ 'newAdminRespondToAuthChallengeResponse' smart constructor.
data AdminRespondToAuthChallengeResponse = AdminRespondToAuthChallengeResponse'
  { -- | The name of the challenge. For more information, see
    -- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html AdminInitiateAuth>.
    AdminRespondToAuthChallengeResponse -> Maybe ChallengeNameType
challengeName :: Prelude.Maybe ChallengeNameType,
    -- | The challenge parameters. For more information, see
    -- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html AdminInitiateAuth>.
    AdminRespondToAuthChallengeResponse -> Maybe (HashMap Text Text)
challengeParameters :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | The result returned by the server in response to the authentication
    -- request.
    AdminRespondToAuthChallengeResponse
-> Maybe AuthenticationResultType
authenticationResult :: Prelude.Maybe AuthenticationResultType,
    -- | The session which should be passed both ways in challenge-response calls
    -- to the service. If the caller needs to go through another challenge,
    -- they return a session with other challenge parameters. This session
    -- should be passed as it is to the next @RespondToAuthChallenge@ API call.
    AdminRespondToAuthChallengeResponse -> Maybe Text
session :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    AdminRespondToAuthChallengeResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (AdminRespondToAuthChallengeResponse
-> AdminRespondToAuthChallengeResponse -> Bool
(AdminRespondToAuthChallengeResponse
 -> AdminRespondToAuthChallengeResponse -> Bool)
-> (AdminRespondToAuthChallengeResponse
    -> AdminRespondToAuthChallengeResponse -> Bool)
-> Eq AdminRespondToAuthChallengeResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AdminRespondToAuthChallengeResponse
-> AdminRespondToAuthChallengeResponse -> Bool
$c/= :: AdminRespondToAuthChallengeResponse
-> AdminRespondToAuthChallengeResponse -> Bool
== :: AdminRespondToAuthChallengeResponse
-> AdminRespondToAuthChallengeResponse -> Bool
$c== :: AdminRespondToAuthChallengeResponse
-> AdminRespondToAuthChallengeResponse -> Bool
Prelude.Eq, Int -> AdminRespondToAuthChallengeResponse -> ShowS
[AdminRespondToAuthChallengeResponse] -> ShowS
AdminRespondToAuthChallengeResponse -> String
(Int -> AdminRespondToAuthChallengeResponse -> ShowS)
-> (AdminRespondToAuthChallengeResponse -> String)
-> ([AdminRespondToAuthChallengeResponse] -> ShowS)
-> Show AdminRespondToAuthChallengeResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AdminRespondToAuthChallengeResponse] -> ShowS
$cshowList :: [AdminRespondToAuthChallengeResponse] -> ShowS
show :: AdminRespondToAuthChallengeResponse -> String
$cshow :: AdminRespondToAuthChallengeResponse -> String
showsPrec :: Int -> AdminRespondToAuthChallengeResponse -> ShowS
$cshowsPrec :: Int -> AdminRespondToAuthChallengeResponse -> ShowS
Prelude.Show, (forall x.
 AdminRespondToAuthChallengeResponse
 -> Rep AdminRespondToAuthChallengeResponse x)
-> (forall x.
    Rep AdminRespondToAuthChallengeResponse x
    -> AdminRespondToAuthChallengeResponse)
-> Generic AdminRespondToAuthChallengeResponse
forall x.
Rep AdminRespondToAuthChallengeResponse x
-> AdminRespondToAuthChallengeResponse
forall x.
AdminRespondToAuthChallengeResponse
-> Rep AdminRespondToAuthChallengeResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep AdminRespondToAuthChallengeResponse x
-> AdminRespondToAuthChallengeResponse
$cfrom :: forall x.
AdminRespondToAuthChallengeResponse
-> Rep AdminRespondToAuthChallengeResponse x
Prelude.Generic)

