aws-sdk-cognitoidentityprovider 1.103.0 → 1.105.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -15,11 +15,11 @@ module Aws::CognitoIdentityProvider
15
15
  :endpoint_provider,
16
16
  doc_type: 'Aws::CognitoIdentityProvider::EndpointProvider',
17
17
  rbs_type: 'untyped',
18
- docstring: 'The endpoint provider used to resolve endpoints. Any '\
19
- 'object that responds to `#resolve_endpoint(parameters)` '\
20
- 'where `parameters` is a Struct similar to '\
21
- '`Aws::CognitoIdentityProvider::EndpointParameters`'
22
- ) do |cfg|
18
+ docstring: <<~DOCS) do |_cfg|
19
+ The endpoint provider used to resolve endpoints. Any object that responds to
20
+ `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
21
+ `Aws::CognitoIdentityProvider::EndpointParameters`.
22
+ DOCS
23
23
  Aws::CognitoIdentityProvider::EndpointProvider.new
24
24
  end
25
25
 
@@ -51,6 +51,9 @@ module Aws::CognitoIdentityProvider
51
51
  if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
52
52
  metrics << 'SIGV4A_SIGNING'
53
53
  end
54
+ if context.config.credentials&.credentials&.account_id
55
+ metrics << 'RESOLVED_ACCOUNT_ID'
56
+ end
54
57
  Aws::Plugins::UserAgent.metric(*metrics, &block)
55
58
  end
56
59
 
@@ -762,7 +762,7 @@ module Aws::CognitoIdentityProvider
762
762
  #
763
763
  # @!attribute [rw] user_mfa_setting_list
764
764
  # The MFA options that are activated for the user. The possible values
765
- # in this list are `SMS_MFA` and `SOFTWARE_TOKEN_MFA`.
765
+ # in this list are `SMS_MFA`, `EMAIL_OTP`, and `SOFTWARE_TOKEN_MFA`.
766
766
  # @return [Array<String>]
767
767
  #
768
768
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminGetUserResponse AWS API Documentation
@@ -960,11 +960,15 @@ module Aws::CognitoIdentityProvider
960
960
  # to authenticate.
961
961
  #
962
962
  # * `SELECT_MFA_TYPE`: Selects the MFA type. Valid MFA options are
963
- # `SMS_MFA` for text SMS MFA, and `SOFTWARE_TOKEN_MFA` for
964
- # time-based one-time password (TOTP) software token MFA.
963
+ # `SMS_MFA` for SMS message MFA, `EMAIL_OTP` for email message MFA,
964
+ # and `SOFTWARE_TOKEN_MFA` for time-based one-time password (TOTP)
965
+ # software token MFA.
965
966
  #
966
- # * `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`,
967
- # delivered via SMS.
967
+ # * `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`that your
968
+ # user pool delivered in an SMS message.
969
+ #
970
+ # * `EMAIL_OTP`: Next challenge is to supply an `EMAIL_OTP_CODE` that
971
+ # your user pool delivered in an email message.
968
972
  #
969
973
  # * `PASSWORD_VERIFIER`: Next challenge is to supply
970
974
  # `PASSWORD_CLAIM_SIGNATURE`, `PASSWORD_CLAIM_SECRET_BLOCK`, and
@@ -1430,11 +1434,21 @@ module Aws::CognitoIdentityProvider
1430
1434
  # SMS\_MFA
1431
1435
  #
1432
1436
  # : `"ChallengeName": "SMS_MFA", "ChallengeResponses":
1433
- # \{"SMS_MFA_CODE": "[SMS_code]", "USERNAME": "[username]"\}`
1437
+ # \{"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"\}`
1438
+ #
1439
+ # EMAIL\_OTP
1440
+ #
1441
+ # : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
1442
+ # \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
1434
1443
  #
1435
1444
  # PASSWORD\_VERIFIER
1436
1445
  #
1437
- # : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
1446
+ # : This challenge response is part of the SRP flow. Amazon Cognito
1447
+ # requires that your application respond to this challenge within a
1448
+ # few seconds. When the response time exceeds this period, your user
1449
+ # pool returns a `NotAuthorizedException` error.
1450
+ #
1451
+ # `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
1438
1452
  # \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
1439
1453
  # "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
1440
1454
  # [timestamp], "USERNAME": "[username]"\}`
@@ -1648,13 +1662,28 @@ module Aws::CognitoIdentityProvider
1648
1662
  end
1649
1663
 
