aws-sdk-cognitoidentity 1.17.0 → 1.22.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 03fef6e9604113455535566c9b980e2e13838ae4
-  data.tar.gz: fc1ab18c67637b852a6a2c41ab89fe458d61bf35
+SHA256:
+  metadata.gz: 248a99b15860cba96ca8e90332fb5668f4bbd33a6ddcd76cabe65ae6afad2748
+  data.tar.gz: f77b85540853f5519ac22f518b5e5b2de9a267f9d15f28801af1511e75c69f3a
 SHA512:
-  metadata.gz: c446c1d5ad9834bf822f5baa7e9914d6f1fb3df7221a49162d37f106401332391cda15e1eb5e1c51820e82779d098c6eda3fe796b59baac955f5246304ed57a2
-  data.tar.gz: '08e715731148063b68f2fe26ce14fffaccfad893b621ead0d6b6b6796caf49399525c817a07a691b36ff121a1c12f4d54fe6b728d47d0bc1dc2c0a44ce633741'
+  metadata.gz: a054787d09c66241ab5589d7ca2dd50e62d7bacd2875b9cea86e8773546f996e7231578437bce8182e2ab56a23c18fbac622e4e96b61a3ce76185e34016f663a
+  data.tar.gz: e77a439d1f65a3896b3fddc78eb0492a431ba8f0b331f9e1e384cbdf7583805096c5ff40299b59596e0a52ac66788a9369a803b37e33f901c960ea0f38fb2167

data/lib/aws-sdk-cognitoidentity.rb

@@ -24,17 +24,20 @@ require_relative 'aws-sdk-cognitoidentity/customizations'
 # methods each accept a hash of request parameters and return a response
 # structure.
 #
+#     cognito_identity = Aws::CognitoIdentity::Client.new
+#     resp = cognito_identity.create_identity_pool(params)
+#
 # See {Client} for more information.
 #
 # # Errors
 #
-# Errors returned from Amazon Cognito Identity all
-# extend {Errors::ServiceError}.
+# Errors returned from Amazon Cognito Identity are defined in the
+# {Errors} module and all extend {Errors::ServiceError}.
 #
 #     begin
 #       # do stuff
 #     rescue Aws::CognitoIdentity::Errors::ServiceError
-#       # rescues all service API errors
+#       # rescues all Amazon Cognito Identity API errors
 #     end
 #
 # See {Errors} for more information.
@@ -42,6 +45,6 @@ require_relative 'aws-sdk-cognitoidentity/customizations'
 # @service
 module Aws::CognitoIdentity
 
-  GEM_VERSION = '1.17.0'
+  GEM_VERSION = '1.22.0'
 
 end

data/lib/aws-sdk-cognitoidentity/client.rb

@@ -30,6 +30,18 @@ require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 Aws::Plugins::GlobalConfiguration.add_identifier(:cognitoidentity)
 
 module Aws::CognitoIdentity
+  # An API client for CognitoIdentity.  To construct a client, you need to configure a `:region` and `:credentials`.
+  #
+  #     client = Aws::CognitoIdentity::Client.new(
+  #       region: region_name,
+  #       credentials: credentials,
+  #       # ...
+  #     )
+  #
+  # For details on configuring region and credentials see
+  # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
+  #
+  # See {#initialize} for a full list of supported configuration options.
   class Client < Seahorse::Client::Base
 
