aws-sdk-cognitoidentityprovider 1.0.0.rc6 → 1.0.0.rc7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 056acf1b44db001009287e2b25a5d2422fd26d6e
4
- data.tar.gz: 40eede898c85fab1eacb1064e5812b55ff02074f
3
+ metadata.gz: 750b22714a9ea4fa8c5ada4ffa3a9844da149ed0
4
+ data.tar.gz: edb8d892f2bfe3d74a08a29fdab02a0e99dbbe55
5
5
  SHA512:
6
- metadata.gz: 29d8b015abde1018affd716cf5d4adfae9c7498d75036638d994a7441aff6e3a0fc0bc7ee171ab0461f4034422c1873b4b6ed834782cf4b2c59042eed56f2a69
7
- data.tar.gz: ddd1b29af3a4d8a32a84cf61a2ed608ba6d61b3996b526ffb71038d629264b4afeffe4301d5289d34f34420d591c206d8b29c2842e3d8ef74cdbb50bc1ed36cb
6
+ metadata.gz: fd55e9d835302ed5f3d9d073b7fe130be86d690344f364a1903cadd75c4244a0313fd698f5945c99f4031f37efca42b6a3c48afe56e02c67ff64df109d5c2973
7
+ data.tar.gz: 4957b7e60e460564484562798a0f78e30f8935302cd7c3fad7a14d2894629a85a02af1c7714563f5faac4ea44a66ba02a1329086e3db9b04d053524caa12358c
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
42
42
  # @service
43
43
  module Aws::CognitoIdentityProvider
44
44
 
