Validates a one-time passcode sent via AWS Cognito
This step validates a one-time passcode (OTP) that was previously sent to the user via the Cognito OTP Generate step. It is used for Just-In-Time (JIT) migration scenarios where users are gradually migrated from Cognito to Mosaic as they log in.
Before using this step, configure a Cognito connection in Integration Hub.
The OTP code must be obtained before initiating this step, such as using a Collect information form. If the validation succeeds, the journey continues to the next step. The authentication result is stored in the output variable and can be used in subsequent steps (e.g., to create a user in Mosaic).
If the validation fails (e.g., incorrect or expired OTP), the journey proceeds to the failure branch (if specified); otherwise, the journey is aborted and an error is sent to the client.
| Field | Description |
|---|---|
| Cognito integration | The Cognito connector to use, as configured in Integration Hub. |
| User identifier | Expression that yields the user's identifier (email or phone number). |
| OTP channel | The channel used to deliver the OTP: email or SMS. |
| OTP code | Expression that yields the OTP code entered by the user. |
| Scope | OAuth scopes to request from Cognito. Default: openid profile email. |
| Output variable | Name of the variable that stores the authentication result returned by Cognito. |
| Error output variable | Name of the variable that stores any errors returned by the step. |
| Failure behavior | Determines the behavior in case of failure, which either aborts the journey or proceeds to a failure branch of the control flow (default). |
This step can be configured to record step input and output data, or a custom payload, which is then surfaced in journey events in Journey Analytics for diagnostic purposes. For details, see Additional data reporting.
Consider a migration journey where the user receives an OTP via the Cognito OTP Generate step. A Collect information step collects the OTP code from the user. The Cognito OTP Validate step validates this code against Cognito. If successful, the output variable (cognito_tokens) contains user information, including ID token and user_info, that can be used to create or update a user in Mosaic using the Create user step.