aws-sdk-cognitoidentityprovider 1.31.0 → 1.36.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 578f7d94326ca7c6330d2fe103763deab0ac2a0e
-  data.tar.gz: 827cb1755e2cacca7d4e20b308b41c3225bf160b
+SHA256:
+  metadata.gz: f3cabfe2f83422710ee9a722d7265330a262ab979fd344e149d843d0271e818b
+  data.tar.gz: 71f795792b804f33790eecd112c4568d97e8fd5f6c13213532419af28add22ff
 SHA512:
-  metadata.gz: 6bb8b9eb46d02d64cf7b185c5f4ac8efd88b1ea4fac04f94a66b26c8a6104b50f916828628f04b07196fdb3c26f6911a5d0588736ab459a52079edfb781e9651
-  data.tar.gz: 8a82815bc9182b9267c9c5b8e16208108963990e737ee6b2707dd6052d20ec9f312c3cb7fc96f7ec684e4e0f845d89e7bda62007c2fa91431cf6062ede5f66b6
+  metadata.gz: dc59315647b9aceabcc662247421b226318d63063ab6a386a4962c9850622cf3d6b0b4e36741d9accfcbeb5b383c0b8a03daa9bef8b8e89bc014d820a886056a
+  data.tar.gz: 7116ed411ace31fb7bbf60cb8972a11e9dd654732aa8ada8df6124d3f8c14292e2b31691d7a48d3cb9d05ffa48b3355989c2c171284fc080d9e9e3024474d26c

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -24,17 +24,20 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # methods each accept a hash of request parameters and return a response
 # structure.
 #
+#     cognito_identity_provider = Aws::CognitoIdentityProvider::Client.new
+#     resp = cognito_identity_provider.add_custom_attributes(params)
+#
 # See {Client} for more information.
 #
 # # Errors
 #
-# Errors returned from Amazon Cognito Identity Provider all
-# extend {Errors::ServiceError}.
+# Errors returned from Amazon Cognito Identity Provider are defined in the
+# {Errors} module and all extend {Errors::ServiceError}.
 #
 #     begin
 #       # do stuff
 #     rescue Aws::CognitoIdentityProvider::Errors::ServiceError
-#       # rescues all service API errors
+#       # rescues all Amazon Cognito Identity Provider API errors
 #     end
 #
 # See {Errors} for more information.
@@ -42,6 +45,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # @service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.31.0'
+  GEM_VERSION = '1.36.0'
 
 end

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -30,6 +30,18 @@ require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 Aws::Plugins::GlobalConfiguration.add_identifier(:cognitoidentityprovider)
 
 module Aws::CognitoIdentityProvider
+  # An API client for CognitoIdentityProvider.  To construct a client, you need to configure a `:region` and `:credentials`.
+  #
+  #     client = Aws::CognitoIdentityProvider::Client.new(
+  #       region: region_name,
+  #       credentials: credentials,
+  #       # ...
+  #     )
+  #
+  # For details on configuring region and credentials see
+  # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
+  #
+  # See {#initialize} for a full list of supported configuration options.
   class Client < Seahorse::Client::Base
 
     include Aws::ClientStubs
@@ -93,7 +105,7 @@ module Aws::CognitoIdentityProvider
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
     #     used to determine the service `:endpoint`. When not passed,
-    #     a default `:region` is search for in the following locations:
+    #     a default `:region` is searched for in the following locations:
     #
     #     * `Aws.config[:region]`
     #     * `ENV['AWS_REGION']`
@@ -108,6 +120,12 @@ module Aws::CognitoIdentityProvider
     #     When set to `true`, a thread polling for endpoints will be running in
     #     the background every 60 secs (default). Defaults to `false`.
     #
+    #   @option options [Boolean] :adaptive_retry_wait_to_fill (true)
+    #     Used only in `adaptive` retry mode.  When true, the request will sleep
+    #     until there is sufficent client side capacity to retry the request.