     include Aws::ClientStubs
@@ -93,7 +105,7 @@ module Aws::CognitoIdentity
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
     #     used to determine the service `:endpoint`. When not passed,
-    #     a default `:region` is search for in the following locations:
+    #     a default `:region` is searched for in the following locations:
     #
     #     * `Aws.config[:region]`
     #     * `ENV['AWS_REGION']`
@@ -108,6 +120,12 @@ module Aws::CognitoIdentity
     #     When set to `true`, a thread polling for endpoints will be running in
     #     the background every 60 secs (default). Defaults to `false`.
     #
+    #   @option options [Boolean] :adaptive_retry_wait_to_fill (true)
+    #     Used only in `adaptive` retry mode.  When true, the request will sleep
+    #     until there is sufficent client side capacity to retry the request.
+    #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
+    #     not retry instead of sleeping.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -132,6 +150,10 @@ module Aws::CognitoIdentity
     #     When `true`, an attempt is made to coerce request parameters into
     #     the required types.
     #
+    #   @option options [Boolean] :correct_clock_skew (true)
+    #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
+    #     a clock skew correction and retry requests with skewed client clocks.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
@@ -139,7 +161,7 @@ module Aws::CognitoIdentity
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
-    #     to test endpoints. This should be avalid HTTP(S) URI.
+    #     to test endpoints. This should be a valid HTTP(S) URI.
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -154,7 +176,7 @@ module Aws::CognitoIdentity
     #     requests fetching endpoints information. Defaults to 60 sec.
     #
     #   @option options [Boolean] :endpoint_discovery (false)
-    #     When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
+    #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
@@ -166,15 +188,29 @@ module Aws::CognitoIdentity
     #     The Logger instance to send log messages to.  If this option
     #     is not set, logging will be disabled.
     #
+    #   @option options [Integer] :max_attempts (3)
+    #     An integer representing the maximum number attempts that will be made for
+    #     a single request, including the initial attempt.  For example,
+    #     setting this value to 5 will result in a request being retried up to
+    #     4 times. Used in `standard` and `adaptive` retry modes.
+    #
     #   @option options [String] :profile ("default")
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [Proc] :retry_backoff
+    #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
+    #     This option is only used in the `legacy` retry mode.
+    #
     #   @option options [Float] :retry_base_delay (0.3)
-    #     The base delay in seconds used by the default backoff function.
+    #     The base delay in seconds used by the default backoff function. This option
+    #     is only used in the `legacy` retry mode.
     #
     #   @option options [Symbol] :retry_jitter (:none)
-    #     A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number.
+    #     A delay randomiser function used by the default backoff function.
+    #     Some predefined functions can be referenced by name - :none, :equal, :full,
+    #     otherwise a Proc that takes and returns a number. This option is only used
+    #     in the `legacy` retry mode.
     #
     #     @see https://www.awsarchitectureblog.com/2015/03/backoff.html
     #
@@ -182,11 +218,30 @@ module Aws::CognitoIdentity
     #     The maximum number of times to retry failed requests.  Only
     #     ~ 500 level server errors and certain ~ 400 level client errors
     #     are retried.  Generally, these are throttling errors, data
-    #     checksum errors, networking errors, timeout errors and auth
-    #     errors from expired credentials.
+    #     checksum errors, networking errors, timeout errors, auth errors,
+    #     endpoint discovery, and errors from expired credentials.
+    #     This option is only used in the `legacy` retry mode.
     #
     #   @option options [Integer] :retry_max_delay (0)
-    #     The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function.
+    #     The maximum number of seconds to delay between retries (0 for no limit)
+    #     used by the default backoff function. This option is only used in the
+    #     `legacy` retry mode.
+    #
+    #   @option options [String] :retry_mode ("legacy")
+    #     Specifies which retry algorithm to use. Values are:
+    #
+    #     * `legacy` - The pre-existing retry behavior.  This is default value if
+    #       no retry mode is provided.
+    #
+    #     * `standard` - A standardized set of retry rules across the AWS SDKs.
+    #       This includes support for retry quotas, which limit the number of
+    #       unsuccessful retries a client can make.
+    #
+    #     * `adaptive` - An experimental retry mode that includes all the
+    #       functionality of `standard` mode along with automatic client side
+    #       throttling.  This is a provisional mode that may change behavior
+    #       in the future.
+    #
     #
     #   @option options [String] :secret_access_key
     #
@@ -219,16 +274,15 @@ module Aws::CognitoIdentity
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
     #   @option options [Float] :http_open_timeout (15) The number of
-    #     seconds to wait when opening a HTTP session before rasing a
+    #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
     #   @option options [Integer] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
-    #     safely be set
-    #     per-request on the session yeidled by {#session_for}.
+    #     safely be set per-request on the session.
     #
     #   @option options [Float] :http_idle_timeout (5) The number of
-    #     seconds a connection is allowed to sit idble before it is
+    #     seconds a connection is allowed to sit idle before it is
     #     considered stale.  Stale connections are closed and removed
     #     from the pool before making a request.
     #
@@ -237,7 +291,7 @@ module Aws::CognitoIdentity
     #     request body.  This option has no effect unless the request has
     #     "Expect" header set to "100-continue".  Defaults to `nil` which
     #     disables this behaviour.  This value can safely be set per
-    #     request on the session yeidled by {#session_for}.
+    #     request on the session.
     #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
@@ -265,9 +319,8 @@ module Aws::CognitoIdentity
     # @!group API Operations
 
