aws-sdk-cognitoidentityprovider 1.38.0 → 1.43.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cedefff3ce398b72dfd48fc26fd488871abf918c253a38ca7314b7892b037470
-  data.tar.gz: f32968ce666c0ae289de5b65beaadfca4aab47b877476dcfeef5df770cfd3b8c
+  metadata.gz: 7b6ac655b806a0dc5a6704b845c9fbe080aa79366883d8dc5aa6803140571271
+  data.tar.gz: 18d558b605615d5c11b1fb2c96dc413942e7b84d7a02120470c90dd52922ddb5
 SHA512:
-  metadata.gz: 94a02822bc950fe7035156c80e0fc7cf879606b5c1724aa73a541cc45f94ce2a39accd54c326119b71586f1bd31f3d9ef3cf4272c8db7b5a02a8614ceafc7373
-  data.tar.gz: 3cbce75512e4969a5d935319a6969c9f49df08762f87adde4e02a13fbd1e3cd220a02ac3e0ccf87dba838ea909a2ff843dbb70deb76acf98b6bf72f25ec5d322
+  metadata.gz: 128c94db366737299919700d2691680916cca0411192984a7159d70f5040824bc38f4e189c138bc38f41cac0772c101fdceb53a93a2059fca290e6df7961d2f9
+  data.tar.gz: 0b4da76cd9964e0f7799fb0813c5af0c2d4c72cca42acbbbeb157261be7df8acb50952c57353bf15f05d8b6223cb6d01a04c1f31ece78f56973effbe8e5651f8

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -45,6 +47,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # @service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.38.0'
+  GEM_VERSION = '1.43.0'
 
 end

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -469,19 +471,18 @@ module Aws::CognitoIdentityProvider
     # If `MessageAction` is not set, the default is to send a welcome
     # message via email or phone (SMS).
     #
-    # <note markdown="1"> This message is based on a template that you configured in your call
-    # to or . This template includes your custom sign-up instructions and
-    # placeholders for user name and temporary password.
-    #
-    #  </note>
+    # This message is based on a template that you configured in your call
+    # to create or update a user pool. This template includes your custom
+    # sign-up instructions and placeholders for user name and temporary
+    # password.
     #
-    # Alternatively, you can call AdminCreateUser with “SUPPRESS” for the
+    # Alternatively, you can call `AdminCreateUser` with “SUPPRESS” for the
     # `MessageAction` parameter, and Amazon Cognito will not send any email.
     #
     # In either case, the user will be in the `FORCE_CHANGE_PASSWORD` state
     # until they sign in and change their password.
     #
-    # AdminCreateUser requires developer credentials.
+    # `AdminCreateUser` requires developer credentials.
     #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool where the user will be created.
@@ -495,10 +496,10 @@ module Aws::CognitoIdentityProvider
     #   An array of name-value pairs that contain user attributes and
     #   attribute values to be set for the user to be created. You can create
     #   a user without specifying any attributes other than `Username`.
-    #   However, any attributes that you specify as required (in or in the
-    #   **Attributes** tab of the console) must be supplied either by you (in
-    #   your call to `AdminCreateUser`) or by the user (when he or she signs
-    #   up in response to your welcome message).
+    #   However, any attributes that you specify as required (when creating a
+    #   user pool or in the **Attributes** tab of the console) must be
+    #   supplied either by you (in your call to `AdminCreateUser`) or by the
+    #   user (when he or she signs up in response to your welcome message).
     #
     #   For custom attributes, you must prepend the `custom:` prefix to the
     #   attribute name.
@@ -510,7 +511,8 @@ module Aws::CognitoIdentityProvider
     #
     #   In your call to `AdminCreateUser`, you can set the `email_verified`
     #   attribute to `True`, and you can set the `phone_number_verified`
-    #   attribute to `True`. (You can also do this by calling .)
+    #   attribute to `True`. (You can also do this by calling
+    #   [AdminUpdateUserAttributes][1].)
     #
     #   * **email**\: The email address of the user to whom the message that
     #     contains the code and username will be sent. Required if the
@@ -522,6 +524,10 @@ module Aws::CognitoIdentityProvider
     #     `phone_number_verified` attribute is set to `True`, or if `"SMS"` is
     #     specified in the `DesiredDeliveryMediums` parameter.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
+    #
     # @option params [Array<Types::AttributeType>] :validation_data
     #   The user's validation data. This is an array of name-value pairs that
     #   contain user attributes and attribute values that you can use for
@@ -743,7 +749,7 @@ module Aws::CognitoIdentityProvider
     # IdP user, any link between that user and an existing user is removed.
     # The next time the external user (no longer attached to the previously
     # linked `DestinationUser`) signs in, they must create a new user
-    # account. See .
