aws-sdk-cognitoidentityprovider 1.102.0 → 1.104.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c1c1e61ff32e7afa8497c2e027a13f54ceca23ff1aba5f7fd68d8e6560234710
4
- data.tar.gz: bf37279b3b59bf355ff88da0efc0bbcb9dc1bd0a22de50a228131bfcb426c8b3
3
+ metadata.gz: 4eb555219168274e22fbfd47a085c39cf37594cc3afa33c75043f498dac74d36
4
+ data.tar.gz: f28676c854a12aa855b6494a7c1912c4b8846b4e65951488fcf72b6ed320d3ca
5
5
  SHA512:
6
- metadata.gz: 935354358aac4d77cddd030b276e0c884cea2536057f3048b28faf937f88b09cd344cf1f6831ecf633646f2cb07532a976fd4fa57618b507a43d9d6da401853c
7
- data.tar.gz: 8bdb5fb010ab429fd03469850557e68afae1509f890e03981bdb1ca6a9da5e37bc55ed511e1728a40262e0a3c856310984940ea3feda7d5304c9692abbc4514c
6
+ metadata.gz: cf35748cc211b4166f936623c56e6e0cfc7414665f74e805bc580b5181cc873da0ac1552e6e11c2231292613cc8c7cedfa78aec59691ba5d46f8db91799a6c7b
7
+ data.tar.gz: bfc0b3a5412d68fd0586534774a8595ed53ae2310d0efafcb0cc3b761cc670b4436892aa8c25b8e3f4a24456290f88eb4283a193cb0a77ae5a7b3f940230519f
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.104.0 (2024-09-12)
5
+ ------------------
6
+
7
+ * Feature - Added email MFA option to user pools with advanced security features.
8
+
9
+ 1.103.0 (2024-09-11)
10
+ ------------------
11
+
12
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
13
+
4
14
  1.102.0 (2024-09-10)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.102.0
1
+ 1.104.0
@@ -676,7 +676,7 @@ module Aws::CognitoIdentityProvider
676
676
  # sign in.
677
677
  #
678
678
  # If you have never used SMS text messages with Amazon Cognito or any
679
- # other Amazon Web Services service, Amazon Simple Notification Service
679
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
680
680
  # might place your account in the SMS sandbox. In <i> <a
681
681
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
682
682
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -1474,7 +1474,7 @@ module Aws::CognitoIdentityProvider
1474
1474
  # sign in.
1475
1475
  #
1476
1476
  # If you have never used SMS text messages with Amazon Cognito or any
1477
- # other Amazon Web Services service, Amazon Simple Notification Service
1477
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
1478
1478
  # might place your account in the SMS sandbox. In <i> <a
1479
1479
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
1480
1480
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -1685,7 +1685,7 @@ module Aws::CognitoIdentityProvider
1685
1685
  #
1686
1686
  # @example Response structure
1687
1687
  #
1688
- # resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
1688
+ # resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
1689
1689
  # resp.session #=> String
1690
1690
  # resp.challenge_parameters #=> Hash
1691
1691
  # resp.challenge_parameters["StringType"] #=> String
@@ -2135,7 +2135,7 @@ module Aws::CognitoIdentityProvider
2135
2135
  # sign in.
2136
2136
  #
2137
2137
  # If you have never used SMS text messages with Amazon Cognito or any
2138
- # other Amazon Web Services service, Amazon Simple Notification Service
2138
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
2139
2139
  # might place your account in the SMS sandbox. In <i> <a
2140
2140
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
2141
2141
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -2266,7 +2266,7 @@ module Aws::CognitoIdentityProvider
2266
2266
  # sign in.
2267
2267
  #
2268
2268
  # If you have never used SMS text messages with Amazon Cognito or any
2269
- # other Amazon Web Services service, Amazon Simple Notification Service
2269
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
2270
2270
  # might place your account in the SMS sandbox. In <i> <a
2271
2271
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
2272
2272
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -2323,11 +2323,21 @@ module Aws::CognitoIdentityProvider
2323
2323
  # SMS\_MFA
2324
2324
  #
2325
2325
  # : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
2326
- # "[SMS_code]", "USERNAME": "[username]"\}`
2326
+ # "[code]", "USERNAME": "[username]"\}`
2327
+ #
2328
+ # EMAIL\_OTP
2329
+ #
2330
+ # : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
2331
+ # \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
2327
2332
  #
2328
2333
  # PASSWORD\_VERIFIER
2329
2334
  #
2330
- # : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
2335
+ # : This challenge response is part of the SRP flow. Amazon Cognito
2336
+ # requires that your application respond to this challenge within a
2337
+ # few seconds. When the response time exceeds this period, your user
2338
+ # pool returns a `NotAuthorizedException` error.
