aws-sdk-cognitoidentityprovider 1.0.0.rc6 → 1.0.0.rc7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 056acf1b44db001009287e2b25a5d2422fd26d6e
4
- data.tar.gz: 40eede898c85fab1eacb1064e5812b55ff02074f
3
+ metadata.gz: 750b22714a9ea4fa8c5ada4ffa3a9844da149ed0
4
+ data.tar.gz: edb8d892f2bfe3d74a08a29fdab02a0e99dbbe55
5
5
  SHA512:
6
- metadata.gz: 29d8b015abde1018affd716cf5d4adfae9c7498d75036638d994a7441aff6e3a0fc0bc7ee171ab0461f4034422c1873b4b6ed834782cf4b2c59042eed56f2a69
7
- data.tar.gz: ddd1b29af3a4d8a32a84cf61a2ed608ba6d61b3996b526ffb71038d629264b4afeffe4301d5289d34f34420d591c206d8b29c2842e3d8ef74cdbb50bc1ed36cb
6
+ metadata.gz: fd55e9d835302ed5f3d9d073b7fe130be86d690344f364a1903cadd75c4244a0313fd698f5945c99f4031f37efca42b6a3c48afe56e02c67ff64df109d5c2973
7
+ data.tar.gz: 4957b7e60e460564484562798a0f78e30f8935302cd7c3fad7a14d2894629a85a02af1c7714563f5faac4ea44a66ba02a1329086e3db9b04d053524caa12358c
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
42
42
  # @service
43
43
  module Aws::CognitoIdentityProvider
44
44
 
