aws-sdk-cognitoidentityprovider 1.40.0 → 1.45.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0a24e92d80eb8da7d5b68949328a55ced2b61b38bf6c5f16afa5a35d3f4ee389
-  data.tar.gz: cf1c2690d72b9ec1f1010d53b0156596a0f6cd828c46a1062014ef2308bbd85e
+  metadata.gz: 14d776757465777c08d0de5e5809406adafa67463f3ffc89bbe5be8475e91dd9
+  data.tar.gz: a1f9463b23c7ab0fd80f9dff31020e50a299d9597124d552cbdd040a82f60974
 SHA512:
-  metadata.gz: 49f645701c5f78f9fe95d21c6bb0c3ee1f38f4af9d3e2aad7da2a33c4ba974814a3e9b97f7dc18b3f0c5f2c1ef7959337d3d11b737577cd4819012a144e5c8b9
-  data.tar.gz: bffdcb219cab3c625bb55ff6368cce01649ebbe0890d0bbfdf4c796930538182b03d682d715ab9d6a8b7147c94f97650884d79e29ca115936422f4d18363e22f
+  metadata.gz: d3b3ae2ea43fe2ef5c800f3ef92a79f03afe3b11da2fafdb95e5cd128478a7a6c023c9526474ce7a2b454becefda9ad31a25b97bf08f68c8c6c13b86df5ccdff
+  data.tar.gz: a0e90a42ef50af28c708ce0c4a4361b1eaf470fb5ad558ae9af6d587558a7355f165d08d138105b42e2303ab3c7f9ea5514e2fd29377395cf0b9f6b334c6e718

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -44,9 +44,9 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 #
 # See {Errors} for more information.
 #
-# @service
+# @!group service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.40.0'
+  GEM_VERSION = '1.45.0'
 
 end

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -85,13 +85,28 @@ module Aws::CognitoIdentityProvider
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
     #
+    #     * `Aws::SharedCredentials` - Used for loading static credentials from a
+    #       shared file, such as `~/.aws/config`.
+    #
+    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #     * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+    #       assume a role after providing credentials via the web.
+    #
+    #     * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     * `Aws::ProcessCredentials` - Used for loading credentials from a
+    #       process that outputs to stdout.
+    #
     #     * `Aws::InstanceProfileCredentials` - Used for loading credentials
     #       from an EC2 IMDS on an EC2 instance.
     #
-    #     * `Aws::SharedCredentials` - Used for loading credentials from a
-    #       shared file, such as `~/.aws/config`.
+    #     * `Aws::ECSCredentials` - Used for loading credentials from
+    #       instances running in ECS.
     #
-    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+    #       from the Cognito Identity service.
     #
     #     When `:credentials` are not configured directly, the following
     #     locations will be searched for credentials:
@@ -101,10 +116,10 @@ module Aws::CognitoIdentityProvider
     #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
-    #     * EC2 IMDS instance profile - When used by default, the timeouts are
-    #       very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` to enable retries and extended
-    #       timeouts.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
+    #       are very aggressive. Construct and pass an instance of
+    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -471,19 +486,18 @@ module Aws::CognitoIdentityProvider
     # If `MessageAction` is not set, the default is to send a welcome
     # message via email or phone (SMS).
     #
-    # <note markdown="1"> This message is based on a template that you configured in your call
-    # to or . This template includes your custom sign-up instructions and
-    # placeholders for user name and temporary password.
-    #
-    #  </note>
+    # This message is based on a template that you configured in your call
+    # to create or update a user pool. This template includes your custom
+    # sign-up instructions and placeholders for user name and temporary
+    # password.
     #
-    # Alternatively, you can call AdminCreateUser with “SUPPRESS” for the
+    # Alternatively, you can call `AdminCreateUser` with “SUPPRESS” for the
     # `MessageAction` parameter, and Amazon Cognito will not send any email.
     #
     # In either case, the user will be in the `FORCE_CHANGE_PASSWORD` state
     # until they sign in and change their password.
     #
-    # AdminCreateUser requires developer credentials.
+    # `AdminCreateUser` requires developer credentials.
     #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool where the user will be created.
