aws-sdk-cognitoidentityprovider 1.39.0 → 1.44.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -14,6 +14,7 @@ module Aws::CognitoIdentityProvider
14
14
  include Seahorse::Model
15
15
 
16
16
  AWSAccountIdType = Shapes::StringShape.new(name: 'AWSAccountIdType')
17
+ AccessTokenValidityType = Shapes::IntegerShape.new(name: 'AccessTokenValidityType')
17
18
  AccountRecoverySettingType = Shapes::StructureShape.new(name: 'AccountRecoverySettingType')
18
19
  AccountTakeoverActionNotifyType = Shapes::BooleanShape.new(name: 'AccountTakeoverActionNotifyType')
19
20
  AccountTakeoverActionType = Shapes::StructureShape.new(name: 'AccountTakeoverActionType')
@@ -243,6 +244,7 @@ module Aws::CognitoIdentityProvider
243
244
  HexStringType = Shapes::StringShape.new(name: 'HexStringType')
244
245
  HttpHeader = Shapes::StructureShape.new(name: 'HttpHeader')
245
246
  HttpHeaderList = Shapes::ListShape.new(name: 'HttpHeaderList')
247
+ IdTokenValidityType = Shapes::IntegerShape.new(name: 'IdTokenValidityType')
246
248
  IdentityProviderType = Shapes::StructureShape.new(name: 'IdentityProviderType')
247
249
  IdentityProviderTypeType = Shapes::StringShape.new(name: 'IdentityProviderTypeType')
248
250
  IdpIdentifierType = Shapes::StringShape.new(name: 'IdpIdentifierType')
@@ -389,7 +391,9 @@ module Aws::CognitoIdentityProvider
389
391
  TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
390
392
  TagValueType = Shapes::StringShape.new(name: 'TagValueType')
391
393
  TemporaryPasswordValidityDaysType = Shapes::IntegerShape.new(name: 'TemporaryPasswordValidityDaysType')
394
+ TimeUnitsType = Shapes::StringShape.new(name: 'TimeUnitsType')
392
395
  TokenModelType = Shapes::StringShape.new(name: 'TokenModelType')
396
+ TokenValidityUnitsType = Shapes::StructureShape.new(name: 'TokenValidityUnitsType')
393
397
  TooManyFailedAttemptsException = Shapes::StructureShape.new(name: 'TooManyFailedAttemptsException')
394
398
  TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
395
399
  UICustomizationType = Shapes::StructureShape.new(name: 'UICustomizationType')
@@ -709,9 +713,10 @@ module Aws::CognitoIdentityProvider
709
713
  AliasExistsException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
710
714
  AliasExistsException.struct_class = Types::AliasExistsException
711
715
 
712
- AnalyticsConfigurationType.add_member(:application_id, Shapes::ShapeRef.new(shape: HexStringType, required: true, location_name: "ApplicationId"))
713
- AnalyticsConfigurationType.add_member(:role_arn, Shapes::ShapeRef.new(shape: ArnType, required: true, location_name: "RoleArn"))
714
- AnalyticsConfigurationType.add_member(:external_id, Shapes::ShapeRef.new(shape: StringType, required: true, location_name: "ExternalId"))
716
+ AnalyticsConfigurationType.add_member(:application_id, Shapes::ShapeRef.new(shape: HexStringType, location_name: "ApplicationId"))
717
+ AnalyticsConfigurationType.add_member(:application_arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "ApplicationArn"))
718
+ AnalyticsConfigurationType.add_member(:role_arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "RoleArn"))
719
+ AnalyticsConfigurationType.add_member(:external_id, Shapes::ShapeRef.new(shape: StringType, location_name: "ExternalId"))
715
720
  AnalyticsConfigurationType.add_member(:user_data_shared, Shapes::ShapeRef.new(shape: BooleanType, location_name: "UserDataShared"))
716
721
  AnalyticsConfigurationType.struct_class = Types::AnalyticsConfigurationType
717
722
 
@@ -893,6 +898,9 @@ module Aws::CognitoIdentityProvider
893
898
  CreateUserPoolClientRequest.add_member(:client_name, Shapes::ShapeRef.new(shape: ClientNameType, required: true, location_name: "ClientName"))
894
899
  CreateUserPoolClientRequest.add_member(:generate_secret, Shapes::ShapeRef.new(shape: GenerateSecret, location_name: "GenerateSecret"))
895
900
  CreateUserPoolClientRequest.add_member(:refresh_token_validity, Shapes::ShapeRef.new(shape: RefreshTokenValidityType, location_name: "RefreshTokenValidity"))
901
+ CreateUserPoolClientRequest.add_member(:access_token_validity, Shapes::ShapeRef.new(shape: AccessTokenValidityType, location_name: "AccessTokenValidity"))
902
+ CreateUserPoolClientRequest.add_member(:id_token_validity, Shapes::ShapeRef.new(shape: IdTokenValidityType, location_name: "IdTokenValidity"))
903
+ CreateUserPoolClientRequest.add_member(:token_validity_units, Shapes::ShapeRef.new(shape: TokenValidityUnitsType, location_name: "TokenValidityUnits"))
896
904
  CreateUserPoolClientRequest.add_member(:read_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "ReadAttributes"))
897
905
  CreateUserPoolClientRequest.add_member(:write_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "WriteAttributes"))
898
906
  CreateUserPoolClientRequest.add_member(:explicit_auth_flows, Shapes::ShapeRef.new(shape: ExplicitAuthFlowsListType, location_name: "ExplicitAuthFlows"))
@@ -1622,6 +1630,11 @@ module Aws::CognitoIdentityProvider
1622
1630
 
1623
1631
  TagResourceResponse.struct_class = Types::TagResourceResponse
1624
1632
 
1633
+ TokenValidityUnitsType.add_member(:access_token, Shapes::ShapeRef.new(shape: TimeUnitsType, location_name: "AccessToken"))
1634
+ TokenValidityUnitsType.add_member(:id_token, Shapes::ShapeRef.new(shape: TimeUnitsType, location_name: "IdToken"))
1635
+ TokenValidityUnitsType.add_member(:refresh_token, Shapes::ShapeRef.new(shape: TimeUnitsType, location_name: "RefreshToken"))
1636
+ TokenValidityUnitsType.struct_class = Types::TokenValidityUnitsType
1637
+
1625
1638
  TooManyFailedAttemptsException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1626
1639
  TooManyFailedAttemptsException.struct_class = Types::TooManyFailedAttemptsException
1627
1640
 
@@ -1709,6 +1722,9 @@ module Aws::CognitoIdentityProvider
1709
1722
  UpdateUserPoolClientRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, required: true, location_name: "ClientId"))
1710
1723
  UpdateUserPoolClientRequest.add_member(:client_name, Shapes::ShapeRef.new(shape: ClientNameType, location_name: "ClientName"))
1711
1724
  UpdateUserPoolClientRequest.add_member(:refresh_token_validity, Shapes::ShapeRef.new(shape: RefreshTokenValidityType, location_name: "RefreshTokenValidity"))
1725
+ UpdateUserPoolClientRequest.add_member(:access_token_validity, Shapes::ShapeRef.new(shape: AccessTokenValidityType, location_name: "AccessTokenValidity"))
1726
+ UpdateUserPoolClientRequest.add_member(:id_token_validity, Shapes::ShapeRef.new(shape: IdTokenValidityType, location_name: "IdTokenValidity"))
1727
+ UpdateUserPoolClientRequest.add_member(:token_validity_units, Shapes::ShapeRef.new(shape: TokenValidityUnitsType, location_name: "TokenValidityUnits"))
1712
1728
  UpdateUserPoolClientRequest.add_member(:read_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "ReadAttributes"))
1713
1729
  UpdateUserPoolClientRequest.add_member(:write_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "WriteAttributes"))
1714
1730
  UpdateUserPoolClientRequest.add_member(:explicit_auth_flows, Shapes::ShapeRef.new(shape: ExplicitAuthFlowsListType, location_name: "ExplicitAuthFlows"))
@@ -1809,6 +1825,9 @@ module Aws::CognitoIdentityProvider
1809
1825
  UserPoolClientType.add_member(:last_modified_date, Shapes::ShapeRef.new(shape: DateType, location_name: "LastModifiedDate"))
1810
1826
  UserPoolClientType.add_member(:creation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "CreationDate"))
1811
1827
  UserPoolClientType.add_member(:refresh_token_validity, Shapes::ShapeRef.new(shape: RefreshTokenValidityType, location_name: "RefreshTokenValidity"))
1828
+ UserPoolClientType.add_member(:access_token_validity, Shapes::ShapeRef.new(shape: AccessTokenValidityType, location_name: "AccessTokenValidity"))
1829
+ UserPoolClientType.add_member(:id_token_validity, Shapes::ShapeRef.new(shape: IdTokenValidityType, location_name: "IdTokenValidity"))
1830
+ UserPoolClientType.add_member(:token_validity_units, Shapes::ShapeRef.new(shape: TokenValidityUnitsType, location_name: "TokenValidityUnits"))
1812
1831
  UserPoolClientType.add_member(:read_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "ReadAttributes"))
1813
1832
  UserPoolClientType.add_member(:write_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "WriteAttributes"))
1814
1833
  UserPoolClientType.add_member(:explicit_auth_flows, Shapes::ShapeRef.new(shape: ExplicitAuthFlowsListType, location_name: "ExplicitAuthFlows"))
@@ -2397,6 +2416,7 @@ module Aws::CognitoIdentityProvider
2397
2416
  o.http_request_uri = "/"
2398
2417
  o.input = Shapes::ShapeRef.new(shape: AssociateSoftwareTokenRequest)
2399
2418
  o.output = Shapes::ShapeRef.new(shape: AssociateSoftwareTokenResponse)
2419
+ o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
2400
2420
  o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
2401
2421
  o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
2402
2422
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  # WARNING ABOUT GENERATED CODE
2
3
  #
3
4
  # This file is generated. See the contributing for info on making contributions:
@@ -32,6 +32,7 @@ module Aws::CognitoIdentityProvider
32
32
  #
33
33
  class AccountRecoverySettingType < Struct.new(
34
34
  :recovery_mechanisms)
35
+ SENSITIVE = []
35
36
  include Aws::Structure
36
37
  end
37
38
 
@@ -68,6 +69,7 @@ module Aws::CognitoIdentityProvider
68
69
  class AccountTakeoverActionType < Struct.new(
69
70
  :notify,
70
71
  :event_action)
72
+ SENSITIVE = []
71
73
  include Aws::Structure
72
74
  end
73
75
 
@@ -109,6 +111,7 @@ module Aws::CognitoIdentityProvider
109
111
  :low_action,
110
112
  :medium_action,
111
113
  :high_action)
114
+ SENSITIVE = []
112
115
  include Aws::Structure
113
116
  end
114
117
 
@@ -168,6 +171,7 @@ module Aws::CognitoIdentityProvider
168
171
  class AccountTakeoverRiskConfigurationType < Struct.new(
169
172
  :notify_configuration,
170
173
  :actions)
174
+ SENSITIVE = []
171
175
  include Aws::Structure
172
176
  end
173
177
 
@@ -211,6 +215,7 @@ module Aws::CognitoIdentityProvider
211
215
  class AddCustomAttributesRequest < Struct.new(
212
216
  :user_pool_id,
213
217
  :custom_attributes)
218
+ SENSITIVE = []
214
219
  include Aws::Structure
215
220
  end
216
221
 
@@ -248,6 +253,7 @@ module Aws::CognitoIdentityProvider
248
253
  :user_pool_id,
249
254
  :username,
250
255
  :group_name)
256
+ SENSITIVE = [:username]
251
257
  include Aws::Structure
252
258
  end
253
259
 
@@ -316,6 +322,7 @@ module Aws::CognitoIdentityProvider
316
322
  :user_pool_id,
317
323
  :username,
318
324
  :client_metadata)
325
+ SENSITIVE = [:username]
319
326
  include Aws::Structure
320
327
  end
321
328
 
@@ -377,6 +384,7 @@ module Aws::CognitoIdentityProvider
377
384
  :allow_admin_create_user_only,
378
385
  :unused_account_validity_days,
379
386
  :invite_message_template)
387
+ SENSITIVE = []
380
388
  include Aws::Structure
381
389
  end
382
390
 
@@ -423,10 +431,11 @@ module Aws::CognitoIdentityProvider
423
431
  # An array of name-value pairs that contain user attributes and
424
432
  # attribute values to be set for the user to be created. You can
425
433
  # create a user without specifying any attributes other than
426
- # `Username`. However, any attributes that you specify as required (in
427
- # or in the **Attributes** tab of the console) must be supplied either
428
- # by you (in your call to `AdminCreateUser`) or by the user (when he
429
- # or she signs up in response to your welcome message).
434
+ # `Username`. However, any attributes that you specify as required
435
+ # (when creating a user pool or in the **Attributes** tab of the
436
+ # console) must be supplied either by you (in your call to
437
+ # `AdminCreateUser`) or by the user (when he or she signs up in
438
+ # response to your welcome message).
430
439
  #
431
440
  # For custom attributes, you must prepend the `custom:` prefix to the
432
441
  # attribute name.
@@ -438,7 +447,8 @@ module Aws::CognitoIdentityProvider
438
447
  #
439
448
  # In your call to `AdminCreateUser`, you can set the `email_verified`
440
449
  # attribute to `True`, and you can set the `phone_number_verified`
441
- # attribute to `True`. (You can also do this by calling .)
450
+ # attribute to `True`. (You can also do this by calling
451
+ # [AdminUpdateUserAttributes][1].)
442
452
  #
443
453
  # * **email**\: The email address of the user to whom the message that
444
454
  # contains the code and username will be sent. Required if the
@@ -449,6 +459,10 @@ module Aws::CognitoIdentityProvider
449
459
  # message that contains the code and username will be sent. Required
450
460
  # if the `phone_number_verified` attribute is set to `True`, or if
451
461
  # `"SMS"` is specified in the `DesiredDeliveryMediums` parameter.
462
+ #
463
+ #
464
+ #
465
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
452
466
  # @return [Array<Types::AttributeType>]
453
467
  #
454
468
  # @!attribute [rw] validation_data
@@ -565,6 +579,7 @@ module Aws::CognitoIdentityProvider
565
579
  :message_action,
566
580
  :desired_delivery_mediums,
567
581
  :client_metadata)
582
+ SENSITIVE = [:username, :temporary_password]
568
583
  include Aws::Structure
569
584
  end
570
585
 
@@ -579,6 +594,7 @@ module Aws::CognitoIdentityProvider
579
594
  #
580
595
  class AdminCreateUserResponse < Struct.new(
581
596
  :user)
597
+ SENSITIVE = []
582
598
  include Aws::Structure
583
599
  end
584
600
 
@@ -617,6 +633,7 @@ module Aws::CognitoIdentityProvider
617
633
  :user_pool_id,
618
634
  :username,
619
635
  :user_attribute_names)
636
+ SENSITIVE = [:username]
620
637
  include Aws::Structure
621
638
  end
622
639
 
@@ -651,6 +668,7 @@ module Aws::CognitoIdentityProvider
651
668
  class AdminDeleteUserRequest < Struct.new(
652
669
  :user_pool_id,
653
670
  :username)
671
+ SENSITIVE = [:username]
654
672
  include Aws::Structure
655
673
  end
656
674
 
@@ -679,6 +697,7 @@ module Aws::CognitoIdentityProvider
679
697
  class AdminDisableProviderForUserRequest < Struct.new(
680
698
  :user_pool_id,
681
699
  :user)
700
+ SENSITIVE = []
682
701
  include Aws::Structure
683
702
  end
684
703
 
@@ -710,6 +729,7 @@ module Aws::CognitoIdentityProvider
710
729
  class AdminDisableUserRequest < Struct.new(
711
730
  :user_pool_id,
712
731
  :username)
732
+ SENSITIVE = [:username]
713
733
  include Aws::Structure
714
734
  end
715
735
 