+    #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
+    #     not retry instead of sleeping.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -132,6 +150,10 @@ module Aws::CognitoIdentityProvider
     #     When `true`, an attempt is made to coerce request parameters into
     #     the required types.
     #
+    #   @option options [Boolean] :correct_clock_skew (true)
+    #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
+    #     a clock skew correction and retry requests with skewed client clocks.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
@@ -139,7 +161,7 @@ module Aws::CognitoIdentityProvider
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
-    #     to test endpoints. This should be avalid HTTP(S) URI.
+    #     to test endpoints. This should be a valid HTTP(S) URI.
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -154,7 +176,7 @@ module Aws::CognitoIdentityProvider
     #     requests fetching endpoints information. Defaults to 60 sec.
     #
     #   @option options [Boolean] :endpoint_discovery (false)
-    #     When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
+    #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
@@ -166,15 +188,29 @@ module Aws::CognitoIdentityProvider
     #     The Logger instance to send log messages to.  If this option
     #     is not set, logging will be disabled.
     #
+    #   @option options [Integer] :max_attempts (3)
+    #     An integer representing the maximum number attempts that will be made for
+    #     a single request, including the initial attempt.  For example,
+    #     setting this value to 5 will result in a request being retried up to
+    #     4 times. Used in `standard` and `adaptive` retry modes.
+    #
     #   @option options [String] :profile ("default")
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [Proc] :retry_backoff
+    #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
+    #     This option is only used in the `legacy` retry mode.
+    #
     #   @option options [Float] :retry_base_delay (0.3)
-    #     The base delay in seconds used by the default backoff function.
+    #     The base delay in seconds used by the default backoff function. This option
+    #     is only used in the `legacy` retry mode.
     #
     #   @option options [Symbol] :retry_jitter (:none)
-    #     A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number.
+    #     A delay randomiser function used by the default backoff function.
+    #     Some predefined functions can be referenced by name - :none, :equal, :full,
+    #     otherwise a Proc that takes and returns a number. This option is only used
+    #     in the `legacy` retry mode.
     #
     #     @see https://www.awsarchitectureblog.com/2015/03/backoff.html
     #
@@ -182,11 +218,30 @@ module Aws::CognitoIdentityProvider
     #     The maximum number of times to retry failed requests.  Only
     #     ~ 500 level server errors and certain ~ 400 level client errors
     #     are retried.  Generally, these are throttling errors, data
-    #     checksum errors, networking errors, timeout errors and auth
-    #     errors from expired credentials.
+    #     checksum errors, networking errors, timeout errors, auth errors,
+    #     endpoint discovery, and errors from expired credentials.
+    #     This option is only used in the `legacy` retry mode.
     #
     #   @option options [Integer] :retry_max_delay (0)
-    #     The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function.
+    #     The maximum number of seconds to delay between retries (0 for no limit)
+    #     used by the default backoff function. This option is only used in the
+    #     `legacy` retry mode.
+    #
+    #   @option options [String] :retry_mode ("legacy")
+    #     Specifies which retry algorithm to use. Values are:
+    #
+    #     * `legacy` - The pre-existing retry behavior.  This is default value if
+    #       no retry mode is provided.
+    #
+    #     * `standard` - A standardized set of retry rules across the AWS SDKs.
+    #       This includes support for retry quotas, which limit the number of
+    #       unsuccessful retries a client can make.
+    #
+    #     * `adaptive` - An experimental retry mode that includes all the
+    #       functionality of `standard` mode along with automatic client side
+    #       throttling.  This is a provisional mode that may change behavior
+    #       in the future.
+    #
     #
     #   @option options [String] :secret_access_key
     #
@@ -219,16 +274,15 @@ module Aws::CognitoIdentityProvider
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
     #   @option options [Float] :http_open_timeout (15) The number of
-    #     seconds to wait when opening a HTTP session before rasing a
+    #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
     #   @option options [Integer] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
-    #     safely be set
-    #     per-request on the session yeidled by {#session_for}.
+    #     safely be set per-request on the session.
