aws-sdk-cognitoidentityprovider 1.103.0 → 1.105.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +144 -59
- data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +21 -0
- data/lib/aws-sdk-cognitoidentityprovider/plugins/endpoints.rb +8 -5
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +228 -59
- data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
- data/sig/client.rbs +21 -6
- data/sig/resource.rbs +1 -0
- data/sig/types.rbs +23 -6
- metadata +4 -4
@@ -15,11 +15,11 @@ module Aws::CognitoIdentityProvider
|
|
15
15
|
:endpoint_provider,
|
16
16
|
doc_type: 'Aws::CognitoIdentityProvider::EndpointProvider',
|
17
17
|
rbs_type: 'untyped',
|
18
|
-
docstring:
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
18
|
+
docstring: <<~DOCS) do |_cfg|
|
19
|
+
The endpoint provider used to resolve endpoints. Any object that responds to
|
20
|
+
`#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
|
21
|
+
`Aws::CognitoIdentityProvider::EndpointParameters`.
|
22
|
+
DOCS
|
23
23
|
Aws::CognitoIdentityProvider::EndpointProvider.new
|
24
24
|
end
|
25
25
|
|
@@ -51,6 +51,9 @@ module Aws::CognitoIdentityProvider
|
|
51
51
|
if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
|
52
52
|
metrics << 'SIGV4A_SIGNING'
|
53
53
|
end
|
54
|
+
if context.config.credentials&.credentials&.account_id
|
55
|
+
metrics << 'RESOLVED_ACCOUNT_ID'
|
56
|
+
end
|
54
57
|
Aws::Plugins::UserAgent.metric(*metrics, &block)
|
55
58
|
end
|
56
59
|
|
@@ -762,7 +762,7 @@ module Aws::CognitoIdentityProvider
|
|
762
762
|
#
|
763
763
|
# @!attribute [rw] user_mfa_setting_list
|
764
764
|
# The MFA options that are activated for the user. The possible values
|
765
|
-
# in this list are `SMS_MFA` and `SOFTWARE_TOKEN_MFA`.
|
765
|
+
# in this list are `SMS_MFA`, `EMAIL_OTP`, and `SOFTWARE_TOKEN_MFA`.
|
766
766
|
# @return [Array<String>]
|
767
767
|
#
|
768
768
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminGetUserResponse AWS API Documentation
