aws-sdk-cognitoidentityprovider 1.86.0 → 1.88.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +442 -184
- data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +2 -1
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +437 -206
- data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
- data/sig/client.rbs +2 -2
- data/sig/types.rbs +1 -1
- metadata +2 -2
@@ -488,7 +488,8 @@ module Aws::CognitoIdentityProvider
|
|
488
488
|
# The username of the user that you want to query or modify. The value
|
489
489
|
# of this parameter is typically your user's username, but it can be
|
490
490
|
# any of their alias attributes. If `username` isn't an alias attribute
|
491
|
-
# in your user pool,
|
491
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
492
|
+
# username of a user from a third-party IdP.
|
492
493
|
#
|
493
494
|
# @option params [required, String] :group_name
|
494
495
|
# The name of the group that you want to add your user to.
|
@@ -550,7 +551,8 @@ module Aws::CognitoIdentityProvider
|
|
550
551
|
# The username of the user that you want to query or modify. The value
|
551
552
|
# of this parameter is typically your user's username, but it can be
|
552
553
|
# any of their alias attributes. If `username` isn't an alias attribute
|
553
|
-
# in your user pool,
|
554
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
555
|
+
# username of a user from a third-party IdP.
|
554
556
|
#
|
555
557
|
# @option params [Hash<String,String>] :client_metadata
|
556
558
|
# A map of custom key-value pairs that you can provide as input for any
|
@@ -960,7 +962,8 @@ module Aws::CognitoIdentityProvider
|
|
960
962
|
# The username of the user that you want to query or modify. The value
|
961
963
|
# of this parameter is typically your user's username, but it can be
|
962
964
|
# any of their alias attributes. If `username` isn't an alias attribute
|
963
|
-
# in your user pool,
|
965
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
966
|
+
# username of a user from a third-party IdP.
|
964
967
|
#
|
965
968
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
966
969
|
#
|
@@ -1009,7 +1012,8 @@ module Aws::CognitoIdentityProvider
|
|
1009
1012
|
# The username of the user that you want to query or modify. The value
|
1010
1013
|
# of this parameter is typically your user's username, but it can be
|
1011
1014
|
# any of their alias attributes. If `username` isn't an alias attribute
|
1012
|
-
# in your user pool,
|
1015
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
1016
|
+
# username of a user from a third-party IdP.
|
1013
1017
|
#
|
1014
1018
|
# @option params [required, Array<String>] :user_attribute_names
|
1015
1019
|
# An array of strings representing the user attribute names you want to
|
@@ -1146,7 +1150,8 @@ module Aws::CognitoIdentityProvider
|
|
1146
1150
|
# The username of the user that you want to query or modify. The value
|
1147
1151
|
# of this parameter is typically your user's username, but it can be
|
1148
1152
|
# any of their alias attributes. If `username` isn't an alias attribute
|
1149
|
-
# in your user pool,
|
1153
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
1154
|
+
# username of a user from a third-party IdP.
|
1150
1155
|
#
|
1151
1156
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1152
1157
|
#
|
@@ -1193,7 +1198,8 @@ module Aws::CognitoIdentityProvider
|
|
1193
1198
|
# The username of the user that you want to query or modify. The value
|
1194
1199
|
# of this parameter is typically your user's username, but it can be
|
1195
1200
|
# any of their alias attributes. If `username` isn't an alias attribute
|
1196
|
-
# in your user pool,
|
1201
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
1202
|
+
# username of a user from a third-party IdP.
|
1197
1203
|
#
|
1198
1204
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1199
1205
|
#
|
@@ -1240,7 +1246,8 @@ module Aws::CognitoIdentityProvider
|
|
1240
1246
|
# The username of the user that you want to query or modify. The value
|
1241
1247
|
# of this parameter is typically your user's username, but it can be
|
1242
1248
|
# any of their alias attributes. If `username` isn't an alias attribute
|
1243
|
-
# in your user pool,
|
1249
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
1250
|
+
# username of a user from a third-party IdP.
|
1244
1251
|
#
|
1245
1252
|
# @option params [required, String] :device_key
|
1246
1253
|
# The device key.
|
@@ -1294,7 +1301,8 @@ module Aws::CognitoIdentityProvider
|
|
1294
1301
|
# The username of the user that you want to query or modify. The value
|
1295
1302
|
# of this parameter is typically your user's username, but it can be
|
1296
1303
|
# any of their alias attributes. If `username` isn't an alias attribute
|
1297
|
-
# in your user pool,
|
1304
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
1305
|
+
# username of a user from a third-party IdP.
|
1298
1306
|
#
|
1299
1307
|
# @return [Types::AdminGetDeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1300
1308
|
#
|
@@ -1356,7 +1364,8 @@ module Aws::CognitoIdentityProvider
|
|
1356
1364
|
# The username of the user that you want to query or modify. The value
|
1357
1365
|
# of this parameter is typically your user's username, but it can be
|
1358
1366
|
# any of their alias attributes. If `username` isn't an alias attribute
|
1359
|
-
# in your user pool,
|
1367
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
1368
|
+
# username of a user from a third-party IdP.
|
1360
1369
|
#
|
1361
1370
|
# @return [Types::AdminGetUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1362
1371
|
#
|
@@ -1796,7 +1805,8 @@ module Aws::CognitoIdentityProvider
|
|
1796
1805
|
# The username of the user that you want to query or modify. The value
|
1797
1806
|
# of this parameter is typically your user's username, but it can be
|
1798
1807
|
# any of their alias attributes. If `username` isn't an alias attribute
|
1799
|
-
# in your user pool,
|
1808
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
1809
|
+
# username of a user from a third-party IdP.
|
1800
1810
|
#
|
1801
1811
|
# @option params [Integer] :limit
|
1802
1812
|
# The limit of the devices request.
|
@@ -1868,7 +1878,8 @@ module Aws::CognitoIdentityProvider
|
|
1868
1878
|
# The username of the user that you want to query or modify. The value
|
1869
1879
|
# of this parameter is typically your user's username, but it can be
|
1870
1880
|
# any of their alias attributes. If `username` isn't an alias attribute
|
1871
|
-
# in your user pool,
|
1881
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
1882
|
+
# username of a user from a third-party IdP.
|
1872
1883
|
#
|
1873
1884
|
# @option params [required, String] :user_pool_id
|
1874
1885
|
# The user pool ID for the user pool.
|
@@ -1946,7 +1957,8 @@ module Aws::CognitoIdentityProvider
|
|
1946
1957
|
# The username of the user that you want to query or modify. The value
|
1947
1958
|
# of this parameter is typically your user's username, but it can be
|
1948
1959
|
# any of their alias attributes. If `username` isn't an alias attribute
|
1949
|
-
# in your user pool,
|
1960
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
1961
|
+
# username of a user from a third-party IdP.
|
1950
1962
|
#
|
1951
1963
|
# @option params [Integer] :max_results
|
1952
1964
|
# The maximum number of authentication events to return. Returns 60
|
@@ -2031,7 +2043,8 @@ module Aws::CognitoIdentityProvider
|
|
2031
2043
|
# The username of the user that you want to query or modify. The value
|
2032
2044
|
# of this parameter is typically your user's username, but it can be
|
2033
2045
|
# any of their alias attributes. If `username` isn't an alias attribute
|
2034
|
-
# in your user pool,
|
2046
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
2047
|
+
# username of a user from a third-party IdP.
|
2035
2048
|
#
|
2036
2049
|
# @option params [required, String] :group_name
|
2037
2050
|
# The group name.
|
@@ -2058,11 +2071,15 @@ module Aws::CognitoIdentityProvider
|
|
2058
2071
|
# Resets the specified user's password in a user pool as an
|
2059
2072
|
# administrator. Works on any user.
|
2060
2073
|
#
|
2074
|
+
# To use this API operation, your user pool must have self-service
|
2075
|
+
# account recovery configured. Use [AdminSetUserPassword][1] if you
|
2076
|
+
# manage passwords as an administrator.
|
2077
|
+
#
|
2061
2078
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
2062
2079
|
# US telecom carriers require you to register an origination phone
|
2063
2080
|
# number before you can send SMS messages to US phone numbers. If you
|
2064
2081
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
2065
|
-
# number with [Amazon Pinpoint][
|
2082
|
+
# number with [Amazon Pinpoint][2]. Amazon Cognito uses the registered
|
2066
2083
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
2067
2084
|
# SMS messages might not be able to sign up, activate their accounts, or
|
2068
2085
|
# sign in.
|
@@ -2074,7 +2091,7 @@ module Aws::CognitoIdentityProvider
|
|
2074
2091
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
2075
2092
|
# After you test your app while in the sandbox environment, you can move
|
2076
2093
|
# out of the sandbox and into production. For more information, see [
|
2077
|
-
# SMS message settings for Amazon Cognito user pools][
|
2094
|
+
# SMS message settings for Amazon Cognito user pools][3] in the *Amazon
|
2078
2095
|
# Cognito Developer Guide*.
|
2079
2096
|
#
|
2080
2097
|
# </note>
|
@@ -2096,18 +2113,19 @@ module Aws::CognitoIdentityProvider
|
|
2096
2113
|
#
|
2097
2114
|
# **Learn more**
|
2098
2115
|
#
|
2099
|
-
# * [Signing Amazon Web Services API Requests][
|
2116
|
+
# * [Signing Amazon Web Services API Requests][4]
|
2100
2117
|
#
|
2101
|
-
# * [Using the Amazon Cognito user pools API and user pool endpoints][
|
2118
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][5]
