aws-sdk-cognitoidentityprovider 1.2.0 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fba7de2a7c950a6af5bebdd0cbb5c04a7aff0eaa
4
- data.tar.gz: 89111edeef00331099500b2cd7fc9e3f92f747ae
3
+ metadata.gz: 5f579a85f5d766bcfd202bd81b7ced97576281c8
4
+ data.tar.gz: 4629c957130d09436555bde1e07a31588a018b4b
5
5
  SHA512:
6
- metadata.gz: 091d504333b7fcb8f4cc5bafdb38addcb677f98e014a7e749d2b5b0b939d3673ac3dca3ee16ee72694e3f49f92ea2e70a1f362e3513796071246a633c64e9848
7
- data.tar.gz: 2324e9f6eee3149b05cc40baa14c32b4a23a345d57e560eb726c2b07d75013b3a45e9ba2e39ae052c91d531270c486660d6270f044cabaf9df832d851d4143b0
6
+ metadata.gz: 4f1098817c331f5ec5e94b63465612cc03e2d097a0638c96763dd072cf60ff82a2e304f801904b3d2c641a1296594691c6abc1f30bfc9b4b2ecaf51f8cbd9dbe
7
+ data.tar.gz: 687ae24c147637a9aed5c0182f7bc9f8014c14e8ccc071fc079574a401f9fac3ac91ff3ad24160f6cdee978a3e77369bfa79a2010286dd3828bcd7bd43a29240
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
42
42
  # @service
43
43
  module Aws::CognitoIdentityProvider
44
44
 
45
- GEM_VERSION = '1.2.0'
45
+ GEM_VERSION = '1.3.0'
46
46
 
47
47
  end
@@ -763,6 +763,9 @@ module Aws::CognitoIdentityProvider
763
763
  # * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
764
764
  # SRP variables to be used for next challenge execution.
765
765
  #
766
+ # * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
767
+ # return the next challenge or tokens.
768
+ #
766
769
  # Valid values include:
767
770
  #
768
771
  # * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
@@ -778,6 +781,11 @@ module Aws::CognitoIdentityProvider
778
781
  # the USERNAME and PASSWORD directly if the flow is enabled for
779
782
  # calling the app client.
780
783
  #
784
+ # * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
785
+ # PASSWORD are passed directly. If a user migration Lambda trigger is
786
+ # set, this flow will invoke the user migration Lambda if the USERNAME
787
+ # is not found in the user pool.
788
+ #
781
789
  # @option params [Hash<String,String>] :auth_parameters
782
790
  # The authentication parameters. These are inputs corresponding to the
783
791
  # `AuthFlow` that you are invoking. The required values depend on the
@@ -787,9 +795,9 @@ module Aws::CognitoIdentityProvider
787
795
  # `SECRET_HASH` (required if the app client is configured with a
788
796
  # client secret), `DEVICE_KEY`
789
797
  #
790
- # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
798
+ # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
791
799
  # `SECRET_HASH` (required if the app client is configured with a
792
- # client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
800
+ # client secret), `DEVICE_KEY`
793
801
  #
794
802
  # * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
795
803
  # app client is configured with client secret), `PASSWORD` (required),
@@ -824,7 +832,7 @@ module Aws::CognitoIdentityProvider
824
832
  # resp = client.admin_initiate_auth({
825
833
  # user_pool_id: "UserPoolIdType", # required
826
834
  # client_id: "ClientIdType", # required
827
- # auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH
835
+ # auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH
828
836
  # auth_parameters: {
829
837
  # "StringType" => "StringType",
830
838
  # },
@@ -1077,7 +1085,7 @@ module Aws::CognitoIdentityProvider
1077
1085
  # The user pool ID.
1078
1086
  #
1079
1087
  # @option params [required, String] :username
1080
- # The user pool username.
1088
+ # The user pool username or an alias.
1081
1089
  #
1082
1090
  # @option params [Integer] :max_results
1083
1091
  # The maximum number of authentication events to return.
@@ -1323,7 +1331,7 @@ module Aws::CognitoIdentityProvider
1323
1331
  # The time-based one-time password software token MFA settings.
1324
1332
  #
1325
1333
  # @option params [required, String] :username
1326
- # The user pool username.
1334
+ # The user pool username or alias.