|
@@ -960,11 +960,15 @@ module Aws::CognitoIdentityProvider
|
|
960
960
|
# to authenticate.
|
961
961
|
#
|
962
962
|
# * `SELECT_MFA_TYPE`: Selects the MFA type. Valid MFA options are
|
963
|
-
# `SMS_MFA` for
|
964
|
-
# time-based one-time password (TOTP)
|
963
|
+
# `SMS_MFA` for SMS message MFA, `EMAIL_OTP` for email message MFA,
|
964
|
+
# and `SOFTWARE_TOKEN_MFA` for time-based one-time password (TOTP)
|
965
|
+
# software token MFA.
|
965
966
|
#
|
966
|
-
# * `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE
|
967
|
-
# delivered
|
967
|
+
# * `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`that your
|
968
|
+
# user pool delivered in an SMS message.
|
969
|
+
#
|
970
|
+
# * `EMAIL_OTP`: Next challenge is to supply an `EMAIL_OTP_CODE` that
|
971
|
+
# your user pool delivered in an email message.
|
968
972
|
#
|
969
973
|
# * `PASSWORD_VERIFIER`: Next challenge is to supply
|
970
974
|
# `PASSWORD_CLAIM_SIGNATURE`, `PASSWORD_CLAIM_SECRET_BLOCK`, and
|
@@ -1430,11 +1434,21 @@ module Aws::CognitoIdentityProvider
|
|
1430
1434
|
# SMS\_MFA
|
1431
1435
|
#
|
1432
1436
|
# : `"ChallengeName": "SMS_MFA", "ChallengeResponses":
|
1433
|
-
# \{"SMS_MFA_CODE": "[
|
1437
|
+
# \{"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"\}`
|
1438
|
+
#
|
1439
|
+
# EMAIL\_OTP
|
1440
|
+
#
|
1441
|
+
# : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
|
1442
|
+
# \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
|
1434
1443
|
#
|
1435
1444
|
# PASSWORD\_VERIFIER
|
1436
1445
|
#
|
1437
|
-
# :
|
1446
|
+
# : This challenge response is part of the SRP flow. Amazon Cognito
|
1447
|
+
# requires that your application respond to this challenge within a
|
1448
|
+
# few seconds. When the response time exceeds this period, your user
|
1449
|
+
# pool returns a `NotAuthorizedException` error.
|
1450
|
+
#
|
1451
|
+
# `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
|
1438
1452
|
# \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
|
1439
1453
|
# "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
|
1440
1454
|
# [timestamp], "USERNAME": "[username]"\}`
|
@@ -1648,13 +1662,28 @@ module Aws::CognitoIdentityProvider
|
|
1648
1662
|
end
|
1649
1663
|
|
1650
1664
|
# @!attribute [rw] sms_mfa_settings
|
1651
|
-
#
|
1665
|
+
# User preferences for SMS message MFA. Activates or deactivates SMS
|
1666
|
+
# MFA and sets it as the preferred MFA method when multiple methods
|
1667
|
+
# are available.
|
1652
1668
|
# @return [Types::SMSMfaSettingsType]
|
1653
1669
|
#
|
1654
1670
|
# @!attribute [rw] software_token_mfa_settings
|
1655
|
-
#
|
1671
|
+
# User preferences for time-based one-time password (TOTP) MFA.
|
1672
|
+
# Activates or deactivates TOTP MFA and sets it as the preferred MFA
|
1673
|
+
# method when multiple methods are available.
|
1656
1674
|
# @return [Types::SoftwareTokenMfaSettingsType]
|
1657
1675
|
#
|
1676
|
+
# @!attribute [rw] email_mfa_settings
|
1677
|
+
# User preferences for email message MFA. Activates or deactivates
|
1678
|
+
# email MFA and sets it as the preferred MFA method when multiple
|
1679
|
+
# methods are available. To activate this setting, [ advanced security
|
1680
|
+
# features][1] must be active in your user pool.
|
1681
|
+
#
|
1682
|
+
#
|
1683
|
+
#
|
1684
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
1685
|
+
# @return [Types::EmailMfaSettingsType]
|
1686
|
+
#
|
1658
1687
|
# @!attribute [rw] username
|
1659
1688
|
# The username of the user that you want to query or modify. The value
|
1660
1689
|
# of this parameter is typically your user's username, but it can be
|
@@ -1664,7 +1693,8 @@ module Aws::CognitoIdentityProvider
|
|
1664
1693
|
# @return [String]
|
1665
1694
|
#
|
1666
1695
|
# @!attribute [rw] user_pool_id
|
1667
|
-
# The user pool
|
1696
|
+
# The ID of the user pool where you want to set a user's MFA
|
1697
|
+
# preferences.
|
1668
1698
|
# @return [String]
|
1669
1699
|
#
|
1670
1700
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminSetUserMFAPreferenceRequest AWS API Documentation
|
@@ -1672,6 +1702,7 @@ module Aws::CognitoIdentityProvider
|
|
1672
1702
|
class AdminSetUserMFAPreferenceRequest < Struct.new(
|
1673
1703
|
:sms_mfa_settings,
|
1674
1704
|
:software_token_mfa_settings,
|
1705
|
+
:email_mfa_settings,
|
1675
1706
|
:username,
|
1676
1707
|
:user_pool_id)
|
1677
1708
|
SENSITIVE = [:username]