|
2102
2119
|
#
|
2103
2120
|
# </note>
|
2104
2121
|
#
|
2105
2122
|
#
|
2106
2123
|
#
|
2107
|
-
# [1]: https://
|
2108
|
-
# [2]: https://
|
2109
|
-
# [3]: https://docs.aws.amazon.com/
|
2110
|
-
# [4]: https://docs.aws.amazon.com/
|
2124
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html
|
2125
|
+
# [2]: https://console.aws.amazon.com/pinpoint/home/
|
2126
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
2127
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2128
|
+
# [5]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2111
2129
|
#
|
2112
2130
|
# @option params [required, String] :user_pool_id
|
2113
2131
|
# The user pool ID for the user pool where you want to reset the user's
|
@@ -2117,7 +2135,8 @@ module Aws::CognitoIdentityProvider
|
|
2117
2135
|
# The username of the user that you want to query or modify. The value
|
2118
2136
|
# of this parameter is typically your user's username, but it can be
|
2119
2137
|
# any of their alias attributes. If `username` isn't an alias attribute
|
2120
|
-
# in your user pool,
|
2138
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
2139
|
+
# username of a user from a third-party IdP.
|
2121
2140
|
#
|
2122
2141
|
# @option params [Hash<String,String>] :client_metadata
|
2123
2142
|
# A map of custom key-value pairs that you can provide as input for any
|
@@ -2500,7 +2519,8 @@ module Aws::CognitoIdentityProvider
|
|
2500
2519
|
# The username of the user that you want to query or modify. The value
|
2501
2520
|
# of this parameter is typically your user's username, but it can be
|
2502
2521
|
# any of their alias attributes. If `username` isn't an alias attribute
|
2503
|
-
# in your user pool,
|
2522
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
2523
|
+
# username of a user from a third-party IdP.
|
2504
2524
|
#
|
2505
2525
|
# @option params [required, String] :user_pool_id
|
2506
2526
|
# The user pool ID.
|
@@ -2584,7 +2604,8 @@ module Aws::CognitoIdentityProvider
|
|
2584
2604
|
# The username of the user that you want to query or modify. The value
|
2585
2605
|
# of this parameter is typically your user's username, but it can be
|
2586
2606
|
# any of their alias attributes. If `username` isn't an alias attribute
|
2587
|
-
# in your user pool,
|
2607
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
2608
|
+
# username of a user from a third-party IdP.
|
2588
2609
|
#
|
2589
2610
|
# @option params [required, String] :password
|
2590
2611
|
# The password for the user.
|
@@ -2644,7 +2665,8 @@ module Aws::CognitoIdentityProvider
|
|
2644
2665
|
# The username of the user that you want to query or modify. The value
|
2645
2666
|
# of this parameter is typically your user's username, but it can be
|
2646
2667
|
# any of their alias attributes. If `username` isn't an alias attribute
|
2647
|
-
# in your user pool,
|
2668
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
2669
|
+
# username of a user from a third-party IdP.
|
2648
2670
|
#
|
2649
2671
|
# @option params [required, Array<Types::MFAOptionType>] :mfa_options
|
2650
2672
|
# You can use this parameter only to set an SMS configuration that uses
|
@@ -2704,7 +2726,8 @@ module Aws::CognitoIdentityProvider
|
|
2704
2726
|
# The username of the user that you want to query or modify. The value
|
2705
2727
|
# of this parameter is typically your user's username, but it can be
|
2706
2728
|
# any of their alias attributes. If `username` isn't an alias attribute
|
2707
|
-
# in your user pool,
|
2729
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
2730
|
+
# username of a user from a third-party IdP.
|
2708
2731
|
#
|
2709
2732
|
# @option params [required, String] :event_id
|
2710
2733
|
# The authentication event ID.
|
@@ -2764,7 +2787,8 @@ module Aws::CognitoIdentityProvider
|
|
2764
2787
|
# The username of the user that you want to query or modify. The value
|
2765
2788
|
# of this parameter is typically your user's username, but it can be
|
2766
2789
|
# any of their alias attributes. If `username` isn't an alias attribute
|
2767
|
-
# in your user pool,
|
2790
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
2791
|
+
# username of a user from a third-party IdP.
|
2768
2792
|
#
|
2769
2793
|
# @option params [required, String] :device_key
|
2770
2794
|
# The device key.
|
@@ -2852,7 +2876,8 @@ module Aws::CognitoIdentityProvider
|
|
2852
2876
|
# The username of the user that you want to query or modify. The value
|
2853
2877
|
# of this parameter is typically your user's username, but it can be
|
2854
2878
|
# any of their alias attributes. If `username` isn't an alias attribute
|
2855
|
-
# in your user pool,
|
2879
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
2880
|
+
# username of a user from a third-party IdP.
|
2856
2881
|
#
|
2857
2882
|
# @option params [required, Array<Types::AttributeType>] :user_attributes
|
2858
2883
|
# An array of name-value pairs representing user attributes.
|
@@ -2991,7 +3016,8 @@ module Aws::CognitoIdentityProvider
|
|
2991
3016
|
# The username of the user that you want to query or modify. The value
|
2992
3017
|
# of this parameter is typically your user's username, but it can be
|
2993
3018
|
# any of their alias attributes. If `username` isn't an alias attribute
|
2994
|
-
# in your user pool,
|
3019
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
3020
|
+
# username of a user from a third-party IdP.
|
2995
3021
|
#
|
2996
3022
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2997
3023
|
#
|
@@ -3037,8 +3063,8 @@ module Aws::CognitoIdentityProvider
|
|
3037
3063
|
# policies in requests for this API operation. For this operation, you
|
3038
3064
|
# can't use IAM credentials to authorize requests, and you can't grant
|
3039
3065
|
# IAM permissions in policies. For more information about authorization
|
3040
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
3041
|
-
#
|
3066
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
3067
|
+
# and user pool endpoints][2].
|
3042
3068
|
#
|
3043
3069
|
# </note>
|
3044
3070
|
#
|
@@ -3084,12 +3110,15 @@ module Aws::CognitoIdentityProvider
|
|
3084
3110
|
|
3085
3111
|
# Changes the password for a specified user in a user pool.
|
3086
3112
|
#
|
3113
|
+
# Authorize this action with a signed-in user's access token. It must
|
3114
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
3115
|
+
#
|
3087
3116
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
3088
3117
|
# policies in requests for this API operation. For this operation, you
|
3089
3118
|
# can't use IAM credentials to authorize requests, and you can't grant
|
3090
3119
|
# IAM permissions in policies. For more information about authorization
|
3091
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
3092
|
-
#
|
3120
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
3121
|
+
# and user pool endpoints][1].
|
3093
3122
|
#
|
3094
3123
|
# </note>
|
3095
3124
|
#
|
@@ -3127,20 +3156,25 @@ module Aws::CognitoIdentityProvider
|
|
3127
3156
|
end
|
3128
3157
|
|
3129
3158
|
# Confirms tracking of the device. This API call is the call that begins
|
3130
|
-
# device tracking.
|
3159
|
+
# device tracking. For more information about device authentication, see
|
3160
|
+
# [Working with user devices in your user pool][1].
|
3161
|
+
#
|
3162
|
+
# Authorize this action with a signed-in user's access token. It must
|
3163
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
3131
3164
|
#
|
3132
3165
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
3133
3166
|
# policies in requests for this API operation. For this operation, you
|
3134
3167
|
# can't use IAM credentials to authorize requests, and you can't grant
|
3135
3168
|
# IAM permissions in policies. For more information about authorization
|
3136
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
3137
|
-
#
|
3169
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
3170
|
+
# and user pool endpoints][2].
|
3138
3171
|
#
|
3139
3172
|
# </note>
|
3140
3173
|
#
|
3141
3174
|
#
|
3142
3175
|
#
|
3143
|
-
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-
|
3176
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
3177
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
3144
3178
|
#
|
3145
3179
|
# @option params [required, String] :access_token
|
3146
3180
|
# A valid access token that Amazon Cognito issued to the user whose
|
@@ -3191,8 +3225,8 @@ module Aws::CognitoIdentityProvider
|
|
3191
3225
|
# policies in requests for this API operation. For this operation, you
|
3192
3226
|
# can't use IAM credentials to authorize requests, and you can't grant
|
3193
3227
|
# IAM permissions in policies. For more information about authorization
|
3194
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
3195
|
-
#
|
3228
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
3229
|
+
# and user pool endpoints][1].
|
3196
3230
|
#
|
3197
3231
|
# </note>
|
3198
3232
|
#
|
@@ -3217,7 +3251,8 @@ module Aws::CognitoIdentityProvider
|
|
3217
3251
|
# The username of the user that you want to query or modify. The value
|
3218
3252
|
# of this parameter is typically your user's username, but it can be
|
3219
3253
|
# any of their alias attributes. If `username` isn't an alias attribute
|
3220
|
-
# in your user pool,
|
3254
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
3255
|
+
# username of a user from a third-party IdP.
|
3221
3256
|
#
|
3222
3257
|
# @option params [required, String] :confirmation_code
|
3223
3258
|
# The confirmation code from your user's request to reset their
|
@@ -3330,8 +3365,8 @@ module Aws::CognitoIdentityProvider
|
|
3330
3365
|
# policies in requests for this API operation. For this operation, you
|
3331
3366
|
# can't use IAM credentials to authorize requests, and you can't grant
|
3332
3367
|
# IAM permissions in policies. For more information about authorization
|
3333
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
3334
|
-
#
|
3368
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
3369
|
+
# and user pool endpoints][3].
|
3335
3370
|
#
|
3336
3371
|
# </note>
|
3337
3372
|
#
|
@@ -3353,7 +3388,8 @@ module Aws::CognitoIdentityProvider
|
|
3353
3388
|
# The username of the user that you want to query or modify. The value
|
3354
3389
|
# of this parameter is typically your user's username, but it can be
|
3355
3390
|
# any of their alias attributes. If `username` isn't an alias attribute
|
3356
|
-
# in your user pool,
|
3391
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
3392
|
+
# username of a user from a third-party IdP.
|
3357
3393
|
#
|
3358
3394
|
# @option params [required, String] :confirmation_code
|
3359
3395
|
# The confirmation code sent by a user's request to confirm
|
@@ -3531,7 +3567,8 @@ module Aws::CognitoIdentityProvider
|
|
3531
3567
|
req.send_request(options)
