aws-sdk-cognitoidentity 1.0.0.rc1 → 1.0.0.rc2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a3204ac027bbb86a8cf38d887e17aa867c3e2815
4
- data.tar.gz: c8fb74937c17e81a6b1964743001911a5bb74394
3
+ metadata.gz: 101052d059b5c2496eb97ef640dcebe57e3c79f2
4
+ data.tar.gz: 2a9f3656ec2ad8e3c3d91f528a7e9c5bb17dcccb
5
5
  SHA512:
6
- metadata.gz: 0702cfead3de90330968830eb2191ad31c069dc5914a1e6090afa7b7fb0654bc64101e024eb689bad51dcc33c7d7a46fbbac74546645223a87f70ca710b028c4
7
- data.tar.gz: 2661815dd89305d8069f59df99cd6703e32135d88c43e45584cb38d5a939463f5bfcefe2cf8dee1588c29ad130750e3908c3402be41a8a0cc978897d38647c36
6
+ metadata.gz: 8f1d06eb228d7db852521dc6f8afa40b7273f5f1955278339262302e4d4313fcc1a5f7bfcab98ad05184d1b78afe9bf3634017c688a3d6d94349539c5e9e1f0c
7
+ data.tar.gz: 1c4bf44dda9800b6724c4761c972c0c52878129531a0656c9af8093215af72ed3cb52b2e34d0ee7e91421ee70dc0f426bf3fed0f2336eec3b060e8851115ee6b
@@ -1,6 +1,6 @@
1
1
  # WARNING ABOUT GENERATED CODE
2
2
  #
3
- # This file is generated. See the contributing for info on making contributions:
3
+ # This file is generated. See the contributing guide for more information:
4
4
  # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
5
  #
6
6
  # WARNING ABOUT GENERATED CODE
@@ -1,6 +1,6 @@
1
1
  # WARNING ABOUT GENERATED CODE
2
2
  #
3
- # This file is generated. See the contributing for info on making contributions:
3
+ # This file is generated. See the contributing guide for more information:
4
4
  # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
5
  #
6
6
  # WARNING ABOUT GENERATED CODE
@@ -23,912 +23,1093 @@ require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
23
23
 
24
24
  Aws::Plugins::GlobalConfiguration.add_identifier(:cognitoidentity)
25
25
 
26
- module Aws
27
- module CognitoIdentity
28
- class Client < Seahorse::Client::Base
29
-
30
- include Aws::ClientStubs
31
-
32
- @identifier = :cognitoidentity
33
-
34
- set_api(ClientApi::API)
35
-
36
- add_plugin(Seahorse::Client::Plugins::ContentLength)
37
- add_plugin(Aws::Plugins::CredentialsConfiguration)
38
- add_plugin(Aws::Plugins::Logging)
39
- add_plugin(Aws::Plugins::ParamConverter)
40
- add_plugin(Aws::Plugins::ParamValidator)
41
- add_plugin(Aws::Plugins::UserAgent)
42
- add_plugin(Aws::Plugins::HelpfulSocketErrors)
43
- add_plugin(Aws::Plugins::RetryErrors)
44
- add_plugin(Aws::Plugins::GlobalConfiguration)
45
- add_plugin(Aws::Plugins::RegionalEndpoint)
46
- add_plugin(Aws::Plugins::ResponsePaging)
47
- add_plugin(Aws::Plugins::StubResponses)
48
- add_plugin(Aws::Plugins::IdempotencyToken)
49
- add_plugin(Aws::Plugins::SignatureV4)
50
- add_plugin(Aws::Plugins::Protocols::JsonRpc)
51
-
52
- # @option options [required, Aws::CredentialProvider] :credentials
53
- # Your AWS credentials. This can be an instance of any one of the
54
- # following classes:
55
- #
56
- # * `Aws::Credentials` - Used for configuring static, non-refreshing
57
- # credentials.
58
- #
59
- # * `Aws::InstanceProfileCredentials` - Used for loading credentials
60
- # from an EC2 IMDS on an EC2 instance.
61
- #
62
- # * `Aws::SharedCredentials` - Used for loading credentials from a
63
- # shared file, such as `~/.aws/config`.
64
- #
65
- # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
66
- #
67
- # When `:credentials` are not configured directly, the following
68
- # locations will be searched for credentials:
69
- #
70
- # * `Aws.config[:credentials]`
71
- # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
72
- # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
73
- # * `~/.aws/credentials`
74
- # * `~/.aws/config`
75
- # * EC2 IMDS instance profile - When used by default, the timeouts are
76
- # very aggressive. Construct and pass an instance of
77
- # `Aws::InstanceProfileCredentails` to enable retries and extended
78
- # timeouts.
79
- # @option options [required, String] :region
80
- # The AWS region to connect to. The configured `:region` is
81
- # used to determine the service `:endpoint`. When not passed,
82
- # a default `:region` is search for in the following locations:
83
- #
84
- # * `Aws.config[:region]`
85
- # * `ENV['AWS_REGION']`
86
- # * `ENV['AMAZON_REGION']`
87
- # * `ENV['AWS_DEFAULT_REGION']`
88
- # * `~/.aws/credentials`
89
- # * `~/.aws/config`
90
- # @option options [String] :access_key_id
91
- # @option options [Boolean] :convert_params (true)
92
- # When `true`, an attempt is made to coerce request parameters into
93
- # the required types.
94
- # @option options [String] :endpoint
95
- # The client endpoint is normally constructed from the `:region`
96
- # option. You should only configure an `:endpoint` when connecting
97
- # to test endpoints. This should be avalid HTTP(S) URI.
98
- # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
99
- # The log formatter.
100
- # @option options [Symbol] :log_level (:info)
101
- # The log level to send messages to the `:logger` at.
102
- # @option options [Logger] :logger
103
- # The Logger instance to send log messages to. If this option
104
- # is not set, logging will be disabled.
105
- # @option options [String] :profile ("default")
106
- # Used when loading credentials from the shared credentials file
107
- # at HOME/.aws/credentials. When not specified, 'default' is used.
108
- # @option options [Integer] :retry_limit (3)
109
- # The maximum number of times to retry failed requests. Only
110
- # ~ 500 level server errors and certain ~ 400 level client errors
111
- # are retried. Generally, these are throttling errors, data
112
- # checksum errors, networking errors, timeout errors and auth
113
- # errors from expired credentials.
114
- # @option options [String] :secret_access_key
115
- # @option options [String] :session_token
116
- # @option options [Boolean] :simple_json (false)
117
- # Disables request parameter conversion, validation, and formatting.
118
- # Also disable response data type conversions. This option is useful
119
- # when you want to ensure the highest level of performance by
120
- # avoiding overhead of walking request parameters and response data
121
- # structures.
122
- #
123
- # When `:simple_json` is enabled, the request parameters hash must
124
- # be formatted exactly as the DynamoDB API expects.
125
- # @option options [Boolean] :stub_responses (false)
126
- # Causes the client to return stubbed responses. By default
127
- # fake responses are generated and returned. You can specify
128
- # the response data to return or errors to raise by calling
129
- # {ClientStubs#stub_responses}. See {ClientStubs} for more information.
130
- #
131
- # ** Please note ** When response stubbing is enabled, no HTTP
132
- # requests are made, and retries are disabled.
133
- # @option options [Boolean] :validate_params (true)
134
- # When `true`, request parameters are validated before
135
- # sending the request.
136
- def initialize(*args)
137
- super
138
- end
26
+ module Aws::CognitoIdentity
27
+ class Client < Seahorse::Client::Base
139
28
 
140
- # @!group API Operations
141
-
142
- # Creates a new identity pool. The identity pool is a store of user
143
- # identity information that is specific to your AWS account. The limit
144
- # on identity pools is 60 per account. The keys for
145
- # `SupportedLoginProviders` are as follows: * Facebook:
146
- # `graph.facebook.com`
147
- # * Google: `accounts.google.com`
148
- # * Amazon: `www.amazon.com`
149
- # * Twitter: `api.twitter.com`
150
- # * Digits: `www.digits.com`
151
- #
152
- # You must use AWS Developer credentials to call this API.
153
- # @option params [required, String] :identity_pool_name
154
- # A string that you provide.
155
- # @option params [required, Boolean] :allow_unauthenticated_identities
156
- # TRUE if the identity pool supports unauthenticated logins.
157
- # @option params [Hash<String,String>] :supported_login_providers
158
- # Optional key:value pairs mapping provider names to provider app IDs.
159
- # @option params [String] :developer_provider_name
160
- # The "domain" by which Cognito will refer to your users. This name
161
- # acts as a placeholder that allows your backend and the Cognito service
162
- # to communicate about the developer provider. For the
163
- # `DeveloperProviderName`, you can use letters as well as period (`.`),
164
- # underscore (`_`), and dash (`-`).
165
- #
166
- # Once you have set a developer provider name, you cannot change it.
167
- # Please take care in setting this parameter.
168
- # @option params [Array<String>] :open_id_connect_provider_arns
169
- # A list of OpendID Connect provider ARNs.
170
- # @option params [Array<Types::CognitoIdentityProvider>] :cognito_identity_providers
171
- # An array of Amazon Cognito Identity user pools.
172
- # @option params [Array<String>] :saml_provider_arns
173
- # An array of Amazon Resource Names (ARNs) of the SAML provider for your
174
- # identity pool.
175
- # @return [Types::IdentityPool] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
176
- #
177
- # * {Types::IdentityPool#identity_pool_id #IdentityPoolId} => String
178
- # * {Types::IdentityPool#identity_pool_name #IdentityPoolName} => String
179
- # * {Types::IdentityPool#allow_unauthenticated_identities #AllowUnauthenticatedIdentities} => Boolean
180
- # * {Types::IdentityPool#supported_login_providers #SupportedLoginProviders} => Hash&lt;String,String&gt;
181
- # * {Types::IdentityPool#developer_provider_name #DeveloperProviderName} => String
182
- # * {Types::IdentityPool#open_id_connect_provider_arns #OpenIdConnectProviderARNs} => Array&lt;String&gt;
183
- # * {Types::IdentityPool#cognito_identity_providers #CognitoIdentityProviders} => Array&lt;Types::CognitoIdentityProvider&gt;
184
- # * {Types::IdentityPool#saml_provider_arns #SamlProviderARNs} => Array&lt;String&gt;
185
- #
186
- # @example Request syntax with placeholder values
187
- # resp = client.create_identity_pool({
188
- # identity_pool_name: "IdentityPoolName", # required
189
- # allow_unauthenticated_identities: false, # required
190
- # supported_login_providers: {
191
- # "IdentityProviderName" => "IdentityProviderId",
192
- # },
193
- # developer_provider_name: "DeveloperProviderName",
194
- # open_id_connect_provider_arns: ["ARNString"],
195
- # cognito_identity_providers: [
196
- # {
197
- # provider_name: "CognitoIdentityProviderName",
198
- # client_id: "CognitoIdentityProviderClientId",
199
- # },
200
- # ],
201
- # saml_provider_arns: ["ARNString"],
202
- # })
203
- #
204
- # @example Response structure
205
- # resp.identity_pool_id #=> String
206
- # resp.identity_pool_name #=> String
207
- # resp.allow_unauthenticated_identities #=> Boolean
208
- # resp.supported_login_providers #=> Hash
209
- # resp.supported_login_providers["IdentityProviderName"] #=> String
210
- # resp.developer_provider_name #=> String
211
- # resp.open_id_connect_provider_arns #=> Array
212
- # resp.open_id_connect_provider_arns[0] #=> String
213
- # resp.cognito_identity_providers #=> Array
214
- # resp.cognito_identity_providers[0].provider_name #=> String
215
- # resp.cognito_identity_providers[0].client_id #=> String
216
- # resp.saml_provider_arns #=> Array
217
- # resp.saml_provider_arns[0] #=> String
218
- # @overload create_identity_pool(params = {})
219
- # @param [Hash] params ({})
220
- def create_identity_pool(params = {}, options = {})
221
- req = build_request(:create_identity_pool, params)
222
- req.send_request(options)
223
- end
29
+ include Aws::ClientStubs
224
30
 