2339
+ #
2340
+ # `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
2331
2341
  # \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
2332
2342
  # "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
2333
2343
  # [timestamp], "USERNAME": "[username]"\}`
@@ -2486,7 +2496,7 @@ module Aws::CognitoIdentityProvider
2486
2496
  # resp = client.admin_respond_to_auth_challenge({
2487
2497
  # user_pool_id: "UserPoolIdType", # required
2488
2498
  # client_id: "ClientIdType", # required
2489
- # challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
2499
+ # challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
2490
2500
  # challenge_responses: {
2491
2501
  # "StringType" => "StringType",
2492
2502
  # },
@@ -2513,7 +2523,7 @@ module Aws::CognitoIdentityProvider
2513
2523
  #
2514
2524
  # @example Response structure
2515
2525
  #
2516
- # resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
2526
+ # resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
2517
2527
  # resp.session #=> String
2518
2528
  # resp.challenge_parameters #=> Hash
2519
2529
  # resp.challenge_parameters["StringType"] #=> String
@@ -2534,12 +2544,12 @@ module Aws::CognitoIdentityProvider
2534
2544
  req.send_request(options)
2535
2545
  end
2536
2546
 
2537
- # The user's multi-factor authentication (MFA) preference, including
2538
- # which MFA options are activated, and if any are preferred. Only one
2539
- # factor can be set as preferred. The preferred MFA factor will be used
2540
- # to authenticate a user if multiple factors are activated. If multiple
2541
- # options are activated and no preference is set, a challenge to choose
2542
- # an MFA option will be returned during sign-in.
2547
+ # Sets the user's multi-factor authentication (MFA) preference,
2548
+ # including which MFA options are activated, and if any are preferred.
2549
+ # Only one factor can be set as preferred. The preferred MFA factor will
2550
+ # be used to authenticate a user if multiple factors are activated. If
2551
+ # multiple options are activated and no preference is set, a challenge
2552
+ # to choose an MFA option will be returned during sign-in.
2543
2553
  #
2544
2554
  # <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
2545
2555
  # in requests for this API operation. For this operation, you must use
@@ -2560,10 +2570,24 @@ module Aws::CognitoIdentityProvider
2560
2570
  # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2561
2571
  #
2562
2572
  # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
2563
- # The SMS text message MFA settings.
2573
+ # User preferences for SMS message MFA. Activates or deactivates SMS MFA
2574
+ # and sets it as the preferred MFA method when multiple methods are
2575
+ # available.
2564
2576
  #
2565
2577
  # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
2566
- # The time-based one-time password software token MFA settings.
2578
+ # User preferences for time-based one-time password (TOTP) MFA.
2579
+ # Activates or deactivates TOTP MFA and sets it as the preferred MFA
2580
+ # method when multiple methods are available.
2581
+ #
2582
+ # @option params [Types::EmailMfaSettingsType] :email_mfa_settings
2583
+ # User preferences for email message MFA. Activates or deactivates email
2584
+ # MFA and sets it as the preferred MFA method when multiple methods are
2585
+ # available. To activate this setting, [ advanced security features][1]
2586
+ # must be active in your user pool.
2587
+ #
2588
+ #
2589
+ #
2590
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
2567
2591
  #
2568
2592
  # @option params [required, String] :username
2569
2593
  # The username of the user that you want to query or modify. The value
@@ -2573,7 +2597,8 @@ module Aws::CognitoIdentityProvider
2573
2597
  # username of a user from a third-party IdP.
2574
2598
  #
2575
2599
  # @option params [required, String] :user_pool_id
2576
- # The user pool ID.
2600
+ # The ID of the user pool where you want to set a user's MFA
2601
+ # preferences.