45
- GEM_VERSION = '1.0.0.rc6'
45
+ GEM_VERSION = '1.0.0.rc7'
46
46
 
47
47
  end
@@ -261,9 +261,11 @@ module Aws::CognitoIdentityProvider
261
261
 
262
262
  # Creates a new user in the specified user pool and sends a welcome
263
263
  # message via email or phone (SMS). This message is based on a template
264
- # that you configured in your call to CreateUserPool or UpdateUserPool.
265
- # This template includes your custom sign-up instructions and
266
- # placeholders for user name and temporary password.
264
+ # that you configured in your call to
265
+ # [CreateUserPool](API_CreateUserPool.html) or
266
+ # [UpdateUserPool](API_UpdateUserPool.html). This template includes your
267
+ # custom sign-up instructions and placeholders for user name and
268
+ # temporary password.
267
269
  #
268
270
  # Requires developer credentials.
269
271
  #
@@ -278,31 +280,35 @@ module Aws::CognitoIdentityProvider
278
280
  # @option params [Array<Types::AttributeType>] :user_attributes
279
281
  # An array of name-value pairs that contain user attributes and
280
282
  # attribute values to be set for the user to be created. You can create
281
- # a user without specifying any attributes other than Username. However,
282
- # any attributes that you specify as required (in CreateUserPool or in
283
- # the **Attributes** tab of the console) must be supplied either by you
284
- # (in your call to AdminCreateUser) or by the user (when he or she signs
285
- # up in response to your welcome message).
283
+ # a user without specifying any attributes other than `Username`.
284
+ # However, any attributes that you specify as required (in
285
+ # [CreateUserPool](API_CreateUserPool.html) or in the **Attributes** tab
286
+ # of the console) must be supplied either by you (in your call to
287
+ # `AdminCreateUser`) or by the user (when he or she signs up in response
288
+ # to your welcome message).
289
+ #
290
+ # For custom attributes, you must prepend the `custom:` prefix to the
291
+ # attribute name.
286
292
  #
287
293
  # To send a message inviting the user to sign up, you must specify the
288
294
  # user's email address or phone number. This can be done in your call
289
295
  # to AdminCreateUser or in the **Users** tab of the Amazon Cognito
290
296
  # console for managing your user pools.
291
297
  #
292
- # In your call to AdminCreateUser, you can set the email\_verified
293
- # attribute to True, and you can set the phone\_number\_verified
294
- # attribute to True. (You cannot do this by calling other operations
295
- # such as AdminUpdateUserAttributes.)
298
+ # In your call to `AdminCreateUser`, you can set the `email_verified`
299
+ # attribute to `True`, and you can set the `phone_number_verified`
300
+ # attribute to `True`. (You can also do this by calling
301
+ # [AdminUpdateUserAttributes](API_AdminUpdateUserAttributes.html).)
296
302
  #
297
303
  # * **email**\: The email address of the user to whom the message that
298
304
  # contains the code and username will be sent. Required if the
299
- # email\_verified attribute is set to True, or if "EMAIL" is
300
- # specified in the DesiredDeliveryMediums parameter.
305
+ # `email_verified` attribute is set to `True`, or if `"EMAIL"` is
306
+ # specified in the `DesiredDeliveryMediums` parameter.
301
307
  #
302
308
  # * **phone\_number**\: The phone number of the user to whom the message
303
309
  # that contains the code and username will be sent. Required if the
304
- # phone\_number\_verified attribute is set to True, or if "SMS" is
305
- # specified in the DesiredDeliveryMediums parameter.
310
+ # `phone_number_verified` attribute is set to `True`, or if `"SMS"` is
311
+ # specified in the `DesiredDeliveryMediums` parameter.
306
312
  #
307
313
  # @option params [Array<Types::AttributeType>] :validation_data
308
314
  # The user's validation data. This is an array of name-value pairs that
@@ -332,33 +338,34 @@ module Aws::CognitoIdentityProvider
332
338
  #
333
339
  # The temporary password can only be used until the user account
334
340
  # expiration limit that you specified when you created the user pool. To
335
- # reset the account after that time limit, you must call AdminCreateUser
336
- # again, specifying "RESEND" for the MessageAction parameter.
341
+ # reset the account after that time limit, you must call
342
+ # `AdminCreateUser` again, specifying `"RESEND"` for the `MessageAction`
343
+ # parameter.
337
344
  #
338
345
  # @option params [Boolean] :force_alias_creation
339
- # This parameter is only used if the phone\_number\_verified or
340
- # email\_verified attribute is set to True. Otherwise, it is ignored.
346
+ # This parameter is only used if the `phone_number_verified` or
347
+ # `email_verified` attribute is set to `True`. Otherwise, it is ignored.
341
348
  #
342
- # If this parameter is set to True and the phone number or email address
343
- # specified in the UserAttributes parameter already exists as an alias
344
- # with a different user, the API call will migrate the alias from the
345
- # previous user to the newly created user. The previous user will no
349
+ # If this parameter is set to `True` and the phone number or email
350
+ # address specified in the UserAttributes parameter already exists as an
351
+ # alias with a different user, the API call will migrate the alias from
352
+ # the previous user to the newly created user. The previous user will no
346
353
  # longer be able to log in using that alias.
347
354
  #
348
- # If this parameter is set to False, the API throws an
349
- # AliasExistsException error if the alias already exists. The default
350
- # value is False.
355
+ # If this parameter is set to `False`, the API throws an
356
+ # `AliasExistsException` error if the alias already exists. The default
357
+ # value is `False`.
351
358
  #
352
359
  # @option params [String] :message_action
353
- # Set to "RESEND" to resend the invitation message to a user that
360
+ # Set to `"RESEND"` to resend the invitation message to a user that
354
361
  # already exists and reset the expiration limit on the user's account.
355
- # Set to "SUPPRESS" to suppress sending the message. Only one value
362
+ # Set to `"SUPPRESS"` to suppress sending the message. Only one value
356
363
  # can be specified.
357
364
  #
358
365
  # @option params [Array<String>] :desired_delivery_mediums
359
- # Specify "EMAIL" if email will be used to send the welcome message.
360
- # Specify "SMS" if the phone number will be used. The default value is
361
- # "SMS". More than one value can be specified.
366
+ # Specify `"EMAIL"` if email will be used to send the welcome message.
367
+ # Specify `"SMS"` if the phone number will be used. The default value is
368
+ # `"SMS"`. More than one value can be specified.
362
369
  #
363
370
  # @return [Types::AdminCreateUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
364
371
  #
@@ -455,6 +462,9 @@ module Aws::CognitoIdentityProvider
455
462
  # An array of strings representing the user attribute names you wish to
456
463
  # delete.
457
464
  #
465
+ # For custom attributes, you must prepend the `custom:` prefix to the
466
+ # attribute name.
467
+ #
458
468
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
459
469
  #
460
470
  # @example Request syntax with placeholder values
@@ -510,7 +520,7 @@ module Aws::CognitoIdentityProvider
510
520
  # The user pool ID for the user pool where you want to enable the user.
511
521
  #
512
522
  # @option params [required, String] :username
513
- # The user name of the user you wish to ebable.
523
+ # The user name of the user you wish to enable.
514
524
  #
515
525
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
516
526
  #
@@ -666,16 +676,57 @@ module Aws::CognitoIdentityProvider
666
676
  # The ID of the Amazon Cognito user pool.
667
677
  #
668
678
  # @option params [required, String] :client_id
669
- # The client app ID.
679
+ # The app client ID.
670
680
  #
671
681
  # @option params [required, String] :auth_flow
672
- # The authentication flow.
682
+ # The authentication flow for this call to execute. The API action will
683
+ # depend on this value. For example:
684
+ #
685
+ # * `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
686
+ # new tokens.
687
+ #
688
+ # * `USER_SRP_AUTH` will take in `USERNAME` and `SRPA` and return the
689
+ # SRP variables to be used for next challenge execution.
690
+ #
691
+ # Valid values include:
692
+ #
693
+ # * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
694
+ # (SRP) protocol.
695
+ #
696
+ # * `REFRESH_TOKEN_AUTH`/`REFRESH_TOKEN`\: Authentication flow for
697
+ # refreshing the access token and ID token by supplying a valid
698
+ # refresh token.
699
+ #
700
+ # * `CUSTOM_AUTH`\: Custom authentication flow.
701
+ #
702
+ # * `ADMIN_NO_SRP_AUTH`\: Non-SRP authentication flow; you can pass in
703
+ # the USERNAME and PASSWORD directly if the flow is enabled for
704
+ # calling the app client.
673
705
  #
674
706
  # @option params [Hash<String,String>] :auth_parameters
675
- # The authentication parameters.
707
+ # The authentication parameters. These are inputs corresponding to the
708
+ # `AuthFlow` that you are invoking. The required values depend on the
709
+ # value of `AuthFlow`\:
710
+ #
711
+ # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRPA` (required),
712
+ # `SECRET_HASH` (required if the app client is configured with a
713
+ # client secret), `DEVICE_KEY`
714
+ #
715
+ # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
716
+ # `SECRET_HASH` (required if the app client is configured with a
717
+ # client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
718
+ #
719
+ # * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
720
+ # app client is configured with client secret), `PASSWORD` (required),
721
+ # `DEVICE_KEY`
722
+ #
723
+ # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
724
+ # client is configured with client secret), `DEVICE_KEY`
676
725
  #
677
726
  # @option params [Hash<String,String>] :client_metadata
678
- # The client app metadata.
727
+ # This is a random key-value pair map which can contain any key and will
728
+ # be passed to your PreAuthentication Lambda trigger as-is. It can be
729
+ # used to implement additional validations around authentication.
679
730
  #
680
731
  # @return [Types::AdminInitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
681
732
  #
@@ -906,16 +957,43 @@ module Aws::CognitoIdentityProvider
906
957
  # The ID of the Amazon Cognito user pool.
907
958
  #
908
959
  # @option params [required, String] :client_id
909
- # The client ID.
960
+ # The app client ID.
910
961
  #
911
962
  # @option params [required, String] :challenge_name
912
- # The name of the challenge.
963
+ # The challenge name. For more information, see
964
+ # [AdminInitiateAuth](API_AdminInitiateAuth.html).
913
965
  #
914
966
  # @option params [Hash<String,String>] :challenge_responses
915
- # The challenge response.
967
+ # The challenge responses. These are inputs corresponding to the value
968
+ # of `ChallengeName`, for example:
969
+ #
970
+ # * `SMS_MFA`\: `SMS_MFA_CODE`, `USERNAME`, `SECRET_HASH` (if app client
971
+ # is configured with client secret).
972
+ #
973
+ # * `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
974
+ # `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`,
975
+ # `SECRET_HASH` (if app client is configured with client secret).
976
+ #
977
+ # * `ADMIN_NO_SRP_AUTH`\: `PASSWORD`, `USERNAME`, `SECRET_HASH` (if app
978
+ # client is configured with client secret).
979
+ #
980
+ # * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
981
+ # attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
982
+ # with client secret).
983
+ #
984
+ # The value of the `USERNAME` attribute must be the user's actual
985
+ # username, not an alias (such as email address or phone number). To
986
+ # make this easier, the `AdminInitiateAuth` response includes the actual
987
+ # username value in the `USERNAMEUSER_ID_FOR_SRP` attribute, even if you
988
+ # specified an alias in your call to `AdminInitiateAuth`.
916
989
  #
917
990
  # @option params [String] :session
918
- # The session.
991
+ # The session which should be passed both ways in challenge-response
992
+ # calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
993
+ # API call determines that the caller needs to go through another
994
+ # challenge, they return a session with other challenge parameters. This
995
+ # session should be passed as it is to the next `RespondToAuthChallenge`
996
+ # API call.
919
997
  #
920
998
  # @return [Types::AdminRespondToAuthChallengeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
921
999
  #
@@ -1003,7 +1081,7 @@ module Aws::CognitoIdentityProvider
1003
1081
  # Requires developer credentials.
1004
1082
  #
1005
1083
  # @option params [required, String] :user_pool_id
1006
- # The user pool ID&gt;
1084
+ # The user pool ID.
1007
1085
  #
1008
1086
  # @option params [required, String] :username
1009
1087
  # The user name.
@@ -1037,6 +1115,12 @@ module Aws::CognitoIdentityProvider
1037
1115
  # Updates the specified user's attributes, including developer
1038
1116
  # attributes, as an administrator. Works on any user.
1039
1117
  #
1118
+ # For custom attributes, you must prepend the `custom:` prefix to the
1119
+ # attribute name.
1120
+ #
1121
+ # In addition to updating user attributes, this API can also be used to
1122
+ # mark phone and email as verified.
1123
+ #
1040
1124
  # Requires developer credentials.
1041
1125
  #
1042
1126
  # @option params [required, String] :user_pool_id
@@ -1049,6 +1133,9 @@ module Aws::CognitoIdentityProvider
1049
1133
  # @option params [required, Array<Types::AttributeType>] :user_attributes
1050
1134
  # An array of name-value pairs representing user attributes.
1051
1135
  #
1136
+ # For custom attributes, you must prepend the `custom:` prefix to the
1137
+ # attribute name.
1138
+ #
1052
1139
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1053
1140
  #
1054
1141
  # @example Request syntax with placeholder values
@@ -1109,7 +1196,7 @@ module Aws::CognitoIdentityProvider
1109
1196
  # @option params [required, String] :proposed_password
1110
1197
  # The new password in the change password request.
1111
1198
  #
1112
- # @option params [String] :access_token
1199
+ # @option params [required, String] :access_token
1113
1200
  # The access token in the change password request.
1114
1201
  #
1115
1202
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1119,7 +1206,7 @@ module Aws::CognitoIdentityProvider
1119
1206
  # resp = client.change_password({
1120
1207
  # previous_password: "PasswordType", # required
1121
1208
  # proposed_password: "PasswordType", # required
1122
- # access_token: "TokenModelType",
1209
+ # access_token: "TokenModelType", # required
1123
1210
  # })
1124
1211
  #
1125
1212
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ChangePassword AWS API Documentation
@@ -1131,7 +1218,7 @@ module Aws::CognitoIdentityProvider
1131
1218
  req.send_request(options)
1132
1219
  end
1133
1220
 