+    # account. See [AdminLinkProviderForUser][1].
     #
     # This action is enabled only for admin access and requires developer
     # credentials.
@@ -764,12 +770,16 @@ module Aws::CognitoIdentityProvider
     # For de-linking a SAML identity, there are two scenarios. If the linked
     # identity has not yet been used to sign-in, the `ProviderAttributeName`
     # and `ProviderAttributeValue` must be the same values that were used
-    # for the `SourceUser` when the identities were originally linked in the
-    # call. (If the linking was done with `ProviderAttributeName` set to
-    # `Cognito_Subject`, the same applies here). However, if the user has
-    # already signed in, the `ProviderAttributeName` must be
-    # `Cognito_Subject` and `ProviderAttributeValue` must be the subject of
-    # the SAML assertion.
+    # for the `SourceUser` when the identities were originally linked using
+    # ` AdminLinkProviderForUser` call. (If the linking was done with
+    # `ProviderAttributeName` set to `Cognito_Subject`, the same applies
+    # here). However, if the user has already signed in, the
+    # `ProviderAttributeName` must be `Cognito_Subject` and
+    # `ProviderAttributeValue` must be the subject of the SAML assertion.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
     #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool.
@@ -1043,18 +1053,20 @@ module Aws::CognitoIdentityProvider
     #
     #   * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`.
     #
     #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`.
     #
     #   * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
     #     app client is configured with client secret), `PASSWORD` (required),
-    #     `DEVICE_KEY`
+    #     `DEVICE_KEY`.
     #
     #   * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
-    #     client is configured with client secret), `DEVICE_KEY`
+    #     client is configured with client secret), `DEVICE_KEY`. To start the
+    #     authentication flow with password verification, include
+    #     `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for
@@ -1200,13 +1212,15 @@ module Aws::CognitoIdentityProvider
     # that when the federated user identity is used, the user signs in as
     # the existing user account.
     #
+    # <note markdown="1"> The maximum number of federated identities linked to a user is 5.
+    #
+    #  </note>
+    #
     # Because this API allows a user with an external federated identity to
     # sign in as an existing user in the user pool, it is critical that it
     # only be used with external identity providers and provider attributes
     # that have been trusted by the application owner.
     #
-    # See also .
-    #
     # This action is enabled only for admin access and requires developer
     # credentials.
     #
@@ -1576,7 +1590,11 @@ module Aws::CognitoIdentityProvider
     #   The app client ID.
     #
     # @option params [required, String] :challenge_name
-    #   The challenge name. For more information, see .
+    #   The challenge name. For more information, see [AdminInitiateAuth][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
     #
     # @option params [Hash<String,String>] :challenge_responses
     #   The challenge responses. These are inputs corresponding to the value
@@ -1814,9 +1832,13 @@ module Aws::CognitoIdentityProvider
 
     # *This action is no longer supported.* You can use it to configure only
     # SMS MFA. You can't use it to configure TOTP software token MFA. To
-    # configure either type of MFA, use the AdminSetUserMFAPreference action
+    # configure either type of MFA, use [AdminSetUserMFAPreference][1]
     # instead.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html
+    #
     # @option params [required, String] :user_pool_id
     #   The ID of the user pool that contains the user that you are setting
     #   options for.
@@ -2174,7 +2196,11 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [required, String] :confirmation_code
     #   The confirmation code sent by a user's request to retrieve a
-    #   forgotten password. For more information, see
+    #   forgotten password. For more information, see [ForgotPassword][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
