aws-sdk-cognitoidentityprovider 1.30.0 → 1.31.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8304963898926cfad3854c37272f0700ed0eff65
-  data.tar.gz: 5dfdc9f3fb683a7eb1bf31e32895d4c4bc54da23
+  metadata.gz: 578f7d94326ca7c6330d2fe103763deab0ac2a0e
+  data.tar.gz: 827cb1755e2cacca7d4e20b308b41c3225bf160b
 SHA512:
-  metadata.gz: 26b1742ed753bae3d6f4bbad3d012b136b3dfdfe10ffd109ab0e58e3badc60a2e480643e6d433d6394c7992aef5966b4f7f4ff26a9d5082ae3a2710f503896c0
-  data.tar.gz: 8577208a0071b71f0781667769170e9c7b89e75762c881237670bde43ec1b801132b75b774fdf130ce33e0c8c1a76df415624fb4526562a5a09ca0a57a5a3a13
+  metadata.gz: 6bb8b9eb46d02d64cf7b185c5f4ac8efd88b1ea4fac04f94a66b26c8a6104b50f916828628f04b07196fdb3c26f6911a5d0588736ab459a52079edfb781e9651
+  data.tar.gz: 8a82815bc9182b9267c9c5b8e16208108963990e737ee6b2707dd6052d20ec9f312c3cb7fc96f7ec684e4e0f845d89e7bda62007c2fa91431cf6062ede5f66b6

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # @service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.30.0'
+  GEM_VERSION = '1.31.0'
 
 end

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -1953,7 +1953,10 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # Signs out users from all devices, as an administrator.
+    # Signs out users from all devices, as an administrator. It also
+    # invalidates all refresh tokens issued to a user. The user's current
+    # access and Id tokens remain valid until their expiry. Access and Id
+    # tokens expire one hour after they are issued.
     #
     # Calling this action requires developer credentials.
     #
@@ -2620,6 +2623,21 @@ module Aws::CognitoIdentityProvider
     #   Used to enable advanced security risk detection. Set the key
     #   `AdvancedSecurityMode` to the value "AUDIT".
     #
+    # @option params [Types::AccountRecoverySettingType] :account_recovery_setting
+    #   Use this setting to define which verified available method a user can
+    #   use to recover their password when they call `ForgotPassword`. It
+    #   allows you to define a preferred method when a user has more than one
+    #   method available. With this setting, SMS does not qualify for a valid
+    #   password recovery mechanism if the user also has SMS MFA enabled. In
+    #   the absence of this setting, Cognito uses the legacy behavior to
+    #   determine the recovery method where SMS is preferred over email.
+    #
+    #   <note markdown="1"> Starting February 1, 2020, the value of `AccountRecoverySetting` will
+    #   default to `verified_email` first and `verified_phone_number` as the
+    #   second option for newly created user pools if no value is provided.
+    #
+    #    </note>
+    #
     # @return [Types::CreateUserPoolResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateUserPoolResponse#user_pool #user_pool} => Types::UserPoolType
@@ -2713,6 +2731,14 @@ module Aws::CognitoIdentityProvider
     #     user_pool_add_ons: {
     #       advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
     #     },
+    #     account_recovery_setting: {
+    #       recovery_mechanisms: [
+    #         {
+    #           priority: 1, # required
+    #           name: "verified_email", # required, accepts verified_email, verified_phone_number, admin_only
+    #         },
+    #       ],
+    #     },
     #   })
     #
     # @example Response structure
@@ -2788,6 +2814,9 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
     #   resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
     #   resp.user_pool.arn #=> String
+    #   resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
+    #   resp.user_pool.account_recovery_setting.recovery_mechanisms[0].priority #=> Integer
+    #   resp.user_pool.account_recovery_setting.recovery_mechanisms[0].name #=> String, one of "verified_email", "verified_phone_number", "admin_only"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPool AWS API Documentation
     #
@@ -3576,6 +3605,9 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
     #   resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
     #   resp.user_pool.arn #=> String
+    #   resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
+    #   resp.user_pool.account_recovery_setting.recovery_mechanisms[0].priority #=> Integer
+    #   resp.user_pool.account_recovery_setting.recovery_mechanisms[0].name #=> String, one of "verified_email", "verified_phone_number", "admin_only"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPool AWS API Documentation
     #
@@ -4191,7 +4223,10 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # Signs out users from all devices.
+    # Signs out users from all devices. It also invalidates all refresh
+    # tokens issued to a user. The user's current access and Id tokens
+    # remain valid until their expiry. Access and Id tokens expire one hour
+    # after they are issued.
     #
     # @option params [required, String] :access_token
     #   The access token.
@@ -6175,6 +6210,15 @@ module Aws::CognitoIdentityProvider
     #   Used to enable advanced security risk detection. Set the key
     #   `AdvancedSecurityMode` to the value "AUDIT".
     #
+    # @option params [Types::AccountRecoverySettingType] :account_recovery_setting
+    #   Use this setting to define which verified available method a user can
+    #   use to recover their password when they call `ForgotPassword`. It
+    #   allows you to define a preferred method when a user has more than one
+    #   method available. With this setting, SMS does not qualify for a valid
+    #   password recovery mechanism if the user also has SMS MFA enabled. In
+    #   the absence of this setting, Cognito uses the legacy behavior to
+    #   determine the recovery method where SMS is preferred over email.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -6247,6 +6291,14 @@ module Aws::CognitoIdentityProvider
     #     user_pool_add_ons: {
     #       advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
     #     },
+    #     account_recovery_setting: {
+    #       recovery_mechanisms: [
+    #         {
+    #           priority: 1, # required
+    #           name: "verified_email", # required, accepts verified_email, verified_phone_number, admin_only
+    #         },
+    #       ],
+    #     },
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPool AWS API Documentation
@@ -6661,7 +6713,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.30.0'
+      context[:gem_version] = '1.31.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb

@@ -12,6 +12,7 @@ module Aws::CognitoIdentityProvider
     include Seahorse::Model
 
     AWSAccountIdType = Shapes::StringShape.new(name: 'AWSAccountIdType')
+    AccountRecoverySettingType = Shapes::StructureShape.new(name: 'AccountRecoverySettingType')
     AccountTakeoverActionNotifyType = Shapes::BooleanShape.new(name: 'AccountTakeoverActionNotifyType')
     AccountTakeoverActionType = Shapes::StructureShape.new(name: 'AccountTakeoverActionType')
     AccountTakeoverActionsType = Shapes::StructureShape.new(name: 'AccountTakeoverActionsType')
@@ -309,6 +310,7 @@ module Aws::CognitoIdentityProvider
     PrecedenceType = Shapes::IntegerShape.new(name: 'PrecedenceType')
     PreconditionNotMetException = Shapes::StructureShape.new(name: 'PreconditionNotMetException')
     PreventUserExistenceErrorTypes = Shapes::StringShape.new(name: 'PreventUserExistenceErrorTypes')
+    PriorityType = Shapes::IntegerShape.new(name: 'PriorityType')
     ProviderDescription = Shapes::StructureShape.new(name: 'ProviderDescription')
     ProviderDetailsType = Shapes::MapShape.new(name: 'ProviderDetailsType')
     ProviderNameType = Shapes::StringShape.new(name: 'ProviderNameType')
@@ -317,6 +319,9 @@ module Aws::CognitoIdentityProvider
     ProvidersListType = Shapes::ListShape.new(name: 'ProvidersListType')
     QueryLimit = Shapes::IntegerShape.new(name: 'QueryLimit')
     QueryLimitType = Shapes::IntegerShape.new(name: 'QueryLimitType')
+    RecoveryMechanismsType = Shapes::ListShape.new(name: 'RecoveryMechanismsType')
+    RecoveryOptionNameType = Shapes::StringShape.new(name: 'RecoveryOptionNameType')
+    RecoveryOptionType = Shapes::StructureShape.new(name: 'RecoveryOptionType')
     RedirectUrlType = Shapes::StringShape.new(name: 'RedirectUrlType')
     RefreshTokenValidityType = Shapes::IntegerShape.new(name: 'RefreshTokenValidityType')
     ResendConfirmationCodeRequest = Shapes::StructureShape.new(name: 'ResendConfirmationCodeRequest')
@@ -452,6 +457,9 @@ module Aws::CognitoIdentityProvider
     VerifyUserAttributeRequest = Shapes::StructureShape.new(name: 'VerifyUserAttributeRequest')
     VerifyUserAttributeResponse = Shapes::StructureShape.new(name: 'VerifyUserAttributeResponse')
 
