AWS Cognito custom flow authentication returns 'Incorrect username or password'

Question

I am trying to setup a custom flow authentication with Cognito to enable Email MFA but when i attempt to login i get the error:

An error occurred (NotAuthorizedException) when calling the InitiateAuth operation: Incorrect username or password.

this is the api call i am using - i have doubled checked and tried using USER_PASSWORD_AUTH as the flow to make sure the users details are right and yes i can login when using this flow so they are correct.

aws cognito-idp initiate-auth --auth-flow CUSTOM_AUTH --auth-parameters USERNAME=testuser,PASSWORD=password1 --client-id clientId

Below is my define auth challenge

    if (event.request.session.length == 1 && event.request.session[0].challengeName == 'SRP_A') {
        event.response.issueTokens = false;
        event.response.failAuthentication = false;
        event.response.challengeName = 'PASSWORD_VERIFIER';
    } else if (event.request.session.length == 2 && event.request.session[1].challengeName == 'PASSWORD_VERIFIER' && event.request.session[1].challengeResult == true) {
        event.response.issueTokens = false;
        event.response.failAuthentication = false;
        event.response.challengeName = 'CUSTOM_CHALLENGE';
    } else if (event.request.session.length == 3 && event.request.session[2].challengeName == 'CUSTOM_CHALLENGE' && event.request.session[2].challengeResult == true) {
        event.response.issueTokens = true;
        event.response.failAuthentication = false;
    } else {
        event.response.issueTokens = false;
        event.response.failAuthentication = true;
    }
    context.done(null, event);
}

Is there something wrong with this? This code is copied from the aws cognito custom flow guide for define auth so i am struggling to know what is wrong.