{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CognitoIdentityProvider.InitiateAuth
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Initiates the authentication flow.
--
-- This action might generate an SMS text message. Starting June 1, 2021,
-- U.S. telecom carriers require that you register an origination phone
-- number before you can send SMS messages to U.S. phone numbers. If you
-- use SMS text messages in Amazon Cognito, you must register a phone
-- number with
-- <https://console.aws.amazon.com/pinpoint/home/ Amazon Pinpoint>. Cognito
-- will use the the registered number automatically. Otherwise, Cognito
-- users that must receive SMS messages might be unable to sign up,
-- activate their accounts, or sign in.
--
-- If you have never used SMS text messages with Amazon Cognito or any
-- other Amazon Web Service, Amazon SNS might place your account in SMS
-- sandbox. In
-- /<https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html sandbox mode>/
-- , you’ll have limitations, such as sending messages to only verified
-- phone numbers. After testing in the sandbox environment, you can move
-- out of the SMS sandbox and into production. For more information, see
-- <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html SMS message settings for Cognito User Pools>
-- in the /Amazon Cognito Developer Guide/.
module Amazonka.CognitoIdentityProvider.InitiateAuth
  ( -- * Creating a Request
    InitiateAuth (..),
    newInitiateAuth,

    -- * Request Lenses
    initiateAuth_clientMetadata,
    initiateAuth_analyticsMetadata,
    initiateAuth_userContextData,
    initiateAuth_authParameters,
    initiateAuth_authFlow,
    initiateAuth_clientId,

    -- * Destructuring the Response
    InitiateAuthResponse (..),
    newInitiateAuthResponse,

    -- * Response Lenses
    initiateAuthResponse_challengeName,
    initiateAuthResponse_challengeParameters,
    initiateAuthResponse_authenticationResult,
    initiateAuthResponse_session,
    initiateAuthResponse_httpStatus,
  )
where

import Amazonka.CognitoIdentityProvider.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | Initiates the authentication request.
--
-- /See:/ 'newInitiateAuth' smart constructor.
data InitiateAuth = InitiateAuth'
  { -- | A map of custom key-value pairs that you can provide as input for
    -- certain custom workflows that this action triggers.
    --
    -- You create custom workflows by assigning Lambda functions to user pool
    -- triggers. When you use the InitiateAuth API action, Amazon Cognito
    -- invokes the Lambda functions that are specified for various triggers.
    -- The ClientMetadata value is passed as input to the functions for only
    -- the following triggers:
    --
    -- -   Pre signup
    --
    -- -   Pre authentication
    --
    -- -   User migration
    --
    -- When Amazon Cognito invokes the functions for these triggers, it passes
    -- a JSON payload, which the function receives as input. This payload
    -- contains a @validationData@ attribute, which provides the data that you
    -- assigned to the ClientMetadata parameter in your InitiateAuth request.
    -- In your function code in Lambda, you can process the @validationData@
    -- value to enhance your workflow for your specific needs.
    --
    -- When you use the InitiateAuth API action, Amazon Cognito also invokes
    -- the functions for the following triggers, but it does not provide the
    -- ClientMetadata value as input:
    --
    -- -   Post authentication
    --
    -- -   Custom message
    --
    -- -   Pre token generation
    --
    -- -   Create auth challenge
    --
    -- -   Define auth challenge
    --
    -- -   Verify auth challenge
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html Customizing User Pool Workflows with Lambda Triggers>
    -- in the /Amazon Cognito Developer Guide/.
    --
    -- Take the following limitations into consideration when you use the
    -- ClientMetadata parameter:
    --
    -- -   Amazon Cognito does not store the ClientMetadata value. This data is
    --     available only to Lambda triggers that are assigned to a user pool
    --     to support custom workflows. If your user pool configuration does
    --     not include triggers, the ClientMetadata parameter serves no
    --     purpose.
    --
    -- -   Amazon Cognito does not validate the ClientMetadata value.
    --
    -- -   Amazon Cognito does not encrypt the the ClientMetadata value, so
    --     don\'t use it to provide sensitive information.
    InitiateAuth -> Maybe (HashMap Text Text)
clientMetadata :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | The Amazon Pinpoint analytics metadata for collecting metrics for
    -- @InitiateAuth@ calls.
    InitiateAuth -> Maybe AnalyticsMetadataType
analyticsMetadata :: Prelude.Maybe AnalyticsMetadataType,
    -- | Contextual data such as the user\'s device fingerprint, IP address, or
    -- location used for evaluating the risk of an unexpected event by Amazon
    -- Cognito advanced security.
    InitiateAuth -> Maybe UserContextDataType
userContextData :: Prelude.Maybe UserContextDataType,
    -- | The authentication parameters. These are inputs corresponding to the
    -- @AuthFlow@ that you are invoking. The required values depend on the
    -- value of @AuthFlow@:
    --
    -- -   For @USER_SRP_AUTH@: @USERNAME@ (required), @SRP_A@ (required),
    --     @SECRET_HASH@ (required if the app client is configured with a
    --     client secret), @DEVICE_KEY@.
    --
    -- -   For @REFRESH_TOKEN_AUTH\/REFRESH_TOKEN@: @REFRESH_TOKEN@ (required),
    --     @SECRET_HASH@ (required if the app client is configured with a
    --     client secret), @DEVICE_KEY@.
    --
    -- -   For @CUSTOM_AUTH@: @USERNAME@ (required), @SECRET_HASH@ (if app
    --     client is configured with client secret), @DEVICE_KEY@. To start the
    --     authentication flow with password verification, include
    --     @ChallengeName: SRP_A@ and @SRP_A: (The SRP_A Value)@.
    InitiateAuth -> Maybe (Sensitive (HashMap Text Text))
authParameters :: Prelude.Maybe (Core.Sensitive (Prelude.HashMap Prelude.Text Prelude.Text)),
    -- | The authentication flow for this call to execute. The API action will
    -- depend on this value. For example:
    --
    -- -   @REFRESH_TOKEN_AUTH@ will take in a valid refresh token and return
    --     new tokens.
    --
    -- -   @USER_SRP_AUTH@ will take in @USERNAME@ and @SRP_A@ and return the
    --     SRP variables to be used for next challenge execution.
    --
    -- -   @USER_PASSWORD_AUTH@ will take in @USERNAME@ and @PASSWORD@ and
    --     return the next challenge or tokens.
    --
    -- Valid values include:
    --
    -- -   @USER_SRP_AUTH@: Authentication flow for the Secure Remote Password
    --     (SRP) protocol.
    --
    -- -   @REFRESH_TOKEN_AUTH@\/@REFRESH_TOKEN@: Authentication flow for
    --     refreshing the access token and ID token by supplying a valid
    --     refresh token.
    --
    -- -   @CUSTOM_AUTH@: Custom authentication flow.
    --
    -- -   @USER_PASSWORD_AUTH@: Non-SRP authentication flow; USERNAME and
    --     PASSWORD are passed directly. If a user migration Lambda trigger is
    --     set, this flow will invoke the user migration Lambda if the USERNAME
    --     is not found in the user pool.
    --
    -- -   @ADMIN_USER_PASSWORD_AUTH@: Admin-based user password
    --     authentication. This replaces the @ADMIN_NO_SRP_AUTH@ authentication
    --     flow. In this flow, Cognito receives the password in the request
    --     instead of using the SRP process to verify passwords.
    --
    -- @ADMIN_NO_SRP_AUTH@ is not a valid value.
    InitiateAuth -> AuthFlowType
authFlow :: AuthFlowType,
    -- | The app client ID.
    InitiateAuth -> Sensitive Text
clientId :: Core.Sensitive Prelude.Text
  }
  deriving (InitiateAuth -> InitiateAuth -> Bool
(InitiateAuth -> InitiateAuth -> Bool)
-> (InitiateAuth -> InitiateAuth -> Bool) -> Eq InitiateAuth
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: InitiateAuth -> InitiateAuth -> Bool
$c/= :: InitiateAuth -> InitiateAuth -> Bool
== :: InitiateAuth -> InitiateAuth -> Bool
$c== :: InitiateAuth -> InitiateAuth -> Bool
Prelude.Eq, Int -> InitiateAuth -> ShowS
[InitiateAuth] -> ShowS
InitiateAuth -> String
(Int -> InitiateAuth -> ShowS)
-> (InitiateAuth -> String)
-> ([InitiateAuth] -> ShowS)
-> Show InitiateAuth
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [InitiateAuth] -> ShowS
$cshowList :: [InitiateAuth] -> ShowS
show :: InitiateAuth -> String
$cshow :: InitiateAuth -> String
showsPrec :: Int -> InitiateAuth -> ShowS
$cshowsPrec :: Int -> InitiateAuth -> ShowS
Prelude.Show, (forall x. InitiateAuth -> Rep InitiateAuth x)
-> (forall x. Rep InitiateAuth x -> InitiateAuth)
-> Generic InitiateAuth
forall x. Rep InitiateAuth x -> InitiateAuth
forall x. InitiateAuth -> Rep InitiateAuth x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep InitiateAuth x -> InitiateAuth
$cfrom :: forall x. InitiateAuth -> Rep InitiateAuth x
Prelude.Generic)