|
3532
3568
|
end
|
3533
3569
|
|
3534
|
-
#
|
3570
|
+
# Adds a configuration and trust relationship between a third-party
|
3571
|
+
# identity provider (IdP) and a user pool.
|
3535
3572
|
#
|
3536
3573
|
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
3537
3574
|
# in requests for this API operation. For this operation, you must use
|
@@ -3561,74 +3598,123 @@ module Aws::CognitoIdentityProvider
|
|
3561
3598
|
# The IdP type.
|
3562
3599
|
#
|
3563
3600
|
# @option params [required, Hash<String,String>] :provider_details
|
3564
|
-
# The
|
3565
|
-
# for each IdP
|
3566
|
-
#
|
3567
|
-
#
|
3568
|
-
#
|
3569
|
-
#
|
3570
|
-
#
|
3571
|
-
#
|
3572
|
-
#
|
3573
|
-
#
|
3574
|
-
#
|
3575
|
-
#
|
3576
|
-
#
|
3577
|
-
#
|
3578
|
-
#
|
3579
|
-
#
|
3580
|
-
#
|
3581
|
-
#
|
3582
|
-
#
|
3583
|
-
#
|
3584
|
-
#
|
3585
|
-
#
|
3586
|
-
#
|
3587
|
-
#
|
3588
|
-
#
|
3589
|
-
#
|
3590
|
-
#
|
3591
|
-
#
|
3592
|
-
#
|
3593
|
-
#
|
3594
|
-
#
|
3595
|
-
#
|
3596
|
-
#
|
3597
|
-
#
|
3598
|
-
#
|
3599
|
-
#
|
3600
|
-
#
|
3601
|
-
#
|
3602
|
-
#
|
3603
|
-
#
|
3604
|
-
#
|
3605
|
-
#
|
3606
|
-
#
|
3607
|
-
#
|
3608
|
-
#
|
3609
|
-
#
|
3610
|
-
#
|
3611
|
-
#
|
3612
|
-
#
|
3613
|
-
#
|
3614
|
-
#
|
3615
|
-
#
|
3616
|
-
#
|
3617
|
-
#
|
3618
|
-
#
|
3619
|
-
#
|
3620
|
-
#
|
3621
|
-
#
|
3622
|
-
#
|
3623
|
-
#
|
3624
|
-
#
|
3625
|
-
#
|
3626
|
-
#
|
3627
|
-
#
|
3628
|
-
#
|
3629
|
-
#
|
3630
|
-
#
|
3631
|
-
#
|
3601
|
+
# The scopes, URLs, and identifiers for your external identity provider.
|
3602
|
+
# The following examples describe the provider detail keys for each IdP
|
3603
|
+
# type. These values and their schema are subject to change. Social IdP
|
3604
|
+
# `authorize_scopes` values must match the values listed here.
|
3605
|
+
#
|
3606
|
+
# OpenID Connect (OIDC)
|
3607
|
+
#
|
3608
|
+
# : Amazon Cognito accepts the following elements when it can't
|
3609
|
+
# discover endpoint URLs from `oidc_issuer`: `attributes_url`,
|
3610
|
+
# `authorize_url`, `jwks_uri`, `token_url`.
|
3611
|
+
#
|
3612
|
+
# Create or update request: `"ProviderDetails": \{
|
3613
|
+
# "attributes_request_method": "GET", "attributes_url":
|
3614
|
+
# "https://auth.example.com/userInfo", "authorize_scopes": "openid
|
3615
|
+
# profile email", "authorize_url":
|
3616
|
+
# "https://auth.example.com/authorize", "client_id":
|
3617
|
+
# "1example23456789", "client_secret": "provider-app-client-secret",
|
3618
|
+
# "jwks_uri": "https://auth.example.com/.well-known/jwks.json",
|
3619
|
+
# "oidc_issuer": "https://auth.example.com", "token_url":
|
3620
|
+
# "https://example.com/token" \}`
|
3621
|
+
#
|
3622
|
+
# Describe response: `"ProviderDetails": \{
|
3623
|
+
# "attributes_request_method": "GET", "attributes_url":
|
3624
|
+
# "https://auth.example.com/userInfo",
|
3625
|
+
# "attributes_url_add_attributes": "false", "authorize_scopes":
|
3626
|
+
# "openid profile email", "authorize_url":
|
3627
|
+
# "https://auth.example.com/authorize", "client_id":
|
3628
|
+
# "1example23456789", "client_secret": "provider-app-client-secret",
|
3629
|
+
# "jwks_uri": "https://auth.example.com/.well-known/jwks.json",
|
3630
|
+
# "oidc_issuer": "https://auth.example.com", "token_url":
|
3631
|
+
# "https://example.com/token" \}`
|
3632
|
+
#
|
3633
|
+
# SAML
|
3634
|
+
#
|
3635
|
+
# : Create or update request with Metadata URL: `"ProviderDetails": \{
|
3636
|
+
# "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" :
|
3637
|
+
# "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata",
|
3638
|
+
# "RequestSigningAlgorithm": "rsa-sha256" \}`
|
3639
|
+
#
|
3640
|
+
# Create or update request with Metadata file: `"ProviderDetails": \{
|
3641
|
+
# "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" :
|
3642
|
+
# "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm":
|
3643
|
+
# "rsa-sha256" \}`
|
3644
|
+
#
|
3645
|
+
# The value of `MetadataFile` must be the plaintext metadata document
|
3646
|
+
# with all quote (") characters escaped by backslashes.
|
3647
|
+
#
|
3648
|
+
# Describe response: `"ProviderDetails": \{ "IDPInit": "true",
|
3649
|
+
# "IDPSignout": "true", "EncryptedResponses" : "true",
|
3650
|
+
# "ActiveEncryptionCertificate": "[certificate]", "MetadataURL":
|
3651
|
+
# "https://auth.example.com/sso/saml/metadata",
|
3652
|
+
# "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI":
|
3653
|
+
# "https://auth.example.com/slo/saml", "SSORedirectBindingURI":
|
3654
|
+
# "https://auth.example.com/sso/saml" \}`
|
3655
|
+
#
|
3656
|
+
# LoginWithAmazon
|
3657
|
+
#
|
3658
|
+
# : Create or update request: `"ProviderDetails": \{ "authorize_scopes":
|
3659
|
+
# "profile postal_code", "client_id":
|
3660
|
+
# "amzn1.application-oa2-client.1example23456789", "client_secret":
|
3661
|
+
# "provider-app-client-secret"`
|
3662
|
+
#
|
3663
|
+
# Describe response: `"ProviderDetails": \{ "attributes_url":
|
3664
|
+
# "https://api.amazon.com/user/profile",
|
3665
|
+
# "attributes_url_add_attributes": "false", "authorize_scopes":
|
3666
|
+
# "profile postal_code", "authorize_url":
|
3667
|
+
# "https://www.amazon.com/ap/oa", "client_id":
|
3668
|
+
# "amzn1.application-oa2-client.1example23456789", "client_secret":
|
3669
|
+
# "provider-app-client-secret", "token_request_method": "POST",
|
3670
|
+
# "token_url": "https://api.amazon.com/auth/o2/token" \}`
|
3671
|
+
#
|
3672
|
+
# Google
|
3673
|
+
#
|
3674
|
+
# : Create or update request: `"ProviderDetails": \{ "authorize_scopes":
|
3675
|
+
# "email profile openid", "client_id":
|
3676
|
+
# "1example23456789.apps.googleusercontent.com", "client_secret":
|
3677
|
+
# "provider-app-client-secret" \}`
|
3678
|
+
#
|
3679
|
+
# Describe response: `"ProviderDetails": \{ "attributes_url":
|
3680
|
+
# "https://people.googleapis.com/v1/people/me?personFields=",
|
3681
|
+
# "attributes_url_add_attributes": "true", "authorize_scopes": "email
|
3682
|
+
# profile openid", "authorize_url":
|
3683
|
+
# "https://accounts.google.com/o/oauth2/v2/auth", "client_id":
|
3684
|
+
# "1example23456789.apps.googleusercontent.com", "client_secret":
|
3685
|
+
# "provider-app-client-secret", "oidc_issuer":
|
3686
|
+
# "https://accounts.google.com", "token_request_method": "POST",
|
3687
|
+
# "token_url": "https://www.googleapis.com/oauth2/v4/token" \}`
|
3688
|
+
#
|
3689
|
+
# SignInWithApple
|
3690
|
+
#
|
3691
|
+
# : Create or update request: `"ProviderDetails": \{ "authorize_scopes":
|
3692
|
+
# "email name", "client_id": "com.example.cognito", "private_key":
|
3693
|
+
# "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" \}`
|
3694
|
+
#
|
3695
|
+
# Describe response: `"ProviderDetails": \{
|
3696
|
+
# "attributes_url_add_attributes": "false", "authorize_scopes": "email
|
3697
|
+
# name", "authorize_url": "https://appleid.apple.com/auth/authorize",
|
3698
|
+
# "client_id": "com.example.cognito", "key_id": "1EXAMPLE",
|
3699
|
+
# "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE",
|
3700
|
+
# "token_request_method": "POST", "token_url":
|
3701
|
+
# "https://appleid.apple.com/auth/token" \}`
|
3702
|
+
#
|
3703
|
+
# Facebook
|
3704
|
+
#
|
3705
|
+
# : Create or update request: `"ProviderDetails": \{ "api_version":
|
3706
|
+
# "v17.0", "authorize_scopes": "public_profile, email", "client_id":
|
3707
|
+
# "1example23456789", "client_secret": "provider-app-client-secret"
|
3708
|
+
# \}`
|
3709
|
+
#
|
3710
|
+
# Describe response: `"ProviderDetails": \{ "api_version": "v17.0",
|
3711
|
+
# "attributes_url": "https://graph.facebook.com/v17.0/me?fields=",
|
3712
|
+
# "attributes_url_add_attributes": "true", "authorize_scopes":
|
3713
|
+
# "public_profile, email", "authorize_url":
|
3714
|
+
# "https://www.facebook.com/v17.0/dialog/oauth", "client_id":
|
3715
|
+
# "1example23456789", "client_secret": "provider-app-client-secret",
|
3716
|
+
# "token_request_method": "GET", "token_url":
|
3717
|
+
# "https://graph.facebook.com/v17.0/oauth/access_token" \}`
|
3632
3718
|
#
|
3633
3719
|
# @option params [Hash<String,String>] :attribute_mapping
|
3634
3720
|
# A mapping of IdP attributes to standard and custom user pool
|
@@ -4525,11 +4611,11 @@ module Aws::CognitoIdentityProvider
|
|
4525
4611
|
# create_auth_challenge: "ArnType",
|
4526
4612
|
# verify_auth_challenge_response: "ArnType",
|
4527
4613
|
# pre_token_generation: "ArnType",
|
4614
|
+
# user_migration: "ArnType",
|
4528
4615
|
# pre_token_generation_config: {
|
4529
4616
|
# lambda_version: "V1_0", # required, accepts V1_0, V2_0
|
4530
4617
|
# lambda_arn: "ArnType", # required
|
4531
4618
|
# },
|
4532
|
-
# user_migration: "ArnType",
|
4533
4619
|
# custom_sms_sender: {
|
4534
4620
|
# lambda_version: "V1_0", # required, accepts V1_0
|
4535
4621
|
# lambda_arn: "ArnType", # required
|
@@ -4640,9 +4726,9 @@ module Aws::CognitoIdentityProvider
|
|
4640
4726
|
# resp.user_pool.lambda_config.create_auth_challenge #=> String
|
4641
4727
|
# resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
|
4642
4728
|
# resp.user_pool.lambda_config.pre_token_generation #=> String
|
4729
|
+
# resp.user_pool.lambda_config.user_migration #=> String
|
4643
4730
|
# resp.user_pool.lambda_config.pre_token_generation_config.lambda_version #=> String, one of "V1_0", "V2_0"
|
4644
4731
|
# resp.user_pool.lambda_config.pre_token_generation_config.lambda_arn #=> String
|
4645
|
-
# resp.user_pool.lambda_config.user_migration #=> String
|
4646
4732
|
# resp.user_pool.lambda_config.custom_sms_sender.lambda_version #=> String, one of "V1_0"
|
4647
4733
|
# resp.user_pool.lambda_config.custom_sms_sender.lambda_arn #=> String
|
4648
4734
|
# resp.user_pool.lambda_config.custom_email_sender.lambda_version #=> String, one of "V1_0"
|
@@ -4957,7 +5043,9 @@ module Aws::CognitoIdentityProvider
|
|
4957
5043
|
# [1]: https://tools.ietf.org/html/rfc6749#section-3.1.2
|
4958
5044
|
#
|
4959
5045
|
# @option params [Array<String>] :allowed_o_auth_flows
|
4960
|
-
# The
|
5046
|
+
# The OAuth grant types that you want your app client to generate. To
|
5047
|
+
# create an app client that generates client credentials grants, you
|
5048
|
+
# must add `client_credentials` as the only allowed OAuth flow.
|
4961
5049
|
#
|
4962
5050
|
# code
|
4963
5051
|
#
|
@@ -5436,12 +5524,15 @@ module Aws::CognitoIdentityProvider
|
|
5436
5524
|
|
5437
5525
|
# Allows a user to delete their own user profile.
|
5438
5526
|
#
|
5527
|
+
# Authorize this action with a signed-in user's access token. It must
|
5528
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
5529
|
+
#
|
5439
5530
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
5440
5531
|
# policies in requests for this API operation. For this operation, you
|
5441
5532
|
# can't use IAM credentials to authorize requests, and you can't grant
|
5442
5533
|
# IAM permissions in policies. For more information about authorization
|
5443
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
5444
|
-
#
|
5534
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
5535
|
+
# and user pool endpoints][1].
|
5445
5536
|
#
|
5446
5537
|
# </note>
|
5447
5538
|
#
|
@@ -5472,12 +5563,15 @@ module Aws::CognitoIdentityProvider
|
|
5472
5563
|
|
5473
5564
|
# Deletes the attributes for a user.
|
5474
5565
|
#
|
5566
|
+
# Authorize this action with a signed-in user's access token. It must
|
5567
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
5568
|
+
#
|
5475
5569
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
5476
5570
|
# policies in requests for this API operation. For this operation, you
|
5477
5571
|
# can't use IAM credentials to authorize requests, and you can't grant
|
5478
5572
|
# IAM permissions in policies. For more information about authorization
|
5479
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
5480
|
-
#
|
5573
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
5574
|
+
# and user pool endpoints][1].
|
5481
5575
|
#
|
5482
5576
|
# </note>
|
5483
5577
|
#
|
@@ -5828,9 +5922,9 @@ module Aws::CognitoIdentityProvider
|
|
5828
5922
|
# resp.user_pool.lambda_config.create_auth_challenge #=> String
|
5829
5923
|
# resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
|
5830
5924
|
# resp.user_pool.lambda_config.pre_token_generation #=> String
|
5925
|
+
# resp.user_pool.lambda_config.user_migration #=> String
|
5831
5926
|
# resp.user_pool.lambda_config.pre_token_generation_config.lambda_version #=> String, one of "V1_0", "V2_0"
|
5832
5927
|
# resp.user_pool.lambda_config.pre_token_generation_config.lambda_arn #=> String
|
5833
|
-
# resp.user_pool.lambda_config.user_migration #=> String
|
5834
5928
|
# resp.user_pool.lambda_config.custom_sms_sender.lambda_version #=> String, one of "V1_0"
|
5835
5929
|
# resp.user_pool.lambda_config.custom_sms_sender.lambda_arn #=> String
|
5836
5930
|
# resp.user_pool.lambda_config.custom_email_sender.lambda_version #=> String, one of "V1_0"
|
@@ -6032,20 +6126,25 @@ module Aws::CognitoIdentityProvider
|
|
6032
6126
|
req.send_request(options)
|
6033
6127
|
end
|
6034
6128
|
|
6035
|
-
# Forgets the specified device.
|
6129
|
+
# Forgets the specified device. For more information about device
|
6130
|
+
# authentication, see [Working with user devices in your user pool][1].
|
6131
|
+
#
|
6132
|
+
# Authorize this action with a signed-in user's access token. It must
|
6133
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
6036
6134
|
#
|
6037
6135
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6038
6136
|
# policies in requests for this API operation. For this operation, you
|
6039
6137
|
# can't use IAM credentials to authorize requests, and you can't grant
|
6040
6138
|
# IAM permissions in policies. For more information about authorization
|
6041
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
6042
|
-
#
|
6139
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
6140
|
+
# and user pool endpoints][2].
|
6043
6141
|
#
|
6044
6142
|
# </note>
|
6045
6143
|
#
|
6046
6144
|
#
|
6047
6145
|
#
|
6048
|
-
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-
|
6146
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
6147
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6049
6148
|
#
|
6050
6149
|
# @option params [String] :access_token
|
6051
6150
|
# A valid access token that Amazon Cognito issued to the user whose
|
@@ -6086,12 +6185,16 @@ module Aws::CognitoIdentityProvider
|
|
6086
6185
|
# client secret and you don't provide a `SECRET_HASH` parameter, this
|
6087
6186
|
# API returns `NotAuthorizedException`.
|
6088
6187
|
#
|
6188
|
+
# To use this API operation, your user pool must have self-service
|
6189
|
+
# account recovery configured. Use [AdminSetUserPassword][3] if you
|
6190
|
+
# manage passwords as an administrator.
|
6191
|
+
#
|
6089
6192
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6090
6193
|
# policies in requests for this API operation. For this operation, you
|
6091
6194
|
# can't use IAM credentials to authorize requests, and you can't grant
|
6092
6195
|
# IAM permissions in policies. For more information about authorization
|
6093
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
6094
|
-
#
|
6196
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
6197
|
+
# and user pool endpoints][4].
|
6095
6198
|
#
|
6096
6199
|
# </note>
|
6097
6200
|
#
|
@@ -6099,7 +6202,7 @@ module Aws::CognitoIdentityProvider
|
|
6099
6202
|
# US telecom carriers require you to register an origination phone
|
6100
6203
|
# number before you can send SMS messages to US phone numbers. If you
|
6101
6204
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
6102
|
-
# number with [Amazon Pinpoint][
|
6205
|
+
# number with [Amazon Pinpoint][5]. Amazon Cognito uses the registered
|
6103
6206
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
6104
6207
|
# SMS messages might not be able to sign up, activate their accounts, or
|
6105
6208
|
# sign in.
|
@@ -6111,7 +6214,7 @@ module Aws::CognitoIdentityProvider
|
|
6111
6214
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
6112
6215
|
# After you test your app while in the sandbox environment, you can move
|
6113
6216
|
# out of the sandbox and into production. For more information, see [
|
6114
|
-
# SMS message settings for Amazon Cognito user pools][
|
6217
|
+
# SMS message settings for Amazon Cognito user pools][6] in the *Amazon
|
6115
6218
|
# Cognito Developer Guide*.
|
6116
6219
|
#
|
6117
6220
|
# </note>
|
@@ -6120,9 +6223,10 @@ module Aws::CognitoIdentityProvider
|
|
6120
6223
|
#
|
6121
6224
|
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html
|
6122
6225
|
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html
|
6123
|
-
# [3]: https://docs.aws.amazon.com/cognito/latest/
|
6124
|
-
# [4]: https://
|
6125
|
-
# [5]: https://
|
6226
|
+
# [3]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html
|
6227
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6228
|
+
# [5]: https://console.aws.amazon.com/pinpoint/home/
|
6229
|
+
# [6]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
6126
6230
|
#
|
6127
6231
|
# @option params [required, String] :client_id
|
6128
6232
|
# The ID of the client associated with the user pool.
|
@@ -6143,7 +6247,8 @@ module Aws::CognitoIdentityProvider
|
|
6143
6247
|
# The username of the user that you want to query or modify. The value
|
6144
6248
|
# of this parameter is typically your user's username, but it can be
|
6145
6249
|
# any of their alias attributes. If `username` isn't an alias attribute
|
6146
|
-
# in your user pool,
|
6250
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
6251
|
+
# username of a user from a third-party IdP.
|
6147
6252
|
#
|
6148
6253
|
# @option params [Types::AnalyticsMetadataType] :analytics_metadata
|
6149
6254
|
# The Amazon Pinpoint analytics metadata that contributes to your
|
@@ -6256,20 +6361,25 @@ module Aws::CognitoIdentityProvider
|
|
6256
6361
|
req.send_request(options)