     # Creates a new identity pool. The identity pool is a store of user
-    # identity information that is specific to your AWS account. The limit
-    # on identity pools is 60 per account. The keys for
-    # `SupportedLoginProviders` are as follows:
+    # identity information that is specific to your AWS account. The keys
+    # for `SupportedLoginProviders` are as follows:
     #
     # * Facebook: `graph.facebook.com`
     #
@@ -287,6 +340,15 @@ module Aws::CognitoIdentity
     # @option params [required, Boolean] :allow_unauthenticated_identities
     #   TRUE if the identity pool supports unauthenticated logins.
     #
+    # @option params [Boolean] :allow_classic_flow
+    #   Enables or disables the Basic (Classic) authentication flow. For more
+    #   information, see [Identity Pools (Federated Identities) Authentication
+    #   Flow][1] in the *Amazon Cognito Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html
+    #
     # @option params [Hash<String,String>] :supported_login_providers
     #   Optional key:value pairs mapping provider names to provider app IDs.
     #
@@ -320,6 +382,7 @@ module Aws::CognitoIdentity
     #   * {Types::IdentityPool#identity_pool_id #identity_pool_id} => String
     #   * {Types::IdentityPool#identity_pool_name #identity_pool_name} => String
     #   * {Types::IdentityPool#allow_unauthenticated_identities #allow_unauthenticated_identities} => Boolean
+    #   * {Types::IdentityPool#allow_classic_flow #allow_classic_flow} => Boolean
     #   * {Types::IdentityPool#supported_login_providers #supported_login_providers} => Hash&lt;String,String&gt;
     #   * {Types::IdentityPool#developer_provider_name #developer_provider_name} => String
     #   * {Types::IdentityPool#open_id_connect_provider_arns #open_id_connect_provider_arns} => Array&lt;String&gt;
@@ -332,6 +395,7 @@ module Aws::CognitoIdentity
     #   resp = client.create_identity_pool({
     #     identity_pool_name: "IdentityPoolName", # required
     #     allow_unauthenticated_identities: false, # required
+    #     allow_classic_flow: false,
     #     supported_login_providers: {
     #       "IdentityProviderName" => "IdentityProviderId",
     #     },
@@ -355,6 +419,7 @@ module Aws::CognitoIdentity
     #   resp.identity_pool_id #=> String
     #   resp.identity_pool_name #=> String
     #   resp.allow_unauthenticated_identities #=> Boolean
+    #   resp.allow_classic_flow #=> Boolean
     #   resp.supported_login_providers #=> Hash
     #   resp.supported_login_providers["IdentityProviderName"] #=> String
     #   resp.developer_provider_name #=> String
@@ -487,6 +552,7 @@ module Aws::CognitoIdentity
     #   * {Types::IdentityPool#identity_pool_id #identity_pool_id} => String
     #   * {Types::IdentityPool#identity_pool_name #identity_pool_name} => String
     #   * {Types::IdentityPool#allow_unauthenticated_identities #allow_unauthenticated_identities} => Boolean
+    #   * {Types::IdentityPool#allow_classic_flow #allow_classic_flow} => Boolean
     #   * {Types::IdentityPool#supported_login_providers #supported_login_providers} => Hash&lt;String,String&gt;
     #   * {Types::IdentityPool#developer_provider_name #developer_provider_name} => String
     #   * {Types::IdentityPool#open_id_connect_provider_arns #open_id_connect_provider_arns} => Array&lt;String&gt;
@@ -505,6 +571,7 @@ module Aws::CognitoIdentity
     #   resp.identity_pool_id #=> String
     #   resp.identity_pool_name #=> String
     #   resp.allow_unauthenticated_identities #=> Boolean
+    #   resp.allow_classic_flow #=> Boolean
     #   resp.supported_login_providers #=> Hash
     #   resp.supported_login_providers["IdentityProviderName"] #=> String
     #   resp.developer_provider_name #=> String
@@ -787,6 +854,11 @@ module Aws::CognitoIdentity
     #   implications: an attacker could use a leaked token to access your AWS
     #   resources for the token's duration.
     #
+    #   <note markdown="1"> Please provide for a small grace period, usually no more than 5