|
@@ -3115,20 +3146,21 @@ module Aws::CognitoIdentityProvider
|
|
3115
3146
|
#
|
3116
3147
|
# @!attribute [rw] read_attributes
|
3117
3148
|
# The list of user attributes that you want your app client to have
|
3118
|
-
# read
|
3119
|
-
#
|
3120
|
-
#
|
3121
|
-
#
|
3149
|
+
# read access to. After your user authenticates in your app, their
|
3150
|
+
# access token authorizes them to read their own attribute value for
|
3151
|
+
# any attribute in this list. An example of this kind of activity is
|
3152
|
+
# when your user selects a link to view their profile information.
|
3122
3153
|
# Your app makes a [GetUser][1] API request to retrieve and display
|
3123
3154
|
# your user's profile data.
|
3124
3155
|
#
|
3125
3156
|
# When you don't specify the `ReadAttributes` for your app client,
|
3126
3157
|
# your app can read the values of `email_verified`,
|
3127
3158
|
# `phone_number_verified`, and the Standard attributes of your user
|
3128
|
-
# pool. When your user pool has read access to these
|
3129
|
-
# attributes, `ReadAttributes` doesn't return any
|
3130
|
-
# Cognito only populates `ReadAttributes` in the
|
3131
|
-
# have specified your own custom set of read
|
3159
|
+
# pool. When your user pool app client has read access to these
|
3160
|
+
# default attributes, `ReadAttributes` doesn't return any
|
3161
|
+
# information. Amazon Cognito only populates `ReadAttributes` in the
|
3162
|
+
# API response if you have specified your own custom set of read
|
3163
|
+
# attributes.
|
3132
3164
|
#
|
3133
3165
|
#
|
3134
3166
|
#
|
@@ -4503,6 +4535,66 @@ module Aws::CognitoIdentityProvider
|
|
4503
4535
|
include Aws::Structure
|
4504
4536
|
end
|
4505
4537
|
|
4538
|
+
# Sets or shows user pool email message configuration for MFA. Includes
|
4539
|
+
# the subject and body of the email message template for MFA messages.
|
4540
|
+
# To activate this setting, [ advanced security features][1] must be
|
4541
|
+
# active in your user pool.
|
4542
|
+
#
|
4543
|
+
#
|
4544
|
+
#
|
4545
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
4546
|
+
#
|
4547
|
+
# @!attribute [rw] message
|
4548
|
+
# The template for the email message that your user pool sends to
|
4549
|
+
# users with an MFA code. The message must contain the `\{####\}`
|
4550
|
+
# placeholder. In the message, Amazon Cognito replaces this
|
4551
|
+
# placeholder with the code. If you don't provide this parameter,
|
4552
|
+
# Amazon Cognito sends messages in the default format.
|
4553
|
+
# @return [String]
|
4554
|
+
#
|
4555
|
+
# @!attribute [rw] subject
|
4556
|
+
# The subject of the email message that your user pool sends to users
|
4557
|
+
# with an MFA code.
|
4558
|
+
# @return [String]
|
4559
|
+
#
|
4560
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/EmailMfaConfigType AWS API Documentation
|
4561
|
+
#
|
4562
|
+
class EmailMfaConfigType < Struct.new(
|
4563
|
+
:message,
|
4564
|
+
:subject)
|
4565
|
+
SENSITIVE = []
|
4566
|
+
include Aws::Structure
|
4567
|
+
end
|
4568
|
+
|
4569
|
+
# User preferences for multi-factor authentication with email messages.
|
4570
|
+
# Activates or deactivates email MFA and sets it as the preferred MFA
|
4571
|
+
# method when multiple methods are available. To activate this setting,
|
4572
|
+
# [ advanced security features][1] must be active in your user pool.
|
4573
|
+
#
|
4574
|
+
#
|
4575
|
+
#
|
4576
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
4577
|
+
#
|
4578
|
+
# @!attribute [rw] enabled
|
4579
|
+
# Specifies whether email message MFA is active for a user. When the
|
4580
|
+
# value of this parameter is `Enabled`, the user will be prompted for
|
4581
|
+
# MFA during all sign-in attempts, unless device tracking is turned on
|
4582
|
+
# and the device has been trusted.
|
4583
|
+
# @return [Boolean]
|
4584
|
+
#
|
4585
|
+
# @!attribute [rw] preferred_mfa
|
4586
|
+
# Specifies whether email message MFA is the user's preferred method.
|
4587
|
+
# @return [Boolean]
|
4588
|
+
#
|
4589
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/EmailMfaSettingsType AWS API Documentation
|
4590
|
+
#
|
4591
|
+
class EmailMfaSettingsType < Struct.new(
|
4592
|
+
:enabled,
|
4593
|
+
:preferred_mfa)
|
4594
|
+
SENSITIVE = []