@@ -497,10 +511,10 @@ module Aws::CognitoIdentityProvider
     #   An array of name-value pairs that contain user attributes and
     #   attribute values to be set for the user to be created. You can create
     #   a user without specifying any attributes other than `Username`.
-    #   However, any attributes that you specify as required (in or in the
-    #   **Attributes** tab of the console) must be supplied either by you (in
-    #   your call to `AdminCreateUser`) or by the user (when he or she signs
-    #   up in response to your welcome message).
+    #   However, any attributes that you specify as required (when creating a
+    #   user pool or in the **Attributes** tab of the console) must be
+    #   supplied either by you (in your call to `AdminCreateUser`) or by the
+    #   user (when he or she signs up in response to your welcome message).
     #
     #   For custom attributes, you must prepend the `custom:` prefix to the
     #   attribute name.
@@ -512,7 +526,8 @@ module Aws::CognitoIdentityProvider
     #
     #   In your call to `AdminCreateUser`, you can set the `email_verified`
     #   attribute to `True`, and you can set the `phone_number_verified`
-    #   attribute to `True`. (You can also do this by calling .)
+    #   attribute to `True`. (You can also do this by calling
+    #   [AdminUpdateUserAttributes][1].)
     #
     #   * **email**\: The email address of the user to whom the message that
     #     contains the code and username will be sent. Required if the
@@ -524,6 +539,10 @@ module Aws::CognitoIdentityProvider
     #     `phone_number_verified` attribute is set to `True`, or if `"SMS"` is
     #     specified in the `DesiredDeliveryMediums` parameter.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
+    #
     # @option params [Array<Types::AttributeType>] :validation_data
     #   The user's validation data. This is an array of name-value pairs that
     #   contain user attributes and attribute values that you can use for
@@ -745,7 +764,7 @@ module Aws::CognitoIdentityProvider
     # IdP user, any link between that user and an existing user is removed.
     # The next time the external user (no longer attached to the previously
     # linked `DestinationUser`) signs in, they must create a new user
-    # account. See .
+    # account. See [AdminLinkProviderForUser][1].
     #
     # This action is enabled only for admin access and requires developer
     # credentials.
@@ -766,12 +785,16 @@ module Aws::CognitoIdentityProvider
     # For de-linking a SAML identity, there are two scenarios. If the linked
     # identity has not yet been used to sign-in, the `ProviderAttributeName`
     # and `ProviderAttributeValue` must be the same values that were used
-    # for the `SourceUser` when the identities were originally linked in the
-    # call. (If the linking was done with `ProviderAttributeName` set to
-    # `Cognito_Subject`, the same applies here). However, if the user has
-    # already signed in, the `ProviderAttributeName` must be
-    # `Cognito_Subject` and `ProviderAttributeValue` must be the subject of
-    # the SAML assertion.
+    # for the `SourceUser` when the identities were originally linked using
+    # ` AdminLinkProviderForUser` call. (If the linking was done with
+    # `ProviderAttributeName` set to `Cognito_Subject`, the same applies
+    # here). However, if the user has already signed in, the
+    # `ProviderAttributeName` must be `Cognito_Subject` and
+    # `ProviderAttributeValue` must be the subject of the SAML assertion.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
     #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool.
@@ -1045,18 +1068,20 @@ module Aws::CognitoIdentityProvider
     #
     #   * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`.
     #
     #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`.
     #
     #   * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
     #     app client is configured with client secret), `PASSWORD` (required),
-    #     `DEVICE_KEY`
+    #     `DEVICE_KEY`.
     #
     #   * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
-    #     client is configured with client secret), `DEVICE_KEY`
+    #     client is configured with client secret), `DEVICE_KEY`. To start the
+    #     authentication flow with password verification, include
+    #     `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for
@@ -1202,13 +1227,15 @@ module Aws::CognitoIdentityProvider
     # that when the federated user identity is used, the user signs in as
     # the existing user account.
     #
+    # <note markdown="1"> The maximum number of federated identities linked to a user is 5.
+    #
+    #  </note>
+    #
     # Because this API allows a user with an external federated identity to
     # sign in as an existing user in the user pool, it is critical that it
     # only be used with external identity providers and provider attributes
     # that have been trusted by the application owner.
     #
-    # See also .