+    #   minutes, to account for clock skew.
+    #
+    #    </note>
+    #
     # @return [Types::GetOpenIdTokenForDeveloperIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetOpenIdTokenForDeveloperIdentityResponse#identity_id #identity_id} => String
@@ -1163,7 +1235,7 @@ module Aws::CognitoIdentity
     #   The Amazon Resource Name (ARN) of the identity pool to assign the tags
     #   to.
     #
-    # @option params [Hash<String,String>] :tags
+    # @option params [required, Hash<String,String>] :tags
     #   The tags to assign to the identity pool.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1172,7 +1244,7 @@ module Aws::CognitoIdentity
     #
     #   resp = client.tag_resource({
     #     resource_arn: "ARNString", # required
-    #     tags: {
+    #     tags: { # required
     #       "TagKeysType" => "TagValueType",
     #     },
     #   })
@@ -1272,7 +1344,7 @@ module Aws::CognitoIdentity
     #   The Amazon Resource Name (ARN) of the identity pool that the tags are
     #   assigned to.
     #
-    # @option params [Array<String>] :tag_keys
+    # @option params [required, Array<String>] :tag_keys
     #   The keys of the tags to remove from the user pool.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1281,7 +1353,7 @@ module Aws::CognitoIdentity
     #
     #   resp = client.untag_resource({
     #     resource_arn: "ARNString", # required
-    #     tag_keys: ["TagKeysType"],
+    #     tag_keys: ["TagKeysType"], # required
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/UntagResource AWS API Documentation
@@ -1306,6 +1378,15 @@ module Aws::CognitoIdentity
     # @option params [required, Boolean] :allow_unauthenticated_identities
     #   TRUE if the identity pool supports unauthenticated logins.
     #
+    # @option params [Boolean] :allow_classic_flow
+    #   Enables or disables the Basic (Classic) authentication flow. For more
+    #   information, see [Identity Pools (Federated Identities) Authentication
+    #   Flow][1] in the *Amazon Cognito Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html
+    #
     # @option params [Hash<String,String>] :supported_login_providers
     #   Optional key:value pairs mapping provider names to provider app IDs.
     #
@@ -1333,6 +1414,7 @@ module Aws::CognitoIdentity
     #   * {Types::IdentityPool#identity_pool_id #identity_pool_id} => String
     #   * {Types::IdentityPool#identity_pool_name #identity_pool_name} => String
     #   * {Types::IdentityPool#allow_unauthenticated_identities #allow_unauthenticated_identities} => Boolean
+    #   * {Types::IdentityPool#allow_classic_flow #allow_classic_flow} => Boolean
     #   * {Types::IdentityPool#supported_login_providers #supported_login_providers} => Hash&lt;String,String&gt;
     #   * {Types::IdentityPool#developer_provider_name #developer_provider_name} => String
     #   * {Types::IdentityPool#open_id_connect_provider_arns #open_id_connect_provider_arns} => Array&lt;String&gt;
@@ -1346,6 +1428,7 @@ module Aws::CognitoIdentity
     #     identity_pool_id: "IdentityPoolId", # required
     #     identity_pool_name: "IdentityPoolName", # required
     #     allow_unauthenticated_identities: false, # required
+    #     allow_classic_flow: false,
     #     supported_login_providers: {
     #       "IdentityProviderName" => "IdentityProviderId",
     #     },
@@ -1369,6 +1452,7 @@ module Aws::CognitoIdentity
     #   resp.identity_pool_id #=> String
     #   resp.identity_pool_name #=> String
     #   resp.allow_unauthenticated_identities #=> Boolean
+    #   resp.allow_classic_flow #=> Boolean
     #   resp.supported_login_providers #=> Hash
     #   resp.supported_login_providers["IdentityProviderName"] #=> String
     #   resp.developer_provider_name #=> String
@@ -1405,7 +1489,7 @@ module Aws::CognitoIdentity
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentity'
-      context[:gem_version] = '1.17.0'
+      context[:gem_version] = '1.22.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentity/client_api.rb