1327
1335
  #
1328
1336
  # @option params [required, String] :user_pool_id
1329
1337
  # The user pool ID.
@@ -2024,6 +2032,25 @@ module Aws::CognitoIdentityProvider
2024
2032
  # @option params [Types::LambdaConfigType] :lambda_config
2025
2033
  # The Lambda trigger configuration information for the new user pool.
2026
2034
  #
2035
+ # <note markdown="1"> In a push model, event sources (such as Amazon S3 and custom
2036
+ # applications) need permission to invoke a function. So you will need
2037
+ # to make an extra call to add permission for these event sources to
2038
+ # invoke your Lambda function.
2039
+ #
2040
+ #
2041
+ #
2042
+ # For more information on using the Lambda API to add permission, see [
2043
+ # AddPermission ][1].
2044
+ #
2045
+ # For adding permission using the AWS CLI, see [ add-permission ][2].
2046
+ #
2047
+ # </note>
2048
+ #
2049
+ #
2050
+ #
2051
+ # [1]: https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
2052
+ # [2]: https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html
2053
+ #
2027
2054
  # @option params [Array<String>] :auto_verified_attributes
2028
2055
  # The attributes to be auto-verified. Possible values: **email**,
2029
2056
  # **phone\_number**.
@@ -2110,6 +2137,7 @@ module Aws::CognitoIdentityProvider
2110
2137
  # create_auth_challenge: "ArnType",
2111
2138
  # verify_auth_challenge_response: "ArnType",
2112
2139
  # pre_token_generation: "ArnType",
2140
+ # user_migration: "ArnType",
2113
2141
  # },
2114
2142
  # auto_verified_attributes: ["phone_number"], # accepts phone_number, email
2115
2143
  # alias_attributes: ["phone_number"], # accepts phone_number, email, preferred_username
@@ -2191,6 +2219,7 @@ module Aws::CognitoIdentityProvider
2191
2219
  # resp.user_pool.lambda_config.create_auth_challenge #=> String
2192
2220
  # resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
2193
2221
  # resp.user_pool.lambda_config.pre_token_generation #=> String
2222
+ # resp.user_pool.lambda_config.user_migration #=> String
2194
2223
  # resp.user_pool.status #=> String, one of "Enabled", "Disabled"
2195
2224
  # resp.user_pool.last_modified_date #=> Time
2196
2225
  # resp.user_pool.creation_date #=> Time
@@ -2321,7 +2350,7 @@ module Aws::CognitoIdentityProvider
2321
2350
  # refresh_token_validity: 1,
2322
2351
  # read_attributes: ["ClientPermissionType"],
2323
2352
  # write_attributes: ["ClientPermissionType"],
2324
- # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
2353
+ # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH
2325
2354
  # supported_identity_providers: ["ProviderNameType"],
2326
2355
  # callback_urls: ["RedirectUrlType"],
2327
2356
  # logout_urls: ["RedirectUrlType"],
@@ -2351,7 +2380,7 @@ module Aws::CognitoIdentityProvider
2351
2380
  # resp.user_pool_client.write_attributes #=> Array
2352
2381
  # resp.user_pool_client.write_attributes[0] #=> String
2353
2382
  # resp.user_pool_client.explicit_auth_flows #=> Array
2354
- # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
2383
+ # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH"
2355
2384
  # resp.user_pool_client.supported_identity_providers #=> Array
2356
2385
  # resp.user_pool_client.supported_identity_providers[0] #=> String
2357
2386
  # resp.user_pool_client.callback_urls #=> Array
@@ -2828,6 +2857,7 @@ module Aws::CognitoIdentityProvider
2828
2857
  # resp.user_pool.lambda_config.create_auth_challenge #=> String
2829
2858
  # resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
2830
2859
  # resp.user_pool.lambda_config.pre_token_generation #=> String
2860
+ # resp.user_pool.lambda_config.user_migration #=> String
2831
2861
  # resp.user_pool.status #=> String, one of "Enabled", "Disabled"
2832
2862
  # resp.user_pool.last_modified_date #=> Time
2833
2863
  # resp.user_pool.creation_date #=> Time
@@ -2920,7 +2950,7 @@ module Aws::CognitoIdentityProvider
2920
2950
  # resp.user_pool_client.write_attributes #=> Array
2921
2951
  # resp.user_pool_client.write_attributes[0] #=> String
2922
2952
  # resp.user_pool_client.explicit_auth_flows #=> Array
2923
- # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
2953
+ # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH"
2924
2954
  # resp.user_pool_client.supported_identity_providers #=> Array
2925
2955
  # resp.user_pool_client.supported_identity_providers[0] #=> String
2926
2956
  # resp.user_pool_client.callback_urls #=> Array
@@ -3224,6 +3254,34 @@ module Aws::CognitoIdentityProvider
3224
3254
  req.send_request(options)
3225
3255
  end
3226
3256
 
3257
+ # This method takes a user pool ID, and returns the signing certificate.