|
4595
|
+
include Aws::Structure
|
4596
|
+
end
|
4597
|
+
|
4506
4598
|
# This exception is thrown when there is a code mismatch and the service
|
4507
4599
|
# fails to configure the software token TOTP multi-factor authentication
|
4508
4600
|
# (MFA).
|
@@ -5074,14 +5166,27 @@ module Aws::CognitoIdentityProvider
|
|
5074
5166
|
end
|
5075
5167
|
|
5076
5168
|
# @!attribute [rw] sms_mfa_configuration
|
5077
|
-
#
|
5078
|
-
# configuration
|
5169
|
+
# Shows user pool SMS message configuration for MFA. Includes the
|
5170
|
+
# message template and the SMS message sending configuration for
|
5171
|
+
# Amazon SNS.
|
5079
5172
|
# @return [Types::SmsMfaConfigType]
|
5080
5173
|
#
|
5081
5174
|
# @!attribute [rw] software_token_mfa_configuration
|
5082
|
-
#
|
5175
|
+
# Shows user pool configuration for time-based one-time password
|
5176
|
+
# (TOTP) MFA. Includes TOTP enabled or disabled state.
|
5083
5177
|
# @return [Types::SoftwareTokenMfaConfigType]
|
5084
5178
|
#
|
5179
|
+
# @!attribute [rw] email_mfa_configuration
|
5180
|
+
# Shows user pool email message configuration for MFA. Includes the
|
5181
|
+
# subject and body of the email message template for MFA messages. To
|
5182
|
+
# activate this setting, [ advanced security features][1] must be
|
5183
|
+
# active in your user pool.
|
5184
|
+
#
|
5185
|
+
#
|
5186
|
+
#
|
5187
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
5188
|
+
# @return [Types::EmailMfaConfigType]
|
5189
|
+
#
|
5085
5190
|
# @!attribute [rw] mfa_configuration
|
5086
5191
|
# The multi-factor authentication (MFA) configuration. Valid values
|
5087
5192
|
# include:
|
@@ -5099,6 +5204,7 @@ module Aws::CognitoIdentityProvider
|
|
5099
5204
|
class GetUserPoolMfaConfigResponse < Struct.new(
|
5100
5205
|
:sms_mfa_configuration,
|
5101
5206
|
:software_token_mfa_configuration,
|
5207
|
+
:email_mfa_configuration,
|
5102
5208
|
:mfa_configuration)
|
5103
5209
|
SENSITIVE = []
|
5104
5210
|
include Aws::Structure
|
@@ -5147,7 +5253,7 @@ module Aws::CognitoIdentityProvider
|
|
5147
5253
|
#
|
5148
5254
|
# @!attribute [rw] user_mfa_setting_list
|
5149
5255
|
# The MFA options that are activated for the user. The possible values
|
5150
|
-
# in this list are `SMS_MFA` and `SOFTWARE_TOKEN_MFA`.
|
5256
|
+
# in this list are `SMS_MFA`, `EMAIL_OTP`, and `SOFTWARE_TOKEN_MFA`.
|
5151
5257
|
# @return [Array<String>]
|
5152
5258
|
#
|
5153
5259
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserResponse AWS API Documentation