@@ -744,6 +764,7 @@ module Aws::CognitoIdentityProvider
744
764
  class AdminEnableUserRequest < Struct.new(
745
765
  :user_pool_id,
746
766
  :username)
767
+ SENSITIVE = [:username]
747
768
  include Aws::Structure
748
769
  end
749
770
 
@@ -783,6 +804,7 @@ module Aws::CognitoIdentityProvider
783
804
  :user_pool_id,
784
805
  :username,
785
806
  :device_key)
807
+ SENSITIVE = [:username]
786
808
  include Aws::Structure
787
809
  end
788
810
 
@@ -815,6 +837,7 @@ module Aws::CognitoIdentityProvider
815
837
  :device_key,
816
838
  :user_pool_id,
817
839
  :username)
840
+ SENSITIVE = [:username]
818
841
  include Aws::Structure
819
842
  end
820
843
 
@@ -828,6 +851,7 @@ module Aws::CognitoIdentityProvider
828
851
  #
829
852
  class AdminGetDeviceResponse < Struct.new(
830
853
  :device)
854
+ SENSITIVE = []
831
855
  include Aws::Structure
832
856
  end
833
857
 
@@ -855,6 +879,7 @@ module Aws::CognitoIdentityProvider
855
879
  class AdminGetUserRequest < Struct.new(
856
880
  :user_pool_id,
857
881
  :username)
882
+ SENSITIVE = [:username]
858
883
  include Aws::Structure
859
884
  end
860
885
 
@@ -907,8 +932,8 @@ module Aws::CognitoIdentityProvider
907
932
  # *This response parameter is no longer supported.* It provides
908
933
  # information only about SMS MFA configurations. It doesn't provide
909
934
  # information about TOTP software token MFA configurations. To look up
910
- # information about either type of MFA configuration, use the
911
- # AdminGetUserResponse$UserMFASettingList response instead.
935
+ # information about either type of MFA configuration, use
936
+ # UserMFASettingList instead.
912
937
  # @return [Array<Types::MFAOptionType>]
913
938
  #
914
939
  # @!attribute [rw] preferred_mfa_setting
@@ -932,6 +957,7 @@ module Aws::CognitoIdentityProvider
932
957
  :mfa_options,
933
958
  :preferred_mfa_setting,
934
959
  :user_mfa_setting_list)
960
+ SENSITIVE = [:username]
935
961
  include Aws::Structure
936
962
  end
937
963
 
@@ -1022,18 +1048,20 @@ module Aws::CognitoIdentityProvider
1022
1048
  #
1023
1049
  # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
1024
1050
  # `SECRET_HASH` (required if the app client is configured with a
1025
- # client secret), `DEVICE_KEY`
1051
+ # client secret), `DEVICE_KEY`.
1026
1052
  #
1027
1053
  # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN`
1028
1054
  # (required), `SECRET_HASH` (required if the app client is
1029
- # configured with a client secret), `DEVICE_KEY`
1055
+ # configured with a client secret), `DEVICE_KEY`.
1030
1056
  #
1031
1057
  # * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
1032
1058
  # app client is configured with client secret), `PASSWORD`
1033
- # (required), `DEVICE_KEY`
1059
+ # (required), `DEVICE_KEY`.
1034
1060
  #
1035
1061
  # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
1036
- # client is configured with client secret), `DEVICE_KEY`
1062
+ # client is configured with client secret), `DEVICE_KEY`. To start
1063
+ # the authentication flow with password verification, include
1064
+ # `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
1037
1065
  # @return [Hash<String,String>]
1038
1066
  #
1039
1067
  # @!attribute [rw] client_metadata
@@ -1121,6 +1149,7 @@ module Aws::CognitoIdentityProvider
1121
1149
  :client_metadata,
1122
1150
  :analytics_metadata,
1123
1151
  :context_data)
1152
+ SENSITIVE = [:client_id, :auth_parameters]
1124
1153
  include Aws::Structure
1125
1154
  end
1126
1155
 
@@ -1207,6 +1236,7 @@ module Aws::CognitoIdentityProvider
1207
1236
  :session,
1208
1237
  :challenge_parameters,
1209
1238
  :authentication_result)
1239
+ SENSITIVE = []
1210
1240
  include Aws::Structure
1211
1241
  end
1212
1242
 
@@ -1283,6 +1313,7 @@ module Aws::CognitoIdentityProvider
1283
1313
  :user_pool_id,
1284
1314
  :destination_user,
1285
1315
  :source_user)
1316
+ SENSITIVE = []
1286
1317
  include Aws::Structure
1287
1318
  end
1288
1319
 
@@ -1325,6 +1356,7 @@ module Aws::CognitoIdentityProvider
1325
1356
  :username,
1326
1357
  :limit,
1327
1358
  :pagination_token)
1359
+ SENSITIVE = [:username]
1328
1360
  include Aws::Structure
1329
1361
  end
1330
1362
 
@@ -1343,6 +1375,7 @@ module Aws::CognitoIdentityProvider
1343
1375
  class AdminListDevicesResponse < Struct.new(
1344
1376
  :devices,
1345
1377
  :pagination_token)
1378
+ SENSITIVE = []
1346
1379
  include Aws::Structure
1347
1380
  end
1348
1381
 
@@ -1381,6 +1414,7 @@ module Aws::CognitoIdentityProvider
1381
1414
  :user_pool_id,
1382
1415
  :limit,
1383
1416
  :next_token)
1417
+ SENSITIVE = [:username]
1384
1418
  include Aws::Structure
1385
1419
  end
1386
1420
 
@@ -1399,6 +1433,7 @@ module Aws::CognitoIdentityProvider
1399
1433
  class AdminListGroupsForUserResponse < Struct.new(
1400
1434
  :groups,
1401
1435
  :next_token)
1436
+ SENSITIVE = []
1402
1437
  include Aws::Structure
1403
1438
  end
1404
1439
 
@@ -1435,6 +1470,7 @@ module Aws::CognitoIdentityProvider
1435
1470
  :username,
1436
1471
  :max_results,
1437
1472
  :next_token)
1473
+ SENSITIVE = [:username]
1438
1474
  include Aws::Structure
1439
1475
  end
1440
1476
 
@@ -1452,6 +1488,7 @@ module Aws::CognitoIdentityProvider
1452
1488
  class AdminListUserAuthEventsResponse < Struct.new(
1453
1489
  :auth_events,
1454
1490
  :next_token)
1491
+ SENSITIVE = []
1455
1492
  include Aws::Structure
1456
1493
  end
1457
1494
 
@@ -1482,6 +1519,7 @@ module Aws::CognitoIdentityProvider
1482
1519
  :user_pool_id,
1483
1520
  :username,
1484
1521
  :group_name)
1522
+ SENSITIVE = [:username]
1485
1523
  include Aws::Structure
1486
1524
  end
1487
1525
 
@@ -1553,6 +1591,7 @@ module Aws::CognitoIdentityProvider
1553
1591
  :user_pool_id,
1554
1592
  :username,
1555
1593
  :client_metadata)
1594
+ SENSITIVE = [:username]
1556
1595
  include Aws::Structure
1557
1596
  end
1558
1597
 
@@ -1606,7 +1645,12 @@ module Aws::CognitoIdentityProvider
1606
1645
  # @return [String]
1607
1646
  #
1608
1647
  # @!attribute [rw] challenge_name
1609
- # The challenge name. For more information, see .
1648
+ # The challenge name. For more information, see
1649
+ # [AdminInitiateAuth][1].
1650
+ #
1651
+ #
1652
+ #
1653
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
1610
1654
  # @return [String]
1611
1655
  #
1612
1656
  # @!attribute [rw] challenge_responses
@@ -1707,25 +1751,36 @@ module Aws::CognitoIdentityProvider
1707
1751
  :analytics_metadata,
1708
1752
  :context_data,
1709
1753
  :client_metadata)
1754
+ SENSITIVE = [:client_id]
1710
1755
  include Aws::Structure
1711
1756
  end
1712
1757
 
1713
1758
  # Responds to the authentication challenge, as an administrator.
1714
1759
  #
1715
1760
  # @!attribute [rw] challenge_name
1716
- # The name of the challenge. For more information, see .
1761
+ # The name of the challenge. For more information, see
1762
+ # [AdminInitiateAuth][1].
1763
+ #
1764
+ #
1765
+ #
1766
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
1717
1767
  # @return [String]
1718
1768
  #
1719
1769
  # @!attribute [rw] session
1720
1770
  # The session which should be passed both ways in challenge-response
1721
- # calls to the service. If the or API call determines that the caller
1722
- # needs to go through another challenge, they return a session with
1723
- # other challenge parameters. This session should be passed as it is
1724
- # to the next `RespondToAuthChallenge` API call.
1771
+ # calls to the service. If the caller needs to go through another
1772
+ # challenge, they return a session with other challenge parameters.
1773
+ # This session should be passed as it is to the next
1774
+ # `RespondToAuthChallenge` API call.
1725
1775
  # @return [String]
1726
1776
  #
1727
1777
  # @!attribute [rw] challenge_parameters
1728
- # The challenge parameters. For more information, see .
1778
+ # The challenge parameters. For more information, see
1779
+ # [AdminInitiateAuth][1].
1780
+ #
1781
+ #
1782
+ #
1783
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
1729
1784
  # @return [Hash<String,String>]
1730
1785
  #
1731
1786
  # @!attribute [rw] authentication_result
@@ -1740,6 +1795,7 @@ module Aws::CognitoIdentityProvider
1740
1795
  :session,
1741
1796
  :challenge_parameters,
1742
1797
  :authentication_result)
1798
+ SENSITIVE = []
1743
1799
  include Aws::Structure
1744
1800
  end
1745
1801
 
@@ -1782,6 +1838,7 @@ module Aws::CognitoIdentityProvider
1782
1838
  :software_token_mfa_settings,
1783
1839
  :username,
1784
1840
  :user_pool_id)
1841
+ SENSITIVE = [:username]
1785
1842
  include Aws::Structure
1786
1843
  end
1787
1844
 
@@ -1823,6 +1880,7 @@ module Aws::CognitoIdentityProvider
1823
1880
  :username,
1824
1881
  :password,
1825
1882
  :permanent)
1883
+ SENSITIVE = [:username, :password]
1826
1884
  include Aws::Structure
1827
1885
  end
1828
1886
 
@@ -1867,6 +1925,7 @@ module Aws::CognitoIdentityProvider
1867
1925
  :user_pool_id,
1868
1926
  :username,
1869
1927
  :mfa_options)
1928
+ SENSITIVE = [:username]
1870
1929
  include Aws::Structure
1871
1930
  end
1872
1931
 
@@ -1910,6 +1969,7 @@ module Aws::CognitoIdentityProvider
1910
1969
  :username,
1911
1970
  :event_id,
1912
1971
  :feedback_value)
1972
+ SENSITIVE = [:username]
1913
1973
  include Aws::Structure
1914
1974
  end
1915
1975
 
@@ -1952,6 +2012,7 @@ module Aws::CognitoIdentityProvider
1952
2012
  :username,
1953
2013
  :device_key,
1954
2014
  :device_remembered_status)
2015
+ SENSITIVE = [:username]
1955
2016
  include Aws::Structure
1956
2017
  end
1957
2018
 
@@ -2045,6 +2106,7 @@ module Aws::CognitoIdentityProvider
2045
2106
  :username,
2046
2107
  :user_attributes,
2047
2108
  :client_metadata)
2109
+ SENSITIVE = [:username]
2048
2110
  include Aws::Structure
2049
2111
  end
2050
2112
 
@@ -2078,6 +2140,7 @@ module Aws::CognitoIdentityProvider
2078
2140
  class AdminUserGlobalSignOutRequest < Struct.new(
2079
2141
  :user_pool_id,
2080
2142
  :username)
2143
+ SENSITIVE = [:username]
2081
2144
  include Aws::Structure
2082
2145
  end
2083
2146
 
@@ -2100,15 +2163,17 @@ module Aws::CognitoIdentityProvider
2100
2163
  #
2101
2164
  class AliasExistsException < Struct.new(
2102
2165
  :message)
2166
+ SENSITIVE = []
2103
2167
  include Aws::Structure
2104
2168
  end
2105
2169
 
2106
2170
  # The Amazon Pinpoint analytics configuration for collecting metrics for
2107
2171
  # a user pool.
2108
2172
  #
2109
- # <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
2110
- # projects in the US East (N. Virginia) us-east-1 Region, regardless of
2111
- # the region in which the user pool resides.
2173
+ # <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
2174
+ # supports sending events to Amazon Pinpoint projects in us-east-1. In
2175
+ # regions where Pinpoint is available, Cognito User Pools will support
2176
+ # sending events to Amazon Pinpoint projects within that same region.
2112
2177
  #
2113
2178
  # </note>
2114
2179
  #
@@ -2116,9 +2181,10 @@ module Aws::CognitoIdentityProvider
2116
2181
  # data as a hash:
2117
2182
  #
2118
2183
  # {
2119
- # application_id: "HexStringType", # required
2120
- # role_arn: "ArnType", # required
2121
- # external_id: "StringType", # required
2184
+ # application_id: "HexStringType",
2185
+ # application_arn: "ArnType",
2186
+ # role_arn: "ArnType",
2187
+ # external_id: "StringType",
2122
2188
  # user_data_shared: false,
2123
2189
  # }
2124
2190
  #
@@ -2126,6 +2192,13 @@ module Aws::CognitoIdentityProvider
2126
2192
  # The application ID for an Amazon Pinpoint application.
2127
2193
  # @return [String]
2128
2194
  #
2195
+ # @!attribute [rw] application_arn
2196
+ # The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You
2197
+ # can use the Amazon Pinpoint project for Pinpoint integration with
2198
+ # the chosen User Pool Client. Amazon Cognito publishes events to the
2199
+ # pinpoint project declared by the app ARN.
2200
+ # @return [String]
2201
+ #
2129
2202
  # @!attribute [rw] role_arn
2130
2203
  # The ARN of an IAM role that authorizes Amazon Cognito to publish
2131
2204
  # events to Amazon Pinpoint analytics.
@@ -2144,9 +2217,11 @@ module Aws::CognitoIdentityProvider
2144
2217
  #
2145
2218
  class AnalyticsConfigurationType < Struct.new(
2146
2219
  :application_id,
2220
+ :application_arn,
2147
2221
  :role_arn,
2148
2222
  :external_id,
2149
2223
  :user_data_shared)
2224
+ SENSITIVE = []
2150
2225
  include Aws::Structure
2151
2226
  end
2152
2227
 
@@ -2176,6 +2251,7 @@ module Aws::CognitoIdentityProvider
2176
2251
  #
2177
2252
  class AnalyticsMetadataType < Struct.new(
2178
2253
  :analytics_endpoint_id)
2254
+ SENSITIVE = []
2179
2255
  include Aws::Structure
2180
2256
  end
2181
2257
 
@@ -2202,6 +2278,7 @@ module Aws::CognitoIdentityProvider
2202
2278
  class AssociateSoftwareTokenRequest < Struct.new(
2203
2279
  :access_token,
2204
2280
  :session)
2281
+ SENSITIVE = [:access_token]
2205
2282
  include Aws::Structure
2206
2283
  end
2207
2284
 
@@ -2221,6 +2298,7 @@ module Aws::CognitoIdentityProvider
2221
2298
  class AssociateSoftwareTokenResponse < Struct.new(
2222
2299
  :secret_code,
2223
2300
  :session)
2301
+ SENSITIVE = [:secret_code]
2224
2302
  include Aws::Structure
2225
2303
  end
2226
2304
 