3258
+ #
3259
+ # @option params [required, String] :user_pool_id
3260
+ # The user pool ID.
3261
+ #
3262
+ # @return [Types::GetSigningCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3263
+ #
3264
+ # * {Types::GetSigningCertificateResponse#certificate #certificate} => String
3265
+ #
3266
+ # @example Request syntax with placeholder values
3267
+ #
3268
+ # resp = client.get_signing_certificate({
3269
+ # user_pool_id: "UserPoolIdType", # required
3270
+ # })
3271
+ #
3272
+ # @example Response structure
3273
+ #
3274
+ # resp.certificate #=> String
3275
+ #
3276
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetSigningCertificate AWS API Documentation
3277
+ #
3278
+ # @overload get_signing_certificate(params = {})
3279
+ # @param [Hash] params ({})
3280
+ def get_signing_certificate(params = {}, options = {})
3281
+ req = build_request(:get_signing_certificate, params)
3282
+ req.send_request(options)
3283
+ end
3284
+
3227
3285
  # Gets the UI Customization information for a particular app client's
3228
3286
  # app UI, if there is something set. If nothing is set for the
3229
3287
  # particular client, but there is an existing pool level customization
@@ -3413,6 +3471,9 @@ module Aws::CognitoIdentityProvider
3413
3471
  # * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
3414
3472
  # SRP variables to be used for next challenge execution.
3415
3473
  #
3474
+ # * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
3475
+ # return the next challenge or tokens.
3476
+ #
3416
3477
  # Valid values include:
3417
3478
  #
3418
3479
  # * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
@@ -3424,6 +3485,11 @@ module Aws::CognitoIdentityProvider
3424
3485
  #
3425
3486
  # * `CUSTOM_AUTH`\: Custom authentication flow.
3426
3487
  #
3488
+ # * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
3489
+ # PASSWORD are passed directly. If a user migration Lambda trigger is
3490
+ # set, this flow will invoke the user migration Lambda if the USERNAME
3491
+ # is not found in the user pool.
3492
+ #
3427
3493
  # `ADMIN_NO_SRP_AUTH` is not a valid value.
3428
3494
  #
3429
3495
  # @option params [Hash<String,String>] :auth_parameters
@@ -3435,9 +3501,9 @@ module Aws::CognitoIdentityProvider
3435
3501
  # `SECRET_HASH` (required if the app client is configured with a
3436
3502
  # client secret), `DEVICE_KEY`
3437
3503
  #
3438
- # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
3504
+ # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
3439
3505
  # `SECRET_HASH` (required if the app client is configured with a
3440
- # client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
3506
+ # client secret), `DEVICE_KEY`
3441
3507
  #
3442
3508
  # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
3443
3509
  # client is configured with client secret), `DEVICE_KEY`
@@ -3469,7 +3535,7 @@ module Aws::CognitoIdentityProvider
3469
3535
  # @example Request syntax with placeholder values
3470
3536
  #
3471
3537
  # resp = client.initiate_auth({
3472
- # auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH
3538
+ # auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH
3473
3539
  # auth_parameters: {
3474
3540
  # "StringType" => "StringType",
3475
3541
  # },
@@ -3824,6 +3890,7 @@ module Aws::CognitoIdentityProvider
3824
3890
  # resp.user_pools[0].lambda_config.create_auth_challenge #=> String
3825
3891
  # resp.user_pools[0].lambda_config.verify_auth_challenge_response #=> String
3826
3892
  # resp.user_pools[0].lambda_config.pre_token_generation #=> String
3893
+ # resp.user_pools[0].lambda_config.user_migration #=> String
3827
3894
  # resp.user_pools[0].status #=> String, one of "Enabled", "Disabled"
3828
3895
  # resp.user_pools[0].last_modified_date #=> Time
3829
3896
  # resp.user_pools[0].creation_date #=> Time
@@ -5009,6 +5076,7 @@ module Aws::CognitoIdentityProvider
5009
5076
  # create_auth_challenge: "ArnType",
5010
5077
  # verify_auth_challenge_response: "ArnType",
5011
5078
  # pre_token_generation: "ArnType",
5079