1134
- # Confirms tracking of the device. This API call is the call that beings
1221
+ # Confirms tracking of the device. This API call is the call that begins
1135
1222
  # device tracking.
1136
1223
  #
1137
1224
  # @option params [required, String] :access_token
@@ -1175,8 +1262,8 @@ module Aws::CognitoIdentityProvider
1175
1262
  req.send_request(options)
1176
1263
  end
1177
1264
 
1178
- # Allows a user to enter a code provided when they reset their password
1179
- # to update their password.
1265
+ # Allows a user to enter a confirmation code to reset a forgotten
1266
+ # password.
1180
1267
  #
1181
1268
  # @option params [required, String] :client_id
1182
1269
  # The ID of the client associated with the user pool.
@@ -1192,10 +1279,11 @@ module Aws::CognitoIdentityProvider
1192
1279
  #
1193
1280
  # @option params [required, String] :confirmation_code
1194
1281
  # The confirmation code sent by a user's request to retrieve a
1195
- # forgotten password.
1282
+ # forgotten password. For more information, see
1283
+ # [ForgotPassword](API_ForgotPassword.html)
1196
1284
  #
1197
1285
  # @option params [required, String] :password
1198
- # The password sent by sent by a user's request to retrieve a forgotten
1286
+ # The password sent by a user's request to retrieve a forgotten
1199
1287
  # password.
1200
1288
  #
1201
1289
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1239,11 +1327,11 @@ module Aws::CognitoIdentityProvider
1239
1327
  #
1240
1328
  # @option params [Boolean] :force_alias_creation
1241
1329
  # Boolean to be specified to force user confirmation irrespective of
1242
- # existing alias. By default set to False. If this parameter is set to
1243
- # True and the phone number/email used for sign up confirmation already
1244
- # exists as an alias with a different user, the API call will migrate
1245
- # the alias from the previous user to the newly created user being
1246
- # confirmed. If set to False, the API will throw an
1330
+ # existing alias. By default set to `False`. If this parameter is set to
1331
+ # `True` and the phone number/email used for sign up confirmation
1332
+ # already exists as an alias with a different user, the API call will
1333
+ # migrate the alias from the previous user to the newly created user
1334
+ # being confirmed. If set to `False`, the API will throw an
1247
1335
  # **AliasExistsException** error.
1248
1336
  #
1249
1337
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1335,6 +1423,70 @@ module Aws::CognitoIdentityProvider
1335
1423
  req.send_request(options)
1336
1424
  end
1337
1425
 
1426
+ # Creates an identity provider for a user pool.
1427
+ #
1428
+ # @option params [required, String] :user_pool_id
1429
+ # The user pool ID.
1430
+ #
1431
+ # @option params [required, String] :provider_name
1432
+ # The identity provider name.
1433
+ #
1434
+ # @option params [required, String] :provider_type
1435
+ # The identity provider type.
1436
+ #
1437
+ # @option params [required, Hash<String,String>] :provider_details
1438
+ # The identity provider details, such as `MetadataURL` and
1439
+ # `MetadataFile`.
1440
+ #
1441
+ # @option params [Hash<String,String>] :attribute_mapping
1442
+ # A mapping of identity provider attributes to standard and custom user
1443
+ # pool attributes.
1444
+ #
1445
+ # @option params [Array<String>] :idp_identifiers
1446
+ # A list of identity provider identifiers.
1447
+ #
1448
+ # @return [Types::CreateIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1449
+ #
1450
+ # * {Types::CreateIdentityProviderResponse#identity_provider #identity_provider} => Types::IdentityProviderType
1451
+ #
1452
+ # @example Request syntax with placeholder values
1453
+ #
1454
+ # resp = client.create_identity_provider({
1455
+ # user_pool_id: "UserPoolIdType", # required
1456
+ # provider_name: "ProviderNameType", # required
1457
+ # provider_type: "SAML", # required, accepts SAML
1458
+ # provider_details: { # required
1459
+ # "StringType" => "StringType",
1460
+ # },
1461
+ # attribute_mapping: {
1462
+ # "CustomAttributeNameType" => "StringType",
1463
+ # },
1464
+ # idp_identifiers: ["IdpIdentifierType"],
1465
+ # })
1466
+ #
1467
+ # @example Response structure
1468
+ #
1469
+ # resp.identity_provider.user_pool_id #=> String
1470
+ # resp.identity_provider.provider_name #=> String
1471
+ # resp.identity_provider.provider_type #=> String, one of "SAML"
1472
+ # resp.identity_provider.provider_details #=> Hash
1473
+ # resp.identity_provider.provider_details["StringType"] #=> String
1474
+ # resp.identity_provider.attribute_mapping #=> Hash
1475
+ # resp.identity_provider.attribute_mapping["CustomAttributeNameType"] #=> String
1476
+ # resp.identity_provider.idp_identifiers #=> Array
1477
+ # resp.identity_provider.idp_identifiers[0] #=> String
1478
+ # resp.identity_provider.last_modified_date #=> Time
1479
+ # resp.identity_provider.creation_date #=> Time
1480
+ #
1481
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateIdentityProvider AWS API Documentation
1482
+ #
1483
+ # @overload create_identity_provider(params = {})
1484
+ # @param [Hash] params ({})
1485
+ def create_identity_provider(params = {}, options = {})
1486
+ req = build_request(:create_identity_provider, params)
1487
+ req.send_request(options)
1488
+ end
1489
+
1338
1490
  # Creates the user import job.
1339
1491
  #
1340
1492
  # @option params [required, String] :job_name
@@ -1438,7 +1590,7 @@ module Aws::CognitoIdentityProvider
1438
1590
  # [1]: http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
1439
1591
  #
1440
1592
  # @option params [Types::AdminCreateUserConfigType] :admin_create_user_config
1441
- # The configuration for AdminCreateUser requests.
1593
+ # The configuration for `AdminCreateUser` requests.
1442
1594
  #
1443
1595
  # @option params [Array<Types::SchemaAttributeType>] :schema
1444
1596
  # An array of schema attributes for the new user pool. These attributes
@@ -1600,7 +1752,8 @@ module Aws::CognitoIdentityProvider
1600
1752
  # pool client being created.
1601
1753
  #
1602
1754
  # @option params [Integer] :refresh_token_validity
1603
- # The validity of the refresh token, in days.
1755
+ # The time limit, in days, after which the refresh token is no longer
1756
+ # valid and cannot be used.
1604
1757
  #
1605
1758
  # @option params [Array<String>] :read_attributes
1606
1759
  # The read attributes.
@@ -1611,6 +1764,35 @@ module Aws::CognitoIdentityProvider
1611
1764
  # @option params [Array<String>] :explicit_auth_flows
1612
1765
  # The explicit authentication flows.
1613
1766
  #
1767
+ # @option params [Array<String>] :supported_identity_providers
1768
+ # A list of provider names for the identity providers that are supported
1769
+ # on this client.
1770
+ #
1771
+ # @option params [Array<String>] :callback_urls
1772
+ # A list of allowed callback URLs for the identity providers.
1773
+ #
1774
+ # @option params [Array<String>] :logout_urls
1775
+ # A list of allowed logout URLs for the identity providers.
1776
+ #
1777
+ # @option params [String] :default_redirect_uri
1778
+ # The default redirect URI. Must be in the `CallbackURLs` list.
1779
+ #
1780
+ # @option params [Array<String>] :allowed_o_auth_flows
1781
+ # Set to `code` to initiate a code grant flow, which provides an
1782
+ # authorization code as the response. This code can be exchanged for
1783
+ # access tokens with the token endpoint.
1784
+ #
1785
+ # Set to `token` to specify that the client should get the access token
1786
+ # (and, optionally, ID token, based on scopes) directly.
1787
+ #
1788
+ # @option params [Array<String>] :allowed_o_auth_scopes
1789
+ # A list of allowed `OAuth` scopes. Currently supported values are
1790
+ # `"phone"`, `"email"`, `"openid"`, and `"Cognito"`.
1791
+ #
1792
+ # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
1793
+ # Set to `True` if the client is allowed to follow the OAuth protocol
1794
+ # when interacting with Cognito user pools.
1795
+ #
1614
1796
  # @return [Types::CreateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1615
1797
  #
1616
1798
  # * {Types::CreateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -1625,6 +1807,13 @@ module Aws::CognitoIdentityProvider
1625
1807
  # read_attributes: ["ClientPermissionType"],
1626
1808
  # write_attributes: ["ClientPermissionType"],
1627
1809
  # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
1810
+ # supported_identity_providers: ["ProviderNameType"],
1811
+ # callback_urls: ["RedirectUrlType"],
1812
+ # logout_urls: ["RedirectUrlType"],
1813
+ # default_redirect_uri: "RedirectUrlType",
1814
+ # allowed_o_auth_flows: ["code"], # accepts code, implicit, client_credentials
1815
+ # allowed_o_auth_scopes: ["ScopeType"],
1816
+ # allowed_o_auth_flows_user_pool_client: false,
1628
1817
  # })
1629
1818
  #
1630
1819
  # @example Response structure
@@ -1642,6 +1831,18 @@ module Aws::CognitoIdentityProvider
1642
1831
  # resp.user_pool_client.write_attributes[0] #=> String
1643
1832
  # resp.user_pool_client.explicit_auth_flows #=> Array
1644
1833
  # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
1834
+ # resp.user_pool_client.supported_identity_providers #=> Array
1835
+ # resp.user_pool_client.supported_identity_providers[0] #=> String
1836
+ # resp.user_pool_client.callback_urls #=> Array
1837
+ # resp.user_pool_client.callback_urls[0] #=> String
1838
+ # resp.user_pool_client.logout_urls #=> Array
1839
+ # resp.user_pool_client.logout_urls[0] #=> String
1840
+ # resp.user_pool_client.default_redirect_uri #=> String
1841
+ # resp.user_pool_client.allowed_o_auth_flows #=> Array
1842
+ # resp.user_pool_client.allowed_o_auth_flows[0] #=> String, one of "code", "implicit", "client_credentials"
1843
+ # resp.user_pool_client.allowed_o_auth_scopes #=> Array
1844
+ # resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
1845
+ # resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
1645
1846
  #
1646
1847
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClient AWS API Documentation
1647
1848
  #
@@ -1652,6 +1853,32 @@ module Aws::CognitoIdentityProvider
1652
1853
  req.send_request(options)
1653
1854
  end
1654
1855
 