1650
1664
  # @!attribute [rw] sms_mfa_settings
1651
- # The SMS text message MFA settings.
1665
+ # User preferences for SMS message MFA. Activates or deactivates SMS
1666
+ # MFA and sets it as the preferred MFA method when multiple methods
1667
+ # are available.
1652
1668
  # @return [Types::SMSMfaSettingsType]
1653
1669
  #
1654
1670
  # @!attribute [rw] software_token_mfa_settings
1655
- # The time-based one-time password software token MFA settings.
1671
+ # User preferences for time-based one-time password (TOTP) MFA.
1672
+ # Activates or deactivates TOTP MFA and sets it as the preferred MFA
1673
+ # method when multiple methods are available.
1656
1674
  # @return [Types::SoftwareTokenMfaSettingsType]
1657
1675
  #
1676
+ # @!attribute [rw] email_mfa_settings
1677
+ # User preferences for email message MFA. Activates or deactivates
1678
+ # email MFA and sets it as the preferred MFA method when multiple
1679
+ # methods are available. To activate this setting, [ advanced security
1680
+ # features][1] must be active in your user pool.
1681
+ #
1682
+ #
1683
+ #
1684
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
1685
+ # @return [Types::EmailMfaSettingsType]
1686
+ #
1658
1687
  # @!attribute [rw] username
1659
1688
  # The username of the user that you want to query or modify. The value
1660
1689
  # of this parameter is typically your user's username, but it can be
@@ -1664,7 +1693,8 @@ module Aws::CognitoIdentityProvider
1664
1693
  # @return [String]
1665
1694
  #
1666
1695
  # @!attribute [rw] user_pool_id
1667
- # The user pool ID.
1696
+ # The ID of the user pool where you want to set a user's MFA
1697
+ # preferences.
1668
1698
  # @return [String]
1669
1699
  #
1670
1700
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminSetUserMFAPreferenceRequest AWS API Documentation
@@ -1672,6 +1702,7 @@ module Aws::CognitoIdentityProvider
1672
1702
  class AdminSetUserMFAPreferenceRequest < Struct.new(
1673
1703
  :sms_mfa_settings,
1674
1704
  :software_token_mfa_settings,
1705
+ :email_mfa_settings,
1675
1706
  :username,
1676
1707
  :user_pool_id)
1677
1708
  SENSITIVE = [:username]
@@ -3115,20 +3146,21 @@ module Aws::CognitoIdentityProvider
3115
3146
  #
3116
3147
  # @!attribute [rw] read_attributes
3117
3148
  # The list of user attributes that you want your app client to have
3118
- # read-only access to. After your user authenticates in your app,
3119
- # their access token authorizes them to read their own attribute value
3120
- # for any attribute in this list. An example of this kind of activity
3121
- # is when your user selects a link to view their profile information.
3149
+ # read access to. After your user authenticates in your app, their
3150
+ # access token authorizes them to read their own attribute value for
3151
+ # any attribute in this list. An example of this kind of activity is
3152
+ # when your user selects a link to view their profile information.
3122
3153
  # Your app makes a [GetUser][1] API request to retrieve and display
3123
3154
  # your user's profile data.
3124
3155
  #
3125
3156
  # When you don't specify the `ReadAttributes` for your app client,
3126
3157
  # your app can read the values of `email_verified`,
3127
3158
  # `phone_number_verified`, and the Standard attributes of your user
3128
- # pool. When your user pool has read access to these default
3129
- # attributes, `ReadAttributes` doesn't return any information. Amazon
3130
- # Cognito only populates `ReadAttributes` in the API response if you
3131
- # have specified your own custom set of read attributes.
3159
+ # pool. When your user pool app client has read access to these
3160
+ # default attributes, `ReadAttributes` doesn't return any
3161
+ # information. Amazon Cognito only populates `ReadAttributes` in the
3162
+ # API response if you have specified your own custom set of read
3163
+ # attributes.
3132
3164
  #
3133
3165
  #
3134
3166
  #
@@ -4503,6 +4535,66 @@ module Aws::CognitoIdentityProvider
4503
4535
  include Aws::Structure
4504
4536
  end
4505
4537
 