|
@@ -5629,8 +5735,11 @@ module Aws::CognitoIdentityProvider
|
|
5629
5735
|
#
|
5630
5736
|
# </note>
|
5631
5737
|
#
|
5632
|
-
# * `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE
|
5633
|
-
# delivered
|
5738
|
+
# * `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`that your
|
5739
|
+
# user pool delivered in an SMS message.
|
5740
|
+
#
|
5741
|
+
# * `EMAIL_OTP`: Next challenge is to supply an `EMAIL_OTP_CODE` that
|
5742
|
+
# your user pool delivered in an email message.
|
5634
5743
|
#
|
5635
5744
|
# * `PASSWORD_VERIFIER`: Next challenge is to supply
|
5636
5745
|
# `PASSWORD_CLAIM_SIGNATURE`, `PASSWORD_CLAIM_SECRET_BLOCK`, and
|
@@ -7231,11 +7340,21 @@ module Aws::CognitoIdentityProvider
|
|
7231
7340
|
# SMS\_MFA
|
7232
7341
|
#
|
7233
7342
|
# : `"ChallengeName": "SMS_MFA", "ChallengeResponses":
|
7234
|
-
# \{"SMS_MFA_CODE": "[
|
7343
|
+
# \{"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"\}`
|
7344
|
+
#
|
7345
|
+
# EMAIL\_OTP
|
7346
|
+
#
|
7347
|
+
# : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
|
7348
|
+
# \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
|
7235
7349
|
#
|
7236
7350
|
# PASSWORD\_VERIFIER
|
7237
7351
|
#
|
7238
|
-
# :
|
7352
|
+
# : This challenge response is part of the SRP flow. Amazon Cognito
|
7353
|
+
# requires that your application respond to this challenge within a
|
7354
|
+
# few seconds. When the response time exceeds this period, your user
|
7355
|
+
# pool returns a `NotAuthorizedException` error.
|
7356
|
+
#
|
7357
|
+
# `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
|
7239
7358
|
# \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
|
7240
7359
|
# "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
|
7241
7360
|
# [timestamp], "USERNAME": "[username]"\}`
|
@@ -7541,10 +7660,10 @@ module Aws::CognitoIdentityProvider
|
|
7541
7660
|
# for the user pool.
|
7542
7661
|
#
|
7543
7662
|
# @!attribute [rw] enabled
|
7544
|
-
# Specifies whether SMS
|
7545
|
-
#
|
7546
|
-
#
|
7547
|
-
#
|
7663
|
+
# Specifies whether SMS message MFA is activated. If an MFA type is
|
7664
|
+
# activated for a user, the user will be prompted for MFA during all
|
7665
|
+
# sign-in attempts, unless device tracking is turned on and the device
|
7666
|
+
# has been trusted.
|
7548
7667
|
# @return [Boolean]
|
7549
7668
|
#
|
7550
7669
|
# @!attribute [rw] preferred_mfa
|
@@ -7791,13 +7910,28 @@ module Aws::CognitoIdentityProvider
|
|
7791
7910
|
end
|
7792
7911
|
|
7793
7912
|
# @!attribute [rw] sms_mfa_settings
|
7794
|
-
#
|
7913
|
+
# User preferences for SMS message MFA. Activates or deactivates SMS
|
7914
|
+
# MFA and sets it as the preferred MFA method when multiple methods
|
7915
|
+
# are available.
|
7795
7916
|
# @return [Types::SMSMfaSettingsType]
|
7796
7917
|
#
|
7797
7918
|
# @!attribute [rw] software_token_mfa_settings
|
7798
|
-
#
|
7919
|
+
# User preferences for time-based one-time password (TOTP) MFA.
|
7920
|
+
# Activates or deactivates TOTP MFA and sets it as the preferred MFA
|
7921
|
+
# method when multiple methods are available.
|
7799
7922
|
# @return [Types::SoftwareTokenMfaSettingsType]
|
7800
7923
|
#
|
7924
|
+
# @!attribute [rw] email_mfa_settings
|
7925
|
+
# User preferences for email message MFA. Activates or deactivates
|
7926
|
+
# email MFA and sets it as the preferred MFA method when multiple
|
7927
|
+
# methods are available. To activate this setting, [ advanced security
|
7928
|
+
# features][1] must be active in your user pool.
|
7929
|
+
#
|
7930
|
+
#
|
7931
|
+
#
|
7932
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
7933
|
+
# @return [Types::EmailMfaSettingsType]
|
7934
|
+
#
|
7801
7935
|
# @!attribute [rw] access_token
|
7802
7936
|
# A valid access token that Amazon Cognito issued to the user whose
|
7803
7937
|
# MFA preference you want to set.
|
@@ -7808,6 +7942,7 @@ module Aws::CognitoIdentityProvider
|
|
7808
7942
|
class SetUserMFAPreferenceRequest < Struct.new(
|
7809
7943
|
:sms_mfa_settings,
|
7810
7944
|
:software_token_mfa_settings,
|
7945
|
+
:email_mfa_settings,
|
7811
7946
|
:access_token)
|
7812
7947
|
SENSITIVE = [:access_token]
|
7813
7948
|
include Aws::Structure
|
@@ -7822,13 +7957,26 @@ module Aws::CognitoIdentityProvider
|
|
7822
7957
|
# @return [String]
|
7823
7958
|
#
|
7824
7959
|
# @!attribute [rw] sms_mfa_configuration
|
7825
|
-
#
|
7960
|
+
# Configures user pool SMS messages for MFA. Sets the message template
|
7961
|
+
# and the SMS message sending configuration for Amazon SNS.
|
7826
7962
|
# @return [Types::SmsMfaConfigType]
|
7827
7963
|
#
|
7828
7964
|
# @!attribute [rw] software_token_mfa_configuration
|
7829
|
-
#
|
7965
|
+
# Configures a user pool for time-based one-time password (TOTP) MFA.
|
7966
|
+
# Enables or disables TOTP.
|
7830
7967
|
# @return [Types::SoftwareTokenMfaConfigType]
|
7831
7968
|
#
|
7969
|
+
# @!attribute [rw] email_mfa_configuration
|
7970
|
+
# Configures user pool email messages for MFA. Sets the subject and
|
7971
|
+
# body of the email message template for MFA messages. To activate
|
7972
|
+
# this setting, [ advanced security features][1] must be active in
|
7973
|
+
# your user pool.
|
7974
|
+
#
|
7975
|
+
#
|
7976
|
+
#
|
7977
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
7978
|
+
# @return [Types::EmailMfaConfigType]
|
7979
|
+
#
|
7832
7980
|
# @!attribute [rw] mfa_configuration
|
7833
7981
|
# The MFA configuration. If you set the MfaConfiguration value to
|
7834
7982
|
# ‘ON’, only users who have set up an MFA factor can sign in. To learn
|
@@ -7853,19 +8001,34 @@ module Aws::CognitoIdentityProvider
|
|
7853
8001
|
:user_pool_id,
|
7854
8002
|
:sms_mfa_configuration,
|
7855
8003
|
:software_token_mfa_configuration,
|
8004
|
+
:email_mfa_configuration,
|
7856
8005
|
:mfa_configuration)
|
7857
8006
|
SENSITIVE = []