@@ -2247,6 +2325,7 @@ module Aws::CognitoIdentityProvider
2247
2325
  class AttributeType < Struct.new(
2248
2326
  :name,
2249
2327
  :value)
2328
+ SENSITIVE = [:value]
2250
2329
  include Aws::Structure
2251
2330
  end
2252
2331
 
@@ -2298,6 +2377,7 @@ module Aws::CognitoIdentityProvider
2298
2377
  :challenge_responses,
2299
2378
  :event_context_data,
2300
2379
  :event_feedback)
2380
+ SENSITIVE = []
2301
2381
  include Aws::Structure
2302
2382
  end
2303
2383
 
@@ -2336,6 +2416,7 @@ module Aws::CognitoIdentityProvider
2336
2416
  :refresh_token,
2337
2417
  :id_token,
2338
2418
  :new_device_metadata)
2419
+ SENSITIVE = [:access_token, :refresh_token, :id_token]
2339
2420
  include Aws::Structure
2340
2421
  end
2341
2422
 
@@ -2354,6 +2435,7 @@ module Aws::CognitoIdentityProvider
2354
2435
  class ChallengeResponseType < Struct.new(
2355
2436
  :challenge_name,
2356
2437
  :challenge_response)
2438
+ SENSITIVE = []
2357
2439
  include Aws::Structure
2358
2440
  end
2359
2441
 
@@ -2386,6 +2468,7 @@ module Aws::CognitoIdentityProvider
2386
2468
  :previous_password,
2387
2469
  :proposed_password,
2388
2470
  :access_token)
2471
+ SENSITIVE = [:previous_password, :proposed_password, :access_token]
2389
2472
  include Aws::Structure
2390
2473
  end
2391
2474
 
@@ -2415,6 +2498,7 @@ module Aws::CognitoIdentityProvider
2415
2498
  :destination,
2416
2499
  :delivery_medium,
2417
2500
  :attribute_name)
2501
+ SENSITIVE = []
2418
2502
  include Aws::Structure
2419
2503
  end
2420
2504
 
@@ -2430,6 +2514,7 @@ module Aws::CognitoIdentityProvider
2430
2514
  #
2431
2515
  class CodeDeliveryFailureException < Struct.new(
2432
2516
  :message)
2517
+ SENSITIVE = []
2433
2518
  include Aws::Structure
2434
2519
  end
2435
2520
 
@@ -2444,6 +2529,7 @@ module Aws::CognitoIdentityProvider
2444
2529
  #
2445
2530
  class CodeMismatchException < Struct.new(
2446
2531
  :message)
2532
+ SENSITIVE = []
2447
2533
  include Aws::Structure
2448
2534
  end
2449
2535
 
@@ -2464,6 +2550,7 @@ module Aws::CognitoIdentityProvider
2464
2550
  #
2465
2551
  class CompromisedCredentialsActionsType < Struct.new(
2466
2552
  :event_action)
2553
+ SENSITIVE = []
2467
2554
  include Aws::Structure
2468
2555
  end
2469
2556
 
@@ -2493,6 +2580,7 @@ module Aws::CognitoIdentityProvider
2493
2580
  class CompromisedCredentialsRiskConfigurationType < Struct.new(
2494
2581
  :event_filter,
2495
2582
  :actions)
2583
+ SENSITIVE = []
2496
2584
  include Aws::Structure
2497
2585
  end
2498
2586
 
@@ -2507,6 +2595,7 @@ module Aws::CognitoIdentityProvider
2507
2595
  #
2508
2596
  class ConcurrentModificationException < Struct.new(
2509
2597
  :message)
2598
+ SENSITIVE = []
2510
2599
  include Aws::Structure
2511
2600
  end
2512
2601
 
@@ -2548,6 +2637,7 @@ module Aws::CognitoIdentityProvider
2548
2637
  :device_key,
2549
2638
  :device_secret_verifier_config,
2550
2639
  :device_name)
2640
+ SENSITIVE = [:access_token]
2551
2641
  include Aws::Structure
2552
2642
  end
2553
2643
 
@@ -2562,6 +2652,7 @@ module Aws::CognitoIdentityProvider
2562
2652
  #
2563
2653
  class ConfirmDeviceResponse < Struct.new(
2564
2654
  :user_confirmation_necessary)
2655
+ SENSITIVE = []
2565
2656
  include Aws::Structure
2566
2657
  end
2567
2658
 
@@ -2604,7 +2695,11 @@ module Aws::CognitoIdentityProvider
2604
2695
  #
2605
2696
  # @!attribute [rw] confirmation_code
2606
2697
  # The confirmation code sent by a user's request to retrieve a
2607
- # forgotten password. For more information, see
2698
+ # forgotten password. For more information, see [ForgotPassword][1].
2699
+ #
2700
+ #
2701
+ #
2702
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
2608
2703
  # @return [String]
2609
2704
  #
2610
2705
  # @!attribute [rw] password
@@ -2673,6 +2768,7 @@ module Aws::CognitoIdentityProvider
2673
2768
  :analytics_metadata,
2674
2769
  :user_context_data,
2675
2770
  :client_metadata)
2771
+ SENSITIVE = [:client_id, :secret_hash, :username, :password]
2676
2772
  include Aws::Structure
2677
2773
  end
2678
2774
 
@@ -2795,6 +2891,7 @@ module Aws::CognitoIdentityProvider
2795
2891
  :analytics_metadata,
2796
2892
  :user_context_data,
2797
2893
  :client_metadata)
2894
+ SENSITIVE = [:client_id, :secret_hash, :username]
2798
2895
  include Aws::Structure
2799
2896
  end
2800
2897
 
@@ -2853,6 +2950,7 @@ module Aws::CognitoIdentityProvider
2853
2950
  :server_path,
2854
2951
  :http_headers,
2855
2952
  :encoded_data)
2953
+ SENSITIVE = []
2856
2954
  include Aws::Structure
2857
2955
  end
2858
2956
 
@@ -2911,6 +3009,7 @@ module Aws::CognitoIdentityProvider
2911
3009
  :description,
2912
3010
  :role_arn,
2913
3011
  :precedence)
3012
+ SENSITIVE = []
2914
3013
  include Aws::Structure
2915
3014
  end
2916
3015
 
@@ -2922,6 +3021,7 @@ module Aws::CognitoIdentityProvider
2922
3021
  #
2923
3022
  class CreateGroupResponse < Struct.new(
2924
3023
  :group)
3024
+ SENSITIVE = []
2925
3025
  include Aws::Structure
2926
3026
  end
2927
3027
 
@@ -2957,7 +3057,7 @@ module Aws::CognitoIdentityProvider
2957
3057
  # The identity provider details. The following list describes the
2958
3058
  # provider detail keys for each identity provider type.
2959
3059
  #
2960
- # * For Google, Facebook and Login with Amazon:
3060
+ # * For Google and Login with Amazon:
2961
3061
  #
2962
3062
  # * client\_id
2963
3063
  #
@@ -2965,6 +3065,16 @@ module Aws::CognitoIdentityProvider
2965
3065
  #
2966
3066
  # * authorize\_scopes
2967
3067
  #
3068
+ # * For Facebook:
3069
+ #
3070
+ # * client\_id
3071
+ #
3072
+ # * client\_secret
3073
+ #
3074
+ # * authorize\_scopes
3075
+ #
3076
+ # * api\_version
3077
+ #
2968
3078
  # * For Sign in with Apple:
2969
3079
  #
2970
3080
  # * client\_id
@@ -3001,8 +3111,6 @@ module Aws::CognitoIdentityProvider
3001
3111
  # * jwks\_uri *if not available from discovery URL specified by
3002
3112
  # oidc\_issuer key*
3003
3113
  #
3004
- # * authorize\_scopes
3005
- #
3006
3114
  # * For SAML providers:
3007
3115
  #
3008
3116
  # * MetadataFile OR MetadataURL
@@ -3028,6 +3136,7 @@ module Aws::CognitoIdentityProvider
3028
3136
  :provider_details,
3029
3137
  :attribute_mapping,
3030
3138
  :idp_identifiers)
3139
+ SENSITIVE = []
3031
3140
  include Aws::Structure
3032
3141
  end
3033
3142
 
@@ -3039,6 +3148,7 @@ module Aws::CognitoIdentityProvider
3039
3148
  #
3040
3149
  class CreateIdentityProviderResponse < Struct.new(
3041
3150
  :identity_provider)
3151
+ SENSITIVE = []
3042
3152
  include Aws::Structure
3043
3153
  end
3044
3154
 
@@ -3083,6 +3193,7 @@ module Aws::CognitoIdentityProvider
3083
3193
  :identifier,
3084
3194
  :name,
3085
3195
  :scopes)
3196
+ SENSITIVE = []
3086
3197
  include Aws::Structure
3087
3198
  end
3088
3199
 
@@ -3094,6 +3205,7 @@ module Aws::CognitoIdentityProvider
3094
3205
  #
3095
3206
  class CreateResourceServerResponse < Struct.new(
3096
3207
  :resource_server)
3208
+ SENSITIVE = []
3097
3209
  include Aws::Structure
3098
3210
  end
3099
3211
 
@@ -3128,6 +3240,7 @@ module Aws::CognitoIdentityProvider
3128
3240
  :job_name,
3129
3241
  :user_pool_id,
3130
3242
  :cloud_watch_logs_role_arn)
3243
+ SENSITIVE = []
3131
3244
  include Aws::Structure
3132
3245
  end
3133
3246
 
@@ -3142,6 +3255,7 @@ module Aws::CognitoIdentityProvider
3142
3255
  #
3143
3256
  class CreateUserImportJobResponse < Struct.new(
3144
3257
  :user_import_job)
3258
+ SENSITIVE = []
3145
3259
  include Aws::Structure
3146
3260
  end
3147
3261
 
@@ -3155,6 +3269,13 @@ module Aws::CognitoIdentityProvider
3155
3269
  # client_name: "ClientNameType", # required
3156
3270
  # generate_secret: false,
3157
3271
  # refresh_token_validity: 1,
3272
+ # access_token_validity: 1,
3273
+ # id_token_validity: 1,
3274
+ # token_validity_units: {
3275
+ # access_token: "seconds", # accepts seconds, minutes, hours, days
3276
+ # id_token: "seconds", # accepts seconds, minutes, hours, days
3277
+ # refresh_token: "seconds", # accepts seconds, minutes, hours, days
3278
+ # },
3158
3279
  # read_attributes: ["ClientPermissionType"],
3159
3280
  # write_attributes: ["ClientPermissionType"],
3160
3281
  # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
@@ -3166,9 +3287,10 @@ module Aws::CognitoIdentityProvider
3166
3287
  # allowed_o_auth_scopes: ["ScopeType"],
3167
3288
  # allowed_o_auth_flows_user_pool_client: false,
3168
3289
  # analytics_configuration: {
3169
- # application_id: "HexStringType", # required
3170
- # role_arn: "ArnType", # required
3171
- # external_id: "StringType", # required
3290
+ # application_id: "HexStringType",
3291
+ # application_arn: "ArnType",
3292
+ # role_arn: "ArnType",
3293
+ # external_id: "StringType",
3172
3294
  # user_data_shared: false,
3173
3295
  # },
3174
3296
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -3193,6 +3315,24 @@ module Aws::CognitoIdentityProvider
3193
3315
  # valid and cannot be used.
3194
3316
  # @return [Integer]
3195
3317
  #
3318
+ # @!attribute [rw] access_token_validity
3319
+ # The time limit, between 5 minutes and 1 day, after which the access
3320
+ # token is no longer valid and cannot be used. This value will be
3321
+ # overridden if you have entered a value in TokenValidityUnits.
3322
+ # @return [Integer]
3323
+ #
3324
+ # @!attribute [rw] id_token_validity
3325
+ # The time limit, between 5 minutes and 1 day, after which the ID
3326
+ # token is no longer valid and cannot be used. This value will be
3327
+ # overridden if you have entered a value in TokenValidityUnits.
3328
+ # @return [Integer]
3329
+ #
3330
+ # @!attribute [rw] token_validity_units
3331
+ # The units in which the validity times are represented in. Default
3332
+ # for RefreshToken is days, and default for ID and access tokens are
3333
+ # hours.
3334
+ # @return [Types::TokenValidityUnitsType]
3335
+ #
3196
3336
  # @!attribute [rw] read_attributes
3197
3337
  # The read attributes.
3198
3338
  # @return [Array<String>]
@@ -3329,9 +3469,10 @@ module Aws::CognitoIdentityProvider
3329
3469
  # The Amazon Pinpoint analytics configuration for collecting metrics
3330
3470
  # for this user pool.
3331
3471
  #
3332
- # <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
3333
- # projects in the US East (N. Virginia) us-east-1 Region, regardless
3334
- # of the region in which the user pool resides.
3472
+ # <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
3473
+ # supports sending events to Amazon Pinpoint projects in us-east-1. In
3474
+ # regions where Pinpoint is available, Cognito User Pools will support
3475
+ # sending events to Amazon Pinpoint projects within that same region.
3335
3476
  #
3336
3477
  # </note>
3337
3478
  # @return [Types::AnalyticsConfigurationType]
@@ -3354,24 +3495,6 @@ module Aws::CognitoIdentityProvider
3354
3495
  # * `LEGACY` - This represents the old behavior of Cognito where user
3355
3496
  # existence related errors are not prevented.
3356
3497
  #
3357
- # This setting affects the behavior of following APIs:
3358
- #
3359
- # * AdminInitiateAuth
3360
- #
3361
- # * AdminRespondToAuthChallenge
3362
- #
3363
- # * InitiateAuth
3364
- #
3365
- # * RespondToAuthChallenge
3366
- #
3367
- # * ForgotPassword
3368
- #
3369
- # * ConfirmForgotPassword
3370
- #
3371
- # * ConfirmSignUp
3372
- #
3373
- # * ResendConfirmationCode
3374
- #
3375
3498
  # <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
3376
3499
  # will default to `ENABLED` for newly created user pool clients if no
3377
3500
  # value is provided.
@@ -3386,6 +3509,9 @@ module Aws::CognitoIdentityProvider
3386
3509
  :client_name,
3387
3510
  :generate_secret,
3388
3511
  :refresh_token_validity,
3512
+ :access_token_validity,
3513
+ :id_token_validity,
3514
+ :token_validity_units,
3389
3515
  :read_attributes,
3390
3516
  :write_attributes,
3391
3517
  :explicit_auth_flows,
@@ -3398,6 +3524,7 @@ module Aws::CognitoIdentityProvider
3398
3524
  :allowed_o_auth_flows_user_pool_client,
3399
3525
  :analytics_configuration,
3400
3526
  :prevent_user_existence_errors)
3527
+ SENSITIVE = []
3401
3528
  include Aws::Structure
3402
3529
  end
3403
3530
 
@@ -3411,6 +3538,7 @@ module Aws::CognitoIdentityProvider
3411
3538
  #
3412
3539
  class CreateUserPoolClientResponse < Struct.new(
3413
3540
  :user_pool_client)
3541
+ SENSITIVE = []
3414
3542
  include Aws::Structure
3415
3543
  end
3416
3544
 
@@ -3455,6 +3583,7 @@ module Aws::CognitoIdentityProvider
3455
3583
  :domain,
3456
3584
  :user_pool_id,
3457
3585
  :custom_domain_config)
3586
+ SENSITIVE = []
3458
3587
  include Aws::Structure
3459
3588
  end
3460
3589
 
@@ -3467,6 +3596,7 @@ module Aws::CognitoIdentityProvider
3467
3596
  #
3468
3597
  class CreateUserPoolDomainResponse < Struct.new(
3469
3598
  :cloud_front_domain)
3599
+ SENSITIVE = []
3470
3600
  include Aws::Structure
3471
3601
  end
3472
3602
 