4538
+ # Sets or shows user pool email message configuration for MFA. Includes
4539
+ # the subject and body of the email message template for MFA messages.
4540
+ # To activate this setting, [ advanced security features][1] must be
4541
+ # active in your user pool.
4542
+ #
4543
+ #
4544
+ #
4545
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
4546
+ #
4547
+ # @!attribute [rw] message
4548
+ # The template for the email message that your user pool sends to
4549
+ # users with an MFA code. The message must contain the `\{####\}`
4550
+ # placeholder. In the message, Amazon Cognito replaces this
4551
+ # placeholder with the code. If you don't provide this parameter,
4552
+ # Amazon Cognito sends messages in the default format.
4553
+ # @return [String]
4554
+ #
4555
+ # @!attribute [rw] subject
4556
+ # The subject of the email message that your user pool sends to users
4557
+ # with an MFA code.
4558
+ # @return [String]
4559
+ #
4560
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/EmailMfaConfigType AWS API Documentation
4561
+ #
4562
+ class EmailMfaConfigType < Struct.new(
4563
+ :message,
4564
+ :subject)
4565
+ SENSITIVE = []
4566
+ include Aws::Structure
4567
+ end
4568
+
4569
+ # User preferences for multi-factor authentication with email messages.
4570
+ # Activates or deactivates email MFA and sets it as the preferred MFA
4571
+ # method when multiple methods are available. To activate this setting,
4572
+ # [ advanced security features][1] must be active in your user pool.
4573
+ #
4574
+ #
4575
+ #
4576
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
4577
+ #
4578
+ # @!attribute [rw] enabled
4579
+ # Specifies whether email message MFA is active for a user. When the
4580
+ # value of this parameter is `Enabled`, the user will be prompted for
4581
+ # MFA during all sign-in attempts, unless device tracking is turned on
4582
+ # and the device has been trusted.
4583
+ # @return [Boolean]
4584
+ #
4585
+ # @!attribute [rw] preferred_mfa
4586
+ # Specifies whether email message MFA is the user's preferred method.
4587
+ # @return [Boolean]
4588
+ #
4589
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/EmailMfaSettingsType AWS API Documentation
4590
+ #
4591
+ class EmailMfaSettingsType < Struct.new(
4592
+ :enabled,
4593
+ :preferred_mfa)
4594
+ SENSITIVE = []
4595
+ include Aws::Structure
4596
+ end
4597
+
4506
4598
  # This exception is thrown when there is a code mismatch and the service
4507
4599
  # fails to configure the software token TOTP multi-factor authentication
4508
4600
  # (MFA).
@@ -5074,14 +5166,27 @@ module Aws::CognitoIdentityProvider
5074
5166
  end
5075
5167
 