225
- # Deletes identities from an identity pool. You can specify a list of
226
- # 1-60 identities that you want to delete.
227
- #
228
- # You must use AWS Developer credentials to call this API.
229
- # @option params [required, Array<String>] :identity_ids_to_delete
230
- # A list of 1-60 identities that you want to delete.
231
- # @return [Types::DeleteIdentitiesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
232
- #
233
- # * {Types::DeleteIdentitiesResponse#unprocessed_identity_ids #UnprocessedIdentityIds} => Array&lt;Types::UnprocessedIdentityId&gt;
234
- #
235
- # @example Request syntax with placeholder values
236
- # resp = client.delete_identities({
237
- # identity_ids_to_delete: ["IdentityId"], # required
238
- # })
239
- #
240
- # @example Response structure
241
- # resp.unprocessed_identity_ids #=> Array
242
- # resp.unprocessed_identity_ids[0].identity_id #=> String
243
- # resp.unprocessed_identity_ids[0].error_code #=> String, one of "AccessDenied", "InternalServerError"
244
- # @overload delete_identities(params = {})
245
- # @param [Hash] params ({})
246
- def delete_identities(params = {}, options = {})
247
- req = build_request(:delete_identities, params)
248
- req.send_request(options)
249
- end
31
+ @identifier = :cognitoidentity
250
32
 
251
- # Deletes a user pool. Once a pool is deleted, users will not be able to
252
- # authenticate with the pool.
253
- #
254
- # You must use AWS Developer credentials to call this API.
255
- # @option params [required, String] :identity_pool_id
256
- # An identity pool ID in the format REGION:GUID.
257
- # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
258
- #
259
- # @example Request syntax with placeholder values
260
- # resp = client.delete_identity_pool({
261
- # identity_pool_id: "IdentityPoolId", # required
262
- # })
263
- # @overload delete_identity_pool(params = {})
264
- # @param [Hash] params ({})
265
- def delete_identity_pool(params = {}, options = {})
266
- req = build_request(:delete_identity_pool, params)
267
- req.send_request(options)
268
- end
33
+ set_api(ClientApi::API)
269
34
 
270
- # Returns metadata related to the given identity, including when the
271
- # identity was created and any associated linked logins.
272
- #
273
- # You must use AWS Developer credentials to call this API.
274
- # @option params [required, String] :identity_id
275
- # A unique identifier in the format REGION:GUID.
276
- # @return [Types::IdentityDescription] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
277
- #
278
- # * {Types::IdentityDescription#identity_id #IdentityId} => String
279
- # * {Types::IdentityDescription#logins #Logins} => Array&lt;String&gt;
280
- # * {Types::IdentityDescription#creation_date #CreationDate} => Time
281
- # * {Types::IdentityDescription#last_modified_date #LastModifiedDate} => Time
282
- #
283
- # @example Request syntax with placeholder values
284
- # resp = client.describe_identity({
285
- # identity_id: "IdentityId", # required
286
- # })
287
- #
288
- # @example Response structure
289
- # resp.identity_id #=> String
290
- # resp.logins #=> Array
291
- # resp.logins[0] #=> String
292
- # resp.creation_date #=> Time
293
- # resp.last_modified_date #=> Time
294
- # @overload describe_identity(params = {})
295
- # @param [Hash] params ({})
296
- def describe_identity(params = {}, options = {})
297
- req = build_request(:describe_identity, params)
298
- req.send_request(options)
299
- end
35
+ add_plugin(Seahorse::Client::Plugins::ContentLength)
36
+ add_plugin(Aws::Plugins::CredentialsConfiguration)
37
+ add_plugin(Aws::Plugins::Logging)
38
+ add_plugin(Aws::Plugins::ParamConverter)
39
+ add_plugin(Aws::Plugins::ParamValidator)
40
+ add_plugin(Aws::Plugins::UserAgent)
41
+ add_plugin(Aws::Plugins::HelpfulSocketErrors)
42
+ add_plugin(Aws::Plugins::RetryErrors)
43
+ add_plugin(Aws::Plugins::GlobalConfiguration)
44
+ add_plugin(Aws::Plugins::RegionalEndpoint)
45
+ add_plugin(Aws::Plugins::ResponsePaging)
46
+ add_plugin(Aws::Plugins::StubResponses)
47
+ add_plugin(Aws::Plugins::IdempotencyToken)
48
+ add_plugin(Aws::Plugins::SignatureV4)
49
+ add_plugin(Aws::Plugins::Protocols::JsonRpc)
300
50
 
301
- # Gets details about a particular identity pool, including the pool
302
- # name, ID description, creation date, and current number of users.
303
- #
304
- # You must use AWS Developer credentials to call this API.
305
- # @option params [required, String] :identity_pool_id
306
- # An identity pool ID in the format REGION:GUID.
307
- # @return [Types::IdentityPool] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
308
- #
309
- # * {Types::IdentityPool#identity_pool_id #IdentityPoolId} => String
310
- # * {Types::IdentityPool#identity_pool_name #IdentityPoolName} => String
311
- # * {Types::IdentityPool#allow_unauthenticated_identities #AllowUnauthenticatedIdentities} => Boolean
312
- # * {Types::IdentityPool#supported_login_providers #SupportedLoginProviders} => Hash&lt;String,String&gt;
313
- # * {Types::IdentityPool#developer_provider_name #DeveloperProviderName} => String
314
- # * {Types::IdentityPool#open_id_connect_provider_arns #OpenIdConnectProviderARNs} => Array&lt;String&gt;
315
- # * {Types::IdentityPool#cognito_identity_providers #CognitoIdentityProviders} => Array&lt;Types::CognitoIdentityProvider&gt;
316
- # * {Types::IdentityPool#saml_provider_arns #SamlProviderARNs} => Array&lt;String&gt;
317
- #
318
- # @example Request syntax with placeholder values
319
- # resp = client.describe_identity_pool({
320
- # identity_pool_id: "IdentityPoolId", # required
321
- # })
322
- #
323
- # @example Response structure
324
- # resp.identity_pool_id #=> String
325
- # resp.identity_pool_name #=> String
326
- # resp.allow_unauthenticated_identities #=> Boolean
327
- # resp.supported_login_providers #=> Hash
328
- # resp.supported_login_providers["IdentityProviderName"] #=> String
329
- # resp.developer_provider_name #=> String
330
- # resp.open_id_connect_provider_arns #=> Array
331
- # resp.open_id_connect_provider_arns[0] #=> String
332
- # resp.cognito_identity_providers #=> Array
333
- # resp.cognito_identity_providers[0].provider_name #=> String
334
- # resp.cognito_identity_providers[0].client_id #=> String
335
- # resp.saml_provider_arns #=> Array
336
- # resp.saml_provider_arns[0] #=> String
337
- # @overload describe_identity_pool(params = {})
338
- # @param [Hash] params ({})
339
- def describe_identity_pool(params = {}, options = {})
340
- req = build_request(:describe_identity_pool, params)
341
- req.send_request(options)
342
- end
51
+ # @option options [required, Aws::CredentialProvider] :credentials
52
+ # Your AWS credentials. This can be an instance of any one of the
53
+ # following classes:
54
+ #
55
+ # * `Aws::Credentials` - Used for configuring static, non-refreshing
56
+ # credentials.
57
+ #
58
+ # * `Aws::InstanceProfileCredentials` - Used for loading credentials
59
+ # from an EC2 IMDS on an EC2 instance.
60
+ #
61
+ # * `Aws::SharedCredentials` - Used for loading credentials from a
62
+ # shared file, such as `~/.aws/config`.
63
+ #
64
+ # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
65
+ #
66
+ # When `:credentials` are not configured directly, the following
67
+ # locations will be searched for credentials:
68
+ #
69
+ # * `Aws.config[:credentials]`
70
+ # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
71
+ # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
72
+ # * `~/.aws/credentials`
73
+ # * `~/.aws/config`
74
+ # * EC2 IMDS instance profile - When used by default, the timeouts are
75
+ # very aggressive. Construct and pass an instance of
76
+ # `Aws::InstanceProfileCredentails` to enable retries and extended
77
+ # timeouts.
78
+ #
79
+ # @option options [required, String] :region
80
+ # The AWS region to connect to. The configured `:region` is
81
+ # used to determine the service `:endpoint`. When not passed,
82
+ # a default `:region` is search for in the following locations:
83
+ #
84
+ # * `Aws.config[:region]`
85
+ # * `ENV['AWS_REGION']`
86
+ # * `ENV['AMAZON_REGION']`
87
+ # * `ENV['AWS_DEFAULT_REGION']`
88
+ # * `~/.aws/credentials`
89
+ # * `~/.aws/config`
90
+ #
91
+ # @option options [String] :access_key_id
92
+ #
93
+ # @option options [Boolean] :convert_params (true)
94
+ # When `true`, an attempt is made to coerce request parameters into
95
+ # the required types.
96
+ #
97
+ # @option options [String] :endpoint
98
+ # The client endpoint is normally constructed from the `:region`
99
+ # option. You should only configure an `:endpoint` when connecting
100
+ # to test endpoints. This should be avalid HTTP(S) URI.
101
+ #
102
+ # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
103
+ # The log formatter.
104
+ #
105
+ # @option options [Symbol] :log_level (:info)
106
+ # The log level to send messages to the `:logger` at.
107
+ #
108
+ # @option options [Logger] :logger
109
+ # The Logger instance to send log messages to. If this option
110
+ # is not set, logging will be disabled.
111
+ #
112
+ # @option options [String] :profile ("default")
113
+ # Used when loading credentials from the shared credentials file
114
+ # at HOME/.aws/credentials. When not specified, 'default' is used.
115
+ #
116
+ # @option options [Integer] :retry_limit (3)
117
+ # The maximum number of times to retry failed requests. Only
118
+ # ~ 500 level server errors and certain ~ 400 level client errors
119
+ # are retried. Generally, these are throttling errors, data
120
+ # checksum errors, networking errors, timeout errors and auth
121
+ # errors from expired credentials.
122
+ #
123
+ # @option options [String] :secret_access_key
124
+ #
125
+ # @option options [String] :session_token
126
+ #
127
+ # @option options [Boolean] :simple_json (false)
128
+ # Disables request parameter conversion, validation, and formatting.
129
+ # Also disable response data type conversions. This option is useful
130
+ # when you want to ensure the highest level of performance by
131
+ # avoiding overhead of walking request parameters and response data
132
+ # structures.
133
+ #
134
+ # When `:simple_json` is enabled, the request parameters hash must
135
+ # be formatted exactly as the DynamoDB API expects.
136
+ #
137
+ # @option options [Boolean] :stub_responses (false)
138
+ # Causes the client to return stubbed responses. By default
139
+ # fake responses are generated and returned. You can specify
140
+ # the response data to return or errors to raise by calling
141
+ # {ClientStubs#stub_responses}. See {ClientStubs} for more information.
142
+ #
143
+ # ** Please note ** When response stubbing is enabled, no HTTP
144
+ # requests are made, and retries are disabled.
145
+ #
146
+ # @option options [Boolean] :validate_params (true)
147
+ # When `true`, request parameters are validated before
148
+ # sending the request.
149
+ #
150
+ def initialize(*args)
151
+ super
152
+ end
343
153
 