+ # user_migration: "ArnType",
5012
5080
  # },
5013
5081
  # auto_verified_attributes: ["phone_number"], # accepts phone_number, email
5014
5082
  # sms_verification_message: "SmsVerificationMessageType",
@@ -5134,7 +5202,7 @@ module Aws::CognitoIdentityProvider
5134
5202
  # refresh_token_validity: 1,
5135
5203
  # read_attributes: ["ClientPermissionType"],
5136
5204
  # write_attributes: ["ClientPermissionType"],
5137
- # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
5205
+ # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH
5138
5206
  # supported_identity_providers: ["ProviderNameType"],
5139
5207
  # callback_urls: ["RedirectUrlType"],
5140
5208
  # logout_urls: ["RedirectUrlType"],
@@ -5164,7 +5232,7 @@ module Aws::CognitoIdentityProvider
5164
5232
  # resp.user_pool_client.write_attributes #=> Array
5165
5233
  # resp.user_pool_client.write_attributes[0] #=> String
5166
5234
  # resp.user_pool_client.explicit_auth_flows #=> Array
5167
- # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
5235
+ # resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH"
5168
5236
  # resp.user_pool_client.supported_identity_providers #=> Array
5169
5237
  # resp.user_pool_client.supported_identity_providers[0] #=> String
5170
5238
  # resp.user_pool_client.callback_urls #=> Array
@@ -5278,7 +5346,7 @@ module Aws::CognitoIdentityProvider
5278
5346
  params: params,
5279
5347
  config: config)
5280
5348
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
5281
- context[:gem_version] = '1.2.0'
5349
+ context[:gem_version] = '1.3.0'
5282
5350
  Seahorse::Client::Request.new(handlers, context)
5283
5351
  end
5284
5352
 
@@ -217,6 +217,8 @@ module Aws::CognitoIdentityProvider
217
217
  GetGroupResponse = Shapes::StructureShape.new(name: 'GetGroupResponse')
218
218
  GetIdentityProviderByIdentifierRequest = Shapes::StructureShape.new(name: 'GetIdentityProviderByIdentifierRequest')
219
219
  GetIdentityProviderByIdentifierResponse = Shapes::StructureShape.new(name: 'GetIdentityProviderByIdentifierResponse')
220
+ GetSigningCertificateRequest = Shapes::StructureShape.new(name: 'GetSigningCertificateRequest')
221
+ GetSigningCertificateResponse = Shapes::StructureShape.new(name: 'GetSigningCertificateResponse')
220
222
  GetUICustomizationRequest = Shapes::StructureShape.new(name: 'GetUICustomizationRequest')
221
223
  GetUICustomizationResponse = Shapes::StructureShape.new(name: 'GetUICustomizationResponse')
222
224
  GetUserAttributeVerificationCodeRequest = Shapes::StructureShape.new(name: 'GetUserAttributeVerificationCodeRequest')
@@ -1057,6 +1059,12 @@ module Aws::CognitoIdentityProvider
1057
1059
  GetIdentityProviderByIdentifierResponse.add_member(:identity_provider, Shapes::ShapeRef.new(shape: IdentityProviderType, required: true, location_name: "IdentityProvider"))
1058
1060
  GetIdentityProviderByIdentifierResponse.struct_class = Types::GetIdentityProviderByIdentifierResponse
1059
1061
 
1062
+ GetSigningCertificateRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
1063
+ GetSigningCertificateRequest.struct_class = Types::GetSigningCertificateRequest
1064
+
1065
+ GetSigningCertificateResponse.add_member(:certificate, Shapes::ShapeRef.new(shape: StringType, location_name: "Certificate"))
1066
+ GetSigningCertificateResponse.struct_class = Types::GetSigningCertificateResponse
1067
+
1060
1068
  GetUICustomizationRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
1061
1069
  GetUICustomizationRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, location_name: "ClientId"))
1062
1070
  GetUICustomizationRequest.struct_class = Types::GetUICustomizationRequest
@@ -1146,6 +1154,7 @@ module Aws::CognitoIdentityProvider
1146
1154
  LambdaConfigType.add_member(:create_auth_challenge, Shapes::ShapeRef.new(shape: ArnType, location_name: "CreateAuthChallenge"))
1147
1155
  LambdaConfigType.add_member(:verify_auth_challenge_response, Shapes::ShapeRef.new(shape: ArnType, location_name: "VerifyAuthChallengeResponse"))
1148
1156