     #
     #   @option options [Float] :http_idle_timeout (5) The number of
-    #     seconds a connection is allowed to sit idble before it is
+    #     seconds a connection is allowed to sit idle before it is
     #     considered stale.  Stale connections are closed and removed
     #     from the pool before making a request.
     #
@@ -237,7 +291,7 @@ module Aws::CognitoIdentityProvider
     #     request body.  This option has no effect unless the request has
     #     "Expect" header set to "100-continue".  Defaults to `nil` which
     #     disables this behaviour.  This value can safely be set per
-    #     request on the session yeidled by {#session_for}.
+    #     request on the session.
     #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
@@ -1086,7 +1140,7 @@ module Aws::CognitoIdentityProvider
     #     client_id: "ClientIdType", # required
     #     auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
     #     auth_parameters: {
-    #       "StringType" => "StringType",
+    #       "StringType" => "AuthParametersValueType",
     #     },
     #     client_metadata: {
     #       "StringType" => "StringType",
@@ -1300,6 +1354,8 @@ module Aws::CognitoIdentityProvider
     #   * {Types::AdminListGroupsForUserResponse#groups #groups} => Array&lt;Types::GroupType&gt;
     #   * {Types::AdminListGroupsForUserResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.admin_list_groups_for_user({
@@ -1350,6 +1406,8 @@ module Aws::CognitoIdentityProvider
     #   * {Types::AdminListUserAuthEventsResponse#auth_events #auth_events} => Array&lt;Types::AuthEventType&gt;
     #   * {Types::AdminListUserAuthEventsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.admin_list_user_auth_events({
@@ -1368,6 +1426,7 @@ module Aws::CognitoIdentityProvider
     #   resp.auth_events[0].event_response #=> String, one of "Success", "Failure"
     #   resp.auth_events[0].event_risk.risk_decision #=> String, one of "NoRisk", "AccountTakeover", "Block"
     #   resp.auth_events[0].event_risk.risk_level #=> String, one of "Low", "Medium", "High"
+    #   resp.auth_events[0].event_risk.compromised_credentials_detected #=> Boolean
     #   resp.auth_events[0].challenge_responses #=> Array
     #   resp.auth_events[0].challenge_responses[0].challenge_name #=> String, one of "Password", "Mfa"
     #   resp.auth_events[0].challenge_responses[0].challenge_response #=> String, one of "Success", "Failure"
@@ -2380,8 +2439,60 @@ module Aws::CognitoIdentityProvider
     #   The identity provider type.
     #
     # @option params [required, Hash<String,String>] :provider_details
-    #   The identity provider details, such as `MetadataURL` and
-    #   `MetadataFile`.
+    #   The identity provider details. The following list describes the
+    #   provider detail keys for each identity provider type.
+    #
+    #   * For Google, Facebook and Login with Amazon:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * authorize\_scopes
+    #
+    #   * For Sign in with Apple:
+    #
+    #     * client\_id
+    #
+    #     * team\_id
+    #
+    #     * key\_id
+    #
+    #     * private\_key
+    #
+    #     * authorize\_scopes
+    #
+    #   * For OIDC providers:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * attributes\_request\_method
+    #
+    #     * oidc\_issuer
+    #
+    #     * authorize\_scopes
+    #
+    #     * authorize\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * token\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * attributes\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * jwks\_uri *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * authorize\_scopes
+    #
+    #   * For SAML providers:
+    #
+    #     * MetadataFile OR MetadataURL
+    #
+    #     * IDPSignout *optional*
     #
     # @option params [Hash<String,String>] :attribute_mapping
     #   A mapping of identity provider attributes to standard and custom user
@@ -2623,6 +2734,13 @@ module Aws::CognitoIdentityProvider
     #   Used to enable advanced security risk detection. Set the key
     #   `AdvancedSecurityMode` to the value "AUDIT".
     #
+    # @option params [Types::UsernameConfigurationType] :username_configuration
+    #   You can choose to set case sensitivity on the username input for the
+    #   selected sign-in option. For example, when this is set to `False`,
+    #   users will be able to sign in using either "username" or
+    #   "Username". This configuration is immutable once it has been set.