45
- GEM_VERSION = '1.0.0.rc6'
45
+ GEM_VERSION = '1.0.0.rc7'
46
46
 
47
47
  end
@@ -261,9 +261,11 @@ module Aws::CognitoIdentityProvider
261
261
 
262
262
  # Creates a new user in the specified user pool and sends a welcome
263
263
  # message via email or phone (SMS). This message is based on a template
264
- # that you configured in your call to CreateUserPool or UpdateUserPool.
265
- # This template includes your custom sign-up instructions and
266
- # placeholders for user name and temporary password.
264
+ # that you configured in your call to
265
+ # [CreateUserPool](API_CreateUserPool.html) or
266
+ # [UpdateUserPool](API_UpdateUserPool.html). This template includes your
267
+ # custom sign-up instructions and placeholders for user name and
268
+ # temporary password.
267
269
  #
268
270
  # Requires developer credentials.
269
271
  #
@@ -278,31 +280,35 @@ module Aws::CognitoIdentityProvider
278
280
  # @option params [Array<Types::AttributeType>] :user_attributes
279
281
  # An array of name-value pairs that contain user attributes and
280
282
  # attribute values to be set for the user to be created. You can create
281
- # a user without specifying any attributes other than Username. However,
282
- # any attributes that you specify as required (in CreateUserPool or in
283
- # the **Attributes** tab of the console) must be supplied either by you
284
- # (in your call to AdminCreateUser) or by the user (when he or she signs
285
- # up in response to your welcome message).
283
+ # a user without specifying any attributes other than `Username`.
284
+ # However, any attributes that you specify as required (in
285
+ # [CreateUserPool](API_CreateUserPool.html) or in the **Attributes** tab
286
+ # of the console) must be supplied either by you (in your call to
287
+ # `AdminCreateUser`) or by the user (when he or she signs up in response
288
+ # to your welcome message).
289
+ #
290
+ # For custom attributes, you must prepend the `custom:` prefix to the
291
+ # attribute name.
286
292
  #
287
293
  # To send a message inviting the user to sign up, you must specify the
288
294
  # user's email address or phone number. This can be done in your call
289
295
  # to AdminCreateUser or in the **Users** tab of the Amazon Cognito
290
296
  # console for managing your user pools.
291
297
  #
292
- # In your call to AdminCreateUser, you can set the email\_verified
293
- # attribute to True, and you can set the phone\_number\_verified
294
- # attribute to True. (You cannot do this by calling other operations
295
- # such as AdminUpdateUserAttributes.)
298
+ # In your call to `AdminCreateUser`, you can set the `email_verified`
299
+ # attribute to `True`, and you can set the `phone_number_verified`
300
+ # attribute to `True`. (You can also do this by calling
301
+ # [AdminUpdateUserAttributes](API_AdminUpdateUserAttributes.html).)
296
302
  #
297
303
  # * **email**\: The email address of the user to whom the message that
298
304
  # contains the code and username will be sent. Required if the
299
- # email\_verified attribute is set to True, or if "EMAIL" is
300
- # specified in the DesiredDeliveryMediums parameter.
305
+ # `email_verified` attribute is set to `True`, or if `"EMAIL"` is
306
+ # specified in the `DesiredDeliveryMediums` parameter.
301
307
  #
302
308
  # * **phone\_number**\: The phone number of the user to whom the message
303
309
  # that contains the code and username will be sent. Required if the
304
- # phone\_number\_verified attribute is set to True, or if "SMS" is
305
- # specified in the DesiredDeliveryMediums parameter.
310
+ # `phone_number_verified` attribute is set to `True`, or if `"SMS"` is
311
+ # specified in the `DesiredDeliveryMediums` parameter.
306
312
  #
307
313
  # @option params [Array<Types::AttributeType>] :validation_data
308
314
  # The user's validation data. This is an array of name-value pairs that
@@ -332,33 +338,34 @@ module Aws::CognitoIdentityProvider
332
338
  #
333
339
  # The temporary password can only be used until the user account
334
340
  # expiration limit that you specified when you created the user pool. To
335
- # reset the account after that time limit, you must call AdminCreateUser
336
- # again, specifying "RESEND" for the MessageAction parameter.
341
+ # reset the account after that time limit, you must call
342
+ # `AdminCreateUser` again, specifying `"RESEND"` for the `MessageAction`
343
+ # parameter.
337
344
  #
338
345
  # @option params [Boolean] :force_alias_creation
339
- # This parameter is only used if the phone\_number\_verified or
340
- # email\_verified attribute is set to True. Otherwise, it is ignored.
346
+ # This parameter is only used if the `phone_number_verified` or
347
+ # `email_verified` attribute is set to `True`. Otherwise, it is ignored.
341
348
  #
342
- # If this parameter is set to True and the phone number or email address
343
- # specified in the UserAttributes parameter already exists as an alias
344
- # with a different user, the API call will migrate the alias from the
345
- # previous user to the newly created user. The previous user will no
349
+ # If this parameter is set to `True` and the phone number or email
350
+ # address specified in the UserAttributes parameter already exists as an
351
+ # alias with a different user, the API call will migrate the alias from
352
+ # the previous user to the newly created user. The previous user will no
346
353
  # longer be able to log in using that alias.
347
354
  #
348
- # If this parameter is set to False, the API throws an
349
- # AliasExistsException error if the alias already exists. The default
350
- # value is False.
355
+ # If this parameter is set to `False`, the API throws an
356
+ # `AliasExistsException` error if the alias already exists. The default
357
+ # value is `False`.
351
358
  #
352
359
  # @option params [String] :message_action
353
- # Set to "RESEND" to resend the invitation message to a user that
360
+ # Set to `"RESEND"` to resend the invitation message to a user that
354
361
  # already exists and reset the expiration limit on the user's account.
355
- # Set to "SUPPRESS" to suppress sending the message. Only one value
362
+ # Set to `"SUPPRESS"` to suppress sending the message. Only one value
356
363
  # can be specified.
357
364
  #
358
365
  # @option params [Array<String>] :desired_delivery_mediums
359
- # Specify "EMAIL" if email will be used to send the welcome message.
360
- # Specify "SMS" if the phone number will be used. The default value is
361
- # "SMS". More than one value can be specified.
366
+ # Specify `"EMAIL"` if email will be used to send the welcome message.
367
+ # Specify `"SMS"` if the phone number will be used. The default value is
368
+ # `"SMS"`. More than one value can be specified.
362
369
  #
363
370
  # @return [Types::AdminCreateUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
364
371
  #
@@ -455,6 +462,9 @@ module Aws::CognitoIdentityProvider
455
462
  # An array of strings representing the user attribute names you wish to
456
463
  # delete.
457
464
  #
465
+ # For custom attributes, you must prepend the `custom:` prefix to the
466
+ # attribute name.
467
+ #
458
468
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
459
469
  #
460
470
  # @example Request syntax with placeholder values
@@ -510,7 +520,7 @@ module Aws::CognitoIdentityProvider
510
520
  # The user pool ID for the user pool where you want to enable the user.
511
521
  #
512
522
  # @option params [required, String] :username
513
- # The user name of the user you wish to ebable.
523
+ # The user name of the user you wish to enable.
514
524
  #
515
525
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
516
526
  #
@@ -666,16 +676,57 @@ module Aws::CognitoIdentityProvider
666
676
  # The ID of the Amazon Cognito user pool.
667
677
  #
668
678
  # @option params [required, String] :client_id
669
- # The client app ID.
679
+ # The app client ID.
670
680
  #
671
681
  # @option params [required, String] :auth_flow
672
- # The authentication flow.
682
+ # The authentication flow for this call to execute. The API action will
683
+ # depend on this value. For example:
684
+ #
685
+ # * `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
686
+ # new tokens.
687
+ #
688
+ # * `USER_SRP_AUTH` will take in `USERNAME` and `SRPA` and return the
689
+ # SRP variables to be used for next challenge execution.
690
+ #
691
+ # Valid values include:
692
+ #
693
+ # * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
694
+ # (SRP) protocol.
695
+ #
696
+ # * `REFRESH_TOKEN_AUTH`/`REFRESH_TOKEN`\: Authentication flow for
697
+ # refreshing the access token and ID token by supplying a valid
698
+ # refresh token.
699
+ #
700
+ # * `CUSTOM_AUTH`\: Custom authentication flow.
701
+ #
702
+ # * `ADMIN_NO_SRP_AUTH`\: Non-SRP authentication flow; you can pass in
703
+ # the USERNAME and PASSWORD directly if the flow is enabled for
704
+ # calling the app client.
673
705
  #
674
706
  # @option params [Hash<String,String>] :auth_parameters
675
- # The authentication parameters.
707
+ # The authentication parameters. These are inputs corresponding to the
708
+ # `AuthFlow` that you are invoking. The required values depend on the
709
+ # value of `AuthFlow`\:
710
+ #
711
+ # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRPA` (required),
712
+ # `SECRET_HASH` (required if the app client is configured with a
713
+ # client secret), `DEVICE_KEY`
714
+ #
715
+ # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
716
+ # `SECRET_HASH` (required if the app client is configured with a
717
+ # client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
718
+ #
719
+ # * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
720
+ # app client is configured with client secret), `PASSWORD` (required),
721
+ # `DEVICE_KEY`
722
+ #
723
+ # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
724
+ # client is configured with client secret), `DEVICE_KEY`
676
725
  #
677
726
  # @option params [Hash<String,String>] :client_metadata
678
- # The client app metadata.
727
+ # This is a random key-value pair map which can contain any key and will
728
+ # be passed to your PreAuthentication Lambda trigger as-is. It can be
729
+ # used to implement additional validations around authentication.
679
730
  #
680
731
  # @return [Types::AdminInitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
681
732
  #
@@ -906,16 +957,43 @@ module Aws::CognitoIdentityProvider
906
957
  # The ID of the Amazon Cognito user pool.
907
958
  #
908
959
  # @option params [required, String] :client_id
909
- # The client ID.
960
+ # The app client ID.
910
961
  #
911
962
  # @option params [required, String] :challenge_name
912
- # The name of the challenge.
963
+ # The challenge name. For more information, see
964
+ # [AdminInitiateAuth](API_AdminInitiateAuth.html).
913
965
  #
914
966
  # @option params [Hash<String,String>] :challenge_responses
915
- # The challenge response.
967
+ # The challenge responses. These are inputs corresponding to the value
968
+ # of `ChallengeName`, for example:
969
+ #
970
+ # * `SMS_MFA`\: `SMS_MFA_CODE`, `USERNAME`, `SECRET_HASH` (if app client
971
+ # is configured with client secret).
972
+ #
973
+ # * `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
974
+ # `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`,
975
+ # `SECRET_HASH` (if app client is configured with client secret).
976
+ #
977
+ # * `ADMIN_NO_SRP_AUTH`\: `PASSWORD`, `USERNAME`, `SECRET_HASH` (if app
978
+ # client is configured with client secret).
979
+ #
980
+ # * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
981
+ # attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
982
+ # with client secret).
983
+ #
984
+ # The value of the `USERNAME` attribute must be the user's actual
985
+ # username, not an alias (such as email address or phone number). To
986
+ # make this easier, the `AdminInitiateAuth` response includes the actual
987
+ # username value in the `USERNAMEUSER_ID_FOR_SRP` attribute, even if you
988
+ # specified an alias in your call to `AdminInitiateAuth`.
916
989
  #
917
990
  # @option params [String] :session
918
- # The session.
991
+ # The session which should be passed both ways in challenge-response
992
+ # calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
993
+ # API call determines that the caller needs to go through another
994
+ # challenge, they return a session with other challenge parameters. This
995
+ # session should be passed as it is to the next `RespondToAuthChallenge`
996
+ # API call.
919
997
  #
920
998
  # @return [Types::AdminRespondToAuthChallengeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
921
999
  #
@@ -1003,7 +1081,7 @@ module Aws::CognitoIdentityProvider
1003
1081
  # Requires developer credentials.
1004
1082
  #
1005
1083
  # @option params [required, String] :user_pool_id
1006
- # The user pool ID&gt;
1084
+ # The user pool ID.
1007
1085
  #
1008
1086
  # @option params [required, String] :username
1009
1087
  # The user name.
@@ -1037,6 +1115,12 @@ module Aws::CognitoIdentityProvider
1037
1115
  # Updates the specified user's attributes, including developer
1038
1116
  # attributes, as an administrator. Works on any user.
1039
1117
  #
1118
+ # For custom attributes, you must prepend the `custom:` prefix to the
1119
+ # attribute name.
1120
+ #
1121
+ # In addition to updating user attributes, this API can also be used to
1122
+ # mark phone and email as verified.
1123
+ #
1040
1124
  # Requires developer credentials.
1041
1125
  #
1042
1126
  # @option params [required, String] :user_pool_id
@@ -1049,6 +1133,9 @@ module Aws::CognitoIdentityProvider
1049
1133
  # @option params [required, Array<Types::AttributeType>] :user_attributes
1050
1134
  # An array of name-value pairs representing user attributes.
1051
1135
  #
1136
+ # For custom attributes, you must prepend the `custom:` prefix to the
1137
+ # attribute name.
1138
+ #
1052
1139
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1053
1140
  #
1054
1141
  # @example Request syntax with placeholder values
@@ -1109,7 +1196,7 @@ module Aws::CognitoIdentityProvider
1109
1196
  # @option params [required, String] :proposed_password
1110
1197
  # The new password in the change password request.
1111
1198
  #
1112
- # @option params [String] :access_token
1199
+ # @option params [required, String] :access_token
1113
1200
  # The access token in the change password request.
1114
1201
  #
1115
1202
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1119,7 +1206,7 @@ module Aws::CognitoIdentityProvider
1119
1206
  # resp = client.change_password({
1120
1207
  # previous_password: "PasswordType", # required
1121
1208
  # proposed_password: "PasswordType", # required
1122
- # access_token: "TokenModelType",
1209
+ # access_token: "TokenModelType", # required
1123
1210
  # })
1124
1211
  #
1125
1212
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ChangePassword AWS API Documentation
@@ -1131,7 +1218,7 @@ module Aws::CognitoIdentityProvider
1131
1218
  req.send_request(options)
1132
1219
  end
1133
1220
 