     #
     # @option params [required, String] :password
     #   The password sent by a user's request to retrieve a forgotten
@@ -2444,7 +2470,7 @@ module Aws::CognitoIdentityProvider
     #   The identity provider details. The following list describes the
     #   provider detail keys for each identity provider type.
     #
-    #   * For Google, Facebook and Login with Amazon:
+    #   * For Google and Login with Amazon:
     #
     #     * client\_id
     #
@@ -2452,6 +2478,16 @@ module Aws::CognitoIdentityProvider
     #
     #     * authorize\_scopes
     #
+    #   * For Facebook:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * authorize\_scopes
+    #
+    #     * api\_version
+    #
     #   * For Sign in with Apple:
     #
     #     * client\_id
@@ -2488,8 +2524,6 @@ module Aws::CognitoIdentityProvider
     #     * jwks\_uri *if not available from discovery URL specified by
     #       oidc\_issuer key*
     #
-    #     * authorize\_scopes
-    #
     #   * For SAML providers:
     #
     #     * MetadataFile OR MetadataURL
@@ -2741,7 +2775,11 @@ module Aws::CognitoIdentityProvider
     #   selected sign-in option. For example, when this is set to `False`,
     #   users will be able to sign in using either "username" or
     #   "Username". This configuration is immutable once it has been set.
-    #   For more information, see .
+    #   For more information, see [UsernameConfigurationType][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html
     #
     # @option params [Types::AccountRecoverySettingType] :account_recovery_setting
     #   Use this setting to define which verified available method a user can
@@ -2752,12 +2790,6 @@ module Aws::CognitoIdentityProvider
     #   the absence of this setting, Cognito uses the legacy behavior to
     #   determine the recovery method where SMS is preferred over email.
     #
-    #   <note markdown="1"> Starting February 1, 2020, the value of `AccountRecoverySetting` will
-    #   default to `verified_email` first and `verified_phone_number` as the
-    #   second option for newly created user pools if no value is provided.
-    #
-    #    </note>
-    #
     # @return [Types::CreateUserPoolResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateUserPoolResponse#user_pool #user_pool} => Types::UserPoolType
@@ -2968,6 +3000,20 @@ module Aws::CognitoIdentityProvider
     #   The time limit, in days, after which the refresh token is no longer
     #   valid and cannot be used.
     #
+    # @option params [Integer] :access_token_validity
+    #   The time limit, between 5 minutes and 1 day, after which the access
+    #   token is no longer valid and cannot be used. This value will be
+    #   overridden if you have entered a value in TokenValidityUnits.
+    #
+    # @option params [Integer] :id_token_validity
+    #   The time limit, between 5 minutes and 1 day, after which the ID token
+    #   is no longer valid and cannot be used. This value will be overridden
+    #   if you have entered a value in TokenValidityUnits.
+    #
+    # @option params [Types::TokenValidityUnitsType] :token_validity_units
+    #   The units in which the validity times are represented in. Default for
+    #   RefreshToken is days, and default for ID and access tokens are hours.
+    #
     # @option params [Array<String>] :read_attributes
     #   The read attributes.
     #
@@ -3092,9 +3138,10 @@ module Aws::CognitoIdentityProvider
     #   The Amazon Pinpoint analytics configuration for collecting metrics for
     #   this user pool.
     #
-    #   <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
-    #   projects in the US East (N. Virginia) us-east-1 Region, regardless of
-    #   the region in which the user pool resides.
+    #   <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
+    #   supports sending events to Amazon Pinpoint projects in us-east-1. In
+    #   regions where Pinpoint is available, Cognito User Pools will support
+    #   sending events to Amazon Pinpoint projects within that same region.
