aws-sdk-cognitoidentityprovider 1.31.0 → 1.36.0

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb

@@ -91,6 +91,7 @@ module Aws::CognitoIdentityProvider
     AuthEventsType = Shapes::ListShape.new(name: 'AuthEventsType')
     AuthFlowType = Shapes::StringShape.new(name: 'AuthFlowType')
     AuthParametersType = Shapes::MapShape.new(name: 'AuthParametersType')
+    AuthParametersValueType = Shapes::StringShape.new(name: 'AuthParametersValueType')
     AuthenticationResultType = Shapes::StructureShape.new(name: 'AuthenticationResultType')
     BlockedIPRangeListType = Shapes::ListShape.new(name: 'BlockedIPRangeListType')
     BooleanType = Shapes::BooleanShape.new(name: 'BooleanType')
@@ -445,6 +446,7 @@ module Aws::CognitoIdentityProvider
     UserType = Shapes::StructureShape.new(name: 'UserType')
     UsernameAttributeType = Shapes::StringShape.new(name: 'UsernameAttributeType')
     UsernameAttributesListType = Shapes::ListShape.new(name: 'UsernameAttributesListType')
+    UsernameConfigurationType = Shapes::StructureShape.new(name: 'UsernameConfigurationType')
     UsernameExistsException = Shapes::StructureShape.new(name: 'UsernameExistsException')
     UsernameType = Shapes::StringShape.new(name: 'UsernameType')
     UsersListType = Shapes::ListShape.new(name: 'UsersListType')
@@ -456,6 +458,7 @@ module Aws::CognitoIdentityProvider
     VerifySoftwareTokenResponseType = Shapes::StringShape.new(name: 'VerifySoftwareTokenResponseType')
     VerifyUserAttributeRequest = Shapes::StructureShape.new(name: 'VerifyUserAttributeRequest')
     VerifyUserAttributeResponse = Shapes::StructureShape.new(name: 'VerifyUserAttributeResponse')
+    WrappedBooleanType = Shapes::BooleanShape.new(name: 'WrappedBooleanType')
 
     AccountRecoverySettingType.add_member(:recovery_mechanisms, Shapes::ShapeRef.new(shape: RecoveryMechanismsType, location_name: "RecoveryMechanisms"))
     AccountRecoverySettingType.struct_class = Types::AccountRecoverySettingType
@@ -746,7 +749,7 @@ module Aws::CognitoIdentityProvider
     AuthEventsType.member = Shapes::ShapeRef.new(shape: AuthEventType)
 
     AuthParametersType.key = Shapes::ShapeRef.new(shape: StringType)
-    AuthParametersType.value = Shapes::ShapeRef.new(shape: StringType)
+    AuthParametersType.value = Shapes::ShapeRef.new(shape: AuthParametersValueType)
 
     AuthenticationResultType.add_member(:access_token, Shapes::ShapeRef.new(shape: TokenModelType, location_name: "AccessToken"))
     AuthenticationResultType.add_member(:expires_in, Shapes::ShapeRef.new(shape: IntegerType, location_name: "ExpiresIn"))
@@ -933,6 +936,7 @@ module Aws::CognitoIdentityProvider
     CreateUserPoolRequest.add_member(:admin_create_user_config, Shapes::ShapeRef.new(shape: AdminCreateUserConfigType, location_name: "AdminCreateUserConfig"))
     CreateUserPoolRequest.add_member(:schema, Shapes::ShapeRef.new(shape: SchemaAttributesListType, location_name: "Schema"))
     CreateUserPoolRequest.add_member(:user_pool_add_ons, Shapes::ShapeRef.new(shape: UserPoolAddOnsType, location_name: "UserPoolAddOns"))
+    CreateUserPoolRequest.add_member(:username_configuration, Shapes::ShapeRef.new(shape: UsernameConfigurationType, location_name: "UsernameConfiguration"))
     CreateUserPoolRequest.add_member(:account_recovery_setting, Shapes::ShapeRef.new(shape: AccountRecoverySettingType, location_name: "AccountRecoverySetting"))
     CreateUserPoolRequest.struct_class = Types::CreateUserPoolRequest
 