@@ -17,6 +17,7 @@ module Aws::CognitoIdentity
     AmbiguousRoleResolutionType = Shapes::StringShape.new(name: 'AmbiguousRoleResolutionType')
     ClaimName = Shapes::StringShape.new(name: 'ClaimName')
     ClaimValue = Shapes::StringShape.new(name: 'ClaimValue')
+    ClassicFlow = Shapes::BooleanShape.new(name: 'ClassicFlow')
     CognitoIdentityProvider = Shapes::StructureShape.new(name: 'CognitoIdentityProvider')
     CognitoIdentityProviderClientId = Shapes::StringShape.new(name: 'CognitoIdentityProviderClientId')
     CognitoIdentityProviderList = Shapes::ListShape.new(name: 'CognitoIdentityProviderList')
@@ -126,6 +127,7 @@ module Aws::CognitoIdentity
 
     CreateIdentityPoolInput.add_member(:identity_pool_name, Shapes::ShapeRef.new(shape: IdentityPoolName, required: true, location_name: "IdentityPoolName"))
     CreateIdentityPoolInput.add_member(:allow_unauthenticated_identities, Shapes::ShapeRef.new(shape: IdentityPoolUnauthenticated, required: true, location_name: "AllowUnauthenticatedIdentities"))
+    CreateIdentityPoolInput.add_member(:allow_classic_flow, Shapes::ShapeRef.new(shape: ClassicFlow, location_name: "AllowClassicFlow"))
     CreateIdentityPoolInput.add_member(:supported_login_providers, Shapes::ShapeRef.new(shape: IdentityProviders, location_name: "SupportedLoginProviders"))
     CreateIdentityPoolInput.add_member(:developer_provider_name, Shapes::ShapeRef.new(shape: DeveloperProviderName, location_name: "DeveloperProviderName"))
     CreateIdentityPoolInput.add_member(:open_id_connect_provider_arns, Shapes::ShapeRef.new(shape: OIDCProviderList, location_name: "OpenIdConnectProviderARNs"))
@@ -219,6 +221,7 @@ module Aws::CognitoIdentity
     IdentityPool.add_member(:identity_pool_id, Shapes::ShapeRef.new(shape: IdentityPoolId, required: true, location_name: "IdentityPoolId"))
     IdentityPool.add_member(:identity_pool_name, Shapes::ShapeRef.new(shape: IdentityPoolName, required: true, location_name: "IdentityPoolName"))
     IdentityPool.add_member(:allow_unauthenticated_identities, Shapes::ShapeRef.new(shape: IdentityPoolUnauthenticated, required: true, location_name: "AllowUnauthenticatedIdentities"))
+    IdentityPool.add_member(:allow_classic_flow, Shapes::ShapeRef.new(shape: ClassicFlow, location_name: "AllowClassicFlow"))
     IdentityPool.add_member(:supported_login_providers, Shapes::ShapeRef.new(shape: IdentityProviders, location_name: "SupportedLoginProviders"))
     IdentityPool.add_member(:developer_provider_name, Shapes::ShapeRef.new(shape: DeveloperProviderName, location_name: "DeveloperProviderName"))
     IdentityPool.add_member(:open_id_connect_provider_arns, Shapes::ShapeRef.new(shape: OIDCProviderList, location_name: "OpenIdConnectProviderARNs"))
@@ -345,7 +348,7 @@ module Aws::CognitoIdentity
     SetIdentityPoolRolesInput.struct_class = Types::SetIdentityPoolRolesInput
 
     TagResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ARNString, required: true, location_name: "ResourceArn"))
-    TagResourceInput.add_member(:tags, Shapes::ShapeRef.new(shape: IdentityPoolTagsType, location_name: "Tags"))
+    TagResourceInput.add_member(:tags, Shapes::ShapeRef.new(shape: IdentityPoolTagsType, required: true, location_name: "Tags"))
     TagResourceInput.struct_class = Types::TagResourceInput
 
     TagResourceResponse.struct_class = Types::TagResourceResponse
@@ -371,7 +374,7 @@ module Aws::CognitoIdentity
     UnprocessedIdentityIdList.member = Shapes::ShapeRef.new(shape: UnprocessedIdentityId)
 
     UntagResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ARNString, required: true, location_name: "ResourceArn"))
-    UntagResourceInput.add_member(:tag_keys, Shapes::ShapeRef.new(shape: IdentityPoolTagsListType, location_name: "TagKeys"))
+    UntagResourceInput.add_member(:tag_keys, Shapes::ShapeRef.new(shape: IdentityPoolTagsListType, required: true, location_name: "TagKeys"))
     UntagResourceInput.struct_class = Types::UntagResourceInput
 