|
7858
8007
|
include Aws::Structure
|
7859
8008
|
end
|
7860
8009
|
|
7861
8010
|
# @!attribute [rw] sms_mfa_configuration
|
7862
|
-
#
|
8011
|
+
# Shows user pool SMS message configuration for MFA. Includes the
|
8012
|
+
# message template and the SMS message sending configuration for
|
8013
|
+
# Amazon SNS.
|
7863
8014
|
# @return [Types::SmsMfaConfigType]
|
7864
8015
|
#
|
7865
8016
|
# @!attribute [rw] software_token_mfa_configuration
|
7866
|
-
#
|
8017
|
+
# Shows user pool configuration for time-based one-time password
|
8018
|
+
# (TOTP) MFA. Includes TOTP enabled or disabled state.
|
7867
8019
|
# @return [Types::SoftwareTokenMfaConfigType]
|
7868
8020
|
#
|
8021
|
+
# @!attribute [rw] email_mfa_configuration
|
8022
|
+
# Shows user pool email message configuration for MFA. Includes the
|
8023
|
+
# subject and body of the email message template for MFA messages. To
|
8024
|
+
# activate this setting, [ advanced security features][1] must be
|
8025
|
+
# active in your user pool.
|
8026
|
+
#
|
8027
|
+
#
|
8028
|
+
#
|
8029
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
8030
|
+
# @return [Types::EmailMfaConfigType]
|
8031
|
+
#
|
7869
8032
|
# @!attribute [rw] mfa_configuration
|
7870
8033
|
# The MFA configuration. Valid values include:
|
7871
8034
|
#
|
@@ -7882,6 +8045,7 @@ module Aws::CognitoIdentityProvider
|
|
7882
8045
|
class SetUserPoolMfaConfigResponse < Struct.new(
|
7883
8046
|
:sms_mfa_configuration,
|
7884
8047
|
:software_token_mfa_configuration,
|
8048
|
+
:email_mfa_configuration,
|
7885
8049
|
:mfa_configuration)
|
7886
8050
|
SENSITIVE = []