@@ -1083,6 +1087,7 @@ module Aws::CognitoIdentityProvider
 
     EventRiskType.add_member(:risk_decision, Shapes::ShapeRef.new(shape: RiskDecisionType, location_name: "RiskDecision"))
     EventRiskType.add_member(:risk_level, Shapes::ShapeRef.new(shape: RiskLevelType, location_name: "RiskLevel"))
+    EventRiskType.add_member(:compromised_credentials_detected, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "CompromisedCredentialsDetected"))
     EventRiskType.struct_class = Types::EventRiskType
 
     ExpiredCodeException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
@@ -1866,6 +1871,7 @@ module Aws::CognitoIdentityProvider
     UserPoolType.add_member(:custom_domain, Shapes::ShapeRef.new(shape: DomainType, location_name: "CustomDomain"))
     UserPoolType.add_member(:admin_create_user_config, Shapes::ShapeRef.new(shape: AdminCreateUserConfigType, location_name: "AdminCreateUserConfig"))
     UserPoolType.add_member(:user_pool_add_ons, Shapes::ShapeRef.new(shape: UserPoolAddOnsType, location_name: "UserPoolAddOns"))
+    UserPoolType.add_member(:username_configuration, Shapes::ShapeRef.new(shape: UsernameConfigurationType, location_name: "UsernameConfiguration"))
     UserPoolType.add_member(:arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "Arn"))
     UserPoolType.add_member(:account_recovery_setting, Shapes::ShapeRef.new(shape: AccountRecoverySettingType, location_name: "AccountRecoverySetting"))
     UserPoolType.struct_class = Types::UserPoolType
@@ -1881,6 +1887,9 @@ module Aws::CognitoIdentityProvider
 
     UsernameAttributesListType.member = Shapes::ShapeRef.new(shape: UsernameAttributeType)
 
+    UsernameConfigurationType.add_member(:case_sensitive, Shapes::ShapeRef.new(shape: WrappedBooleanType, required: true, location_name: "CaseSensitive"))
+    UsernameConfigurationType.struct_class = Types::UsernameConfigurationType
+
     UsernameExistsException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
     UsernameExistsException.struct_class = Types::UsernameExistsException
 

data/lib/aws-sdk-cognitoidentityprovider/errors.rb

@@ -6,6 +6,65 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::CognitoIdentityProvider
+
+  # When CognitoIdentityProvider returns an error response, the Ruby SDK constructs and raises an error.
+  # These errors all extend Aws::CognitoIdentityProvider::Errors::ServiceError < {Aws::Errors::ServiceError}
+  #
+  # You can rescue all CognitoIdentityProvider errors using ServiceError:
+  #
+  #     begin
+  #       # do stuff
+  #     rescue Aws::CognitoIdentityProvider::Errors::ServiceError
+  #       # rescues all CognitoIdentityProvider API errors
+  #     end
+  #
+  #
+  # ## Request Context
+  # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
+  # information about the request that generated the error.
+  # See {Seahorse::Client::RequestContext} for more information.
+  #
+  # ## Error Classes
+  # * {AliasExistsException}
+  # * {CodeDeliveryFailureException}
+  # * {CodeMismatchException}
+  # * {ConcurrentModificationException}
+  # * {DuplicateProviderException}
+  # * {EnableSoftwareTokenMFAException}
+  # * {ExpiredCodeException}
+  # * {GroupExistsException}
+  # * {InternalErrorException}
+  # * {InvalidEmailRoleAccessPolicyException}
+  # * {InvalidLambdaResponseException}
+  # * {InvalidOAuthFlowException}
+  # * {InvalidParameterException}
+  # * {InvalidPasswordException}
+  # * {InvalidSmsRoleAccessPolicyException}
+  # * {InvalidSmsRoleTrustRelationshipException}
+  # * {InvalidUserPoolConfigurationException}
+  # * {LimitExceededException}
+  # * {MFAMethodNotFoundException}
+  # * {NotAuthorizedException}
+  # * {PasswordResetRequiredException}
+  # * {PreconditionNotMetException}
+  # * {ResourceNotFoundException}
+  # * {ScopeDoesNotExistException}
+  # * {SoftwareTokenMFANotFoundException}
+  # * {TooManyFailedAttemptsException}
+  # * {TooManyRequestsException}
+  # * {UnexpectedLambdaException}
+  # * {UnsupportedIdentityProviderException}
+  # * {UnsupportedUserStateException}
+  # * {UserImportInProgressException}
+  # * {UserLambdaValidationException}
+  # * {UserNotConfirmedException}
+  # * {UserNotFoundException}
+  # * {UserPoolAddOnNotEnabledException}
+  # * {UserPoolTaggingException}
+  # * {UsernameExistsException}
+  #
+  # Additionally, error classes are dynamically generated for service errors based on the error code
+  # if they are not defined above.
   module Errors
 