1134
- # Confirms tracking of the device. This API call is the call that beings
1221
+ # Confirms tracking of the device. This API call is the call that begins
1135
1222
  # device tracking.
1136
1223
  #
1137
1224
  # @option params [required, String] :access_token
@@ -1175,8 +1262,8 @@ module Aws::CognitoIdentityProvider
1175
1262
  req.send_request(options)
1176
1263
  end
1177
1264
 
1178
- # Allows a user to enter a code provided when they reset their password
1179
- # to update their password.
1265
+ # Allows a user to enter a confirmation code to reset a forgotten
1266
+ # password.
1180
1267
  #
1181
1268
  # @option params [required, String] :client_id
1182
1269
  # The ID of the client associated with the user pool.
@@ -1192,10 +1279,11 @@ module Aws::CognitoIdentityProvider
1192
1279
  #
1193
1280
  # @option params [required, String] :confirmation_code
1194
1281
  # The confirmation code sent by a user's request to retrieve a
1195
- # forgotten password.
1282
+ # forgotten password. For more information, see
1283
+ # [ForgotPassword](API_ForgotPassword.html)
1196
1284
  #
1197
1285
  # @option params [required, String] :password
1198
- # The password sent by sent by a user's request to retrieve a forgotten
1286
+ # The password sent by a user's request to retrieve a forgotten
1199
1287
  # password.
1200
1288
  #
1201
1289
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1239,11 +1327,11 @@ module Aws::CognitoIdentityProvider
1239
1327
  #
1240
1328
  # @option params [Boolean] :force_alias_creation
1241
1329
  # Boolean to be specified to force user confirmation irrespective of
1242
- # existing alias. By default set to False. If this parameter is set to
1243
- # True and the phone number/email used for sign up confirmation already
1244
- # exists as an alias with a different user, the API call will migrate
1245
- # the alias from the previous user to the newly created user being
1246
- # confirmed. If set to False, the API will throw an
1330
+ # existing alias. By default set to `False`. If this parameter is set to
1331
+ # `True` and the phone number/email used for sign up confirmation
1332
+ # already exists as an alias with a different user, the API call will
1333
+ # migrate the alias from the previous user to the newly created user
1334
+ # being confirmed. If set to `False`, the API will throw an
1247
1335
  # **AliasExistsException** error.
1248
1336
  #
1249
1337
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1335,6 +1423,70 @@ module Aws::CognitoIdentityProvider
1335
1423
  req.send_request(options)
1336
1424
  end
1337
1425
 
1426
+ # Creates an identity provider for a user pool.
1427
+ #
1428
+ # @option params [required, String] :user_pool_id
1429
+ # The user pool ID.
1430
+ #
1431
+ # @option params [required, String] :provider_name
1432
+ # The identity provider name.
1433
+ #
1434
+ # @option params [required, String] :provider_type
1435
+ # The identity provider type.
1436
+ #
1437
+ # @option params [required, Hash<String,String>] :provider_details
1438
+ # The identity provider details, such as `MetadataURL` and
1439
+ # `MetadataFile`.
1440
+ #
1441
+ # @option params [Hash<String,String>] :attribute_mapping
1442
+ # A mapping of identity provider attributes to standard and custom user
1443
+ # pool attributes.
1444
+ #
1445
+ # @option params [Array<String>] :idp_identifiers
1446
+ # A list of identity provider identifiers.
1447
+ #
1448
+ # @return [Types::CreateIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1449
+ #
1450
+ # * {Types::CreateIdentityProviderResponse#identity_provider #identity_provider} => Types::IdentityProviderType
1451
+ #
1452
+ # @example Request syntax with placeholder values
1453
+ #
1454
+ # resp = client.create_identity_provider({
1455
+ # user_pool_id: "UserPoolIdType", # required
1456
+ # provider_name: "ProviderNameType", # required
1457
+ # provider_type: "SAML", # required, accepts SAML
1458
+ # provider_details: { # required
1459
+ # "StringType" => "StringType",
1460
+ # },
1461
+ # attribute_mapping: {
1462
+ # "CustomAttributeNameType" => "StringType",
1463
+ # },
1464
+ # idp_identifiers: ["IdpIdentifierType"],
1465
+ # })
1466
+ #
1467
+ # @example Response structure
1468
+ #
1469
+ # resp.identity_provider.user_pool_id #=> String
1470
+ # resp.identity_provider.provider_name #=> String
1471
+ # resp.identity_provider.provider_type #=> String, one of "SAML"
1472
+ # resp.identity_provider.provider_details #=> Hash
1473
+ # resp.identity_provider.provider_details["StringType"] #=> String
1474
+ # resp.identity_provider.attribute_mapping #=> Hash
1475
+ # resp.identity_provider.attribute_mapping["CustomAttributeNameType"] #=> String
1476
+ # resp.identity_provider.idp_identifiers #=> Array
1477
+ # resp.identity_provider.idp_identifiers[0] #=> String
1478
+ # resp.identity_provider.last_modified_date #=> Time
1479
+ # resp.identity_provider.creation_date #=> Time
1480
+ #
1481
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateIdentityProvider AWS API Documentation
1482
+ #
1483
+ # @overload create_identity_provider(params = {})
1484
+ # @param [Hash] params ({})
1485
+ def create_identity_provider(params = {}, options = {})
1486
+ req = build_request(:create_identity_provider, params)
1487
+ req.send_request(options)
1488
+ end
1489
+
1338
1490
  # Creates the user import job.
1339
1491
  #
1340
1492
  # @option params [required, String] :job_name
@@ -1438,7 +1590,7 @@ module Aws::CognitoIdentityProvider
1438
1590
  # [1]: http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
1439
1591
  #
1440
1592
  # @option params [Types::AdminCreateUserConfigType] :admin_create_user_config
1441
- # The configuration for AdminCreateUser requests.
1593
+ # The configuration for `AdminCreateUser` requests.
1442
1594
  #
1443
1595
  # @option params [Array<Types::SchemaAttributeType>] :schema
1444
1596
  # An array of schema attributes for the new user pool. These attributes
@@ -1600,7 +1752,8 @@ module Aws::CognitoIdentityProvider
1600
1752
  # pool client being created.
1601
1753
  #
1602
1754
  # @option params [Integer] :refresh_token_validity
1603
- # The validity of the refresh token, in days.
1755
+ # The time limit, in days, after which the refresh token is no longer
1756
+ # valid and cannot be used.
1604
1757
  #
1605
1758
  # @option params [Array<String>] :read_attributes
1606
1759
  # The read attributes.
@@ -1611,6 +1764,35 @@ module Aws::CognitoIdentityProvider
1611
1764
  # @option params [Array<String>] :explicit_auth_flows
1612
1765
  # The explicit authentication flows.
1613
1766
  #
1767
+ # @option params [Array<String>] :supported_identity_providers
1768
+ # A list of provider names for the identity providers that are supported
1769
+ # on this client.
1770
+ #
1771
+ # @option params [Array<String>] :callback_urls
1772
+ # A list of allowed callback URLs for the identity providers.
1773
+ #
1774
+ # @option params [Array<String>] :logout_urls
1775
+ # A list of allowed logout URLs for the identity providers.
1776
+ #
1777
+ # @option params [String] :default_redirect_uri
1778
+ # The default redirect URI. Must be in the `CallbackURLs` list.
1779
+ #
1780
+ # @option params [Array<String>] :allowed_o_auth_flows
1781
+ # Set to `code` to initiate a code grant flow, which provides an
1782
+ # authorization code as the response. This code can be exchanged for
1783
+ # access tokens with the token endpoint.
1784
+ #
1785
+ # Set to `token` to specify that the client should get the access token
1786
+ # (and, optionally, ID token, based on scopes) directly.
1787
+ #
1788
+ # @option params [Array<String>] :allowed_o_auth_scopes
1789
+ # A list of allowed `OAuth` scopes. Currently supported values are
1790
+ # `"phone"`, `"email"`, `"openid"`, and `"Cognito"`.
1791
+ #
1792
+ # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
1793
+ # Set to `True` if the client is allowed to follow the OAuth protocol
1794
+ # when interacting with Cognito user pools.
1795
+ #
1614
1796
  # @return [Types::CreateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1615
1797
  #
1616
1798
  # * {Types::CreateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -1625,6 +1807,13 @@ module Aws::CognitoIdentityProvider
1625
1807
  # read_attributes: ["ClientPermissionType"],
1626
1808
  # write_attributes: ["ClientPermissionType"],
1627
1809
  # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
1810
+ # supported_identity_providers: ["ProviderNameType"],
1811
+ # callback_urls: ["RedirectUrlType"],
1812
+ # logout_urls: ["RedirectUrlType"],
1813
+ # default_redirect_uri: "RedirectUrlType",
1814
+ # allowed_o_auth_flows: ["code"], # accepts code, implicit, client_credentials
1815
+ # allowed_o_auth_scopes: ["ScopeType"],
1816
+ # allowed_o_auth_flows_user_pool_client: false,
1628
1817
  # })
1629
1818
  #
1630
1819
  # @example Response structure
@@ -1642,6 +1831,18 @@ module Aws::CognitoIdentityProvider
1642
1831
  # resp.user_pool_client.write_attributes[0] #=> String
1643
1832
  # resp.user_pool_client.explicit_auth_flows #=> Array
1644
1833
  # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
1834
+ # resp.user_pool_client.supported_identity_providers #=> Array
1835
+ # resp.user_pool_client.supported_identity_providers[0] #=> String
1836
+ # resp.user_pool_client.callback_urls #=> Array
1837
+ # resp.user_pool_client.callback_urls[0] #=> String
1838
+ # resp.user_pool_client.logout_urls #=> Array
1839
+ # resp.user_pool_client.logout_urls[0] #=> String
1840
+ # resp.user_pool_client.default_redirect_uri #=> String
1841
+ # resp.user_pool_client.allowed_o_auth_flows #=> Array
1842
+ # resp.user_pool_client.allowed_o_auth_flows[0] #=> String, one of "code", "implicit", "client_credentials"
1843
+ # resp.user_pool_client.allowed_o_auth_scopes #=> Array
1844
+ # resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
1845
+ # resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
1645
1846
  #
1646
1847
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClient AWS API Documentation
1647
1848
  #
@@ -1652,6 +1853,32 @@ module Aws::CognitoIdentityProvider
1652
1853
  req.send_request(options)
1653
1854
  end
1654
1855
 
