aws-sdk-cognitoidentityprovider 1.25.0 → 1.26.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 74cff465fa0aeebde102b4edccf0c9e54b84bdc1
4
- data.tar.gz: 9f1a5015e8555a33bafd0c177b1b6420a5760a20
3
+ metadata.gz: 0c5906299b829791fe8e49aaef1f0a50b5998908
4
+ data.tar.gz: 03e21f604cb9116c79d8e6528335e99d0874829f
5
5
  SHA512:
6
- metadata.gz: 347dff212a43f899c955909873be61f38ca228b4f23b11dc9c7aa33007a7281e578351c2b3f61f656cac58e3ee732b1959fcae3e65f9f3eddccf3707c64cac28
7
- data.tar.gz: 2e7c1139221d9aba1fb1f845b2b1a27d0e34f59ba5622c9e46fe830eaadd5d8ce7c915e0c2337319d168fb5ecf4a6e307c88d064989aca94d0fde9a82afa3d75
6
+ metadata.gz: 21382a5e0bb4cb021a3724c69a0a5b1a6b4c7ccee31de01422a4c7b677f1d21383726a4b4d3c8e189b96f1a0ec0b24d1ba53d1dec180d4173e61f1f3f5a4a0d3
7
+ data.tar.gz: 4cefe19ca0cf679878d5200260e24033ccd9b7efa16f96556a6402bf3f8d6cbd6d19fa7859aa8688bd1b5312e559313f738a5f5dd7681dde0e4cca3911544653
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
42
42
  # @service
43
43
  module Aws::CognitoIdentityProvider
44
44
 
45
- GEM_VERSION = '1.25.0'
45
+ GEM_VERSION = '1.26.0'
46
46
 
47
47
  end
@@ -309,7 +309,7 @@ module Aws::CognitoIdentityProvider
309
309
 
310
310
  # Adds the specified user to the specified group.
311
311
  #
312
- # Requires developer credentials.
312
+ # Calling this action requires developer credentials.
313
313
  #
314
314
  # @option params [required, String] :user_pool_id
315
315
  # The user pool ID for the user pool.
@@ -342,7 +342,7 @@ module Aws::CognitoIdentityProvider
342
342
  # Confirms user registration as an admin without using a confirmation
343
343
  # code. Works on any user.
344
344
  #
345
- # Requires developer credentials.
345
+ # Calling this action requires developer credentials.
346
346
  #
347
347
  # @option params [required, String] :user_pool_id
348
348
  # The user pool ID for which you want to confirm user registration.
@@ -350,6 +350,43 @@ module Aws::CognitoIdentityProvider
350
350
  # @option params [required, String] :username
351
351
  # The user name for which you want to confirm user registration.
352
352
  #
353
+ # @option params [Hash<String,String>] :client_metadata
354
+ # A map of custom key-value pairs that you can provide as input for any
355
+ # custom workflows that this action triggers.
356
+ #
357
+ # If your user pool configuration includes triggers, the
358
+ # AdminConfirmSignUp API action invokes the AWS Lambda function that is
359
+ # specified for the *post confirmation* trigger. When Amazon Cognito
360
+ # invokes this function, it passes a JSON payload, which the function
361
+ # receives as input. In this payload, the `clientMetadata` attribute
362
+ # provides the data that you assigned to the ClientMetadata parameter in
363
+ # your AdminConfirmSignUp request. In your function code in AWS Lambda,
364
+ # you can process the ClientMetadata value to enhance your workflow for
365
+ # your specific needs.
366
+ #
367
+ # For more information, see [Customizing User Pool Workflows with Lambda
368
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
369
+ #
370
+ # <note markdown="1"> Take the following limitations into consideration when you use the
371
+ # ClientMetadata parameter:
372
+ #
373
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
374
+ # available only to AWS Lambda triggers that are assigned to a user
375
+ # pool to support custom workflows. If your user pool configuration
376
+ # does not include triggers, the ClientMetadata parameter serves no
377
+ # purpose.
378
+ #
379
+ # * Amazon Cognito does not validate the ClientMetadata value.
380
+ #
381
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
382
+ # don't use it to provide sensitive information.
383
+ #
384
+ # </note>
385
+ #
386
+ #
387
+ #
388
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
389
+ #
353
390
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
354
391
  #
355
392
  # @example Request syntax with placeholder values
@@ -357,6 +394,9 @@ module Aws::CognitoIdentityProvider
357
394
  # resp = client.admin_confirm_sign_up({
358
395
  # user_pool_id: "UserPoolIdType", # required
359
396
  # username: "UsernameType", # required
397
+ # client_metadata: {
398
+ # "StringType" => "StringType",
399
+ # },
360
400
  # })
361
401
  #
362
402
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminConfirmSignUp AWS API Documentation
@@ -483,6 +523,43 @@ module Aws::CognitoIdentityProvider
483
523
  # Specify `"SMS"` if the phone number will be used. The default value is
484
524
  # `"SMS"`. More than one value can be specified.
485
525
  #
526
+ # @option params [Hash<String,String>] :client_metadata
527
+ # A map of custom key-value pairs that you can provide as input for any
528
+ # custom workflows that this action triggers.
529
+ #
530
+ # You create custom workflows by assigning AWS Lambda functions to user
531
+ # pool triggers. When you use the AdminCreateUser API action, Amazon
532
+ # Cognito invokes the function that is assigned to the *pre sign-up*
533
+ # trigger. When Amazon Cognito invokes this function, it passes a JSON
534
+ # payload, which the function receives as input. This payload contains a
535
+ # `clientMetadata` attribute, which provides the data that you assigned
536
+ # to the ClientMetadata parameter in your AdminCreateUser request. In
537
+ # your function code in AWS Lambda, you can process the `clientMetadata`
538
+ # value to enhance your workflow for your specific needs.
539
+ #
540
+ # For more information, see [Customizing User Pool Workflows with Lambda
541
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
542
+ #
543
+ # <note markdown="1"> Take the following limitations into consideration when you use the
544
+ # ClientMetadata parameter:
545
+ #
546
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
547
+ # available only to AWS Lambda triggers that are assigned to a user
548
+ # pool to support custom workflows. If your user pool configuration
549
+ # does not include triggers, the ClientMetadata parameter serves no
550
+ # purpose.
551
+ #
552
+ # * Amazon Cognito does not validate the ClientMetadata value.
553
+ #
554
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
555
+ # don't use it to provide sensitive information.
556
+ #
557
+ # </note>
558
+ #
559
+ #
560
+ #
561
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
562
+ #
486
563
  # @return [Types::AdminCreateUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
487
564
  #
488
565
  # * {Types::AdminCreateUserResponse#user #user} => Types::UserType
@@ -508,6 +585,9 @@ module Aws::CognitoIdentityProvider
508
585
  # force_alias_creation: false,
509
586
  # message_action: "RESEND", # accepts RESEND, SUPPRESS
510
587
  # desired_delivery_mediums: ["SMS"], # accepts SMS, EMAIL
588
+ # client_metadata: {
589
+ # "StringType" => "StringType",
590
+ # },
511
591
  # })
512
592
  #
513
593
  # @example Response structure
@@ -535,7 +615,7 @@ module Aws::CognitoIdentityProvider
535
615
 
536
616
  # Deletes a user as an administrator. Works on any user.
537
617
  #
538
- # Requires developer credentials.
618
+ # Calling this action requires developer credentials.
539
619
  #
540
620
  # @option params [required, String] :user_pool_id
541
621
  # The user pool ID for the user pool where you want to delete the user.
@@ -564,7 +644,7 @@ module Aws::CognitoIdentityProvider
564
644
  # Deletes the user attributes in a user pool as an administrator. Works
565
645
  # on any user.
566
646
  #
567
- # Requires developer credentials.
647
+ # Calling this action requires developer credentials.
568
648
  #
569
649
  # @option params [required, String] :user_pool_id
570
650
  # The user pool ID for the user pool where you want to delete user
@@ -663,9 +743,9 @@ module Aws::CognitoIdentityProvider
663
743
  req.send_request(options)
664
744
  end
665
745
 
