aws-sdk-cognitoidentityprovider 1.40.0 → 1.45.0
Sign up to get free protection for your applications and to get access to all the features.
@@ -14,6 +14,7 @@ module Aws::CognitoIdentityProvider
|
|
14
14
|
include Seahorse::Model
|
15
15
|
|
16
16
|
AWSAccountIdType = Shapes::StringShape.new(name: 'AWSAccountIdType')
|
17
|
+
AccessTokenValidityType = Shapes::IntegerShape.new(name: 'AccessTokenValidityType')
|
17
18
|
AccountRecoverySettingType = Shapes::StructureShape.new(name: 'AccountRecoverySettingType')
|
18
19
|
AccountTakeoverActionNotifyType = Shapes::BooleanShape.new(name: 'AccountTakeoverActionNotifyType')
|
19
20
|
AccountTakeoverActionType = Shapes::StructureShape.new(name: 'AccountTakeoverActionType')
|
@@ -243,6 +244,7 @@ module Aws::CognitoIdentityProvider
|
|
243
244
|
HexStringType = Shapes::StringShape.new(name: 'HexStringType')
|
244
245
|
HttpHeader = Shapes::StructureShape.new(name: 'HttpHeader')
|
245
246
|
HttpHeaderList = Shapes::ListShape.new(name: 'HttpHeaderList')
|
247
|
+
IdTokenValidityType = Shapes::IntegerShape.new(name: 'IdTokenValidityType')
|
246
248
|
IdentityProviderType = Shapes::StructureShape.new(name: 'IdentityProviderType')
|
247
249
|
IdentityProviderTypeType = Shapes::StringShape.new(name: 'IdentityProviderTypeType')
|
248
250
|
IdpIdentifierType = Shapes::StringShape.new(name: 'IdpIdentifierType')
|
@@ -389,7 +391,9 @@ module Aws::CognitoIdentityProvider
|
|
389
391
|
TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
|
390
392
|
TagValueType = Shapes::StringShape.new(name: 'TagValueType')
|
391
393
|
TemporaryPasswordValidityDaysType = Shapes::IntegerShape.new(name: 'TemporaryPasswordValidityDaysType')
|
394
|
+
TimeUnitsType = Shapes::StringShape.new(name: 'TimeUnitsType')
|
392
395
|
TokenModelType = Shapes::StringShape.new(name: 'TokenModelType')
|
396
|
+
TokenValidityUnitsType = Shapes::StructureShape.new(name: 'TokenValidityUnitsType')
|
393
397
|
TooManyFailedAttemptsException = Shapes::StructureShape.new(name: 'TooManyFailedAttemptsException')
|
394
398
|
TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
|
395
399
|
UICustomizationType = Shapes::StructureShape.new(name: 'UICustomizationType')
|
@@ -709,9 +713,10 @@ module Aws::CognitoIdentityProvider
|
|
709
713
|
AliasExistsException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
|
710
714
|
AliasExistsException.struct_class = Types::AliasExistsException
|
711
715
|
|
712
|
-
AnalyticsConfigurationType.add_member(:application_id, Shapes::ShapeRef.new(shape: HexStringType,
|
713
|
-
AnalyticsConfigurationType.add_member(:
|
714
|
-
AnalyticsConfigurationType.add_member(:
|
716
|
+
AnalyticsConfigurationType.add_member(:application_id, Shapes::ShapeRef.new(shape: HexStringType, location_name: "ApplicationId"))
|
717
|
+
AnalyticsConfigurationType.add_member(:application_arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "ApplicationArn"))
|
718
|
+
AnalyticsConfigurationType.add_member(:role_arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "RoleArn"))
|
719
|
+
AnalyticsConfigurationType.add_member(:external_id, Shapes::ShapeRef.new(shape: StringType, location_name: "ExternalId"))
|
715
720
|
AnalyticsConfigurationType.add_member(:user_data_shared, Shapes::ShapeRef.new(shape: BooleanType, location_name: "UserDataShared"))
|
716
721
|
AnalyticsConfigurationType.struct_class = Types::AnalyticsConfigurationType
|
717
722
|
|
@@ -893,6 +898,9 @@ module Aws::CognitoIdentityProvider
|
|