     #
     #    </note>
     #
@@ -3116,24 +3163,6 @@ module Aws::CognitoIdentityProvider
     #   * `LEGACY` - This represents the old behavior of Cognito where user
     #     existence related errors are not prevented.
     #
-    #   This setting affects the behavior of following APIs:
-    #
-    #   * AdminInitiateAuth
-    #
-    #   * AdminRespondToAuthChallenge
-    #
-    #   * InitiateAuth
-    #
-    #   * RespondToAuthChallenge
-    #
-    #   * ForgotPassword
-    #
-    #   * ConfirmForgotPassword
-    #
-    #   * ConfirmSignUp
-    #
-    #   * ResendConfirmationCode
-    #
     #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
@@ -3151,6 +3180,13 @@ module Aws::CognitoIdentityProvider
     #     client_name: "ClientNameType", # required
     #     generate_secret: false,
     #     refresh_token_validity: 1,
+    #     access_token_validity: 1,
+    #     id_token_validity: 1,
+    #     token_validity_units: {
+    #       access_token: "seconds", # accepts seconds, minutes, hours, days
+    #       id_token: "seconds", # accepts seconds, minutes, hours, days
+    #       refresh_token: "seconds", # accepts seconds, minutes, hours, days
+    #     },
     #     read_attributes: ["ClientPermissionType"],
     #     write_attributes: ["ClientPermissionType"],
     #     explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
@@ -3179,6 +3215,11 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.last_modified_date #=> Time
     #   resp.user_pool_client.creation_date #=> Time
     #   resp.user_pool_client.refresh_token_validity #=> Integer
+    #   resp.user_pool_client.access_token_validity #=> Integer
+    #   resp.user_pool_client.id_token_validity #=> Integer
+    #   resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
     #   resp.user_pool_client.read_attributes #=> Array
     #   resp.user_pool_client.read_attributes[0] #=> String
     #   resp.user_pool_client.write_attributes #=> Array
@@ -3784,6 +3825,11 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.last_modified_date #=> Time
     #   resp.user_pool_client.creation_date #=> Time
     #   resp.user_pool_client.refresh_token_validity #=> Integer
+    #   resp.user_pool_client.access_token_validity #=> Integer
+    #   resp.user_pool_client.id_token_validity #=> Integer
+    #   resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
     #   resp.user_pool_client.read_attributes #=> Array
     #   resp.user_pool_client.read_attributes[0] #=> String
     #   resp.user_pool_client.write_attributes #=> Array
@@ -3883,10 +3929,15 @@ module Aws::CognitoIdentityProvider
     # the `Username` parameter, you can use the username or user alias. The
     # method used to send the confirmation code is sent according to the
     # specified AccountRecoverySetting. For more information, see
-    # [Recovering User Accounts]() in the *Amazon Cognito Developer Guide*.
+    # [Recovering User Accounts][1] in the *Amazon Cognito Developer Guide*.
     # If neither a verified phone number nor a verified email exists, an
     # `InvalidParameterException` is thrown. To use the confirmation code
-    # for resetting the password, call .
+    # for resetting the password, call [ConfirmForgotPassword][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html
+    # [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html
     #
     # @option params [required, String] :client_id
     #   The ID of the client associated with the user pool.
@@ -4430,14 +4481,16 @@ module Aws::CognitoIdentityProvider
     #
     #   * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`.
     #
     #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`.
     #
     #   * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
-    #     client is configured with client secret), `DEVICE_KEY`
+    #     client is configured with client secret), `DEVICE_KEY`. To start the
+    #     authentication flow with password verification, include
+    #     `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for
@@ -5217,10 +5270,14 @@ module Aws::CognitoIdentityProvider
     #   The app client ID.
     #
     # @option params [required, String] :challenge_name
-    #   The challenge name. For more information, see .
+    #   The challenge name. For more information, see [InitiateAuth][1].
     #
     #   `ADMIN_NO_SRP_AUTH` is not a valid value.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
+    #
     # @option params [String] :session
     #   The session which should be passed both ways in challenge-response
     #   calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
@@ -5361,8 +5418,6 @@ module Aws::CognitoIdentityProvider
     # To enable Amazon Cognito advanced security features, update the user
     # pool to include the `UserPoolAddOns` key`AdvancedSecurityMode`.
     #
-    # See .
-    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID.
     #
@@ -5506,7 +5561,7 @@ module Aws::CognitoIdentityProvider
     # @option params [String] :css
     #   The CSS values in the UI customization.
     #
-    # @option params [String, IO] :image_file
+    # @option params [String, StringIO, File] :image_file
     #   The uploaded logo image for the UI customization.
     #
     # @return [Types::SetUICustomizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -5645,8 +5700,11 @@ module Aws::CognitoIdentityProvider
 
     # *This action is no longer supported.* You can use it to configure only
     # SMS MFA. You can't use it to configure TOTP software token MFA. To
-    # configure either type of MFA, use the SetUserMFAPreference action
-    # instead.
+    # configure either type of MFA, use [SetUserMFAPreference][1] instead.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html
     #
     # @option params [required, String] :access_token
     #   The access token for the set user settings request.
@@ -6061,7 +6119,11 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [Integer] :precedence
     #   The new precedence value for the group. For more information about
-    #   this parameter, see .
+    #   this parameter, see [CreateGroup][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html
     #
     # @return [Types::UpdateGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -6294,11 +6356,16 @@ module Aws::CognitoIdentityProvider
     end
 
     # Updates the specified user pool with the specified attributes. You can
-    # get a list of the current user pool settings with .