666
- # Disables the specified user as an administrator. Works on any user.
746
+ # Disables the specified user.
667
747
  #
668
- # Requires developer credentials.
748
+ # Calling this action requires developer credentials.
669
749
  #
670
750
  # @option params [required, String] :user_pool_id
671
751
  # The user pool ID for the user pool where you want to disable the user.
@@ -693,7 +773,7 @@ module Aws::CognitoIdentityProvider
693
773
 
694
774
  # Enables the specified user as an administrator. Works on any user.
695
775
  #
696
- # Requires developer credentials.
776
+ # Calling this action requires developer credentials.
697
777
  #
698
778
  # @option params [required, String] :user_pool_id
699
779
  # The user pool ID for the user pool where you want to enable the user.
@@ -721,7 +801,7 @@ module Aws::CognitoIdentityProvider
721
801
 
722
802
  # Forgets the device, as an administrator.
723
803
  #
724
- # Requires developer credentials.
804
+ # Calling this action requires developer credentials.
725
805
  #
726
806
  # @option params [required, String] :user_pool_id
727
807
  # The user pool ID.
@@ -753,7 +833,7 @@ module Aws::CognitoIdentityProvider
753
833
 
754
834
  # Gets the device, as an administrator.
755
835
  #
756
- # Requires developer credentials.
836
+ # Calling this action requires developer credentials.
757
837
  #
758
838
  # @option params [required, String] :device_key
759
839
  # The device key.
@@ -798,7 +878,7 @@ module Aws::CognitoIdentityProvider
798
878
  # Gets the specified user by user name in a user pool as an
799
879
  # administrator. Works on any user.
800
880
  #
801
- # Requires developer credentials.
881
+ # Calling this action requires developer credentials.
802
882
  #
803
883
  # @option params [required, String] :user_pool_id
804
884
  # The user pool ID for the user pool where you want to get information
@@ -854,7 +934,7 @@ module Aws::CognitoIdentityProvider
854
934
 
855
935
  # Initiates the authentication flow, as an administrator.
856
936
  #
857
- # Requires developer credentials.
937
+ # Calling this action requires developer credentials.
858
938
  #
859
939
  # @option params [required, String] :user_pool_id
860
940
  # The ID of the Amazon Cognito user pool.
@@ -916,9 +996,67 @@ module Aws::CognitoIdentityProvider
916
996
  # client is configured with client secret), `DEVICE_KEY`
917
997
  #
918
998
  # @option params [Hash<String,String>] :client_metadata
919
- # This is a random key-value pair map which can contain any key and will
920
- # be passed to your PreAuthentication Lambda trigger as-is. It can be
921
- # used to implement additional validations around authentication.
999
+ # A map of custom key-value pairs that you can provide as input for
1000
+ # certain custom workflows that this action triggers.
1001
+ #
1002
+ # You create custom workflows by assigning AWS Lambda functions to user
1003
+ # pool triggers. When you use the AdminInitiateAuth API action, Amazon
1004
+ # Cognito invokes the AWS Lambda functions that are specified for
1005
+ # various triggers. The ClientMetadata value is passed as input to the
1006
+ # functions for only the following triggers:
1007
+ #
1008
+ # * Pre signup
1009
+ #
1010
+ # * Pre authentication
1011
+ #
1012
+ # * User migration
1013
+ #
1014
+ # When Amazon Cognito invokes the functions for these triggers, it
1015
+ # passes a JSON payload, which the function receives as input. This
1016
+ # payload contains a `validationData` attribute, which provides the data
1017
+ # that you assigned to the ClientMetadata parameter in your
1018
+ # AdminInitiateAuth request. In your function code in AWS Lambda, you
1019
+ # can process the `validationData` value to enhance your workflow for
1020
+ # your specific needs.
1021
+ #
1022
+ # When you use the AdminInitiateAuth API action, Amazon Cognito also
1023
+ # invokes the functions for the following triggers, but it does not
1024
+ # provide the ClientMetadata value as input:
1025
+ #
1026
+ # * Post authentication
1027
+ #
1028
+ # * Custom message
1029
+ #
1030
+ # * Pre token generation
1031
+ #
1032
+ # * Create auth challenge
1033
+ #
1034
+ # * Define auth challenge
1035
+ #
1036
+ # * Verify auth challenge
1037
+ #
1038
+ # For more information, see [Customizing User Pool Workflows with Lambda
1039
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
1040
+ #
1041
+ # <note markdown="1"> Take the following limitations into consideration when you use the
1042
+ # ClientMetadata parameter:
1043
+ #
1044
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
1045
+ # available only to AWS Lambda triggers that are assigned to a user
1046
+ # pool to support custom workflows. If your user pool configuration
1047
+ # does not include triggers, the ClientMetadata parameter serves no
1048
+ # purpose.
1049
+ #
1050
+ # * Amazon Cognito does not validate the ClientMetadata value.
1051
+ #
1052
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
1053
+ # don't use it to provide sensitive information.
1054
+ #
1055
+ # </note>
1056
+ #
1057
+ #
1058
+ #
1059
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
922
1060
  #
923
1061
  # @option params [Types::AnalyticsMetadataType] :analytics_metadata
924
1062
  # The analytics metadata for collecting Amazon Pinpoint metrics for
@@ -1085,7 +1223,7 @@ module Aws::CognitoIdentityProvider
1085
1223
 
1086
1224
  # Lists devices, as an administrator.
1087
1225
  #
1088
- # Requires developer credentials.
1226
+ # Calling this action requires developer credentials.
1089
1227
  #
1090
1228
  # @option params [required, String] :user_pool_id
1091
1229
  # The user pool ID.
@@ -1136,7 +1274,7 @@ module Aws::CognitoIdentityProvider
1136
1274
 
1137
1275
  # Lists the groups that the user belongs to.
1138
1276
  #
1139
- # Requires developer credentials.
1277
+ # Calling this action requires developer credentials.
1140
1278
  #
1141
1279
  # @option params [required, String] :username
1142
1280
  # The username for the user.
@@ -1249,7 +1387,7 @@ module Aws::CognitoIdentityProvider
1249
1387
 