|
6257
6362
|
end
|
6258
6363
|
|
6259
|
-
# Gets the device.
|
6364
|
+
# Gets the device. For more information about device authentication, see
|
6365
|
+
# [Working with user devices in your user pool][1].
|
6366
|
+
#
|
6367
|
+
# Authorize this action with a signed-in user's access token. It must
|
6368
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
6260
6369
|
#
|
6261
6370
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6262
6371
|
# policies in requests for this API operation. For this operation, you
|
6263
6372
|
# can't use IAM credentials to authorize requests, and you can't grant
|
6264
6373
|
# IAM permissions in policies. For more information about authorization
|
6265
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
6266
|
-
#
|
6374
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
6375
|
+
# and user pool endpoints][2].
|
6267
6376
|
#
|
6268
6377
|
# </note>
|
6269
6378
|
#
|
6270
6379
|
#
|
6271
6380
|
#
|
6272
|
-
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-
|
6381
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
6382
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6273
6383
|
#
|
6274
6384
|
# @option params [required, String] :device_key
|
6275
6385
|
# The device key.
|
@@ -6502,12 +6612,15 @@ module Aws::CognitoIdentityProvider
|
|
6502
6612
|
|
6503
6613
|
# Gets the user attributes and metadata for a user.
|
6504
6614
|
#
|
6615
|
+
# Authorize this action with a signed-in user's access token. It must
|
6616
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
6617
|
+
#
|
6505
6618
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6506
6619
|
# policies in requests for this API operation. For this operation, you
|
6507
6620
|
# can't use IAM credentials to authorize requests, and you can't grant
|
6508
6621
|
# IAM permissions in policies. For more information about authorization
|
6509
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
6510
|
-
#
|
6622
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
6623
|
+
# and user pool endpoints][1].
|
6511
6624
|
#
|
6512
6625
|
# </note>
|
6513
6626
|
#
|
@@ -6559,12 +6672,15 @@ module Aws::CognitoIdentityProvider
|
|
6559
6672
|
# attribute name. Sends a message to a user with a code that they must
|
6560
6673
|
# return in a VerifyUserAttribute request.
|
6561
6674
|
#
|
6675
|
+
# Authorize this action with a signed-in user's access token. It must
|
6676
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
6677
|
+
#
|
6562
6678
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6563
6679
|
# policies in requests for this API operation. For this operation, you
|
6564
6680
|
# can't use IAM credentials to authorize requests, and you can't grant
|
6565
6681
|
# IAM permissions in policies. For more information about authorization
|
6566
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
6567
|
-
#
|
6682
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
6683
|
+
# and user pool endpoints][1].
|
6568
6684
|
#
|
6569
6685
|
# </note>
|
6570
6686
|
#
|
@@ -6728,12 +6844,15 @@ module Aws::CognitoIdentityProvider
|
|
6728
6844
|
#
|
6729
6845
|
# Other requests might be valid until your user's token expires.
|
6730
6846
|
#
|
6847
|
+
# Authorize this action with a signed-in user's access token. It must
|
6848
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
6849
|
+
#
|
6731
6850
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6732
6851
|
# policies in requests for this API operation. For this operation, you
|
6733
6852
|
# can't use IAM credentials to authorize requests, and you can't grant
|
6734
6853
|
# IAM permissions in policies. For more information about authorization
|
6735
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
6736
|
-
#
|
6854
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
6855
|
+
# and user pool endpoints][1].
|
6737
6856
|
#
|
6738
6857
|
# </note>
|
6739
6858
|
#
|
@@ -6773,8 +6892,8 @@ module Aws::CognitoIdentityProvider
|
|
6773
6892
|
# policies in requests for this API operation. For this operation, you
|
6774
6893
|
# can't use IAM credentials to authorize requests, and you can't grant
|
6775
6894
|
# IAM permissions in policies. For more information about authorization
|
6776
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
6777
|
-
#
|
6895
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
6896
|
+
# and user pool endpoints][2].
|
6778
6897
|
#
|
6779
6898
|
# </note>
|
6780
6899
|
#
|
@@ -7029,20 +7148,25 @@ module Aws::CognitoIdentityProvider
|
|
7029
7148
|
end
|
7030
7149
|
|
7031
7150
|
# Lists the sign-in devices that Amazon Cognito has registered to the
|
7032
|
-
# current user.
|
7151
|
+
# current user. For more information about device authentication, see
|
7152
|
+
# [Working with user devices in your user pool][1].
|
7153
|
+
#
|
7154
|
+
# Authorize this action with a signed-in user's access token. It must
|
7155
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
7033
7156
|
#
|
7034
7157
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
7035
7158
|
# policies in requests for this API operation. For this operation, you
|
7036
7159
|
# can't use IAM credentials to authorize requests, and you can't grant
|
7037
7160
|
# IAM permissions in policies. For more information about authorization
|
7038
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
7039
|
-
#
|
7161
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
7162
|
+
# and user pool endpoints][2].
|
7040
7163
|
#
|
7041
7164
|
# </note>
|
7042
7165
|
#
|
7043
7166
|
#
|
7044
7167
|
#
|
7045
|
-
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-
|
7168
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
7169
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7046
7170
|
#
|
7047
7171
|
# @option params [required, String] :access_token
|
7048
7172
|
# A valid access token that Amazon Cognito issued to the user whose list
|
@@ -7519,9 +7643,9 @@ module Aws::CognitoIdentityProvider
|
|
7519
7643
|
# resp.user_pools[0].lambda_config.create_auth_challenge #=> String
|
7520
7644
|
# resp.user_pools[0].lambda_config.verify_auth_challenge_response #=> String
|
7521
7645
|
# resp.user_pools[0].lambda_config.pre_token_generation #=> String
|
7646
|
+
# resp.user_pools[0].lambda_config.user_migration #=> String
|
7522
7647
|
# resp.user_pools[0].lambda_config.pre_token_generation_config.lambda_version #=> String, one of "V1_0", "V2_0"
|
7523
7648
|
# resp.user_pools[0].lambda_config.pre_token_generation_config.lambda_arn #=> String
|
7524
|
-
# resp.user_pools[0].lambda_config.user_migration #=> String
|
7525
7649
|
# resp.user_pools[0].lambda_config.custom_sms_sender.lambda_version #=> String, one of "V1_0"
|
7526
7650
|
# resp.user_pools[0].lambda_config.custom_sms_sender.lambda_arn #=> String
|
7527
7651
|
# resp.user_pools[0].lambda_config.custom_email_sender.lambda_version #=> String, one of "V1_0"
|
@@ -7592,15 +7716,15 @@ module Aws::CognitoIdentityProvider