     extend Aws::Errors::DynamicErrors
@@ -23,7 +82,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class CodeDeliveryFailureException < ServiceError
@@ -39,7 +97,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class CodeMismatchException < ServiceError
@@ -55,7 +112,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class ConcurrentModificationException < ServiceError
@@ -71,7 +127,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class DuplicateProviderException < ServiceError
@@ -87,7 +142,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class EnableSoftwareTokenMFAException < ServiceError
@@ -103,7 +157,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class ExpiredCodeException < ServiceError
@@ -119,7 +172,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class GroupExistsException < ServiceError
@@ -135,7 +187,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class InternalErrorException < ServiceError
@@ -151,7 +202,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidEmailRoleAccessPolicyException < ServiceError
@@ -167,7 +217,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidLambdaResponseException < ServiceError
@@ -183,7 +232,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidOAuthFlowException < ServiceError
@@ -199,7 +247,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidParameterException < ServiceError
@@ -215,7 +262,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidPasswordException < ServiceError
@@ -231,7 +277,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidSmsRoleAccessPolicyException < ServiceError
@@ -247,7 +292,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidSmsRoleTrustRelationshipException < ServiceError
@@ -263,7 +307,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidUserPoolConfigurationException < ServiceError
@@ -279,7 +322,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class LimitExceededException < ServiceError
@@ -295,7 +337,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class MFAMethodNotFoundException < ServiceError
@@ -311,7 +352,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class NotAuthorizedException < ServiceError
@@ -327,7 +367,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class PasswordResetRequiredException < ServiceError
@@ -343,7 +382,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class PreconditionNotMetException < ServiceError
@@ -359,7 +397,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class ResourceNotFoundException < ServiceError
@@ -375,7 +412,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class ScopeDoesNotExistException < ServiceError
@@ -391,7 +427,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class SoftwareTokenMFANotFoundException < ServiceError
@@ -407,7 +442,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class TooManyFailedAttemptsException < ServiceError
@@ -423,7 +457,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class TooManyRequestsException < ServiceError
@@ -439,7 +472,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UnexpectedLambdaException < ServiceError
@@ -455,7 +487,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UnsupportedIdentityProviderException < ServiceError
@@ -471,7 +502,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UnsupportedUserStateException < ServiceError
@@ -487,7 +517,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UserImportInProgressException < ServiceError
@@ -503,7 +532,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UserLambdaValidationException < ServiceError
@@ -519,7 +547,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UserNotConfirmedException < ServiceError
@@ -535,7 +562,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UserNotFoundException < ServiceError
@@ -551,7 +577,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UserPoolAddOnNotEnabledException < ServiceError
@@ -567,7 +592,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UserPoolTaggingException < ServiceError
@@ -583,7 +607,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
     class UsernameExistsException < ServiceError
@@ -599,7 +622,6 @@ module Aws::CognitoIdentityProvider
       def message
         @message || @data[:message]
       end
-
     end
 
   end

data/lib/aws-sdk-cognitoidentityprovider/resource.rb

@@ -6,6 +6,7 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::CognitoIdentityProvider
+
   class Resource
 