1250
1388
  # Removes the specified user from the specified group.
1251
1389
  #
1252
- # Requires developer credentials.
1390
+ # Calling this action requires developer credentials.
1253
1391
  #
1254
1392
  # @option params [required, String] :user_pool_id
1255
1393
  # The user pool ID for the user pool.
@@ -1293,7 +1431,7 @@ module Aws::CognitoIdentityProvider
1293
1431
  # in sending a message to the end user with the code to change their
1294
1432
  # password.
1295
1433
  #
1296
- # Requires developer credentials.
1434
+ # Calling this action requires developer credentials.
1297
1435
  #
1298
1436
  # @option params [required, String] :user_pool_id
1299
1437
  # The user pool ID for the user pool where you want to reset the user's
@@ -1302,6 +1440,44 @@ module Aws::CognitoIdentityProvider
1302
1440
  # @option params [required, String] :username
1303
1441
  # The user name of the user whose password you wish to reset.
1304
1442
  #
1443
+ # @option params [Hash<String,String>] :client_metadata
1444
+ # A map of custom key-value pairs that you can provide as input for any
1445
+ # custom workflows that this action triggers.
1446
+ #
1447
+ # You create custom workflows by assigning AWS Lambda functions to user
1448
+ # pool triggers. When you use the AdminResetUserPassword API action,
1449
+ # Amazon Cognito invokes the function that is assigned to the *custom
1450
+ # message* trigger. When Amazon Cognito invokes this function, it passes
1451
+ # a JSON payload, which the function receives as input. This payload
1452
+ # contains a `clientMetadata` attribute, which provides the data that
1453
+ # you assigned to the ClientMetadata parameter in your
1454
+ # AdminResetUserPassword request. In your function code in AWS Lambda,
1455
+ # you can process the `clientMetadata` value to enhance your workflow
1456
+ # for your specific needs.
1457
+ #
1458
+ # For more information, see [Customizing User Pool Workflows with Lambda
1459
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
1460
+ #
1461
+ # <note markdown="1"> Take the following limitations into consideration when you use the
1462
+ # ClientMetadata parameter:
1463
+ #
1464
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
1465
+ # available only to AWS Lambda triggers that are assigned to a user
1466
+ # pool to support custom workflows. If your user pool configuration
1467
+ # does not include triggers, the ClientMetadata parameter serves no
1468
+ # purpose.
1469
+ #
1470
+ # * Amazon Cognito does not validate the ClientMetadata value.
1471
+ #
1472
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
1473
+ # don't use it to provide sensitive information.
1474
+ #
1475
+ # </note>
1476
+ #
1477
+ #
1478
+ #
1479
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
1480
+ #
1305
1481
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1306
1482
  #
1307
1483
  # @example Request syntax with placeholder values
@@ -1309,6 +1485,9 @@ module Aws::CognitoIdentityProvider
1309
1485
  # resp = client.admin_reset_user_password({
1310
1486
  # user_pool_id: "UserPoolIdType", # required
1311
1487
  # username: "UsernameType", # required
1488
+ # client_metadata: {
1489
+ # "StringType" => "StringType",
1490
+ # },
1312
1491
  # })
1313
1492
  #
1314
1493
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminResetUserPassword AWS API Documentation
@@ -1322,7 +1501,7 @@ module Aws::CognitoIdentityProvider
1322
1501
 
1323
1502
  # Responds to an authentication challenge, as an administrator.
1324
1503
  #
1325
- # Requires developer credentials.
1504
+ # Calling this action requires developer credentials.
1326
1505
  #
1327
1506
  # @option params [required, String] :user_pool_id
1328
1507
  # The ID of the Amazon Cognito user pool.
@@ -1374,6 +1553,47 @@ module Aws::CognitoIdentityProvider
1374
1553
  # location used for evaluating the risk of an unexpected event by Amazon
1375
1554
  # Cognito advanced security.
1376
1555
  #
1556
+ # @option params [Hash<String,String>] :client_metadata
1557
+ # A map of custom key-value pairs that you can provide as input for any
1558
+ # custom workflows that this action triggers.
1559
+ #
1560
+ # You create custom workflows by assigning AWS Lambda functions to user
1561
+ # pool triggers. When you use the AdminRespondToAuthChallenge API
1562
+ # action, Amazon Cognito invokes any functions that are assigned to the
1563
+ # following triggers: *pre sign-up*, *custom message*, *post
1564
+ # authentication*, *user migration*, *pre token generation*, *define
1565
+ # auth challenge*, *create auth challenge*, and *verify auth challenge
1566
+ # response*. When Amazon Cognito invokes any of these functions, it
1567
+ # passes a JSON payload, which the function receives as input. This
1568
+ # payload contains a `clientMetadata` attribute, which provides the data
1569
+ # that you assigned to the ClientMetadata parameter in your
1570
+ # AdminRespondToAuthChallenge request. In your function code in AWS
1571
+ # Lambda, you can process the `clientMetadata` value to enhance your
1572
+ # workflow for your specific needs.
1573
+ #
1574
+ # For more information, see [Customizing User Pool Workflows with Lambda
1575
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
1576
+ #
1577
+ # <note markdown="1"> Take the following limitations into consideration when you use the
1578
+ # ClientMetadata parameter:
1579
+ #
1580
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
1581
+ # available only to AWS Lambda triggers that are assigned to a user
1582
+ # pool to support custom workflows. If your user pool configuration
1583
+ # does not include triggers, the ClientMetadata parameter serves no
1584
+ # purpose.
1585
+ #
1586
+ # * Amazon Cognito does not validate the ClientMetadata value.
1587
+ #
1588
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
1589
+ # don't use it to provide sensitive information.
1590
+ #
1591
+ # </note>
1592
+ #
1593
+ #
1594
+ #
1595
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
1596
+ #
1377
1597
  # @return [Types::AdminRespondToAuthChallengeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1378
1598
  #
1379
1599
  # * {Types::AdminRespondToAuthChallengeResponse#challenge_name #challenge_name} => String
@@ -1406,6 +1626,9 @@ module Aws::CognitoIdentityProvider
1406
1626
  # ],
1407
1627
  # encoded_data: "StringType",
1408
1628
  # },
1629
+ # client_metadata: {
1630
+ # "StringType" => "StringType",
1631
+ # },
1409
1632
  # })
1410
1633
  #
1411
1634
  # @example Response structure
@@ -1431,7 +1654,12 @@ module Aws::CognitoIdentityProvider
1431
1654
  req.send_request(options)
1432
1655
  end
1433
1656
 
1434
- # Sets the user's multi-factor authentication (MFA) preference.
1657
+ # Sets the user's multi-factor authentication (MFA) preference,
1658
+ # including which MFA options are enabled and if any are preferred. Only
1659
+ # one factor can be set as preferred. The preferred MFA factor will be
1660
+ # used to authenticate a user if multiple factors are enabled. If
1661
+ # multiple options are enabled and no preference is set, a challenge to
1662
+ # choose an MFA option will be returned during sign in.
1435
1663
  #
1436
1664
  # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
1437
1665
  # The SMS text message MFA settings.
@@ -1471,13 +1699,32 @@ module Aws::CognitoIdentityProvider
1471
1699
  req.send_request(options)
1472
1700
  end
1473
1701
 
1702
+ # Sets the specified user's password in a user pool as an
1703
+ # administrator. Works on any user.
1704
+ #
1705
+ # The password can be temporary or permanent. If it is temporary, the
1706
+ # user status will be placed into the `FORCE_CHANGE_PASSWORD` state.
1707
+ # When the user next tries to sign in, the
1708
+ # InitiateAuth/AdminInitiateAuth response will contain the
1709
+ # `NEW_PASSWORD_REQUIRED` challenge. If the user does not sign in before
1710
+ # it expires, the user will not be able to sign in and their password
1711
+ # will need to be reset by an administrator.
1712
+ #
1713
+ # Once the user has set a new password, or the password is permanent,
1714
+ # the user status will be set to `Confirmed`.
1715
+ #
1474
1716
  # @option params [required, String] :user_pool_id
1717
+ # The user pool ID for the user pool where you want to set the user's
1718
+ # password.
1475
1719
  #
1476
1720
  # @option params [required, String] :username
1721
+ # The user name of the user whose password you wish to set.
1477
1722
  #
1478
1723
  # @option params [required, String] :password
1724
+ # The password for the user.
1479
1725
  #
1480
1726
  # @option params [Boolean] :permanent
1727
+ # `True` if the password is permanent, `False` if it is temporary.
1481
1728
  #
1482
1729
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1483
1730
  #
@@ -1499,20 +1746,21 @@ module Aws::CognitoIdentityProvider
1499
1746
  req.send_request(options)
1500
1747
  end
1501
1748
 