  LambdaConfigType.add_member(:pre_token_generation, Shapes::ShapeRef.new(shape: ArnType, location_name: "PreTokenGeneration"))
1157
+ LambdaConfigType.add_member(:user_migration, Shapes::ShapeRef.new(shape: ArnType, location_name: "UserMigration"))
1149
1158
  LambdaConfigType.struct_class = Types::LambdaConfigType
1150
1159
 
1151
1160
  ListDevicesRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: TokenModelType, required: true, location_name: "AccessToken"))
@@ -2633,6 +2642,16 @@ module Aws::CognitoIdentityProvider
2633
2642
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2634
2643
  end)
2635
2644
 
2645
+ api.add_operation(:get_signing_certificate, Seahorse::Model::Operation.new.tap do |o|
2646
+ o.name = "GetSigningCertificate"
2647
+ o.http_method = "POST"
2648
+ o.http_request_uri = "/"
2649
+ o.input = Shapes::ShapeRef.new(shape: GetSigningCertificateRequest)
2650
+ o.output = Shapes::ShapeRef.new(shape: GetSigningCertificateResponse)
2651
+ o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2652
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
2653
+ end)
2654
+
2636
2655
  api.add_operation(:get_ui_customization, Seahorse::Model::Operation.new.tap do |o|
2637
2656
  o.name = "GetUICustomization"
2638
2657
  o.http_method = "POST"
@@ -812,7 +812,7 @@ module Aws::CognitoIdentityProvider
812
812
  # {
813
813
  # user_pool_id: "UserPoolIdType", # required
814
814
  # client_id: "ClientIdType", # required
815
- # auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH
815
+ # auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH
816
816
  # auth_parameters: {
817
817
  # "StringType" => "StringType",
818
818
  # },
@@ -854,6 +854,9 @@ module Aws::CognitoIdentityProvider
854
854
  # * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
855
855
  # SRP variables to be used for next challenge execution.
856
856
  #
857
+ # * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
858
+ # return the next challenge or tokens.
859
+ #
857
860
  # Valid values include:
858
861
  #
859
862
  # * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote
@@ -868,6 +871,11 @@ module Aws::CognitoIdentityProvider
868
871
  # * `ADMIN_NO_SRP_AUTH`\: Non-SRP authentication flow; you can pass in
869
872
  # the USERNAME and PASSWORD directly if the flow is enabled for
870
873
  # calling the app client.
874
+ #
875
+ # * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
876
+ # PASSWORD are passed directly. If a user migration Lambda trigger
877
+ # is set, this flow will invoke the user migration Lambda if the
878
+ # USERNAME is not found in the user pool.
871
879
  # @return [String]
872
880
  #
873
881
  # @!attribute [rw] auth_parameters
@@ -879,9 +887,9 @@ module Aws::CognitoIdentityProvider
879
887
  # `SECRET_HASH` (required if the app client is configured with a
880
888
  # client secret), `DEVICE_KEY`
881
889
  #
882
- # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
883
- # `SECRET_HASH` (required if the app client is configured with a
884
- # client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
890
+ # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN`
891
+ # (required), `SECRET_HASH` (required if the app client is
892
+ # configured with a client secret), `DEVICE_KEY`
885
893
  #
886
894
  # * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
887
895
  # app client is configured with client secret), `PASSWORD`
@@ -974,7 +982,7 @@ module Aws::CognitoIdentityProvider
974
982
  #
975
983
  # All challenges require `USERNAME` and `SECRET_HASH` (if applicable).
976
984
  #
977
- # The value of the `USER_IF_FOR_SRP` attribute will be the user's
985
+ # The value of the `USER_ID_FOR_SRP` attribute will be the user's
978
986
  # actual username, not an alias (such as email address or phone
979
987
  # number), even if you specified an alias in your call to
980
988
  # `AdminInitiateAuth`. This is because, in the
@@ -1206,7 +1214,7 @@ module Aws::CognitoIdentityProvider
1206
1214
  # @return [String]
1207
1215
  #
1208
1216
  # @!attribute [rw] username
1209
- # The user pool username.