1856
+ # Creates a new domain for a user pool.
1857
+ #
1858
+ # @option params [required, String] :domain
1859
+ # The domain string.
1860
+ #
1861
+ # @option params [required, String] :user_pool_id
1862
+ # The user pool ID.
1863
+ #
1864
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1865
+ #
1866
+ # @example Request syntax with placeholder values
1867
+ #
1868
+ # resp = client.create_user_pool_domain({
1869
+ # domain: "DomainType", # required
1870
+ # user_pool_id: "UserPoolIdType", # required
1871
+ # })
1872
+ #
1873
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolDomain AWS API Documentation
1874
+ #
1875
+ # @overload create_user_pool_domain(params = {})
1876
+ # @param [Hash] params ({})
1877
+ def create_user_pool_domain(params = {}, options = {})
1878
+ req = build_request(:create_user_pool_domain, params)
1879
+ req.send_request(options)
1880
+ end
1881
+
1655
1882
  # Deletes a group. Currently only groups with no members can be deleted.
1656
1883
  #
1657
1884
  # Requires developer credentials.
@@ -1680,9 +1907,35 @@ module Aws::CognitoIdentityProvider
1680
1907
  req.send_request(options)
1681
1908
  end
1682
1909
 
1910
+ # Deletes an identity provider for a user pool.
1911
+ #
1912
+ # @option params [required, String] :user_pool_id
1913
+ # The user pool ID.
1914
+ #
1915
+ # @option params [required, String] :provider_name
1916
+ # The identity provider name.
1917
+ #
1918
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1919
+ #
1920
+ # @example Request syntax with placeholder values
1921
+ #
1922
+ # resp = client.delete_identity_provider({
1923
+ # user_pool_id: "UserPoolIdType", # required
1924
+ # provider_name: "ProviderNameType", # required
1925
+ # })
1926
+ #
1927
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteIdentityProvider AWS API Documentation
1928
+ #
1929
+ # @overload delete_identity_provider(params = {})
1930
+ # @param [Hash] params ({})
1931
+ def delete_identity_provider(params = {}, options = {})
1932
+ req = build_request(:delete_identity_provider, params)
1933
+ req.send_request(options)
1934
+ end
1935
+
1683
1936
  # Allows a user to delete one's self.
1684
1937
  #
1685
- # @option params [String] :access_token
1938
+ # @option params [required, String] :access_token
1686
1939
  # The access token from a request to delete a user.
1687
1940
  #
1688
1941
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1690,7 +1943,7 @@ module Aws::CognitoIdentityProvider
1690
1943
  # @example Request syntax with placeholder values
1691
1944
  #
1692
1945
  # resp = client.delete_user({
1693
- # access_token: "TokenModelType",
1946
+ # access_token: "TokenModelType", # required
1694
1947
  # })
1695
1948
  #
1696
1949
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUser AWS API Documentation
@@ -1708,7 +1961,10 @@ module Aws::CognitoIdentityProvider
1708
1961
  # An array of strings representing the user attribute names you wish to
1709
1962
  # delete.
1710
1963
  #
1711
- # @option params [String] :access_token
1964
+ # For custom attributes, you must prepend the `custom:` prefix to the
1965
+ # attribute name.
1966
+ #
1967
+ # @option params [required, String] :access_token
1712
1968
  # The access token used in the request to delete user attributes.
1713
1969
  #
1714
1970
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1717,7 +1973,7 @@ module Aws::CognitoIdentityProvider
1717
1973
  #
1718
1974
  # resp = client.delete_user_attributes({
1719
1975
  # user_attribute_names: ["AttributeNameType"], # required
1720
- # access_token: "TokenModelType",
1976
+ # access_token: "TokenModelType", # required
1721
1977
  # })
1722
1978
  #
1723
1979
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserAttributes AWS API Documentation
@@ -1778,6 +2034,74 @@ module Aws::CognitoIdentityProvider
1778
2034
  req.send_request(options)
1779
2035
  end
1780
2036
 