1502
- # Sets all the user settings for a specified user name. Works on any
1503
- # user.
1504
- #
1505
- # Requires developer credentials.
1749
+ # *This action is no longer supported.* You can use it to configure only
1750
+ # SMS MFA. You can't use it to configure TOTP software token MFA. To
1751
+ # configure either type of MFA, use the AdminSetUserMFAPreference action
1752
+ # instead.
1506
1753
  #
1507
1754
  # @option params [required, String] :user_pool_id
1508
- # The user pool ID for the user pool where you want to set the user's
1509
- # settings, such as MFA options.
1755
+ # The ID of the user pool that contains the user that you are setting
1756
+ # options for.
1510
1757
  #
1511
1758
  # @option params [required, String] :username
1512
- # The user name of the user for whom you wish to set user settings.
1759
+ # The user name of the user that you are setting options for.
1513
1760
  #
1514
1761
  # @option params [required, Array<Types::MFAOptionType>] :mfa_options
1515
- # Specifies the options for MFA (e.g., email or phone number).
1762
+ # You can use this parameter only to set an SMS configuration that uses
1763
+ # SMS for delivery.
1516
1764
  #
1517
1765
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1518
1766
  #
@@ -1577,7 +1825,7 @@ module Aws::CognitoIdentityProvider
1577
1825
 
1578
1826
  # Updates the device status as an administrator.
1579
1827
  #
1580
- # Requires developer credentials.
1828
+ # Calling this action requires developer credentials.
1581
1829
  #
1582
1830
  # @option params [required, String] :user_pool_id
1583
1831
  # The user pool ID.
@@ -1620,7 +1868,7 @@ module Aws::CognitoIdentityProvider
1620
1868
  # In addition to updating user attributes, this API can also be used to
1621
1869
  # mark phone and email as verified.
1622
1870
  #
1623
- # Requires developer credentials.
1871
+ # Calling this action requires developer credentials.
1624
1872
  #
1625
1873
  # @option params [required, String] :user_pool_id
1626
1874
  # The user pool ID for the user pool where you want to update user
@@ -1635,6 +1883,44 @@ module Aws::CognitoIdentityProvider
1635
1883
  # For custom attributes, you must prepend the `custom:` prefix to the
1636
1884
  # attribute name.
1637
1885
  #
1886
+ # @option params [Hash<String,String>] :client_metadata
1887
+ # A map of custom key-value pairs that you can provide as input for any
1888
+ # custom workflows that this action triggers.
1889
+ #
1890
+ # You create custom workflows by assigning AWS Lambda functions to user
1891
+ # pool triggers. When you use the AdminUpdateUserAttributes API action,
1892
+ # Amazon Cognito invokes the function that is assigned to the *custom
1893
+ # message* trigger. When Amazon Cognito invokes this function, it passes
1894
+ # a JSON payload, which the function receives as input. This payload
1895
+ # contains a `clientMetadata` attribute, which provides the data that
1896
+ # you assigned to the ClientMetadata parameter in your
1897
+ # AdminUpdateUserAttributes request. In your function code in AWS
1898
+ # Lambda, you can process the `clientMetadata` value to enhance your
1899
+ # workflow for your specific needs.
1900
+ #
1901
+ # For more information, see [Customizing User Pool Workflows with Lambda
1902
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
1903
+ #
1904
+ # <note markdown="1"> Take the following limitations into consideration when you use the
1905
+ # ClientMetadata parameter:
1906
+ #
1907
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
1908
+ # available only to AWS Lambda triggers that are assigned to a user
1909
+ # pool to support custom workflows. If your user pool configuration
1910
+ # does not include triggers, the ClientMetadata parameter serves no
1911
+ # purpose.
1912
+ #
1913
+ # * Amazon Cognito does not validate the ClientMetadata value.
1914
+ #
1915
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
1916
+ # don't use it to provide sensitive information.
1917
+ #
1918
+ # </note>
1919
+ #
1920
+ #
1921
+ #
1922
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
1923
+ #
1638
1924
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1639
1925
  #
1640
1926
  # @example Request syntax with placeholder values
@@ -1648,6 +1934,9 @@ module Aws::CognitoIdentityProvider
1648
1934
  # value: "AttributeValueType",
1649
1935
  # },
1650
1936
  # ],
1937
+ # client_metadata: {
1938
+ # "StringType" => "StringType",
1939
+ # },
1651
1940
  # })
1652
1941
  #
1653
1942
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminUpdateUserAttributes AWS API Documentation
@@ -1661,7 +1950,7 @@ module Aws::CognitoIdentityProvider
1661
1950
 
1662
1951
  # Signs out users from all devices, as an administrator.
1663
1952
  #
1664
- # Requires developer credentials.
1953
+ # Calling this action requires developer credentials.
1665
1954
  #
1666
1955
  # @option params [required, String] :user_pool_id
1667
1956
  # The user pool ID.
@@ -1831,6 +2120,44 @@ module Aws::CognitoIdentityProvider
1831
2120
  # location used for evaluating the risk of an unexpected event by Amazon
1832
2121
  # Cognito advanced security.
1833
2122
  #
2123
+ # @option params [Hash<String,String>] :client_metadata
2124
+ # A map of custom key-value pairs that you can provide as input for any
2125
+ # custom workflows that this action triggers.
2126
+ #
2127
+ # You create custom workflows by assigning AWS Lambda functions to user
2128
+ # pool triggers. When you use the ConfirmForgotPassword API action,
2129
+ # Amazon Cognito invokes the functions that are assigned to the *post
2130
+ # confirmation* and *pre mutation* triggers. When Amazon Cognito invokes
2131
+ # either of these functions, it passes a JSON payload, which the
2132
+ # function receives as input. This payload contains a `clientMetadata`
2133
+ # attribute, which provides the data that you assigned to the
2134
+ # ClientMetadata parameter in your ConfirmForgotPassword request. In
2135
+ # your function code in AWS Lambda, you can process the `clientMetadata`
2136
+ # value to enhance your workflow for your specific needs.
2137
+ #
2138
+ # For more information, see [Customizing User Pool Workflows with Lambda
2139
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
2140
+ #
2141
+ # <note markdown="1"> Take the following limitations into consideration when you use the
2142
+ # ClientMetadata parameter:
2143
+ #
2144
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
2145
+ # available only to AWS Lambda triggers that are assigned to a user
2146
+ # pool to support custom workflows. If your user pool configuration
2147
+ # does not include triggers, the ClientMetadata parameter serves no
2148
+ # purpose.
2149
+ #
2150
+ # * Amazon Cognito does not validate the ClientMetadata value.
2151
+ #
2152
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
2153
+ # don't use it to provide sensitive information.
2154
+ #
2155
+ # </note>
2156
+ #
2157
+ #
2158
+ #
2159
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
2160
+ #
1834
2161
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1835
2162
  #
1836
2163
  # @example Request syntax with placeholder values
@@ -1847,6 +2174,9 @@ module Aws::CognitoIdentityProvider
1847
2174
  # user_context_data: {
1848
2175
  # encoded_data: "StringType",
1849
2176
  # },
2177
+ # client_metadata: {
2178
+ # "StringType" => "StringType",
2179
+ # },
1850
2180
  # })
1851
2181
  #
1852
2182
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ConfirmForgotPassword AWS API Documentation
@@ -1894,6 +2224,44 @@ module Aws::CognitoIdentityProvider
1894
2224
  # location used for evaluating the risk of an unexpected event by Amazon
1895
2225
  # Cognito advanced security.
1896
2226
  #
2227
+ # @option params [Hash<String,String>] :client_metadata
2228
+ # A map of custom key-value pairs that you can provide as input for any
2229
+ # custom workflows that this action triggers.
2230
+ #
2231
+ # You create custom workflows by assigning AWS Lambda functions to user
2232
+ # pool triggers. When you use the ConfirmSignUp API action, Amazon
2233
+ # Cognito invokes the function that is assigned to the *post
2234
+ # confirmation* trigger. When Amazon Cognito invokes this function, it
2235
+ # passes a JSON payload, which the function receives as input. This
2236
+ # payload contains a `clientMetadata` attribute, which provides the data
2237
+ # that you assigned to the ClientMetadata parameter in your
2238
+ # ConfirmSignUp request. In your function code in AWS Lambda, you can
2239
+ # process the `clientMetadata` value to enhance your workflow for your
2240
+ # specific needs.
2241
+ #
2242
+ # For more information, see [Customizing User Pool Workflows with Lambda
2243
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
2244
+ #
2245
+ # <note markdown="1"> Take the following limitations into consideration when you use the
2246
+ # ClientMetadata parameter:
2247
+ #
2248
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
2249
+ # available only to AWS Lambda triggers that are assigned to a user
2250
+ # pool to support custom workflows. If your user pool configuration
2251
+ # does not include triggers, the ClientMetadata parameter serves no
2252
+ # purpose.
2253
+ #
2254
+ # * Amazon Cognito does not validate the ClientMetadata value.
2255
+ #
2256
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
2257
+ # don't use it to provide sensitive information.
2258
+ #
2259
+ # </note>
2260
+ #
2261
+ #
2262
+ #
2263
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
2264
+ #
1897
2265
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1898
2266
  #
1899
2267
  # @example Request syntax with placeholder values
@@ -1910,6 +2278,9 @@ module Aws::CognitoIdentityProvider
1910
2278
  # user_context_data: {
1911
2279
  # encoded_data: "StringType",
1912
2280
  # },
2281
+ # client_metadata: {
2282
+ # "StringType" => "StringType",
2283
+ # },
1913
2284
  # })
1914
2285
  #
1915
2286
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ConfirmSignUp AWS API Documentation
@@ -1923,7 +2294,7 @@ module Aws::CognitoIdentityProvider
1923
2294
 