1217
+ # The user pool username or an alias.
1210
1218
  # @return [String]
1211
1219
  #
1212
1220
  # @!attribute [rw] max_results
@@ -1468,7 +1476,7 @@ module Aws::CognitoIdentityProvider
1468
1476
  # @return [Types::SoftwareTokenMfaSettingsType]
1469
1477
  #
1470
1478
  # @!attribute [rw] username
1471
- # The user pool username.
1479
+ # The user pool username or alias.
1472
1480
  # @return [String]
1473
1481
  #
1474
1482
  # @!attribute [rw] user_pool_id
@@ -2562,7 +2570,7 @@ module Aws::CognitoIdentityProvider
2562
2570
  # refresh_token_validity: 1,
2563
2571
  # read_attributes: ["ClientPermissionType"],
2564
2572
  # write_attributes: ["ClientPermissionType"],
2565
- # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
2573
+ # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH
2566
2574
  # supported_identity_providers: ["ProviderNameType"],
2567
2575
  # callback_urls: ["RedirectUrlType"],
2568
2576
  # logout_urls: ["RedirectUrlType"],
@@ -2738,6 +2746,7 @@ module Aws::CognitoIdentityProvider
2738
2746
  # create_auth_challenge: "ArnType",
2739
2747
  # verify_auth_challenge_response: "ArnType",
2740
2748
  # pre_token_generation: "ArnType",
2749
+ # user_migration: "ArnType",
2741
2750
  # },
2742
2751
  # auto_verified_attributes: ["phone_number"], # accepts phone_number, email
2743
2752
  # alias_attributes: ["phone_number"], # accepts phone_number, email, preferred_username
@@ -2811,6 +2820,25 @@ module Aws::CognitoIdentityProvider
2811
2820
  #
2812
2821
  # @!attribute [rw] lambda_config
2813
2822
  # The Lambda trigger configuration information for the new user pool.
2823
+ #
2824
+ # <note markdown="1"> In a push model, event sources (such as Amazon S3 and custom
2825
+ # applications) need permission to invoke a function. So you will need
2826
+ # to make an extra call to add permission for these event sources to
2827
+ # invoke your Lambda function.
2828
+ #
2829
+ #
2830
+ #
2831
+ # For more information on using the Lambda API to add permission, see
2832
+ # [ AddPermission ][1].
2833
+ #
2834
+ # For adding permission using the AWS CLI, see [ add-permission ][2].
2835
+ #
2836
+ # </note>
2837
+ #
2838
+ #
2839
+ #
2840
+ # [1]: https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
2841
+ # [2]: https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html
2814
2842
  # @return [Types::LambdaConfigType]
2815
2843
  #
2816
2844
  # @!attribute [rw] auto_verified_attributes
@@ -3856,6 +3884,39 @@ module Aws::CognitoIdentityProvider
3856
3884
  include Aws::Structure
3857
3885
  end
3858
3886
 
3887
+ # Request to get a signing certificate from Cognito.
3888
+ #
3889
+ # @note When making an API call, you may pass GetSigningCertificateRequest
3890
+ # data as a hash:
3891
+ #
3892
+ # {
3893
+ # user_pool_id: "UserPoolIdType", # required
3894
+ # }
3895
+ #
3896
+ # @!attribute [rw] user_pool_id
3897
+ # The user pool ID.
3898
+ # @return [String]
3899
+ #
3900
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetSigningCertificateRequest AWS API Documentation
3901
+ #
3902
+ class GetSigningCertificateRequest < Struct.new(
3903
+ :user_pool_id)
3904
+ include Aws::Structure
3905
+ end
3906
+
3907
+ # Response from Cognito for a signing certificate request.
3908
+ #
3909
+ # @!attribute [rw] certificate
3910
+ # The signing certificate.
3911
+ # @return [String]
3912
+ #
3913
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetSigningCertificateResponse AWS API Documentation
3914
+ #
3915
+ class GetSigningCertificateResponse < Struct.new(
3916
+ :certificate)
3917
+ include Aws::Structure
3918
+ end
3919
+
3859
3920
  # @note When making an API call, you may pass GetUICustomizationRequest
3860
3921
  # data as a hash:
3861
3922
  #
@@ -4199,7 +4260,7 @@ module Aws::CognitoIdentityProvider
4199
4260
  # data as a hash:
4200
4261
  #
4201
4262
  # {
4202
- # auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH
4263
+ # auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH
4203
4264
  # auth_parameters: {
4204
4265
  # "StringType" => "StringType",
4205
4266
  # },
@@ -4225,6 +4286,9 @@ module Aws::CognitoIdentityProvider
4225
4286
  # * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
4226
4287
  # SRP variables to be used for next challenge execution.
4227
4288
  #
4289
+ # * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
4290
+ # return the next challenge or tokens.