-    #
     # This action is enabled only for admin access and requires developer
     # credentials.
     #
@@ -1578,7 +1605,11 @@ module Aws::CognitoIdentityProvider
     #   The app client ID.
     #
     # @option params [required, String] :challenge_name
-    #   The challenge name. For more information, see .
+    #   The challenge name. For more information, see [AdminInitiateAuth][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
     #
     # @option params [Hash<String,String>] :challenge_responses
     #   The challenge responses. These are inputs corresponding to the value
@@ -1816,9 +1847,13 @@ module Aws::CognitoIdentityProvider
 
     # *This action is no longer supported.* You can use it to configure only
     # SMS MFA. You can't use it to configure TOTP software token MFA. To
-    # configure either type of MFA, use the AdminSetUserMFAPreference action
+    # configure either type of MFA, use [AdminSetUserMFAPreference][1]
     # instead.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html
+    #
     # @option params [required, String] :user_pool_id
     #   The ID of the user pool that contains the user that you are setting
     #   options for.
@@ -2176,7 +2211,11 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [required, String] :confirmation_code
     #   The confirmation code sent by a user's request to retrieve a
-    #   forgotten password. For more information, see
+    #   forgotten password. For more information, see [ForgotPassword][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
     #
     # @option params [required, String] :password
     #   The password sent by a user's request to retrieve a forgotten
@@ -2446,7 +2485,15 @@ module Aws::CognitoIdentityProvider
     #   The identity provider details. The following list describes the
     #   provider detail keys for each identity provider type.
     #
-    #   * For Google, Facebook and Login with Amazon:
+    #   * For Google and Login with Amazon:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * authorize\_scopes
+    #
+    #   * For Facebook:
     #
     #     * client\_id
     #
@@ -2454,6 +2501,8 @@ module Aws::CognitoIdentityProvider
     #
     #     * authorize\_scopes
     #
+    #     * api\_version
+    #
     #   * For Sign in with Apple:
     #
     #     * client\_id
@@ -2490,8 +2539,6 @@ module Aws::CognitoIdentityProvider
     #     * jwks\_uri *if not available from discovery URL specified by
     #       oidc\_issuer key*
     #
-    #     * authorize\_scopes
-    #
     #   * For SAML providers:
     #
     #     * MetadataFile OR MetadataURL
@@ -2743,7 +2790,11 @@ module Aws::CognitoIdentityProvider
     #   selected sign-in option. For example, when this is set to `False`,
     #   users will be able to sign in using either "username" or
     #   "Username". This configuration is immutable once it has been set.
-    #   For more information, see .
+    #   For more information, see [UsernameConfigurationType][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html
     #
     # @option params [Types::AccountRecoverySettingType] :account_recovery_setting
     #   Use this setting to define which verified available method a user can
@@ -2754,12 +2805,6 @@ module Aws::CognitoIdentityProvider
     #   the absence of this setting, Cognito uses the legacy behavior to
     #   determine the recovery method where SMS is preferred over email.
     #
-    #   <note markdown="1"> Starting February 1, 2020, the value of `AccountRecoverySetting` will
-    #   default to `verified_email` first and `verified_phone_number` as the
-    #   second option for newly created user pools if no value is provided.
-    #
-    #    </note>
-    #
     # @return [Types::CreateUserPoolResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateUserPoolResponse#user_pool #user_pool} => Types::UserPoolType
@@ -2970,6 +3015,20 @@ module Aws::CognitoIdentityProvider
     #   The time limit, in days, after which the refresh token is no longer
     #   valid and cannot be used.
     #
+    # @option params [Integer] :access_token_validity
+    #   The time limit, between 5 minutes and 1 day, after which the access
+    #   token is no longer valid and cannot be used. This value will be
+    #   overridden if you have entered a value in TokenValidityUnits.
+    #
+    # @option params [Integer] :id_token_validity
+    #   The time limit, between 5 minutes and 1 day, after which the ID token
+    #   is no longer valid and cannot be used. This value will be overridden
+    #   if you have entered a value in TokenValidityUnits.
+    #
+    # @option params [Types::TokenValidityUnitsType] :token_validity_units
+    #   The units in which the validity times are represented in. Default for
+    #   RefreshToken is days, and default for ID and access tokens are hours.