2577
2602
  #
2578
2603
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2579
2604
  #
@@ -2588,6 +2613,10 @@ module Aws::CognitoIdentityProvider
2588
2613
  # enabled: false,
2589
2614
  # preferred_mfa: false,
2590
2615
  # },
2616
+ # email_mfa_settings: {
2617
+ # enabled: false,
2618
+ # preferred_mfa: false,
2619
+ # },
2591
2620
  # username: "UsernameType", # required
2592
2621
  # user_pool_id: "UserPoolIdType", # required
2593
2622
  # })
@@ -2876,7 +2905,7 @@ module Aws::CognitoIdentityProvider
2876
2905
  # sign in.
2877
2906
  #
2878
2907
  # If you have never used SMS text messages with Amazon Cognito or any
2879
- # other Amazon Web Services service, Amazon Simple Notification Service
2908
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
2880
2909
  # might place your account in the SMS sandbox. In <i> <a
2881
2910
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
2882
2911
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -3970,7 +3999,7 @@ module Aws::CognitoIdentityProvider
3970
3999
  # sign in.
3971
4000
  #
3972
4001
  # If you have never used SMS text messages with Amazon Cognito or any
3973
- # other Amazon Web Services service, Amazon Simple Notification Service
4002
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
3974
4003
  # might place your account in the SMS sandbox. In <i> <a
3975
4004
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
3976
4005
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -4960,9 +4989,9 @@ module Aws::CognitoIdentityProvider
4960
4989
  # are hours.
4961
4990
  #
4962
4991
  # @option params [Array<String>] :read_attributes
4963
- # The list of user attributes that you want your app client to have
4964
- # read-only access to. After your user authenticates in your app, their
4965
- # access token authorizes them to read their own attribute value for any
4992
+ # The list of user attributes that you want your app client to have read
4993
+ # access to. After your user authenticates in your app, their access
4994
+ # token authorizes them to read their own attribute value for any
4966
4995
  # attribute in this list. An example of this kind of activity is when
4967
4996
  # your user selects a link to view their profile information. Your app
4968
4997
  # makes a [GetUser][1] API request to retrieve and display your user's
@@ -4970,11 +4999,11 @@ module Aws::CognitoIdentityProvider
4970
4999
  #
4971
5000
  # When you don't specify the `ReadAttributes` for your app client, your
4972
5001
  # app can read the values of `email_verified`, `phone_number_verified`,
4973
- # and the Standard attributes of your user pool. When your user pool has
4974
- # read access to these default attributes, `ReadAttributes` doesn't
4975
- # return any information. Amazon Cognito only populates `ReadAttributes`
4976
- # in the API response if you have specified your own custom set of read
4977
- # attributes.
5002
+ # and the Standard attributes of your user pool. When your user pool app
5003
+ # client has read access to these default attributes, `ReadAttributes`
5004
+ # doesn't return any information. Amazon Cognito only populates
5005
+ # `ReadAttributes` in the API response if you have specified your own
5006
+ # custom set of read attributes.
4978
5007
  #
4979
5008
  #
4980
5009
  #
@@ -6282,7 +6311,7 @@ module Aws::CognitoIdentityProvider
6282
6311
  # sign in.
6283
6312
  #
6284
6313
  # If you have never used SMS text messages with Amazon Cognito or any
6285
- # other Amazon Web Services service, Amazon Simple Notification Service
6314
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
6286
6315
  # might place your account in the SMS sandbox. In <i> <a
6287
6316
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6288
6317
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -6770,7 +6799,7 @@ module Aws::CognitoIdentityProvider
6770
6799
  # sign in.
6771
6800
  #
6772
6801
  # If you have never used SMS text messages with Amazon Cognito or any
6773
- # other Amazon Web Services service, Amazon Simple Notification Service
6802
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
6774
6803
  # might place your account in the SMS sandbox. In <i> <a
6775
6804
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6776
6805
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -6870,6 +6899,7 @@ module Aws::CognitoIdentityProvider
6870
6899
  #
6871
6900
  # * {Types::GetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
6872
6901
  # * {Types::GetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
6902
+ # * {Types::GetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
6873
6903
  # * {Types::GetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
6874
6904
  #
6875
6905
  # @example Request syntax with placeholder values
@@ -6885,6 +6915,8 @@ module Aws::CognitoIdentityProvider
6885
6915
  # resp.sms_mfa_configuration.sms_configuration.external_id #=> String
6886
6916
  # resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
6887
6917
  # resp.software_token_mfa_configuration.enabled #=> Boolean
6918
+ # resp.email_mfa_configuration.message #=> String
6919
+ # resp.email_mfa_configuration.subject #=> String
6888
6920
  # resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
6889
6921
  #
6890
6922
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserPoolMfaConfig AWS API Documentation