|
7887
8051
|
include Aws::Structure
|
@@ -8122,14 +8286,16 @@ module Aws::CognitoIdentityProvider
|
|
8122
8286
|
include Aws::Structure
|
8123
8287
|
end
|
8124
8288
|
|
8125
|
-
#
|
8126
|
-
#
|
8289
|
+
# Configures user pool SMS messages for multi-factor authentication
|
8290
|
+
# (MFA). Sets the message template and the SMS message sending
|
8291
|
+
# configuration for Amazon SNS.
|
8127
8292
|
#
|
8128
8293
|
# @!attribute [rw] sms_authentication_message
|
8129
|
-
# The SMS
|
8130
|
-
#
|
8131
|
-
#
|
8132
|
-
#
|
8294
|
+
# The SMS message that your user pool sends to users with an MFA code.
|
8295
|
+
# The message must contain the `\{####\}` placeholder. In the message,
|
8296
|
+
# Amazon Cognito replaces this placeholder with the code. If you
|
8297
|
+
# don't provide this parameter, Amazon Cognito sends messages in the
|
8298
|
+
# default format.
|
8133
8299
|
# @return [String]
|
8134
8300
|
#
|
8135
8301
|
# @!attribute [rw] sms_configuration
|
@@ -8165,7 +8331,8 @@ module Aws::CognitoIdentityProvider
|
|
8165
8331
|
include Aws::Structure
|
8166
8332
|
end
|
8167
8333
|
|
8168
|
-
#
|
8334
|
+
# Configures a user pool for time-based one-time password (TOTP)
|
8335
|
+
# multi-factor authentication (MFA). Enables or disables TOTP.
|
8169
8336
|
#
|
8170
8337
|
# @!attribute [rw] enabled
|
8171
8338
|
# Specifies whether software token MFA is activated.
|
@@ -9046,20 +9213,21 @@ module Aws::CognitoIdentityProvider
|
|
9046
9213
|
#
|
9047
9214
|
# @!attribute [rw] read_attributes
|
9048
9215
|
# The list of user attributes that you want your app client to have
|
9049
|
-
# read
|
9050
|
-
#
|
9051
|
-
#
|
9052
|
-
#
|
9216
|
+
# read access to. After your user authenticates in your app, their
|
9217
|
+
# access token authorizes them to read their own attribute value for
|
9218
|
+
# any attribute in this list. An example of this kind of activity is
|
9219
|
+
# when your user selects a link to view their profile information.
|
9053
9220
|
# Your app makes a [GetUser][1] API request to retrieve and display
|
9054
9221
|
# your user's profile data.
|
9055
9222
|
#
|
9056
9223
|
# When you don't specify the `ReadAttributes` for your app client,
|
9057
9224
|
# your app can read the values of `email_verified`,
|
9058
9225
|
# `phone_number_verified`, and the Standard attributes of your user
|
9059
|
-
# pool. When your user pool has read access to these
|
9060
|
-
# attributes, `ReadAttributes` doesn't return any
|
9061
|
-
# Cognito only populates `ReadAttributes` in the
|
9062
|
-
# have specified your own custom set of read
|
9226
|
+
# pool. When your user pool app client has read access to these
|
9227
|
+
# default attributes, `ReadAttributes` doesn't return any
|
9228
|
+
# information. Amazon Cognito only populates `ReadAttributes` in the
|
9229
|
+
# API response if you have specified your own custom set of read
|
9230
|
+
# attributes.
|
9063
9231
|
#
|
9064
9232
|
#
|
9065
9233
|
#
|
@@ -9996,20 +10164,21 @@ module Aws::CognitoIdentityProvider
|
|
9996
10164
|
#
|
9997
10165
|
# @!attribute [rw] read_attributes
|
9998
10166
|
# The list of user attributes that you want your app client to have
|
9999
|
-
# read
|
10000
|
-
#
|
10001
|
-
#
|
10002
|
-
#
|
10167
|
+
# read access to. After your user authenticates in your app, their
|
10168
|
+
# access token authorizes them to read their own attribute value for
|
10169
|
+
# any attribute in this list. An example of this kind of activity is
|
10170
|
+
# when your user selects a link to view their profile information.
|
10003
10171
|
# Your app makes a [GetUser][1] API request to retrieve and display
|
10004
10172
|
# your user's profile data.
|
10005
10173
|
#
|
10006
10174
|
# When you don't specify the `ReadAttributes` for your app client,
|
10007
10175
|
# your app can read the values of `email_verified`,
|
10008
10176
|
# `phone_number_verified`, and the Standard attributes of your user
|
10009
|
-
# pool. When your user pool has read access to these
|
10010
|
-
# attributes, `ReadAttributes` doesn't return any
|
10011
|
-
# Cognito only populates `ReadAttributes` in the
|
10012
|
-
# have specified your own custom set of read
|
10177
|
+
# pool. When your user pool app client has read access to these
|
10178
|
+
# default attributes, `ReadAttributes` doesn't return any
|
10179
|
+
# information. Amazon Cognito only populates `ReadAttributes` in the
|
10180
|
+
# API response if you have specified your own custom set of read
|
10181
|
+
# attributes.
|
10013
10182
|
#
|
10014
10183
|
#
|
10015
10184
|
#
|
data/sig/client.rbs
CHANGED
@@ -15,6 +15,7 @@ module Aws
|
|
15
15
|
?credentials: untyped,
|
16
16
|
?region: String,
|
17
17
|
?access_key_id: String,
|
18
|
+
?account_id: String,
|
18
19
|
?active_endpoint_cache: bool,
|
19
20
|
?adaptive_retry_wait_to_fill: bool,
|
20
21
|
?client_side_monitoring: bool,
|
@@ -241,7 +242,7 @@ module Aws
|
|
241
242
|
|
242
243
|
interface _AdminInitiateAuthResponseSuccess
|
243
244
|
include ::Seahorse::Client::_ResponseSuccess[Types::AdminInitiateAuthResponse]
|
244
|
-
def challenge_name: () -> ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
|
245
|
+
def challenge_name: () -> ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
|
245
246
|
def session: () -> ::String
|
246
247
|
def challenge_parameters: () -> ::Hash[::String, ::String]
|
247
248
|
def authentication_result: () -> Types::AuthenticationResultType
|
@@ -353,7 +354,7 @@ module Aws
|
|
353
354
|
|
354
355
|
interface _AdminRespondToAuthChallengeResponseSuccess
|
355
356
|
include ::Seahorse::Client::_ResponseSuccess[Types::AdminRespondToAuthChallengeResponse]
|
356
|
-
def challenge_name: () -> ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
|
357
|
+
def challenge_name: () -> ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
|
357
358
|
def session: () -> ::String
|
358
359
|
def challenge_parameters: () -> ::Hash[::String, ::String]
|
359
360
|
def authentication_result: () -> Types::AuthenticationResultType
|
@@ -362,7 +363,7 @@ module Aws
|
|
362
363
|
def admin_respond_to_auth_challenge: (
|
363
364
|
user_pool_id: ::String,
|
364
365
|
client_id: ::String,
|
365
|
-
challenge_name: ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED"),
|
366
|
+
challenge_name: ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED"),
|
366
367
|
?challenge_responses: Hash[::String, ::String],
|
367
368
|
?session: ::String,
|
368
369
|
?analytics_metadata: {
|
@@ -397,6 +398,10 @@ module Aws
|
|
397
398
|
enabled: bool?,
|
398
399
|
preferred_mfa: bool?
|
399
400
|
},
|
401
|
+
?email_mfa_settings: {
|
402
|
+
enabled: bool?,
|
403
|
+
preferred_mfa: bool?