@@ -3683,7 +3813,11 @@ module Aws::CognitoIdentityProvider
3683
3813
  # selected sign-in option. For example, when this is set to `False`,
3684
3814
  # users will be able to sign in using either "username" or
3685
3815
  # "Username". This configuration is immutable once it has been set.
3686
- # For more information, see .
3816
+ # For more information, see [UsernameConfigurationType][1].
3817
+ #
3818
+ #
3819
+ #
3820
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html
3687
3821
  # @return [Types::UsernameConfigurationType]
3688
3822
  #
3689
3823
  # @!attribute [rw] account_recovery_setting
@@ -3695,13 +3829,6 @@ module Aws::CognitoIdentityProvider
3695
3829
  # enabled. In the absence of this setting, Cognito uses the legacy
3696
3830
  # behavior to determine the recovery method where SMS is preferred
3697
3831
  # over email.
3698
- #
3699
- # <note markdown="1"> Starting February 1, 2020, the value of `AccountRecoverySetting`
3700
- # will default to `verified_email` first and `verified_phone_number`
3701
- # as the second option for newly created user pools if no value is
3702
- # provided.
3703
- #
3704
- # </note>
3705
3832
  # @return [Types::AccountRecoverySettingType]
3706
3833
  #
3707
3834
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolRequest AWS API Documentation
@@ -3728,6 +3855,7 @@ module Aws::CognitoIdentityProvider
3728
3855
  :user_pool_add_ons,
3729
3856
  :username_configuration,
3730
3857
  :account_recovery_setting)
3858
+ SENSITIVE = []
3731
3859
  include Aws::Structure
3732
3860
  end
3733
3861
 
@@ -3742,6 +3870,7 @@ module Aws::CognitoIdentityProvider
3742
3870
  #
3743
3871
  class CreateUserPoolResponse < Struct.new(
3744
3872
  :user_pool)
3873
+ SENSITIVE = []
3745
3874
  include Aws::Structure
3746
3875
  end
3747
3876
 
@@ -3765,6 +3894,7 @@ module Aws::CognitoIdentityProvider
3765
3894
  #
3766
3895
  class CustomDomainConfigType < Struct.new(
3767
3896
  :certificate_arn)
3897
+ SENSITIVE = []
3768
3898
  include Aws::Structure
3769
3899
  end
3770
3900
 
@@ -3789,6 +3919,7 @@ module Aws::CognitoIdentityProvider
3789
3919
  class DeleteGroupRequest < Struct.new(
3790
3920
  :group_name,
3791
3921
  :user_pool_id)
3922
+ SENSITIVE = []
3792
3923
  include Aws::Structure
3793
3924
  end
3794
3925
 
@@ -3813,6 +3944,7 @@ module Aws::CognitoIdentityProvider
3813
3944
  class DeleteIdentityProviderRequest < Struct.new(
3814
3945
  :user_pool_id,
3815
3946
  :provider_name)
3947
+ SENSITIVE = []
3816
3948
  include Aws::Structure
3817
3949
  end
3818
3950
 
@@ -3837,6 +3969,7 @@ module Aws::CognitoIdentityProvider
3837
3969
  class DeleteResourceServerRequest < Struct.new(
3838
3970
  :user_pool_id,
3839
3971
  :identifier)
3972
+ SENSITIVE = []
3840
3973
  include Aws::Structure
3841
3974
  end
3842
3975
 
@@ -3867,6 +4000,7 @@ module Aws::CognitoIdentityProvider
3867
4000
  class DeleteUserAttributesRequest < Struct.new(
3868
4001
  :user_attribute_names,
3869
4002
  :access_token)
4003
+ SENSITIVE = [:access_token]
3870
4004
  include Aws::Structure
3871
4005
  end
3872
4006
 
@@ -3900,6 +4034,7 @@ module Aws::CognitoIdentityProvider
3900
4034
  class DeleteUserPoolClientRequest < Struct.new(
3901
4035
  :user_pool_id,
3902
4036
  :client_id)
4037
+ SENSITIVE = [:client_id]
3903
4038
  include Aws::Structure
3904
4039
  end
3905
4040
 
@@ -3924,6 +4059,7 @@ module Aws::CognitoIdentityProvider
3924
4059
  class DeleteUserPoolDomainRequest < Struct.new(
3925
4060
  :domain,
3926
4061
  :user_pool_id)
4062
+ SENSITIVE = []
3927
4063
  include Aws::Structure
3928
4064
  end
3929
4065
 
@@ -3948,6 +4084,7 @@ module Aws::CognitoIdentityProvider
3948
4084
  #
3949
4085
  class DeleteUserPoolRequest < Struct.new(
3950
4086
  :user_pool_id)
4087
+ SENSITIVE = []
3951
4088
  include Aws::Structure
3952
4089
  end
3953
4090
 
@@ -3968,6 +4105,7 @@ module Aws::CognitoIdentityProvider
3968
4105
  #
3969
4106
  class DeleteUserRequest < Struct.new(
3970
4107
  :access_token)
4108
+ SENSITIVE = [:access_token]
3971
4109
  include Aws::Structure
3972
4110
  end
3973
4111
 
@@ -3992,6 +4130,7 @@ module Aws::CognitoIdentityProvider
3992
4130
  class DescribeIdentityProviderRequest < Struct.new(
3993
4131
  :user_pool_id,
3994
4132
  :provider_name)
4133
+ SENSITIVE = []
3995
4134
  include Aws::Structure
3996
4135
  end
3997
4136
 
@@ -4003,6 +4142,7 @@ module Aws::CognitoIdentityProvider
4003
4142
  #
4004
4143
  class DescribeIdentityProviderResponse < Struct.new(
4005
4144
  :identity_provider)
4145
+ SENSITIVE = []
4006
4146
  include Aws::Structure
4007
4147
  end
4008
4148
 
@@ -4027,6 +4167,7 @@ module Aws::CognitoIdentityProvider
4027
4167
  class DescribeResourceServerRequest < Struct.new(
4028
4168
  :user_pool_id,
4029
4169
  :identifier)
4170
+ SENSITIVE = []
4030
4171
  include Aws::Structure
4031
4172
  end
4032
4173
 
@@ -4038,6 +4179,7 @@ module Aws::CognitoIdentityProvider
4038
4179
  #
4039
4180
  class DescribeResourceServerResponse < Struct.new(
4040
4181
  :resource_server)
4182
+ SENSITIVE = []
4041
4183
  include Aws::Structure
4042
4184
  end
4043
4185
 
@@ -4062,6 +4204,7 @@ module Aws::CognitoIdentityProvider
4062
4204
  class DescribeRiskConfigurationRequest < Struct.new(
4063
4205
  :user_pool_id,
4064
4206
  :client_id)
4207
+ SENSITIVE = [:client_id]
4065
4208
  include Aws::Structure
4066
4209
  end
4067
4210
 
@@ -4073,6 +4216,7 @@ module Aws::CognitoIdentityProvider
4073
4216
  #
4074
4217
  class DescribeRiskConfigurationResponse < Struct.new(
4075
4218
  :risk_configuration)
4219
+ SENSITIVE = []
4076
4220
  include Aws::Structure
4077
4221
  end
4078
4222
 
@@ -4100,6 +4244,7 @@ module Aws::CognitoIdentityProvider
4100
4244
  class DescribeUserImportJobRequest < Struct.new(
4101
4245
  :user_pool_id,
4102
4246
  :job_id)
4247
+ SENSITIVE = []
4103
4248
  include Aws::Structure
4104
4249
  end
4105
4250
 
@@ -4114,6 +4259,7 @@ module Aws::CognitoIdentityProvider
4114
4259
  #
4115
4260
  class DescribeUserImportJobResponse < Struct.new(
4116
4261
  :user_import_job)
4262
+ SENSITIVE = []
4117
4263
  include Aws::Structure
4118
4264
  end
4119
4265
 
@@ -4140,6 +4286,7 @@ module Aws::CognitoIdentityProvider
4140
4286
  class DescribeUserPoolClientRequest < Struct.new(
4141
4287
  :user_pool_id,
4142
4288
  :client_id)
4289
+ SENSITIVE = [:client_id]
4143
4290
  include Aws::Structure
4144
4291
  end
4145
4292
 
@@ -4155,6 +4302,7 @@ module Aws::CognitoIdentityProvider
4155
4302
  #
4156
4303
  class DescribeUserPoolClientResponse < Struct.new(
4157
4304
  :user_pool_client)
4305
+ SENSITIVE = []
4158
4306
  include Aws::Structure
4159
4307
  end
4160
4308
 
@@ -4173,6 +4321,7 @@ module Aws::CognitoIdentityProvider
4173
4321
  #
4174
4322
  class DescribeUserPoolDomainRequest < Struct.new(
4175
4323
  :domain)
4324
+ SENSITIVE = []
4176
4325
  include Aws::Structure
4177
4326
  end
4178
4327
 
@@ -4184,6 +4333,7 @@ module Aws::CognitoIdentityProvider
4184
4333
  #
4185
4334
  class DescribeUserPoolDomainResponse < Struct.new(
4186
4335
  :domain_description)
4336
+ SENSITIVE = []
4187
4337
  include Aws::Structure
4188
4338
  end
4189
4339
 
@@ -4204,6 +4354,7 @@ module Aws::CognitoIdentityProvider
4204
4354
  #
4205
4355
  class DescribeUserPoolRequest < Struct.new(
4206
4356
  :user_pool_id)
4357
+ SENSITIVE = []
4207
4358
  include Aws::Structure
4208
4359
  end
4209
4360
 
@@ -4218,6 +4369,7 @@ module Aws::CognitoIdentityProvider
4218
4369
  #
4219
4370
  class DescribeUserPoolResponse < Struct.new(
4220
4371
  :user_pool)
4372
+ SENSITIVE = []
4221
4373
  include Aws::Structure
4222
4374
  end
4223
4375
 
@@ -4245,6 +4397,7 @@ module Aws::CognitoIdentityProvider
4245
4397
  class DeviceConfigurationType < Struct.new(
4246
4398
  :challenge_required_on_new_device,
4247
4399
  :device_only_remembered_on_user_prompt)
4400
+ SENSITIVE = []
4248
4401
  include Aws::Structure
4249
4402
  end
4250
4403
 
@@ -4271,6 +4424,7 @@ module Aws::CognitoIdentityProvider
4271
4424
  class DeviceSecretVerifierConfigType < Struct.new(
4272
4425
  :password_verifier,
4273
4426
  :salt)
4427
+ SENSITIVE = []
4274
4428
  include Aws::Structure
4275
4429
  end
4276
4430
 
@@ -4304,6 +4458,7 @@ module Aws::CognitoIdentityProvider
4304
4458
  :device_create_date,
4305
4459
  :device_last_modified_date,
4306
4460
  :device_last_authenticated_date)
4461
+ SENSITIVE = []
4307
4462
  include Aws::Structure
4308
4463
  end
4309
4464
 
@@ -4353,6 +4508,7 @@ module Aws::CognitoIdentityProvider
4353
4508
  :version,
4354
4509
  :status,
4355
4510
  :custom_domain_config)
4511
+ SENSITIVE = []
4356
4512
  include Aws::Structure
4357
4513
  end
4358
4514
 
@@ -4366,6 +4522,7 @@ module Aws::CognitoIdentityProvider
4366
4522
  #
4367
4523
  class DuplicateProviderException < Struct.new(
4368
4524
  :message)
4525
+ SENSITIVE = []
4369
4526
  include Aws::Structure
4370
4527
  end
4371
4528
 
@@ -4484,6 +4641,7 @@ module Aws::CognitoIdentityProvider
4484
4641
  :email_sending_account,
4485
4642
  :from,
4486
4643
  :configuration_set)
4644
+ SENSITIVE = []
4487
4645
  include Aws::Structure
4488
4646
  end
4489
4647
 
@@ -4498,6 +4656,7 @@ module Aws::CognitoIdentityProvider
4498
4656
  #
4499
4657
  class EnableSoftwareTokenMFAException < Struct.new(
4500
4658
  :message)
4659
+ SENSITIVE = []
4501
4660
  include Aws::Structure
4502
4661
  end
4503
4662
 
@@ -4532,6 +4691,7 @@ module Aws::CognitoIdentityProvider
4532
4691
  :timezone,
4533
4692
  :city,
4534
4693
  :country)
4694
+ SENSITIVE = []
4535
4695
  include Aws::Structure
4536
4696
  end
4537
4697
 
@@ -4555,6 +4715,7 @@ module Aws::CognitoIdentityProvider
4555
4715
  :feedback_value,
4556
4716
  :provider,
4557
4717
  :feedback_date)
4718
+ SENSITIVE = []
4558
4719
  include Aws::Structure
4559
4720
  end
4560
4721
 
@@ -4579,6 +4740,7 @@ module Aws::CognitoIdentityProvider
4579
4740
  :risk_decision,
4580
4741
  :risk_level,
4581
4742
  :compromised_credentials_detected)
4743
+ SENSITIVE = []
4582
4744
  include Aws::Structure
4583
4745
  end
4584
4746
 
@@ -4592,6 +4754,7 @@ module Aws::CognitoIdentityProvider
4592
4754
  #
4593
4755
  class ExpiredCodeException < Struct.new(
4594
4756
  :message)
4757
+ SENSITIVE = []
4595
4758
  include Aws::Structure
4596
4759
  end
4597
4760
 
@@ -4618,6 +4781,7 @@ module Aws::CognitoIdentityProvider
4618
4781
  class ForgetDeviceRequest < Struct.new(
4619
4782
  :access_token,
4620
4783
  :device_key)
4784
+ SENSITIVE = [:access_token]
4621
4785
  include Aws::Structure
4622
4786
  end
4623
4787
 
@@ -4716,6 +4880,7 @@ module Aws::CognitoIdentityProvider
4716
4880
  :username,
4717
4881
  :analytics_metadata,
4718
4882
  :client_metadata)
4883
+ SENSITIVE = [:client_id, :secret_hash, :username]
4719
4884
  include Aws::Structure
4720
4885
  end
4721
4886
 
@@ -4731,6 +4896,7 @@ module Aws::CognitoIdentityProvider
4731
4896
  #
4732
4897
  class ForgotPasswordResponse < Struct.new(
4733
4898
  :code_delivery_details)
4899
+ SENSITIVE = []
4734
4900
  include Aws::Structure
4735
4901
  end
4736
4902
 
@@ -4753,6 +4919,7 @@ module Aws::CognitoIdentityProvider
4753
4919
  #
4754
4920
  class GetCSVHeaderRequest < Struct.new(
4755
4921
  :user_pool_id)
4922
+ SENSITIVE = []
4756
4923
  include Aws::Structure
4757
4924
  end
4758
4925
 
@@ -4773,6 +4940,7 @@ module Aws::CognitoIdentityProvider
4773
4940
  class GetCSVHeaderResponse < Struct.new(
4774
4941
  :user_pool_id,
4775
4942
  :csv_header)
4943
+ SENSITIVE = []
4776
4944
  include Aws::Structure
4777
4945
  end
4778
4946
 
@@ -4799,6 +4967,7 @@ module Aws::CognitoIdentityProvider
4799
4967
  class GetDeviceRequest < Struct.new(
4800
4968
  :device_key,
4801
4969
  :access_token)
4970
+ SENSITIVE = [:access_token]
4802
4971
  include Aws::Structure
4803
4972
  end
4804
4973
 
@@ -4812,6 +4981,7 @@ module Aws::CognitoIdentityProvider
4812
4981
  #
4813
4982
  class GetDeviceResponse < Struct.new(
4814
4983
  :device)
4984
+ SENSITIVE = []
4815
4985
  include Aws::Structure
4816
4986
  end
4817
4987
 
@@ -4836,6 +5006,7 @@ module Aws::CognitoIdentityProvider
4836
5006
  class GetGroupRequest < Struct.new(
4837
5007
  :group_name,
4838
5008
  :user_pool_id)
5009
+ SENSITIVE = []
4839
5010
  include Aws::Structure
4840
5011
  end
4841
5012
 