+    #
     # @option params [Array<String>] :read_attributes
     #   The read attributes.
     #
@@ -3094,9 +3153,10 @@ module Aws::CognitoIdentityProvider
     #   The Amazon Pinpoint analytics configuration for collecting metrics for
     #   this user pool.
     #
-    #   <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
-    #   projects in the US East (N. Virginia) us-east-1 Region, regardless of
-    #   the region in which the user pool resides.
+    #   <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
+    #   supports sending events to Amazon Pinpoint projects in us-east-1. In
+    #   regions where Pinpoint is available, Cognito User Pools will support
+    #   sending events to Amazon Pinpoint projects within that same region.
     #
     #    </note>
     #
@@ -3118,24 +3178,6 @@ module Aws::CognitoIdentityProvider
     #   * `LEGACY` - This represents the old behavior of Cognito where user
     #     existence related errors are not prevented.
     #
-    #   This setting affects the behavior of following APIs:
-    #
-    #   * AdminInitiateAuth
-    #
-    #   * AdminRespondToAuthChallenge
-    #
-    #   * InitiateAuth
-    #
-    #   * RespondToAuthChallenge
-    #
-    #   * ForgotPassword
-    #
-    #   * ConfirmForgotPassword
-    #
-    #   * ConfirmSignUp
-    #
-    #   * ResendConfirmationCode
-    #
     #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
@@ -3153,6 +3195,13 @@ module Aws::CognitoIdentityProvider
     #     client_name: "ClientNameType", # required
     #     generate_secret: false,
     #     refresh_token_validity: 1,
+    #     access_token_validity: 1,
+    #     id_token_validity: 1,
+    #     token_validity_units: {
+    #       access_token: "seconds", # accepts seconds, minutes, hours, days
+    #       id_token: "seconds", # accepts seconds, minutes, hours, days
+    #       refresh_token: "seconds", # accepts seconds, minutes, hours, days
+    #     },
     #     read_attributes: ["ClientPermissionType"],
     #     write_attributes: ["ClientPermissionType"],
     #     explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
@@ -3164,9 +3213,10 @@ module Aws::CognitoIdentityProvider
     #     allowed_o_auth_scopes: ["ScopeType"],
     #     allowed_o_auth_flows_user_pool_client: false,
     #     analytics_configuration: {
-    #       application_id: "HexStringType", # required
-    #       role_arn: "ArnType", # required
-    #       external_id: "StringType", # required
+    #       application_id: "HexStringType",
+    #       application_arn: "ArnType",
+    #       role_arn: "ArnType",
+    #       external_id: "StringType",
     #       user_data_shared: false,
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -3181,6 +3231,11 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.last_modified_date #=> Time
     #   resp.user_pool_client.creation_date #=> Time
     #   resp.user_pool_client.refresh_token_validity #=> Integer
+    #   resp.user_pool_client.access_token_validity #=> Integer
+    #   resp.user_pool_client.id_token_validity #=> Integer
+    #   resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
     #   resp.user_pool_client.read_attributes #=> Array
     #   resp.user_pool_client.read_attributes[0] #=> String
     #   resp.user_pool_client.write_attributes #=> Array
@@ -3200,6 +3255,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
     #   resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
     #   resp.user_pool_client.analytics_configuration.application_id #=> String
+    #   resp.user_pool_client.analytics_configuration.application_arn #=> String
     #   resp.user_pool_client.analytics_configuration.role_arn #=> String
     #   resp.user_pool_client.analytics_configuration.external_id #=> String
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
@@ -3786,6 +3842,11 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.last_modified_date #=> Time
     #   resp.user_pool_client.creation_date #=> Time
     #   resp.user_pool_client.refresh_token_validity #=> Integer
+    #   resp.user_pool_client.access_token_validity #=> Integer
+    #   resp.user_pool_client.id_token_validity #=> Integer
+    #   resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
     #   resp.user_pool_client.read_attributes #=> Array
     #   resp.user_pool_client.read_attributes[0] #=> String
     #   resp.user_pool_client.write_attributes #=> Array
@@ -3805,6 +3866,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
     #   resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
     #   resp.user_pool_client.analytics_configuration.application_id #=> String
+    #   resp.user_pool_client.analytics_configuration.application_arn #=> String
     #   resp.user_pool_client.analytics_configuration.role_arn #=> String
     #   resp.user_pool_client.analytics_configuration.external_id #=> String
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
@@ -3885,10 +3947,15 @@ module Aws::CognitoIdentityProvider
     # the `Username` parameter, you can use the username or user alias. The
     # method used to send the confirmation code is sent according to the
     # specified AccountRecoverySetting. For more information, see
-    # [Recovering User Accounts]() in the *Amazon Cognito Developer Guide*.