344
- # Returns credentials for the provided identity ID. Any provided logins
345
- # will be validated against supported login providers. If the token is
346
- # for cognito-identity.amazonaws.com, it will be passed through to AWS
347
- # Security Token Service with the appropriate role for the token.
348
- #
349
- # This is a public API. You do not need any credentials to call this
350
- # API.
351
- # @option params [required, String] :identity_id
352
- # A unique identifier in the format REGION:GUID.
353
- # @option params [Hash<String,String>] :logins
354
- # A set of optional name-value pairs that map provider names to provider
355
- # tokens.
356
- # @option params [String] :custom_role_arn
357
- # The Amazon Resource Name (ARN) of the role to be assumed when multiple
358
- # roles were received in the token from the identity provider. For
359
- # example, a SAML-based identity provider. This parameter is optional
360
- # for identity providers that do not support role customization.
361
- # @return [Types::GetCredentialsForIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
362
- #
363
- # * {Types::GetCredentialsForIdentityResponse#identity_id #IdentityId} => String
364
- # * {Types::GetCredentialsForIdentityResponse#credentials #Credentials} => Types::Credentials
365
- #
366
- # @example Request syntax with placeholder values
367
- # resp = client.get_credentials_for_identity({
368
- # identity_id: "IdentityId", # required
369
- # logins: {
370
- # "IdentityProviderName" => "IdentityProviderToken",
371
- # },
372
- # custom_role_arn: "ARNString",
373
- # })
374
- #
375
- # @example Response structure
376
- # resp.identity_id #=> String
377
- # resp.credentials.access_key_id #=> String
378
- # resp.credentials.secret_key #=> String
379
- # resp.credentials.session_token #=> String
380
- # resp.credentials.expiration #=> Time
381
- # @overload get_credentials_for_identity(params = {})
382
- # @param [Hash] params ({})
383
- def get_credentials_for_identity(params = {}, options = {})
384
- req = build_request(:get_credentials_for_identity, params)
385
- req.send_request(options)
386
- end
154
+ # @!group API Operations
387
155
 
388
- # Generates (or retrieves) a Cognito ID. Supplying multiple logins will
389
- # create an implicit linked account.
390
- #
391
- # This is a public API. You do not need any credentials to call this
392
- # API.
393
- # @option params [String] :account_id
394
- # A standard AWS account ID (9+ digits).
395
- # @option params [required, String] :identity_pool_id
396
- # An identity pool ID in the format REGION:GUID.
397
- # @option params [Hash<String,String>] :logins
398
- # A set of optional name-value pairs that map provider names to provider
399
- # tokens.
400
- #
401
- # The available provider names for `Logins` are as follows: * Facebook:
402
- # `graph.facebook.com`
403
- # * Google: `accounts.google.com`
404
- # * Amazon: `www.amazon.com`
405
- # * Twitter: `api.twitter.com`
406
- # * Digits: `www.digits.com`
407
- # @return [Types::GetIdResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
408
- #
409
- # * {Types::GetIdResponse#identity_id #IdentityId} => String
410
- #
411
- # @example Request syntax with placeholder values
412
- # resp = client.get_id({
413
- # account_id: "AccountId",
414
- # identity_pool_id: "IdentityPoolId", # required
415
- # logins: {
416
- # "IdentityProviderName" => "IdentityProviderToken",
417
- # },
418
- # })
419
- #
420
- # @example Response structure
421
- # resp.identity_id #=> String
422
- # @overload get_id(params = {})
423
- # @param [Hash] params ({})
424
- def get_id(params = {}, options = {})
425
- req = build_request(:get_id, params)
426
- req.send_request(options)
427
- end
156
+ # Creates a new identity pool. The identity pool is a store of user
157
+ # identity information that is specific to your AWS account. The limit
158
+ # on identity pools is 60 per account. The keys for
159
+ # `SupportedLoginProviders` are as follows:
160
+ #
161
+ # * Facebook: `graph.facebook.com`
162
+ #
163
+ # * Google: `accounts.google.com`
164
+ #
165
+ # * Amazon: `www.amazon.com`
166
+ #
167
+ # * Twitter: `api.twitter.com`
168
+ #
169
+ # * Digits: `www.digits.com`
170
+ #
171
+ # You must use AWS Developer credentials to call this API.
172
+ #
173
+ # @option params [required, String] :identity_pool_name
174
+ # A string that you provide.
175
+ #
176
+ # @option params [required, Boolean] :allow_unauthenticated_identities
177
+ # TRUE if the identity pool supports unauthenticated logins.
178
+ #
179
+ # @option params [Hash<String,String>] :supported_login_providers
180
+ # Optional key:value pairs mapping provider names to provider app IDs.
181
+ #
182
+ # @option params [String] :developer_provider_name
183
+ # The "domain" by which Cognito will refer to your users. This name
184
+ # acts as a placeholder that allows your backend and the Cognito service
185
+ # to communicate about the developer provider. For the
186
+ # `DeveloperProviderName`, you can use letters as well as period (`.`),
187
+ # underscore (`_`), and dash (`-`).
188
+ #
189
+ # Once you have set a developer provider name, you cannot change it.
190
+ # Please take care in setting this parameter.
191
+ #
192
+ # @option params [Array<String>] :open_id_connect_provider_arns
193
+ # A list of OpendID Connect provider ARNs.
194
+ #
195
+ # @option params [Array<Types::CognitoIdentityProvider>] :cognito_identity_providers
196
+ # An array of Amazon Cognito Identity user pools and their client IDs.
197
+ #
198
+ # @option params [Array<String>] :saml_provider_arns
199
+ # An array of Amazon Resource Names (ARNs) of the SAML provider for your
200
+ # identity pool.
201
+ #
202
+ # @return [Types::IdentityPool] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
203
+ #
204
+ # * {Types::IdentityPool#identity_pool_id #identity_pool_id} => String
205
+ # * {Types::IdentityPool#identity_pool_name #identity_pool_name} => String
206
+ # * {Types::IdentityPool#allow_unauthenticated_identities #allow_unauthenticated_identities} => Boolean
207
+ # * {Types::IdentityPool#supported_login_providers #supported_login_providers} => Hash&lt;String,String&gt;
208
+ # * {Types::IdentityPool#developer_provider_name #developer_provider_name} => String
209
+ # * {Types::IdentityPool#open_id_connect_provider_arns #open_id_connect_provider_arns} => Array&lt;String&gt;
210
+ # * {Types::IdentityPool#cognito_identity_providers #cognito_identity_providers} => Array&lt;Types::CognitoIdentityProvider&gt;
211
+ # * {Types::IdentityPool#saml_provider_arns #saml_provider_arns} => Array&lt;String&gt;
212
+ #
213
+ # @example Request syntax with placeholder values
214
+ #
215
+ # resp = client.create_identity_pool({
216
+ # identity_pool_name: "IdentityPoolName", # required
217
+ # allow_unauthenticated_identities: false, # required
218
+ # supported_login_providers: {
219
+ # "IdentityProviderName" => "IdentityProviderId",
220
+ # },
221
+ # developer_provider_name: "DeveloperProviderName",
222
+ # open_id_connect_provider_arns: ["ARNString"],
223
+ # cognito_identity_providers: [
224
+ # {
225
+ # provider_name: "CognitoIdentityProviderName",
226
+ # client_id: "CognitoIdentityProviderClientId",
227
+ # },
228
+ # ],
229
+ # saml_provider_arns: ["ARNString"],
230
+ # })
231
+ #
232
+ # @example Response structure
233
+ #
234
+ # resp.identity_pool_id #=> String
235
+ # resp.identity_pool_name #=> String
236
+ # resp.allow_unauthenticated_identities #=> Boolean
237
+ # resp.supported_login_providers #=> Hash
238
+ # resp.supported_login_providers["IdentityProviderName"] #=> String
239
+ # resp.developer_provider_name #=> String
240
+ # resp.open_id_connect_provider_arns #=> Array
241
+ # resp.open_id_connect_provider_arns[0] #=> String
242
+ # resp.cognito_identity_providers #=> Array
243
+ # resp.cognito_identity_providers[0].provider_name #=> String
244
+ # resp.cognito_identity_providers[0].client_id #=> String
245
+ # resp.saml_provider_arns #=> Array
246
+ # resp.saml_provider_arns[0] #=> String
247
+ #
248
+ # @overload create_identity_pool(params = {})
249
+ # @param [Hash] params ({})
250
+ def create_identity_pool(params = {}, options = {})
251
+ req = build_request(:create_identity_pool, params)
252
+ req.send_request(options)
253
+ end
428
254
 
429
- # Gets the roles for an identity pool.
430
- #
431
- # You must use AWS Developer credentials to call this API.
432
- # @option params [required, String] :identity_pool_id
433
- # An identity pool ID in the format REGION:GUID.
434
- # @return [Types::GetIdentityPoolRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
435
- #
436
- # * {Types::GetIdentityPoolRolesResponse#identity_pool_id #IdentityPoolId} => String
437
- # * {Types::GetIdentityPoolRolesResponse#roles #Roles} => Hash&lt;String,String&gt;
438
- #
439
- # @example Request syntax with placeholder values
440
- # resp = client.get_identity_pool_roles({
441
- # identity_pool_id: "IdentityPoolId", # required
442
- # })
443
- #
444
- # @example Response structure
445
- # resp.identity_pool_id #=> String
446
- # resp.roles #=> Hash
447
- # resp.roles["RoleType"] #=> String
448
- # @overload get_identity_pool_roles(params = {})
449
- # @param [Hash] params ({})
450
- def get_identity_pool_roles(params = {}, options = {})
451
- req = build_request(:get_identity_pool_roles, params)
452
- req.send_request(options)
453
- end
255
+ # Deletes identities from an identity pool. You can specify a list of
256
+ # 1-60 identities that you want to delete.
257
+ #
258
+ # You must use AWS Developer credentials to call this API.
259
+ #
260
+ # @option params [required, Array<String>] :identity_ids_to_delete
261
+ # A list of 1-60 identities that you want to delete.
262
+ #
263
+ # @return [Types::DeleteIdentitiesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
264
+ #
265
+ # * {Types::DeleteIdentitiesResponse#unprocessed_identity_ids #unprocessed_identity_ids} => Array&lt;Types::UnprocessedIdentityId&gt;
266
+ #
267
+ # @example Request syntax with placeholder values
268
+ #
269
+ # resp = client.delete_identities({
270
+ # identity_ids_to_delete: ["IdentityId"], # required
271
+ # })
272
+ #
273
+ # @example Response structure
274
+ #
275
+ # resp.unprocessed_identity_ids #=> Array
276
+ # resp.unprocessed_identity_ids[0].identity_id #=> String
277
+ # resp.unprocessed_identity_ids[0].error_code #=> String, one of "AccessDenied", "InternalServerError"
278
+ #
279
+ # @overload delete_identities(params = {})
280
+ # @param [Hash] params ({})
281
+ def delete_identities(params = {}, options = {})
282
+ req = build_request(:delete_identities, params)
283
+ req.send_request(options)
284
+ end
454
285
 