     # @param options ({})

data/lib/aws-sdk-cognitoidentityprovider/types.rb

@@ -943,7 +943,7 @@ module Aws::CognitoIdentityProvider
     #         client_id: "ClientIdType", # required
     #         auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
     #         auth_parameters: {
-    #           "StringType" => "StringType",
+    #           "StringType" => "AuthParametersValueType",
     #         },
     #         client_metadata: {
     #           "StringType" => "StringType",
@@ -2104,6 +2104,12 @@ module Aws::CognitoIdentityProvider
     # The Amazon Pinpoint analytics configuration for collecting metrics for
     # a user pool.
     #
+    # <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
+    # projects in the US East (N. Virginia) us-east-1 Region, regardless of
+    # the region in which the user pool resides.
+    #
+    #  </note>
+    #
     # @note When making an API call, you may pass AnalyticsConfigurationType
     #   data as a hash:
     #
@@ -2147,6 +2153,12 @@ module Aws::CognitoIdentityProvider
     # An endpoint uniquely identifies a mobile device, email address, or
     # phone number that can receive messages from Amazon Pinpoint analytics.
     #
+    # <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
+    # projects in the US East (N. Virginia) us-east-1 Region, regardless of
+    # the region in which the user pool resides.
+    #
+    #  </note>
+    #
     # @note When making an API call, you may pass AnalyticsMetadataType
     #   data as a hash:
     #
@@ -2940,8 +2952,60 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] provider_details
-    #   The identity provider details, such as `MetadataURL` and
-    #   `MetadataFile`.
+    #   The identity provider details. The following list describes the
+    #   provider detail keys for each identity provider type.
+    #
+    #   * For Google, Facebook and Login with Amazon:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * authorize\_scopes
+    #
+    #   * For Sign in with Apple:
+    #
+    #     * client\_id
+    #
+    #     * team\_id
+    #
+    #     * key\_id
+    #
+    #     * private\_key
+    #
+    #     * authorize\_scopes
+    #
+    #   * For OIDC providers:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * attributes\_request\_method
+    #
+    #     * oidc\_issuer
+    #
+    #     * authorize\_scopes
+    #
+    #     * authorize\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * token\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * attributes\_url *if not available from discovery URL specified
+    #       by oidc\_issuer key*
+    #
+    #     * jwks\_uri *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * authorize\_scopes
+    #
+    #   * For SAML providers:
+    #
+    #     * MetadataFile OR MetadataURL
+    #
+    #     * IDPSignout *optional*
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] attribute_mapping
@@ -3233,29 +3297,41 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
     #
-    #   Set to `token` to specify that the client should get the access
+    #   Set to `implicit` to specify that the client should get the access
     #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get
+    #   the access token (and, optionally, ID token, based on scopes) from
+    #   the token endpoint using a combination of client and client\_secret.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided
+    #   by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
+    #   in Resource Servers are also supported.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_flows_user_pool_client
-    #   Set to `True` if the client is allowed to follow the OAuth protocol
+    #   Set to true if the client is allowed to follow the OAuth protocol
     #   when interacting with Cognito user pools.
     #   @return [Boolean]
     #
     # @!attribute [rw] analytics_configuration
     #   The Amazon Pinpoint analytics configuration for collecting metrics
     #   for this user pool.
+    #
+    #   <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
+    #   projects in the US East (N. Virginia) us-east-1 Region, regardless
+    #   of the region in which the user pool resides.
+    #
+    #    </note>
     #   @return [Types::AnalyticsConfigurationType]
     #
     # @!attribute [rw] prevent_user_existence_errors
@@ -3294,7 +3370,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors`
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
     #
@@ -3484,6 +3560,9 @@ module Aws::CognitoIdentityProvider
     #         user_pool_add_ons: {
     #           advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
     #         },
+    #         username_configuration: {
+    #           case_sensitive: false, # required
+    #         },
     #         account_recovery_setting: {
     #           recovery_mechanisms: [
     #             {
@@ -3597,6 +3676,14 @@ module Aws::CognitoIdentityProvider
     #   `AdvancedSecurityMode` to the value "AUDIT".
     #   @return [Types::UserPoolAddOnsType]
     #
+    # @!attribute [rw] username_configuration
+    #   You can choose to set case sensitivity on the username input for the
+    #   selected sign-in option. For example, when this is set to `False`,
+    #   users will be able to sign in using either "username" or
+    #   "Username". This configuration is immutable once it has been set.
+    #   For more information, see .
+    #   @return [Types::UsernameConfigurationType]
+    #
     # @!attribute [rw] account_recovery_setting
     #   Use this setting to define which verified available method a user
     #   can use to recover their password when they call `ForgotPassword`.
@@ -3637,6 +3724,7 @@ module Aws::CognitoIdentityProvider
       :admin_create_user_config,
       :schema,
       :user_pool_add_ons,
+      :username_configuration,
       :account_recovery_setting)
       include Aws::Structure
     end
@@ -4478,11 +4566,17 @@ module Aws::CognitoIdentityProvider
     #   The risk level.
     #   @return [String]
     #
+    # @!attribute [rw] compromised_credentials_detected
+    #   Indicates whether compromised credentials were detected during an
+    #   authentication event.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/EventRiskType AWS API Documentation
     #
     class EventRiskType < Struct.new(
       :risk_decision,
-      :risk_level)
+      :risk_level,
+      :compromised_credentials_detected)
       include Aws::Structure
     end
 
