{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":["admonition"]},"redocly_category":"Journeys","product":"Identity Management","type":"markdown"},"seo":{"title":"Cognito OTP Generate","description":"Everything about Mosaic Journeys, SDKs, and APIs","siteUrl":"https://developer.transmitsecurity.com/","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"cognito-otp-generate","__idx":0},"children":["Cognito OTP Generate"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge-wrapper"},"children":[{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Client SDK"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Backend API"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Mobile approve"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["SSO"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"badge"},"children":["Sub-journey"]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Generates and sends a one-time passcode via email or SMS using AWS Cognito"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"description","__idx":1},"children":["Description"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This step generates a one-time passcode (OTP) and sends it to the user via email or SMS through AWS Cognito–an external identity provider. It is used for Just-In-Time (JIT) migration scenarios where users are gradually migrated from Cognito to Mosaic as they log in."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Before using this step, configure a ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/orchestration/external-connections/external_idp"},"children":["Cognito connection"]}," in Integration Hub."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The user identifier must be obtained before initiating this step, such as using a ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/orchestration/journeys/get_info_from_client"},"children":["Collect information"]}," form. After the OTP is sent, use the ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/orchestration/journeys/authenticate_cognito_otp_validate"},"children":["Cognito OTP Validate"]}," step to validate the code entered by the user."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If the step fails (e.g., invalid user identifier), the journey proceeds to the failure branch (if specified); otherwise, the journey is aborted and an error is sent to the client."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"configuration","__idx":2},"children":["Configuration"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"table"},"children":[{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Field"},"children":["Field"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Cognito integration"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["The Cognito connector to use, as configured in Integration Hub."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["User identifier"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Expression that yields the user's identifier (email or phone number)."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["OTP channel"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["The channel used to deliver the OTP: email or SMS."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Scope"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["OAuth scopes to request from Cognito. Default: ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["openid profile email"]},"."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Output variable"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Name of the variable that stores the result returned by Cognito."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Error output variable"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Name of the variable that stores any errors returned by the step."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Failure behavior"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Determines the behavior in case of failure, which either aborts the journey or proceeds to a failure branch of the control flow (default)."]}]}]}]}]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Journey event data"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This step can be configured to record step input and output data, or a custom payload, which is then surfaced in journey events in Journey Analytics for diagnostic purposes. For details, see ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/orchestration/getting-started/event_reporting"},"children":["Additional data reporting"]},"."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"example","__idx":3},"children":["Example"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Consider a migration journey that collects the user's email using a ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/orchestration/journeys/get_info_from_client"},"children":["Collect information"]}," step. The Cognito OTP Generate step sends an OTP to the user's email. A subsequent ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/orchestration/journeys/get_info_from_client"},"children":["Collect information"]}," step collects the OTP code, which is then validated using the ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/orchestration/journeys/authenticate_cognito_otp_validate"},"children":["Cognito OTP Validate"]}," step."]}]},"headings":[{"value":"Cognito OTP Generate","id":"cognito-otp-generate","depth":1},{"value":"Description","id":"description","depth":2},{"value":"Configuration","id":"configuration","depth":2},{"value":"Example","id":"example","depth":2}],"frontmatter":{"markdown":{"toc":{"depth":2}},"seo":{"title":"Cognito OTP Generate"}},"lastModified":"2026-05-26T08:58:26.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/guides/orchestration/journeys/authenticate_cognito_otp_generate","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}