-- |
-- Create a value of 'InitiateAuth' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'clientMetadata', 'initiateAuth_clientMetadata' - A map of custom key-value pairs that you can provide as input for
-- certain custom workflows that this action triggers.
--
-- You create custom workflows by assigning Lambda functions to user pool
-- triggers. When you use the InitiateAuth API action, Amazon Cognito
-- invokes the Lambda functions that are specified for various triggers.
-- The ClientMetadata value is passed as input to the functions for only
-- the following triggers:
--
-- -   Pre signup
--
-- -   Pre authentication
--
-- -   User migration
--
-- When Amazon Cognito invokes the functions for these triggers, it passes
-- a JSON payload, which the function receives as input. This payload
-- contains a @validationData@ attribute, which provides the data that you
-- assigned to the ClientMetadata parameter in your InitiateAuth request.
-- In your function code in Lambda, you can process the @validationData@
-- value to enhance your workflow for your specific needs.
--
-- When you use the InitiateAuth API action, Amazon Cognito also invokes
-- the functions for the following triggers, but it does not provide the
-- ClientMetadata value as input:
--
-- -   Post authentication
--
-- -   Custom message
--
-- -   Pre token generation
--
-- -   Create auth challenge
--
-- -   Define auth challenge
--
-- -   Verify auth challenge
--
-- For more information, see
-- <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html Customizing User Pool Workflows with Lambda Triggers>
-- in the /Amazon Cognito Developer Guide/.
--
-- Take the following limitations into consideration when you use the
-- ClientMetadata parameter:
--
-- -   Amazon Cognito does not store the ClientMetadata value. This data is
--     available only to Lambda triggers that are assigned to a user pool
--     to support custom workflows. If your user pool configuration does
--     not include triggers, the ClientMetadata parameter serves no
--     purpose.
--
-- -   Amazon Cognito does not validate the ClientMetadata value.
--
-- -   Amazon Cognito does not encrypt the the ClientMetadata value, so
--     don\'t use it to provide sensitive information.
--
-- 'analyticsMetadata', 'initiateAuth_analyticsMetadata' - The Amazon Pinpoint analytics metadata for collecting metrics for
-- @InitiateAuth@ calls.
--
-- 'userContextData', 'initiateAuth_userContextData' - Contextual data such as the user\'s device fingerprint, IP address, or
-- location used for evaluating the risk of an unexpected event by Amazon
-- Cognito advanced security.
--
-- 'authParameters', 'initiateAuth_authParameters' - The authentication parameters. These are inputs corresponding to the
-- @AuthFlow@ that you are invoking. The required values depend on the
-- value of @AuthFlow@:
--
-- -   For @USER_SRP_AUTH@: @USERNAME@ (required), @SRP_A@ (required),
--     @SECRET_HASH@ (required if the app client is configured with a
--     client secret), @DEVICE_KEY@.
--
-- -   For @REFRESH_TOKEN_AUTH\/REFRESH_TOKEN@: @REFRESH_TOKEN@ (required),
--     @SECRET_HASH@ (required if the app client is configured with a
--     client secret), @DEVICE_KEY@.
--
-- -   For @CUSTOM_AUTH@: @USERNAME@ (required), @SECRET_HASH@ (if app
--     client is configured with client secret), @DEVICE_KEY@. To start the
--     authentication flow with password verification, include
--     @ChallengeName: SRP_A@ and @SRP_A: (The SRP_A Value)@.
--
-- 'authFlow', 'initiateAuth_authFlow' - The authentication flow for this call to execute. The API action will
-- depend on this value. For example:
--
-- -   @REFRESH_TOKEN_AUTH@ will take in a valid refresh token and return
--     new tokens.
--
-- -   @USER_SRP_AUTH@ will take in @USERNAME@ and @SRP_A@ and return the
--     SRP variables to be used for next challenge execution.
--
-- -   @USER_PASSWORD_AUTH@ will take in @USERNAME@ and @PASSWORD@ and
--     return the next challenge or tokens.
--
-- Valid values include:
--
-- -   @USER_SRP_AUTH@: Authentication flow for the Secure Remote Password
--     (SRP) protocol.
--
-- -   @REFRESH_TOKEN_AUTH@\/@REFRESH_TOKEN@: Authentication flow for
--     refreshing the access token and ID token by supplying a valid
--     refresh token.
--
-- -   @CUSTOM_AUTH@: Custom authentication flow.
--
-- -   @USER_PASSWORD_AUTH@: Non-SRP authentication flow; USERNAME and
--     PASSWORD are passed directly. If a user migration Lambda trigger is
--     set, this flow will invoke the user migration Lambda if the USERNAME
--     is not found in the user pool.
--
-- -   @ADMIN_USER_PASSWORD_AUTH@: Admin-based user password
--     authentication. This replaces the @ADMIN_NO_SRP_AUTH@ authentication
--     flow. In this flow, Cognito receives the password in the request
--     instead of using the SRP process to verify passwords.
--
-- @ADMIN_NO_SRP_AUTH@ is not a valid value.
--
-- 'clientId', 'initiateAuth_clientId' - The app client ID.
newInitiateAuth ::
  -- | 'authFlow'
  AuthFlowType ->
  -- | 'clientId'
  Prelude.Text ->
  InitiateAuth
newInitiateAuth :: AuthFlowType -> Text -> InitiateAuth
newInitiateAuth AuthFlowType
pAuthFlow_ Text
pClientId_ =
  InitiateAuth' :: Maybe (HashMap Text Text)
-> Maybe AnalyticsMetadataType
-> Maybe UserContextDataType
-> Maybe (Sensitive (HashMap Text Text))
-> AuthFlowType
-> Sensitive Text
-> InitiateAuth
InitiateAuth'
    { $sel:clientMetadata:InitiateAuth' :: Maybe (HashMap Text Text)
clientMetadata = Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
      $sel:analyticsMetadata:InitiateAuth' :: Maybe AnalyticsMetadataType
analyticsMetadata = Maybe AnalyticsMetadataType
forall a. Maybe a
Prelude.Nothing,
      $sel:userContextData:InitiateAuth' :: Maybe UserContextDataType
userContextData = Maybe UserContextDataType
forall a. Maybe a
Prelude.Nothing,
      $sel:authParameters:InitiateAuth' :: Maybe (Sensitive (HashMap Text Text))
authParameters = Maybe (Sensitive (HashMap Text Text))
forall a. Maybe a
Prelude.Nothing,
      $sel:authFlow:InitiateAuth' :: AuthFlowType
authFlow = AuthFlowType
pAuthFlow_,
      $sel:clientId:InitiateAuth' :: Sensitive Text
clientId = Tagged Text (Identity Text)
-> Tagged (Sensitive Text) (Identity (Sensitive Text))
forall a. Iso' (Sensitive a) a
Core._Sensitive (Tagged Text (Identity Text)
 -> Tagged (Sensitive Text) (Identity (Sensitive Text)))
-> Text -> Sensitive Text
forall t b. AReview t b -> b -> t
Lens.# Text
pClientId_
    }

