// Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. // // This file is licensed under the Apache License, Version 2.0 (the "License"). // You may not use this file except in compliance with the License. A copy of // the License is located at // // http://aws.amazon.com/apache2.0/ // // This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR // CONDITIONS OF ANY KIND, either express or implied. See the License for the // specific language governing permissions and limitations under the License. // snippet-sourcedescription:[This example defines a series of challenges for authentication and issues tokens only if all of the challenges are successfully completed.] // snippet-service:[cognito-idp] // snippet-keyword:[JavaScript] // snippet-sourcesyntax:[javascript] // snippet-keyword:[Amazon Cognito] // snippet-keyword:[Code Sample] // snippet-keyword:[lambda_trigger] // snippet-sourcetype:[full-example] // snippet-sourcedate:[2019-01-30] // snippet-sourceauthor:[AWS] // snippet-start:[cognito.javascript.lambda-trigger.define-auth-challenge] exports.handler = (event, context, callback) => { if (event.request.session.length == 1 && event.request.session[0].challengeName == 'SRP_A') { event.response.issueTokens = false; event.response.failAuthentication = false; event.response.challengeName = 'PASSWORD_VERIFIER'; } else if (event.request.session.length == 2 && event.request.session[1].challengeName == 'PASSWORD_VERIFIER' && event.request.session[1].challengeResult == true) { event.response.issueTokens = false; event.response.failAuthentication = false; event.response.challengeName = 'CUSTOM_CHALLENGE'; } else if (event.request.session.length == 3 && event.request.session[2].challengeName == 'CUSTOM_CHALLENGE' && event.request.session[2].challengeResult == true) { event.response.issueTokens = true; event.response.failAuthentication = false; } else { event.response.issueTokens = false; event.response.failAuthentication = true; } // Return to Amazon Cognito callback(null, event); } // snippet-end:[cognito.javascript.lambda-trigger.define-auth-challenge]