+    #   For more information, see .
+    #
     # @option params [Types::AccountRecoverySettingType] :account_recovery_setting
     #   Use this setting to define which verified available method a user can
     #   use to recover their password when they call `ForgotPassword`. It
@@ -2731,6 +2849,9 @@ module Aws::CognitoIdentityProvider
     #     user_pool_add_ons: {
     #       advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
     #     },
+    #     username_configuration: {
+    #       case_sensitive: false, # required
+    #     },
     #     account_recovery_setting: {
     #       recovery_mechanisms: [
     #         {
@@ -2813,6 +2934,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
     #   resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
+    #   resp.user_pool.username_configuration.case_sensitive #=> Boolean
     #   resp.user_pool.arn #=> String
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms[0].priority #=> Integer
@@ -2941,27 +3063,39 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://tools.ietf.org/html/rfc6749#section-3.1.2
     #
     # @option params [Array<String>] :allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
     #
-    #   Set to `token` to specify that the client should get the access token
-    #   (and, optionally, ID token, based on scopes) directly.
+    #   Set to `implicit` to specify that the client should get the access
+    #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get the
+    #   access token (and, optionally, ID token, based on scopes) from the
+    #   token endpoint using a combination of client and client\_secret.
     #
     # @option params [Array<String>] :allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided by
+    #   AWS are: `aws.cognito.signin.user.admin`. Custom scopes created in
+    #   Resource Servers are also supported.
     #
     # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
-    #   Set to `True` if the client is allowed to follow the OAuth protocol
-    #   when interacting with Cognito user pools.
+    #   Set to true if the client is allowed to follow the OAuth protocol when
+    #   interacting with Cognito user pools.
     #
     # @option params [Types::AnalyticsConfigurationType] :analytics_configuration
     #   The Amazon Pinpoint analytics configuration for collecting metrics for
     #   this user pool.
     #
+    #   <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
+    #   projects in the US East (N. Virginia) us-east-1 Region, regardless of
+    #   the region in which the user pool resides.
+    #
+    #    </note>
+    #
     # @option params [String] :prevent_user_existence_errors
     #   Use this setting to choose which errors and responses are returned by
     #   Cognito APIs during authentication, account confirmation, and password
@@ -2998,9 +3132,9 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors` will
-    #   default to `ENABLED` for newly created user pool clients if no value
-    #   is provided.
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
+    #   will default to `ENABLED` for newly created user pool clients if no
+    #   value is provided.
     #
     #    </note>
     #
@@ -3604,6 +3738,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
     #   resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
+    #   resp.user_pool.username_configuration.case_sensitive #=> Boolean
     #   resp.user_pool.arn #=> String
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms[0].priority #=> Integer
@@ -3743,13 +3878,13 @@ module Aws::CognitoIdentityProvider
 
     # Calling this API causes a message to be sent to the end user with a
     # confirmation code that is required to change the user's password. For
-    # the `Username` parameter, you can use the username or user alias. If a
-    # verified phone number exists for the user, the confirmation code is
-    # sent to the phone number. Otherwise, if a verified email exists, the
-    # confirmation code is sent to the email. If neither a verified phone
-    # number nor a verified email exists, `InvalidParameterException` is
-    # thrown. To use the confirmation code for resetting the password, call
-    # .
+    # the `Username` parameter, you can use the username or user alias. The
+    # method used to send the confirmation code is sent according to the
+    # specified AccountRecoverySetting. For more information, see
+    # [Recovering User Accounts]() in the *Amazon Cognito Developer Guide*.
+    # If neither a verified phone number nor a verified email exists, an
+    # `InvalidParameterException` is thrown. To use the confirmation code
+    # for resetting the password, call .