-- | A map of custom key-value pairs that you can provide as input for
-- certain custom workflows that this action triggers.
--
-- You create custom workflows by assigning Lambda functions to user pool
-- triggers. When you use the InitiateAuth API action, Amazon Cognito
-- invokes the Lambda functions that are specified for various triggers.
-- The ClientMetadata value is passed as input to the functions for only
-- the following triggers:
--
-- -   Pre signup
--
-- -   Pre authentication
--
-- -   User migration
--
-- When Amazon Cognito invokes the functions for these triggers, it passes
-- a JSON payload, which the function receives as input. This payload
-- contains a @validationData@ attribute, which provides the data that you
-- assigned to the ClientMetadata parameter in your InitiateAuth request.
-- In your function code in Lambda, you can process the @validationData@
-- value to enhance your workflow for your specific needs.
--
-- When you use the InitiateAuth API action, Amazon Cognito also invokes
-- the functions for the following triggers, but it does not provide the
-- ClientMetadata value as input:
--
-- -   Post authentication
--
-- -   Custom message
--
-- -   Pre token generation
--
-- -   Create auth challenge
--
-- -   Define auth challenge
--
-- -   Verify auth challenge
--
-- For more information, see
-- <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html Customizing User Pool Workflows with Lambda Triggers>
-- in the /Amazon Cognito Developer Guide/.
--
-- Take the following limitations into consideration when you use the
-- ClientMetadata parameter:
--
-- -   Amazon Cognito does not store the ClientMetadata value. This data is
--     available only to Lambda triggers that are assigned to a user pool
--     to support custom workflows. If your user pool configuration does
--     not include triggers, the ClientMetadata parameter serves no
--     purpose.
--
-- -   Amazon Cognito does not validate the ClientMetadata value.
--
-- -   Amazon Cognito does not encrypt the the ClientMetadata value, so
--     don\'t use it to provide sensitive information.
initiateAuth_clientMetadata :: Lens.Lens' InitiateAuth (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
initiateAuth_clientMetadata :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> InitiateAuth -> f InitiateAuth
initiateAuth_clientMetadata = (InitiateAuth -> Maybe (HashMap Text Text))
-> (InitiateAuth -> Maybe (HashMap Text Text) -> InitiateAuth)
-> Lens
     InitiateAuth
     InitiateAuth
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuth' {Maybe (HashMap Text Text)
clientMetadata :: Maybe (HashMap Text Text)
$sel:clientMetadata:InitiateAuth' :: InitiateAuth -> Maybe (HashMap Text Text)
clientMetadata} -> Maybe (HashMap Text Text)
clientMetadata) (\s :: InitiateAuth
s@InitiateAuth' {} Maybe (HashMap Text Text)
a -> InitiateAuth
s {$sel:clientMetadata:InitiateAuth' :: Maybe (HashMap Text Text)
clientMetadata = Maybe (HashMap Text Text)
a} :: InitiateAuth) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> InitiateAuth -> f InitiateAuth)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> InitiateAuth
-> f InitiateAuth
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The Amazon Pinpoint analytics metadata for collecting metrics for
-- @InitiateAuth@ calls.
initiateAuth_analyticsMetadata :: Lens.Lens' InitiateAuth (Prelude.Maybe AnalyticsMetadataType)
initiateAuth_analyticsMetadata :: (Maybe AnalyticsMetadataType -> f (Maybe AnalyticsMetadataType))
-> InitiateAuth -> f InitiateAuth
initiateAuth_analyticsMetadata = (InitiateAuth -> Maybe AnalyticsMetadataType)
-> (InitiateAuth -> Maybe AnalyticsMetadataType -> InitiateAuth)
-> Lens
     InitiateAuth
     InitiateAuth
     (Maybe AnalyticsMetadataType)
     (Maybe AnalyticsMetadataType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuth' {Maybe AnalyticsMetadataType
analyticsMetadata :: Maybe AnalyticsMetadataType
$sel:analyticsMetadata:InitiateAuth' :: InitiateAuth -> Maybe AnalyticsMetadataType
analyticsMetadata} -> Maybe AnalyticsMetadataType
analyticsMetadata) (\s :: InitiateAuth
s@InitiateAuth' {} Maybe AnalyticsMetadataType
a -> InitiateAuth
s {$sel:analyticsMetadata:InitiateAuth' :: Maybe AnalyticsMetadataType
analyticsMetadata = Maybe AnalyticsMetadataType
a} :: InitiateAuth)