@@ -4847,6 +5018,7 @@ module Aws::CognitoIdentityProvider
4847
5018
  #
4848
5019
  class GetGroupResponse < Struct.new(
4849
5020
  :group)
5021
+ SENSITIVE = []
4850
5022
  include Aws::Structure
4851
5023
  end
4852
5024
 
@@ -4871,6 +5043,7 @@ module Aws::CognitoIdentityProvider
4871
5043
  class GetIdentityProviderByIdentifierRequest < Struct.new(
4872
5044
  :user_pool_id,
4873
5045
  :idp_identifier)
5046
+ SENSITIVE = []
4874
5047
  include Aws::Structure
4875
5048
  end
4876
5049
 
@@ -4882,6 +5055,7 @@ module Aws::CognitoIdentityProvider
4882
5055
  #
4883
5056
  class GetIdentityProviderByIdentifierResponse < Struct.new(
4884
5057
  :identity_provider)
5058
+ SENSITIVE = []
4885
5059
  include Aws::Structure
4886
5060
  end
4887
5061
 
@@ -4902,6 +5076,7 @@ module Aws::CognitoIdentityProvider
4902
5076
  #
4903
5077
  class GetSigningCertificateRequest < Struct.new(
4904
5078
  :user_pool_id)
5079
+ SENSITIVE = []
4905
5080
  include Aws::Structure
4906
5081
  end
4907
5082
 
@@ -4915,6 +5090,7 @@ module Aws::CognitoIdentityProvider
4915
5090
  #
4916
5091
  class GetSigningCertificateResponse < Struct.new(
4917
5092
  :certificate)
5093
+ SENSITIVE = []
4918
5094
  include Aws::Structure
4919
5095
  end
4920
5096
 
@@ -4939,6 +5115,7 @@ module Aws::CognitoIdentityProvider
4939
5115
  class GetUICustomizationRequest < Struct.new(
4940
5116
  :user_pool_id,
4941
5117
  :client_id)
5118
+ SENSITIVE = [:client_id]
4942
5119
  include Aws::Structure
4943
5120
  end
4944
5121
 
@@ -4950,6 +5127,7 @@ module Aws::CognitoIdentityProvider
4950
5127
  #
4951
5128
  class GetUICustomizationResponse < Struct.new(
4952
5129
  :ui_customization)
5130
+ SENSITIVE = []
4953
5131
  include Aws::Structure
4954
5132
  end
4955
5133
 
@@ -5022,6 +5200,7 @@ module Aws::CognitoIdentityProvider
5022
5200
  :access_token,
5023
5201
  :attribute_name,
5024
5202
  :client_metadata)
5203
+ SENSITIVE = [:access_token]
5025
5204
  include Aws::Structure
5026
5205
  end
5027
5206
 
@@ -5037,6 +5216,7 @@ module Aws::CognitoIdentityProvider
5037
5216
  #
5038
5217
  class GetUserAttributeVerificationCodeResponse < Struct.new(
5039
5218
  :code_delivery_details)
5219
+ SENSITIVE = []
5040
5220
  include Aws::Structure
5041
5221
  end
5042
5222
 
@@ -5055,6 +5235,7 @@ module Aws::CognitoIdentityProvider
5055
5235
  #
5056
5236
  class GetUserPoolMfaConfigRequest < Struct.new(
5057
5237
  :user_pool_id)
5238
+ SENSITIVE = []
5058
5239
  include Aws::Structure
5059
5240
  end
5060
5241
 
@@ -5083,6 +5264,7 @@ module Aws::CognitoIdentityProvider
5083
5264
  :sms_mfa_configuration,
5084
5265
  :software_token_mfa_configuration,
5085
5266
  :mfa_configuration)
5267
+ SENSITIVE = []
5086
5268
  include Aws::Structure
5087
5269
  end
5088
5270
 
@@ -5104,6 +5286,7 @@ module Aws::CognitoIdentityProvider
5104
5286
  #
5105
5287
  class GetUserRequest < Struct.new(
5106
5288
  :access_token)
5289
+ SENSITIVE = [:access_token]
5107
5290
  include Aws::Structure
5108
5291
  end
5109
5292
 
@@ -5126,8 +5309,8 @@ module Aws::CognitoIdentityProvider
5126
5309
  # *This response parameter is no longer supported.* It provides
5127
5310
  # information only about SMS MFA configurations. It doesn't provide
5128
5311
  # information about TOTP software token MFA configurations. To look up
5129
- # information about either type of MFA configuration, use the use the
5130
- # GetUserResponse$UserMFASettingList response instead.
5312
+ # information about either type of MFA configuration, use
5313
+ # UserMFASettingList instead.
5131
5314
  # @return [Array<Types::MFAOptionType>]
5132
5315
  #
5133
5316
  # @!attribute [rw] preferred_mfa_setting
@@ -5147,6 +5330,7 @@ module Aws::CognitoIdentityProvider
5147
5330
  :mfa_options,
5148
5331
  :preferred_mfa_setting,
5149
5332
  :user_mfa_setting_list)
5333
+ SENSITIVE = [:username]
5150
5334
  include Aws::Structure
5151
5335
  end
5152
5336
 
@@ -5167,6 +5351,7 @@ module Aws::CognitoIdentityProvider
5167
5351
  #
5168
5352
  class GlobalSignOutRequest < Struct.new(
5169
5353
  :access_token)
5354
+ SENSITIVE = [:access_token]
5170
5355
  include Aws::Structure
5171
5356
  end
5172
5357
 
@@ -5186,6 +5371,7 @@ module Aws::CognitoIdentityProvider
5186
5371
  #
5187
5372
  class GroupExistsException < Struct.new(
5188
5373
  :message)
5374
+ SENSITIVE = []
5189
5375
  include Aws::Structure
5190
5376
  end
5191
5377
 
@@ -5245,6 +5431,7 @@ module Aws::CognitoIdentityProvider
5245
5431
  :precedence,
5246
5432
  :last_modified_date,
5247
5433
  :creation_date)
5434
+ SENSITIVE = []
5248
5435
  include Aws::Structure
5249
5436
  end
5250
5437
 
@@ -5271,6 +5458,7 @@ module Aws::CognitoIdentityProvider
5271
5458
  class HttpHeader < Struct.new(
5272
5459
  :header_name,
5273
5460
  :header_value)
5461
+ SENSITIVE = []
5274
5462
  include Aws::Structure
5275
5463
  end
5276
5464
 
@@ -5292,7 +5480,7 @@ module Aws::CognitoIdentityProvider
5292
5480
  # The identity provider details. The following list describes the
5293
5481
  # provider detail keys for each identity provider type.
5294
5482
  #
5295
- # * For Google, Facebook and Login with Amazon:
5483
+ # * For Google and Login with Amazon:
5296
5484
  #
5297
5485
  # * client\_id
5298
5486
  #
@@ -5300,6 +5488,16 @@ module Aws::CognitoIdentityProvider
5300
5488
  #
5301
5489
  # * authorize\_scopes
5302
5490
  #
5491
+ # * For Facebook:
5492
+ #
5493
+ # * client\_id
5494
+ #
5495
+ # * client\_secret
5496
+ #
5497
+ # * authorize\_scopes
5498
+ #
5499
+ # * api\_version
5500
+ #
5303
5501
  # * For Sign in with Apple:
5304
5502
  #
5305
5503
  # * client\_id
@@ -5373,6 +5571,7 @@ module Aws::CognitoIdentityProvider
5373
5571
  :idp_identifiers,
5374
5572
  :last_modified_date,
5375
5573
  :creation_date)
5574
+ SENSITIVE = []
5376
5575
  include Aws::Structure
5377
5576
  end
5378
5577
 
@@ -5443,14 +5642,16 @@ module Aws::CognitoIdentityProvider
5443
5642
  #
5444
5643
  # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
5445
5644
  # `SECRET_HASH` (required if the app client is configured with a
5446
- # client secret), `DEVICE_KEY`
5645
+ # client secret), `DEVICE_KEY`.
5447
5646
  #
5448
5647
  # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN`
5449
5648
  # (required), `SECRET_HASH` (required if the app client is
5450
- # configured with a client secret), `DEVICE_KEY`
5649
+ # configured with a client secret), `DEVICE_KEY`.
5451
5650
  #
5452
5651
  # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
5453
- # client is configured with client secret), `DEVICE_KEY`
5652
+ # client is configured with client secret), `DEVICE_KEY`. To start
5653
+ # the authentication flow with password verification, include
5654
+ # `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
5454
5655
  # @return [Hash<String,String>]
5455
5656
  #
5456
5657
  # @!attribute [rw] client_metadata
@@ -5541,6 +5742,7 @@ module Aws::CognitoIdentityProvider
5541
5742
  :client_id,
5542
5743
  :analytics_metadata,
5543
5744
  :user_context_data)
5745
+ SENSITIVE = [:auth_parameters, :client_id]
5544
5746
  include Aws::Structure
5545
5747
  end
5546
5748
 
@@ -5581,10 +5783,10 @@ module Aws::CognitoIdentityProvider
5581
5783
  #
5582
5784
  # @!attribute [rw] session
5583
5785
  # The session which should be passed both ways in challenge-response
5584
- # calls to the service. If the or API call determines that the caller
5585
- # needs to go through another challenge, they return a session with
5586
- # other challenge parameters. This session should be passed as it is
5587
- # to the next `RespondToAuthChallenge` API call.
5786
+ # calls to the service. If the caller needs to go through another
5787
+ # challenge, they return a session with other challenge parameters.
5788
+ # This session should be passed as it is to the next
5789
+ # `RespondToAuthChallenge` API call.
5588
5790
  # @return [String]
5589
5791
  #
5590
5792
  # @!attribute [rw] challenge_parameters
@@ -5610,6 +5812,7 @@ module Aws::CognitoIdentityProvider
5610
5812
  :session,
5611
5813
  :challenge_parameters,
5612
5814
  :authentication_result)
5815
+ SENSITIVE = []
5613
5816
  include Aws::Structure
5614
5817
  end
5615
5818
 
@@ -5625,6 +5828,7 @@ module Aws::CognitoIdentityProvider
5625
5828
  #
5626
5829
  class InternalErrorException < Struct.new(
5627
5830
  :message)
5831
+ SENSITIVE = []
5628
5832
  include Aws::Structure
5629
5833
  end
5630
5834
 
@@ -5641,6 +5845,7 @@ module Aws::CognitoIdentityProvider
5641
5845
  #
5642
5846
  class InvalidEmailRoleAccessPolicyException < Struct.new(
5643
5847
  :message)
5848
+ SENSITIVE = []
5644
5849
  include Aws::Structure
5645
5850
  end
5646
5851
 
@@ -5656,6 +5861,7 @@ module Aws::CognitoIdentityProvider
5656
5861
  #
5657
5862
  class InvalidLambdaResponseException < Struct.new(
5658
5863
  :message)
5864
+ SENSITIVE = []
5659
5865
  include Aws::Structure
5660
5866
  end
5661
5867
 
@@ -5668,6 +5874,7 @@ module Aws::CognitoIdentityProvider
5668
5874
  #
5669
5875
  class InvalidOAuthFlowException < Struct.new(
5670
5876
  :message)
5877
+ SENSITIVE = []
5671
5878
  include Aws::Structure
5672
5879
  end
5673
5880
 
@@ -5683,6 +5890,7 @@ module Aws::CognitoIdentityProvider
5683
5890
  #
5684
5891
  class InvalidParameterException < Struct.new(
5685
5892
  :message)
5893
+ SENSITIVE = []
5686
5894
  include Aws::Structure
5687
5895
  end
5688
5896
 
@@ -5698,6 +5906,7 @@ module Aws::CognitoIdentityProvider
5698
5906
  #
5699
5907
  class InvalidPasswordException < Struct.new(
5700
5908
  :message)
5909
+ SENSITIVE = []
5701
5910
  include Aws::Structure
5702
5911
  end
5703
5912
 
@@ -5713,6 +5922,7 @@ module Aws::CognitoIdentityProvider
5713
5922
  #
5714
5923
  class InvalidSmsRoleAccessPolicyException < Struct.new(
5715
5924
  :message)
5925
+ SENSITIVE = []
5716
5926
  include Aws::Structure
5717
5927
  end
5718
5928
 
@@ -5731,6 +5941,7 @@ module Aws::CognitoIdentityProvider
5731
5941
  #
5732
5942
  class InvalidSmsRoleTrustRelationshipException < Struct.new(
5733
5943
  :message)
5944
+ SENSITIVE = []
5734
5945
  include Aws::Structure
5735
5946
  end
5736
5947
 
@@ -5744,6 +5955,7 @@ module Aws::CognitoIdentityProvider
5744
5955
  #
5745
5956
  class InvalidUserPoolConfigurationException < Struct.new(
5746
5957
  :message)
5958
+ SENSITIVE = []
5747
5959
  include Aws::Structure
5748
5960
  end
5749
5961
 
@@ -5818,6 +6030,7 @@ module Aws::CognitoIdentityProvider
5818
6030
  :verify_auth_challenge_response,
5819
6031
  :pre_token_generation,
5820
6032
  :user_migration)
6033
+ SENSITIVE = []
5821
6034
  include Aws::Structure
5822
6035
  end
5823
6036
 
@@ -5833,6 +6046,7 @@ module Aws::CognitoIdentityProvider
5833
6046
  #
5834
6047
  class LimitExceededException < Struct.new(
5835
6048
  :message)
6049
+ SENSITIVE = []
5836
6050
  include Aws::Structure
5837
6051
  end
5838
6052
 
@@ -5865,6 +6079,7 @@ module Aws::CognitoIdentityProvider
5865
6079
  :access_token,
5866
6080
  :limit,
5867
6081
  :pagination_token)
6082
+ SENSITIVE = [:access_token]
5868
6083
  include Aws::Structure
5869
6084
  end
5870
6085
 
@@ -5883,6 +6098,7 @@ module Aws::CognitoIdentityProvider
5883
6098
  class ListDevicesResponse < Struct.new(
5884
6099
  :devices,
5885
6100
  :pagination_token)
6101
+ SENSITIVE = []
5886
6102
  include Aws::Structure
5887
6103
  end
5888
6104
 
@@ -5915,6 +6131,7 @@ module Aws::CognitoIdentityProvider
5915
6131
  :user_pool_id,
5916
6132
  :limit,
5917
6133
  :next_token)
6134
+ SENSITIVE = []
5918
6135
  include Aws::Structure
5919
6136
  end
5920
6137
 
@@ -5933,6 +6150,7 @@ module Aws::CognitoIdentityProvider
5933
6150
  class ListGroupsResponse < Struct.new(
5934
6151
  :groups,
5935
6152
  :next_token)
6153
+ SENSITIVE = []
5936
6154
  include Aws::Structure
5937
6155
  end
5938
6156
 
@@ -5963,6 +6181,7 @@ module Aws::CognitoIdentityProvider
5963
6181
  :user_pool_id,
5964
6182
  :max_results,
5965
6183
  :next_token)
6184
+ SENSITIVE = []
5966
6185
  include Aws::Structure
5967
6186
  end
5968
6187
 
@@ -5979,6 +6198,7 @@ module Aws::CognitoIdentityProvider
5979
6198
  class ListIdentityProvidersResponse < Struct.new(
5980
6199
  :providers,
5981
6200
  :next_token)
6201
+ SENSITIVE = []
5982
6202
  include Aws::Structure
5983
6203
  end
5984
6204
 
@@ -6009,6 +6229,7 @@ module Aws::CognitoIdentityProvider
6009
6229
  :user_pool_id,
6010
6230
  :max_results,
6011
6231
  :next_token)
6232
+ SENSITIVE = []
6012
6233
  include Aws::Structure
6013
6234
  end
6014
6235
 