@@ -5193,8 +5287,60 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] provider_details
-    #   The identity provider details, such as `MetadataURL` and
-    #   `MetadataFile`.
+    #   The identity provider details. The following list describes the
+    #   provider detail keys for each identity provider type.
+    #
+    #   * For Google, Facebook and Login with Amazon:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * authorize\_scopes
+    #
+    #   * For Sign in with Apple:
+    #
+    #     * client\_id
+    #
+    #     * team\_id
+    #
+    #     * key\_id
+    #
+    #     * private\_key
+    #
+    #     * authorize\_scopes
+    #
+    #   * For OIDC providers:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * attributes\_request\_method
+    #
+    #     * oidc\_issuer
+    #
+    #     * authorize\_scopes
+    #
+    #     * authorize\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * token\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * attributes\_url *if not available from discovery URL specified
+    #       by oidc\_issuer key*
+    #
+    #     * jwks\_uri *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * authorize\_scopes
+    #
+    #   * For SAML providers:
+    #
+    #     * MetadataFile OR MetadataURL
+    #
+    #     * IDPSignOut *optional*
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] attribute_mapping
@@ -5236,7 +5382,7 @@ module Aws::CognitoIdentityProvider
     #       {
     #         auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
     #         auth_parameters: {
-    #           "StringType" => "StringType",
+    #           "StringType" => "AuthParametersValueType",
     #         },
     #         client_metadata: {
     #           "StringType" => "StringType",
@@ -7144,7 +7290,21 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] developer_only_attribute
-    #   Specifies whether the attribute type is developer only.
+    #   <note markdown="1"> We recommend that you use [WriteAttributes][1] in the user pool
+    #   client to control how attributes can be mutated for new use cases
+    #   instead of using `DeveloperOnlyAttribute`.
+    #
+    #    </note>
+    #
+    #   Specifies whether the attribute type is developer only. This
+    #   attribute can only be modified by an administrator. Users will not
+    #   be able to modify this attribute using their access token. For
+    #   example, `DeveloperOnlyAttribute` can be modified using the API but
+    #   cannot be updated using the API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserPoolClientType.html#CognitoUserPools-Type-UserPoolClientType-WriteAttributes
     #   @return [Boolean]
     #
     # @!attribute [rw] mutable
@@ -8558,26 +8718,41 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
+    #
+    #   Set to `implicit` to specify that the client should get the access
+    #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get
+    #   the access token (and, optionally, ID token, based on scopes) from
+    #   the token endpoint using a combination of client and client\_secret.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided
+    #   by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
+    #   in Resource Servers are also supported.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_flows_user_pool_client
-    #   Set to TRUE if the client is allowed to follow the OAuth protocol
+    #   Set to true if the client is allowed to follow the OAuth protocol
     #   when interacting with Cognito user pools.
     #   @return [Boolean]
     #
     # @!attribute [rw] analytics_configuration
     #   The Amazon Pinpoint analytics configuration for collecting metrics
     #   for this user pool.
+    #
+    #   <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
+    #   projects in the US East (N. Virginia) us-east-1 Region, regardless
+    #   of the region in which the user pool resides.
+    #
+    #    </note>
     #   @return [Types::AnalyticsConfigurationType]
     #
     # @!attribute [rw] prevent_user_existence_errors
@@ -8616,7 +8791,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors`