-- | Contextual data such as the user\'s device fingerprint, IP address, or
-- location used for evaluating the risk of an unexpected event by Amazon
-- Cognito advanced security.
initiateAuth_userContextData :: Lens.Lens' InitiateAuth (Prelude.Maybe UserContextDataType)
initiateAuth_userContextData :: (Maybe UserContextDataType -> f (Maybe UserContextDataType))
-> InitiateAuth -> f InitiateAuth
initiateAuth_userContextData = (InitiateAuth -> Maybe UserContextDataType)
-> (InitiateAuth -> Maybe UserContextDataType -> InitiateAuth)
-> Lens
     InitiateAuth
     InitiateAuth
     (Maybe UserContextDataType)
     (Maybe UserContextDataType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuth' {Maybe UserContextDataType
userContextData :: Maybe UserContextDataType
$sel:userContextData:InitiateAuth' :: InitiateAuth -> Maybe UserContextDataType
userContextData} -> Maybe UserContextDataType
userContextData) (\s :: InitiateAuth
s@InitiateAuth' {} Maybe UserContextDataType
a -> InitiateAuth
s {$sel:userContextData:InitiateAuth' :: Maybe UserContextDataType
userContextData = Maybe UserContextDataType
a} :: InitiateAuth)

-- | The authentication parameters. These are inputs corresponding to the
-- @AuthFlow@ that you are invoking. The required values depend on the
-- value of @AuthFlow@:
--
-- -   For @USER_SRP_AUTH@: @USERNAME@ (required), @SRP_A@ (required),
--     @SECRET_HASH@ (required if the app client is configured with a
--     client secret), @DEVICE_KEY@.
--
-- -   For @REFRESH_TOKEN_AUTH\/REFRESH_TOKEN@: @REFRESH_TOKEN@ (required),
--     @SECRET_HASH@ (required if the app client is configured with a
--     client secret), @DEVICE_KEY@.
--
-- -   For @CUSTOM_AUTH@: @USERNAME@ (required), @SECRET_HASH@ (if app
--     client is configured with client secret), @DEVICE_KEY@. To start the
--     authentication flow with password verification, include
--     @ChallengeName: SRP_A@ and @SRP_A: (The SRP_A Value)@.
initiateAuth_authParameters :: Lens.Lens' InitiateAuth (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
initiateAuth_authParameters :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> InitiateAuth -> f InitiateAuth
initiateAuth_authParameters = (InitiateAuth -> Maybe (Sensitive (HashMap Text Text)))
-> (InitiateAuth
    -> Maybe (Sensitive (HashMap Text Text)) -> InitiateAuth)
-> Lens
     InitiateAuth
     InitiateAuth
     (Maybe (Sensitive (HashMap Text Text)))
     (Maybe (Sensitive (HashMap Text Text)))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuth' {Maybe (Sensitive (HashMap Text Text))
authParameters :: Maybe (Sensitive (HashMap Text Text))
$sel:authParameters:InitiateAuth' :: InitiateAuth -> Maybe (Sensitive (HashMap Text Text))
authParameters} -> Maybe (Sensitive (HashMap Text Text))
authParameters) (\s :: InitiateAuth
s@InitiateAuth' {} Maybe (Sensitive (HashMap Text Text))
a -> InitiateAuth
s {$sel:authParameters:InitiateAuth' :: Maybe (Sensitive (HashMap Text Text))
authParameters = Maybe (Sensitive (HashMap Text Text))
a} :: InitiateAuth) ((Maybe (Sensitive (HashMap Text Text))
  -> f (Maybe (Sensitive (HashMap Text Text))))
 -> InitiateAuth -> f InitiateAuth)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (Sensitive (HashMap Text Text))
    -> f (Maybe (Sensitive (HashMap Text Text))))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> InitiateAuth
-> f InitiateAuth
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (Sensitive (HashMap Text Text))
  (Sensitive (HashMap Text Text))
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (Sensitive (HashMap Text Text)))
     (Maybe (Sensitive (HashMap Text Text)))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping (AnIso
  (Sensitive (HashMap Text Text))
  (Sensitive (HashMap Text Text))
  (HashMap Text Text)
  (HashMap Text Text)
forall a. Iso' (Sensitive a) a
Core._Sensitive AnIso
  (Sensitive (HashMap Text Text))
  (Sensitive (HashMap Text Text))
  (HashMap Text Text)
  (HashMap Text Text)
-> AnIso
     (HashMap Text Text)
     (HashMap Text Text)
     (HashMap Text Text)
     (HashMap Text Text)
-> AnIso
     (Sensitive (HashMap Text Text))
     (Sensitive (HashMap Text Text))
     (HashMap Text Text)
     (HashMap Text Text)
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced)