455
- # Gets an OpenID token, using a known Cognito ID. This known Cognito ID
456
- # is returned by GetId. You can optionally add additional logins for the
457
- # identity. Supplying multiple logins creates an implicit link.
458
- #
459
- # The OpenId token is valid for 15 minutes.
460
- #
461
- # This is a public API. You do not need any credentials to call this
462
- # API.
463
- # @option params [required, String] :identity_id
464
- # A unique identifier in the format REGION:GUID.
465
- # @option params [Hash<String,String>] :logins
466
- # A set of optional name-value pairs that map provider names to provider
467
- # tokens. When using graph.facebook.com and www.amazon.com, supply the
468
- # access\_token returned from the provider's authflow. For
469
- # accounts.google.com or any other OpenId Connect provider, always
470
- # include the id\_token.
471
- # @return [Types::GetOpenIdTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
472
- #
473
- # * {Types::GetOpenIdTokenResponse#identity_id #IdentityId} => String
474
- # * {Types::GetOpenIdTokenResponse#token #Token} => String
475
- #
476
- # @example Request syntax with placeholder values
477
- # resp = client.get_open_id_token({
478
- # identity_id: "IdentityId", # required
479
- # logins: {
480
- # "IdentityProviderName" => "IdentityProviderToken",
481
- # },
482
- # })
483
- #
484
- # @example Response structure
485
- # resp.identity_id #=> String
486
- # resp.token #=> String
487
- # @overload get_open_id_token(params = {})
488
- # @param [Hash] params ({})
489
- def get_open_id_token(params = {}, options = {})
490
- req = build_request(:get_open_id_token, params)
491
- req.send_request(options)
492
- end
286
+ # Deletes a user pool. Once a pool is deleted, users will not be able to
287
+ # authenticate with the pool.
288
+ #
289
+ # You must use AWS Developer credentials to call this API.
290
+ #
291
+ # @option params [required, String] :identity_pool_id
292
+ # An identity pool ID in the format REGION:GUID.
293
+ #
294
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
295
+ #
296
+ # @example Request syntax with placeholder values
297
+ #
298
+ # resp = client.delete_identity_pool({
299
+ # identity_pool_id: "IdentityPoolId", # required
300
+ # })
301
+ #
302
+ # @overload delete_identity_pool(params = {})
303
+ # @param [Hash] params ({})
304
+ def delete_identity_pool(params = {}, options = {})
305
+ req = build_request(:delete_identity_pool, params)
306
+ req.send_request(options)
307
+ end
493
308
 
494
- # Registers (or retrieves) a Cognito `IdentityId` and an OpenID Connect
495
- # token for a user authenticated by your backend authentication process.
496
- # Supplying multiple logins will create an implicit linked account. You
497
- # can only specify one developer provider as part of the `Logins` map,
498
- # which is linked to the identity pool. The developer provider is the
499
- # "domain" by which Cognito will refer to your users.
500
- #
501
- # You can use `GetOpenIdTokenForDeveloperIdentity` to create a new
502
- # identity and to link new logins (that is, user credentials issued by a
503
- # public provider or developer provider) to an existing identity. When
504
- # you want to create a new identity, the `IdentityId` should be null.
505
- # When you want to associate a new login with an existing
506
- # authenticated/unauthenticated identity, you can do so by providing the
507
- # existing `IdentityId`. This API will create the identity in the
508
- # specified `IdentityPoolId`.
509
- #
510
- # You must use AWS Developer credentials to call this API.
511
- # @option params [required, String] :identity_pool_id
512
- # An identity pool ID in the format REGION:GUID.
513
- # @option params [String] :identity_id
514
- # A unique identifier in the format REGION:GUID.
515
- # @option params [required, Hash<String,String>] :logins
516
- # A set of optional name-value pairs that map provider names to provider
517
- # tokens. Each name-value pair represents a user from a public provider
518
- # or developer provider. If the user is from a developer provider, the
519
- # name-value pair will follow the syntax `"developer_provider_name":
520
- # "developer_user_identifier"`. The developer provider is the "domain"
521
- # by which Cognito will refer to your users; you provided this domain
522
- # while creating/updating the identity pool. The developer user
523
- # identifier is an identifier from your backend that uniquely identifies
524
- # a user. When you create an identity pool, you can specify the
525
- # supported logins.
526
- # @option params [Integer] :token_duration
527
- # The expiration time of the token, in seconds. You can specify a custom
528
- # expiration time for the token so that you can cache it. If you don't
529
- # provide an expiration time, the token is valid for 15 minutes. You can
530
- # exchange the token with Amazon STS for temporary AWS credentials,
531
- # which are valid for a maximum of one hour. The maximum token duration
532
- # you can set is 24 hours. You should take care in setting the
533
- # expiration time for a token, as there are significant security
534
- # implications: an attacker could use a leaked token to access your AWS
535
- # resources for the token's duration.
536
- # @return [Types::GetOpenIdTokenForDeveloperIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
537
- #
538
- # * {Types::GetOpenIdTokenForDeveloperIdentityResponse#identity_id #IdentityId} => String
539
- # * {Types::GetOpenIdTokenForDeveloperIdentityResponse#token #Token} => String
540
- #
541
- # @example Request syntax with placeholder values
542
- # resp = client.get_open_id_token_for_developer_identity({
543
- # identity_pool_id: "IdentityPoolId", # required
544
- # identity_id: "IdentityId",
545
- # logins: { # required
546
- # "IdentityProviderName" => "IdentityProviderToken",
547
- # },
548
- # token_duration: 1,
549
- # })
550
- #
551
- # @example Response structure
552
- # resp.identity_id #=> String
553
- # resp.token #=> String
554
- # @overload get_open_id_token_for_developer_identity(params = {})
555
- # @param [Hash] params ({})
556
- def get_open_id_token_for_developer_identity(params = {}, options = {})
557
- req = build_request(:get_open_id_token_for_developer_identity, params)
558
- req.send_request(options)
559
- end
309
+ # Returns metadata related to the given identity, including when the
310
+ # identity was created and any associated linked logins.
311
+ #
312
+ # You must use AWS Developer credentials to call this API.
313
+ #
314
+ # @option params [required, String] :identity_id
315
+ # A unique identifier in the format REGION:GUID.
316
+ #
317
+ # @return [Types::IdentityDescription] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
318
+ #
319
+ # * {Types::IdentityDescription#identity_id #identity_id} => String
320
+ # * {Types::IdentityDescription#logins #logins} => Array&lt;String&gt;
321
+ # * {Types::IdentityDescription#creation_date #creation_date} => Time
322
+ # * {Types::IdentityDescription#last_modified_date #last_modified_date} => Time
323
+ #
324
+ # @example Request syntax with placeholder values
325
+ #
326
+ # resp = client.describe_identity({
327
+ # identity_id: "IdentityId", # required
328
+ # })
329
+ #
330
+ # @example Response structure
331
+ #
332
+ # resp.identity_id #=> String
333
+ # resp.logins #=> Array
334
+ # resp.logins[0] #=> String
335
+ # resp.creation_date #=> Time
336
+ # resp.last_modified_date #=> Time
337
+ #
338
+ # @overload describe_identity(params = {})
339
+ # @param [Hash] params ({})
340
+ def describe_identity(params = {}, options = {})
341
+ req = build_request(:describe_identity, params)
342
+ req.send_request(options)
343
+ end
560
344
 
561
- # Lists the identities in a pool.
562
- #
563
- # You must use AWS Developer credentials to call this API.
564
- # @option params [required, String] :identity_pool_id
565
- # An identity pool ID in the format REGION:GUID.
566
- # @option params [required, Integer] :max_results
567
- # The maximum number of identities to return.
568
- # @option params [String] :next_token
569
- # A pagination token.
570
- # @option params [Boolean] :hide_disabled
571
- # An optional boolean parameter that allows you to hide disabled
572
- # identities. If omitted, the ListIdentities API will include disabled
573
- # identities in the response.
574
- # @return [Types::ListIdentitiesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
575
- #
576
- # * {Types::ListIdentitiesResponse#identity_pool_id #IdentityPoolId} => String
577
- # * {Types::ListIdentitiesResponse#identities #Identities} => Array&lt;Types::IdentityDescription&gt;
578
- # * {Types::ListIdentitiesResponse#next_token #NextToken} => String
579
- #
580
- # @example Request syntax with placeholder values
581
- # resp = client.list_identities({
582
- # identity_pool_id: "IdentityPoolId", # required
583
- # max_results: 1, # required
584
- # next_token: "PaginationKey",
585
- # hide_disabled: false,
586
- # })
587
- #
588
- # @example Response structure
589
- # resp.identity_pool_id #=> String
590
- # resp.identities #=> Array
591
- # resp.identities[0].identity_id #=> String
592
- # resp.identities[0].logins #=> Array
593
- # resp.identities[0].logins[0] #=> String
594
- # resp.identities[0].creation_date #=> Time
595
- # resp.identities[0].last_modified_date #=> Time
596
- # resp.next_token #=> String
597
- # @overload list_identities(params = {})
598
- # @param [Hash] params ({})
599
- def list_identities(params = {}, options = {})
600
- req = build_request(:list_identities, params)
601
- req.send_request(options)
602
- end
345
+ # Gets details about a particular identity pool, including the pool
346
+ # name, ID description, creation date, and current number of users.
347
+ #
348
+ # You must use AWS Developer credentials to call this API.
349
+ #
350
+ # @option params [required, String] :identity_pool_id
351
+ # An identity pool ID in the format REGION:GUID.
352
+ #
353
+ # @return [Types::IdentityPool] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
354
+ #
355
+ # * {Types::IdentityPool#identity_pool_id #identity_pool_id} => String
356
+ # * {Types::IdentityPool#identity_pool_name #identity_pool_name} => String
357
+ # * {Types::IdentityPool#allow_unauthenticated_identities #allow_unauthenticated_identities} => Boolean
358
+ # * {Types::IdentityPool#supported_login_providers #supported_login_providers} => Hash&lt;String,String&gt;
359
+ # * {Types::IdentityPool#developer_provider_name #developer_provider_name} => String
360
+ # * {Types::IdentityPool#open_id_connect_provider_arns #open_id_connect_provider_arns} => Array&lt;String&gt;
361
+ # * {Types::IdentityPool#cognito_identity_providers #cognito_identity_providers} => Array&lt;Types::CognitoIdentityProvider&gt;
362
+ # * {Types::IdentityPool#saml_provider_arns #saml_provider_arns} => Array&lt;String&gt;
363
+ #
364
+ # @example Request syntax with placeholder values
365
+ #
366
+ # resp = client.describe_identity_pool({
367
+ # identity_pool_id: "IdentityPoolId", # required
368
+ # })
369
+ #
370
+ # @example Response structure
371
+ #
372
+ # resp.identity_pool_id #=> String
373
+ # resp.identity_pool_name #=> String
374
+ # resp.allow_unauthenticated_identities #=> Boolean
375
+ # resp.supported_login_providers #=> Hash
376
+ # resp.supported_login_providers["IdentityProviderName"] #=> String
377
+ # resp.developer_provider_name #=> String
378
+ # resp.open_id_connect_provider_arns #=> Array
379
+ # resp.open_id_connect_provider_arns[0] #=> String
380
+ # resp.cognito_identity_providers #=> Array
381
+ # resp.cognito_identity_providers[0].provider_name #=> String
382
+ # resp.cognito_identity_providers[0].client_id #=> String
383
+ # resp.saml_provider_arns #=> Array
384
+ # resp.saml_provider_arns[0] #=> String
385
+ #
386
+ # @overload describe_identity_pool(params = {})
387
+ # @param [Hash] params ({})
388
+ def describe_identity_pool(params = {}, options = {})
389
+ req = build_request(:describe_identity_pool, params)
390
+ req.send_request(options)
391
+ end
603
392
 