|
|
7592
7716
|
# @option params [String] :filter
|
7593
7717
|
# A filter string of the form "*AttributeName* *Filter-Type*
|
7594
7718
|
# "*AttributeValue*"". Quotation marks within the filter string must
|
7595
|
-
# be escaped using the backslash (
|
7596
|
-
# "
|
7719
|
+
# be escaped using the backslash (``) character. For example,
|
7720
|
+
# `"family_name = "Reddy""`.
|
7597
7721
|
#
|
7598
7722
|
# * *AttributeName*: The name of the attribute to search for. You can
|
7599
7723
|
# only search for one attribute at a time.
|
7600
7724
|
#
|
7601
|
-
# * *Filter-Type*: For an exact match, use
|
7602
|
-
# "`given_name
|
7603
|
-
#
|
7725
|
+
# * *Filter-Type*: For an exact match, use `=`, for example,
|
7726
|
+
# "`given_name = "Jon"`". For a prefix ("starts with") match,
|
7727
|
+
# use `^=`, for example, "`given_name ^= "Jon"`".
|
7604
7728
|
#
|
7605
7729
|
# * *AttributeValue*: The attribute value that must be matched for each
|
7606
7730
|
# user.
|
@@ -7858,8 +7982,8 @@ module Aws::CognitoIdentityProvider
|
|
7858
7982
|
# policies in requests for this API operation. For this operation, you
|
7859
7983
|
# can't use IAM credentials to authorize requests, and you can't grant
|
7860
7984
|
# IAM permissions in policies. For more information about authorization
|
7861
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
7862
|
-
#
|
7985
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
7986
|
+
# and user pool endpoints][1].
|
7863
7987
|
#
|
7864
7988
|
# </note>
|
7865
7989
|
#
|
@@ -7909,7 +8033,8 @@ module Aws::CognitoIdentityProvider
|
|
7909
8033
|
# The username of the user that you want to query or modify. The value
|
7910
8034
|
# of this parameter is typically your user's username, but it can be
|
7911
8035
|
# any of their alias attributes. If `username` isn't an alias attribute
|
7912
|
-
# in your user pool,
|
8036
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
8037
|
+
# username of a user from a third-party IdP.
|
7913
8038
|
#
|
7914
8039
|
# @option params [Types::AnalyticsMetadataType] :analytics_metadata
|
7915
8040
|
# The Amazon Pinpoint analytics metadata that contributes to your
|
@@ -8003,8 +8128,8 @@ module Aws::CognitoIdentityProvider
|
|
8003
8128
|
# policies in requests for this API operation. For this operation, you
|
8004
8129
|
# can't use IAM credentials to authorize requests, and you can't grant
|
8005
8130
|
# IAM permissions in policies. For more information about authorization
|
8006
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
8007
|
-
#
|
8131
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
8132
|
+
# and user pool endpoints][2].
|
8008
8133
|
#
|
8009
8134
|
# </note>
|
8010
8135
|
#
|
@@ -8255,8 +8380,8 @@ module Aws::CognitoIdentityProvider
|
|
8255
8380
|
# policies in requests for this API operation. For this operation, you
|
8256
8381
|
# can't use IAM credentials to authorize requests, and you can't grant
|
8257
8382
|
# IAM permissions in policies. For more information about authorization
|
8258
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
8259
|
-
#
|
8383
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
8384
|
+
# and user pool endpoints][1].
|
8260
8385
|
#
|
8261
8386
|
# </note>
|
8262
8387
|
#
|
@@ -8537,12 +8662,15 @@ module Aws::CognitoIdentityProvider
|
|
8537
8662
|
# based on the assessed risk level of sign-in attempts, deactivate MFA
|
8538
8663
|
# for users and turn on Adaptive Authentication for the user pool.
|
8539
8664
|
#
|
8665
|
+
# Authorize this action with a signed-in user's access token. It must
|
8666
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
8667
|
+
#
|
8540
8668
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
8541
8669
|
# policies in requests for this API operation. For this operation, you
|
8542
8670
|
# can't use IAM credentials to authorize requests, and you can't grant
|
8543
8671
|
# IAM permissions in policies. For more information about authorization
|
8544
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
8545
|
-
#
|
8672
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
8673
|
+
# and user pool endpoints][1].
|
8546
8674
|
#
|
8547
8675
|
# </note>
|
8548
8676
|
#
|
@@ -8686,12 +8814,15 @@ module Aws::CognitoIdentityProvider
|
|
8686
8814
|
# (TOTP) software token MFA. To configure either type of MFA, use
|
8687
8815
|
# [SetUserMFAPreference][1] instead.
|
8688
8816
|
#
|
8817
|
+
# Authorize this action with a signed-in user's access token. It must
|
8818
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
8819
|
+
#
|
8689
8820
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
8690
8821
|
# policies in requests for this API operation. For this operation, you
|
8691
8822
|
# can't use IAM credentials to authorize requests, and you can't grant
|
8692
8823
|
# IAM permissions in policies. For more information about authorization
|
8693
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
8694
|
-
#
|
8824
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
8825
|
+
# and user pool endpoints][2].
|
8695
8826
|
#
|
8696
8827
|
# </note>
|
8697
8828
|
#
|
@@ -8738,8 +8869,8 @@ module Aws::CognitoIdentityProvider
|
|
8738
8869
|
# policies in requests for this API operation. For this operation, you
|
8739
8870
|
# can't use IAM credentials to authorize requests, and you can't grant
|
8740
8871
|
# IAM permissions in policies. For more information about authorization
|
8741
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
8742
|
-
#
|
8872
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
8873
|
+
# and user pool endpoints][1].
|
8743
8874
|
#
|
8744
8875
|
# </note>
|
8745
8876
|
#
|
@@ -9087,8 +9218,8 @@ module Aws::CognitoIdentityProvider
|
|
9087
9218
|
# policies in requests for this API operation. For this operation, you
|
9088
9219
|
# can't use IAM credentials to authorize requests, and you can't grant
|
9089
9220
|
# IAM permissions in policies. For more information about authorization
|
9090
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
9091
|
-
#
|
9221
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
9222
|
+
# and user pool endpoints][1].
|
9092
9223
|
#
|
9093
9224
|
# </note>
|
9094
9225
|
#
|
@@ -9103,7 +9234,8 @@ module Aws::CognitoIdentityProvider
|
|
9103
9234
|
# The username of the user that you want to query or modify. The value
|
9104
9235
|
# of this parameter is typically your user's username, but it can be
|
9105
9236
|
# any of their alias attributes. If `username` isn't an alias attribute
|
9106
|
-
# in your user pool,
|
9237
|
+
# in your user pool, this value must be the `sub` of a local user or the
|
9238
|
+
# username of a user from a third-party IdP.
|
9107
9239
|
#
|
9108
9240
|
# @option params [required, String] :event_id
|
9109
9241
|
# The event ID.
|
@@ -9140,20 +9272,25 @@ module Aws::CognitoIdentityProvider
|
|
9140
9272
|
req.send_request(options)