     #
     # @option params [required, String] :client_id
     #   The ID of the client associated with the user pool.
@@ -4389,7 +4524,7 @@ module Aws::CognitoIdentityProvider
     #   resp = client.initiate_auth({
     #     auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
     #     auth_parameters: {
-    #       "StringType" => "StringType",
+    #       "StringType" => "AuthParametersValueType",
     #     },
     #     client_metadata: {
     #       "StringType" => "StringType",
@@ -4491,6 +4626,8 @@ module Aws::CognitoIdentityProvider
     #   * {Types::ListGroupsResponse#groups #groups} => Array&lt;Types::GroupType&gt;
     #   * {Types::ListGroupsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_groups({
@@ -4536,6 +4673,8 @@ module Aws::CognitoIdentityProvider
     #   * {Types::ListIdentityProvidersResponse#providers #providers} => Array&lt;Types::ProviderDescription&gt;
     #   * {Types::ListIdentityProvidersResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_identity_providers({
@@ -4578,6 +4717,8 @@ module Aws::CognitoIdentityProvider
     #   * {Types::ListResourceServersResponse#resource_servers #resource_servers} => Array&lt;Types::ResourceServerType&gt;
     #   * {Types::ListResourceServersResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_resource_servers({
@@ -4716,6 +4857,8 @@ module Aws::CognitoIdentityProvider
     #   * {Types::ListUserPoolClientsResponse#user_pool_clients #user_pool_clients} => Array&lt;Types::UserPoolClientDescription&gt;
     #   * {Types::ListUserPoolClientsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_user_pool_clients({
@@ -4757,6 +4900,8 @@ module Aws::CognitoIdentityProvider
     #   * {Types::ListUserPoolsResponse#user_pools #user_pools} => Array&lt;Types::UserPoolDescriptionType&gt;
     #   * {Types::ListUserPoolsResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_user_pools({
@@ -4870,6 +5015,8 @@ module Aws::CognitoIdentityProvider
     #   * {Types::ListUsersResponse#users #users} => Array&lt;Types::UserType&gt;
     #   * {Types::ListUsersResponse#pagination_token #pagination_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_users({
@@ -4928,6 +5075,8 @@ module Aws::CognitoIdentityProvider
     #   * {Types::ListUsersInGroupResponse#users #users} => Array&lt;Types::UserType&gt;
     #   * {Types::ListUsersInGroupResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_users_in_group({
@@ -6414,24 +6563,39 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://tools.ietf.org/html/rfc6749#section-3.1.2
     #
     # @option params [Array<String>] :allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
     #
+    #   Set to `implicit` to specify that the client should get the access
+    #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get the
+    #   access token (and, optionally, ID token, based on scopes) from the
+    #   token endpoint using a combination of client and client\_secret.
+    #
     # @option params [Array<String>] :allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided by
+    #   AWS are: `aws.cognito.signin.user.admin`. Custom scopes created in
+    #   Resource Servers are also supported.
     #
     # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
-    #   Set to TRUE if the client is allowed to follow the OAuth protocol when
+    #   Set to true if the client is allowed to follow the OAuth protocol when
     #   interacting with Cognito user pools.
     #
     # @option params [Types::AnalyticsConfigurationType] :analytics_configuration
     #   The Amazon Pinpoint analytics configuration for collecting metrics for
     #   this user pool.
     #
+    #   <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
+    #   projects in the US East (N. Virginia) us-east-1 Region, regardless of
+    #   the region in which the user pool resides.
+    #
+    #    </note>
+    #
     # @option params [String] :prevent_user_existence_errors
     #   Use this setting to choose which errors and responses are returned by
     #   Cognito APIs during authentication, account confirmation, and password
@@ -6468,9 +6632,9 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors` will
-    #   default to `ENABLED` for newly created user pool clients if no value
-    #   is provided.
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
+    #   will default to `ENABLED` for newly created user pool clients if no
+    #   value is provided.
     #
     #    </note>
     #
@@ -6713,7 +6877,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.31.0'
+      context[:gem_version] = '1.36.0'
       Seahorse::Client::Request.new(handlers, context)
     end