604
- # Lists all of the Cognito identity pools registered for your account.
605
- #
606
- # You must use AWS Developer credentials to call this API.
607
- # @option params [required, Integer] :max_results
608
- # The maximum number of identities to return.
609
- # @option params [String] :next_token
610
- # A pagination token.
611
- # @return [Types::ListIdentityPoolsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
612
- #
613
- # * {Types::ListIdentityPoolsResponse#identity_pools #IdentityPools} => Array&lt;Types::IdentityPoolShortDescription&gt;
614
- # * {Types::ListIdentityPoolsResponse#next_token #NextToken} => String
615
- #
616
- # @example Request syntax with placeholder values
617
- # resp = client.list_identity_pools({
618
- # max_results: 1, # required
619
- # next_token: "PaginationKey",
620
- # })
621
- #
622
- # @example Response structure
623
- # resp.identity_pools #=> Array
624
- # resp.identity_pools[0].identity_pool_id #=> String
625
- # resp.identity_pools[0].identity_pool_name #=> String
626
- # resp.next_token #=> String
627
- # @overload list_identity_pools(params = {})
628
- # @param [Hash] params ({})
629
- def list_identity_pools(params = {}, options = {})
630
- req = build_request(:list_identity_pools, params)
631
- req.send_request(options)
632
- end
393
+ # Returns credentials for the provided identity ID. Any provided logins
394
+ # will be validated against supported login providers. If the token is
395
+ # for cognito-identity.amazonaws.com, it will be passed through to AWS
396
+ # Security Token Service with the appropriate role for the token.
397
+ #
398
+ # This is a public API. You do not need any credentials to call this
399
+ # API.
400
+ #
401
+ # @option params [required, String] :identity_id
402
+ # A unique identifier in the format REGION:GUID.
403
+ #
404
+ # @option params [Hash<String,String>] :logins
405
+ # A set of optional name-value pairs that map provider names to provider
406
+ # tokens.
407
+ #
408
+ # @option params [String] :custom_role_arn
409
+ # The Amazon Resource Name (ARN) of the role to be assumed when multiple
410
+ # roles were received in the token from the identity provider. For
411
+ # example, a SAML-based identity provider. This parameter is optional
412
+ # for identity providers that do not support role customization.
413
+ #
414
+ # @return [Types::GetCredentialsForIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
415
+ #
416
+ # * {Types::GetCredentialsForIdentityResponse#identity_id #identity_id} => String
417
+ # * {Types::GetCredentialsForIdentityResponse#credentials #credentials} => Types::Credentials
418
+ #
419
+ # @example Request syntax with placeholder values
420
+ #
421
+ # resp = client.get_credentials_for_identity({
422
+ # identity_id: "IdentityId", # required
423
+ # logins: {
424
+ # "IdentityProviderName" => "IdentityProviderToken",
425
+ # },
426
+ # custom_role_arn: "ARNString",
427
+ # })
428
+ #
429
+ # @example Response structure
430
+ #
431
+ # resp.identity_id #=> String
432
+ # resp.credentials.access_key_id #=> String
433
+ # resp.credentials.secret_key #=> String
434
+ # resp.credentials.session_token #=> String
435
+ # resp.credentials.expiration #=> Time
436
+ #
437
+ # @overload get_credentials_for_identity(params = {})
438
+ # @param [Hash] params ({})
439
+ def get_credentials_for_identity(params = {}, options = {})
440
+ req = build_request(:get_credentials_for_identity, params)
441
+ req.send_request(options)
442
+ end
633
443
 
634
- # Retrieves the `IdentityID` associated with a `DeveloperUserIdentifier`
635
- # or the list of `DeveloperUserIdentifier`s associated with an
636
- # `IdentityId` for an existing identity. Either `IdentityID` or
637
- # `DeveloperUserIdentifier` must not be null. If you supply only one of
638
- # these values, the other value will be searched in the database and
639
- # returned as a part of the response. If you supply both,
640
- # `DeveloperUserIdentifier` will be matched against `IdentityID`. If the
641
- # values are verified against the database, the response returns both
642
- # values and is the same as the request. Otherwise a
643
- # `ResourceConflictException` is thrown.
644
- #
645
- # You must use AWS Developer credentials to call this API.
646
- # @option params [required, String] :identity_pool_id
647
- # An identity pool ID in the format REGION:GUID.
648
- # @option params [String] :identity_id
649
- # A unique identifier in the format REGION:GUID.
650
- # @option params [String] :developer_user_identifier
651
- # A unique ID used by your backend authentication process to identify a
652
- # user. Typically, a developer identity provider would issue many
653
- # developer user identifiers, in keeping with the number of users.
654
- # @option params [Integer] :max_results
655
- # The maximum number of identities to return.
656
- # @option params [String] :next_token
657
- # A pagination token. The first call you make will have `NextToken` set
658
- # to null. After that the service will return `NextToken` values as
659
- # needed. For example, let's say you make a request with `MaxResults`
660
- # set to 10, and there are 20 matches in the database. The service will
661
- # return a pagination token as a part of the response. This token can be
662
- # used to call the API again and get results starting from the 11th
663
- # match.
664
- # @return [Types::LookupDeveloperIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
665
- #
666
- # * {Types::LookupDeveloperIdentityResponse#identity_id #IdentityId} => String
667
- # * {Types::LookupDeveloperIdentityResponse#developer_user_identifier_list #DeveloperUserIdentifierList} => Array&lt;String&gt;
668
- # * {Types::LookupDeveloperIdentityResponse#next_token #NextToken} => String
669
- #
670
- # @example Request syntax with placeholder values
671
- # resp = client.lookup_developer_identity({
672
- # identity_pool_id: "IdentityPoolId", # required
673
- # identity_id: "IdentityId",
674
- # developer_user_identifier: "DeveloperUserIdentifier",
675
- # max_results: 1,
676
- # next_token: "PaginationKey",
677
- # })
678
- #
679
- # @example Response structure
680
- # resp.identity_id #=> String
681
- # resp.developer_user_identifier_list #=> Array
682
- # resp.developer_user_identifier_list[0] #=> String
683
- # resp.next_token #=> String
684
- # @overload lookup_developer_identity(params = {})
685
- # @param [Hash] params ({})
686
- def lookup_developer_identity(params = {}, options = {})
687
- req = build_request(:lookup_developer_identity, params)
688
- req.send_request(options)
689
- end
444
+ # Generates (or retrieves) a Cognito ID. Supplying multiple logins will
445
+ # create an implicit linked account.
446
+ #
447
+ # This is a public API. You do not need any credentials to call this
448
+ # API.
449
+ #
450
+ # @option params [String] :account_id
451
+ # A standard AWS account ID (9+ digits).
452
+ #
453
+ # @option params [required, String] :identity_pool_id
454
+ # An identity pool ID in the format REGION:GUID.
455
+ #
456
+ # @option params [Hash<String,String>] :logins
457
+ # A set of optional name-value pairs that map provider names to provider
458
+ # tokens. The available provider names for `Logins` are as follows:
459
+ #
460
+ # * Facebook: `graph.facebook.com`
461
+ #
462
+ # * Amazon Cognito Identity Provider:
463
+ # `cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789`
464
+ #
465
+ # * Google: `accounts.google.com`
466
+ #
467
+ # * Amazon: `www.amazon.com`
468
+ #
469
+ # * Twitter: `api.twitter.com`
470
+ #
471
+ # * Digits: `www.digits.com`
472
+ #
473
+ # @return [Types::GetIdResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
474
+ #
475
+ # * {Types::GetIdResponse#identity_id #identity_id} => String
476
+ #
477
+ # @example Request syntax with placeholder values
478
+ #
479
+ # resp = client.get_id({
480
+ # account_id: "AccountId",
481
+ # identity_pool_id: "IdentityPoolId", # required
482
+ # logins: {
483
+ # "IdentityProviderName" => "IdentityProviderToken",
484
+ # },
485
+ # })
486
+ #
487
+ # @example Response structure
488
+ #
489
+ # resp.identity_id #=> String
490
+ #
491
+ # @overload get_id(params = {})
492
+ # @param [Hash] params ({})
493
+ def get_id(params = {}, options = {})
494
+ req = build_request(:get_id, params)
495
+ req.send_request(options)
496
+ end
690
497
 
691
- # Merges two users having different `IdentityId`s, existing in the same
692
- # identity pool, and identified by the same developer provider. You can
693
- # use this action to request that discrete users be merged and
694
- # identified as a single user in the Cognito environment. Cognito
695
- # associates the given source user (`SourceUserIdentifier`) with the
696
- # `IdentityId` of the `DestinationUserIdentifier`. Only
697
- # developer-authenticated users can be merged. If the users to be merged
698
- # are associated with the same public provider, but as two different
699
- # users, an exception will be thrown.
700
- #
701
- # You must use AWS Developer credentials to call this API.
702
- # @option params [required, String] :source_user_identifier
703
- # User identifier for the source user. The value should be a
704
- # `DeveloperUserIdentifier`.
705
- # @option params [required, String] :destination_user_identifier
706
- # User identifier for the destination user. The value should be a
707
- # `DeveloperUserIdentifier`.
708
- # @option params [required, String] :developer_provider_name
709
- # The "domain" by which Cognito will refer to your users. This is a
710
- # (pseudo) domain name that you provide while creating an identity pool.
711
- # This name acts as a placeholder that allows your backend and the
712
- # Cognito service to communicate about the developer provider. For the
713
- # `DeveloperProviderName`, you can use letters as well as period (.),
714
- # underscore (\_), and dash (-).
715
- # @option params [required, String] :identity_pool_id
716
- # An identity pool ID in the format REGION:GUID.
717
- # @return [Types::MergeDeveloperIdentitiesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
718
- #
719
- # * {Types::MergeDeveloperIdentitiesResponse#identity_id #IdentityId} => String
720
- #
721
- # @example Request syntax with placeholder values
722
- # resp = client.merge_developer_identities({
723
- # source_user_identifier: "DeveloperUserIdentifier", # required
724
- # destination_user_identifier: "DeveloperUserIdentifier", # required
725
- # developer_provider_name: "DeveloperProviderName", # required
726
- # identity_pool_id: "IdentityPoolId", # required
727
- # })
728
- #
729
- # @example Response structure
730
- # resp.identity_id #=> String
731
- # @overload merge_developer_identities(params = {})
732
- # @param [Hash] params ({})
733
- def merge_developer_identities(params = {}, options = {})
734
- req = build_request(:merge_developer_identities, params)
735
- req.send_request(options)
736
- end
498
+ # Gets the roles for an identity pool.
499
+ #
500
+ # You must use AWS Developer credentials to call this API.
501
+ #
502
+ # @option params [required, String] :identity_pool_id
503
+ # An identity pool ID in the format REGION:GUID.
504
+ #
505
+ # @return [Types::GetIdentityPoolRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
506
+ #
507
+ # * {Types::GetIdentityPoolRolesResponse#identity_pool_id #identity_pool_id} => String
508
+ # * {Types::GetIdentityPoolRolesResponse#roles #roles} => Hash&lt;String,String&gt;
509
+ # * {Types::GetIdentityPoolRolesResponse#role_mappings #role_mappings} => Hash&lt;String,Types::RoleMapping&gt;
510
+ #
511
+ # @example Request syntax with placeholder values
512
+ #
513
+ # resp = client.get_identity_pool_roles({
514
+ # identity_pool_id: "IdentityPoolId", # required
515
+ # })
516
+ #
517
+ # @example Response structure
518
+ #
519
+ # resp.identity_pool_id #=> String
520
+ # resp.roles #=> Hash
521
+ # resp.roles["RoleType"] #=> String
522
+ # resp.role_mappings #=> Hash
523
+ # resp.role_mappings["IdentityProviderName"].type #=> String, one of "Token", "Rules"
524
+ # resp.role_mappings["IdentityProviderName"].ambiguous_role_resolution #=> String, one of "AuthenticatedRole", "Deny"
525
+ # resp.role_mappings["IdentityProviderName"].rules_configuration.rules #=> Array
526
+ # resp.role_mappings["IdentityProviderName"].rules_configuration.rules[0].claim #=> String
527
+ # resp.role_mappings["IdentityProviderName"].rules_configuration.rules[0].match_type #=> String, one of "Equals", "Contains", "StartsWith", "NotEqual"
528
+ # resp.role_mappings["IdentityProviderName"].rules_configuration.rules[0].value #=> String
529
+ # resp.role_mappings["IdentityProviderName"].rules_configuration.rules[0].role_arn #=> String
530
+ #
531
+ # @overload get_identity_pool_roles(params = {})
532
+ # @param [Hash] params ({})
533
+ def get_identity_pool_roles(params = {}, options = {})
534
+ req = build_request(:get_identity_pool_roles, params)
535
+ req.send_request(options)
536
+ end
737
537
 