@@ -6983,7 +7015,7 @@ module Aws::CognitoIdentityProvider
6983
7015
  # sign in.
6984
7016
  #
6985
7017
  # If you have never used SMS text messages with Amazon Cognito or any
6986
- # other Amazon Web Services service, Amazon Simple Notification Service
7018
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
6987
7019
  # might place your account in the SMS sandbox. In <i> <a
6988
7020
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6989
7021
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -7202,7 +7234,7 @@ module Aws::CognitoIdentityProvider
7202
7234
  #
7203
7235
  # @example Response structure
7204
7236
  #
7205
- # resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
7237
+ # resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
7206
7238
  # resp.session #=> String
7207
7239
  # resp.challenge_parameters #=> Hash
7208
7240
  # resp.challenge_parameters["StringType"] #=> String
@@ -8073,7 +8105,7 @@ module Aws::CognitoIdentityProvider
8073
8105
  # sign in.
8074
8106
  #
8075
8107
  # If you have never used SMS text messages with Amazon Cognito or any
8076
- # other Amazon Web Services service, Amazon Simple Notification Service
8108
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
8077
8109
  # might place your account in the SMS sandbox. In <i> <a
8078
8110
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
8079
8111
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -8219,7 +8251,7 @@ module Aws::CognitoIdentityProvider
8219
8251
  # sign in.
8220
8252
  #
8221
8253
  # If you have never used SMS text messages with Amazon Cognito or any
8222
- # other Amazon Web Services service, Amazon Simple Notification Service
8254
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
8223
8255
  # might place your account in the SMS sandbox. In <i> <a
8224
8256
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
8225
8257
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -8268,11 +8300,21 @@ module Aws::CognitoIdentityProvider
8268
8300
  # SMS\_MFA
8269
8301
  #
8270
8302
  # : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
8271
- # "[SMS_code]", "USERNAME": "[username]"\}`
8303
+ # "[code]", "USERNAME": "[username]"\}`
8304
+ #
8305
+ # EMAIL\_OTP
8306
+ #
8307
+ # : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
8308
+ # \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
8272
8309
  #
8273
8310
  # PASSWORD\_VERIFIER
8274
8311
  #
8275
- # : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
8312
+ # : This challenge response is part of the SRP flow. Amazon Cognito
8313
+ # requires that your application respond to this challenge within a
8314
+ # few seconds. When the response time exceeds this period, your user
8315
+ # pool returns a `NotAuthorizedException` error.
8316
+ #
8317
+ # `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
8276
8318
  # \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
8277
8319
  # "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
8278
8320
  # [timestamp], "USERNAME": "[username]"\}`
@@ -8407,7 +8449,7 @@ module Aws::CognitoIdentityProvider
8407
8449
  #
8408
8450
  # resp = client.respond_to_auth_challenge({
8409
8451
  # client_id: "ClientIdType", # required
8410
- # challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
8452
+ # challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
8411
8453
  # session: "SessionType",
8412
8454
  # challenge_responses: {
8413
8455
  # "StringType" => "StringType",
@@ -8426,7 +8468,7 @@ module Aws::CognitoIdentityProvider
8426
8468
  #
8427
8469
  # @example Response structure
8428
8470
  #
8429
- # resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
8471
+ # resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
8430
8472
  # resp.session #=> String
8431
8473
  # resp.challenge_parameters #=> Hash
8432
8474
  # resp.challenge_parameters["StringType"] #=> String
@@ -8762,10 +8804,24 @@ module Aws::CognitoIdentityProvider
8762
8804
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
8763
8805
  #
8764
8806
  # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
8765
- # The SMS text message multi-factor authentication (MFA) settings.
8807
+ # User preferences for SMS message MFA. Activates or deactivates SMS MFA
8808
+ # and sets it as the preferred MFA method when multiple methods are
8809
+ # available.
8766
8810
  #
8767
8811
  # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
8768
- # The time-based one-time password (TOTP) software token MFA settings.