5076
5168
  # @!attribute [rw] sms_mfa_configuration
5077
- # The SMS text message multi-factor authentication (MFA)
5078
- # configuration.
5169
+ # Shows user pool SMS message configuration for MFA. Includes the
5170
+ # message template and the SMS message sending configuration for
5171
+ # Amazon SNS.
5079
5172
  # @return [Types::SmsMfaConfigType]
5080
5173
  #
5081
5174
  # @!attribute [rw] software_token_mfa_configuration
5082
- # The software token multi-factor authentication (MFA) configuration.
5175
+ # Shows user pool configuration for time-based one-time password
5176
+ # (TOTP) MFA. Includes TOTP enabled or disabled state.
5083
5177
  # @return [Types::SoftwareTokenMfaConfigType]
5084
5178
  #
5179
+ # @!attribute [rw] email_mfa_configuration
5180
+ # Shows user pool email message configuration for MFA. Includes the
5181
+ # subject and body of the email message template for MFA messages. To
5182
+ # activate this setting, [ advanced security features][1] must be
5183
+ # active in your user pool.
5184
+ #
5185
+ #
5186
+ #
5187
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
5188
+ # @return [Types::EmailMfaConfigType]
5189
+ #
5085
5190
  # @!attribute [rw] mfa_configuration
5086
5191
  # The multi-factor authentication (MFA) configuration. Valid values
5087
5192
  # include:
@@ -5099,6 +5204,7 @@ module Aws::CognitoIdentityProvider
5099
5204
  class GetUserPoolMfaConfigResponse < Struct.new(
5100
5205
  :sms_mfa_configuration,
5101
5206
  :software_token_mfa_configuration,
5207
+ :email_mfa_configuration,
5102
5208
  :mfa_configuration)
5103
5209
  SENSITIVE = []
5104
5210
  include Aws::Structure
@@ -5147,7 +5253,7 @@ module Aws::CognitoIdentityProvider
5147
5253
  #
5148
5254
  # @!attribute [rw] user_mfa_setting_list
5149
5255
  # The MFA options that are activated for the user. The possible values
5150
- # in this list are `SMS_MFA` and `SOFTWARE_TOKEN_MFA`.
5256
+ # in this list are `SMS_MFA`, `EMAIL_OTP`, and `SOFTWARE_TOKEN_MFA`.
5151
5257
  # @return [Array<String>]
5152
5258
  #
5153
5259
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserResponse AWS API Documentation
@@ -5629,8 +5735,11 @@ module Aws::CognitoIdentityProvider
5629
5735
  #
5630
5736
  # </note>
5631
5737
  #
5632
- # * `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`,
5633
- # delivered via SMS.
5738
+ # * `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`that your
5739
+ # user pool delivered in an SMS message.
5740
+ #
5741
+ # * `EMAIL_OTP`: Next challenge is to supply an `EMAIL_OTP_CODE` that
5742
+ # your user pool delivered in an email message.
5634
5743
  #
5635
5744
  # * `PASSWORD_VERIFIER`: Next challenge is to supply
5636
5745
  # `PASSWORD_CLAIM_SIGNATURE`, `PASSWORD_CLAIM_SECRET_BLOCK`, and
@@ -7231,11 +7340,21 @@ module Aws::CognitoIdentityProvider
7231
7340
  # SMS\_MFA
7232
7341
  #
7233
7342
  # : `"ChallengeName": "SMS_MFA", "ChallengeResponses":
7234
- # \{"SMS_MFA_CODE": "[SMS_code]", "USERNAME": "[username]"\}`
7343
+ # \{"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"\}`
7344
+ #
7345
+ # EMAIL\_OTP
7346
+ #
7347
+ # : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
7348
+ # \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
7235
7349
  #
7236
7350
  # PASSWORD\_VERIFIER
7237
7351
  #
7238
- # : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
7352
+ # : This challenge response is part of the SRP flow. Amazon Cognito
7353
+ # requires that your application respond to this challenge within a
7354
+ # few seconds. When the response time exceeds this period, your user
7355
+ # pool returns a `NotAuthorizedException` error.
7356
+ #
7357
+ # `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
7239
7358
  # \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
7240
7359
  # "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
7241
7360
  # [timestamp], "USERNAME": "[username]"\}`
@@ -7541,10 +7660,10 @@ module Aws::CognitoIdentityProvider
7541
7660
  # for the user pool.
7542
7661
  #
7543
7662
  # @!attribute [rw] enabled
7544
- # Specifies whether SMS text message MFA is activated. If an MFA type
7545
- # is activated for a user, the user will be prompted for MFA during
7546
- # all sign-in attempts, unless device tracking is turned on and the
7547
- # device has been trusted.
7663
+ # Specifies whether SMS message MFA is activated. If an MFA type is
7664
+ # activated for a user, the user will be prompted for MFA during all
7665
+ # sign-in attempts, unless device tracking is turned on and the device
7666
+ # has been trusted.
7548
7667
  # @return [Boolean]
7549
7668
  #
7550
7669
  # @!attribute [rw] preferred_mfa
@@ -7791,13 +7910,28 @@ module Aws::CognitoIdentityProvider
7791
7910
  end
7792
7911
 