-- | The authentication flow for this call to execute. The API action will
-- depend on this value. For example:
--
-- -   @REFRESH_TOKEN_AUTH@ will take in a valid refresh token and return
--     new tokens.
--
-- -   @USER_SRP_AUTH@ will take in @USERNAME@ and @SRP_A@ and return the
--     SRP variables to be used for next challenge execution.
--
-- -   @USER_PASSWORD_AUTH@ will take in @USERNAME@ and @PASSWORD@ and
--     return the next challenge or tokens.
--
-- Valid values include:
--
-- -   @USER_SRP_AUTH@: Authentication flow for the Secure Remote Password
--     (SRP) protocol.
--
-- -   @REFRESH_TOKEN_AUTH@\/@REFRESH_TOKEN@: Authentication flow for
--     refreshing the access token and ID token by supplying a valid
--     refresh token.
--
-- -   @CUSTOM_AUTH@: Custom authentication flow.
--
-- -   @USER_PASSWORD_AUTH@: Non-SRP authentication flow; USERNAME and
--     PASSWORD are passed directly. If a user migration Lambda trigger is
--     set, this flow will invoke the user migration Lambda if the USERNAME
--     is not found in the user pool.
--
-- -   @ADMIN_USER_PASSWORD_AUTH@: Admin-based user password
--     authentication. This replaces the @ADMIN_NO_SRP_AUTH@ authentication
--     flow. In this flow, Cognito receives the password in the request
--     instead of using the SRP process to verify passwords.
--
-- @ADMIN_NO_SRP_AUTH@ is not a valid value.
initiateAuth_authFlow :: Lens.Lens' InitiateAuth AuthFlowType
initiateAuth_authFlow :: (AuthFlowType -> f AuthFlowType) -> InitiateAuth -> f InitiateAuth
initiateAuth_authFlow = (InitiateAuth -> AuthFlowType)
-> (InitiateAuth -> AuthFlowType -> InitiateAuth)
-> Lens InitiateAuth InitiateAuth AuthFlowType AuthFlowType
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuth' {AuthFlowType
authFlow :: AuthFlowType
$sel:authFlow:InitiateAuth' :: InitiateAuth -> AuthFlowType
authFlow} -> AuthFlowType
authFlow) (\s :: InitiateAuth
s@InitiateAuth' {} AuthFlowType
a -> InitiateAuth
s {$sel:authFlow:InitiateAuth' :: AuthFlowType
authFlow = AuthFlowType
a} :: InitiateAuth)

-- | The app client ID.
initiateAuth_clientId :: Lens.Lens' InitiateAuth Prelude.Text
initiateAuth_clientId :: (Text -> f Text) -> InitiateAuth -> f InitiateAuth
initiateAuth_clientId = (InitiateAuth -> Sensitive Text)
-> (InitiateAuth -> Sensitive Text -> InitiateAuth)
-> Lens InitiateAuth InitiateAuth (Sensitive Text) (Sensitive Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuth' {Sensitive Text
clientId :: Sensitive Text
$sel:clientId:InitiateAuth' :: InitiateAuth -> Sensitive Text
clientId} -> Sensitive Text
clientId) (\s :: InitiateAuth
s@InitiateAuth' {} Sensitive Text
a -> InitiateAuth
s {$sel:clientId:InitiateAuth' :: Sensitive Text
clientId = Sensitive Text
a} :: InitiateAuth) ((Sensitive Text -> f (Sensitive Text))
 -> InitiateAuth -> f InitiateAuth)
-> ((Text -> f Text) -> Sensitive Text -> f (Sensitive Text))
-> (Text -> f Text)
-> InitiateAuth
-> f InitiateAuth
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (Text -> f Text) -> Sensitive Text -> f (Sensitive Text)
forall a. Iso' (Sensitive a) a
Core._Sensitive

instance Core.AWSRequest InitiateAuth where
  type AWSResponse InitiateAuth = InitiateAuthResponse
  request :: InitiateAuth -> Request InitiateAuth
request = Service -> InitiateAuth -> Request InitiateAuth
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy InitiateAuth
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse InitiateAuth)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse InitiateAuth))
-> Logger
-> Service
-> Proxy InitiateAuth
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse InitiateAuth)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe ChallengeNameType
-> Maybe (HashMap Text Text)
-> Maybe AuthenticationResultType
-> Maybe Text
-> Int
-> InitiateAuthResponse
InitiateAuthResponse'
            (Maybe ChallengeNameType
 -> Maybe (HashMap Text Text)
 -> Maybe AuthenticationResultType
 -> Maybe Text
 -> Int
 -> InitiateAuthResponse)
-> Either String (Maybe ChallengeNameType)
-> Either
     String
     (Maybe (HashMap Text Text)
      -> Maybe AuthenticationResultType
      -> Maybe Text
      -> Int
      -> InitiateAuthResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe ChallengeNameType)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"ChallengeName")
            Either
  String
  (Maybe (HashMap Text Text)
   -> Maybe AuthenticationResultType
   -> Maybe Text
   -> Int
   -> InitiateAuthResponse)
-> Either String (Maybe (HashMap Text Text))
-> Either
     String
     (Maybe AuthenticationResultType
      -> Maybe Text -> Int -> InitiateAuthResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x Object -> Text -> Either String (Maybe (Maybe (HashMap Text Text)))
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"ChallengeParameters"
                            Either String (Maybe (Maybe (HashMap Text Text)))
-> Maybe (HashMap Text Text)
-> Either String (Maybe (HashMap Text Text))
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ Maybe (HashMap Text Text)
forall a. Monoid a => a
Prelude.mempty
                        )
            Either
  String
  (Maybe AuthenticationResultType
   -> Maybe Text -> Int -> InitiateAuthResponse)
-> Either String (Maybe AuthenticationResultType)
-> Either String (Maybe Text -> Int -> InitiateAuthResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe AuthenticationResultType)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"AuthenticationResult")
            Either String (Maybe Text -> Int -> InitiateAuthResponse)
-> Either String (Maybe Text)
-> Either String (Int -> InitiateAuthResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"Session")
            Either String (Int -> InitiateAuthResponse)
-> Either String Int -> Either String InitiateAuthResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable InitiateAuth

instance Prelude.NFData InitiateAuth

instance Core.ToHeaders InitiateAuth where
  toHeaders :: InitiateAuth -> ResponseHeaders
toHeaders =
    ResponseHeaders -> InitiateAuth -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"AWSCognitoIdentityProviderService.InitiateAuth" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON InitiateAuth where
  toJSON :: InitiateAuth -> Value
toJSON InitiateAuth' {Maybe (HashMap Text Text)
Maybe (Sensitive (HashMap Text Text))
Maybe AnalyticsMetadataType
Maybe UserContextDataType
Sensitive Text
AuthFlowType
clientId :: Sensitive Text
authFlow :: AuthFlowType
authParameters :: Maybe (Sensitive (HashMap Text Text))
userContextData :: Maybe UserContextDataType
analyticsMetadata :: Maybe AnalyticsMetadataType
clientMetadata :: Maybe (HashMap Text Text)
$sel:clientId:InitiateAuth' :: InitiateAuth -> Sensitive Text
$sel:authFlow:InitiateAuth' :: InitiateAuth -> AuthFlowType
$sel:authParameters:InitiateAuth' :: InitiateAuth -> Maybe (Sensitive (HashMap Text Text))
$sel:userContextData:InitiateAuth' :: InitiateAuth -> Maybe UserContextDataType
$sel:analyticsMetadata:InitiateAuth' :: InitiateAuth -> Maybe AnalyticsMetadataType
$sel:clientMetadata:InitiateAuth' :: InitiateAuth -> Maybe (HashMap Text Text)
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"ClientMetadata" Text -> HashMap Text Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (HashMap Text Text -> Pair)
-> Maybe (HashMap Text Text) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
clientMetadata,
            (Text
"AnalyticsMetadata" Text -> AnalyticsMetadataType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (AnalyticsMetadataType -> Pair)
-> Maybe AnalyticsMetadataType -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe AnalyticsMetadataType
analyticsMetadata,
            (Text
"UserContextData" Text -> UserContextDataType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (UserContextDataType -> Pair)
-> Maybe UserContextDataType -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe UserContextDataType
userContextData,
            (Text
"AuthParameters" Text -> Sensitive (HashMap Text Text) -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Sensitive (HashMap Text Text) -> Pair)
-> Maybe (Sensitive (HashMap Text Text)) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (Sensitive (HashMap Text Text))
authParameters,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"AuthFlow" Text -> AuthFlowType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= AuthFlowType
authFlow),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"ClientId" Text -> Sensitive Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Sensitive Text
clientId)
          ]
      )