893
898
|
CreateUserPoolClientRequest.add_member(:client_name, Shapes::ShapeRef.new(shape: ClientNameType, required: true, location_name: "ClientName"))
|
894
899
|
CreateUserPoolClientRequest.add_member(:generate_secret, Shapes::ShapeRef.new(shape: GenerateSecret, location_name: "GenerateSecret"))
|
895
900
|
CreateUserPoolClientRequest.add_member(:refresh_token_validity, Shapes::ShapeRef.new(shape: RefreshTokenValidityType, location_name: "RefreshTokenValidity"))
|
901
|
+
CreateUserPoolClientRequest.add_member(:access_token_validity, Shapes::ShapeRef.new(shape: AccessTokenValidityType, location_name: "AccessTokenValidity"))
|
902
|
+
CreateUserPoolClientRequest.add_member(:id_token_validity, Shapes::ShapeRef.new(shape: IdTokenValidityType, location_name: "IdTokenValidity"))
|
903
|
+
CreateUserPoolClientRequest.add_member(:token_validity_units, Shapes::ShapeRef.new(shape: TokenValidityUnitsType, location_name: "TokenValidityUnits"))
|
896
904
|
CreateUserPoolClientRequest.add_member(:read_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "ReadAttributes"))
|
897
905
|
CreateUserPoolClientRequest.add_member(:write_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "WriteAttributes"))
|
898
906
|
CreateUserPoolClientRequest.add_member(:explicit_auth_flows, Shapes::ShapeRef.new(shape: ExplicitAuthFlowsListType, location_name: "ExplicitAuthFlows"))
|
@@ -1622,6 +1630,11 @@ module Aws::CognitoIdentityProvider
|
|
1622
1630
|
|
1623
1631
|
TagResourceResponse.struct_class = Types::TagResourceResponse
|
1624
1632
|
|
1633
|
+
TokenValidityUnitsType.add_member(:access_token, Shapes::ShapeRef.new(shape: TimeUnitsType, location_name: "AccessToken"))
|
1634
|
+
TokenValidityUnitsType.add_member(:id_token, Shapes::ShapeRef.new(shape: TimeUnitsType, location_name: "IdToken"))
|
1635
|
+
TokenValidityUnitsType.add_member(:refresh_token, Shapes::ShapeRef.new(shape: TimeUnitsType, location_name: "RefreshToken"))
|
1636
|
+
TokenValidityUnitsType.struct_class = Types::TokenValidityUnitsType
|
1637
|
+
|
1625
1638
|
TooManyFailedAttemptsException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
|
1626
1639
|
TooManyFailedAttemptsException.struct_class = Types::TooManyFailedAttemptsException
|
1627
1640
|
|
@@ -1709,6 +1722,9 @@ module Aws::CognitoIdentityProvider
|
|
1709
1722
|
UpdateUserPoolClientRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, required: true, location_name: "ClientId"))
|
1710
1723
|
UpdateUserPoolClientRequest.add_member(:client_name, Shapes::ShapeRef.new(shape: ClientNameType, location_name: "ClientName"))
|
1711
1724
|
UpdateUserPoolClientRequest.add_member(:refresh_token_validity, Shapes::ShapeRef.new(shape: RefreshTokenValidityType, location_name: "RefreshTokenValidity"))
|
1725
|
+
UpdateUserPoolClientRequest.add_member(:access_token_validity, Shapes::ShapeRef.new(shape: AccessTokenValidityType, location_name: "AccessTokenValidity"))
|
1726
|
+
UpdateUserPoolClientRequest.add_member(:id_token_validity, Shapes::ShapeRef.new(shape: IdTokenValidityType, location_name: "IdTokenValidity"))
|
1727
|
+
UpdateUserPoolClientRequest.add_member(:token_validity_units, Shapes::ShapeRef.new(shape: TokenValidityUnitsType, location_name: "TokenValidityUnits"))
|
1712
1728
|
UpdateUserPoolClientRequest.add_member(:read_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "ReadAttributes"))
|
1713
1729
|
UpdateUserPoolClientRequest.add_member(:write_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "WriteAttributes"))