7793
7912
  # @!attribute [rw] sms_mfa_settings
7794
- # The SMS text message multi-factor authentication (MFA) settings.
7913
+ # User preferences for SMS message MFA. Activates or deactivates SMS
7914
+ # MFA and sets it as the preferred MFA method when multiple methods
7915
+ # are available.
7795
7916
  # @return [Types::SMSMfaSettingsType]
7796
7917
  #
7797
7918
  # @!attribute [rw] software_token_mfa_settings
7798
- # The time-based one-time password (TOTP) software token MFA settings.
7919
+ # User preferences for time-based one-time password (TOTP) MFA.
7920
+ # Activates or deactivates TOTP MFA and sets it as the preferred MFA
7921
+ # method when multiple methods are available.
7799
7922
  # @return [Types::SoftwareTokenMfaSettingsType]
7800
7923
  #
7924
+ # @!attribute [rw] email_mfa_settings
7925
+ # User preferences for email message MFA. Activates or deactivates
7926
+ # email MFA and sets it as the preferred MFA method when multiple
7927
+ # methods are available. To activate this setting, [ advanced security
7928
+ # features][1] must be active in your user pool.
7929
+ #
7930
+ #
7931
+ #
7932
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
7933
+ # @return [Types::EmailMfaSettingsType]
7934
+ #
7801
7935
  # @!attribute [rw] access_token
7802
7936
  # A valid access token that Amazon Cognito issued to the user whose
7803
7937
  # MFA preference you want to set.
@@ -7808,6 +7942,7 @@ module Aws::CognitoIdentityProvider
7808
7942
  class SetUserMFAPreferenceRequest < Struct.new(
7809
7943
  :sms_mfa_settings,
7810
7944
  :software_token_mfa_settings,
7945
+ :email_mfa_settings,
7811
7946
  :access_token)
7812
7947
  SENSITIVE = [:access_token]
7813
7948
  include Aws::Structure
@@ -7822,13 +7957,26 @@ module Aws::CognitoIdentityProvider
7822
7957
  # @return [String]
7823
7958
  #
7824
7959
  # @!attribute [rw] sms_mfa_configuration
7825
- # The SMS text message MFA configuration.
7960
+ # Configures user pool SMS messages for MFA. Sets the message template
7961
+ # and the SMS message sending configuration for Amazon SNS.
7826
7962
  # @return [Types::SmsMfaConfigType]
7827
7963
  #
7828
7964
  # @!attribute [rw] software_token_mfa_configuration
7829
- # The software token MFA configuration.
7965
+ # Configures a user pool for time-based one-time password (TOTP) MFA.
7966
+ # Enables or disables TOTP.
7830
7967
  # @return [Types::SoftwareTokenMfaConfigType]
7831
7968
  #
7969
+ # @!attribute [rw] email_mfa_configuration
7970
+ # Configures user pool email messages for MFA. Sets the subject and
7971
+ # body of the email message template for MFA messages. To activate
7972
+ # this setting, [ advanced security features][1] must be active in
7973
+ # your user pool.
7974
+ #
7975
+ #
7976
+ #
7977
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
7978
+ # @return [Types::EmailMfaConfigType]
7979
+ #
7832
7980
  # @!attribute [rw] mfa_configuration
7833
7981
  # The MFA configuration. If you set the MfaConfiguration value to
7834
7982
  # ‘ON’, only users who have set up an MFA factor can sign in. To learn
@@ -7853,19 +8001,34 @@ module Aws::CognitoIdentityProvider
7853
8001
  :user_pool_id,
7854
8002
  :sms_mfa_configuration,
7855
8003
  :software_token_mfa_configuration,
8004
+ :email_mfa_configuration,
7856
8005
  :mfa_configuration)
7857
8006
  SENSITIVE = []
7858
8007
  include Aws::Structure
7859
8008
  end
7860
8009
 
7861
8010
  # @!attribute [rw] sms_mfa_configuration
7862
- # The SMS text message MFA configuration.
8011
+ # Shows user pool SMS message configuration for MFA. Includes the
8012
+ # message template and the SMS message sending configuration for
8013
+ # Amazon SNS.
7863
8014
  # @return [Types::SmsMfaConfigType]
7864
8015
  #
7865
8016
  # @!attribute [rw] software_token_mfa_configuration
7866
- # The software token MFA configuration.
8017
+ # Shows user pool configuration for time-based one-time password
8018
+ # (TOTP) MFA. Includes TOTP enabled or disabled state.
7867
8019
  # @return [Types::SoftwareTokenMfaConfigType]
7868
8020
  #
8021
+ # @!attribute [rw] email_mfa_configuration
8022
+ # Shows user pool email message configuration for MFA. Includes the
8023
+ # subject and body of the email message template for MFA messages. To
8024
+ # activate this setting, [ advanced security features][1] must be
8025
+ # active in your user pool.
8026
+ #
8027
+ #
8028
+ #
8029
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
8030
+ # @return [Types::EmailMfaConfigType]
8031
+ #
7869
8032
  # @!attribute [rw] mfa_configuration
7870
8033
  # The MFA configuration. Valid values include:
7871
8034
  #
@@ -7882,6 +8045,7 @@ module Aws::CognitoIdentityProvider
7882
8045
  class SetUserPoolMfaConfigResponse < Struct.new(
7883
8046
  :sms_mfa_configuration,
7884
8047
  :software_token_mfa_configuration,
8048
+ :email_mfa_configuration,
7885
8049
  :mfa_configuration)
7886
8050
  SENSITIVE = []
7887
8051
  include Aws::Structure
@@ -8122,14 +8286,16 @@ module Aws::CognitoIdentityProvider
8122
8286
  include Aws::Structure
8123
8287
  end
8124
8288
 