+    AccountRecoverySettingType.add_member(:recovery_mechanisms, Shapes::ShapeRef.new(shape: RecoveryMechanismsType, location_name: "RecoveryMechanisms"))
+    AccountRecoverySettingType.struct_class = Types::AccountRecoverySettingType
+
     AccountTakeoverActionType.add_member(:notify, Shapes::ShapeRef.new(shape: AccountTakeoverActionNotifyType, required: true, location_name: "Notify"))
     AccountTakeoverActionType.add_member(:event_action, Shapes::ShapeRef.new(shape: AccountTakeoverEventActionType, required: true, location_name: "EventAction"))
     AccountTakeoverActionType.struct_class = Types::AccountTakeoverActionType
@@ -925,6 +933,7 @@ module Aws::CognitoIdentityProvider
     CreateUserPoolRequest.add_member(:admin_create_user_config, Shapes::ShapeRef.new(shape: AdminCreateUserConfigType, location_name: "AdminCreateUserConfig"))
     CreateUserPoolRequest.add_member(:schema, Shapes::ShapeRef.new(shape: SchemaAttributesListType, location_name: "Schema"))
     CreateUserPoolRequest.add_member(:user_pool_add_ons, Shapes::ShapeRef.new(shape: UserPoolAddOnsType, location_name: "UserPoolAddOns"))
+    CreateUserPoolRequest.add_member(:account_recovery_setting, Shapes::ShapeRef.new(shape: AccountRecoverySettingType, location_name: "AccountRecoverySetting"))
     CreateUserPoolRequest.struct_class = Types::CreateUserPoolRequest
 
     CreateUserPoolResponse.add_member(:user_pool, Shapes::ShapeRef.new(shape: UserPoolType, location_name: "UserPool"))
@@ -1419,6 +1428,12 @@ module Aws::CognitoIdentityProvider
 
     ProvidersListType.member = Shapes::ShapeRef.new(shape: ProviderDescription)
 
+    RecoveryMechanismsType.member = Shapes::ShapeRef.new(shape: RecoveryOptionType)
+
+    RecoveryOptionType.add_member(:priority, Shapes::ShapeRef.new(shape: PriorityType, required: true, location_name: "Priority"))
+    RecoveryOptionType.add_member(:name, Shapes::ShapeRef.new(shape: RecoveryOptionNameType, required: true, location_name: "Name"))
+    RecoveryOptionType.struct_class = Types::RecoveryOptionType
+
     ResendConfirmationCodeRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, required: true, location_name: "ClientId"))
     ResendConfirmationCodeRequest.add_member(:secret_hash, Shapes::ShapeRef.new(shape: SecretHashType, location_name: "SecretHash"))
     ResendConfirmationCodeRequest.add_member(:user_context_data, Shapes::ShapeRef.new(shape: UserContextDataType, location_name: "UserContextData"))
@@ -1729,6 +1744,7 @@ module Aws::CognitoIdentityProvider
     UpdateUserPoolRequest.add_member(:user_pool_tags, Shapes::ShapeRef.new(shape: UserPoolTagsType, location_name: "UserPoolTags"))
     UpdateUserPoolRequest.add_member(:admin_create_user_config, Shapes::ShapeRef.new(shape: AdminCreateUserConfigType, location_name: "AdminCreateUserConfig"))
     UpdateUserPoolRequest.add_member(:user_pool_add_ons, Shapes::ShapeRef.new(shape: UserPoolAddOnsType, location_name: "UserPoolAddOns"))
+    UpdateUserPoolRequest.add_member(:account_recovery_setting, Shapes::ShapeRef.new(shape: AccountRecoverySettingType, location_name: "AccountRecoverySetting"))
     UpdateUserPoolRequest.struct_class = Types::UpdateUserPoolRequest
 
