Generates and sends a one-time passcode via email or SMS using AWS Cognito
This step generates a one-time passcode (OTP) and sends it to the user via email or SMS through AWS Cognito–an external identity provider. It is used for Just-In-Time (JIT) migration scenarios where users are gradually migrated from Cognito to Mosaic as they log in.
Before using this step, configure a Cognito connection in Integration Hub.
The user identifier must be obtained before initiating this step, such as using a Collect information form. After the OTP is sent, use the Cognito OTP Validate step to validate the code entered by the user.
If the step fails (e.g., invalid user identifier), the journey proceeds to the failure branch (if specified); otherwise, the journey is aborted and an error is sent to the client.
| Field | Description |
|---|---|
| Cognito integration | The Cognito connector to use, as configured in Integration Hub. |
| User identifier | Expression that yields the user's identifier (email or phone number). |
| OTP channel | The channel used to deliver the OTP: email or SMS. |
| Scope | OAuth scopes to request from Cognito. Default: openid profile email. |
| Output variable | Name of the variable that stores the result returned by Cognito. |
| Error output variable | Name of the variable that stores any errors returned by the step. |
| Failure behavior | Determines the behavior in case of failure, which either aborts the journey or proceeds to a failure branch of the control flow (default). |
This step can be configured to record step input and output data, or a custom payload, which is then surfaced in journey events in Journey Analytics for diagnostic purposes. For details, see Additional data reporting.
Consider a migration journey that collects the user's email using a Collect information step. The Cognito OTP Generate step sends an OTP to the user's email. A subsequent Collect information step collects the OTP code, which is then validated using the Cognito OTP Validate step.