+    # [Recovering User Accounts][1] in the *Amazon Cognito Developer Guide*.
     # If neither a verified phone number nor a verified email exists, an
     # `InvalidParameterException` is thrown. To use the confirmation code
-    # for resetting the password, call .
+    # for resetting the password, call [ConfirmForgotPassword][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html
+    # [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html
     #
     # @option params [required, String] :client_id
     #   The ID of the client associated with the user pool.
@@ -4432,14 +4499,16 @@ module Aws::CognitoIdentityProvider
     #
     #   * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`.
     #
     #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`.
     #
     #   * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
-    #     client is configured with client secret), `DEVICE_KEY`
+    #     client is configured with client secret), `DEVICE_KEY`. To start the
+    #     authentication flow with password verification, include
+    #     `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for
@@ -5219,10 +5288,14 @@ module Aws::CognitoIdentityProvider
     #   The app client ID.
     #
     # @option params [required, String] :challenge_name
-    #   The challenge name. For more information, see .
+    #   The challenge name. For more information, see [InitiateAuth][1].
     #
     #   `ADMIN_NO_SRP_AUTH` is not a valid value.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
+    #
     # @option params [String] :session
     #   The session which should be passed both ways in challenge-response
     #   calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
@@ -5363,8 +5436,6 @@ module Aws::CognitoIdentityProvider
     # To enable Amazon Cognito advanced security features, update the user
     # pool to include the `UserPoolAddOns` key`AdvancedSecurityMode`.
     #
-    # See .
-    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID.
     #
@@ -5508,7 +5579,7 @@ module Aws::CognitoIdentityProvider
     # @option params [String] :css
     #   The CSS values in the UI customization.
     #
-    # @option params [String, IO] :image_file
+    # @option params [String, StringIO, File] :image_file
     #   The uploaded logo image for the UI customization.
     #
     # @return [Types::SetUICustomizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -5647,8 +5718,11 @@ module Aws::CognitoIdentityProvider
 
     # *This action is no longer supported.* You can use it to configure only
     # SMS MFA. You can't use it to configure TOTP software token MFA. To
-    # configure either type of MFA, use the SetUserMFAPreference action
-    # instead.
+    # configure either type of MFA, use [SetUserMFAPreference][1] instead.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html
     #
     # @option params [required, String] :access_token
     #   The access token for the set user settings request.
@@ -6063,7 +6137,11 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [Integer] :precedence
     #   The new precedence value for the group. For more information about
-    #   this parameter, see .
+    #   this parameter, see [CreateGroup][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html
     #
     # @return [Types::UpdateGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -6296,11 +6374,16 @@ module Aws::CognitoIdentityProvider
     end
 
     # Updates the specified user pool with the specified attributes. You can
-    # get a list of the current user pool settings with .
+    # get a list of the current user pool settings using
+    # [DescribeUserPool][1].
     #
     # If you don't provide a value for an attribute, it will be set to the
     # default value.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html
+    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool you want to update.
     #
@@ -6465,11 +6548,15 @@ module Aws::CognitoIdentityProvider
 
     # Updates the specified user pool app client with the specified
     # attributes. You can get a list of the current user pool app client
-    # settings with .
+    # settings using [DescribeUserPoolClient][1].
     #
     # If you don't provide a value for an attribute, it will be set to the
     # default value.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html
+    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool where you want to update the user
     #   pool client.
@@ -6484,6 +6571,18 @@ module Aws::CognitoIdentityProvider
     #   The time limit, in days, after which the refresh token is no longer
     #   valid and cannot be used.
     #
+    # @option params [Integer] :access_token_validity
+    #   The time limit, after which the access token is no longer valid and
+    #   cannot be used.
+    #
+    # @option params [Integer] :id_token_validity
+    #   The time limit, after which the ID token is no longer valid and cannot
+    #   be used.