-- |
-- Create a value of 'AdminRespondToAuthChallengeResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'challengeName', 'adminRespondToAuthChallengeResponse_challengeName' - The name of the challenge. For more information, see
-- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html AdminInitiateAuth>.
--
-- 'challengeParameters', 'adminRespondToAuthChallengeResponse_challengeParameters' - The challenge parameters. For more information, see
-- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html AdminInitiateAuth>.
--
-- 'authenticationResult', 'adminRespondToAuthChallengeResponse_authenticationResult' - The result returned by the server in response to the authentication
-- request.
--
-- 'session', 'adminRespondToAuthChallengeResponse_session' - The session which should be passed both ways in challenge-response calls
-- to the service. If the caller needs to go through another challenge,
-- they return a session with other challenge parameters. This session
-- should be passed as it is to the next @RespondToAuthChallenge@ API call.
--
-- 'httpStatus', 'adminRespondToAuthChallengeResponse_httpStatus' - The response's http status code.
newAdminRespondToAuthChallengeResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  AdminRespondToAuthChallengeResponse
newAdminRespondToAuthChallengeResponse :: Int -> AdminRespondToAuthChallengeResponse
newAdminRespondToAuthChallengeResponse Int
pHttpStatus_ =
  AdminRespondToAuthChallengeResponse' :: Maybe ChallengeNameType
-> Maybe (HashMap Text Text)
-> Maybe AuthenticationResultType
-> Maybe Text
-> Int
-> AdminRespondToAuthChallengeResponse
AdminRespondToAuthChallengeResponse'
    { $sel:challengeName:AdminRespondToAuthChallengeResponse' :: Maybe ChallengeNameType
challengeName =
        Maybe ChallengeNameType
forall a. Maybe a
Prelude.Nothing,
      $sel:challengeParameters:AdminRespondToAuthChallengeResponse' :: Maybe (HashMap Text Text)
challengeParameters = Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
      $sel:authenticationResult:AdminRespondToAuthChallengeResponse' :: Maybe AuthenticationResultType
authenticationResult = Maybe AuthenticationResultType
forall a. Maybe a
Prelude.Nothing,
      $sel:session:AdminRespondToAuthChallengeResponse' :: Maybe Text
session = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:AdminRespondToAuthChallengeResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The name of the challenge. For more information, see
-- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html AdminInitiateAuth>.
adminRespondToAuthChallengeResponse_challengeName :: Lens.Lens' AdminRespondToAuthChallengeResponse (Prelude.Maybe ChallengeNameType)
adminRespondToAuthChallengeResponse_challengeName :: (Maybe ChallengeNameType -> f (Maybe ChallengeNameType))
-> AdminRespondToAuthChallengeResponse
-> f AdminRespondToAuthChallengeResponse
adminRespondToAuthChallengeResponse_challengeName = (AdminRespondToAuthChallengeResponse -> Maybe ChallengeNameType)
-> (AdminRespondToAuthChallengeResponse
    -> Maybe ChallengeNameType -> AdminRespondToAuthChallengeResponse)
-> Lens
     AdminRespondToAuthChallengeResponse
     AdminRespondToAuthChallengeResponse
     (Maybe ChallengeNameType)
     (Maybe ChallengeNameType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallengeResponse' {Maybe ChallengeNameType
challengeName :: Maybe ChallengeNameType
$sel:challengeName:AdminRespondToAuthChallengeResponse' :: AdminRespondToAuthChallengeResponse -> Maybe ChallengeNameType
challengeName} -> Maybe ChallengeNameType
challengeName) (\s :: AdminRespondToAuthChallengeResponse
s@AdminRespondToAuthChallengeResponse' {} Maybe ChallengeNameType
a -> AdminRespondToAuthChallengeResponse
s {$sel:challengeName:AdminRespondToAuthChallengeResponse' :: Maybe ChallengeNameType
challengeName = Maybe ChallengeNameType
a} :: AdminRespondToAuthChallengeResponse)