1924
2295
  # Creates a new group in the specified user pool.
1925
2296
  #
1926
- # Requires developer credentials.
2297
+ # Calling this action requires developer credentials.
1927
2298
  #
1928
2299
  # @option params [required, String] :group_name
1929
2300
  # The name of the group. Must be unique.
@@ -2519,7 +2890,9 @@ module Aws::CognitoIdentityProvider
2519
2890
  #
2520
2891
  # @option params [Array<String>] :allowed_o_auth_scopes
2521
2892
  # A list of allowed `OAuth` scopes. Currently supported values are
2522
- # `"phone"`, `"email"`, `"openid"`, and `"Cognito"`.
2893
+ # `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
2894
+ # these values, custom scopes created in Resource Servers are also
2895
+ # supported.
2523
2896
  #
2524
2897
  # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
2525
2898
  # Set to `True` if the client is allowed to follow the OAuth protocol
@@ -2651,7 +3024,7 @@ module Aws::CognitoIdentityProvider
2651
3024
 
2652
3025
  # Deletes a group. Currently only groups with no members can be deleted.
2653
3026
  #
2654
- # Requires developer credentials.
3027
+ # Calling this action requires developer credentials.
2655
3028
  #
2656
3029
  # @option params [required, String] :group_name
2657
3030
  # The name of the group.
@@ -3289,6 +3662,44 @@ module Aws::CognitoIdentityProvider
3289
3662
  # The Amazon Pinpoint analytics metadata for collecting metrics for
3290
3663
  # `ForgotPassword` calls.
3291
3664
  #
3665
+ # @option params [Hash<String,String>] :client_metadata
3666
+ # A map of custom key-value pairs that you can provide as input for any
3667
+ # custom workflows that this action triggers.
3668
+ #
3669
+ # You create custom workflows by assigning AWS Lambda functions to user
3670
+ # pool triggers. When you use the ForgotPassword API action, Amazon
3671
+ # Cognito invokes any functions that are assigned to the following
3672
+ # triggers: *pre sign-up*, *custom message*, and *user migration*. When
3673
+ # Amazon Cognito invokes any of these functions, it passes a JSON
3674
+ # payload, which the function receives as input. This payload contains a
3675
+ # `clientMetadata` attribute, which provides the data that you assigned
3676
+ # to the ClientMetadata parameter in your ForgotPassword request. In
3677
+ # your function code in AWS Lambda, you can process the `clientMetadata`
3678
+ # value to enhance your workflow for your specific needs.
3679
+ #
3680
+ # For more information, see [Customizing User Pool Workflows with Lambda
3681
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
3682
+ #
3683
+ # <note markdown="1"> Take the following limitations into consideration when you use the
3684
+ # ClientMetadata parameter:
3685
+ #
3686
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
3687
+ # available only to AWS Lambda triggers that are assigned to a user
3688
+ # pool to support custom workflows. If your user pool configuration
3689
+ # does not include triggers, the ClientMetadata parameter serves no
3690
+ # purpose.
3691
+ #
3692
+ # * Amazon Cognito does not validate the ClientMetadata value.
3693
+ #
3694
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
3695
+ # don't use it to provide sensitive information.
3696
+ #
3697
+ # </note>
3698
+ #
3699
+ #
3700
+ #
3701
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
3702
+ #
3292
3703
  # @return [Types::ForgotPasswordResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3293
3704
  #
3294
3705
  # * {Types::ForgotPasswordResponse#code_delivery_details #code_delivery_details} => Types::CodeDeliveryDetailsType
@@ -3305,6 +3716,9 @@ module Aws::CognitoIdentityProvider
3305
3716
  # analytics_metadata: {
3306
3717
  # analytics_endpoint_id: "StringType",
3307
3718
  # },
3719
+ # client_metadata: {
3720
+ # "StringType" => "StringType",
3721
+ # },
3308
3722
  # })
3309
3723
  #
3310
3724
  # @example Response structure
@@ -3395,7 +3809,7 @@ module Aws::CognitoIdentityProvider
3395
3809
 