     UntagResourceResponse.struct_class = Types::UntagResourceResponse

data/lib/aws-sdk-cognitoidentity/customizations.rb

@@ -1,7 +1 @@
-# WARNING ABOUT GENERATED CODE
-#
-# This file is generated. See the contributing for info on making contributions:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
-#
-# WARNING ABOUT GENERATED CODE
-
+require 'aws-sdk-cognitoidentity/customizations/cognito_identity_credentials'

data/lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb

@@ -0,0 +1,132 @@
+require 'set'
+require 'securerandom'
+require 'base64'
+
+module Aws
+  module CognitoIdentity
+    # An auto-refreshing credential provider that
+    # represents credentials retrieved from STS Web Identity Federation using
+    # the Amazon Cognito Identity service.
+    #
+    # This provider gets credentials using the
+    # {Client.get_credentials_for_identity} service operation, which
+    # requires either an `identity_id` or an `identity_pool_id` (Amazon Cognito
+    # Identity Pool ID), which is used to call {Client.get_id} to
+    # obtain an `identity_id` automatically.
+    #
+    # In addition, if this credential provider is used to provide authenticated
+    # login, the `logins` map may be set to the tokens provided by the
+    # respective identity providers. See {#initialize} for an example on
+    # creating a credentials object with proper property values.
+    #
+    # ## Refreshing Credentials from Identity Service
+    #
+    # The CognitoIdentityCredentials will auto-refresh the AWS credentials from
+    # Cognito.  In addition to AWS credentials expiring after a given amount of
+    # time, the login token from the identity provider will also expire.
+    # Once this token expires, it will not be usable to refresh AWS credentials,
+    # and another token will be needed. The SDK does not manage refreshing of
+    # the token value, but this can be done through a "refresh token"
+    # supported by most identity providers. Consult the documentation for
+    # the identity provider for refreshing tokens. Once the refreshed token is
+    # acquired, you should make sure to update this new token in the
+    # CognitoIdentityCredentials object's {logins} property. The following
+    # code will update the WebIdentityToken, assuming you have retrieved
+    # an updated token from the identity provider:
+    #
+    #     AWS.config.credentials.logins['graph.facebook.com'] = updatedToken;
+    #     AWS.config.credentials.refresh!  # required only if authentication state has changed
+    #
+    # The CognitoIdentityCredentials also provides a `before_refresh` callback
+    # that can be used to help manage refreshing identity provider tokens.
+    # `before_refresh` is called when AWS credentials are required and need
+    # to be refreshed and it has access to the CognitoIdentityCredentials object.
+    class CognitoIdentityCredentials
+
+      include CredentialProvider
+      include RefreshingCredentials
+
+      # @param [Hash] options
+      # @option options [String] :identity_id the Cognito identity_id.  Required
+      #   unless identity_pool_id is given. A unique
+      #   identifier in the format REGION:GUID
+      #
+      # @option options [String] :identity_pool_id Required unless identity_id
+      #   is provided. A Amazon Cognito
+      #   Identity Pool ID)in the format REGION:GUID.
+      #
+      # @option options [Hash<String,String>] :logins A set of optional
+      #   name-value pairs that map provider names to provider tokens.
+      #   The name-value pair will follow the syntax
+      #   "provider_name": "provider_user_identifier".
+      #
+      # @option options [String] :custom_role_arn  The Amazon Resource
+      #   Name (ARN) of the role to be assumed when multiple roles were received
+      #   in the token from the identity provider. For example, a SAML-based
+      #   identity provider. This parameter is optional for identity providers
+      #   that do not support role customization.
+      #
+      # @option options [Callable] before_refresh Proc called before
+      #   credentials are refreshed from Cognito.  Useful for updating logins/
+      #   auth tokens. `before_refresh` is called when AWS credentials are
+      #   required and need to be refreshed. Login tokens can be refreshed using
+      #   the following example:
+      #
+      #      before_refresh = Proc.new do |cognito_credentials| do
+      #        cognito_credentials.logins['graph.facebook.com'] = update_token
+      #      end
+      #
+      # @option options [STS::CognitoIdentity] :client Optional CognitoIdentity
+      #   client. If not provided, a client will be constructed.
+      def initialize(options = {})
+        @identity_pool_id = options.delete(:identity_pool_id)
+        @identity_id = options.delete(:identity_id)
+        @custom_role_arn = options.delete(:custom_role_arn)
+        @logins = options.delete(:logins) || {}
+        @before_refresh = options.delete(:before_refresh)
+
+        if !@identity_pool_id && !@identity_id
+          raise ArgumentError,
+                'Must provide either identity_pool_id or identity_id'
+        end
+
+        @client = options[:client] || CognitoIdentity::Client.new(
+          options.merge(credentials: false)
+        )
+        super
+      end
+
+      # @return [CognitoIdentity::Client]
+      attr_reader :client
+
+      # @return [Hash<String,String>]
+      attr_accessor :logins
+
+      # @return [String]
+      def identity_id
+        @identity_id ||= @client
+                         .get_id(identity_pool_id: @identity_pool_id)
+                         .identity_id
+      end
+
+      private
+
+      def refresh
+        @before_refresh.call(self) if @before_refresh
+
+        resp = @client.get_credentials_for_identity(
+          identity_id: identity_id,
+          custom_role_arn: @custom_role_arn
+        )
+
+        @credentials = Credentials.new(
+          resp.credentials.access_key_id,
+          resp.credentials.secret_key,
+          resp.credentials.session_token
+        )
+        @expiration = resp.credentials.expiration
+      end
+    end
+  end
+end
+