2037
+ # Deletes a domain for a user pool.
2038
+ #
2039
+ # @option params [required, String] :domain
2040
+ # The domain string.
2041
+ #
2042
+ # @option params [required, String] :user_pool_id
2043
+ # The user pool ID.
2044
+ #
2045
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2046
+ #
2047
+ # @example Request syntax with placeholder values
2048
+ #
2049
+ # resp = client.delete_user_pool_domain({
2050
+ # domain: "DomainType", # required
2051
+ # user_pool_id: "UserPoolIdType", # required
2052
+ # })
2053
+ #
2054
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserPoolDomain AWS API Documentation
2055
+ #
2056
+ # @overload delete_user_pool_domain(params = {})
2057
+ # @param [Hash] params ({})
2058
+ def delete_user_pool_domain(params = {}, options = {})
2059
+ req = build_request(:delete_user_pool_domain, params)
2060
+ req.send_request(options)
2061
+ end
2062
+
2063
+ # Gets information about a specific identity provider.
2064
+ #
2065
+ # @option params [required, String] :user_pool_id
2066
+ # The user pool ID.
2067
+ #
2068
+ # @option params [required, String] :provider_name
2069
+ # The identity provider name.
2070
+ #
2071
+ # @return [Types::DescribeIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2072
+ #
2073
+ # * {Types::DescribeIdentityProviderResponse#identity_provider #identity_provider} => Types::IdentityProviderType
2074
+ #
2075
+ # @example Request syntax with placeholder values
2076
+ #
2077
+ # resp = client.describe_identity_provider({
2078
+ # user_pool_id: "UserPoolIdType", # required
2079
+ # provider_name: "ProviderNameType", # required
2080
+ # })
2081
+ #
2082
+ # @example Response structure
2083
+ #
2084
+ # resp.identity_provider.user_pool_id #=> String
2085
+ # resp.identity_provider.provider_name #=> String
2086
+ # resp.identity_provider.provider_type #=> String, one of "SAML"
2087
+ # resp.identity_provider.provider_details #=> Hash
2088
+ # resp.identity_provider.provider_details["StringType"] #=> String
2089
+ # resp.identity_provider.attribute_mapping #=> Hash
2090
+ # resp.identity_provider.attribute_mapping["CustomAttributeNameType"] #=> String
2091
+ # resp.identity_provider.idp_identifiers #=> Array
2092
+ # resp.identity_provider.idp_identifiers[0] #=> String
2093
+ # resp.identity_provider.last_modified_date #=> Time
2094
+ # resp.identity_provider.creation_date #=> Time
2095
+ #
2096
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeIdentityProvider AWS API Documentation
2097
+ #
2098
+ # @overload describe_identity_provider(params = {})
2099
+ # @param [Hash] params ({})
2100
+ def describe_identity_provider(params = {}, options = {})
2101
+ req = build_request(:describe_identity_provider, params)
2102
+ req.send_request(options)
2103
+ end
2104
+
1781
2105
  # Describes the user import job.
1782
2106
  #
1783
2107
  # @option params [required, String] :user_pool_id
@@ -1939,6 +2263,18 @@ module Aws::CognitoIdentityProvider
1939
2263
  # resp.user_pool_client.write_attributes[0] #=> String
1940
2264
  # resp.user_pool_client.explicit_auth_flows #=> Array
1941
2265
  # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
2266
+ # resp.user_pool_client.supported_identity_providers #=> Array
2267
+ # resp.user_pool_client.supported_identity_providers[0] #=> String
2268
+ # resp.user_pool_client.callback_urls #=> Array
2269
+ # resp.user_pool_client.callback_urls[0] #=> String
2270
+ # resp.user_pool_client.logout_urls #=> Array
2271
+ # resp.user_pool_client.logout_urls[0] #=> String
2272
+ # resp.user_pool_client.default_redirect_uri #=> String
2273
+ # resp.user_pool_client.allowed_o_auth_flows #=> Array
2274
+ # resp.user_pool_client.allowed_o_auth_flows[0] #=> String, one of "code", "implicit", "client_credentials"
2275
+ # resp.user_pool_client.allowed_o_auth_scopes #=> Array
2276
+ # resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
2277
+ # resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
1942
2278
  #
1943
2279
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolClient AWS API Documentation
1944
2280
  #
@@ -1949,6 +2285,40 @@ module Aws::CognitoIdentityProvider
1949
2285
  req.send_request(options)
1950
2286
  end
1951
2287
 
2288
+ # Gets information about a domain.
2289
+ #
2290
+ # @option params [required, String] :domain
2291
+ # The domain string.
2292
+ #
2293
+ # @return [Types::DescribeUserPoolDomainResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2294
+ #
2295
+ # * {Types::DescribeUserPoolDomainResponse#domain_description #domain_description} => Types::DomainDescriptionType
2296
+ #
2297
+ # @example Request syntax with placeholder values
2298
+ #
2299
+ # resp = client.describe_user_pool_domain({
2300
+ # domain: "DomainType", # required
2301
+ # })
2302
+ #
2303
+ # @example Response structure
2304
+ #
2305
+ # resp.domain_description.user_pool_id #=> String
2306
+ # resp.domain_description.aws_account_id #=> String
2307
+ # resp.domain_description.domain #=> String
2308
+ # resp.domain_description.s3_bucket #=> String
2309
+ # resp.domain_description.cloud_front_distribution #=> String
2310
+ # resp.domain_description.version #=> String
2311
+ # resp.domain_description.status #=> String, one of "CREATING", "DELETING", "UPDATING", "ACTIVE"
2312
+ #
2313
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolDomain AWS API Documentation
2314
+ #
2315
+ # @overload describe_user_pool_domain(params = {})
2316
+ # @param [Hash] params ({})
2317
+ def describe_user_pool_domain(params = {}, options = {})
2318
+ req = build_request(:describe_user_pool_domain, params)
2319
+ req.send_request(options)
2320
+ end
2321
+
1952
2322
  # Forgets the specified device.
1953
2323
  #
1954
2324
  # @option params [String] :access_token
@@ -1975,7 +2345,15 @@ module Aws::CognitoIdentityProvider
1975
2345
  req.send_request(options)
1976
2346
  end
1977
2347
 
1978
- # Retrieves the password for the specified client ID or username.
2348
+ # Calling this API causes a message to be sent to the end user with a
2349
+ # confirmation code that is required to change the user's password. For
2350
+ # the `Username` parameter, you can use the username or user alias. If a
2351
+ # verified phone number exists for the user, the confirmation code is
2352
+ # sent to the phone number. Otherwise, if a verified email exists, the
2353
+ # confirmation code is sent to the email. If neither a verified phone
2354
+ # number nor a verified email exists, `InvalidParameterException` is
2355
+ # thrown. To use the confirmation code for resetting the password, call
2356
+ # [ConfirmForgotPassword](API_ConfirmForgotPassword.html).
1979
2357
  #
1980
2358
  # @option params [required, String] :client_id
1981
2359
  # The ID of the client associated with the user pool.
@@ -2127,9 +2505,51 @@ module Aws::CognitoIdentityProvider
2127
2505
  req.send_request(options)
2128
2506
  end
2129
2507
 
2508
+ # Gets the specified identity provider.
2509
+ #
2510
+ # @option params [required, String] :user_pool_id
2511
+ # The user pool ID.
2512
+ #
2513
+ # @option params [required, String] :idp_identifier
2514
+ # The identity provider ID.
2515
+ #
2516
+ # @return [Types::GetIdentityProviderByIdentifierResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2517
+ #
2518
+ # * {Types::GetIdentityProviderByIdentifierResponse#identity_provider #identity_provider} => Types::IdentityProviderType
2519
+ #
2520
+ # @example Request syntax with placeholder values
2521
+ #
2522
+ # resp = client.get_identity_provider_by_identifier({
2523
+ # user_pool_id: "UserPoolIdType", # required
2524
+ # idp_identifier: "IdpIdentifierType", # required
2525
+ # })
2526
+ #
2527
+ # @example Response structure
2528
+ #
2529
+ # resp.identity_provider.user_pool_id #=> String
2530
+ # resp.identity_provider.provider_name #=> String
2531
+ # resp.identity_provider.provider_type #=> String, one of "SAML"
2532
+ # resp.identity_provider.provider_details #=> Hash
2533
+ # resp.identity_provider.provider_details["StringType"] #=> String
2534
+ # resp.identity_provider.attribute_mapping #=> Hash
2535
+ # resp.identity_provider.attribute_mapping["CustomAttributeNameType"] #=> String
2536
+ # resp.identity_provider.idp_identifiers #=> Array
2537
+ # resp.identity_provider.idp_identifiers[0] #=> String
2538
+ # resp.identity_provider.last_modified_date #=> Time
2539
+ # resp.identity_provider.creation_date #=> Time
2540
+ #
2541
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier AWS API Documentation
2542
+ #
2543
+ # @overload get_identity_provider_by_identifier(params = {})
2544
+ # @param [Hash] params ({})
2545
+ def get_identity_provider_by_identifier(params = {}, options = {})
2546
+ req = build_request(:get_identity_provider_by_identifier, params)
2547
+ req.send_request(options)
2548
+ end
2549
+
2130
2550
  # Gets the user attributes and metadata for a user.
2131
2551
  #
2132
- # @option params [String] :access_token
2552
+ # @option params [required, String] :access_token
2133
2553
  # The access token returned by the server response to get information
2134
2554
  # about the user.
2135
2555
  #
@@ -2142,7 +2562,7 @@ module Aws::CognitoIdentityProvider
2142
2562
  # @example Request syntax with placeholder values
2143
2563
  #
2144
2564
  # resp = client.get_user({
2145
- # access_token: "TokenModelType",
2565
+ # access_token: "TokenModelType", # required
2146
2566
  # })
2147
2567
  #
2148
2568
  # @example Response structure
@@ -2167,7 +2587,7 @@ module Aws::CognitoIdentityProvider
2167
2587
  # Gets the user attribute verification code for the specified attribute
2168
2588
  # name.
2169
2589
  #
2170
- # @option params [String] :access_token
2590
+ # @option params [required, String] :access_token
2171
2591
  # The access token returned by the server response to get the user
2172
2592
  # attribute verification code.
2173
2593
  #
@@ -2182,7 +2602,7 @@ module Aws::CognitoIdentityProvider
2182
2602
  # @example Request syntax with placeholder values
2183
2603
  #
2184
2604
  # resp = client.get_user_attribute_verification_code({
2185
- # access_token: "TokenModelType",
2605
+ # access_token: "TokenModelType", # required
2186
2606
  # attribute_name: "AttributeNameType", # required
2187
2607
  # })
2188
2608
  #
@@ -2203,7 +2623,7 @@ module Aws::CognitoIdentityProvider
2203
2623
 