|
9141
9273
|
end
|
9142
9274
|
|
9143
|
-
# Updates the device status.
|
9275
|
+
# Updates the device status. For more information about device
|
9276
|
+
# authentication, see [Working with user devices in your user pool][1].
|
9277
|
+
#
|
9278
|
+
# Authorize this action with a signed-in user's access token. It must
|
9279
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
9144
9280
|
#
|
9145
9281
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
9146
9282
|
# policies in requests for this API operation. For this operation, you
|
9147
9283
|
# can't use IAM credentials to authorize requests, and you can't grant
|
9148
9284
|
# IAM permissions in policies. For more information about authorization
|
9149
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
9150
|
-
#
|
9285
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
9286
|
+
# and user pool endpoints][2].
|
9151
9287
|
#
|
9152
9288
|
# </note>
|
9153
9289
|
#
|
9154
9290
|
#
|
9155
9291
|
#
|
9156
|
-
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-
|
9292
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
9293
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
9157
9294
|
#
|
9158
9295
|
# @option params [required, String] :access_token
|
9159
9296
|
# A valid access token that Amazon Cognito issued to the user whose
|
@@ -9286,8 +9423,123 @@ module Aws::CognitoIdentityProvider
|
|
9286
9423
|
# The IdP name.
|
9287
9424
|
#
|
9288
9425
|
# @option params [Hash<String,String>] :provider_details
|
9289
|
-
# The
|
9290
|
-
#
|
9426
|
+
# The scopes, URLs, and identifiers for your external identity provider.
|
9427
|
+
# The following examples describe the provider detail keys for each IdP
|
9428
|
+
# type. These values and their schema are subject to change. Social IdP
|
9429
|
+
# `authorize_scopes` values must match the values listed here.
|
9430
|
+
#
|
9431
|
+
# OpenID Connect (OIDC)
|
9432
|
+
#
|
9433
|
+
# : Amazon Cognito accepts the following elements when it can't
|
9434
|
+
# discover endpoint URLs from `oidc_issuer`: `attributes_url`,
|
9435
|
+
# `authorize_url`, `jwks_uri`, `token_url`.
|
9436
|
+
#
|
9437
|
+
# Create or update request: `"ProviderDetails": \{
|
9438
|
+
# "attributes_request_method": "GET", "attributes_url":
|
9439
|
+
# "https://auth.example.com/userInfo", "authorize_scopes": "openid
|
9440
|
+
# profile email", "authorize_url":
|
9441
|
+
# "https://auth.example.com/authorize", "client_id":
|
9442
|
+
# "1example23456789", "client_secret": "provider-app-client-secret",
|
9443
|
+
# "jwks_uri": "https://auth.example.com/.well-known/jwks.json",
|
9444
|
+
# "oidc_issuer": "https://auth.example.com", "token_url":
|
9445
|
+
# "https://example.com/token" \}`
|
9446
|
+
#
|
9447
|
+
# Describe response: `"ProviderDetails": \{
|
9448
|
+
# "attributes_request_method": "GET", "attributes_url":
|
9449
|
+
# "https://auth.example.com/userInfo",
|
9450
|
+
# "attributes_url_add_attributes": "false", "authorize_scopes":
|
9451
|
+
# "openid profile email", "authorize_url":
|
9452
|
+
# "https://auth.example.com/authorize", "client_id":
|
9453
|
+
# "1example23456789", "client_secret": "provider-app-client-secret",
|
9454
|
+
# "jwks_uri": "https://auth.example.com/.well-known/jwks.json",
|
9455
|
+
# "oidc_issuer": "https://auth.example.com", "token_url":
|
9456
|
+
# "https://example.com/token" \}`
|
9457
|
+
#
|
9458
|
+
# SAML
|
9459
|
+
#
|
9460
|
+
# : Create or update request with Metadata URL: `"ProviderDetails": \{
|
9461
|
+
# "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" :
|
9462
|
+
# "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata",
|
9463
|
+
# "RequestSigningAlgorithm": "rsa-sha256" \}`
|
9464
|
+
#
|
9465
|
+
# Create or update request with Metadata file: `"ProviderDetails": \{
|
9466
|
+
# "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" :
|
9467
|
+
# "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm":
|
9468
|
+
# "rsa-sha256" \}`
|
9469
|
+
#
|
9470
|
+
# The value of `MetadataFile` must be the plaintext metadata document
|
9471
|
+
# with all quote (") characters escaped by backslashes.
|
9472
|
+
#
|
9473
|
+
# Describe response: `"ProviderDetails": \{ "IDPInit": "true",
|
9474
|
+
# "IDPSignout": "true", "EncryptedResponses" : "true",
|
9475
|
+
# "ActiveEncryptionCertificate": "[certificate]", "MetadataURL":
|
9476
|
+
# "https://auth.example.com/sso/saml/metadata",
|
9477
|
+
# "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI":
|
9478
|
+
# "https://auth.example.com/slo/saml", "SSORedirectBindingURI":
|
9479
|
+
# "https://auth.example.com/sso/saml" \}`
|
9480
|
+
#
|
9481
|
+
# LoginWithAmazon
|
9482
|
+
#
|
9483
|
+
# : Create or update request: `"ProviderDetails": \{ "authorize_scopes":
|
9484
|
+
# "profile postal_code", "client_id":
|
9485
|
+
# "amzn1.application-oa2-client.1example23456789", "client_secret":
|
9486
|
+
# "provider-app-client-secret"`
|
9487
|
+
#
|
9488
|
+
# Describe response: `"ProviderDetails": \{ "attributes_url":
|
9489
|
+
# "https://api.amazon.com/user/profile",
|
9490
|
+
# "attributes_url_add_attributes": "false", "authorize_scopes":
|
9491
|
+
# "profile postal_code", "authorize_url":
|
9492
|
+
# "https://www.amazon.com/ap/oa", "client_id":
|
9493
|
+
# "amzn1.application-oa2-client.1example23456789", "client_secret":
|
9494
|
+
# "provider-app-client-secret", "token_request_method": "POST",
|
9495
|
+
# "token_url": "https://api.amazon.com/auth/o2/token" \}`
|
9496
|
+
#
|
9497
|
+
# Google
|
9498
|
+
#
|
9499
|
+
# : Create or update request: `"ProviderDetails": \{ "authorize_scopes":
|
9500
|
+
# "email profile openid", "client_id":
|
9501
|
+
# "1example23456789.apps.googleusercontent.com", "client_secret":
|
9502
|
+
# "provider-app-client-secret" \}`
|
9503
|
+
#
|
9504
|
+
# Describe response: `"ProviderDetails": \{ "attributes_url":
|
9505
|
+