738
- # Sets the roles for an identity pool. These roles are used when making
739
- # calls to `GetCredentialsForIdentity` action.
740
- #
741
- # You must use AWS Developer credentials to call this API.
742
- # @option params [required, String] :identity_pool_id
743
- # An identity pool ID in the format REGION:GUID.
744
- # @option params [required, Hash<String,String>] :roles
745
- # The map of roles associated with this pool. For a given role, the key
746
- # will be either "authenticated" or "unauthenticated" and the value
747
- # will be the Role ARN.
748
- # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
749
- #
750
- # @example Request syntax with placeholder values
751
- # resp = client.set_identity_pool_roles({
752
- # identity_pool_id: "IdentityPoolId", # required
753
- # roles: { # required
754
- # "RoleType" => "ARNString",
755
- # },
756
- # })
757
- # @overload set_identity_pool_roles(params = {})
758
- # @param [Hash] params ({})
759
- def set_identity_pool_roles(params = {}, options = {})
760
- req = build_request(:set_identity_pool_roles, params)
761
- req.send_request(options)
762
- end
538
+ # Gets an OpenID token, using a known Cognito ID. This known Cognito ID
539
+ # is returned by GetId. You can optionally add additional logins for the
540
+ # identity. Supplying multiple logins creates an implicit link.
541
+ #
542
+ # The OpenId token is valid for 15 minutes.
543
+ #
544
+ # This is a public API. You do not need any credentials to call this
545
+ # API.
546
+ #
547
+ # @option params [required, String] :identity_id
548
+ # A unique identifier in the format REGION:GUID.
549
+ #
550
+ # @option params [Hash<String,String>] :logins
551
+ # A set of optional name-value pairs that map provider names to provider
552
+ # tokens. When using graph.facebook.com and www.amazon.com, supply the
553
+ # access\_token returned from the provider's authflow. For
554
+ # accounts.google.com, an Amazon Cognito Identity Provider, or any other
555
+ # OpenId Connect provider, always include the `id_token`.
556
+ #
557
+ # @return [Types::GetOpenIdTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
558
+ #
559
+ # * {Types::GetOpenIdTokenResponse#identity_id #identity_id} => String
560
+ # * {Types::GetOpenIdTokenResponse#token #token} => String
561
+ #
562
+ # @example Request syntax with placeholder values
563
+ #
564
+ # resp = client.get_open_id_token({
565
+ # identity_id: "IdentityId", # required
566
+ # logins: {
567
+ # "IdentityProviderName" => "IdentityProviderToken",
568
+ # },
569
+ # })
570
+ #
571
+ # @example Response structure
572
+ #
573
+ # resp.identity_id #=> String
574
+ # resp.token #=> String
575
+ #
576
+ # @overload get_open_id_token(params = {})
577
+ # @param [Hash] params ({})
578
+ def get_open_id_token(params = {}, options = {})
579
+ req = build_request(:get_open_id_token, params)
580
+ req.send_request(options)
581
+ end
763
582
 
764
- # Unlinks a `DeveloperUserIdentifier` from an existing identity.
765
- # Unlinked developer users will be considered new identities next time
766
- # they are seen. If, for a given Cognito identity, you remove all
767
- # federated identities as well as the developer user identifier, the
768
- # Cognito identity becomes inaccessible.
769
- #
770
- # You must use AWS Developer credentials to call this API.
771
- # @option params [required, String] :identity_id
772
- # A unique identifier in the format REGION:GUID.
773
- # @option params [required, String] :identity_pool_id
774
- # An identity pool ID in the format REGION:GUID.
775
- # @option params [required, String] :developer_provider_name
776
- # The "domain" by which Cognito will refer to your users.
777
- # @option params [required, String] :developer_user_identifier
778
- # A unique ID used by your backend authentication process to identify a
779
- # user.
780
- # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
781
- #
782
- # @example Request syntax with placeholder values
783
- # resp = client.unlink_developer_identity({
784
- # identity_id: "IdentityId", # required
785
- # identity_pool_id: "IdentityPoolId", # required
786
- # developer_provider_name: "DeveloperProviderName", # required
787
- # developer_user_identifier: "DeveloperUserIdentifier", # required
788
- # })
789
- # @overload unlink_developer_identity(params = {})
790
- # @param [Hash] params ({})
791
- def unlink_developer_identity(params = {}, options = {})
792
- req = build_request(:unlink_developer_identity, params)
793
- req.send_request(options)
794
- end
583
+ # Registers (or retrieves) a Cognito `IdentityId` and an OpenID Connect
584
+ # token for a user authenticated by your backend authentication process.
585
+ # Supplying multiple logins will create an implicit linked account. You
586
+ # can only specify one developer provider as part of the `Logins` map,
587
+ # which is linked to the identity pool. The developer provider is the
588
+ # "domain" by which Cognito will refer to your users.
589
+ #
590
+ # You can use `GetOpenIdTokenForDeveloperIdentity` to create a new
591
+ # identity and to link new logins (that is, user credentials issued by a
592
+ # public provider or developer provider) to an existing identity. When
593
+ # you want to create a new identity, the `IdentityId` should be null.
594
+ # When you want to associate a new login with an existing
595
+ # authenticated/unauthenticated identity, you can do so by providing the
596
+ # existing `IdentityId`. This API will create the identity in the
597
+ # specified `IdentityPoolId`.
598
+ #
599
+ # You must use AWS Developer credentials to call this API.
600
+ #
601
+ # @option params [required, String] :identity_pool_id
602
+ # An identity pool ID in the format REGION:GUID.
603
+ #
604
+ # @option params [String] :identity_id
605
+ # A unique identifier in the format REGION:GUID.
606
+ #
607
+ # @option params [required, Hash<String,String>] :logins
608
+ # A set of optional name-value pairs that map provider names to provider
609
+ # tokens. Each name-value pair represents a user from a public provider
610
+ # or developer provider. If the user is from a developer provider, the
611
+ # name-value pair will follow the syntax `"developer_provider_name":
612
+ # "developer_user_identifier"`. The developer provider is the "domain"
613
+ # by which Cognito will refer to your users; you provided this domain
614
+ # while creating/updating the identity pool. The developer user
615
+ # identifier is an identifier from your backend that uniquely identifies
616
+ # a user. When you create an identity pool, you can specify the
617
+ # supported logins.
618
+ #
619
+ # @option params [Integer] :token_duration
620
+ # The expiration time of the token, in seconds. You can specify a custom
621
+ # expiration time for the token so that you can cache it. If you don't
622
+ # provide an expiration time, the token is valid for 15 minutes. You can
623
+ # exchange the token with Amazon STS for temporary AWS credentials,
624
+ # which are valid for a maximum of one hour. The maximum token duration
625
+ # you can set is 24 hours. You should take care in setting the
626
+ # expiration time for a token, as there are significant security
627
+ # implications: an attacker could use a leaked token to access your AWS
628
+ # resources for the token's duration.
629
+ #
630
+ # @return [Types::GetOpenIdTokenForDeveloperIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
631
+ #
632
+ # * {Types::GetOpenIdTokenForDeveloperIdentityResponse#identity_id #identity_id} => String
633
+ # * {Types::GetOpenIdTokenForDeveloperIdentityResponse#token #token} => String
634
+ #
635
+ # @example Request syntax with placeholder values
636
+ #
637
+ # resp = client.get_open_id_token_for_developer_identity({
638
+ # identity_pool_id: "IdentityPoolId", # required
639
+ # identity_id: "IdentityId",
640
+ # logins: { # required
641
+ # "IdentityProviderName" => "IdentityProviderToken",
642
+ # },
643
+ # token_duration: 1,
644
+ # })
645
+ #
646
+ # @example Response structure
647
+ #
648
+ # resp.identity_id #=> String
649
+ # resp.token #=> String
650
+ #
651
+ # @overload get_open_id_token_for_developer_identity(params = {})
652
+ # @param [Hash] params ({})
653
+ def get_open_id_token_for_developer_identity(params = {}, options = {})
654
+ req = build_request(:get_open_id_token_for_developer_identity, params)
655
+ req.send_request(options)
656
+ end
795
657
 
796
- # Unlinks a federated identity from an existing account. Unlinked logins
797
- # will be considered new identities next time they are seen. Removing
798
- # the last linked login will make this identity inaccessible.
799
- #
800
- # This is a public API. You do not need any credentials to call this
801
- # API.
802
- # @option params [required, String] :identity_id
803
- # A unique identifier in the format REGION:GUID.
804
- # @option params [required, Hash<String,String>] :logins
805
- # A set of optional name-value pairs that map provider names to provider
806
- # tokens.
807
- # @option params [required, Array<String>] :logins_to_remove
808
- # Provider names to unlink from this identity.
809
- # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
810
- #
811
- # @example Request syntax with placeholder values
812
- # resp = client.unlink_identity({
813
- # identity_id: "IdentityId", # required
814
- # logins: { # required
815
- # "IdentityProviderName" => "IdentityProviderToken",
816
- # },
817
- # logins_to_remove: ["IdentityProviderName"], # required
818
- # })
819
- # @overload unlink_identity(params = {})
820
- # @param [Hash] params ({})
821
- def unlink_identity(params = {}, options = {})
822
- req = build_request(:unlink_identity, params)
823
- req.send_request(options)
824
- end
658
+ # Lists the identities in a pool.
659
+ #
660
+ # You must use AWS Developer credentials to call this API.
661
+ #
662
+ # @option params [required, String] :identity_pool_id
663
+ # An identity pool ID in the format REGION:GUID.
664
+ #
665
+ # @option params [required, Integer] :max_results
666
+ # The maximum number of identities to return.
667
+ #
668
+ # @option params [String] :next_token
669
+ # A pagination token.
670
+ #
671
+ # @option params [Boolean] :hide_disabled
672
+ # An optional boolean parameter that allows you to hide disabled
673
+ # identities. If omitted, the ListIdentities API will include disabled
674
+ # identities in the response.
675
+ #
676
+ # @return [Types::ListIdentitiesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
677
+ #
678
+ # * {Types::ListIdentitiesResponse#identity_pool_id #identity_pool_id} => String
679
+ # * {Types::ListIdentitiesResponse#identities #identities} => Array&lt;Types::IdentityDescription&gt;
680
+ # * {Types::ListIdentitiesResponse#next_token #next_token} => String
681
+ #
682
+ # @example Request syntax with placeholder values
683
+ #
684
+ # resp = client.list_identities({
685
+ # identity_pool_id: "IdentityPoolId", # required
686
+ # max_results: 1, # required
687
+ # next_token: "PaginationKey",
688
+ # hide_disabled: false,
689
+ # })
690
+ #
691
+ # @example Response structure
692
+ #
693
+ # resp.identity_pool_id #=> String
694
+ # resp.identities #=> Array
695
+ # resp.identities[0].identity_id #=> String
696
+ # resp.identities[0].logins #=> Array
697
+ # resp.identities[0].logins[0] #=> String
698
+ # resp.identities[0].creation_date #=> Time
699
+ # resp.identities[0].last_modified_date #=> Time
700
+ # resp.next_token #=> String
701
+ #
702
+ # @overload list_identities(params = {})
703
+ # @param [Hash] params ({})
704
+ def list_identities(params = {}, options = {})
705
+ req = build_request(:list_identities, params)
706
+ req.send_request(options)
707
+ end
825
708
 