4291
+ #
4228
4292
  # Valid values include:
4229
4293
  #
4230
4294
  # * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote
@@ -4236,6 +4300,11 @@ module Aws::CognitoIdentityProvider
4236
4300
  #
4237
4301
  # * `CUSTOM_AUTH`\: Custom authentication flow.
4238
4302
  #
4303
+ # * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
4304
+ # PASSWORD are passed directly. If a user migration Lambda trigger
4305
+ # is set, this flow will invoke the user migration Lambda if the
4306
+ # USERNAME is not found in the user pool.
4307
+ #
4239
4308
  # `ADMIN_NO_SRP_AUTH` is not a valid value.
4240
4309
  # @return [String]
4241
4310
  #
@@ -4248,9 +4317,9 @@ module Aws::CognitoIdentityProvider
4248
4317
  # `SECRET_HASH` (required if the app client is configured with a
4249
4318
  # client secret), `DEVICE_KEY`
4250
4319
  #
4251
- # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
4252
- # `SECRET_HASH` (required if the app client is configured with a
4253
- # client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
4320
+ # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN`
4321
+ # (required), `SECRET_HASH` (required if the app client is
4322
+ # configured with a client secret), `DEVICE_KEY`
4254
4323
  #
4255
4324
  # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
4256
4325
  # client is configured with client secret), `DEVICE_KEY`
@@ -4374,6 +4443,7 @@ module Aws::CognitoIdentityProvider
4374
4443
  # create_auth_challenge: "ArnType",
4375
4444
  # verify_auth_challenge_response: "ArnType",
4376
4445
  # pre_token_generation: "ArnType",
4446
+ # user_migration: "ArnType",
4377
4447
  # }
4378
4448
  #
4379
4449
  # @!attribute [rw] pre_sign_up
@@ -4412,6 +4482,10 @@ module Aws::CognitoIdentityProvider
4412
4482
  # A Lambda trigger that is invoked before token generation.
4413
4483
  # @return [String]
4414
4484
  #
4485
+ # @!attribute [rw] user_migration
4486
+ # The user migration Lambda config type.
4487
+ # @return [String]
4488
+ #
4415
4489
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/LambdaConfigType AWS API Documentation
4416
4490
  #
4417
4491
  class LambdaConfigType < Struct.new(
@@ -4423,7 +4497,8 @@ module Aws::CognitoIdentityProvider
4423
4497
  :define_auth_challenge,
4424
4498
  :create_auth_challenge,
4425
4499
  :verify_auth_challenge_response,
4426
- :pre_token_generation)
4500
+ :pre_token_generation,
4501
+ :user_migration)
4427
4502
  include Aws::Structure
4428
4503
  end
4429
4504
 
@@ -6635,7 +6710,7 @@ module Aws::CognitoIdentityProvider
6635
6710
  # refresh_token_validity: 1,
6636
6711
  # read_attributes: ["ClientPermissionType"],
6637
6712
  # write_attributes: ["ClientPermissionType"],
6638
- # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
6713
+ # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH
6639
6714
  # supported_identity_providers: ["ProviderNameType"],
6640
6715
  # callback_urls: ["RedirectUrlType"],
6641
6716
  # logout_urls: ["RedirectUrlType"],
@@ -6784,6 +6859,7 @@ module Aws::CognitoIdentityProvider
6784
6859
  # create_auth_challenge: "ArnType",
6785
6860
  # verify_auth_challenge_response: "ArnType",
6786
6861
  # pre_token_generation: "ArnType",
6862
+ # user_migration: "ArnType",
6787
6863
  # },
6788
6864
  # auto_verified_attributes: ["phone_number"], # accepts phone_number, email
6789
6865
  # sms_verification_message: "SmsVerificationMessageType",
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-cognitoidentityprovider
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-12-11 00:00:00.000000000 Z
11
+ date: 2018-02-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core