2204
2624
  # Signs out users from all devices.
2205
2625
  #
2206
- # @option params [String] :access_token
2626
+ # @option params [required, String] :access_token
2207
2627
  # The access token.
2208
2628
  #
2209
2629
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -2211,7 +2631,7 @@ module Aws::CognitoIdentityProvider
2211
2631
  # @example Request syntax with placeholder values
2212
2632
  #
2213
2633
  # resp = client.global_sign_out({
2214
- # access_token: "TokenModelType",
2634
+ # access_token: "TokenModelType", # required
2215
2635
  # })
2216
2636
  #
2217
2637
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GlobalSignOut AWS API Documentation
@@ -2226,16 +2646,51 @@ module Aws::CognitoIdentityProvider
2226
2646
  # Initiates the authentication flow.
2227
2647
  #
2228
2648
  # @option params [required, String] :auth_flow
2229
- # The authentication flow.
2649
+ # The authentication flow for this call to execute. The API action will
2650
+ # depend on this value. For example:
2651
+ #
2652
+ # * `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
2653
+ # new tokens.
2654
+ #
2655
+ # * `USER_SRP_AUTH` will take in USERNAME and SRPA and return the SRP
2656
+ # variables to be used for next challenge execution.
2657
+ #
2658
+ # Valid values include:
2659
+ #
2660
+ # * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
2661
+ # (SRP) protocol.
2662
+ #
2663
+ # * `REFRESH_TOKEN_AUTH`/`REFRESH_TOKEN`\: Authentication flow for
2664
+ # refreshing the access token and ID token by supplying a valid
2665
+ # refresh token.
2666
+ #
2667
+ # * `CUSTOM_AUTH`\: Custom authentication flow.
2668
+ #
2669
+ # `ADMIN_NO_SRP_AUTH` is not a valid value.
2230
2670
  #
2231
2671
  # @option params [Hash<String,String>] :auth_parameters
2232
- # The authentication parameters.
2672
+ # The authentication parameters. These are inputs corresponding to the
2673
+ # `AuthFlow` that you are invoking. The required values depend on the
2674
+ # value of `AuthFlow`\:
2675
+ #
2676
+ # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRPA` (required),
2677
+ # `SECRET_HASH` (required if the app client is configured with a
2678
+ # client secret), `DEVICE_KEY`
2679
+ #
2680
+ # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
2681
+ # `SECRET_HASH` (required if the app client is configured with a
2682
+ # client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
2683
+ #
2684
+ # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
2685
+ # client is configured with client secret), `DEVICE_KEY`
2233
2686
  #
2234
2687
  # @option params [Hash<String,String>] :client_metadata
2235
- # The client app's metadata.
2688
+ # This is a random key-value pair map which can contain any key and will
2689
+ # be passed to your PreAuthentication Lambda trigger as-is. It can be
2690
+ # used to implement additional validations around authentication.
2236
2691
  #
2237
2692
  # @option params [required, String] :client_id
2238
- # The client ID.
2693
+ # The app client ID.
2239
2694
  #
2240
2695
  # @return [Types::InitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2241
2696
  #
@@ -2374,6 +2829,48 @@ module Aws::CognitoIdentityProvider
2374
2829
  req.send_request(options)
2375
2830
  end
2376
2831
 