data/lib/aws-sdk-cognitoidentity/errors.rb

@@ -6,6 +6,39 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::CognitoIdentity
+
+  # When CognitoIdentity returns an error response, the Ruby SDK constructs and raises an error.
+  # These errors all extend Aws::CognitoIdentity::Errors::ServiceError < {Aws::Errors::ServiceError}
+  #
+  # You can rescue all CognitoIdentity errors using ServiceError:
+  #
+  #     begin
+  #       # do stuff
+  #     rescue Aws::CognitoIdentity::Errors::ServiceError
+  #       # rescues all CognitoIdentity API errors
+  #     end
+  #
+  #
+  # ## Request Context
+  # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
+  # information about the request that generated the error.
+  # See {Seahorse::Client::RequestContext} for more information.
+  #
+  # ## Error Classes
+  # * {ConcurrentModificationException}
+  # * {DeveloperUserAlreadyRegisteredException}
+  # * {ExternalServiceException}
+  # * {InternalErrorException}
+  # * {InvalidIdentityPoolConfigurationException}
+  # * {InvalidParameterException}
+  # * {LimitExceededException}
+  # * {NotAuthorizedException}
+  # * {ResourceConflictException}
+  # * {ResourceNotFoundException}
+  # * {TooManyRequestsException}
+  #
+  # Additionally, error classes are dynamically generated for service errors based on the error code
+  # if they are not defined above.
   module Errors
 
     extend Aws::Errors::DynamicErrors
@@ -23,7 +56,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class DeveloperUserAlreadyRegisteredException < ServiceError
@@ -39,7 +71,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class ExternalServiceException < ServiceError
@@ -55,7 +86,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class InternalErrorException < ServiceError
@@ -71,7 +101,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidIdentityPoolConfigurationException < ServiceError
@@ -87,7 +116,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidParameterException < ServiceError
@@ -103,7 +131,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class LimitExceededException < ServiceError
@@ -119,7 +146,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class NotAuthorizedException < ServiceError
@@ -135,7 +161,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class ResourceConflictException < ServiceError
@@ -151,7 +176,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class ResourceNotFoundException < ServiceError
@@ -167,7 +191,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
     class TooManyRequestsException < ServiceError
@@ -183,7 +206,6 @@ module Aws::CognitoIdentity
       def message
         @message || @data[:message]
       end
-
     end
 
   end

data/lib/aws-sdk-cognitoidentity/resource.rb

@@ -6,6 +6,7 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::CognitoIdentity
+
   class Resource
 