8125
- # The SMS text message multi-factor authentication (MFA) configuration
8126
- # type.
8289
+ # Configures user pool SMS messages for multi-factor authentication
8290
+ # (MFA). Sets the message template and the SMS message sending
8291
+ # configuration for Amazon SNS.
8127
8292
  #
8128
8293
  # @!attribute [rw] sms_authentication_message
8129
- # The SMS authentication message that will be sent to users with the
8130
- # code they must sign in. The message must contain the ‘\\\{####\\}
8131
- # placeholder, which is replaced with the code. If the message isn't
8132
- # included, and default message will be used.
8294
+ # The SMS message that your user pool sends to users with an MFA code.
8295
+ # The message must contain the `\{####\}` placeholder. In the message,
8296
+ # Amazon Cognito replaces this placeholder with the code. If you
8297
+ # don't provide this parameter, Amazon Cognito sends messages in the
8298
+ # default format.
8133
8299
  # @return [String]
8134
8300
  #
8135
8301
  # @!attribute [rw] sms_configuration
@@ -8165,7 +8331,8 @@ module Aws::CognitoIdentityProvider
8165
8331
  include Aws::Structure
8166
8332
  end
8167
8333
 
8168
- # The type used for enabling software token MFA at the user pool level.
8334
+ # Configures a user pool for time-based one-time password (TOTP)
8335
+ # multi-factor authentication (MFA). Enables or disables TOTP.
8169
8336
  #
8170
8337
  # @!attribute [rw] enabled
8171
8338
  # Specifies whether software token MFA is activated.
@@ -9046,20 +9213,21 @@ module Aws::CognitoIdentityProvider
9046
9213
  #
9047
9214
  # @!attribute [rw] read_attributes
9048
9215
  # The list of user attributes that you want your app client to have
9049
- # read-only access to. After your user authenticates in your app,
9050
- # their access token authorizes them to read their own attribute value
9051
- # for any attribute in this list. An example of this kind of activity
9052
- # is when your user selects a link to view their profile information.
9216
+ # read access to. After your user authenticates in your app, their
9217
+ # access token authorizes them to read their own attribute value for
9218
+ # any attribute in this list. An example of this kind of activity is
9219
+ # when your user selects a link to view their profile information.
9053
9220
  # Your app makes a [GetUser][1] API request to retrieve and display
9054
9221
  # your user's profile data.
9055
9222
  #
9056
9223
  # When you don't specify the `ReadAttributes` for your app client,
9057
9224
  # your app can read the values of `email_verified`,
9058
9225
  # `phone_number_verified`, and the Standard attributes of your user
9059
- # pool. When your user pool has read access to these default
9060
- # attributes, `ReadAttributes` doesn't return any information. Amazon
9061
- # Cognito only populates `ReadAttributes` in the API response if you
9062
- # have specified your own custom set of read attributes.
9226
+ # pool. When your user pool app client has read access to these
9227
+ # default attributes, `ReadAttributes` doesn't return any
9228
+ # information. Amazon Cognito only populates `ReadAttributes` in the
9229
+ # API response if you have specified your own custom set of read
9230
+ # attributes.
9063
9231
  #
9064
9232
  #
9065
9233
  #
@@ -9996,20 +10164,21 @@ module Aws::CognitoIdentityProvider
9996
10164
  #
9997
10165
  # @!attribute [rw] read_attributes
9998
10166
  # The list of user attributes that you want your app client to have
9999
- # read-only access to. After your user authenticates in your app,
10000
- # their access token authorizes them to read their own attribute value
10001
- # for any attribute in this list. An example of this kind of activity
10002
- # is when your user selects a link to view their profile information.
10167
+ # read access to. After your user authenticates in your app, their
10168
+ # access token authorizes them to read their own attribute value for
10169
+ # any attribute in this list. An example of this kind of activity is
10170
+ # when your user selects a link to view their profile information.
10003
10171
  # Your app makes a [GetUser][1] API request to retrieve and display
10004
10172
  # your user's profile data.
10005
10173
  #
10006
10174
  # When you don't specify the `ReadAttributes` for your app client,
10007
10175
  # your app can read the values of `email_verified`,
10008
10176
  # `phone_number_verified`, and the Standard attributes of your user
10009
- # pool. When your user pool has read access to these default
10010
- # attributes, `ReadAttributes` doesn't return any information. Amazon
10011
- # Cognito only populates `ReadAttributes` in the API response if you
10012
- # have specified your own custom set of read attributes.
10177
+ # pool. When your user pool app client has read access to these
10178
+ # default attributes, `ReadAttributes` doesn't return any
10179
+ # information. Amazon Cognito only populates `ReadAttributes` in the
10180
+ # API response if you have specified your own custom set of read
10181
+ # attributes.
10013
10182
  #
10014
10183
  #
10015
10184
  #
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
52
52
  # @!group service
53
53
  module Aws::CognitoIdentityProvider
54
54
 