-- | The challenge parameters. For more information, see
-- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html AdminInitiateAuth>.
adminRespondToAuthChallengeResponse_challengeParameters :: Lens.Lens' AdminRespondToAuthChallengeResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
adminRespondToAuthChallengeResponse_challengeParameters :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> AdminRespondToAuthChallengeResponse
-> f AdminRespondToAuthChallengeResponse
adminRespondToAuthChallengeResponse_challengeParameters = (AdminRespondToAuthChallengeResponse -> Maybe (HashMap Text Text))
-> (AdminRespondToAuthChallengeResponse
    -> Maybe (HashMap Text Text)
    -> AdminRespondToAuthChallengeResponse)
-> Lens
     AdminRespondToAuthChallengeResponse
     AdminRespondToAuthChallengeResponse
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallengeResponse' {Maybe (HashMap Text Text)
challengeParameters :: Maybe (HashMap Text Text)
$sel:challengeParameters:AdminRespondToAuthChallengeResponse' :: AdminRespondToAuthChallengeResponse -> Maybe (HashMap Text Text)
challengeParameters} -> Maybe (HashMap Text Text)
challengeParameters) (\s :: AdminRespondToAuthChallengeResponse
s@AdminRespondToAuthChallengeResponse' {} Maybe (HashMap Text Text)
a -> AdminRespondToAuthChallengeResponse
s {$sel:challengeParameters:AdminRespondToAuthChallengeResponse' :: Maybe (HashMap Text Text)
challengeParameters = Maybe (HashMap Text Text)
a} :: AdminRespondToAuthChallengeResponse) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> AdminRespondToAuthChallengeResponse
 -> f AdminRespondToAuthChallengeResponse)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> AdminRespondToAuthChallengeResponse
-> f AdminRespondToAuthChallengeResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The result returned by the server in response to the authentication
-- request.
adminRespondToAuthChallengeResponse_authenticationResult :: Lens.Lens' AdminRespondToAuthChallengeResponse (Prelude.Maybe AuthenticationResultType)
adminRespondToAuthChallengeResponse_authenticationResult :: (Maybe AuthenticationResultType
 -> f (Maybe AuthenticationResultType))
-> AdminRespondToAuthChallengeResponse
-> f AdminRespondToAuthChallengeResponse
adminRespondToAuthChallengeResponse_authenticationResult = (AdminRespondToAuthChallengeResponse
 -> Maybe AuthenticationResultType)
-> (AdminRespondToAuthChallengeResponse
    -> Maybe AuthenticationResultType
    -> AdminRespondToAuthChallengeResponse)
-> Lens
     AdminRespondToAuthChallengeResponse
     AdminRespondToAuthChallengeResponse
     (Maybe AuthenticationResultType)
     (Maybe AuthenticationResultType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallengeResponse' {Maybe AuthenticationResultType
authenticationResult :: Maybe AuthenticationResultType
$sel:authenticationResult:AdminRespondToAuthChallengeResponse' :: AdminRespondToAuthChallengeResponse
-> Maybe AuthenticationResultType
authenticationResult} -> Maybe AuthenticationResultType
authenticationResult) (\s :: AdminRespondToAuthChallengeResponse
s@AdminRespondToAuthChallengeResponse' {} Maybe AuthenticationResultType
a -> AdminRespondToAuthChallengeResponse
s {$sel:authenticationResult:AdminRespondToAuthChallengeResponse' :: Maybe AuthenticationResultType
authenticationResult = Maybe AuthenticationResultType
a} :: AdminRespondToAuthChallengeResponse)

-- | The session which should be passed both ways in challenge-response calls
-- to the service. If the caller needs to go through another challenge,
-- they return a session with other challenge parameters. This session
-- should be passed as it is to the next @RespondToAuthChallenge@ API call.
adminRespondToAuthChallengeResponse_session :: Lens.Lens' AdminRespondToAuthChallengeResponse (Prelude.Maybe Prelude.Text)
adminRespondToAuthChallengeResponse_session :: (Maybe Text -> f (Maybe Text))
-> AdminRespondToAuthChallengeResponse
-> f AdminRespondToAuthChallengeResponse
adminRespondToAuthChallengeResponse_session = (AdminRespondToAuthChallengeResponse -> Maybe Text)
-> (AdminRespondToAuthChallengeResponse
    -> Maybe Text -> AdminRespondToAuthChallengeResponse)
-> Lens
     AdminRespondToAuthChallengeResponse
     AdminRespondToAuthChallengeResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallengeResponse' {Maybe Text
session :: Maybe Text
$sel:session:AdminRespondToAuthChallengeResponse' :: AdminRespondToAuthChallengeResponse -> Maybe Text
session} -> Maybe Text
session) (\s :: AdminRespondToAuthChallengeResponse
s@AdminRespondToAuthChallengeResponse' {} Maybe Text
a -> AdminRespondToAuthChallengeResponse
s {$sel:session:AdminRespondToAuthChallengeResponse' :: Maybe Text
session = Maybe Text
a} :: AdminRespondToAuthChallengeResponse)

-- | The response's http status code.
adminRespondToAuthChallengeResponse_httpStatus :: Lens.Lens' AdminRespondToAuthChallengeResponse Prelude.Int
adminRespondToAuthChallengeResponse_httpStatus :: (Int -> f Int)
-> AdminRespondToAuthChallengeResponse
-> f AdminRespondToAuthChallengeResponse
adminRespondToAuthChallengeResponse_httpStatus = (AdminRespondToAuthChallengeResponse -> Int)
-> (AdminRespondToAuthChallengeResponse
    -> Int -> AdminRespondToAuthChallengeResponse)
-> Lens
     AdminRespondToAuthChallengeResponse
     AdminRespondToAuthChallengeResponse
     Int
     Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminRespondToAuthChallengeResponse' {Int
httpStatus :: Int
$sel:httpStatus:AdminRespondToAuthChallengeResponse' :: AdminRespondToAuthChallengeResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: AdminRespondToAuthChallengeResponse
s@AdminRespondToAuthChallengeResponse' {} Int
a -> AdminRespondToAuthChallengeResponse
s {$sel:httpStatus:AdminRespondToAuthChallengeResponse' :: Int
httpStatus = Int
a} :: AdminRespondToAuthChallengeResponse)

instance
  Prelude.NFData
    AdminRespondToAuthChallengeResponse