8812
+ # User preferences for time-based one-time password (TOTP) MFA.
8813
+ # Activates or deactivates TOTP MFA and sets it as the preferred MFA
8814
+ # method when multiple methods are available.
8815
+ #
8816
+ # @option params [Types::EmailMfaSettingsType] :email_mfa_settings
8817
+ # User preferences for email message MFA. Activates or deactivates email
8818
+ # MFA and sets it as the preferred MFA method when multiple methods are
8819
+ # available. To activate this setting, [ advanced security features][1]
8820
+ # must be active in your user pool.
8821
+ #
8822
+ #
8823
+ #
8824
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
8769
8825
  #
8770
8826
  # @option params [required, String] :access_token
8771
8827
  # A valid access token that Amazon Cognito issued to the user whose MFA
@@ -8784,6 +8840,10 @@ module Aws::CognitoIdentityProvider
8784
8840
  # enabled: false,
8785
8841
  # preferred_mfa: false,
8786
8842
  # },
8843
+ # email_mfa_settings: {
8844
+ # enabled: false,
8845
+ # preferred_mfa: false,
8846
+ # },
8787
8847
  # access_token: "TokenModelType", # required
8788
8848
  # })
8789
8849
  #
@@ -8808,7 +8868,7 @@ module Aws::CognitoIdentityProvider
8808
8868
  # sign in.
8809
8869
  #
8810
8870
  # If you have never used SMS text messages with Amazon Cognito or any
8811
- # other Amazon Web Services service, Amazon Simple Notification Service
8871
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
8812
8872
  # might place your account in the SMS sandbox. In <i> <a
8813
8873
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
8814
8874
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -8828,10 +8888,22 @@ module Aws::CognitoIdentityProvider
8828
8888
  # The user pool ID.
8829
8889
  #
8830
8890
  # @option params [Types::SmsMfaConfigType] :sms_mfa_configuration
8831
- # The SMS text message MFA configuration.
8891
+ # Configures user pool SMS messages for MFA. Sets the message template
8892
+ # and the SMS message sending configuration for Amazon SNS.
8832
8893
  #
8833
8894
  # @option params [Types::SoftwareTokenMfaConfigType] :software_token_mfa_configuration
8834
- # The software token MFA configuration.
8895
+ # Configures a user pool for time-based one-time password (TOTP) MFA.
8896
+ # Enables or disables TOTP.
8897
+ #
8898
+ # @option params [Types::EmailMfaConfigType] :email_mfa_configuration
8899
+ # Configures user pool email messages for MFA. Sets the subject and body
8900
+ # of the email message template for MFA messages. To activate this
8901
+ # setting, [ advanced security features][1] must be active in your user
8902
+ # pool.
8903
+ #
8904
+ #
8905
+ #
8906
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
8835
8907
  #
8836
8908
  # @option params [String] :mfa_configuration
8837
8909
  # The MFA configuration. If you set the MfaConfiguration value to ‘ON’,
@@ -8854,6 +8926,7 @@ module Aws::CognitoIdentityProvider
8854
8926
  #
8855
8927
  # * {Types::SetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
8856
8928
  # * {Types::SetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
8929
+ # * {Types::SetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
8857
8930
  # * {Types::SetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
8858
8931
  #
8859
8932
  # @example Request syntax with placeholder values
@@ -8871,6 +8944,10 @@ module Aws::CognitoIdentityProvider
8871
8944
  # software_token_mfa_configuration: {
8872
8945
  # enabled: false,
8873
8946
  # },
8947
+ # email_mfa_configuration: {
8948
+ # message: "EmailMfaMessageType",
8949
+ # subject: "EmailMfaSubjectType",
8950
+ # },
8874
8951
  # mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
8875
8952
  # })
8876
8953
  #
@@ -8881,6 +8958,8 @@ module Aws::CognitoIdentityProvider
8881
8958
  # resp.sms_mfa_configuration.sms_configuration.external_id #=> String
8882
8959
  # resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
8883
8960
  # resp.software_token_mfa_configuration.enabled #=> Boolean
8961
+ # resp.email_mfa_configuration.message #=> String
8962
+ # resp.email_mfa_configuration.subject #=> String
8884
8963
  # resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
8885
8964
  #
8886
8965
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserPoolMfaConfig AWS API Documentation