55
- GEM_VERSION = '1.103.0'
55
+ GEM_VERSION = '1.105.0'
56
56
 
57
57
  end
data/sig/client.rbs CHANGED
@@ -15,6 +15,7 @@ module Aws
15
15
  ?credentials: untyped,
16
16
  ?region: String,
17
17
  ?access_key_id: String,
18
+ ?account_id: String,
18
19
  ?active_endpoint_cache: bool,
19
20
  ?adaptive_retry_wait_to_fill: bool,
20
21
  ?client_side_monitoring: bool,
@@ -241,7 +242,7 @@ module Aws
241
242
 
242
243
  interface _AdminInitiateAuthResponseSuccess
243
244
  include ::Seahorse::Client::_ResponseSuccess[Types::AdminInitiateAuthResponse]
244
- def challenge_name: () -> ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
245
+ def challenge_name: () -> ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
245
246
  def session: () -> ::String
246
247
  def challenge_parameters: () -> ::Hash[::String, ::String]
247
248
  def authentication_result: () -> Types::AuthenticationResultType
@@ -353,7 +354,7 @@ module Aws
353
354
 
354
355
  interface _AdminRespondToAuthChallengeResponseSuccess
355
356
  include ::Seahorse::Client::_ResponseSuccess[Types::AdminRespondToAuthChallengeResponse]
356
- def challenge_name: () -> ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
357
+ def challenge_name: () -> ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
357
358
  def session: () -> ::String
358
359
  def challenge_parameters: () -> ::Hash[::String, ::String]
359
360
  def authentication_result: () -> Types::AuthenticationResultType
@@ -362,7 +363,7 @@ module Aws
362
363
  def admin_respond_to_auth_challenge: (
363
364
  user_pool_id: ::String,
364
365
  client_id: ::String,
365
- challenge_name: ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED"),
366
+ challenge_name: ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED"),
366
367
  ?challenge_responses: Hash[::String, ::String],
367
368
  ?session: ::String,
368
369
  ?analytics_metadata: {
@@ -397,6 +398,10 @@ module Aws
397
398
  enabled: bool?,
398
399
  preferred_mfa: bool?
399
400
  },
401
+ ?email_mfa_settings: {
402
+ enabled: bool?,
403
+ preferred_mfa: bool?
404
+ },
400
405
  username: ::String,
401
406
  user_pool_id: ::String
402
407
  ) -> _AdminSetUserMFAPreferenceResponseSuccess
@@ -1069,6 +1074,7 @@ module Aws
1069
1074
  include ::Seahorse::Client::_ResponseSuccess[Types::GetUserPoolMfaConfigResponse]
1070
1075
  def sms_mfa_configuration: () -> Types::SmsMfaConfigType
1071
1076
  def software_token_mfa_configuration: () -> Types::SoftwareTokenMfaConfigType
1077
+ def email_mfa_configuration: () -> Types::EmailMfaConfigType
1072
1078
  def mfa_configuration: () -> ("OFF" | "ON" | "OPTIONAL")
1073
1079
  end
1074
1080
  # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html#get_user_pool_mfa_config-instance_method
@@ -1088,7 +1094,7 @@ module Aws
1088
1094
 