1856
+ # Creates a new domain for a user pool.
1857
+ #
1858
+ # @option params [required, String] :domain
1859
+ # The domain string.
1860
+ #
1861
+ # @option params [required, String] :user_pool_id
1862
+ # The user pool ID.
1863
+ #
1864
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1865
+ #
1866
+ # @example Request syntax with placeholder values
1867
+ #
1868
+ # resp = client.create_user_pool_domain({
1869
+ # domain: "DomainType", # required
1870
+ # user_pool_id: "UserPoolIdType", # required
1871
+ # })
1872
+ #
1873
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolDomain AWS API Documentation
1874
+ #
1875
+ # @overload create_user_pool_domain(params = {})
1876
+ # @param [Hash] params ({})
1877
+ def create_user_pool_domain(params = {}, options = {})
1878
+ req = build_request(:create_user_pool_domain, params)
1879
+ req.send_request(options)
1880
+ end
1881
+
1655
1882
  # Deletes a group. Currently only groups with no members can be deleted.
1656
1883
  #
1657
1884
  # Requires developer credentials.
@@ -1680,9 +1907,35 @@ module Aws::CognitoIdentityProvider
1680
1907
  req.send_request(options)
1681
1908
  end
1682
1909
 
1910
+ # Deletes an identity provider for a user pool.
1911
+ #
1912
+ # @option params [required, String] :user_pool_id
1913
+ # The user pool ID.
1914
+ #
1915
+ # @option params [required, String] :provider_name
1916
+ # The identity provider name.
1917
+ #
1918
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1919
+ #
1920
+ # @example Request syntax with placeholder values
1921
+ #
1922
+ # resp = client.delete_identity_provider({
1923
+ # user_pool_id: "UserPoolIdType", # required
1924
+ # provider_name: "ProviderNameType", # required
1925
+ # })
1926
+ #
1927
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteIdentityProvider AWS API Documentation
1928
+ #
1929
+ # @overload delete_identity_provider(params = {})
1930
+ # @param [Hash] params ({})
1931
+ def delete_identity_provider(params = {}, options = {})
1932
+ req = build_request(:delete_identity_provider, params)
1933
+ req.send_request(options)
1934
+ end
1935
+
1683
1936
  # Allows a user to delete one's self.
1684
1937
  #
1685
- # @option params [String] :access_token
1938
+ # @option params [required, String] :access_token
1686
1939
  # The access token from a request to delete a user.
1687
1940
  #
1688
1941
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1690,7 +1943,7 @@ module Aws::CognitoIdentityProvider
1690
1943
  # @example Request syntax with placeholder values
1691
1944
  #
1692
1945
  # resp = client.delete_user({
1693
- # access_token: "TokenModelType",
1946
+ # access_token: "TokenModelType", # required
1694
1947
  # })
1695
1948
  #
1696
1949
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUser AWS API Documentation
@@ -1708,7 +1961,10 @@ module Aws::CognitoIdentityProvider
1708
1961
  # An array of strings representing the user attribute names you wish to
1709
1962
  # delete.
1710
1963
  #
1711
- # @option params [String] :access_token
1964
+ # For custom attributes, you must prepend the `custom:` prefix to the
1965
+ # attribute name.
1966
+ #
1967
+ # @option params [required, String] :access_token
1712
1968
  # The access token used in the request to delete user attributes.
1713
1969
  #
1714
1970
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1717,7 +1973,7 @@ module Aws::CognitoIdentityProvider
1717
1973
  #
1718
1974
  # resp = client.delete_user_attributes({
1719
1975
  # user_attribute_names: ["AttributeNameType"], # required
1720
- # access_token: "TokenModelType",
1976
+ # access_token: "TokenModelType", # required
1721
1977
  # })
1722
1978
  #
1723
1979
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserAttributes AWS API Documentation
@@ -1778,6 +2034,74 @@ module Aws::CognitoIdentityProvider
1778
2034
  req.send_request(options)
1779
2035
  end
1780
2036
 