     # @param options ({})

data/lib/aws-sdk-cognitoidentity/types.rb

@@ -72,6 +72,7 @@ module Aws::CognitoIdentity
     #       {
     #         identity_pool_name: "IdentityPoolName", # required
     #         allow_unauthenticated_identities: false, # required
+    #         allow_classic_flow: false,
     #         supported_login_providers: {
     #           "IdentityProviderName" => "IdentityProviderId",
     #         },
@@ -98,6 +99,16 @@ module Aws::CognitoIdentity
     #   TRUE if the identity pool supports unauthenticated logins.
     #   @return [Boolean]
     #
+    # @!attribute [rw] allow_classic_flow
+    #   Enables or disables the Basic (Classic) authentication flow. For
+    #   more information, see [Identity Pools (Federated Identities)
+    #   Authentication Flow][1] in the *Amazon Cognito Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html
+    #   @return [Boolean]
+    #
     # @!attribute [rw] supported_login_providers
     #   Optional key:value pairs mapping provider names to provider app IDs.
     #   @return [Hash<String,String>]
@@ -137,6 +148,7 @@ module Aws::CognitoIdentity
     class CreateIdentityPoolInput < Struct.new(
       :identity_pool_name,
       :allow_unauthenticated_identities,
+      :allow_classic_flow,
       :supported_login_providers,
       :developer_provider_name,
       :open_id_connect_provider_arns,
@@ -523,6 +535,11 @@ module Aws::CognitoIdentity
     #   in setting the expiration time for a token, as there are significant
     #   security implications: an attacker could use a leaked token to
     #   access your AWS resources for the token's duration.
+    #
+    #   <note markdown="1"> Please provide for a small grace period, usually no more than 5
+    #   minutes, to account for clock skew.
+    #
+    #    </note>
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/GetOpenIdTokenForDeveloperIdentityInput AWS API Documentation
@@ -642,6 +659,7 @@ module Aws::CognitoIdentity
     #         identity_pool_id: "IdentityPoolId", # required
     #         identity_pool_name: "IdentityPoolName", # required
     #         allow_unauthenticated_identities: false, # required
+    #         allow_classic_flow: false,
     #         supported_login_providers: {
     #           "IdentityProviderName" => "IdentityProviderId",
     #         },
@@ -672,6 +690,16 @@ module Aws::CognitoIdentity
     #   TRUE if the identity pool supports unauthenticated logins.
     #   @return [Boolean]
     #
+    # @!attribute [rw] allow_classic_flow
+    #   Enables or disables the Basic (Classic) authentication flow. For
+    #   more information, see [Identity Pools (Federated Identities)
+    #   Authentication Flow][1] in the *Amazon Cognito Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html
+    #   @return [Boolean]
+    #
     # @!attribute [rw] supported_login_providers
     #   Optional key:value pairs mapping provider names to provider app IDs.
     #   @return [Hash<String,String>]
@@ -706,6 +734,7 @@ module Aws::CognitoIdentity
       :identity_pool_id,
       :identity_pool_name,
       :allow_unauthenticated_identities,
+      :allow_classic_flow,
       :supported_login_providers,
       :developer_provider_name,
       :open_id_connect_provider_arns,
@@ -1296,7 +1325,7 @@ module Aws::CognitoIdentity
     #
     #       {
     #         resource_arn: "ARNString", # required
-    #         tags: {
+    #         tags: { # required
     #           "TagKeysType" => "TagValueType",
     #         },
     #       }
@@ -1433,7 +1462,7 @@ module Aws::CognitoIdentity
     #
     #       {
     #         resource_arn: "ARNString", # required
-    #         tag_keys: ["TagKeysType"],
+    #         tag_keys: ["TagKeysType"], # required
     #       }
     #
     # @!attribute [rw] resource_arn

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentity
 version: !ruby/object:Gem::Version
-  version: 1.17.0
+  version: 1.22.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-23 00:00:00.000000000 Z
+date: 2020-05-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -56,6 +56,7 @@ files:
 - lib/aws-sdk-cognitoidentity/client.rb
 - lib/aws-sdk-cognitoidentity/client_api.rb
 - lib/aws-sdk-cognitoidentity/customizations.rb
+- lib/aws-sdk-cognitoidentity/customizations/cognito_identity_credentials.rb
 - lib/aws-sdk-cognitoidentity/errors.rb
 - lib/aws-sdk-cognitoidentity/resource.rb
 - lib/aws-sdk-cognitoidentity/types.rb
@@ -81,7 +82,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2.3
+rubygems_version: 2.7.6.2
 signing_key: 
 specification_version: 4
 summary: AWS SDK for Ruby - Amazon Cognito Identity