1089
1095
  interface _InitiateAuthResponseSuccess
1090
1096
  include ::Seahorse::Client::_ResponseSuccess[Types::InitiateAuthResponse]
1091
- def challenge_name: () -> ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
1097
+ def challenge_name: () -> ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
1092
1098
  def session: () -> ::String
1093
1099
  def challenge_parameters: () -> ::Hash[::String, ::String]
1094
1100
  def authentication_result: () -> Types::AuthenticationResultType
@@ -1260,7 +1266,7 @@ module Aws
1260
1266
 
1261
1267
  interface _RespondToAuthChallengeResponseSuccess
1262
1268
  include ::Seahorse::Client::_ResponseSuccess[Types::RespondToAuthChallengeResponse]
1263
- def challenge_name: () -> ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
1269
+ def challenge_name: () -> ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED")
1264
1270
  def session: () -> ::String
1265
1271
  def challenge_parameters: () -> ::Hash[::String, ::String]
1266
1272
  def authentication_result: () -> Types::AuthenticationResultType
@@ -1268,7 +1274,7 @@ module Aws
1268
1274
  # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html#respond_to_auth_challenge-instance_method
1269
1275
  def respond_to_auth_challenge: (
1270
1276
  client_id: ::String,
1271
- challenge_name: ("SMS_MFA" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED"),
1277
+ challenge_name: ("SMS_MFA" | "EMAIL_OTP" | "SOFTWARE_TOKEN_MFA" | "SELECT_MFA_TYPE" | "MFA_SETUP" | "PASSWORD_VERIFIER" | "CUSTOM_CHALLENGE" | "DEVICE_SRP_AUTH" | "DEVICE_PASSWORD_VERIFIER" | "ADMIN_NO_SRP_AUTH" | "NEW_PASSWORD_REQUIRED"),
1272
1278
  ?session: ::String,
1273
1279
  ?challenge_responses: Hash[::String, ::String],
1274
1280
  ?analytics_metadata: {
@@ -1401,6 +1407,10 @@ module Aws
1401
1407
  enabled: bool?,
1402
1408
  preferred_mfa: bool?
1403
1409
  },
1410
+ ?email_mfa_settings: {
1411
+ enabled: bool?,
1412
+ preferred_mfa: bool?
1413
+ },
1404
1414
  access_token: ::String
1405
1415
  ) -> _SetUserMFAPreferenceResponseSuccess
1406
1416
  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _SetUserMFAPreferenceResponseSuccess
@@ -1409,6 +1419,7 @@ module Aws
1409
1419
  include ::Seahorse::Client::_ResponseSuccess[Types::SetUserPoolMfaConfigResponse]
1410
1420
  def sms_mfa_configuration: () -> Types::SmsMfaConfigType
1411
1421
  def software_token_mfa_configuration: () -> Types::SoftwareTokenMfaConfigType
1422
+ def email_mfa_configuration: () -> Types::EmailMfaConfigType
1412
1423
  def mfa_configuration: () -> ("OFF" | "ON" | "OPTIONAL")
1413
1424
  end
1414
1425
  # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html#set_user_pool_mfa_config-instance_method
@@ -1425,6 +1436,10 @@ module Aws
1425
1436
  ?software_token_mfa_configuration: {
1426
1437
  enabled: bool?
1427
1438
  },
1439
+ ?email_mfa_configuration: {
1440
+ message: ::String?,
1441
+ subject: ::String?
1442
+ },
1428
1443
  ?mfa_configuration: ("OFF" | "ON" | "OPTIONAL")
1429
1444
  ) -> _SetUserPoolMfaConfigResponseSuccess
1430
1445
  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _SetUserPoolMfaConfigResponseSuccess
data/sig/resource.rbs CHANGED
@@ -15,6 +15,7 @@ module Aws
15
15
  ?credentials: untyped,
16
16
  ?region: String,
17
17
  ?access_key_id: String,
18
+ ?account_id: String,
18
19
  ?active_endpoint_cache: bool,
19
20
  ?adaptive_retry_wait_to_fill: bool,
20
21
  ?client_side_monitoring: bool,