826
- # Updates a user pool.
827
- #
828
- # You must use AWS Developer credentials to call this API.
829
- # @option params [required, String] :identity_pool_id
830
- # An identity pool ID in the format REGION:GUID.
831
- # @option params [required, String] :identity_pool_name
832
- # A string that you provide.
833
- # @option params [required, Boolean] :allow_unauthenticated_identities
834
- # TRUE if the identity pool supports unauthenticated logins.
835
- # @option params [Hash<String,String>] :supported_login_providers
836
- # Optional key:value pairs mapping provider names to provider app IDs.
837
- # @option params [String] :developer_provider_name
838
- # The "domain" by which Cognito will refer to your users.
839
- # @option params [Array<String>] :open_id_connect_provider_arns
840
- # A list of OpendID Connect provider ARNs.
841
- # @option params [Array<Types::CognitoIdentityProvider>] :cognito_identity_providers
842
- # A list representing an Amazon Cognito Identity User Pool and its
843
- # client ID.
844
- # @option params [Array<String>] :saml_provider_arns
845
- # An array of Amazon Resource Names (ARNs) of the SAML provider for your
846
- # identity pool.
847
- # @return [Types::IdentityPool] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
848
- #
849
- # * {Types::IdentityPool#identity_pool_id #IdentityPoolId} => String
850
- # * {Types::IdentityPool#identity_pool_name #IdentityPoolName} => String
851
- # * {Types::IdentityPool#allow_unauthenticated_identities #AllowUnauthenticatedIdentities} => Boolean
852
- # * {Types::IdentityPool#supported_login_providers #SupportedLoginProviders} => Hash&lt;String,String&gt;
853
- # * {Types::IdentityPool#developer_provider_name #DeveloperProviderName} => String
854
- # * {Types::IdentityPool#open_id_connect_provider_arns #OpenIdConnectProviderARNs} => Array&lt;String&gt;
855
- # * {Types::IdentityPool#cognito_identity_providers #CognitoIdentityProviders} => Array&lt;Types::CognitoIdentityProvider&gt;
856
- # * {Types::IdentityPool#saml_provider_arns #SamlProviderARNs} => Array&lt;String&gt;
857
- #
858
- # @example Request syntax with placeholder values
859
- # resp = client.update_identity_pool({
860
- # identity_pool_id: "IdentityPoolId", # required
861
- # identity_pool_name: "IdentityPoolName", # required
862
- # allow_unauthenticated_identities: false, # required
863
- # supported_login_providers: {
864
- # "IdentityProviderName" => "IdentityProviderId",
865
- # },
866
- # developer_provider_name: "DeveloperProviderName",
867
- # open_id_connect_provider_arns: ["ARNString"],
868
- # cognito_identity_providers: [
869
- # {
870
- # provider_name: "CognitoIdentityProviderName",
871
- # client_id: "CognitoIdentityProviderClientId",
872
- # },
873
- # ],
874
- # saml_provider_arns: ["ARNString"],
875
- # })
876
- #
877
- # @example Response structure
878
- # resp.identity_pool_id #=> String
879
- # resp.identity_pool_name #=> String
880
- # resp.allow_unauthenticated_identities #=> Boolean
881
- # resp.supported_login_providers #=> Hash
882
- # resp.supported_login_providers["IdentityProviderName"] #=> String
883
- # resp.developer_provider_name #=> String
884
- # resp.open_id_connect_provider_arns #=> Array
885
- # resp.open_id_connect_provider_arns[0] #=> String
886
- # resp.cognito_identity_providers #=> Array
887
- # resp.cognito_identity_providers[0].provider_name #=> String
888
- # resp.cognito_identity_providers[0].client_id #=> String
889
- # resp.saml_provider_arns #=> Array
890
- # resp.saml_provider_arns[0] #=> String
891
- # @overload update_identity_pool(params = {})
892
- # @param [Hash] params ({})
893
- def update_identity_pool(params = {}, options = {})
894
- req = build_request(:update_identity_pool, params)
895
- req.send_request(options)
896
- end
709
+ # Lists all of the Cognito identity pools registered for your account.
710
+ #
711
+ # You must use AWS Developer credentials to call this API.
712
+ #
713
+ # @option params [required, Integer] :max_results
714
+ # The maximum number of identities to return.
715
+ #
716
+ # @option params [String] :next_token
717
+ # A pagination token.
718
+ #
719
+ # @return [Types::ListIdentityPoolsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
720
+ #
721
+ # * {Types::ListIdentityPoolsResponse#identity_pools #identity_pools} => Array&lt;Types::IdentityPoolShortDescription&gt;
722
+ # * {Types::ListIdentityPoolsResponse#next_token #next_token} => String
723
+ #
724
+ # @example Request syntax with placeholder values
725
+ #
726
+ # resp = client.list_identity_pools({
727
+ # max_results: 1, # required
728
+ # next_token: "PaginationKey",
729
+ # })
730
+ #
731
+ # @example Response structure
732
+ #
733
+ # resp.identity_pools #=> Array
734
+ # resp.identity_pools[0].identity_pool_id #=> String
735
+ # resp.identity_pools[0].identity_pool_name #=> String
736
+ # resp.next_token #=> String
737
+ #
738
+ # @overload list_identity_pools(params = {})
739
+ # @param [Hash] params ({})
740
+ def list_identity_pools(params = {}, options = {})
741
+ req = build_request(:list_identity_pools, params)
742
+ req.send_request(options)
743
+ end
897
744
 
898
- # @!endgroup
745
+ # Retrieves the `IdentityID` associated with a `DeveloperUserIdentifier`
746
+ # or the list of `DeveloperUserIdentifier`s associated with an
747
+ # `IdentityId` for an existing identity. Either `IdentityID` or
748
+ # `DeveloperUserIdentifier` must not be null. If you supply only one of
749
+ # these values, the other value will be searched in the database and
750
+ # returned as a part of the response. If you supply both,
751
+ # `DeveloperUserIdentifier` will be matched against `IdentityID`. If the
752
+ # values are verified against the database, the response returns both
753
+ # values and is the same as the request. Otherwise a
754
+ # `ResourceConflictException` is thrown.
755
+ #
756
+ # You must use AWS Developer credentials to call this API.
757
+ #
758
+ # @option params [required, String] :identity_pool_id
759
+ # An identity pool ID in the format REGION:GUID.
760
+ #
761
+ # @option params [String] :identity_id
762
+ # A unique identifier in the format REGION:GUID.
763
+ #
764
+ # @option params [String] :developer_user_identifier
765
+ # A unique ID used by your backend authentication process to identify a
766
+ # user. Typically, a developer identity provider would issue many
767
+ # developer user identifiers, in keeping with the number of users.
768
+ #
769
+ # @option params [Integer] :max_results
770
+ # The maximum number of identities to return.
771
+ #
772
+ # @option params [String] :next_token
773
+ # A pagination token. The first call you make will have `NextToken` set
774
+ # to null. After that the service will return `NextToken` values as
775
+ # needed. For example, let's say you make a request with `MaxResults`
776
+ # set to 10, and there are 20 matches in the database. The service will
777
+ # return a pagination token as a part of the response. This token can be
778
+ # used to call the API again and get results starting from the 11th
779
+ # match.
780
+ #
781
+ # @return [Types::LookupDeveloperIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
782
+ #
783
+ # * {Types::LookupDeveloperIdentityResponse#identity_id #identity_id} => String
784
+ # * {Types::LookupDeveloperIdentityResponse#developer_user_identifier_list #developer_user_identifier_list} => Array&lt;String&gt;
785
+ # * {Types::LookupDeveloperIdentityResponse#next_token #next_token} => String
786
+ #
787
+ # @example Request syntax with placeholder values
788
+ #
789
+ # resp = client.lookup_developer_identity({
790
+ # identity_pool_id: "IdentityPoolId", # required
791
+ # identity_id: "IdentityId",
792
+ # developer_user_identifier: "DeveloperUserIdentifier",
793
+ # max_results: 1,
794
+ # next_token: "PaginationKey",
795
+ # })
796
+ #
797
+ # @example Response structure
798
+ #
799
+ # resp.identity_id #=> String
800
+ # resp.developer_user_identifier_list #=> Array
801
+ # resp.developer_user_identifier_list[0] #=> String
802
+ # resp.next_token #=> String
803
+ #
804
+ # @overload lookup_developer_identity(params = {})
805
+ # @param [Hash] params ({})
806
+ def lookup_developer_identity(params = {}, options = {})
807
+ req = build_request(:lookup_developer_identity, params)
808
+ req.send_request(options)
809
+ end
899
810
 
900
- # @param params ({})
901
- # @api private
902
- def build_request(operation_name, params = {})
903
- handlers = @handlers.for(operation_name)
904
- context = Seahorse::Client::RequestContext.new(
905
- operation_name: operation_name,
906
- operation: config.api.operation(operation_name),
907
- client: self,
908
- params: params,
909
- config: config)
910
- context[:gem_name] = 'aws-sdk-cognitoidentity'
911
- context[:gem_version] = '1.0.0.rc1'
912
- Seahorse::Client::Request.new(handlers, context)
913
- end
811
+ # Merges two users having different `IdentityId`s, existing in the same
812
+ # identity pool, and identified by the same developer provider. You can
813
+ # use this action to request that discrete users be merged and
814
+ # identified as a single user in the Cognito environment. Cognito
815
+ # associates the given source user (`SourceUserIdentifier`) with the
816
+ # `IdentityId` of the `DestinationUserIdentifier`. Only
817
+ # developer-authenticated users can be merged. If the users to be merged
818
+ # are associated with the same public provider, but as two different
819
+ # users, an exception will be thrown.
820
+ #
821
+ # You must use AWS Developer credentials to call this API.
822
+ #
823
+ # @option params [required, String] :source_user_identifier
824
+ # User identifier for the source user. The value should be a
825
+ # `DeveloperUserIdentifier`.
826
+ #
827
+ # @option params [required, String] :destination_user_identifier
828
+ # User identifier for the destination user. The value should be a
829
+ # `DeveloperUserIdentifier`.
830
+ #
831
+ # @option params [required, String] :developer_provider_name
832
+ # The "domain" by which Cognito will refer to your users. This is a
833
+ # (pseudo) domain name that you provide while creating an identity pool.
834
+ # This name acts as a placeholder that allows your backend and the
835
+ # Cognito service to communicate about the developer provider. For the
836
+ # `DeveloperProviderName`, you can use letters as well as period (.),
837
+ # underscore (\_), and dash (-).
838
+ #
839
+ # @option params [required, String] :identity_pool_id
840
+ # An identity pool ID in the format REGION:GUID.
841
+ #
842
+ # @return [Types::MergeDeveloperIdentitiesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
843
+ #
844
+ # * {Types::MergeDeveloperIdentitiesResponse#identity_id #identity_id} => String
845
+ #
846
+ # @example Request syntax with placeholder values
847
+ #
848
+ # resp = client.merge_developer_identities({
849
+ # source_user_identifier: "DeveloperUserIdentifier", # required
850
+ # destination_user_identifier: "DeveloperUserIdentifier", # required
851
+ # developer_provider_name: "DeveloperProviderName", # required
852
+ # identity_pool_id: "IdentityPoolId", # required
853
+ # })
854
+ #
855
+ # @example Response structure
856
+ #
857
+ # resp.identity_id #=> String
858
+ #
859
+ # @overload merge_developer_identities(params = {})
860
+ # @param [Hash] params ({})
861
+ def merge_developer_identities(params = {}, options = {})
862
+ req = build_request(:merge_developer_identities, params)
863
+ req.send_request(options)
864
+ end
914
865
 