2037
+ # Deletes a domain for a user pool.
2038
+ #
2039
+ # @option params [required, String] :domain
2040
+ # The domain string.
2041
+ #
2042
+ # @option params [required, String] :user_pool_id
2043
+ # The user pool ID.
2044
+ #
2045
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2046
+ #
2047
+ # @example Request syntax with placeholder values
2048
+ #
2049
+ # resp = client.delete_user_pool_domain({
2050
+ # domain: "DomainType", # required
2051
+ # user_pool_id: "UserPoolIdType", # required
2052
+ # })
2053
+ #
2054
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserPoolDomain AWS API Documentation
2055
+ #
2056
+ # @overload delete_user_pool_domain(params = {})
2057
+ # @param [Hash] params ({})
2058
+ def delete_user_pool_domain(params = {}, options = {})
2059
+ req = build_request(:delete_user_pool_domain, params)
2060
+ req.send_request(options)
2061
+ end
2062
+
2063
+ # Gets information about a specific identity provider.
2064
+ #
2065
+ # @option params [required, String] :user_pool_id
2066
+ # The user pool ID.
2067
+ #
2068
+ # @option params [required, String] :provider_name
2069
+ # The identity provider name.
2070
+ #
2071
+ # @return [Types::DescribeIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2072
+ #
2073
+ # * {Types::DescribeIdentityProviderResponse#identity_provider #identity_provider} => Types::IdentityProviderType
2074
+ #
2075
+ # @example Request syntax with placeholder values
2076
+ #
2077
+ # resp = client.describe_identity_provider({
2078
+ # user_pool_id: "UserPoolIdType", # required
2079
+ # provider_name: "ProviderNameType", # required
2080
+ # })
2081
+ #
2082
+ # @example Response structure
2083
+ #
2084
+ # resp.identity_provider.user_pool_id #=> String
2085
+ # resp.identity_provider.provider_name #=> String
2086
+ # resp.identity_provider.provider_type #=> String, one of "SAML"
2087
+ # resp.identity_provider.provider_details #=> Hash
2088
+ # resp.identity_provider.provider_details["StringType"] #=> String
2089
+ # resp.identity_provider.attribute_mapping #=> Hash
2090
+ # resp.identity_provider.attribute_mapping["CustomAttributeNameType"] #=> String
2091
+ # resp.identity_provider.idp_identifiers #=> Array
2092
+ # resp.identity_provider.idp_identifiers[0] #=> String
2093
+ # resp.identity_provider.last_modified_date #=> Time
2094
+ # resp.identity_provider.creation_date #=> Time
2095
+ #
2096
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeIdentityProvider AWS API Documentation
2097
+ #
2098
+ # @overload describe_identity_provider(params = {})
2099
+ # @param [Hash] params ({})
2100
+ def describe_identity_provider(params = {}, options = {})
2101
+ req = build_request(:describe_identity_provider, params)
2102
+ req.send_request(options)
2103
+ end
2104
+
1781
2105
  # Describes the user import job.
1782
2106
  #
1783
2107
  # @option params [required, String] :user_pool_id
@@ -1939,6 +2263,18 @@ module Aws::CognitoIdentityProvider
1939
2263
  # resp.user_pool_client.write_attributes[0] #=> String
1940
2264
  # resp.user_pool_client.explicit_auth_flows #=> Array
1941
2265
  # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
2266
+ # resp.user_pool_client.supported_identity_providers #=> Array
2267
+ # resp.user_pool_client.supported_identity_providers[0] #=> String
2268
+ # resp.user_pool_client.callback_urls #=> Array
2269
+ # resp.user_pool_client.callback_urls[0] #=> String
2270
+ # resp.user_pool_client.logout_urls #=> Array
2271
+ # resp.user_pool_client.logout_urls[0] #=> String
2272
+ # resp.user_pool_client.default_redirect_uri #=> String
2273
+ # resp.user_pool_client.allowed_o_auth_flows #=> Array
2274
+ # resp.user_pool_client.allowed_o_auth_flows[0] #=> String, one of "code", "implicit", "client_credentials"
2275
+ # resp.user_pool_client.allowed_o_auth_scopes #=> Array
2276
+ # resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
2277
+ # resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
1942
2278
  #
1943
2279
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolClient AWS API Documentation
1944
2280
  #
@@ -1949,6 +2285,40 @@ module Aws::CognitoIdentityProvider
1949
2285
  req.send_request(options)
1950
2286
  end
1951
2287
 
2288
+ # Gets information about a domain.
2289
+ #
2290
+ # @option params [required, String] :domain
2291
+ # The domain string.
2292
+ #
2293
+ # @return [Types::DescribeUserPoolDomainResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2294
+ #
2295
+ # * {Types::DescribeUserPoolDomainResponse#domain_description #domain_description} => Types::DomainDescriptionType
2296
+ #
2297
+ # @example Request syntax with placeholder values
2298
+ #
2299
+ # resp = client.describe_user_pool_domain({
2300
+ # domain: "DomainType", # required
2301
+ # })
2302
+ #
2303
+ # @example Response structure
2304
+ #
2305
+ # resp.domain_description.user_pool_id #=> String
2306
+ # resp.domain_description.aws_account_id #=> String
2307
+ # resp.domain_description.domain #=> String
2308
+ # resp.domain_description.s3_bucket #=> String
2309
+ # resp.domain_description.cloud_front_distribution #=> String
2310
+ # resp.domain_description.version #=> String
2311
+ # resp.domain_description.status #=> String, one of "CREATING", "DELETING", "UPDATING", "ACTIVE"
2312
+ #
2313
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolDomain AWS API Documentation
2314
+ #
2315
+ # @overload describe_user_pool_domain(params = {})
2316
+ # @param [Hash] params ({})
2317
+ def describe_user_pool_domain(params = {}, options = {})
2318
+ req = build_request(:describe_user_pool_domain, params)
2319
+ req.send_request(options)
2320
+ end
2321
+
1952
2322
  # Forgets the specified device.
1953
2323
  #
1954
2324
  # @option params [String] :access_token
@@ -1975,7 +2345,15 @@ module Aws::CognitoIdentityProvider
1975
2345
  req.send_request(options)
1976
2346
  end
1977
2347
 
1978
- # Retrieves the password for the specified client ID or username.
2348
+ # Calling this API causes a message to be sent to the end user with a
2349
+ # confirmation code that is required to change the user's password. For
2350
+ # the `Username` parameter, you can use the username or user alias. If a
2351
+ # verified phone number exists for the user, the confirmation code is
2352
+ # sent to the phone number. Otherwise, if a verified email exists, the
2353
+ # confirmation code is sent to the email. If neither a verified phone
2354
+ # number nor a verified email exists, `InvalidParameterException` is
2355
+ # thrown. To use the confirmation code for resetting the password, call
2356
+ # [ConfirmForgotPassword](API_ConfirmForgotPassword.html).
1979
2357
  #
1980
2358
  # @option params [required, String] :client_id
1981
2359
  # The ID of the client associated with the user pool.
@@ -2127,9 +2505,51 @@ module Aws::CognitoIdentityProvider
2127
2505
  req.send_request(options)
2128
2506
  end
2129
2507
 
2508
+ # Gets the specified identity provider.
2509
+ #
2510
+ # @option params [required, String] :user_pool_id
2511
+ # The user pool ID.
2512
+ #
2513
+ # @option params [required, String] :idp_identifier
2514
+ # The identity provider ID.
2515
+ #
2516
+ # @return [Types::GetIdentityProviderByIdentifierResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2517
+ #
2518
+ # * {Types::GetIdentityProviderByIdentifierResponse#identity_provider #identity_provider} => Types::IdentityProviderType
2519
+ #
2520
+ # @example Request syntax with placeholder values
2521
+ #
2522
+ # resp = client.get_identity_provider_by_identifier({
2523
+ # user_pool_id: "UserPoolIdType", # required
2524
+ # idp_identifier: "IdpIdentifierType", # required
2525
+ # })
2526
+ #
2527
+ # @example Response structure
2528
+ #
2529
+ # resp.identity_provider.user_pool_id #=> String
2530
+ # resp.identity_provider.provider_name #=> String
2531
+ # resp.identity_provider.provider_type #=> String, one of "SAML"
2532
+ # resp.identity_provider.provider_details #=> Hash
2533
+ # resp.identity_provider.provider_details["StringType"] #=> String
2534
+ # resp.identity_provider.attribute_mapping #=> Hash
2535
+ # resp.identity_provider.attribute_mapping["CustomAttributeNameType"] #=> String
2536
+ # resp.identity_provider.idp_identifiers #=> Array
2537
+ # resp.identity_provider.idp_identifiers[0] #=> String
2538
+ # resp.identity_provider.last_modified_date #=> Time
2539
+ # resp.identity_provider.creation_date #=> Time
2540
+ #
2541
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier AWS API Documentation
2542
+ #
2543
+ # @overload get_identity_provider_by_identifier(params = {})
2544
+ # @param [Hash] params ({})
2545
+ def get_identity_provider_by_identifier(params = {}, options = {})
2546
+ req = build_request(:get_identity_provider_by_identifier, params)
2547
+ req.send_request(options)
2548
+ end
2549
+
2130
2550
  # Gets the user attributes and metadata for a user.
2131
2551
  #
2132
- # @option params [String] :access_token
2552
+ # @option params [required, String] :access_token
2133
2553
  # The access token returned by the server response to get information
2134
2554
  # about the user.
2135
2555
  #
@@ -2142,7 +2562,7 @@ module Aws::CognitoIdentityProvider
2142
2562
  # @example Request syntax with placeholder values
2143
2563
  #
2144
2564
  # resp = client.get_user({
2145
- # access_token: "TokenModelType",
2565
+ # access_token: "TokenModelType", # required
2146
2566
  # })
2147
2567
  #
2148
2568
  # @example Response structure
@@ -2167,7 +2587,7 @@ module Aws::CognitoIdentityProvider
2167
2587
  # Gets the user attribute verification code for the specified attribute
2168
2588
  # name.
2169
2589
  #
2170
- # @option params [String] :access_token
2590
+ # @option params [required, String] :access_token
2171
2591
  # The access token returned by the server response to get the user
2172
2592
  # attribute verification code.
2173
2593
  #
@@ -2182,7 +2602,7 @@ module Aws::CognitoIdentityProvider
2182
2602
  # @example Request syntax with placeholder values
2183
2603
  #
2184
2604
  # resp = client.get_user_attribute_verification_code({
2185
- # access_token: "TokenModelType",
2605
+ # access_token: "TokenModelType", # required
2186
2606
  # attribute_name: "AttributeNameType", # required
2187
2607
  # })
2188
2608
  #
@@ -2203,7 +2623,7 @@ module Aws::CognitoIdentityProvider
2203
2623
 