@@ -6025,6 +6246,7 @@ module Aws::CognitoIdentityProvider
6025
6246
  class ListResourceServersResponse < Struct.new(
6026
6247
  :resource_servers,
6027
6248
  :next_token)
6249
+ SENSITIVE = []
6028
6250
  include Aws::Structure
6029
6251
  end
6030
6252
 
@@ -6044,6 +6266,7 @@ module Aws::CognitoIdentityProvider
6044
6266
  #
6045
6267
  class ListTagsForResourceRequest < Struct.new(
6046
6268
  :resource_arn)
6269
+ SENSITIVE = []
6047
6270
  include Aws::Structure
6048
6271
  end
6049
6272
 
@@ -6055,6 +6278,7 @@ module Aws::CognitoIdentityProvider
6055
6278
  #
6056
6279
  class ListTagsForResourceResponse < Struct.new(
6057
6280
  :tags)
6281
+ SENSITIVE = []
6058
6282
  include Aws::Structure
6059
6283
  end
6060
6284
 
@@ -6090,6 +6314,7 @@ module Aws::CognitoIdentityProvider
6090
6314
  :user_pool_id,
6091
6315
  :max_results,
6092
6316
  :pagination_token)
6317
+ SENSITIVE = []
6093
6318
  include Aws::Structure
6094
6319
  end
6095
6320
 
@@ -6110,6 +6335,7 @@ module Aws::CognitoIdentityProvider
6110
6335
  class ListUserImportJobsResponse < Struct.new(
6111
6336
  :user_import_jobs,
6112
6337
  :pagination_token)
6338
+ SENSITIVE = []
6113
6339
  include Aws::Structure
6114
6340
  end
6115
6341
 
@@ -6146,6 +6372,7 @@ module Aws::CognitoIdentityProvider
6146
6372
  :user_pool_id,
6147
6373
  :max_results,
6148
6374
  :next_token)
6375
+ SENSITIVE = []
6149
6376
  include Aws::Structure
6150
6377
  end
6151
6378
 
@@ -6166,6 +6393,7 @@ module Aws::CognitoIdentityProvider
6166
6393
  class ListUserPoolClientsResponse < Struct.new(
6167
6394
  :user_pool_clients,
6168
6395
  :next_token)
6396
+ SENSITIVE = []
6169
6397
  include Aws::Structure
6170
6398
  end
6171
6399
 
@@ -6195,6 +6423,7 @@ module Aws::CognitoIdentityProvider
6195
6423
  class ListUserPoolsRequest < Struct.new(
6196
6424
  :next_token,
6197
6425
  :max_results)
6426
+ SENSITIVE = []
6198
6427
  include Aws::Structure
6199
6428
  end
6200
6429
 
@@ -6215,6 +6444,7 @@ module Aws::CognitoIdentityProvider
6215
6444
  class ListUserPoolsResponse < Struct.new(
6216
6445
  :user_pools,
6217
6446
  :next_token)
6447
+ SENSITIVE = []
6218
6448
  include Aws::Structure
6219
6449
  end
6220
6450
 
@@ -6253,6 +6483,7 @@ module Aws::CognitoIdentityProvider
6253
6483
  :group_name,
6254
6484
  :limit,
6255
6485
  :next_token)
6486
+ SENSITIVE = []
6256
6487
  include Aws::Structure
6257
6488
  end
6258
6489
 
@@ -6271,6 +6502,7 @@ module Aws::CognitoIdentityProvider
6271
6502
  class ListUsersInGroupResponse < Struct.new(
6272
6503
  :users,
6273
6504
  :next_token)
6505
+ SENSITIVE = []
6274
6506
  include Aws::Structure
6275
6507
  end
6276
6508
 
@@ -6370,6 +6602,7 @@ module Aws::CognitoIdentityProvider
6370
6602
  :limit,
6371
6603
  :pagination_token,
6372
6604
  :filter)
6605
+ SENSITIVE = []
6373
6606
  include Aws::Structure
6374
6607
  end
6375
6608
 
@@ -6390,6 +6623,7 @@ module Aws::CognitoIdentityProvider
6390
6623
  class ListUsersResponse < Struct.new(
6391
6624
  :users,
6392
6625
  :pagination_token)
6626
+ SENSITIVE = []
6393
6627
  include Aws::Structure
6394
6628
  end
6395
6629
 
@@ -6405,6 +6639,7 @@ module Aws::CognitoIdentityProvider
6405
6639
  #
6406
6640
  class MFAMethodNotFoundException < Struct.new(
6407
6641
  :message)
6642
+ SENSITIVE = []
6408
6643
  include Aws::Structure
6409
6644
  end
6410
6645
 
@@ -6412,13 +6647,6 @@ module Aws::CognitoIdentityProvider
6412
6647
  # MFA configurations. You can't use it for TOTP software token MFA
6413
6648
  # configurations.
6414
6649
  #
6415
- # To set either type of MFA configuration, use the
6416
- # AdminSetUserMFAPreference or SetUserMFAPreference actions.
6417
- #
6418
- # To look up information about either type of MFA configuration, use the
6419
- # AdminGetUserResponse$UserMFASettingList or
6420
- # GetUserResponse$UserMFASettingList responses.
6421
- #
6422
6650
  # @note When making an API call, you may pass MFAOptionType
6423
6651
  # data as a hash:
6424
6652
  #
@@ -6442,6 +6670,7 @@ module Aws::CognitoIdentityProvider
6442
6670
  class MFAOptionType < Struct.new(
6443
6671
  :delivery_medium,
6444
6672
  :attribute_name)
6673
+ SENSITIVE = []
6445
6674
  include Aws::Structure
6446
6675
  end
6447
6676
 
@@ -6474,6 +6703,7 @@ module Aws::CognitoIdentityProvider
6474
6703
  :sms_message,
6475
6704
  :email_message,
6476
6705
  :email_subject)
6706
+ SENSITIVE = []
6477
6707
  include Aws::Structure
6478
6708
  end
6479
6709
 
@@ -6492,6 +6722,7 @@ module Aws::CognitoIdentityProvider
6492
6722
  class NewDeviceMetadataType < Struct.new(
6493
6723
  :device_key,
6494
6724
  :device_group_key)
6725
+ SENSITIVE = []
6495
6726
  include Aws::Structure
6496
6727
  end
6497
6728
 
@@ -6506,6 +6737,7 @@ module Aws::CognitoIdentityProvider
6506
6737
  #
6507
6738
  class NotAuthorizedException < Struct.new(
6508
6739
  :message)
6740
+ SENSITIVE = []
6509
6741
  include Aws::Structure
6510
6742
  end
6511
6743
 
@@ -6573,6 +6805,7 @@ module Aws::CognitoIdentityProvider
6573
6805
  :block_email,
6574
6806
  :no_action_email,
6575
6807
  :mfa_email)
6808
+ SENSITIVE = []
6576
6809
  include Aws::Structure
6577
6810
  end
6578
6811
 
@@ -6605,6 +6838,7 @@ module Aws::CognitoIdentityProvider
6605
6838
  :subject,
6606
6839
  :html_body,
6607
6840
  :text_body)
6841
+ SENSITIVE = []
6608
6842
  include Aws::Structure
6609
6843
  end
6610
6844
 
@@ -6632,6 +6866,7 @@ module Aws::CognitoIdentityProvider
6632
6866
  class NumberAttributeConstraintsType < Struct.new(
6633
6867
  :min_value,
6634
6868
  :max_value)
6869
+ SENSITIVE = []
6635
6870
  include Aws::Structure
6636
6871
  end
6637
6872
 
@@ -6697,6 +6932,7 @@ module Aws::CognitoIdentityProvider
6697
6932
  :require_numbers,
6698
6933
  :require_symbols,
6699
6934
  :temporary_password_validity_days)
6935
+ SENSITIVE = []
6700
6936
  include Aws::Structure
6701
6937
  end
6702
6938
 
@@ -6710,6 +6946,7 @@ module Aws::CognitoIdentityProvider
6710
6946
  #
6711
6947
  class PasswordResetRequiredException < Struct.new(
6712
6948
  :message)
6949
+ SENSITIVE = []
6713
6950
  include Aws::Structure
6714
6951
  end
6715
6952
 
@@ -6723,6 +6960,7 @@ module Aws::CognitoIdentityProvider
6723
6960
  #
6724
6961
  class PreconditionNotMetException < Struct.new(
6725
6962
  :message)
6963
+ SENSITIVE = []
6726
6964
  include Aws::Structure
6727
6965
  end
6728
6966
 
@@ -6751,6 +6989,7 @@ module Aws::CognitoIdentityProvider
6751
6989
  :provider_type,
6752
6990
  :last_modified_date,
6753
6991
  :creation_date)
6992
+ SENSITIVE = []
6754
6993
  include Aws::Structure
6755
6994
  end
6756
6995
 
@@ -6787,6 +7026,7 @@ module Aws::CognitoIdentityProvider
6787
7026
  :provider_name,
6788
7027
  :provider_attribute_name,
6789
7028
  :provider_attribute_value)
7029
+ SENSITIVE = []
6790
7030
  include Aws::Structure
6791
7031
  end
6792
7032
 
@@ -6815,6 +7055,7 @@ module Aws::CognitoIdentityProvider
6815
7055
  class RecoveryOptionType < Struct.new(
6816
7056
  :priority,
6817
7057
  :name)
7058
+ SENSITIVE = []
6818
7059
  include Aws::Structure
6819
7060
  end
6820
7061
 
@@ -6912,6 +7153,7 @@ module Aws::CognitoIdentityProvider
6912
7153
  :username,
6913
7154
  :analytics_metadata,
6914
7155
  :client_metadata)
7156
+ SENSITIVE = [:client_id, :secret_hash, :username]
6915
7157
  include Aws::Structure
6916
7158
  end
6917
7159
 
@@ -6927,6 +7169,7 @@ module Aws::CognitoIdentityProvider
6927
7169
  #
6928
7170
  class ResendConfirmationCodeResponse < Struct.new(
6929
7171
  :code_delivery_details)
7172
+ SENSITIVE = []
6930
7173
  include Aws::Structure
6931
7174
  end
6932
7175
 
@@ -6942,6 +7185,7 @@ module Aws::CognitoIdentityProvider
6942
7185
  #
6943
7186
  class ResourceNotFoundException < Struct.new(
6944
7187
  :message)
7188
+ SENSITIVE = []
6945
7189
  include Aws::Structure
6946
7190
  end
6947
7191
 
@@ -6968,6 +7212,7 @@ module Aws::CognitoIdentityProvider
6968
7212
  class ResourceServerScopeType < Struct.new(
6969
7213
  :scope_name,
6970
7214
  :scope_description)
7215
+ SENSITIVE = []
6971
7216
  include Aws::Structure
6972
7217
  end
6973
7218
 
@@ -6996,6 +7241,7 @@ module Aws::CognitoIdentityProvider
6996
7241
  :identifier,
6997
7242
  :name,
6998
7243
  :scopes)
7244
+ SENSITIVE = []
6999
7245
  include Aws::Structure
7000
7246
  end
7001
7247
 
@@ -7027,9 +7273,13 @@ module Aws::CognitoIdentityProvider
7027
7273
  # @return [String]
7028
7274
  #
7029
7275
  # @!attribute [rw] challenge_name
7030
- # The challenge name. For more information, see .
7276
+ # The challenge name. For more information, see [InitiateAuth][1].
7031
7277
  #
7032
7278
  # `ADMIN_NO_SRP_AUTH` is not a valid value.
7279
+ #
7280
+ #
7281
+ #
7282
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
7033
7283
  # @return [String]
7034
7284
  #
7035
7285
  # @!attribute [rw] session
@@ -7130,25 +7380,35 @@ module Aws::CognitoIdentityProvider
7130
7380
  :analytics_metadata,
7131
7381
  :user_context_data,
7132
7382
  :client_metadata)
7383
+ SENSITIVE = [:client_id]
7133
7384
  include Aws::Structure
7134
7385
  end
7135
7386
 
7136
7387
  # The response to respond to the authentication challenge.
7137
7388
  #
7138
7389
  # @!attribute [rw] challenge_name
7139
- # The challenge name. For more information, see .
7390
+ # The challenge name. For more information, see [InitiateAuth][1].
7391
+ #
7392
+ #
7393
+ #
7394
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
7140
7395
  # @return [String]
7141
7396
  #
7142
7397
  # @!attribute [rw] session
7143
7398
  # The session which should be passed both ways in challenge-response
7144
- # calls to the service. If the or API call determines that the caller
7145
- # needs to go through another challenge, they return a session with
7146
- # other challenge parameters. This session should be passed as it is
7147
- # to the next `RespondToAuthChallenge` API call.
7399
+ # calls to the service. If the caller needs to go through another
7400
+ # challenge, they return a session with other challenge parameters.
7401
+ # This session should be passed as it is to the next
7402
+ # `RespondToAuthChallenge` API call.
7148
7403
  # @return [String]
7149
7404
  #
7150
7405
  # @!attribute [rw] challenge_parameters
7151
- # The challenge parameters. For more information, see .
7406
+ # The challenge parameters. For more information, see
7407
+ # [InitiateAuth][1].
7408
+ #
7409
+ #
7410
+ #
7411
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
7152
7412
  # @return [Hash<String,String>]
7153
7413
  #
7154
7414
  # @!attribute [rw] authentication_result
@@ -7163,6 +7423,7 @@ module Aws::CognitoIdentityProvider
7163
7423
  :session,
7164
7424
  :challenge_parameters,
7165
7425
  :authentication_result)
7426
+ SENSITIVE = []
7166
7427
  include Aws::Structure
7167
7428
  end
7168
7429
 
@@ -7204,6 +7465,7 @@ module Aws::CognitoIdentityProvider
7204
7465
  :account_takeover_risk_configuration,
7205
7466
  :risk_exception_configuration,
7206
7467
  :last_modified_date)
7468
+ SENSITIVE = [:client_id]
7207
7469
  include Aws::Structure
7208
7470
  end
7209
7471
 
@@ -7233,6 +7495,7 @@ module Aws::CognitoIdentityProvider
7233
7495
  class RiskExceptionConfigurationType < Struct.new(
7234
7496
  :blocked_ip_range_list,
7235
7497
  :skipped_ip_range_list)
7498
+ SENSITIVE = []
7236
7499
  include Aws::Structure
7237
7500
  end
7238
7501
 
@@ -7259,6 +7522,7 @@ module Aws::CognitoIdentityProvider
7259
7522
  class SMSMfaSettingsType < Struct.new(
7260
7523
  :enabled,
7261
7524
  :preferred_mfa)
7525
+ SENSITIVE = []
7262
7526
  include Aws::Structure
7263
7527
  end
7264
7528
 
@@ -7301,8 +7565,9 @@ module Aws::CognitoIdentityProvider
7301
7565
  # Specifies whether the attribute type is developer only. This
7302
7566
  # attribute can only be modified by an administrator. Users will not
7303
7567
  # be able to modify this attribute using their access token. For
7304
- # example, `DeveloperOnlyAttribute` can be modified using the API but
7305
- # cannot be updated using the API.
7568
+ # example, `DeveloperOnlyAttribute` can be modified using
7569
+ # AdminUpdateUserAttributes but cannot be updated using
7570
+ # UpdateUserAttributes.
7306
7571
  #
7307
7572
  #
7308
7573
  #
@@ -7349,6 +7614,7 @@ module Aws::CognitoIdentityProvider
7349
7614
  :required,
7350
7615
  :number_attribute_constraints,
7351
7616
  :string_attribute_constraints)
7617
+ SENSITIVE = []
7352
7618
  include Aws::Structure
7353
7619
  end
7354
7620
 