915
- # @api private
916
- # @deprecated
917
- def waiter_names
918
- []
919
- end
866
+ # Sets the roles for an identity pool. These roles are used when making
867
+ # calls to GetCredentialsForIdentity action.
868
+ #
869
+ # You must use AWS Developer credentials to call this API.
870
+ #
871
+ # @option params [required, String] :identity_pool_id
872
+ # An identity pool ID in the format REGION:GUID.
873
+ #
874
+ # @option params [required, Hash<String,String>] :roles
875
+ # The map of roles associated with this pool. For a given role, the key
876
+ # will be either "authenticated" or "unauthenticated" and the value
877
+ # will be the Role ARN.
878
+ #
879
+ # @option params [Hash<String,Types::RoleMapping>] :role_mappings
880
+ # How users for a specific identity provider are to mapped to roles.
881
+ # This is a string to RoleMapping object map. The string identifies the
882
+ # identity provider, for example, "graph.facebook.com" or
883
+ # "cognito-idp-east-1.amazonaws.com/us-east-1\_abcdefghi:app\_client\_id".
884
+ #
885
+ # Up to 25 rules can be specified per identity provider.
886
+ #
887
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
888
+ #
889
+ # @example Request syntax with placeholder values
890
+ #
891
+ # resp = client.set_identity_pool_roles({
892
+ # identity_pool_id: "IdentityPoolId", # required
893
+ # roles: { # required
894
+ # "RoleType" => "ARNString",
895
+ # },
896
+ # role_mappings: {
897
+ # "IdentityProviderName" => {
898
+ # type: "Token", # required, accepts Token, Rules
899
+ # ambiguous_role_resolution: "AuthenticatedRole", # accepts AuthenticatedRole, Deny
900
+ # rules_configuration: {
901
+ # rules: [ # required
902
+ # {
903
+ # claim: "ClaimName", # required
904
+ # match_type: "Equals", # required, accepts Equals, Contains, StartsWith, NotEqual
905
+ # value: "ClaimValue", # required
906
+ # role_arn: "ARNString", # required
907
+ # },
908
+ # ],
909
+ # },
910
+ # },
911
+ # },
912
+ # })
913
+ #
914
+ # @overload set_identity_pool_roles(params = {})
915
+ # @param [Hash] params ({})
916
+ def set_identity_pool_roles(params = {}, options = {})
917
+ req = build_request(:set_identity_pool_roles, params)
918
+ req.send_request(options)
919
+ end
920
920
 
921
- class << self
921
+ # Unlinks a `DeveloperUserIdentifier` from an existing identity.
922
+ # Unlinked developer users will be considered new identities next time
923
+ # they are seen. If, for a given Cognito identity, you remove all
924
+ # federated identities as well as the developer user identifier, the
925
+ # Cognito identity becomes inaccessible.
926
+ #
927
+ # You must use AWS Developer credentials to call this API.
928
+ #
929
+ # @option params [required, String] :identity_id
930
+ # A unique identifier in the format REGION:GUID.
931
+ #
932
+ # @option params [required, String] :identity_pool_id
933
+ # An identity pool ID in the format REGION:GUID.
934
+ #
935
+ # @option params [required, String] :developer_provider_name
936
+ # The "domain" by which Cognito will refer to your users.
937
+ #
938
+ # @option params [required, String] :developer_user_identifier
939
+ # A unique ID used by your backend authentication process to identify a
940
+ # user.
941
+ #
942
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
943
+ #
944
+ # @example Request syntax with placeholder values
945
+ #
946
+ # resp = client.unlink_developer_identity({
947
+ # identity_id: "IdentityId", # required
948
+ # identity_pool_id: "IdentityPoolId", # required
949
+ # developer_provider_name: "DeveloperProviderName", # required
950
+ # developer_user_identifier: "DeveloperUserIdentifier", # required
951
+ # })
952
+ #
953
+ # @overload unlink_developer_identity(params = {})
954
+ # @param [Hash] params ({})
955
+ def unlink_developer_identity(params = {}, options = {})
956
+ req = build_request(:unlink_developer_identity, params)
957
+ req.send_request(options)
958
+ end
959
+
960
+ # Unlinks a federated identity from an existing account. Unlinked logins
961
+ # will be considered new identities next time they are seen. Removing
962
+ # the last linked login will make this identity inaccessible.
963
+ #
964
+ # This is a public API. You do not need any credentials to call this
965
+ # API.
966
+ #
967
+ # @option params [required, String] :identity_id
968
+ # A unique identifier in the format REGION:GUID.
969
+ #
970
+ # @option params [required, Hash<String,String>] :logins
971
+ # A set of optional name-value pairs that map provider names to provider
972
+ # tokens.
973
+ #
974
+ # @option params [required, Array<String>] :logins_to_remove
975
+ # Provider names to unlink from this identity.
976
+ #
977
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
978
+ #
979
+ # @example Request syntax with placeholder values
980
+ #
981
+ # resp = client.unlink_identity({
982
+ # identity_id: "IdentityId", # required
983
+ # logins: { # required
984
+ # "IdentityProviderName" => "IdentityProviderToken",
985
+ # },
986
+ # logins_to_remove: ["IdentityProviderName"], # required
987
+ # })
988
+ #
989
+ # @overload unlink_identity(params = {})
990
+ # @param [Hash] params ({})
991
+ def unlink_identity(params = {}, options = {})
992
+ req = build_request(:unlink_identity, params)
993
+ req.send_request(options)
994
+ end
922
995
 
923
- # @api private
924
- attr_reader :identifier
996
+ # Updates a user pool.
997
+ #
998
+ # You must use AWS Developer credentials to call this API.
999
+ #
1000
+ # @option params [required, String] :identity_pool_id
1001
+ # An identity pool ID in the format REGION:GUID.
1002
+ #
1003
+ # @option params [required, String] :identity_pool_name
1004
+ # A string that you provide.
1005
+ #
1006
+ # @option params [required, Boolean] :allow_unauthenticated_identities
1007
+ # TRUE if the identity pool supports unauthenticated logins.
1008
+ #
1009
+ # @option params [Hash<String,String>] :supported_login_providers
1010
+ # Optional key:value pairs mapping provider names to provider app IDs.
1011
+ #
1012
+ # @option params [String] :developer_provider_name
1013
+ # The "domain" by which Cognito will refer to your users.
1014
+ #
1015
+ # @option params [Array<String>] :open_id_connect_provider_arns
1016
+ # A list of OpendID Connect provider ARNs.
1017
+ #
1018
+ # @option params [Array<Types::CognitoIdentityProvider>] :cognito_identity_providers
1019
+ # A list representing an Amazon Cognito Identity User Pool and its
1020
+ # client ID.
1021
+ #
1022
+ # @option params [Array<String>] :saml_provider_arns
1023
+ # An array of Amazon Resource Names (ARNs) of the SAML provider for your
1024
+ # identity pool.
1025
+ #
1026
+ # @return [Types::IdentityPool] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1027
+ #
1028
+ # * {Types::IdentityPool#identity_pool_id #identity_pool_id} => String
1029
+ # * {Types::IdentityPool#identity_pool_name #identity_pool_name} => String
1030
+ # * {Types::IdentityPool#allow_unauthenticated_identities #allow_unauthenticated_identities} => Boolean
1031
+ # * {Types::IdentityPool#supported_login_providers #supported_login_providers} => Hash&lt;String,String&gt;
1032
+ # * {Types::IdentityPool#developer_provider_name #developer_provider_name} => String
1033
+ # * {Types::IdentityPool#open_id_connect_provider_arns #open_id_connect_provider_arns} => Array&lt;String&gt;
1034
+ # * {Types::IdentityPool#cognito_identity_providers #cognito_identity_providers} => Array&lt;Types::CognitoIdentityProvider&gt;
1035
+ # * {Types::IdentityPool#saml_provider_arns #saml_provider_arns} => Array&lt;String&gt;
1036
+ #
1037
+ # @example Request syntax with placeholder values
1038
+ #
1039
+ # resp = client.update_identity_pool({
1040
+ # identity_pool_id: "IdentityPoolId", # required
1041
+ # identity_pool_name: "IdentityPoolName", # required
1042
+ # allow_unauthenticated_identities: false, # required
1043
+ # supported_login_providers: {
1044
+ # "IdentityProviderName" => "IdentityProviderId",
1045
+ # },
1046
+ # developer_provider_name: "DeveloperProviderName",
1047
+ # open_id_connect_provider_arns: ["ARNString"],
1048
+ # cognito_identity_providers: [
1049
+ # {
1050
+ # provider_name: "CognitoIdentityProviderName",
1051
+ # client_id: "CognitoIdentityProviderClientId",
1052
+ # },
1053
+ # ],
1054
+ # saml_provider_arns: ["ARNString"],
1055
+ # })
1056
+ #
1057
+ # @example Response structure
1058
+ #
1059
+ # resp.identity_pool_id #=> String
1060
+ # resp.identity_pool_name #=> String
1061
+ # resp.allow_unauthenticated_identities #=> Boolean
1062
+ # resp.supported_login_providers #=> Hash
1063
+ # resp.supported_login_providers["IdentityProviderName"] #=> String
1064
+ # resp.developer_provider_name #=> String
1065
+ # resp.open_id_connect_provider_arns #=> Array
1066
+ # resp.open_id_connect_provider_arns[0] #=> String
1067
+ # resp.cognito_identity_providers #=> Array
1068
+ # resp.cognito_identity_providers[0].provider_name #=> String
1069
+ # resp.cognito_identity_providers[0].client_id #=> String
1070
+ # resp.saml_provider_arns #=> Array
1071
+ # resp.saml_provider_arns[0] #=> String
1072
+ #
1073
+ # @overload update_identity_pool(params = {})
1074
+ # @param [Hash] params ({})
1075
+ def update_identity_pool(params = {}, options = {})
1076
+ req = build_request(:update_identity_pool, params)
1077
+ req.send_request(options)
1078
+ end
925
1079
 
926
- # @api private
927
- def errors_module
928
- Errors
929
- end
1080
+ # @!endgroup
930
1081
 
1082
+ # @param params ({})
1083
+ # @api private
1084
+ def build_request(operation_name, params = {})
1085
+ handlers = @handlers.for(operation_name)
1086
+ context = Seahorse::Client::RequestContext.new(
1087
+ operation_name: operation_name,
1088
+ operation: config.api.operation(operation_name),
1089
+ client: self,
1090
+ params: params,
1091
+ config: config)
1092
+ context[:gem_name] = 'aws-sdk-cognitoidentity'
1093
+ context[:gem_version] = '1.0.0.rc1'
1094
+ Seahorse::Client::Request.new(handlers, context)
1095
+ end
1096
+
1097
+ # @api private
1098
+ # @deprecated
1099
+ def waiter_names
1100
+ []
1101
+ end
1102
+
1103
+ class << self
1104
+
1105
+ # @api private
1106
+ attr_reader :identifier
1107
+
1108
+ # @api private
1109
+ def errors_module
1110
+ Errors
931
1111
  end
1112
+
932
1113
  end
933
1114
  end
934
1115
  end