2204
2624
  # Signs out users from all devices.
2205
2625
  #
2206
- # @option params [String] :access_token
2626
+ # @option params [required, String] :access_token
2207
2627
  # The access token.
2208
2628
  #
2209
2629
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -2211,7 +2631,7 @@ module Aws::CognitoIdentityProvider
2211
2631
  # @example Request syntax with placeholder values
2212
2632
  #
2213
2633
  # resp = client.global_sign_out({
2214
- # access_token: "TokenModelType",
2634
+ # access_token: "TokenModelType", # required
2215
2635
  # })
2216
2636
  #
2217
2637
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GlobalSignOut AWS API Documentation
@@ -2226,16 +2646,51 @@ module Aws::CognitoIdentityProvider
2226
2646
  # Initiates the authentication flow.
2227
2647
  #
2228
2648
  # @option params [required, String] :auth_flow
2229
- # The authentication flow.
2649
+ # The authentication flow for this call to execute. The API action will
2650
+ # depend on this value. For example:
2651
+ #
2652
+ # * `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
2653
+ # new tokens.
2654
+ #
2655
+ # * `USER_SRP_AUTH` will take in USERNAME and SRPA and return the SRP
2656
+ # variables to be used for next challenge execution.
2657
+ #
2658
+ # Valid values include:
2659
+ #
2660
+ # * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
2661
+ # (SRP) protocol.
2662
+ #
2663
+ # * `REFRESH_TOKEN_AUTH`/`REFRESH_TOKEN`\: Authentication flow for
2664
+ # refreshing the access token and ID token by supplying a valid
2665
+ # refresh token.
2666
+ #
2667
+ # * `CUSTOM_AUTH`\: Custom authentication flow.
2668
+ #
2669
+ # `ADMIN_NO_SRP_AUTH` is not a valid value.
2230
2670
  #
2231
2671
  # @option params [Hash<String,String>] :auth_parameters
2232
- # The authentication parameters.
2672
+ # The authentication parameters. These are inputs corresponding to the
2673
+ # `AuthFlow` that you are invoking. The required values depend on the
2674
+ # value of `AuthFlow`\:
2675
+ #
2676
+ # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRPA` (required),
2677
+ # `SECRET_HASH` (required if the app client is configured with a
2678
+ # client secret), `DEVICE_KEY`
2679
+ #
2680
+ # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
2681
+ # `SECRET_HASH` (required if the app client is configured with a
2682
+ # client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
2683
+ #
2684
+ # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
2685
+ # client is configured with client secret), `DEVICE_KEY`
2233
2686
  #
2234
2687
  # @option params [Hash<String,String>] :client_metadata
2235
- # The client app's metadata.
2688
+ # This is a random key-value pair map which can contain any key and will
2689
+ # be passed to your PreAuthentication Lambda trigger as-is. It can be
2690
+ # used to implement additional validations around authentication.
2236
2691
  #
2237
2692
  # @option params [required, String] :client_id
2238
- # The client ID.
2693
+ # The app client ID.
2239
2694
  #
2240
2695
  # @return [Types::InitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2241
2696
  #
@@ -2374,6 +2829,48 @@ module Aws::CognitoIdentityProvider
2374
2829
  req.send_request(options)
2375
2830
  end
2376
2831
 