@@ -7361,6 +7627,7 @@ module Aws::CognitoIdentityProvider
7361
7627
  #
7362
7628
  class ScopeDoesNotExistException < Struct.new(
7363
7629
  :message)
7630
+ SENSITIVE = []
7364
7631
  include Aws::Structure
7365
7632
  end
7366
7633
 
@@ -7453,6 +7720,7 @@ module Aws::CognitoIdentityProvider
7453
7720
  :compromised_credentials_risk_configuration,
7454
7721
  :account_takeover_risk_configuration,
7455
7722
  :risk_exception_configuration)
7723
+ SENSITIVE = [:client_id]
7456
7724
  include Aws::Structure
7457
7725
  end
7458
7726
 
@@ -7464,6 +7732,7 @@ module Aws::CognitoIdentityProvider
7464
7732
  #
7465
7733
  class SetRiskConfigurationResponse < Struct.new(
7466
7734
  :risk_configuration)
7735
+ SENSITIVE = []
7467
7736
  include Aws::Structure
7468
7737
  end
7469
7738
 
@@ -7500,6 +7769,7 @@ module Aws::CognitoIdentityProvider
7500
7769
  :client_id,
7501
7770
  :css,
7502
7771
  :image_file)
7772
+ SENSITIVE = [:client_id]
7503
7773
  include Aws::Structure
7504
7774
  end
7505
7775
 
@@ -7511,6 +7781,7 @@ module Aws::CognitoIdentityProvider
7511
7781
  #
7512
7782
  class SetUICustomizationResponse < Struct.new(
7513
7783
  :ui_customization)
7784
+ SENSITIVE = []
7514
7785
  include Aws::Structure
7515
7786
  end
7516
7787
 
@@ -7547,6 +7818,7 @@ module Aws::CognitoIdentityProvider
7547
7818
  :sms_mfa_settings,
7548
7819
  :software_token_mfa_settings,
7549
7820
  :access_token)
7821
+ SENSITIVE = [:access_token]
7550
7822
  include Aws::Structure
7551
7823
  end
7552
7824
 
@@ -7602,6 +7874,7 @@ module Aws::CognitoIdentityProvider
7602
7874
  :sms_mfa_configuration,
7603
7875
  :software_token_mfa_configuration,
7604
7876
  :mfa_configuration)
7877
+ SENSITIVE = []
7605
7878
  include Aws::Structure
7606
7879
  end
7607
7880
 
@@ -7630,6 +7903,7 @@ module Aws::CognitoIdentityProvider
7630
7903
  :sms_mfa_configuration,
7631
7904
  :software_token_mfa_configuration,
7632
7905
  :mfa_configuration)
7906
+ SENSITIVE = []
7633
7907
  include Aws::Structure
7634
7908
  end
7635
7909
 
@@ -7662,6 +7936,7 @@ module Aws::CognitoIdentityProvider
7662
7936
  class SetUserSettingsRequest < Struct.new(
7663
7937
  :access_token,
7664
7938
  :mfa_options)
7939
+ SENSITIVE = [:access_token]
7665
7940
  include Aws::Structure
7666
7941
  end
7667
7942
 
@@ -7796,6 +8071,7 @@ module Aws::CognitoIdentityProvider
7796
8071
  :analytics_metadata,
7797
8072
  :user_context_data,
7798
8073
  :client_metadata)
8074
+ SENSITIVE = [:client_id, :secret_hash, :username, :password]
7799
8075
  include Aws::Structure
7800
8076
  end
7801
8077
 
@@ -7822,6 +8098,7 @@ module Aws::CognitoIdentityProvider
7822
8098
  :user_confirmed,
7823
8099
  :code_delivery_details,
7824
8100
  :user_sub)
8101
+ SENSITIVE = []
7825
8102
  include Aws::Structure
7826
8103
  end
7827
8104
 
@@ -7862,6 +8139,7 @@ module Aws::CognitoIdentityProvider
7862
8139
  class SmsConfigurationType < Struct.new(
7863
8140
  :sns_caller_arn,
7864
8141
  :external_id)
8142
+ SENSITIVE = []
7865
8143
  include Aws::Structure
7866
8144
  end
7867
8145
 
@@ -7895,6 +8173,7 @@ module Aws::CognitoIdentityProvider
7895
8173
  class SmsMfaConfigType < Struct.new(
7896
8174
  :sms_authentication_message,
7897
8175
  :sms_configuration)
8176
+ SENSITIVE = []
7898
8177
  include Aws::Structure
7899
8178
  end
7900
8179
 
@@ -7908,6 +8187,7 @@ module Aws::CognitoIdentityProvider
7908
8187
  #
7909
8188
  class SoftwareTokenMFANotFoundException < Struct.new(
7910
8189
  :message)
8190
+ SENSITIVE = []
7911
8191
  include Aws::Structure
7912
8192
  end
7913
8193
 
@@ -7928,6 +8208,7 @@ module Aws::CognitoIdentityProvider
7928
8208
  #
7929
8209
  class SoftwareTokenMfaConfigType < Struct.new(
7930
8210
  :enabled)
8211
+ SENSITIVE = []
7931
8212
  include Aws::Structure
7932
8213
  end
7933
8214
 
@@ -7954,6 +8235,7 @@ module Aws::CognitoIdentityProvider
7954
8235
  class SoftwareTokenMfaSettingsType < Struct.new(
7955
8236
  :enabled,
7956
8237
  :preferred_mfa)
8238
+ SENSITIVE = []
7957
8239
  include Aws::Structure
7958
8240
  end
7959
8241
 
@@ -7981,6 +8263,7 @@ module Aws::CognitoIdentityProvider
7981
8263
  class StartUserImportJobRequest < Struct.new(
7982
8264
  :user_pool_id,
7983
8265
  :job_id)
8266
+ SENSITIVE = []
7984
8267
  include Aws::Structure
7985
8268
  end
7986
8269
 
@@ -7995,6 +8278,7 @@ module Aws::CognitoIdentityProvider
7995
8278
  #
7996
8279
  class StartUserImportJobResponse < Struct.new(
7997
8280
  :user_import_job)
8281
+ SENSITIVE = []
7998
8282
  include Aws::Structure
7999
8283
  end
8000
8284
 
@@ -8022,6 +8306,7 @@ module Aws::CognitoIdentityProvider
8022
8306
  class StopUserImportJobRequest < Struct.new(
8023
8307
  :user_pool_id,
8024
8308
  :job_id)
8309
+ SENSITIVE = []
8025
8310
  include Aws::Structure
8026
8311
  end
8027
8312
 
@@ -8036,6 +8321,7 @@ module Aws::CognitoIdentityProvider
8036
8321
  #
8037
8322
  class StopUserImportJobResponse < Struct.new(
8038
8323
  :user_import_job)
8324
+ SENSITIVE = []
8039
8325
  include Aws::Structure
8040
8326
  end
8041
8327
 
@@ -8062,6 +8348,7 @@ module Aws::CognitoIdentityProvider
8062
8348
  class StringAttributeConstraintsType < Struct.new(
8063
8349
  :min_length,
8064
8350
  :max_length)
8351
+ SENSITIVE = []
8065
8352
  include Aws::Structure
8066
8353
  end
8067
8354
 
@@ -8089,6 +8376,7 @@ module Aws::CognitoIdentityProvider
8089
8376
  class TagResourceRequest < Struct.new(
8090
8377
  :resource_arn,
8091
8378
  :tags)
8379
+ SENSITIVE = []
8092
8380
  include Aws::Structure
8093
8381
  end
8094
8382
 
@@ -8096,6 +8384,43 @@ module Aws::CognitoIdentityProvider
8096
8384
  #
8097
8385
  class TagResourceResponse < Aws::EmptyStructure; end
8098
8386
 
8387
+ # The data type for TokenValidityUnits that specifics the time
8388
+ # measurements for token validity.
8389
+ #
8390
+ # @note When making an API call, you may pass TokenValidityUnitsType
8391
+ # data as a hash:
8392
+ #
8393
+ # {
8394
+ # access_token: "seconds", # accepts seconds, minutes, hours, days
8395
+ # id_token: "seconds", # accepts seconds, minutes, hours, days
8396
+ # refresh_token: "seconds", # accepts seconds, minutes, hours, days
8397
+ # }
8398
+ #
8399
+ # @!attribute [rw] access_token
8400
+ # A time unit in “seconds”, “minutes”, “hours” or “days” for the value
8401
+ # in AccessTokenValidity, defaults to hours.
8402
+ # @return [String]
8403
+ #
8404
+ # @!attribute [rw] id_token
8405
+ # A time unit in “seconds”, “minutes”, “hours” or “days” for the value
8406
+ # in IdTokenValidity, defaults to hours.
8407
+ # @return [String]
8408
+ #
8409
+ # @!attribute [rw] refresh_token
8410
+ # A time unit in “seconds”, “minutes”, “hours” or “days” for the value
8411
+ # in RefreshTokenValidity, defaults to days.
8412
+ # @return [String]
8413
+ #
8414
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TokenValidityUnitsType AWS API Documentation
8415
+ #
8416
+ class TokenValidityUnitsType < Struct.new(
8417
+ :access_token,
8418
+ :id_token,
8419
+ :refresh_token)
8420
+ SENSITIVE = []
8421
+ include Aws::Structure
8422
+ end
8423
+
8099
8424
  # This exception is thrown when the user has made too many failed
8100
8425
  # attempts for a given action (e.g., sign in).
8101
8426
  #
@@ -8108,6 +8433,7 @@ module Aws::CognitoIdentityProvider
8108
8433
  #
8109
8434
  class TooManyFailedAttemptsException < Struct.new(
8110
8435
  :message)
8436
+ SENSITIVE = []
8111
8437
  include Aws::Structure
8112
8438
  end
8113
8439
 
@@ -8123,6 +8449,7 @@ module Aws::CognitoIdentityProvider
8123
8449
  #
8124
8450
  class TooManyRequestsException < Struct.new(
8125
8451
  :message)
8452
+ SENSITIVE = []
8126
8453
  include Aws::Structure
8127
8454
  end
8128
8455
 
@@ -8167,6 +8494,7 @@ module Aws::CognitoIdentityProvider
8167
8494
  :css_version,
8168
8495
  :last_modified_date,
8169
8496
  :creation_date)
8497
+ SENSITIVE = [:client_id]
8170
8498
  include Aws::Structure
8171
8499
  end
8172
8500
 
@@ -8182,6 +8510,7 @@ module Aws::CognitoIdentityProvider
8182
8510
  #
8183
8511
  class UnexpectedLambdaException < Struct.new(
8184
8512
  :message)
8513
+ SENSITIVE = []
8185
8514
  include Aws::Structure
8186
8515
  end
8187
8516
 
@@ -8195,6 +8524,7 @@ module Aws::CognitoIdentityProvider
8195
8524
  #
8196
8525
  class UnsupportedIdentityProviderException < Struct.new(
8197
8526
  :message)
8527
+ SENSITIVE = []
8198
8528
  include Aws::Structure
8199
8529
  end
8200
8530
 
@@ -8208,6 +8538,7 @@ module Aws::CognitoIdentityProvider
8208
8538
  #
8209
8539
  class UnsupportedUserStateException < Struct.new(
8210
8540
  :message)
8541
+ SENSITIVE = []
8211
8542
  include Aws::Structure
8212
8543
  end
8213
8544
 
@@ -8233,6 +8564,7 @@ module Aws::CognitoIdentityProvider
8233
8564
  class UntagResourceRequest < Struct.new(
8234
8565
  :resource_arn,
8235
8566
  :tag_keys)
8567
+ SENSITIVE = []
8236
8568
  include Aws::Structure
8237
8569
  end
8238
8570
 
@@ -8279,6 +8611,7 @@ module Aws::CognitoIdentityProvider
8279
8611
  :event_id,
8280
8612
  :feedback_token,
8281
8613
  :feedback_value)
8614
+ SENSITIVE = [:username, :feedback_token]
8282
8615
  include Aws::Structure
8283
8616
  end
8284
8617
 
@@ -8315,6 +8648,7 @@ module Aws::CognitoIdentityProvider
8315
8648
  :access_token,
8316
8649
  :device_key,
8317
8650
  :device_remembered_status)
8651
+ SENSITIVE = [:access_token]
8318
8652
  include Aws::Structure
8319
8653
  end
8320
8654
 
@@ -8354,7 +8688,11 @@ module Aws::CognitoIdentityProvider
8354
8688
  #
8355
8689
  # @!attribute [rw] precedence
8356
8690
  # The new precedence value for the group. For more information about
8357
- # this parameter, see .
8691
+ # this parameter, see [CreateGroup][1].
8692
+ #
8693
+ #
8694
+ #
8695
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html
8358
8696
  # @return [Integer]
8359
8697
  #
8360
8698
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateGroupRequest AWS API Documentation
@@ -8365,6 +8703,7 @@ module Aws::CognitoIdentityProvider
8365
8703
  :description,
8366
8704
  :role_arn,
8367
8705
  :precedence)
8706
+ SENSITIVE = []
8368
8707
  include Aws::Structure
8369
8708
  end
8370
8709
 
@@ -8376,6 +8715,7 @@ module Aws::CognitoIdentityProvider
8376
8715
  #
8377
8716
  class UpdateGroupResponse < Struct.new(
8378
8717
  :group)
8718
+ SENSITIVE = []
8379
8719
  include Aws::Structure
8380
8720
  end
8381
8721
 
@@ -8423,6 +8763,7 @@ module Aws::CognitoIdentityProvider
8423
8763
  :provider_details,
8424
8764
  :attribute_mapping,
8425
8765
  :idp_identifiers)
8766
+ SENSITIVE = []
8426
8767
  include Aws::Structure
8427
8768
  end
8428
8769
 
@@ -8434,6 +8775,7 @@ module Aws::CognitoIdentityProvider
8434
8775
  #
8435
8776
  class UpdateIdentityProviderResponse < Struct.new(
8436
8777
  :identity_provider)
8778
+ SENSITIVE = []
8437
8779
  include Aws::Structure
8438
8780
  end
8439
8781
 
@@ -8475,6 +8817,7 @@ module Aws::CognitoIdentityProvider
8475
8817
  :identifier,
8476
8818
  :name,
8477
8819
  :scopes)
8820
+ SENSITIVE = []
8478
8821
  include Aws::Structure
8479
8822
  end
8480
8823
 
@@ -8486,6 +8829,7 @@ module Aws::CognitoIdentityProvider
8486
8829
  #
8487
8830
  class UpdateResourceServerResponse < Struct.new(
8488
8831
  :resource_server)
8832
+ SENSITIVE = []
8489
8833
  include Aws::Structure
8490
8834
  end
8491
8835
 
@@ -8563,6 +8907,7 @@ module Aws::CognitoIdentityProvider
8563
8907
  :user_attributes,
8564
8908
  :access_token,
8565
8909
  :client_metadata)
8910
+ SENSITIVE = [:access_token]
8566
8911
  include Aws::Structure
8567
8912
  end
8568
8913
 
@@ -8578,6 +8923,7 @@ module Aws::CognitoIdentityProvider
8578
8923
  #
8579
8924
  class UpdateUserAttributesResponse < Struct.new(
8580
8925
  :code_delivery_details_list)
8926
+ SENSITIVE = []
8581
8927
  include Aws::Structure
8582
8928
  end
8583
8929
 
