I'm trying to use respondToAuthChallenge with NEW_PASSWORD_REQUIRED to change the user's password. I keep getting "Invalid attributes given, given_name is missing" errors. I've tried adding the user's attributes to the call, but I can't seem to find any documentation on how that data should be formatted within the call.

Here is the original code...

$QUERY = $COG_CLIENT->respondToAuthChallenge([
    'ChallengeName'       => 'NEW_PASSWORD_REQUIRED',
    'ClientId'            => $COG_CLIENT_ID,
    'ChallengeResponses'  => [
        'USERNAME'        => $USER_EMAIL,
        'NEW_PASSWORD'    => $USER_NEW_PASS,
        'SECRET_HASH'     => $SEC_HASH,
    ],
    'Session'             => $COG_USER_SESSION,
]);

Then I tried adding the user attributes like so...

$QUERY = $COG_CLIENT->respondToAuthChallenge([
    'ChallengeName'       => 'NEW_PASSWORD_REQUIRED',
    'ClientId'            => $COG_CLIENT_ID,
    'ChallengeResponses'  => [
        'USERNAME'        => $USER_EMAIL,
        'NEW_PASSWORD'    => $USER_NEW_PASS,
        'SECRET_HASH'     => $SEC_HASH,
        'UserAttributes'  => '{"given_name":"Bob"}',
    ],
    'Session'             => $COG_USER_SESSION,
]);

But I'm still getting the same error. If I format the UserAttributes value as an array, I get an error saying that a string is expected.

Does anyone know how I should be passing the user attributes? I'm super lost on this one.

CodePudding user response：

Ah, I think I figured it out after hours of trying many different variations... this is what finally ended up working.

$QUERY = $COG_CLIENT->respondToAuthChallenge([
    'ChallengeName'       => 'NEW_PASSWORD_REQUIRED',
    'ClientId'            => $COG_CLIENT_ID,
    'ChallengeResponses'  => [
        'USERNAME'        => $USER_EMAIL,
        'NEW_PASSWORD'    => $USER_NEW_PASS,
        'SECRET_HASH'     => $SEC_HASH,
        'userAttributes.given_name' => 'Bob',
    ],
    'Session'             => $COG_USER_SESSION,
]);

I can't believe this isn't documented somewhere.