     UpdateUserPoolResponse.struct_class = Types::UpdateUserPoolResponse
@@ -1851,6 +1867,7 @@ module Aws::CognitoIdentityProvider
     UserPoolType.add_member(:admin_create_user_config, Shapes::ShapeRef.new(shape: AdminCreateUserConfigType, location_name: "AdminCreateUserConfig"))
     UserPoolType.add_member(:user_pool_add_ons, Shapes::ShapeRef.new(shape: UserPoolAddOnsType, location_name: "UserPoolAddOns"))
     UserPoolType.add_member(:arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "Arn"))
+    UserPoolType.add_member(:account_recovery_setting, Shapes::ShapeRef.new(shape: AccountRecoverySettingType, location_name: "AccountRecoverySetting"))
     UserPoolType.struct_class = Types::UserPoolType
 
     UserType.add_member(:username, Shapes::ShapeRef.new(shape: UsernameType, location_name: "Username"))

data/lib/aws-sdk-cognitoidentityprovider/types.rb

@@ -8,6 +8,31 @@
 module Aws::CognitoIdentityProvider
   module Types
 
+    # The data type for `AccountRecoverySetting`.
+    #
+    # @note When making an API call, you may pass AccountRecoverySettingType
+    #   data as a hash:
+    #
+    #       {
+    #         recovery_mechanisms: [
+    #           {
+    #             priority: 1, # required
+    #             name: "verified_email", # required, accepts verified_email, verified_phone_number, admin_only
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] recovery_mechanisms
+    #   The list of `RecoveryOptionTypes`.
+    #   @return [Array<Types::RecoveryOptionType>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AccountRecoverySettingType AWS API Documentation
+    #
+    class AccountRecoverySettingType < Struct.new(
+      :recovery_mechanisms)
+      include Aws::Structure
+    end
+
     # Account takeover action type.
     #
     # @note When making an API call, you may pass AccountTakeoverActionType
@@ -3459,6 +3484,14 @@ module Aws::CognitoIdentityProvider
     #         user_pool_add_ons: {
     #           advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
     #         },
+    #         account_recovery_setting: {
+    #           recovery_mechanisms: [
+    #             {
+    #               priority: 1, # required
+    #               name: "verified_email", # required, accepts verified_email, verified_phone_number, admin_only
+    #             },
+    #           ],
+    #         },
     #       }
     #
     # @!attribute [rw] pool_name
@@ -3564,6 +3597,24 @@ module Aws::CognitoIdentityProvider
     #   `AdvancedSecurityMode` to the value "AUDIT".
     #   @return [Types::UserPoolAddOnsType]
     #
+    # @!attribute [rw] account_recovery_setting
+    #   Use this setting to define which verified available method a user
+    #   can use to recover their password when they call `ForgotPassword`.
+    #   It allows you to define a preferred method when a user has more than
+    #   one method available. With this setting, SMS does not qualify for a
+    #   valid password recovery mechanism if the user also has SMS MFA
+    #   enabled. In the absence of this setting, Cognito uses the legacy
+    #   behavior to determine the recovery method where SMS is preferred
+    #   over email.
+    #
+    #   <note markdown="1"> Starting February 1, 2020, the value of `AccountRecoverySetting`
+    #   will default to `verified_email` first and `verified_phone_number`
+    #   as the second option for newly created user pools if no value is
+    #   provided.
+    #
+    #    </note>
+    #   @return [Types::AccountRecoverySettingType]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolRequest AWS API Documentation
     #
     class CreateUserPoolRequest < Struct.new(
@@ -3585,7 +3636,8 @@ module Aws::CognitoIdentityProvider
       :user_pool_tags,
       :admin_create_user_config,
       :schema,
-      :user_pool_add_ons)
+      :user_pool_add_ons,
+      :account_recovery_setting)
       include Aws::Structure
     end
 