instance Core.ToPath InitiateAuth where
  toPath :: InitiateAuth -> ByteString
toPath = ByteString -> InitiateAuth -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery InitiateAuth where
  toQuery :: InitiateAuth -> QueryString
toQuery = QueryString -> InitiateAuth -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | Initiates the authentication response.
--
-- /See:/ 'newInitiateAuthResponse' smart constructor.
data InitiateAuthResponse = InitiateAuthResponse'
  { -- | The name of the challenge which you are responding to with this call.
    -- This is returned to you in the @AdminInitiateAuth@ response if you need
    -- to pass another challenge.
    --
    -- Valid values include the following. Note that all of these challenges
    -- require @USERNAME@ and @SECRET_HASH@ (if applicable) in the parameters.
    --
    -- -   @SMS_MFA@: Next challenge is to supply an @SMS_MFA_CODE@, delivered
    --     via SMS.
    --
    -- -   @PASSWORD_VERIFIER@: Next challenge is to supply
    --     @PASSWORD_CLAIM_SIGNATURE@, @PASSWORD_CLAIM_SECRET_BLOCK@, and
    --     @TIMESTAMP@ after the client-side SRP calculations.
    --
    -- -   @CUSTOM_CHALLENGE@: This is returned if your custom authentication
    --     flow determines that the user should pass another challenge before
    --     tokens are issued.
    --
    -- -   @DEVICE_SRP_AUTH@: If device tracking was enabled on your user pool
    --     and the previous challenges were passed, this challenge is returned
    --     so that Amazon Cognito can start tracking this device.
    --
    -- -   @DEVICE_PASSWORD_VERIFIER@: Similar to @PASSWORD_VERIFIER@, but for
    --     devices only.
    --
    -- -   @NEW_PASSWORD_REQUIRED@: For users who are required to change their
    --     passwords after successful first login. This challenge should be
    --     passed with @NEW_PASSWORD@ and any other required attributes.
    --
    -- -   @MFA_SETUP@: For users who are required to setup an MFA factor
    --     before they can sign-in. The MFA types enabled for the user pool
    --     will be listed in the challenge parameters @MFA_CAN_SETUP@ value.
    --
    --     To setup software token MFA, use the session returned here from
    --     @InitiateAuth@ as an input to @AssociateSoftwareToken@, and use the
    --     session returned by @VerifySoftwareToken@ as an input to
    --     @RespondToAuthChallenge@ with challenge name @MFA_SETUP@ to complete
    --     sign-in. To setup SMS MFA, users will need help from an
    --     administrator to add a phone number to their account and then call
    --     @InitiateAuth@ again to restart sign-in.
    InitiateAuthResponse -> Maybe ChallengeNameType
challengeName :: Prelude.Maybe ChallengeNameType,
    -- | The challenge parameters. These are returned to you in the
    -- @InitiateAuth@ response if you need to pass another challenge. The
    -- responses in this parameter should be used to compute inputs to the next
    -- call (@RespondToAuthChallenge@).
    --
    -- All challenges require @USERNAME@ and @SECRET_HASH@ (if applicable).
    InitiateAuthResponse -> Maybe (HashMap Text Text)
challengeParameters :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | The result of the authentication response. This is only returned if the
    -- caller does not need to pass another challenge. If the caller does need
    -- to pass another challenge before it gets tokens, @ChallengeName@,
    -- @ChallengeParameters@, and @Session@ are returned.
    InitiateAuthResponse -> Maybe AuthenticationResultType
authenticationResult :: Prelude.Maybe AuthenticationResultType,
    -- | The session which should be passed both ways in challenge-response calls
    -- to the service. If the caller needs to go through another challenge,
    -- they return a session with other challenge parameters. This session
    -- should be passed as it is to the next @RespondToAuthChallenge@ API call.
    InitiateAuthResponse -> Maybe Text
session :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    InitiateAuthResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (InitiateAuthResponse -> InitiateAuthResponse -> Bool
(InitiateAuthResponse -> InitiateAuthResponse -> Bool)
-> (InitiateAuthResponse -> InitiateAuthResponse -> Bool)
-> Eq InitiateAuthResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: InitiateAuthResponse -> InitiateAuthResponse -> Bool
$c/= :: InitiateAuthResponse -> InitiateAuthResponse -> Bool
== :: InitiateAuthResponse -> InitiateAuthResponse -> Bool
$c== :: InitiateAuthResponse -> InitiateAuthResponse -> Bool
Prelude.Eq, Int -> InitiateAuthResponse -> ShowS
[InitiateAuthResponse] -> ShowS
InitiateAuthResponse -> String
(Int -> InitiateAuthResponse -> ShowS)
-> (InitiateAuthResponse -> String)
-> ([InitiateAuthResponse] -> ShowS)
-> Show InitiateAuthResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [InitiateAuthResponse] -> ShowS
$cshowList :: [InitiateAuthResponse] -> ShowS
show :: InitiateAuthResponse -> String
$cshow :: InitiateAuthResponse -> String
showsPrec :: Int -> InitiateAuthResponse -> ShowS
$cshowsPrec :: Int -> InitiateAuthResponse -> ShowS
Prelude.Show, (forall x. InitiateAuthResponse -> Rep InitiateAuthResponse x)
-> (forall x. Rep InitiateAuthResponse x -> InitiateAuthResponse)
-> Generic InitiateAuthResponse
forall x. Rep InitiateAuthResponse x -> InitiateAuthResponse
forall x. InitiateAuthResponse -> Rep InitiateAuthResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep InitiateAuthResponse x -> InitiateAuthResponse
$cfrom :: forall x. InitiateAuthResponse -> Rep InitiateAuthResponse x
Prelude.Generic)