@@ -8967,7 +9046,7 @@ module Aws::CognitoIdentityProvider
8967
9046
  # sign in.
8968
9047
  #
8969
9048
  # If you have never used SMS text messages with Amazon Cognito or any
8970
- # other Amazon Web Services service, Amazon Simple Notification Service
9049
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
8971
9050
  # might place your account in the SMS sandbox. In <i> <a
8972
9051
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
8973
9052
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -9778,7 +9857,7 @@ module Aws::CognitoIdentityProvider
9778
9857
  # sign in.
9779
9858
  #
9780
9859
  # If you have never used SMS text messages with Amazon Cognito or any
9781
- # other Amazon Web Services service, Amazon Simple Notification Service
9860
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
9782
9861
  # might place your account in the SMS sandbox. In <i> <a
9783
9862
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
9784
9863
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -9893,7 +9972,7 @@ module Aws::CognitoIdentityProvider
9893
9972
  # sign in.
9894
9973
  #
9895
9974
  # If you have never used SMS text messages with Amazon Cognito or any
9896
- # other Amazon Web Services service, Amazon Simple Notification Service
9975
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
9897
9976
  # might place your account in the SMS sandbox. In <i> <a
9898
9977
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
9899
9978
  # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -10282,9 +10361,9 @@ module Aws::CognitoIdentityProvider
10282
10361
  # default for ID and access tokens is hours.
10283
10362
  #
10284
10363
  # @option params [Array<String>] :read_attributes
10285
- # The list of user attributes that you want your app client to have
10286
- # read-only access to. After your user authenticates in your app, their
10287
- # access token authorizes them to read their own attribute value for any
10364
+ # The list of user attributes that you want your app client to have read
10365
+ # access to. After your user authenticates in your app, their access
10366
+ # token authorizes them to read their own attribute value for any
10288
10367
  # attribute in this list. An example of this kind of activity is when
10289
10368
  # your user selects a link to view their profile information. Your app
10290
10369
  # makes a [GetUser][1] API request to retrieve and display your user's
@@ -10292,11 +10371,11 @@ module Aws::CognitoIdentityProvider
10292
10371
  #
10293
10372
  # When you don't specify the `ReadAttributes` for your app client, your
10294
10373
  # app can read the values of `email_verified`, `phone_number_verified`,
10295
- # and the Standard attributes of your user pool. When your user pool has
10296
- # read access to these default attributes, `ReadAttributes` doesn't
10297
- # return any information. Amazon Cognito only populates `ReadAttributes`
10298
- # in the API response if you have specified your own custom set of read
10299
- # attributes.
10374
+ # and the Standard attributes of your user pool. When your user pool app
10375
+ # client has read access to these default attributes, `ReadAttributes`
10376
+ # doesn't return any information. Amazon Cognito only populates
10377
+ # `ReadAttributes` in the API response if you have specified your own
10378
+ # custom set of read attributes.
10300
10379
  #
10301
10380
  #
10302
10381
  #
@@ -10854,7 +10933,7 @@ module Aws::CognitoIdentityProvider
10854
10933
  tracer: tracer
10855
10934
  )
10856
10935
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
10857
- context[:gem_version] = '1.102.0'
10936
+ context[:gem_version] = '1.104.0'
10858
10937
  Seahorse::Client::Request.new(handlers, context)
10859
10938
  end
10860
10939
 
@@ -202,6 +202,10 @@ module Aws::CognitoIdentityProvider
202
202
  DuplicateProviderException = Shapes::StructureShape.new(name: 'DuplicateProviderException')
203
203
  EmailAddressType = Shapes::StringShape.new(name: 'EmailAddressType')
204
204