# "https://people.googleapis.com/v1/people/me?personFields=",
|
9506
|
+
# "attributes_url_add_attributes": "true", "authorize_scopes": "email
|
9507
|
+
# profile openid", "authorize_url":
|
9508
|
+
# "https://accounts.google.com/o/oauth2/v2/auth", "client_id":
|
9509
|
+
# "1example23456789.apps.googleusercontent.com", "client_secret":
|
9510
|
+
# "provider-app-client-secret", "oidc_issuer":
|
9511
|
+
# "https://accounts.google.com", "token_request_method": "POST",
|
9512
|
+
# "token_url": "https://www.googleapis.com/oauth2/v4/token" \}`
|
9513
|
+
#
|
9514
|
+
# SignInWithApple
|
9515
|
+
#
|
9516
|
+
# : Create or update request: `"ProviderDetails": \{ "authorize_scopes":
|
9517
|
+
# "email name", "client_id": "com.example.cognito", "private_key":
|
9518
|
+
# "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" \}`
|
9519
|
+
#
|
9520
|
+
# Describe response: `"ProviderDetails": \{
|
9521
|
+
# "attributes_url_add_attributes": "false", "authorize_scopes": "email
|
9522
|
+
# name", "authorize_url": "https://appleid.apple.com/auth/authorize",
|
9523
|
+
# "client_id": "com.example.cognito", "key_id": "1EXAMPLE",
|
9524
|
+
# "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE",
|
9525
|
+
# "token_request_method": "POST", "token_url":
|
9526
|
+
# "https://appleid.apple.com/auth/token" \}`
|
9527
|
+
#
|
9528
|
+
# Facebook
|
9529
|
+
#
|
9530
|
+
# : Create or update request: `"ProviderDetails": \{ "api_version":
|
9531
|
+
# "v17.0", "authorize_scopes": "public_profile, email", "client_id":
|
9532
|
+
# "1example23456789", "client_secret": "provider-app-client-secret"
|
9533
|
+
# \}`
|
9534
|
+
#
|
9535
|
+
# Describe response: `"ProviderDetails": \{ "api_version": "v17.0",
|
9536
|
+
# "attributes_url": "https://graph.facebook.com/v17.0/me?fields=",
|
9537
|
+
# "attributes_url_add_attributes": "true", "authorize_scopes":
|
9538
|
+
# "public_profile, email", "authorize_url":
|
9539
|
+
# "https://www.facebook.com/v17.0/dialog/oauth", "client_id":
|
9540
|
+
# "1example23456789", "client_secret": "provider-app-client-secret",
|
9541
|
+
# "token_request_method": "GET", "token_url":
|
9542
|
+
# "https://graph.facebook.com/v17.0/oauth/access_token" \}`
|
9291
9543
|
#
|
9292
9544
|
# @option params [Hash<String,String>] :attribute_mapping
|
9293
9545
|
# The IdP attribute mapping to be changed.
|
@@ -9414,12 +9666,15 @@ module Aws::CognitoIdentityProvider
|
|
9414
9666
|
# submit the attribute in your API request with a blank value. Custom
|
9415
9667
|
# attribute values in this request must include the `custom:` prefix.
|
9416
9668
|
#
|
9669
|
+
# Authorize this action with a signed-in user's access token. It must
|
9670
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
9671
|
+
#
|
9417
9672
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
9418
9673
|
# policies in requests for this API operation. For this operation, you
|
9419
9674
|
# can't use IAM credentials to authorize requests, and you can't grant
|
9420
9675
|
# IAM permissions in policies. For more information about authorization
|
9421
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
9422
|
-
#
|
9676
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
9677
|
+
# and user pool endpoints][1].
|
9423
9678
|
#
|
9424
9679
|
# </note>
|
9425
9680
|
#
|
@@ -9754,11 +10009,11 @@ module Aws::CognitoIdentityProvider
|
|
9754
10009
|
# create_auth_challenge: "ArnType",
|
9755
10010
|
# verify_auth_challenge_response: "ArnType",
|
9756
10011
|
# pre_token_generation: "ArnType",
|
10012
|
+
# user_migration: "ArnType",
|
9757
10013
|
# pre_token_generation_config: {
|
9758
10014
|
# lambda_version: "V1_0", # required, accepts V1_0, V2_0
|
9759
10015
|
# lambda_arn: "ArnType", # required
|
9760
10016
|
# },
|
9761
|
-
# user_migration: "ArnType",
|
9762
10017
|
# custom_sms_sender: {
|
9763
10018
|
# lambda_version: "V1_0", # required, accepts V1_0
|
9764
10019
|
# lambda_arn: "ArnType", # required
|
@@ -10376,8 +10631,8 @@ module Aws::CognitoIdentityProvider
|
|
10376
10631
|
# policies in requests for this API operation. For this operation, you
|
10377
10632
|
# can't use IAM credentials to authorize requests, and you can't grant
|
10378
10633
|
# IAM permissions in policies. For more information about authorization
|
10379
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
10380
|
-
#
|
10634
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
10635
|
+
# and user pool endpoints][1].
|
10381
10636
|
#
|
10382
10637
|
# </note>
|
10383
10638
|
#
|
@@ -10439,12 +10694,15 @@ module Aws::CognitoIdentityProvider
|
|
10439
10694
|
# attribute to its pending value. For more information, see [
|
10440
10695
|
# UserAttributeUpdateSettingsType][1].
|
10441
10696
|
#
|
10697
|
+
# Authorize this action with a signed-in user's access token. It must
|
10698
|
+
# include the scope `aws.cognito.signin.user.admin`.
|
10699
|
+
#
|
10442
10700
|
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
10443
10701
|
# policies in requests for this API operation. For this operation, you
|
10444
10702
|
# can't use IAM credentials to authorize requests, and you can't grant
|
10445
10703
|
# IAM permissions in policies. For more information about authorization
|
10446
|
-
# models in Amazon Cognito, see [Using the Amazon Cognito
|
10447
|
-
#
|
10704
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito user pools API
|
10705
|
+
# and user pool endpoints][2].
|
10448
10706
|
#
|
10449
10707
|
# </note>
|
10450
10708
|
#
|
@@ -10495,7 +10753,7 @@ module Aws::CognitoIdentityProvider
|
|
10495
10753
|
params: params,
|
10496
10754
|
config: config)
|
10497
10755
|
context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
|
10498
|
-
context[:gem_version] = '1.
|
10756
|
+
context[:gem_version] = '1.88.0'
|
10499
10757
|
Seahorse::Client::Request.new(handlers, context)
|
10500
10758
|
end
|
10501
10759
|
|