|
404
|
+
},
|
400
405
|
username: ::String,
|
401
406
|
user_pool_id: ::String
|
402
407
|
) -> _AdminSetUserMFAPreferenceResponseSuccess
|
@@ -1069,6 +1074,7 @@ module Aws
|
|
1069
1074
|
include ::Seahorse::Client::_ResponseSuccess[Types::GetUserPoolMfaConfigResponse]
|
1070
1075
|
def sms_mfa_configuration: () -> Types::SmsMfaConfigType
|
1071
1076
|
def software_token_mfa_configuration: () -> Types::SoftwareTokenMfaConfigType
|
1077
|
+
def email_mfa_configuration: () -> Types::EmailMfaConfigType
|
1072
1078
|
def mfa_configuration: () -> ("OFF" | "ON" | "OPTIONAL")
|
1073
1079
|
end
|
1074
1080
|
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html#get_user_pool_mfa_config-instance_method
|
@@ -1088,7 +1094,7 @@ module Aws
|
|
1088
1094
|
|
1089
1095
|
interface _InitiateAuthResponseSuccess
|
1090
1096
|
include ::Seahorse::Client::_ResponseSuccess[Types::InitiateAuthResponse]
|
1091
|
-
def challenge_name: () -> ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
|
1097
|
+
def challenge_name: () -> ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
|
1092
1098
|
def session: () -> ::String
|
1093
1099
|
def challenge_parameters: () -> ::Hash[::String, ::String]
|
1094
1100
|
def authentication_result: () -> Types::AuthenticationResultType
|
@@ -1260,7 +1266,7 @@ module Aws
|
|
1260
1266
|
|
1261
1267
|
interface _RespondToAuthChallengeResponseSuccess
|
1262
1268
|
include ::Seahorse::Client::_ResponseSuccess[Types::RespondToAuthChallengeResponse]
|
1263
|
-
def challenge_name: () -> ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
|
1269
|
+
def challenge_name: () -> ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
|
1264
1270
|
def session: () -> ::String
|
1265
1271
|
def challenge_parameters: () -> ::Hash[::String, ::String]
|
1266
1272
|
def authentication_result: () -> Types::AuthenticationResultType
|
@@ -1268,7 +1274,7 @@ module Aws
|
|
1268
1274
|
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html#respond_to_auth_challenge-instance_method
|
1269
1275
|
def respond_to_auth_challenge: (
|
1270
1276
|
client_id: ::String,
|
1271
|
-
challenge_name: ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED"),
|
1277
|
+
challenge_name: ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED"),
|
1272
1278
|
?session: ::String,
|
1273
1279
|
?challenge_responses: Hash[::String, ::String],
|
1274
1280
|
?analytics_metadata: {
|
@@ -1401,6 +1407,10 @@ module Aws
|
|
1401
1407
|
enabled: bool?,
|
1402
1408
|
preferred_mfa: bool?
|
1403
1409
|
},
|
1410
|
+
?email_mfa_settings: {
|
1411
|
+
enabled: bool?,
|
1412
|
+
preferred_mfa: bool?
|
1413
|
+
},
|
1404
1414
|
access_token: ::String
|
1405
1415
|
) -> _SetUserMFAPreferenceResponseSuccess
|
1406
1416
|
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _SetUserMFAPreferenceResponseSuccess
|
@@ -1409,6 +1419,7 @@ module Aws
|
|
1409
1419
|
include ::Seahorse::Client::_ResponseSuccess[Types::SetUserPoolMfaConfigResponse]
|
1410
1420
|
def sms_mfa_configuration: () -> Types::SmsMfaConfigType
|
1411
1421
|
def software_token_mfa_configuration: () -> Types::SoftwareTokenMfaConfigType
|
1422
|
+
def email_mfa_configuration: () -> Types::EmailMfaConfigType
|
1412
1423
|
def mfa_configuration: () -> ("OFF" | "ON" | "OPTIONAL")
|
1413
1424
|
end
|
1414
1425
|
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html#set_user_pool_mfa_config-instance_method
|
@@ -1425,6 +1436,10 @@ module Aws
|
|
1425
1436
|
?software_token_mfa_configuration: {
|
1426
1437
|
enabled: bool?
|
1427
1438
|
},
|
1439
|
+
?email_mfa_configuration: {
|
1440
|
+
message: ::String?,
|
1441
|
+
subject: ::String?
|
1442
|
+
},
|
1428
1443
|
?mfa_configuration: ("OFF" | "ON" | "OPTIONAL")
|
1429
1444
|
) -> _SetUserPoolMfaConfigResponseSuccess
|
1430
1445
|
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _SetUserPoolMfaConfigResponseSuccess
|