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
     #
@@ -9273,29 +9448,41 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
     #
-    #   Set to `token` to specify that the client should get the access
+    #   Set to `implicit` to specify that the client should get the access
     #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get
+    #   the access token (and, optionally, ID token, based on scopes) from
+    #   the token endpoint using a combination of client and client\_secret.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided
+    #   by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
+    #   in Resource Servers are also supported.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_flows_user_pool_client
-    #   Set to TRUE if the client is allowed to follow the OAuth protocol
+    #   Set to true if the client is allowed to follow the OAuth protocol
     #   when interacting with Cognito user pools.
     #   @return [Boolean]
     #
     # @!attribute [rw] analytics_configuration
     #   The Amazon Pinpoint analytics configuration for the user pool
     #   client.
+    #
+    #   <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
+    #   projects in the US East (N. Virginia) us-east-1 Region, regardless
+    #   of the region in which the user pool resides.
+    #
+    #    </note>
     #   @return [Types::AnalyticsConfigurationType]
     #
     # @!attribute [rw] prevent_user_existence_errors
@@ -9334,7 +9521,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors`
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
     #
@@ -9584,6 +9771,14 @@ module Aws::CognitoIdentityProvider
     #   The user pool add-ons.
     #   @return [Types::UserPoolAddOnsType]
     #
+    # @!attribute [rw] username_configuration
+    #   You can choose to enable case sensitivity on the username input for
+    #   the selected sign-in option. For example, when this is set to
+    #   `False`, users will be able to sign in using either "username" or
+    #   "Username". This configuration is immutable once it has been set.
+    #   For more information, see .
+    #   @return [Types::UsernameConfigurationType]
+    #
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) for the user pool.
     #   @return [String]
@@ -9630,6 +9825,7 @@ module Aws::CognitoIdentityProvider
       :custom_domain,
       :admin_create_user_config,
       :user_pool_add_ons,
+      :username_configuration,
       :arn,
       :account_recovery_setting)
       include Aws::Structure
@@ -9696,6 +9892,41 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # The username configuration type.
+    #
+    # @note When making an API call, you may pass UsernameConfigurationType
+    #   data as a hash:
+    #
+    #       {
+    #         case_sensitive: false, # required
+    #       }
+    #
+    # @!attribute [rw] case_sensitive
+    #   Specifies whether username case sensitivity will be applied for all
+    #   users in the user pool through Cognito APIs.
+    #
+    #   Valid values include:
+    #
+    #   * <b> <code>True</code> </b>\: Enables case sensitivity for all
+    #     username input. When this option is set to `True`, users must sign
+    #     in using the exact capitalization of their given username. For
+    #     example, “UserName”. This is the default value.
+    #
+    #   * <b> <code>False</code> </b>\: Enables case insensitivity for all
+    #     username input. For example, when this option is set to `False`,
+    #     users will be able to sign in using either "username" or
+    #     "Username". This option also enables both `preferred_username`
+    #     and `email` alias to be case insensitive, in addition to the
+    #     `username` attribute.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UsernameConfigurationType AWS API Documentation
+    #
+    class UsernameConfigurationType < Struct.new(
+      :case_sensitive)
+      include Aws::Structure
+    end
+
     # This exception is thrown when Amazon Cognito encounters a user name
     # that already exists in the user pool.
     #