3396
3810
  # Gets a group.
3397
3811
  #
3398
- # Requires developer credentials.
3812
+ # Calling this action requires developer credentials.
3399
3813
  #
3400
3814
  # @option params [required, String] :group_name
3401
3815
  # The name of the group.
@@ -3598,6 +4012,44 @@ module Aws::CognitoIdentityProvider
3598
4012
  # The attribute name returned by the server response to get the user
3599
4013
  # attribute verification code.
3600
4014
  #
4015
+ # @option params [Hash<String,String>] :client_metadata
4016
+ # A map of custom key-value pairs that you can provide as input for any
4017
+ # custom workflows that this action triggers.
4018
+ #
4019
+ # You create custom workflows by assigning AWS Lambda functions to user
4020
+ # pool triggers. When you use the GetUserAttributeVerificationCode API
4021
+ # action, Amazon Cognito invokes the function that is assigned to the
4022
+ # *custom message* trigger. When Amazon Cognito invokes this function,
4023
+ # it passes a JSON payload, which the function receives as input. This
4024
+ # payload contains a `clientMetadata` attribute, which provides the data
4025
+ # that you assigned to the ClientMetadata parameter in your
4026
+ # GetUserAttributeVerificationCode request. In your function code in AWS
4027
+ # Lambda, you can process the `clientMetadata` value to enhance your
4028
+ # workflow for your specific needs.
4029
+ #
4030
+ # For more information, see [Customizing User Pool Workflows with Lambda
4031
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
4032
+ #
4033
+ # <note markdown="1"> Take the following limitations into consideration when you use the
4034
+ # ClientMetadata parameter:
4035
+ #
4036
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
4037
+ # available only to AWS Lambda triggers that are assigned to a user
4038
+ # pool to support custom workflows. If your user pool configuration
4039
+ # does not include triggers, the ClientMetadata parameter serves no
4040
+ # purpose.
4041
+ #
4042
+ # * Amazon Cognito does not validate the ClientMetadata value.
4043
+ #
4044
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
4045
+ # don't use it to provide sensitive information.
4046
+ #
4047
+ # </note>
4048
+ #
4049
+ #
4050
+ #
4051
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
4052
+ #
3601
4053
  # @return [Types::GetUserAttributeVerificationCodeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3602
4054
  #
3603
4055
  # * {Types::GetUserAttributeVerificationCodeResponse#code_delivery_details #code_delivery_details} => Types::CodeDeliveryDetailsType
@@ -3607,6 +4059,9 @@ module Aws::CognitoIdentityProvider
3607
4059
  # resp = client.get_user_attribute_verification_code({
3608
4060
  # access_token: "TokenModelType", # required
3609
4061
  # attribute_name: "AttributeNameType", # required
4062
+ # client_metadata: {
4063
+ # "StringType" => "StringType",
4064
+ # },
3610
4065
  # })
3611
4066
  #
3612
4067
  # @example Response structure
@@ -3730,9 +4185,67 @@ module Aws::CognitoIdentityProvider
3730
4185
  # client is configured with client secret), `DEVICE_KEY`
3731
4186
  #
3732
4187
  # @option params [Hash<String,String>] :client_metadata
3733
- # This is a random key-value pair map which can contain any key and will
3734
- # be passed to your PreAuthentication Lambda trigger as-is. It can be
3735
- # used to implement additional validations around authentication.
4188
+ # A map of custom key-value pairs that you can provide as input for
4189
+ # certain custom workflows that this action triggers.
4190
+ #
4191
+ # You create custom workflows by assigning AWS Lambda functions to user
4192
+ # pool triggers. When you use the InitiateAuth API action, Amazon
4193
+ # Cognito invokes the AWS Lambda functions that are specified for
4194
+ # various triggers. The ClientMetadata value is passed as input to the
4195
+ # functions for only the following triggers:
4196
+ #
4197
+ # * Pre signup
4198
+ #
4199
+ # * Pre authentication
4200
+ #
4201
+ # * User migration
4202
+ #
4203
+ # When Amazon Cognito invokes the functions for these triggers, it
4204
+ # passes a JSON payload, which the function receives as input. This
4205
+ # payload contains a `validationData` attribute, which provides the data
4206
+ # that you assigned to the ClientMetadata parameter in your InitiateAuth
4207
+ # request. In your function code in AWS Lambda, you can process the
4208
+ # `validationData` value to enhance your workflow for your specific
4209
+ # needs.
4210
+ #
4211
+ # When you use the InitiateAuth API action, Amazon Cognito also invokes
4212
+ # the functions for the following triggers, but it does not provide the
4213
+ # ClientMetadata value as input:
4214
+ #
4215
+ # * Post authentication
4216
+ #
4217
+ # * Custom message
4218
+ #
4219
+ # * Pre token generation
4220
+ #
4221
+ # * Create auth challenge
4222
+ #
4223
+ # * Define auth challenge
4224
+ #
4225
+ # * Verify auth challenge
4226
+ #
4227
+ # For more information, see [Customizing User Pool Workflows with Lambda
4228
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
4229
+ #
4230
+ # <note markdown="1"> Take the following limitations into consideration when you use the
4231
+ # ClientMetadata parameter:
4232
+ #
4233
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
4234
+ # available only to AWS Lambda triggers that are assigned to a user
4235
+ # pool to support custom workflows. If your user pool configuration
4236
+ # does not include triggers, the ClientMetadata parameter serves no
4237
+ # purpose.
4238
+ #
4239
+ # * Amazon Cognito does not validate the ClientMetadata value.
4240
+ #
4241
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
4242
+ # don't use it to provide sensitive information.
4243
+ #
4244
+ # </note>
4245
+ #
4246
+ #
4247
+ #
4248
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
3736
4249
  #
3737
4250
  # @option params [required, String] :client_id
3738
4251
  # The app client ID.
@@ -3842,7 +4355,7 @@ module Aws::CognitoIdentityProvider
3842
4355
 
3843
4356
  # Lists the groups associated with a user pool.
3844
4357
  #
3845
- # Requires developer credentials.
4358
+ # Calling this action requires developer credentials.
3846
4359
  #
3847
4360
  # @option params [required, String] :user_pool_id
3848
4361
  # The user pool ID for the user pool.
@@ -4231,8 +4744,8 @@ module Aws::CognitoIdentityProvider
4231
4744
  #
4232
4745
  #
4233
4746
  #
4234
- # [1]: http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
4235
- # [2]: http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
4747
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
4748
+ # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
4236
4749
  #
4237
4750
  # @return [Types::ListUsersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4238
4751
  #
@@ -4276,7 +4789,7 @@ module Aws::CognitoIdentityProvider
4276
4789
 