-- |
-- Create a value of 'InitiateAuthResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'challengeName', 'initiateAuthResponse_challengeName' - The name of the challenge which you are responding to with this call.
-- This is returned to you in the @AdminInitiateAuth@ response if you need
-- to pass another challenge.
--
-- Valid values include the following. Note that all of these challenges
-- require @USERNAME@ and @SECRET_HASH@ (if applicable) in the parameters.
--
-- -   @SMS_MFA@: Next challenge is to supply an @SMS_MFA_CODE@, delivered
--     via SMS.
--
-- -   @PASSWORD_VERIFIER@: Next challenge is to supply
--     @PASSWORD_CLAIM_SIGNATURE@, @PASSWORD_CLAIM_SECRET_BLOCK@, and
--     @TIMESTAMP@ after the client-side SRP calculations.
--
-- -   @CUSTOM_CHALLENGE@: This is returned if your custom authentication
--     flow determines that the user should pass another challenge before
--     tokens are issued.
--
-- -   @DEVICE_SRP_AUTH@: If device tracking was enabled on your user pool
--     and the previous challenges were passed, this challenge is returned
--     so that Amazon Cognito can start tracking this device.
--
-- -   @DEVICE_PASSWORD_VERIFIER@: Similar to @PASSWORD_VERIFIER@, but for
--     devices only.
--
-- -   @NEW_PASSWORD_REQUIRED@: For users who are required to change their
--     passwords after successful first login. This challenge should be
--     passed with @NEW_PASSWORD@ and any other required attributes.
--
-- -   @MFA_SETUP@: For users who are required to setup an MFA factor
--     before they can sign-in. The MFA types enabled for the user pool
--     will be listed in the challenge parameters @MFA_CAN_SETUP@ value.
--
--     To setup software token MFA, use the session returned here from
--     @InitiateAuth@ as an input to @AssociateSoftwareToken@, and use the
--     session returned by @VerifySoftwareToken@ as an input to
--     @RespondToAuthChallenge@ with challenge name @MFA_SETUP@ to complete
--     sign-in. To setup SMS MFA, users will need help from an
--     administrator to add a phone number to their account and then call
--     @InitiateAuth@ again to restart sign-in.
--
-- 'challengeParameters', 'initiateAuthResponse_challengeParameters' - The challenge parameters. These are returned to you in the
-- @InitiateAuth@ response if you need to pass another challenge. The
-- responses in this parameter should be used to compute inputs to the next
-- call (@RespondToAuthChallenge@).
--
-- All challenges require @USERNAME@ and @SECRET_HASH@ (if applicable).
--
-- 'authenticationResult', 'initiateAuthResponse_authenticationResult' - The result of the authentication response. This is only returned if the
-- caller does not need to pass another challenge. If the caller does need
-- to pass another challenge before it gets tokens, @ChallengeName@,
-- @ChallengeParameters@, and @Session@ are returned.
--
-- 'session', 'initiateAuthResponse_session' - The session which should be passed both ways in challenge-response calls
-- to the service. If the caller needs to go through another challenge,
-- they return a session with other challenge parameters. This session
-- should be passed as it is to the next @RespondToAuthChallenge@ API call.
--
-- 'httpStatus', 'initiateAuthResponse_httpStatus' - The response's http status code.
newInitiateAuthResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  InitiateAuthResponse
newInitiateAuthResponse :: Int -> InitiateAuthResponse
newInitiateAuthResponse Int
pHttpStatus_ =
  InitiateAuthResponse' :: Maybe ChallengeNameType
-> Maybe (HashMap Text Text)
-> Maybe AuthenticationResultType
-> Maybe Text
-> Int
-> InitiateAuthResponse
InitiateAuthResponse'
    { $sel:challengeName:InitiateAuthResponse' :: Maybe ChallengeNameType
challengeName =
        Maybe ChallengeNameType
forall a. Maybe a
Prelude.Nothing,
      $sel:challengeParameters:InitiateAuthResponse' :: Maybe (HashMap Text Text)
challengeParameters = Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
      $sel:authenticationResult:InitiateAuthResponse' :: Maybe AuthenticationResultType
authenticationResult = Maybe AuthenticationResultType
forall a. Maybe a
Prelude.Nothing,
      $sel:session:InitiateAuthResponse' :: Maybe Text
session = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:InitiateAuthResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The name of the challenge which you are responding to with this call.
-- This is returned to you in the @AdminInitiateAuth@ response if you need
-- to pass another challenge.
--
-- Valid values include the following. Note that all of these challenges
-- require @USERNAME@ and @SECRET_HASH@ (if applicable) in the parameters.
--
-- -   @SMS_MFA@: Next challenge is to supply an @SMS_MFA_CODE@, delivered
--     via SMS.
--
-- -   @PASSWORD_VERIFIER@: Next challenge is to supply
--     @PASSWORD_CLAIM_SIGNATURE@, @PASSWORD_CLAIM_SECRET_BLOCK@, and
--     @TIMESTAMP@ after the client-side SRP calculations.
--
-- -   @CUSTOM_CHALLENGE@: This is returned if your custom authentication
--     flow determines that the user should pass another challenge before
--     tokens are issued.
--
-- -   @DEVICE_SRP_AUTH@: If device tracking was enabled on your user pool
--     and the previous challenges were passed, this challenge is returned
--     so that Amazon Cognito can start tracking this device.
--
-- -   @DEVICE_PASSWORD_VERIFIER@: Similar to @PASSWORD_VERIFIER@, but for
--     devices only.
--
-- -   @NEW_PASSWORD_REQUIRED@: For users who are required to change their
--     passwords after successful first login. This challenge should be
--     passed with @NEW_PASSWORD@ and any other required attributes.
--
-- -   @MFA_SETUP@: For users who are required to setup an MFA factor
--     before they can sign-in. The MFA types enabled for the user pool
--     will be listed in the challenge parameters @MFA_CAN_SETUP@ value.
--
--     To setup software token MFA, use the session returned here from
--     @InitiateAuth@ as an input to @AssociateSoftwareToken@, and use the
--     session returned by @VerifySoftwareToken@ as an input to
--     @RespondToAuthChallenge@ with challenge name @MFA_SETUP@ to complete
--     sign-in. To setup SMS MFA, users will need help from an
--     administrator to add a phone number to their account and then call
--     @InitiateAuth@ again to restart sign-in.
initiateAuthResponse_challengeName :: Lens.Lens' InitiateAuthResponse (Prelude.Maybe ChallengeNameType)
initiateAuthResponse_challengeName :: (Maybe ChallengeNameType -> f (Maybe ChallengeNameType))
-> InitiateAuthResponse -> f InitiateAuthResponse
initiateAuthResponse_challengeName = (InitiateAuthResponse -> Maybe ChallengeNameType)
-> (InitiateAuthResponse
    -> Maybe ChallengeNameType -> InitiateAuthResponse)
-> Lens
     InitiateAuthResponse
     InitiateAuthResponse
     (Maybe ChallengeNameType)
     (Maybe ChallengeNameType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuthResponse' {Maybe ChallengeNameType
challengeName :: Maybe ChallengeNameType
$sel:challengeName:InitiateAuthResponse' :: InitiateAuthResponse -> Maybe ChallengeNameType
challengeName} -> Maybe ChallengeNameType
challengeName) (\s :: InitiateAuthResponse
s@InitiateAuthResponse' {} Maybe ChallengeNameType
a -> InitiateAuthResponse
s {$sel:challengeName:InitiateAuthResponse' :: Maybe ChallengeNameType
challengeName = Maybe ChallengeNameType
a} :: InitiateAuthResponse)