2832
+ # Lists information about all identity providers for a user pool.
2833
+ #
2834
+ # @option params [required, String] :user_pool_id
2835
+ # The user pool ID.
2836
+ #
2837
+ # @option params [Integer] :max_results
2838
+ # The maximum number of identity providers to return.
2839
+ #
2840
+ # @option params [String] :next_token
2841
+ # A pagination token.
2842
+ #
2843
+ # @return [Types::ListIdentityProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2844
+ #
2845
+ # * {Types::ListIdentityProvidersResponse#providers #providers} => Array&lt;Types::ProviderDescription&gt;
2846
+ # * {Types::ListIdentityProvidersResponse#next_token #next_token} => String
2847
+ #
2848
+ # @example Request syntax with placeholder values
2849
+ #
2850
+ # resp = client.list_identity_providers({
2851
+ # user_pool_id: "UserPoolIdType", # required
2852
+ # max_results: 1,
2853
+ # next_token: "PaginationKeyType",
2854
+ # })
2855
+ #
2856
+ # @example Response structure
2857
+ #
2858
+ # resp.providers #=> Array
2859
+ # resp.providers[0].provider_name #=> String
2860
+ # resp.providers[0].provider_type #=> String, one of "SAML"
2861
+ # resp.providers[0].last_modified_date #=> Time
2862
+ # resp.providers[0].creation_date #=> Time
2863
+ # resp.next_token #=> String
2864
+ #
2865
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListIdentityProviders AWS API Documentation
2866
+ #
2867
+ # @overload list_identity_providers(params = {})
2868
+ # @param [Hash] params ({})
2869
+ def list_identity_providers(params = {}, options = {})
2870
+ req = build_request(:list_identity_providers, params)
2871
+ req.send_request(options)
2872
+ end
2873
+
2377
2874
  # Lists the user import jobs.
2378
2875
  #
2379
2876
  # @option params [required, String] :user_pool_id
@@ -2385,8 +2882,8 @@ module Aws::CognitoIdentityProvider
2385
2882
  #
2386
2883
  # @option params [String] :pagination_token
2387
2884
  # An identifier that was returned from the previous call to
2388
- # ListUserImportJobs, which can be used to return the next set of import
2389
- # jobs in the list.
2885
+ # `ListUserImportJobs`, which can be used to return the next set of
2886
+ # import jobs in the list.
2390
2887
  #
2391
2888
  # @return [Types::ListUserImportJobsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2392
2889
  #
@@ -2526,13 +3023,16 @@ module Aws::CognitoIdentityProvider
2526
3023
  # Lists the users in the Amazon Cognito user pool.
2527
3024
  #
2528
3025
  # @option params [required, String] :user_pool_id
2529
- # The user pool ID for which you want to list users.
3026
+ # The user pool ID for the user pool on which the search should be
3027
+ # performed.
2530
3028
  #
2531
3029
  # @option params [Array<String>] :attributes_to_get
2532
- # The attributes to get from the request to list users.
3030
+ # An array of strings, where each string is the name of a user attribute
3031
+ # to be returned for each user in the search results. If the array is
3032
+ # empty, all attributes are returned.
2533
3033
  #
2534
3034
  # @option params [Integer] :limit
2535
- # The limit of the request to list users.
3035
+ # Maximum number of users to be returned.
2536
3036
  #
2537
3037
  # @option params [String] :pagination_token
2538
3038
  # An identifier that was returned from the previous call to this
@@ -2540,7 +3040,55 @@ module Aws::CognitoIdentityProvider
2540
3040
  # list.
2541
3041
  #
2542
3042
  # @option params [String] :filter
2543
- # The filter for the list users request.
3043
+ # A filter string of the form "*AttributeName* *Filter-Type*
3044
+ # "*AttributeValue*"". Quotation marks within the filter string must
3045
+ # be escaped using the backslash (\\) character. For example,
3046
+ # "`family_name` = \\"Reddy\\"".
3047
+ #
3048
+ # * *AttributeName*\: The name of the attribute to search for. You can
3049
+ # only search for one attribute at a time.
3050
+ #
3051
+ # * *Filter-Type*\: For an exact match, use =, for example,
3052
+ # "`given_name` = \\"Jon\\"". For a prefix ("starts with")
3053
+ # match, use ^=, for example, "`given_name` ^= \\"Jon\\"".
3054
+ #
3055
+ # * *AttributeValue*\: The attribute value that must be matched for each
3056
+ # user.
3057
+ #
3058
+ # If the filter string is empty, `ListUsers` returns all users in the
3059
+ # user pool.
3060
+ #
3061
+ # You can only search for the following standard attributes:
3062
+ #
3063
+ # * `username` (case-sensitive)
3064
+ #
3065
+ # * `email`
3066
+ #
3067
+ # * `phone_number`
3068
+ #
3069
+ # * `name`
3070
+ #
3071
+ # * `given_name`
3072
+ #
3073
+ # * `family_name`
3074
+ #
3075
+ # * `preferred_username`
3076
+ #
3077
+ # * `cognito:user_status` (called **Enabled** in the Console)
3078
+ # (case-sensitive)
3079
+ #
3080
+ # * `status` (case-insensitive)
3081
+ #
3082
+ # Custom attributes are not searchable.
3083
+ #
3084
+ # For more information, see [Searching for Users Using the ListUsers
3085
+ # API][1] and [Examples of Using the ListUsers API][2] in the *Amazon
3086
+ # Cognito Developer Guide*.
3087
+ #
3088
+ #
3089
+ #
3090
+ # [1]: http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
3091
+ # [2]: http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
2544
3092
  #
2545
3093
  # @return [Types::ListUsersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2546
3094
  #
@@ -2684,16 +3232,36 @@ module Aws::CognitoIdentityProvider
2684
3232
  # Responds to the authentication challenge.
2685
3233
  #
2686
3234
  # @option params [required, String] :client_id
2687
- # The client ID.
3235
+ # The app client ID.
2688
3236
  #
2689
3237
  # @option params [required, String] :challenge_name
2690
- # The name of the challenge.
3238
+ # The challenge name. For more information, see
3239
+ # [InitiateAuth](API_InitiateAuth.html).
3240
+ #
3241
+ # `ADMIN_NO_SRP_AUTH` is not a valid value.
2691
3242
  #
2692
3243
  # @option params [String] :session
2693
- # The session.
3244
+ # The session which should be passed both ways in challenge-response
3245
+ # calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
3246
+ # API call determines that the caller needs to go through another
3247
+ # challenge, they return a session with other challenge parameters. This
3248
+ # session should be passed as it is to the next `RespondToAuthChallenge`
3249
+ # API call.
2694
3250
  #
2695
3251
  # @option params [Hash<String,String>] :challenge_responses
2696
- # The responses to the authentication challenge.
3252
+ # The challenge responses. These are inputs corresponding to the value
3253
+ # of `ChallengeName`, for example:
3254
+ #
3255
+ # * `SMS_MFA`\: `SMS_MFA_CODE`, `USERNAME`, `SECRET_HASH` (if app client
3256
+ # is configured with client secret).
3257
+ #
3258
+ # * `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
3259
+ # `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`,
3260
+ # `SECRET_HASH` (if app client is configured with client secret).
3261
+ #
3262
+ # * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
3263
+ # attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
3264
+ # with client secret).
2697
3265
  #
2698
3266
  # @return [Types::RespondToAuthChallengeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2699
3267
  #
@@ -2790,6 +3358,9 @@ module Aws::CognitoIdentityProvider
2790
3358
  # @option params [Array<Types::AttributeType>] :user_attributes
2791
3359
  # An array of name-value pairs representing user attributes.
2792
3360
  #
3361
+ # For custom attributes, you must prepend the `custom:` prefix to the
3362
+ # attribute name.
3363
+ #
2793
3364
  # @option params [Array<Types::AttributeType>] :validation_data
2794
3365
  # The validation data in the request to register a user.
2795
3366
  #
@@ -2797,6 +3368,7 @@ module Aws::CognitoIdentityProvider
2797
3368
  #
2798
3369
  # * {Types::SignUpResponse#user_confirmed #user_confirmed} => Boolean
2799
3370
  # * {Types::SignUpResponse#code_delivery_details #code_delivery_details} => Types::CodeDeliveryDetailsType
3371
+ # * {Types::SignUpResponse#user_sub #user_sub} => String
2800
3372
  #
2801
3373
  # @example Request syntax with placeholder values
2802
3374
  #
@@ -2825,6 +3397,7 @@ module Aws::CognitoIdentityProvider
2825
3397
  # resp.code_delivery_details.destination #=> String
2826
3398
  # resp.code_delivery_details.delivery_medium #=> String, one of "SMS", "EMAIL"
2827
3399
  # resp.code_delivery_details.attribute_name #=> String
3400
+ # resp.user_sub #=> String
2828
3401
  #
2829
3402
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SignUp AWS API Documentation
2830
3403
  #
@@ -2974,8 +3547,7 @@ module Aws::CognitoIdentityProvider
2974
3547
  #
2975
3548
  # @option params [Integer] :precedence
2976
3549
  # The new precedence value for the group. For more information about
2977
- # this parameter, see
2978
- # [CreateGroupRequest](API_CreateGroupRequeste.html).
3550
+ # this parameter, see [CreateGroup](API_CreateGroup.html).
2979
3551
  #
2980
3552
  # @return [Types::UpdateGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2981
3553
  #
@@ -3010,12 +3582,74 @@ module Aws::CognitoIdentityProvider
3010
3582
  req.send_request(options)
3011
3583
  end
3012
3584
 