4277
4790
  # Lists the users in the specified group.
4278
4791
  #
4279
- # Requires developer credentials.
4792
+ # Calling this action requires developer credentials.
4280
4793
  #
4281
4794
  # @option params [required, String] :user_pool_id
4282
4795
  # The user pool ID for the user pool.
@@ -4355,6 +4868,44 @@ module Aws::CognitoIdentityProvider
4355
4868
  # The Amazon Pinpoint analytics metadata for collecting metrics for
4356
4869
  # `ResendConfirmationCode` calls.
4357
4870
  #
4871
+ # @option params [Hash<String,String>] :client_metadata
4872
+ # A map of custom key-value pairs that you can provide as input for any
4873
+ # custom workflows that this action triggers.
4874
+ #
4875
+ # You create custom workflows by assigning AWS Lambda functions to user
4876
+ # pool triggers. When you use the ResendConfirmationCode API action,
4877
+ # Amazon Cognito invokes the function that is assigned to the *custom
4878
+ # message* trigger. When Amazon Cognito invokes this function, it passes
4879
+ # a JSON payload, which the function receives as input. This payload
4880
+ # contains a `clientMetadata` attribute, which provides the data that
4881
+ # you assigned to the ClientMetadata parameter in your
4882
+ # ResendConfirmationCode request. In your function code in AWS Lambda,
4883
+ # you can process the `clientMetadata` value to enhance your workflow
4884
+ # for your specific needs.
4885
+ #
4886
+ # For more information, see [Customizing User Pool Workflows with Lambda
4887
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
4888
+ #
4889
+ # <note markdown="1"> Take the following limitations into consideration when you use the
4890
+ # ClientMetadata parameter:
4891
+ #
4892
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
4893
+ # available only to AWS Lambda triggers that are assigned to a user
4894
+ # pool to support custom workflows. If your user pool configuration
4895
+ # does not include triggers, the ClientMetadata parameter serves no
4896
+ # purpose.
4897
+ #
4898
+ # * Amazon Cognito does not validate the ClientMetadata value.
4899
+ #
4900
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
4901
+ # don't use it to provide sensitive information.
4902
+ #
4903
+ # </note>
4904
+ #
4905
+ #
4906
+ #
4907
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
4908
+ #
4358
4909
  # @return [Types::ResendConfirmationCodeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4359
4910
  #
4360
4911
  # * {Types::ResendConfirmationCodeResponse#code_delivery_details #code_delivery_details} => Types::CodeDeliveryDetailsType
@@ -4371,6 +4922,9 @@ module Aws::CognitoIdentityProvider
4371
4922
  # analytics_metadata: {
4372
4923
  # analytics_endpoint_id: "StringType",
4373
4924
  # },
4925
+ # client_metadata: {
4926
+ # "StringType" => "StringType",
4927
+ # },
4374
4928
  # })
4375
4929
  #
4376
4930
  # @example Response structure
@@ -4410,16 +4964,27 @@ module Aws::CognitoIdentityProvider
4410
4964
  # The challenge responses. These are inputs corresponding to the value
4411
4965
  # of `ChallengeName`, for example:
4412
4966
  #
4413
- # * `SMS_MFA`\: `SMS_MFA_CODE`, `USERNAME`, `SECRET_HASH` (if app client
4414
- # is configured with client secret).
4967
+ # <note markdown="1"> `SECRET_HASH` (if app client is configured with client secret) applies
4968
+ # to all inputs below (including `SOFTWARE_TOKEN_MFA`).
4969
+ #
4970
+ # </note>
4971
+ #
4972
+ # * `SMS_MFA`\: `SMS_MFA_CODE`, `USERNAME`.
4415
4973
  #
4416
4974
  # * `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
4417
- # `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`,
4418
- # `SECRET_HASH` (if app client is configured with client secret).
4975
+ # `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`.
4419
4976
  #
4420
4977
  # * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
4421
- # attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
4422
- # with client secret).
4978
+ # attributes, `USERNAME`.
4979
+ #
4980
+ # * `SOFTWARE_TOKEN_MFA`\: `USERNAME` and `SOFTWARE_TOKEN_MFA_CODE` are
4981
+ # required attributes.
4982
+ #
4983
+ # * `DEVICE_SRP_AUTH` requires `USERNAME`, `DEVICE_KEY`, `SRP_A` (and
4984
+ # `SECRET_HASH`).
4985
+ #
4986
+ # * `DEVICE_PASSWORD_VERIFIER` requires everything that
4987
+ # `PASSWORD_VERIFIER` requires plus `DEVICE_KEY`.
4423
4988
  #
4424
4989
  # @option params [Types::AnalyticsMetadataType] :analytics_metadata
4425
4990
  # The Amazon Pinpoint analytics metadata for collecting metrics for
@@ -4430,6 +4995,46 @@ module Aws::CognitoIdentityProvider
4430
4995
  # location used for evaluating the risk of an unexpected event by Amazon
4431
4996
  # Cognito advanced security.
4432
4997
  #
4998
+ # @option params [Hash<String,String>] :client_metadata
4999
+ # A map of custom key-value pairs that you can provide as input for any
5000
+ # custom workflows that this action triggers.
5001
+ #
5002
+ # You create custom workflows by assigning AWS Lambda functions to user
5003
+ # pool triggers. When you use the RespondToAuthChallenge API action,
5004
+ # Amazon Cognito invokes any functions that are assigned to the
5005
+ # following triggers: *post authentication*, *pre token generation*,
5006
+ # *define auth challenge*, *create auth challenge*, and *verify auth
5007
+ # challenge*. When Amazon Cognito invokes any of these functions, it
5008
+ # passes a JSON payload, which the function receives as input. This
5009
+ # payload contains a `clientMetadata` attribute, which provides the data
5010
+ # that you assigned to the ClientMetadata parameter in your
5011
+ # RespondToAuthChallenge request. In your function code in AWS Lambda,
5012
+ # you can process the `clientMetadata` value to enhance your workflow
5013
+ # for your specific needs.
5014
+ #
5015
+ # For more information, see [Customizing User Pool Workflows with Lambda
5016
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
5017
+ #
5018
+ # <note markdown="1"> Take the following limitations into consideration when you use the
5019
+ # ClientMetadata parameter:
5020
+ #
5021
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
5022
+ # available only to AWS Lambda triggers that are assigned to a user
5023
+ # pool to support custom workflows. If your user pool configuration
5024
+ # does not include triggers, the ClientMetadata parameter serves no
5025
+ # purpose.
5026
+ #
5027
+ # * Amazon Cognito does not validate the ClientMetadata value.
5028
+ #
5029
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
5030
+ # don't use it to provide sensitive information.
5031
+ #
5032
+ # </note>
5033
+ #
5034
+ #
5035
+ #
5036
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
5037
+ #
4433
5038
  # @return [Types::RespondToAuthChallengeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4434
5039
  #
4435
5040
  # * {Types::RespondToAuthChallengeResponse#challenge_name #challenge_name} => String
@@ -4452,6 +5057,9 @@ module Aws::CognitoIdentityProvider
4452
5057
  # user_context_data: {
4453
5058
  # encoded_data: "StringType",
4454
5059
  # },
5060
+ # client_metadata: {
5061
+ # "StringType" => "StringType",
5062
+ # },
4455
5063
  # })
4456
5064
  #
4457
5065
  # @example Response structure
@@ -4664,7 +5272,12 @@ module Aws::CognitoIdentityProvider
4664
5272
  req.send_request(options)
4665
5273
  end
4666
5274
 
4667
- # Set the user's multi-factor authentication (MFA) method preference.
5275
+ # Set the user's multi-factor authentication (MFA) method preference,
5276
+ # including which MFA factors are enabled and if any are preferred. Only
5277
+ # one factor can be set as preferred. The preferred MFA factor will be
5278
+ # used to authenticate a user if multiple factors are enabled. If
5279
+ # multiple options are enabled and no preference is set, a challenge to
5280
+ # choose an MFA option will be returned during sign in.
4668
5281
  #
4669
5282
  # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
4670
5283
  # The SMS text message multi-factor authentication (MFA) settings.
@@ -4673,7 +5286,7 @@ module Aws::CognitoIdentityProvider
4673
5286
  # The time-based one-time password software token MFA settings.
4674
5287
  #
4675
5288
  # @option params [required, String] :access_token
4676
- # The access token.
5289
+ # The access token for the user.
4677
5290
  #
4678
5291
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4679
5292
  #
@@ -4700,7 +5313,7 @@ module Aws::CognitoIdentityProvider
4700
5313
  req.send_request(options)
4701
5314
  end
4702
5315
 
4703
- # Set the user pool MFA configuration.
5316
+ # Set the user pool multi-factor authentication (MFA) configuration.
4704
5317
  #
4705
5318
  # @option params [required, String] :user_pool_id
4706
5319
  # The user pool ID.
@@ -4712,7 +5325,14 @@ module Aws::CognitoIdentityProvider
4712
5325
  # The software token MFA configuration.
4713
5326
  #
4714
5327
  # @option params [String] :mfa_configuration
4715
- # The MFA configuration.
5328
+ # The MFA configuration. Valid values include:
5329
+ #
5330
+ # * `OFF` MFA will not be used for any users.
5331
+ #
5332
+ # * `ON` MFA is required for all users to sign in.
5333
+ #
5334
+ # * `OPTIONAL` MFA will be required only for individual users who have
5335
+ # an MFA factor enabled.
4716
5336
  #
4717
5337
  # @return [Types::SetUserPoolMfaConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4718
5338
  #
@@ -4754,16 +5374,17 @@ module Aws::CognitoIdentityProvider
4754
5374
  req.send_request(options)
4755
5375
  end
4756
5376
 
