fix: return full ChallengeResponse in requestSignInLink

[TarasOP]

*Issue #252

[ottokruse]

Thank you!

[ottokruse]

AI Code Review - PR #255

Verdict: ✅ APPROVED - This change does not break any functionality in the codebase.

What This Changes

This PR modifies requestSignInLink to return the full ChallengeResponse object instead of just the session string, enabling access to ChallengeParameters from AWS Cognito's challenge response (addressing issue #252).

Impact Analysis

✅ Internal Code - No Breaking Changes:

• React hooks (hooks.tsx line 466): Only uses .catch() for error handling, doesn't consume the resolved value
• React components (components.tsx line 398): Doesn't use the return value at all
• Documentation examples: Don't consume the return value directly
• All internal code continues to work without modification.

✅ Backward Compatible:

The session is still accessible via response.Session:

const { signInLinkRequested } = requestSignInLink({ username });
const response = await signInLinkRequested;
const session = response.Session; // Session still accessible

⚠️ Potential External Consumer Impact (Low Risk):

Only affects external consumers if they directly use the resolved value as a string:

// Would need update:
const session = await signInLinkRequested;
console.log(session.substring(...)); 

// Fix:
const response = await signInLinkRequested;
console.log(response.Session.substring(...));

Recommendations Before Merge

• Add CHANGELOG entry documenting the return type change with migration example
• Version bump: MINOR version (e.g., 1.2.0 → 1.3.0) - this is an additive feature with backward-compatible access
• Optional: Add example in docs showing how to access ChallengeParameters

Summary

This is a valuable enhancement that properly exposes AWS Cognito's publicChallengeParameters feature. The change is minimal, well-targeted, and safe for all internal code. The exported ChallengeResponse interface also improves TypeScript type safety for consumers.