2832
+ # Lists information about all identity providers for a user pool.
2833
+ #
2834
+ # @option params [required, String] :user_pool_id
2835
+ # The user pool ID.
2836
+ #
2837
+ # @option params [Integer] :max_results
2838
+ # The maximum number of identity providers to return.
2839
+ #
2840
+ # @option params [String] :next_token
2841
+ # A pagination token.
2842
+ #
2843
+ # @return [Types::ListIdentityProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2844
+ #
2845
+ # * {Types::ListIdentityProvidersResponse#providers #providers} => Array&lt;Types::ProviderDescription&gt;
2846
+ # * {Types::ListIdentityProvidersResponse#next_token #next_token} => String
2847
+ #
2848
+ # @example Request syntax with placeholder values
2849
+ #
2850
+ # resp = client.list_identity_providers({
2851
+ # user_pool_id: "UserPoolIdType", # required
2852
+ # max_results: 1,
2853
+ # next_token: "PaginationKeyType",
2854
+ # })
2855
+ #
2856
+ # @example Response structure
2857
+ #
2858
+ # resp.providers #=> Array
2859
+ # resp.providers[0].provider_name #=> String
2860
+ # resp.providers[0].provider_type #=> String, one of "SAML"
2861
+ # resp.providers[0].last_modified_date #=> Time
2862
+ # resp.providers[0].creation_date #=> Time
2863
+ # resp.next_token #=> String
2864
+ #
2865
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListIdentityProviders AWS API Documentation
2866
+ #
2867
+ # @overload list_identity_providers(params = {})
2868
+ # @param [Hash] params ({})
2869
+ def list_identity_providers(params = {}, options = {})
2870
+ req = build_request(:list_identity_providers, params)
2871
+ req.send_request(options)
2872
+ end
2873
+
2377
2874
  # Lists the user import jobs.
2378
2875
  #
2379
2876
  # @option params [required, String] :user_pool_id
@@ -2385,8 +2882,8 @@ module Aws::CognitoIdentityProvider
2385
2882
  #
2386
2883
  # @option params [String] :pagination_token
2387
2884
  # An identifier that was returned from the previous call to
2388
- # ListUserImportJobs, which can be used to return the next set of import
2389
- # jobs in the list.
2885
+ # `ListUserImportJobs`, which can be used to return the next set of
2886
+ # import jobs in the list.
2390
2887
  #
2391
2888
  # @return [Types::ListUserImportJobsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2392
2889
  #
@@ -2526,13 +3023,16 @@ module Aws::CognitoIdentityProvider
2526
3023
  # Lists the users in the Amazon Cognito user pool.
2527
3024
  #
2528
3025
  # @option params [required, String] :user_pool_id
2529
- # The user pool ID for which you want to list users.
3026
+ # The user pool ID for the user pool on which the search should be
3027
+ # performed.
2530
3028
  #
2531
3029
  # @option params [Array<String>] :attributes_to_get
2532
- # The attributes to get from the request to list users.
3030
+ # An array of strings, where each string is the name of a user attribute
3031
+ # to be returned for each user in the search results. If the array is
3032
+ # empty, all attributes are returned.
2533
3033
  #
2534
3034
  # @option params [Integer] :limit
2535
- # The limit of the request to list users.
3035
+ # Maximum number of users to be returned.
2536
3036
  #
2537
3037
  # @option params [String] :pagination_token
2538
3038
  # An identifier that was returned from the previous call to this
@@ -2540,7 +3040,55 @@ module Aws::CognitoIdentityProvider
2540
3040
  # list.
2541
3041
  #
2542
3042
  # @option params [String] :filter
2543
- # The filter for the list users request.
3043
+ # A filter string of the form "*AttributeName* *Filter-Type*
3044
+ # "*AttributeValue*"". Quotation marks within the filter string must
3045
+ # be escaped using the backslash (\\) character. For example,
3046
+ # "`family_name` = \\"Reddy\\"".
3047
+ #
3048
+ # * *AttributeName*\: The name of the attribute to search for. You can
3049
+ # only search for one attribute at a time.
3050
+ #
3051
+ # * *Filter-Type*\: For an exact match, use =, for example,
3052
+ # "`given_name` = \\"Jon\\"". For a prefix ("starts with")
3053
+ # match, use ^=, for example, "`given_name` ^= \\"Jon\\"".
3054
+ #
3055
+ # * *AttributeValue*\: The attribute value that must be matched for each
3056
+ # user.
3057
+ #
3058
+ # If the filter string is empty, `ListUsers` returns all users in the
3059
+ # user pool.
3060
+ #
3061
+ # You can only search for the following standard attributes:
3062
+ #
3063
+ # * `username` (case-sensitive)
3064
+ #
3065
+ # * `email`
3066
+ #
3067
+ # * `phone_number`
3068
+ #
3069
+ # * `name`
3070
+ #
3071
+ # * `given_name`
3072
+ #
3073
+ # * `family_name`
3074
+ #
3075
+ # * `preferred_username`
3076
+ #
3077
+ # * `cognito:user_status` (called **Enabled** in the Console)
3078
+ # (case-sensitive)
3079
+ #
3080
+ # * `status` (case-insensitive)
3081
+ #
3082
+ # Custom attributes are not searchable.
3083
+ #
3084
+ # For more information, see [Searching for Users Using the ListUsers
3085
+ # API][1] and [Examples of Using the ListUsers API][2] in the *Amazon
3086
+ # Cognito Developer Guide*.
3087
+ #
3088
+ #
3089
+ #
3090
+ # [1]: http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
3091
+ # [2]: http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
2544
3092
  #
2545
3093
  # @return [Types::ListUsersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2546
3094
  #
@@ -2684,16 +3232,36 @@ module Aws::CognitoIdentityProvider
2684
3232
  # Responds to the authentication challenge.
2685
3233
  #
2686
3234
  # @option params [required, String] :client_id
2687
- # The client ID.
3235
+ # The app client ID.
2688
3236
  #
2689
3237
  # @option params [required, String] :challenge_name
2690
- # The name of the challenge.
3238
+ # The challenge name. For more information, see
3239
+ # [InitiateAuth](API_InitiateAuth.html).
3240
+ #
3241
+ # `ADMIN_NO_SRP_AUTH` is not a valid value.
2691
3242
  #
2692
3243
  # @option params [String] :session
2693
- # The session.
3244
+ # The session which should be passed both ways in challenge-response
3245
+ # calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
3246
+ # API call determines that the caller needs to go through another
3247
+ # challenge, they return a session with other challenge parameters. This
3248
+ # session should be passed as it is to the next `RespondToAuthChallenge`
3249
+ # API call.
2694
3250
  #
2695
3251
  # @option params [Hash<String,String>] :challenge_responses
2696
- # The responses to the authentication challenge.
3252
+ # The challenge responses. These are inputs corresponding to the value
3253
+ # of `ChallengeName`, for example:
3254
+ #
3255
+ # * `SMS_MFA`\: `SMS_MFA_CODE`, `USERNAME`, `SECRET_HASH` (if app client
3256
+ # is configured with client secret).
3257
+ #
3258
+ # * `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
3259
+ # `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`,
3260
+ # `SECRET_HASH` (if app client is configured with client secret).
3261
+ #
3262
+ # * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
3263
+ # attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
3264
+ # with client secret).
2697
3265
  #
2698
3266
  # @return [Types::RespondToAuthChallengeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2699
3267
  #
@@ -2790,6 +3358,9 @@ module Aws::CognitoIdentityProvider
2790
3358
  # @option params [Array<Types::AttributeType>] :user_attributes
2791
3359
  # An array of name-value pairs representing user attributes.
2792
3360
  #
3361
+ # For custom attributes, you must prepend the `custom:` prefix to the
3362
+ # attribute name.
3363
+ #
2793
3364
  # @option params [Array<Types::AttributeType>] :validation_data
2794
3365
  # The validation data in the request to register a user.
2795
3366
  #
@@ -2797,6 +3368,7 @@ module Aws::CognitoIdentityProvider
2797
3368
  #
2798
3369
  # * {Types::SignUpResponse#user_confirmed #user_confirmed} => Boolean
2799
3370
  # * {Types::SignUpResponse#code_delivery_details #code_delivery_details} => Types::CodeDeliveryDetailsType
3371
+ # * {Types::SignUpResponse#user_sub #user_sub} => String
2800
3372
  #
2801
3373
  # @example Request syntax with placeholder values
2802
3374
  #
@@ -2825,6 +3397,7 @@ module Aws::CognitoIdentityProvider
2825
3397
  # resp.code_delivery_details.destination #=> String
2826
3398
  # resp.code_delivery_details.delivery_medium #=> String, one of "SMS", "EMAIL"
2827
3399
  # resp.code_delivery_details.attribute_name #=> String
3400
+ # resp.user_sub #=> String
2828
3401
  #
2829
3402
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SignUp AWS API Documentation
2830
3403
  #
@@ -2974,8 +3547,7 @@ module Aws::CognitoIdentityProvider
2974
3547
  #
2975
3548
  # @option params [Integer] :precedence
2976
3549
  # The new precedence value for the group. For more information about
2977
- # this parameter, see
2978
- # [CreateGroupRequest](API_CreateGroupRequeste.html).
3550
+ # this parameter, see [CreateGroup](API_CreateGroup.html).
2979
3551
  #
2980
3552
  # @return [Types::UpdateGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2981
3553
  #
@@ -3010,12 +3582,74 @@ module Aws::CognitoIdentityProvider
3010
3582
  req.send_request(options)
3011
3583
  end
3012
3584
 