4757
- # Sets the user settings like multi-factor authentication (MFA). If MFA
4758
- # is to be removed for a particular attribute pass the attribute with
4759
- # code delivery as null. If null list is passed, all MFA options are
4760
- # removed.
5377
+ # *This action is no longer supported.* You can use it to configure only
5378
+ # SMS MFA. You can't use it to configure TOTP software token MFA. To
5379
+ # configure either type of MFA, use the SetUserMFAPreference action
5380
+ # instead.
4761
5381
  #
4762
5382
  # @option params [required, String] :access_token
4763
5383
  # The access token for the set user settings request.
4764
5384
  #
4765
5385
  # @option params [required, Array<Types::MFAOptionType>] :mfa_options
4766
- # Specifies the options for MFA (e.g., email or phone number).
5386
+ # You can use this parameter only to set an SMS configuration that uses
5387
+ # SMS for delivery.
4767
5388
  #
4768
5389
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4769
5390
  #
@@ -4823,6 +5444,44 @@ module Aws::CognitoIdentityProvider
4823
5444
  # location used for evaluating the risk of an unexpected event by Amazon
4824
5445
  # Cognito advanced security.
4825
5446
  #
5447
+ # @option params [Hash<String,String>] :client_metadata
5448
+ # A map of custom key-value pairs that you can provide as input for any
5449
+ # custom workflows that this action triggers.
5450
+ #
5451
+ # You create custom workflows by assigning AWS Lambda functions to user
5452
+ # pool triggers. When you use the SignUp API action, Amazon Cognito
5453
+ # invokes any functions that are assigned to the following triggers:
5454
+ # *pre sign-up*, *custom message*, and *post confirmation*. When Amazon
5455
+ # Cognito invokes any of these functions, it passes a JSON payload,
5456
+ # which the function receives as input. This payload contains a
5457
+ # `clientMetadata` attribute, which provides the data that you assigned
5458
+ # to the ClientMetadata parameter in your SignUp request. In your
5459
+ # function code in AWS Lambda, you can process the `clientMetadata`
5460
+ # value to enhance your workflow for your specific needs.
5461
+ #
5462
+ # For more information, see [Customizing User Pool Workflows with Lambda
5463
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
5464
+ #
5465
+ # <note markdown="1"> Take the following limitations into consideration when you use the
5466
+ # ClientMetadata parameter:
5467
+ #
5468
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
5469
+ # available only to AWS Lambda triggers that are assigned to a user
5470
+ # pool to support custom workflows. If your user pool configuration
5471
+ # does not include triggers, the ClientMetadata parameter serves no
5472
+ # purpose.
5473
+ #
5474
+ # * Amazon Cognito does not validate the ClientMetadata value.
5475
+ #
5476
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
5477
+ # don't use it to provide sensitive information.
5478
+ #
5479
+ # </note>
5480
+ #
5481
+ #
5482
+ #
5483
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
5484
+ #
4826
5485
  # @return [Types::SignUpResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4827
5486
  #
4828
5487
  # * {Types::SignUpResponse#user_confirmed #user_confirmed} => Boolean
@@ -4854,6 +5513,9 @@ module Aws::CognitoIdentityProvider
4854
5513
  # user_context_data: {
4855
5514
  # encoded_data: "StringType",
4856
5515
  # },
5516
+ # client_metadata: {
5517
+ # "StringType" => "StringType",
5518
+ # },
4857
5519
  # })
4858
5520
  #
4859
5521
  # @example Response structure
@@ -4986,7 +5648,7 @@ module Aws::CognitoIdentityProvider
4986
5648
  # @option params [required, String] :resource_arn
4987
5649
  # The Amazon Resource Name (ARN) of the user pool to assign the tags to.
4988
5650
  #
4989
- # @option params [Hash<String,String>] :tags
5651
+ # @option params [required, Hash<String,String>] :tags
4990
5652
  # The tags to assign to the user pool.
4991
5653
  #
4992
5654
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -4995,7 +5657,7 @@ module Aws::CognitoIdentityProvider
4995
5657
  #
4996
5658
  # resp = client.tag_resource({
4997
5659
  # resource_arn: "ArnType", # required
4998
- # tags: {
5660
+ # tags: { # required
4999
5661
  # "TagKeysType" => "TagValueType",
5000
5662
  # },
5001
5663
  # })
@@ -5016,7 +5678,7 @@ module Aws::CognitoIdentityProvider
5016
5678
  # The Amazon Resource Name (ARN) of the user pool that the tags are
5017
5679
  # assigned to.
5018
5680
  #
5019
- # @option params [Array<String>] :tag_keys
5681
+ # @option params [required, Array<String>] :tag_keys
5020
5682
  # The keys of the tags to remove from the user pool.
5021
5683
  #
5022
5684
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -5025,7 +5687,7 @@ module Aws::CognitoIdentityProvider
5025
5687
  #
5026
5688
  # resp = client.untag_resource({
5027
5689
  # resource_arn: "ArnType", # required
5028
- # tag_keys: ["TagKeysType"],
5690
+ # tag_keys: ["TagKeysType"], # required
5029
5691
  # })
5030
5692
  #
5031
5693
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UntagResource AWS API Documentation
@@ -5110,7 +5772,7 @@ module Aws::CognitoIdentityProvider
5110
5772
 
5111
5773
  # Updates the specified group with the specified attributes.
5112
5774
  #
5113
- # Requires developer credentials.
5775
+ # Calling this action requires developer credentials.
5114
5776
  #
5115
5777
  # @option params [required, String] :group_name
5116
5778
  # The name of the group.
@@ -5283,6 +5945,44 @@ module Aws::CognitoIdentityProvider
5283
5945
  # @option params [required, String] :access_token
5284
5946
  # The access token for the request to update user attributes.
5285
5947
  #
5948
+ # @option params [Hash<String,String>] :client_metadata
5949
+ # A map of custom key-value pairs that you can provide as input for any
5950
+ # custom workflows that this action triggers.
5951
+ #
5952
+ # You create custom workflows by assigning AWS Lambda functions to user
5953
+ # pool triggers. When you use the UpdateUserAttributes API action,
5954
+ # Amazon Cognito invokes the functions that are assigned to the *custom
5955
+ # message* and *pre mutation* triggers. When Amazon Cognito invokes
5956
+ # either of these functions, it passes a JSON payload, which the
5957
+ # function receives as input. This payload contains a `clientMetadata`
5958
+ # attribute, which provides the data that you assigned to the
5959
+ # ClientMetadata parameter in your UpdateUserAttributes request. In your
5960
+ # function code in AWS Lambda, you can process the `clientMetadata`
5961
+ # value to enhance your workflow for your specific needs.
5962
+ #
5963
+ # For more information, see [Customizing User Pool Workflows with Lambda
5964
+ # Triggers][1] in the *Amazon Cognito Developer Guide*.
5965
+ #
5966
+ # <note markdown="1"> Take the following limitations into consideration when you use the
5967
+ # ClientMetadata parameter:
5968
+ #
5969
+ # * Amazon Cognito does not store the ClientMetadata value. This data is
5970
+ # available only to AWS Lambda triggers that are assigned to a user
5971
+ # pool to support custom workflows. If your user pool configuration
5972
+ # does not include triggers, the ClientMetadata parameter serves no
5973
+ # purpose.
5974
+ #
5975
+ # * Amazon Cognito does not validate the ClientMetadata value.
5976
+ #
5977
+ # * Amazon Cognito does not encrypt the the ClientMetadata value, so
5978
+ # don't use it to provide sensitive information.
5979
+ #
5980
+ # </note>
5981
+ #
5982
+ #
5983
+ #
5984
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
5985
+ #
5286
5986
  # @return [Types::UpdateUserAttributesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5287
5987
  #
5288
5988
  # * {Types::UpdateUserAttributesResponse#code_delivery_details_list #code_delivery_details_list} => Array&lt;Types::CodeDeliveryDetailsType&gt;
@@ -5297,6 +5997,9 @@ module Aws::CognitoIdentityProvider
5297
5997
  # },
5298
5998
  # ],
5299
5999
  # access_token: "TokenModelType", # required
6000
+ # client_metadata: {
6001
+ # "StringType" => "StringType",
6002
+ # },
5300
6003
  # })
5301
6004
  #
5302
6005
  # @example Response structure
@@ -5548,7 +6251,9 @@ module Aws::CognitoIdentityProvider
5548
6251
  #
5549
6252
  # @option params [Array<String>] :allowed_o_auth_scopes
5550
6253
  # A list of allowed `OAuth` scopes. Currently supported values are
5551
- # `"phone"`, `"email"`, `"openid"`, and `"Cognito"`.
6254
+ # `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
6255
+ # these values, custom scopes created in Resource Servers are also
6256
+ # supported.
5552
6257
  #
5553
6258
  # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
5554
6259
  # Set to TRUE if the client is allowed to follow the OAuth protocol when
@@ -5795,7 +6500,7 @@ module Aws::CognitoIdentityProvider
5795
6500
  params: params,
5796
6501
  config: config)
5797
6502
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
5798
- context[:gem_version] = '1.25.0'
6503
+ context[:gem_version] = '1.26.0'
5799
6504
  Seahorse::Client::Request.new(handlers, context)
5800
6505
  end
5801
6506