@@ -6590,6 +6642,34 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # A map containing a priority as a key, and recovery method name as a
+    # value.
+    #
+    # @note When making an API call, you may pass RecoveryOptionType
+    #   data as a hash:
+    #
+    #       {
+    #         priority: 1, # required
+    #         name: "verified_email", # required, accepts verified_email, verified_phone_number, admin_only
+    #       }
+    #
+    # @!attribute [rw] priority
+    #   A positive integer specifying priority of a method with 1 being the
+    #   highest priority.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] name
+    #   Specifies the recovery method for a user.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RecoveryOptionType AWS API Documentation
+    #
+    class RecoveryOptionType < Struct.new(
+      :priority,
+      :name)
+      include Aws::Structure
+    end
+
     # Represents the request to resend the confirmation code.
     #
     # @note When making an API call, you may pass ResendConfirmationCodeRequest
@@ -8709,6 +8789,14 @@ module Aws::CognitoIdentityProvider
     #         user_pool_add_ons: {
     #           advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
     #         },
+    #         account_recovery_setting: {
+    #           recovery_mechanisms: [
+    #             {
+    #               priority: 1, # required
+    #               name: "verified_email", # required, accepts verified_email, verified_phone_number, admin_only
+    #             },
+    #           ],
+    #         },
     #       }
     #
     # @!attribute [rw] user_pool_id
@@ -8789,6 +8877,17 @@ module Aws::CognitoIdentityProvider
     #   `AdvancedSecurityMode` to the value "AUDIT".
     #   @return [Types::UserPoolAddOnsType]
     #
+    # @!attribute [rw] account_recovery_setting
+    #   Use this setting to define which verified available method a user
+    #   can use to recover their password when they call `ForgotPassword`.
+    #   It allows you to define a preferred method when a user has more than
+    #   one method available. With this setting, SMS does not qualify for a
+    #   valid password recovery mechanism if the user also has SMS MFA
+    #   enabled. In the absence of this setting, Cognito uses the legacy
+    #   behavior to determine the recovery method where SMS is preferred
+    #   over email.
+    #   @return [Types::AccountRecoverySettingType]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolRequest AWS API Documentation
     #
     class UpdateUserPoolRequest < Struct.new(
@@ -8807,7 +8906,8 @@ module Aws::CognitoIdentityProvider
       :sms_configuration,
       :user_pool_tags,
       :admin_create_user_config,
-      :user_pool_add_ons)
+      :user_pool_add_ons,
+      :account_recovery_setting)
       include Aws::Structure
     end
 
@@ -9488,6 +9588,17 @@ module Aws::CognitoIdentityProvider
     #   The Amazon Resource Name (ARN) for the user pool.
     #   @return [String]
     #
+    # @!attribute [rw] account_recovery_setting
+    #   Use this setting to define which verified available method a user
+    #   can use to recover their password when they call `ForgotPassword`.
+    #   It allows you to define a preferred method when a user has more than
+    #   one method available. With this setting, SMS does not qualify for a
+    #   valid password recovery mechanism if the user also has SMS MFA
+    #   enabled. In the absence of this setting, Cognito uses the legacy
+    #   behavior to determine the recovery method where SMS is preferred
+    #   over email.
+    #   @return [Types::AccountRecoverySettingType]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolType AWS API Documentation
     #
     class UserPoolType < Struct.new(
@@ -9519,7 +9630,8 @@ module Aws::CognitoIdentityProvider
       :custom_domain,
       :admin_create_user_config,
       :user_pool_add_ons,
-      :arn)
+      :arn,
+      :account_recovery_setting)
       include Aws::Structure
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentityprovider
 version: !ruby/object:Gem::Version
-  version: 1.30.0
+  version: 1.31.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-25 00:00:00.000000000 Z
+date: 2019-11-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core