3585
+ # Updates identity provider information for a user pool.
3586
+ #
3587
+ # @option params [required, String] :user_pool_id
3588
+ # The user pool ID.
3589
+ #
3590
+ # @option params [required, String] :provider_name
3591
+ # The identity provider name.
3592
+ #
3593
+ # @option params [Hash<String,String>] :provider_details
3594
+ # The identity provider details to be updated, such as `MetadataURL` and
3595
+ # `MetadataFile`.
3596
+ #
3597
+ # @option params [Hash<String,String>] :attribute_mapping
3598
+ # The identity provider attribute mapping to be changed.
3599
+ #
3600
+ # @option params [Array<String>] :idp_identifiers
3601
+ # A list of identity provider identifiers.
3602
+ #
3603
+ # @return [Types::UpdateIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3604
+ #
3605
+ # * {Types::UpdateIdentityProviderResponse#identity_provider #identity_provider} => Types::IdentityProviderType
3606
+ #
3607
+ # @example Request syntax with placeholder values
3608
+ #
3609
+ # resp = client.update_identity_provider({
3610
+ # user_pool_id: "UserPoolIdType", # required
3611
+ # provider_name: "ProviderNameType", # required
3612
+ # provider_details: {
3613
+ # "StringType" => "StringType",
3614
+ # },
3615
+ # attribute_mapping: {
3616
+ # "CustomAttributeNameType" => "StringType",
3617
+ # },
3618
+ # idp_identifiers: ["IdpIdentifierType"],
3619
+ # })
3620
+ #
3621
+ # @example Response structure
3622
+ #
3623
+ # resp.identity_provider.user_pool_id #=> String
3624
+ # resp.identity_provider.provider_name #=> String
3625
+ # resp.identity_provider.provider_type #=> String, one of "SAML"
3626
+ # resp.identity_provider.provider_details #=> Hash
3627
+ # resp.identity_provider.provider_details["StringType"] #=> String
3628
+ # resp.identity_provider.attribute_mapping #=> Hash
3629
+ # resp.identity_provider.attribute_mapping["CustomAttributeNameType"] #=> String
3630
+ # resp.identity_provider.idp_identifiers #=> Array
3631
+ # resp.identity_provider.idp_identifiers[0] #=> String
3632
+ # resp.identity_provider.last_modified_date #=> Time
3633
+ # resp.identity_provider.creation_date #=> Time
3634
+ #
3635
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateIdentityProvider AWS API Documentation
3636
+ #
3637
+ # @overload update_identity_provider(params = {})
3638
+ # @param [Hash] params ({})
3639
+ def update_identity_provider(params = {}, options = {})
3640
+ req = build_request(:update_identity_provider, params)
3641
+ req.send_request(options)
3642
+ end
3643
+
3013
3644
  # Allows a user to update a specific attribute (one at a time).
3014
3645
  #
3015
3646
  # @option params [required, Array<Types::AttributeType>] :user_attributes
3016
3647
  # An array of name-value pairs representing user attributes.
3017
3648
  #
3018
- # @option params [String] :access_token
3649
+ # For custom attributes, you must prepend the `custom:` prefix to the
3650
+ # attribute name.
3651
+ #
3652
+ # @option params [required, String] :access_token
3019
3653
  # The access token for the request to update user attributes.
3020
3654
  #
3021
3655
  # @return [Types::UpdateUserAttributesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -3031,7 +3665,7 @@ module Aws::CognitoIdentityProvider
3031
3665
  # value: "AttributeValueType",
3032
3666
  # },
3033
3667
  # ],
3034
- # access_token: "TokenModelType",
3668
+ # access_token: "TokenModelType", # required
3035
3669
  # })
3036
3670
  #
3037
3671
  # @example Response structure
@@ -3073,7 +3707,7 @@ module Aws::CognitoIdentityProvider
3073
3707
  # The contents of the email verification message.
3074
3708
  #
3075
3709
  # @option params [String] :email_verification_subject
3076
- # The subject of the email verfication message.
3710
+ # The subject of the email verification message.
3077
3711
  #
3078
3712
  # @option params [String] :sms_authentication_message
3079
3713
  # The contents of the SMS authentication message.
@@ -3108,7 +3742,7 @@ module Aws::CognitoIdentityProvider
3108
3742
  # [1]: http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
3109
3743
  #
3110
3744
  # @option params [Types::AdminCreateUserConfigType] :admin_create_user_config
3111
- # The configuration for AdminCreateUser requests.
3745
+ # The configuration for `AdminCreateUser` requests.
3112
3746
  #
3113
3747
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3114
3748
  #
@@ -3190,7 +3824,8 @@ module Aws::CognitoIdentityProvider
3190
3824
  # The client name from the update user pool client request.
3191
3825
  #
3192
3826
  # @option params [Integer] :refresh_token_validity
3193
- # The validity of the refresh token, in days.
3827
+ # The time limit, in days, after which the refresh token is no longer
3828
+ # valid and cannot be used.
3194
3829
  #
3195
3830
  # @option params [Array<String>] :read_attributes
3196
3831
  # The read-only attributes of the user pool.
@@ -3201,6 +3836,35 @@ module Aws::CognitoIdentityProvider
3201
3836
  # @option params [Array<String>] :explicit_auth_flows
3202
3837
  # Explicit authentication flows.
3203
3838
  #
3839
+ # @option params [Array<String>] :supported_identity_providers
3840
+ # A list of provider names for the identity providers that are supported
3841
+ # on this client.
3842
+ #
3843
+ # @option params [Array<String>] :callback_urls
3844
+ # A list of allowed callback URLs for the identity providers.
3845
+ #
3846
+ # @option params [Array<String>] :logout_urls
3847
+ # A list ofallowed logout URLs for the identity providers.
3848
+ #
3849
+ # @option params [String] :default_redirect_uri
3850
+ # The default redirect URI. Must be in the `CallbackURLs` list.
3851
+ #
3852
+ # @option params [Array<String>] :allowed_o_auth_flows
3853
+ # Set to `code` to initiate a code grant flow, which provides an
3854
+ # authorization code as the response. This code can be exchanged for
3855
+ # access tokens with the token endpoint.
3856
+ #
3857
+ # Set to `token` to specify that the client should get the access token
3858
+ # (and, optionally, ID token, based on scopes) directly.
3859
+ #
3860
+ # @option params [Array<String>] :allowed_o_auth_scopes
3861
+ # A list of allowed `OAuth` scopes. Currently supported values are
3862
+ # `"phone"`, `"email"`, `"openid"`, and `"Cognito"`.
3863
+ #
3864
+ # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
3865
+ # Set to TRUE if the client is allowed to follow the OAuth protocol when
3866
+ # interacting with Cognito user pools.
3867
+ #
3204
3868
  # @return [Types::UpdateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3205
3869
  #
3206
3870
  # * {Types::UpdateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -3215,6 +3879,13 @@ module Aws::CognitoIdentityProvider
3215
3879
  # read_attributes: ["ClientPermissionType"],
3216
3880
  # write_attributes: ["ClientPermissionType"],
3217
3881
  # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
3882
+ # supported_identity_providers: ["ProviderNameType"],
3883
+ # callback_urls: ["RedirectUrlType"],
3884
+ # logout_urls: ["RedirectUrlType"],
3885
+ # default_redirect_uri: "RedirectUrlType",
3886
+ # allowed_o_auth_flows: ["code"], # accepts code, implicit, client_credentials
3887
+ # allowed_o_auth_scopes: ["ScopeType"],
3888
+ # allowed_o_auth_flows_user_pool_client: false,
3218
3889
  # })
3219
3890
  #
3220
3891
  # @example Response structure
@@ -3232,6 +3903,18 @@ module Aws::CognitoIdentityProvider
3232
3903
  # resp.user_pool_client.write_attributes[0] #=> String
3233
3904
  # resp.user_pool_client.explicit_auth_flows #=> Array
3234
3905
  # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
3906
+ # resp.user_pool_client.supported_identity_providers #=> Array
3907
+ # resp.user_pool_client.supported_identity_providers[0] #=> String
3908
+ # resp.user_pool_client.callback_urls #=> Array
3909
+ # resp.user_pool_client.callback_urls[0] #=> String
3910
+ # resp.user_pool_client.logout_urls #=> Array
3911
+ # resp.user_pool_client.logout_urls[0] #=> String
3912
+ # resp.user_pool_client.default_redirect_uri #=> String
3913
+ # resp.user_pool_client.allowed_o_auth_flows #=> Array
3914
+ # resp.user_pool_client.allowed_o_auth_flows[0] #=> String, one of "code", "implicit", "client_credentials"
3915
+ # resp.user_pool_client.allowed_o_auth_scopes #=> Array
3916
+ # resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
3917
+ # resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
3235
3918
  #
3236
3919
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClient AWS API Documentation
3237
3920
  #
@@ -3244,7 +3927,7 @@ module Aws::CognitoIdentityProvider
3244
3927
 
3245
3928
  # Verifies the specified user attributes in the user pool.
3246
3929
  #
3247
- # @option params [String] :access_token
3930
+ # @option params [required, String] :access_token
3248
3931
  # Represents the access token of the request to verify user attributes.
3249
3932
  #
3250
3933
  # @option params [required, String] :attribute_name
@@ -3258,7 +3941,7 @@ module Aws::CognitoIdentityProvider
3258
3941
  # @example Request syntax with placeholder values
3259
3942
  #
3260
3943
  # resp = client.verify_user_attribute({
3261
- # access_token: "TokenModelType",
3944
+ # access_token: "TokenModelType", # required
3262
3945
  # attribute_name: "AttributeNameType", # required
3263
3946
  # code: "ConfirmationCodeType", # required
3264
3947
  # })
@@ -3285,7 +3968,7 @@ module Aws::CognitoIdentityProvider
3285
3968
  params: params,
3286
3969
  config: config)
3287
3970
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
3288
- context[:gem_version] = '1.0.0.rc6'
3971
+ context[:gem_version] = '1.0.0.rc7'
3289
3972
  Seahorse::Client::Request.new(handlers, context)
3290
3973
  end
3291
3974