+    # get a list of the current user pool settings using
+    # [DescribeUserPool][1].
     #
     # If you don't provide a value for an attribute, it will be set to the
     # default value.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html
+    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool you want to update.
     #
@@ -6463,11 +6530,15 @@ module Aws::CognitoIdentityProvider
 
     # Updates the specified user pool app client with the specified
     # attributes. You can get a list of the current user pool app client
-    # settings with .
+    # settings using [DescribeUserPoolClient][1].
     #
     # If you don't provide a value for an attribute, it will be set to the
     # default value.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html
+    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool where you want to update the user
     #   pool client.
@@ -6482,6 +6553,18 @@ module Aws::CognitoIdentityProvider
     #   The time limit, in days, after which the refresh token is no longer
     #   valid and cannot be used.
     #
+    # @option params [Integer] :access_token_validity
+    #   The time limit, after which the access token is no longer valid and
+    #   cannot be used.
+    #
+    # @option params [Integer] :id_token_validity
+    #   The time limit, after which the ID token is no longer valid and cannot
+    #   be used.
+    #
+    # @option params [Types::TokenValidityUnitsType] :token_validity_units
+    #   The units in which the validity times are represented in. Default for
+    #   RefreshToken is days, and default for ID and access tokens are hours.
+    #
     # @option params [Array<String>] :read_attributes
     #   The read-only attributes of the user pool.
     #
@@ -6592,9 +6675,10 @@ module Aws::CognitoIdentityProvider
     #   The Amazon Pinpoint analytics configuration for collecting metrics for
     #   this user pool.
     #
-    #   <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
-    #   projects in the US East (N. Virginia) us-east-1 Region, regardless of
-    #   the region in which the user pool resides.
+    #   <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
+    #   supports sending events to Amazon Pinpoint projects in us-east-1. In
+    #   regions where Pinpoint is available, Cognito User Pools will support
+    #   sending events to Amazon Pinpoint projects within that same region.
     #
     #    </note>
     #
@@ -6616,24 +6700,6 @@ module Aws::CognitoIdentityProvider
     #   * `LEGACY` - This represents the old behavior of Cognito where user
     #     existence related errors are not prevented.
     #
-    #   This setting affects the behavior of following APIs:
-    #
-    #   * AdminInitiateAuth
-    #
-    #   * AdminRespondToAuthChallenge
-    #
-    #   * InitiateAuth
-    #
-    #   * RespondToAuthChallenge
-    #
-    #   * ForgotPassword
-    #
-    #   * ConfirmForgotPassword
-    #
-    #   * ConfirmSignUp
-    #
-    #   * ResendConfirmationCode
-    #
     #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
@@ -6651,6 +6717,13 @@ module Aws::CognitoIdentityProvider
     #     client_id: "ClientIdType", # required
     #     client_name: "ClientNameType",
     #     refresh_token_validity: 1,
+    #     access_token_validity: 1,
+    #     id_token_validity: 1,
+    #     token_validity_units: {
+    #       access_token: "seconds", # accepts seconds, minutes, hours, days
+    #       id_token: "seconds", # accepts seconds, minutes, hours, days
+    #       refresh_token: "seconds", # accepts seconds, minutes, hours, days
+    #     },
     #     read_attributes: ["ClientPermissionType"],
     #     write_attributes: ["ClientPermissionType"],
     #     explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
@@ -6679,6 +6752,11 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.last_modified_date #=> Time
     #   resp.user_pool_client.creation_date #=> Time
     #   resp.user_pool_client.refresh_token_validity #=> Integer
+    #   resp.user_pool_client.access_token_validity #=> Integer
+    #   resp.user_pool_client.id_token_validity #=> Integer
+    #   resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
     #   resp.user_pool_client.read_attributes #=> Array
     #   resp.user_pool_client.read_attributes[0] #=> String
     #   resp.user_pool_client.write_attributes #=> Array
@@ -6804,6 +6882,11 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [required, String] :user_code
     #   The one time password computed using the secret code returned by
+    #   [AssociateSoftwareToken"][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html
     #
     # @option params [String] :friendly_device_name
     #   The friendly device name.
@@ -6879,7 +6962,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.38.0'
+      context[:gem_version] = '1.43.0'
       Seahorse::Client::Request.new(handlers, context)
     end