-- | The challenge parameters. These are returned to you in the
-- @InitiateAuth@ response if you need to pass another challenge. The
-- responses in this parameter should be used to compute inputs to the next
-- call (@RespondToAuthChallenge@).
--
-- All challenges require @USERNAME@ and @SECRET_HASH@ (if applicable).
initiateAuthResponse_challengeParameters :: Lens.Lens' InitiateAuthResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
initiateAuthResponse_challengeParameters :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> InitiateAuthResponse -> f InitiateAuthResponse
initiateAuthResponse_challengeParameters = (InitiateAuthResponse -> Maybe (HashMap Text Text))
-> (InitiateAuthResponse
    -> Maybe (HashMap Text Text) -> InitiateAuthResponse)
-> Lens
     InitiateAuthResponse
     InitiateAuthResponse
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuthResponse' {Maybe (HashMap Text Text)
challengeParameters :: Maybe (HashMap Text Text)
$sel:challengeParameters:InitiateAuthResponse' :: InitiateAuthResponse -> Maybe (HashMap Text Text)
challengeParameters} -> Maybe (HashMap Text Text)
challengeParameters) (\s :: InitiateAuthResponse
s@InitiateAuthResponse' {} Maybe (HashMap Text Text)
a -> InitiateAuthResponse
s {$sel:challengeParameters:InitiateAuthResponse' :: Maybe (HashMap Text Text)
challengeParameters = Maybe (HashMap Text Text)
a} :: InitiateAuthResponse) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> InitiateAuthResponse -> f InitiateAuthResponse)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> InitiateAuthResponse
-> f InitiateAuthResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The result of the authentication response. This is only returned if the
-- caller does not need to pass another challenge. If the caller does need
-- to pass another challenge before it gets tokens, @ChallengeName@,
-- @ChallengeParameters@, and @Session@ are returned.
initiateAuthResponse_authenticationResult :: Lens.Lens' InitiateAuthResponse (Prelude.Maybe AuthenticationResultType)
initiateAuthResponse_authenticationResult :: (Maybe AuthenticationResultType
 -> f (Maybe AuthenticationResultType))
-> InitiateAuthResponse -> f InitiateAuthResponse
initiateAuthResponse_authenticationResult = (InitiateAuthResponse -> Maybe AuthenticationResultType)
-> (InitiateAuthResponse
    -> Maybe AuthenticationResultType -> InitiateAuthResponse)
-> Lens
     InitiateAuthResponse
     InitiateAuthResponse
     (Maybe AuthenticationResultType)
     (Maybe AuthenticationResultType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuthResponse' {Maybe AuthenticationResultType
authenticationResult :: Maybe AuthenticationResultType
$sel:authenticationResult:InitiateAuthResponse' :: InitiateAuthResponse -> Maybe AuthenticationResultType
authenticationResult} -> Maybe AuthenticationResultType
authenticationResult) (\s :: InitiateAuthResponse
s@InitiateAuthResponse' {} Maybe AuthenticationResultType
a -> InitiateAuthResponse
s {$sel:authenticationResult:InitiateAuthResponse' :: Maybe AuthenticationResultType
authenticationResult = Maybe AuthenticationResultType
a} :: InitiateAuthResponse)

-- | The session which should be passed both ways in challenge-response calls
-- to the service. If the caller needs to go through another challenge,
-- they return a session with other challenge parameters. This session
-- should be passed as it is to the next @RespondToAuthChallenge@ API call.
initiateAuthResponse_session :: Lens.Lens' InitiateAuthResponse (Prelude.Maybe Prelude.Text)
initiateAuthResponse_session :: (Maybe Text -> f (Maybe Text))
-> InitiateAuthResponse -> f InitiateAuthResponse
initiateAuthResponse_session = (InitiateAuthResponse -> Maybe Text)
-> (InitiateAuthResponse -> Maybe Text -> InitiateAuthResponse)
-> Lens
     InitiateAuthResponse InitiateAuthResponse (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuthResponse' {Maybe Text
session :: Maybe Text
$sel:session:InitiateAuthResponse' :: InitiateAuthResponse -> Maybe Text
session} -> Maybe Text
session) (\s :: InitiateAuthResponse
s@InitiateAuthResponse' {} Maybe Text
a -> InitiateAuthResponse
s {$sel:session:InitiateAuthResponse' :: Maybe Text
session = Maybe Text
a} :: InitiateAuthResponse)

-- | The response's http status code.
initiateAuthResponse_httpStatus :: Lens.Lens' InitiateAuthResponse Prelude.Int
initiateAuthResponse_httpStatus :: (Int -> f Int) -> InitiateAuthResponse -> f InitiateAuthResponse
initiateAuthResponse_httpStatus = (InitiateAuthResponse -> Int)
-> (InitiateAuthResponse -> Int -> InitiateAuthResponse)
-> Lens InitiateAuthResponse InitiateAuthResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\InitiateAuthResponse' {Int
httpStatus :: Int
$sel:httpStatus:InitiateAuthResponse' :: InitiateAuthResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: InitiateAuthResponse
s@InitiateAuthResponse' {} Int
a -> InitiateAuthResponse
s {$sel:httpStatus:InitiateAuthResponse' :: Int
httpStatus = Int
a} :: InitiateAuthResponse)

instance Prelude.NFData InitiateAuthResponse