+    #
+    # @option params [Types::TokenValidityUnitsType] :token_validity_units
+    #   The units in which the validity times are represented in. Default for
+    #   RefreshToken is days, and default for ID and access tokens are hours.
+    #
     # @option params [Array<String>] :read_attributes
     #   The read-only attributes of the user pool.
     #
@@ -6594,9 +6693,10 @@ module Aws::CognitoIdentityProvider
     #   The Amazon Pinpoint analytics configuration for collecting metrics for
     #   this user pool.
     #
-    #   <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
-    #   projects in the US East (N. Virginia) us-east-1 Region, regardless of
-    #   the region in which the user pool resides.
+    #   <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
+    #   supports sending events to Amazon Pinpoint projects in us-east-1. In
+    #   regions where Pinpoint is available, Cognito User Pools will support
+    #   sending events to Amazon Pinpoint projects within that same region.
     #
     #    </note>
     #
@@ -6618,24 +6718,6 @@ module Aws::CognitoIdentityProvider
     #   * `LEGACY` - This represents the old behavior of Cognito where user
     #     existence related errors are not prevented.
     #
-    #   This setting affects the behavior of following APIs:
-    #
-    #   * AdminInitiateAuth
-    #
-    #   * AdminRespondToAuthChallenge
-    #
-    #   * InitiateAuth
-    #
-    #   * RespondToAuthChallenge
-    #
-    #   * ForgotPassword
-    #
-    #   * ConfirmForgotPassword
-    #
-    #   * ConfirmSignUp
-    #
-    #   * ResendConfirmationCode
-    #
     #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
@@ -6653,6 +6735,13 @@ module Aws::CognitoIdentityProvider
     #     client_id: "ClientIdType", # required
     #     client_name: "ClientNameType",
     #     refresh_token_validity: 1,
+    #     access_token_validity: 1,
+    #     id_token_validity: 1,
+    #     token_validity_units: {
+    #       access_token: "seconds", # accepts seconds, minutes, hours, days
+    #       id_token: "seconds", # accepts seconds, minutes, hours, days
+    #       refresh_token: "seconds", # accepts seconds, minutes, hours, days
+    #     },
     #     read_attributes: ["ClientPermissionType"],
     #     write_attributes: ["ClientPermissionType"],
     #     explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
@@ -6664,9 +6753,10 @@ module Aws::CognitoIdentityProvider
     #     allowed_o_auth_scopes: ["ScopeType"],
     #     allowed_o_auth_flows_user_pool_client: false,
     #     analytics_configuration: {
-    #       application_id: "HexStringType", # required
-    #       role_arn: "ArnType", # required
-    #       external_id: "StringType", # required
+    #       application_id: "HexStringType",
+    #       application_arn: "ArnType",
+    #       role_arn: "ArnType",
+    #       external_id: "StringType",
     #       user_data_shared: false,
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -6681,6 +6771,11 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.last_modified_date #=> Time
     #   resp.user_pool_client.creation_date #=> Time
     #   resp.user_pool_client.refresh_token_validity #=> Integer
+    #   resp.user_pool_client.access_token_validity #=> Integer
+    #   resp.user_pool_client.id_token_validity #=> Integer
+    #   resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
+    #   resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
     #   resp.user_pool_client.read_attributes #=> Array
     #   resp.user_pool_client.read_attributes[0] #=> String
     #   resp.user_pool_client.write_attributes #=> Array
@@ -6700,6 +6795,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
     #   resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
     #   resp.user_pool_client.analytics_configuration.application_id #=> String
+    #   resp.user_pool_client.analytics_configuration.application_arn #=> String
     #   resp.user_pool_client.analytics_configuration.role_arn #=> String
     #   resp.user_pool_client.analytics_configuration.external_id #=> String
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
@@ -6806,6 +6902,11 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [required, String] :user_code
     #   The one time password computed using the secret code returned by
+    #   [AssociateSoftwareToken"][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html
     #
     # @option params [String] :friendly_device_name
     #   The friendly device name.
@@ -6881,7 +6982,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.40.0'
+      context[:gem_version] = '1.45.0'
       Seahorse::Client::Request.new(handlers, context)
     end