@@ -8591,6 +8937,13 @@ module Aws::CognitoIdentityProvider
8591
8937
  # client_id: "ClientIdType", # required
8592
8938
  # client_name: "ClientNameType",
8593
8939
  # refresh_token_validity: 1,
8940
+ # access_token_validity: 1,
8941
+ # id_token_validity: 1,
8942
+ # token_validity_units: {
8943
+ # access_token: "seconds", # accepts seconds, minutes, hours, days
8944
+ # id_token: "seconds", # accepts seconds, minutes, hours, days
8945
+ # refresh_token: "seconds", # accepts seconds, minutes, hours, days
8946
+ # },
8594
8947
  # read_attributes: ["ClientPermissionType"],
8595
8948
  # write_attributes: ["ClientPermissionType"],
8596
8949
  # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
@@ -8602,9 +8955,10 @@ module Aws::CognitoIdentityProvider
8602
8955
  # allowed_o_auth_scopes: ["ScopeType"],
8603
8956
  # allowed_o_auth_flows_user_pool_client: false,
8604
8957
  # analytics_configuration: {
8605
- # application_id: "HexStringType", # required
8606
- # role_arn: "ArnType", # required
8607
- # external_id: "StringType", # required
8958
+ # application_id: "HexStringType",
8959
+ # application_arn: "ArnType",
8960
+ # role_arn: "ArnType",
8961
+ # external_id: "StringType",
8608
8962
  # user_data_shared: false,
8609
8963
  # },
8610
8964
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -8628,6 +8982,22 @@ module Aws::CognitoIdentityProvider
8628
8982
  # valid and cannot be used.
8629
8983
  # @return [Integer]
8630
8984
  #
8985
+ # @!attribute [rw] access_token_validity
8986
+ # The time limit, after which the access token is no longer valid and
8987
+ # cannot be used.
8988
+ # @return [Integer]
8989
+ #
8990
+ # @!attribute [rw] id_token_validity
8991
+ # The time limit, after which the ID token is no longer valid and
8992
+ # cannot be used.
8993
+ # @return [Integer]
8994
+ #
8995
+ # @!attribute [rw] token_validity_units
8996
+ # The units in which the validity times are represented in. Default
8997
+ # for RefreshToken is days, and default for ID and access tokens are
8998
+ # hours.
8999
+ # @return [Types::TokenValidityUnitsType]
9000
+ #
8631
9001
  # @!attribute [rw] read_attributes
8632
9002
  # The read-only attributes of the user pool.
8633
9003
  # @return [Array<String>]
@@ -8750,9 +9120,10 @@ module Aws::CognitoIdentityProvider
8750
9120
  # The Amazon Pinpoint analytics configuration for collecting metrics
8751
9121
  # for this user pool.
8752
9122
  #
8753
- # <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
8754
- # projects in the US East (N. Virginia) us-east-1 Region, regardless
8755
- # of the region in which the user pool resides.
9123
+ # <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
9124
+ # supports sending events to Amazon Pinpoint projects in us-east-1. In
9125
+ # regions where Pinpoint is available, Cognito User Pools will support
9126
+ # sending events to Amazon Pinpoint projects within that same region.
8756
9127
  #
8757
9128
  # </note>
8758
9129
  # @return [Types::AnalyticsConfigurationType]
@@ -8775,24 +9146,6 @@ module Aws::CognitoIdentityProvider
8775
9146
  # * `LEGACY` - This represents the old behavior of Cognito where user
8776
9147
  # existence related errors are not prevented.
8777
9148
  #
8778
- # This setting affects the behavior of following APIs:
8779
- #
8780
- # * AdminInitiateAuth
8781
- #
8782
- # * AdminRespondToAuthChallenge
8783
- #
8784
- # * InitiateAuth
8785
- #
8786
- # * RespondToAuthChallenge
8787
- #
8788
- # * ForgotPassword
8789
- #
8790
- # * ConfirmForgotPassword
8791
- #
8792
- # * ConfirmSignUp
8793
- #
8794
- # * ResendConfirmationCode
8795
- #
8796
9149
  # <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
8797
9150
  # will default to `ENABLED` for newly created user pool clients if no
8798
9151
  # value is provided.
@@ -8807,6 +9160,9 @@ module Aws::CognitoIdentityProvider
8807
9160
  :client_id,
8808
9161
  :client_name,
8809
9162
  :refresh_token_validity,
9163
+ :access_token_validity,
9164
+ :id_token_validity,
9165
+ :token_validity_units,
8810
9166
  :read_attributes,
8811
9167
  :write_attributes,
8812
9168
  :explicit_auth_flows,
@@ -8819,6 +9175,7 @@ module Aws::CognitoIdentityProvider
8819
9175
  :allowed_o_auth_flows_user_pool_client,
8820
9176
  :analytics_configuration,
8821
9177
  :prevent_user_existence_errors)
9178
+ SENSITIVE = [:client_id]
8822
9179
  include Aws::Structure
8823
9180
  end
8824
9181
 
@@ -8834,6 +9191,7 @@ module Aws::CognitoIdentityProvider
8834
9191
  #
8835
9192
  class UpdateUserPoolClientResponse < Struct.new(
8836
9193
  :user_pool_client)
9194
+ SENSITIVE = []
8837
9195
  include Aws::Structure
8838
9196
  end
8839
9197
 
@@ -8876,6 +9234,7 @@ module Aws::CognitoIdentityProvider
8876
9234
  :domain,
8877
9235
  :user_pool_id,
8878
9236
  :custom_domain_config)
9237
+ SENSITIVE = []
8879
9238
  include Aws::Structure
8880
9239
  end
8881
9240
 
@@ -8890,6 +9249,7 @@ module Aws::CognitoIdentityProvider
8890
9249
  #
8891
9250
  class UpdateUserPoolDomainResponse < Struct.new(
8892
9251
  :cloud_front_domain)
9252
+ SENSITIVE = []
8893
9253
  include Aws::Structure
8894
9254
  end
8895
9255
 
@@ -9085,6 +9445,7 @@ module Aws::CognitoIdentityProvider
9085
9445
  :admin_create_user_config,
9086
9446
  :user_pool_add_ons,
9087
9447
  :account_recovery_setting)
9448
+ SENSITIVE = []
9088
9449
  include Aws::Structure
9089
9450
  end
9090
9451
 
@@ -9116,6 +9477,7 @@ module Aws::CognitoIdentityProvider
9116
9477
  #
9117
9478
  class UserContextDataType < Struct.new(
9118
9479
  :encoded_data)
9480
+ SENSITIVE = []
9119
9481
  include Aws::Structure
9120
9482
  end
9121
9483
 
@@ -9130,6 +9492,7 @@ module Aws::CognitoIdentityProvider
9130
9492
  #
9131
9493
  class UserImportInProgressException < Struct.new(
9132
9494
  :message)
9495
+ SENSITIVE = []
9133
9496
  include Aws::Structure
9134
9497
  end
9135
9498
 
@@ -9227,6 +9590,7 @@ module Aws::CognitoIdentityProvider
9227
9590
  :skipped_users,
9228
9591
  :failed_users,
9229
9592
  :completion_message)
9593
+ SENSITIVE = []
9230
9594
  include Aws::Structure
9231
9595
  end
9232
9596
 
@@ -9242,6 +9606,7 @@ module Aws::CognitoIdentityProvider
9242
9606
  #
9243
9607
  class UserLambdaValidationException < Struct.new(
9244
9608
  :message)
9609
+ SENSITIVE = []
9245
9610
  include Aws::Structure
9246
9611
  end
9247
9612
 
@@ -9255,6 +9620,7 @@ module Aws::CognitoIdentityProvider
9255
9620
  #
9256
9621
  class UserNotConfirmedException < Struct.new(
9257
9622
  :message)
9623
+ SENSITIVE = []
9258
9624
  include Aws::Structure
9259
9625
  end
9260
9626
 
@@ -9268,6 +9634,7 @@ module Aws::CognitoIdentityProvider
9268
9634
  #
9269
9635
  class UserNotFoundException < Struct.new(
9270
9636
  :message)
9637
+ SENSITIVE = []
9271
9638
  include Aws::Structure
9272
9639
  end
9273
9640
 
@@ -9280,6 +9647,7 @@ module Aws::CognitoIdentityProvider
9280
9647
  #
9281
9648
  class UserPoolAddOnNotEnabledException < Struct.new(
9282
9649
  :message)
9650
+ SENSITIVE = []
9283
9651
  include Aws::Structure
9284
9652
  end
9285
9653
 
@@ -9300,6 +9668,7 @@ module Aws::CognitoIdentityProvider
9300
9668
  #
9301
9669
  class UserPoolAddOnsType < Struct.new(
9302
9670
  :advanced_security_mode)
9671
+ SENSITIVE = []
9303
9672
  include Aws::Structure
9304
9673
  end
9305
9674
 
@@ -9324,6 +9693,7 @@ module Aws::CognitoIdentityProvider
9324
9693
  :client_id,
9325
9694
  :user_pool_id,
9326
9695
  :client_name)
9696
+ SENSITIVE = [:client_id]
9327
9697
  include Aws::Structure
9328
9698
  end
9329
9699
 
@@ -9358,6 +9728,23 @@ module Aws::CognitoIdentityProvider
9358
9728
  # valid and cannot be used.
9359
9729
  # @return [Integer]
9360
9730
  #
9731
+ # @!attribute [rw] access_token_validity
9732
+ # The time limit, specified by tokenValidityUnits, defaulting to
9733
+ # hours, after which the access token is no longer valid and cannot be
9734
+ # used.
9735
+ # @return [Integer]
9736
+ #
9737
+ # @!attribute [rw] id_token_validity
9738
+ # The time limit, specified by tokenValidityUnits, defaulting to
9739
+ # hours, after which the refresh token is no longer valid and cannot
9740
+ # be used.
9741
+ # @return [Integer]
9742
+ #
9743
+ # @!attribute [rw] token_validity_units
9744
+ # The time units used to specify the token validity times of their
9745
+ # respective token.
9746
+ # @return [Types::TokenValidityUnitsType]
9747
+ #
9361
9748
  # @!attribute [rw] read_attributes
9362
9749
  # The Read-only attributes.
9363
9750
  # @return [Array<String>]
@@ -9505,24 +9892,6 @@ module Aws::CognitoIdentityProvider
9505
9892
  # * `LEGACY` - This represents the old behavior of Cognito where user
9506
9893
  # existence related errors are not prevented.
9507
9894
  #
9508
- # This setting affects the behavior of following APIs:
9509
- #
9510
- # * AdminInitiateAuth
9511
- #
9512
- # * AdminRespondToAuthChallenge
9513
- #
9514
- # * InitiateAuth
9515
- #
9516
- # * RespondToAuthChallenge
9517
- #
9518
- # * ForgotPassword
9519
- #
9520
- # * ConfirmForgotPassword
9521
- #
9522
- # * ConfirmSignUp
9523
- #
9524
- # * ResendConfirmationCode
9525
- #
9526
9895
  # <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
9527
9896
  # will default to `ENABLED` for newly created user pool clients if no
9528
9897
  # value is provided.
@@ -9540,6 +9909,9 @@ module Aws::CognitoIdentityProvider
9540
9909
  :last_modified_date,
9541
9910
  :creation_date,
9542
9911
  :refresh_token_validity,
9912
+ :access_token_validity,
9913
+ :id_token_validity,
9914
+ :token_validity_units,
9543
9915
  :read_attributes,
9544
9916
  :write_attributes,
9545
9917
  :explicit_auth_flows,
@@ -9552,6 +9924,7 @@ module Aws::CognitoIdentityProvider
9552
9924
  :allowed_o_auth_flows_user_pool_client,
9553
9925
  :analytics_configuration,
9554
9926
  :prevent_user_existence_errors)
9927
+ SENSITIVE = [:client_id, :client_secret]
9555
9928
  include Aws::Structure
9556
9929
  end
9557
9930
 
@@ -9590,6 +9963,7 @@ module Aws::CognitoIdentityProvider
9590
9963
  :status,
9591
9964
  :last_modified_date,
9592
9965
  :creation_date)
9966
+ SENSITIVE = []
9593
9967
  include Aws::Structure
9594
9968
  end
9595
9969
 
@@ -9617,6 +9991,7 @@ module Aws::CognitoIdentityProvider
9617
9991
  #
9618
9992
  class UserPoolPolicyType < Struct.new(
9619
9993
  :password_policy)
9994
+ SENSITIVE = []
9620
9995
  include Aws::Structure
9621
9996
  end
9622
9997
 
@@ -9630,6 +10005,7 @@ module Aws::CognitoIdentityProvider
9630
10005
  #
9631
10006
  class UserPoolTaggingException < Struct.new(
9632
10007
  :message)
10008
+ SENSITIVE = []
9633
10009
  include Aws::Structure
9634
10010
  end
9635
10011
 
@@ -9778,7 +10154,11 @@ module Aws::CognitoIdentityProvider
9778
10154
  # the selected sign-in option. For example, when this is set to
9779
10155
  # `False`, users will be able to sign in using either "username" or
9780
10156
  # "Username". This configuration is immutable once it has been set.
9781
- # For more information, see .
10157
+ # For more information, see [UsernameConfigurationType][1].
10158
+ #
10159
+ #
10160
+ #
10161
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html
9782
10162
  # @return [Types::UsernameConfigurationType]
9783
10163
  #
9784
10164
  # @!attribute [rw] arn
@@ -9830,6 +10210,7 @@ module Aws::CognitoIdentityProvider
9830
10210
  :username_configuration,
9831
10211
  :arn,
9832
10212
  :account_recovery_setting)
10213
+ SENSITIVE = []
9833
10214
  include Aws::Structure
9834
10215
  end
9835
10216
 
@@ -9891,6 +10272,7 @@ module Aws::CognitoIdentityProvider
9891
10272
  :enabled,
9892
10273
  :user_status,
9893
10274
  :mfa_options)
10275
+ SENSITIVE = [:username]
9894
10276
  include Aws::Structure
9895
10277
  end
9896
10278
 
@@ -9926,6 +10308,7 @@ module Aws::CognitoIdentityProvider
9926
10308
  #
9927
10309
  class UsernameConfigurationType < Struct.new(
9928
10310
  :case_sensitive)
10311
+ SENSITIVE = []
9929
10312
  include Aws::Structure
9930
10313
  end
9931
10314
 
@@ -9941,6 +10324,7 @@ module Aws::CognitoIdentityProvider
9941
10324
  #
9942
10325
  class UsernameExistsException < Struct.new(
9943
10326
  :message)
10327
+ SENSITIVE = []
9944
10328
  include Aws::Structure
9945
10329
  end
9946
10330
 
@@ -9993,6 +10377,7 @@ module Aws::CognitoIdentityProvider
9993
10377
  :email_message_by_link,
9994
10378
  :email_subject_by_link,
9995
10379
  :default_email_option)
10380
+ SENSITIVE = []
9996
10381
  include Aws::Structure
9997
10382
  end
9998
10383
 
@@ -10017,6 +10402,11 @@ module Aws::CognitoIdentityProvider
10017
10402
  #
10018
10403
  # @!attribute [rw] user_code
10019
10404
  # The one time password computed using the secret code returned by
10405
+ # [AssociateSoftwareToken"][1].
10406
+ #
10407
+ #
10408
+ #
10409
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html
10020
10410
  # @return [String]
10021
10411
  #
10022
10412
  # @!attribute [rw] friendly_device_name
@@ -10030,6 +10420,7 @@ module Aws::CognitoIdentityProvider
10030
10420
  :session,
10031
10421
  :user_code,
10032
10422
  :friendly_device_name)
10423
+ SENSITIVE = [:access_token]
10033
10424
  include Aws::Structure
10034
10425
  end
10035
10426
 
@@ -10047,6 +10438,7 @@ module Aws::CognitoIdentityProvider
10047
10438
  class VerifySoftwareTokenResponse < Struct.new(
10048
10439
  :status,
10049
10440
  :session)
10441
+ SENSITIVE = []
10050
10442
  include Aws::Structure
10051
10443
  end
10052
10444
 
@@ -10080,6 +10472,7 @@ module Aws::CognitoIdentityProvider
10080
10472
  :access_token,
10081
10473
  :attribute_name,
10082
10474
  :code)
10475
+ SENSITIVE = [:access_token]
10083
10476
  include Aws::Structure
10084
10477
  end
10085
10478