3585
+ # Updates identity provider information for a user pool.
3586
+ #
3587
+ # @option params [required, String] :user_pool_id
3588
+ # The user pool ID.
3589
+ #
3590
+ # @option params [required, String] :provider_name
3591
+ # The identity provider name.
3592
+ #
3593
+ # @option params [Hash<String,String>] :provider_details
3594
+ # The identity provider details to be updated, such as `MetadataURL` and
3595
+ # `MetadataFile`.
3596
+ #
3597
+ # @option params [Hash<String,String>] :attribute_mapping
3598
+ # The identity provider attribute mapping to be changed.
3599
+ #
3600
+ # @option params [Array<String>] :idp_identifiers
3601
+ # A list of identity provider identifiers.
3602
+ #
3603
+ # @return [Types::UpdateIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3604
+ #
3605
+ # * {Types::UpdateIdentityProviderResponse#identity_provider #identity_provider} => Types::IdentityProviderType
3606
+ #
3607
+ # @example Request syntax with placeholder values
3608
+ #
3609
+ # resp = client.update_identity_provider({
3610
+ # user_pool_id: "UserPoolIdType", # required
3611
+ # provider_name: "ProviderNameType", # required
3612
+ # provider_details: {
3613
+ # "StringType" => "StringType",
3614
+ # },
3615
+ # attribute_mapping: {
3616
+ # "CustomAttributeNameType" => "StringType",
3617
+ # },
3618
+ # idp_identifiers: ["IdpIdentifierType"],
3619
+ # })
3620
+ #
3621
+ # @example Response structure
3622
+ #
3623
+ # resp.identity_provider.user_pool_id #=> String
3624
+ # resp.identity_provider.provider_name #=> String
3625
+ # resp.identity_provider.provider_type #=> String, one of "SAML"
3626
+ # resp.identity_provider.provider_details #=> Hash
3627
+ # resp.identity_provider.provider_details["StringType"] #=> String
3628
+ # resp.identity_provider.attribute_mapping #=> Hash
3629
+ # resp.identity_provider.attribute_mapping["CustomAttributeNameType"] #=> String
3630
+ # resp.identity_provider.idp_identifiers #=> Array
3631
+ # resp.identity_provider.idp_identifiers[0] #=> String
3632
+ # resp.identity_provider.last_modified_date #=> Time
3633
+ # resp.identity_provider.creation_date #=> Time
3634
+ #
3635
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateIdentityProvider AWS API Documentation
3636
+ #
3637
+ # @overload update_identity_provider(params = {})
3638
+ # @param [Hash] params ({})
3639
+ def update_identity_provider(params = {}, options = {})
3640
+ req = build_request(:update_identity_provider, params)
3641
+ req.send_request(options)
3642
+ end
3643
+
3013
3644
  # Allows a user to update a specific attribute (one at a time).
3014
3645
  #
3015
3646
  # @option params [required, Array<Types::AttributeType>] :user_attributes
3016
3647
  # An array of name-value pairs representing user attributes.
3017
3648
  #
3018
- # @option params [String] :access_token
3649
+ # For custom attributes, you must prepend the `custom:` prefix to the
3650
+ # attribute name.
3651
+ #
3652
+ # @option params [required, String] :access_token
3019
3653
  # The access token for the request to update user attributes.
3020
3654
  #
3021
3655
  # @return [Types::UpdateUserAttributesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -3031,7 +3665,7 @@ module Aws::CognitoIdentityProvider
3031
3665
  # value: "AttributeValueType",
3032
3666
  # },
3033
3667
  # ],
3034
- # access_token: "TokenModelType",
3668
+ # access_token: "TokenModelType", # required
3035
3669
  # })
3036
3670
  #
3037
3671
  # @example Response structure
@@ -3073,7 +3707,7 @@ module Aws::CognitoIdentityProvider
3073
3707
  # The contents of the email verification message.
3074
3708
  #
3075
3709
  # @option params [String] :email_verification_subject
3076
- # The subject of the email verfication message.
3710
+ # The subject of the email verification message.
3077
3711
  #
3078
3712
  # @option params [String] :sms_authentication_message
3079
3713
  # The contents of the SMS authentication message.
@@ -3108,7 +3742,7 @@ module Aws::CognitoIdentityProvider
3108
3742
  # [1]: http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
3109
3743
  #
3110
3744
  # @option params [Types::AdminCreateUserConfigType] :admin_create_user_config
3111
- # The configuration for AdminCreateUser requests.
3745
+ # The configuration for `AdminCreateUser` requests.
3112
3746
  #
3113
3747
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3114
3748
  #
@@ -3190,7 +3824,8 @@ module Aws::CognitoIdentityProvider
3190
3824
  # The client name from the update user pool client request.
3191
3825
  #
3192
3826
  # @option params [Integer] :refresh_token_validity
3193
- # The validity of the refresh token, in days.
3827
+ # The time limit, in days, after which the refresh token is no longer
3828
+ # valid and cannot be used.
3194
3829
  #
3195
3830
  # @option params [Array<String>] :read_attributes
3196
3831
  # The read-only attributes of the user pool.
@@ -3201,6 +3836,35 @@ module Aws::CognitoIdentityProvider
3201
3836
  # @option params [Array<String>] :explicit_auth_flows
3202
3837
  # Explicit authentication flows.
3203
3838
  #
3839
+ # @option params [Array<String>] :supported_identity_providers
3840
+ # A list of provider names for the identity providers that are supported
3841
+ # on this client.
3842
+ #
3843
+ # @option params [Array<String>] :callback_urls
3844
+ # A list of allowed callback URLs for the identity providers.
3845
+ #
3846
+ # @option params [Array<String>] :logout_urls
3847
+ # A list ofallowed logout URLs for the identity providers.
3848
+ #
3849
+ # @option params [String] :default_redirect_uri
3850
+ # The default redirect URI. Must be in the `CallbackURLs` list.
3851
+ #
3852
+ # @option params [Array<String>] :allowed_o_auth_flows
3853
+ # Set to `code` to initiate a code grant flow, which provides an
3854
+ # authorization code as the response. This code can be exchanged for
3855
+ # access tokens with the token endpoint.
3856
+ #
3857
+ # Set to `token` to specify that the client should get the access token
3858
+ # (and, optionally, ID token, based on scopes) directly.
3859
+ #
3860
+ # @option params [Array<String>] :allowed_o_auth_scopes
3861
+ # A list of allowed `OAuth` scopes. Currently supported values are
3862
+ # `"phone"`, `"email"`, `"openid"`, and `"Cognito"`.
3863
+ #
3864
+ # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
3865
+ # Set to TRUE if the client is allowed to follow the OAuth protocol when
3866
+ # interacting with Cognito user pools.
3867
+ #
3204
3868
  # @return [Types::UpdateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3205
3869
  #
3206
3870
  # * {Types::UpdateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -3215,6 +3879,13 @@ module Aws::CognitoIdentityProvider
3215
3879
  # read_attributes: ["ClientPermissionType"],
3216
3880
  # write_attributes: ["ClientPermissionType"],
3217
3881
  # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
3882
+ # supported_identity_providers: ["ProviderNameType"],
3883
+ # callback_urls: ["RedirectUrlType"],
3884
+ # logout_urls: ["RedirectUrlType"],
3885
+ # default_redirect_uri: "RedirectUrlType",
3886
+ # allowed_o_auth_flows: ["code"], # accepts code, implicit, client_credentials
3887
+ # allowed_o_auth_scopes: ["ScopeType"],
3888
+ # allowed_o_auth_flows_user_pool_client: false,
3218
3889
  # })
3219
3890
  #
3220
3891
  # @example Response structure
@@ -3232,6 +3903,18 @@ module Aws::CognitoIdentityProvider
3232
3903
  # resp.user_pool_client.write_attributes[0] #=> String
3233
3904
  # resp.user_pool_client.explicit_auth_flows #=> Array
3234
3905
  # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
3906
+ # resp.user_pool_client.supported_identity_providers #=> Array
3907
+ # resp.user_pool_client.supported_identity_providers[0] #=> String
3908
+ # resp.user_pool_client.callback_urls #=> Array
3909
+ # resp.user_pool_client.callback_urls[0] #=> String
3910
+ # resp.user_pool_client.logout_urls #=> Array
3911
+ # resp.user_pool_client.logout_urls[0] #=> String
3912
+ # resp.user_pool_client.default_redirect_uri #=> String
3913
+ # resp.user_pool_client.allowed_o_auth_flows #=> Array
3914
+ # resp.user_pool_client.allowed_o_auth_flows[0] #=> String, one of "code", "implicit", "client_credentials"
3915
+ # resp.user_pool_client.allowed_o_auth_scopes #=> Array
3916
+ # resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
3917
+ # resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
3235
3918
  #
3236
3919
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClient AWS API Documentation
3237
3920
  #
@@ -3244,7 +3927,7 @@ module Aws::CognitoIdentityProvider
3244
3927
 
3245
3928
  # Verifies the specified user attributes in the user pool.
3246
3929
  #
3247
- # @option params [String] :access_token
3930
+ # @option params [required, String] :access_token
3248
3931
  # Represents the access token of the request to verify user attributes.
3249
3932
  #
3250
3933
  # @option params [required, String] :attribute_name
@@ -3258,7 +3941,7 @@ module Aws::CognitoIdentityProvider
3258
3941
  # @example Request syntax with placeholder values
3259
3942
  #
3260
3943
  # resp = client.verify_user_attribute({
3261
- # access_token: "TokenModelType",
3944
+ # access_token: "TokenModelType", # required
3262
3945
  # attribute_name: "AttributeNameType", # required
3263
3946
  # code: "ConfirmationCodeType", # required
3264
3947
  # })
@@ -3285,7 +3968,7 @@ module Aws::CognitoIdentityProvider
3285
3968
  params: params,
3286
3969
  config: config)
3287
3970
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
3288
- context[:gem_version] = '1.0.0.rc6'
3971
+ context[:gem_version] = '1.0.0.rc7'
3289
3972
  Seahorse::Client::Request.new(handlers, context)
3290
3973
  end
3291
3974