  EmailConfigurationType = Shapes::StructureShape.new(name: 'EmailConfigurationType')
205
+ EmailMfaConfigType = Shapes::StructureShape.new(name: 'EmailMfaConfigType')
206
+ EmailMfaMessageType = Shapes::StringShape.new(name: 'EmailMfaMessageType')
207
+ EmailMfaSettingsType = Shapes::StructureShape.new(name: 'EmailMfaSettingsType')
208
+ EmailMfaSubjectType = Shapes::StringShape.new(name: 'EmailMfaSubjectType')
205
209
  EmailNotificationBodyType = Shapes::StringShape.new(name: 'EmailNotificationBodyType')
206
210
  EmailNotificationSubjectType = Shapes::StringShape.new(name: 'EmailNotificationSubjectType')
207
211
  EmailSendingAccountType = Shapes::StringShape.new(name: 'EmailSendingAccountType')
@@ -691,6 +695,7 @@ module Aws::CognitoIdentityProvider
691
695
 
692
696
  AdminSetUserMFAPreferenceRequest.add_member(:sms_mfa_settings, Shapes::ShapeRef.new(shape: SMSMfaSettingsType, location_name: "SMSMfaSettings"))
693
697
  AdminSetUserMFAPreferenceRequest.add_member(:software_token_mfa_settings, Shapes::ShapeRef.new(shape: SoftwareTokenMfaSettingsType, location_name: "SoftwareTokenMfaSettings"))
698
+ AdminSetUserMFAPreferenceRequest.add_member(:email_mfa_settings, Shapes::ShapeRef.new(shape: EmailMfaSettingsType, location_name: "EmailMfaSettings"))
694
699
  AdminSetUserMFAPreferenceRequest.add_member(:username, Shapes::ShapeRef.new(shape: UsernameType, required: true, location_name: "Username"))
695
700
  AdminSetUserMFAPreferenceRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
696
701
  AdminSetUserMFAPreferenceRequest.struct_class = Types::AdminSetUserMFAPreferenceRequest
@@ -1132,6 +1137,14 @@ module Aws::CognitoIdentityProvider
1132
1137
  EmailConfigurationType.add_member(:configuration_set, Shapes::ShapeRef.new(shape: SESConfigurationSet, location_name: "ConfigurationSet"))
1133
1138
  EmailConfigurationType.struct_class = Types::EmailConfigurationType
1134
1139
 
1140
+ EmailMfaConfigType.add_member(:message, Shapes::ShapeRef.new(shape: EmailMfaMessageType, location_name: "Message"))
1141
+ EmailMfaConfigType.add_member(:subject, Shapes::ShapeRef.new(shape: EmailMfaSubjectType, location_name: "Subject"))
1142
+ EmailMfaConfigType.struct_class = Types::EmailMfaConfigType
1143
+
1144
+ EmailMfaSettingsType.add_member(:enabled, Shapes::ShapeRef.new(shape: BooleanType, location_name: "Enabled"))
1145
+ EmailMfaSettingsType.add_member(:preferred_mfa, Shapes::ShapeRef.new(shape: BooleanType, location_name: "PreferredMfa"))
1146
+ EmailMfaSettingsType.struct_class = Types::EmailMfaSettingsType
1147
+
1135
1148
  EnableSoftwareTokenMFAException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1136
1149
  EnableSoftwareTokenMFAException.struct_class = Types::EnableSoftwareTokenMFAException
1137
1150
 
@@ -1240,6 +1253,7 @@ module Aws::CognitoIdentityProvider
1240
1253
 
1241
1254
  GetUserPoolMfaConfigResponse.add_member(:sms_mfa_configuration, Shapes::ShapeRef.new(shape: SmsMfaConfigType, location_name: "SmsMfaConfiguration"))
1242
1255
  GetUserPoolMfaConfigResponse.add_member(:software_token_mfa_configuration, Shapes::ShapeRef.new(shape: SoftwareTokenMfaConfigType, location_name: "SoftwareTokenMfaConfiguration"))
1256
+ GetUserPoolMfaConfigResponse.add_member(:email_mfa_configuration, Shapes::ShapeRef.new(shape: EmailMfaConfigType, location_name: "EmailMfaConfiguration"))
1243
1257
  GetUserPoolMfaConfigResponse.add_member(:mfa_configuration, Shapes::ShapeRef.new(shape: UserPoolMfaType, location_name: "MfaConfiguration"))
1244
1258
  GetUserPoolMfaConfigResponse.struct_class = Types::GetUserPoolMfaConfigResponse
1245
1259
 
@@ -1655,6 +1669,7 @@ module Aws::CognitoIdentityProvider
1655
1669
 
1656
1670
  SetUserMFAPreferenceRequest.add_member(:sms_mfa_settings, Shapes::ShapeRef.new(shape: SMSMfaSettingsType, location_name: "SMSMfaSettings"))
1657
1671
  SetUserMFAPreferenceRequest.add_member(:software_token_mfa_settings, Shapes::ShapeRef.new(shape: SoftwareTokenMfaSettingsType, location_name: "SoftwareTokenMfaSettings"))
1672
+ SetUserMFAPreferenceRequest.add_member(:email_mfa_settings, Shapes::ShapeRef.new(shape: EmailMfaSettingsType, location_name: "EmailMfaSettings"))
1658
1673
  SetUserMFAPreferenceRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: TokenModelType, required: true, location_name: "AccessToken"))
1659
1674
  SetUserMFAPreferenceRequest.struct_class = Types::SetUserMFAPreferenceRequest
1660
1675
 
@@ -1663,11 +1678,13 @@ module Aws::CognitoIdentityProvider
1663
1678
  SetUserPoolMfaConfigRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
1664
1679
  SetUserPoolMfaConfigRequest.add_member(:sms_mfa_configuration, Shapes::ShapeRef.new(shape: SmsMfaConfigType, location_name: "SmsMfaConfiguration"))
1665
1680
  SetUserPoolMfaConfigRequest.add_member(:software_token_mfa_configuration, Shapes::ShapeRef.new(shape: SoftwareTokenMfaConfigType, location_name: "SoftwareTokenMfaConfiguration"))
1681
+ SetUserPoolMfaConfigRequest.add_member(:email_mfa_configuration, Shapes::ShapeRef.new(shape: EmailMfaConfigType, location_name: "EmailMfaConfiguration"))
1666
1682
  SetUserPoolMfaConfigRequest.add_member(:mfa_configuration, Shapes::ShapeRef.new(shape: UserPoolMfaType, location_name: "MfaConfiguration"))
1667
1683
  SetUserPoolMfaConfigRequest.struct_class = Types::SetUserPoolMfaConfigRequest
1668
1684
 
1669
1685
  SetUserPoolMfaConfigResponse.add_member(:sms_mfa_configuration, Shapes::ShapeRef.new(shape: SmsMfaConfigType, location_name: "SmsMfaConfiguration"))
1670
1686
  SetUserPoolMfaConfigResponse.add_member(:software_token_mfa_configuration, Shapes::ShapeRef.new(shape: SoftwareTokenMfaConfigType, location_name: "SoftwareTokenMfaConfiguration"))
1687
+ SetUserPoolMfaConfigResponse.add_member(:email_mfa_configuration, Shapes::ShapeRef.new(shape: EmailMfaConfigType, location_name: "EmailMfaConfiguration"))
1671
1688
  SetUserPoolMfaConfigResponse.add_member(:mfa_configuration, Shapes::ShapeRef.new(shape: UserPoolMfaType, location_name: "MfaConfiguration"))
1672
1689
  SetUserPoolMfaConfigResponse.struct_class = Types::SetUserPoolMfaConfigResponse
1673
1690
 
@@ -2298,6 +2315,7 @@ module Aws::CognitoIdentityProvider
2298
2315
  o.errors << Shapes::ShapeRef.new(shape: InvalidLambdaResponseException)
2299
2316
  o.errors << Shapes::ShapeRef.new(shape: MFAMethodNotFoundException)
2300
2317
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
2318
+ o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
2301
2319
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
2302
2320
  o.errors << Shapes::ShapeRef.new(shape: PasswordResetRequiredException)
2303
2321
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
@@ -2430,6 +2448,7 @@ module Aws::CognitoIdentityProvider
2430
2448
  o.errors << Shapes::ShapeRef.new(shape: InvalidUserPoolConfigurationException)
2431
2449
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2432
2450
  o.errors << Shapes::ShapeRef.new(shape: MFAMethodNotFoundException)
2451
+ o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
2433
2452
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
2434
2453
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
2435
2454
  o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
@@ -3217,6 +3236,7 @@ module Aws::CognitoIdentityProvider
3217
3236
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3218
3237
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3219
3238
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
3239
+ o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
3220
3240
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
3221
3241
  o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3222
3242
  end)
@@ -3450,6 +3470,7 @@ module Aws::CognitoIdentityProvider
3450
3470
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3451
3471
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
3452
3472
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
3473
+ o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
3453
3474
  o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
3454
3475
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3455
3476
  o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)