|
1714
1730
|
UpdateUserPoolClientRequest.add_member(:explicit_auth_flows, Shapes::ShapeRef.new(shape: ExplicitAuthFlowsListType, location_name: "ExplicitAuthFlows"))
|
@@ -1809,6 +1825,9 @@ module Aws::CognitoIdentityProvider
|
|
1809
1825
|
UserPoolClientType.add_member(:last_modified_date, Shapes::ShapeRef.new(shape: DateType, location_name: "LastModifiedDate"))
|
1810
1826
|
UserPoolClientType.add_member(:creation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "CreationDate"))
|
1811
1827
|
UserPoolClientType.add_member(:refresh_token_validity, Shapes::ShapeRef.new(shape: RefreshTokenValidityType, location_name: "RefreshTokenValidity"))
|
1828
|
+
UserPoolClientType.add_member(:access_token_validity, Shapes::ShapeRef.new(shape: AccessTokenValidityType, location_name: "AccessTokenValidity"))
|
1829
|
+
UserPoolClientType.add_member(:id_token_validity, Shapes::ShapeRef.new(shape: IdTokenValidityType, location_name: "IdTokenValidity"))
|
1830
|
+
UserPoolClientType.add_member(:token_validity_units, Shapes::ShapeRef.new(shape: TokenValidityUnitsType, location_name: "TokenValidityUnits"))
|
1812
1831
|
UserPoolClientType.add_member(:read_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "ReadAttributes"))
|
1813
1832
|
UserPoolClientType.add_member(:write_attributes, Shapes::ShapeRef.new(shape: ClientPermissionListType, location_name: "WriteAttributes"))
|
1814
1833
|
UserPoolClientType.add_member(:explicit_auth_flows, Shapes::ShapeRef.new(shape: ExplicitAuthFlowsListType, location_name: "ExplicitAuthFlows"))
|
@@ -2397,6 +2416,7 @@ module Aws::CognitoIdentityProvider
|
|
2397
2416
|
o.http_request_uri = "/"
|
2398
2417
|
o.input = Shapes::ShapeRef.new(shape: AssociateSoftwareTokenRequest)
|
2399
2418
|
o.output = Shapes::ShapeRef.new(shape: AssociateSoftwareTokenResponse)
|
2419
|
+
o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
|
2400
2420
|
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
2401
2421
|
o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
|
2402
2422
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
@@ -431,10 +431,11 @@ module Aws::CognitoIdentityProvider
|
|
431
431
|
# An array of name-value pairs that contain user attributes and
|
432
432
|
# attribute values to be set for the user to be created. You can
|
433
433
|
# create a user without specifying any attributes other than
|
434
|
-
# `Username`. However, any attributes that you specify as required
|
435
|
-
# or in the **Attributes** tab of the
|
436
|
-
# by you (in your call to
|
437
|
-
# or
|
434
|
+
# `Username`. However, any attributes that you specify as required
|
435
|
+
# (when creating a user pool or in the **Attributes** tab of the
|
436
|
+
# console) must be supplied either by you (in your call to
|
437
|
+
# `AdminCreateUser`) or by the user (when he or she signs up in
|
438
|
+
# response to your welcome message).
|
438
439
|
#
|
439
440
|
# For custom attributes, you must prepend the `custom:` prefix to the
|
440
441
|
# attribute name.
|
@@ -446,7 +447,8 @@ module Aws::CognitoIdentityProvider
|
|
446
447
|
#
|
447
448
|
# In your call to `AdminCreateUser`, you can set the `email_verified`
|
448
449
|
# attribute to `True`, and you can set the `phone_number_verified`
|
449
|
-
# attribute to `True`. (You can also do this by calling
|
450
|
+
# attribute to `True`. (You can also do this by calling
|
451
|
+
# [AdminUpdateUserAttributes][1].)
|
450
452
|
#
|
451
453
|
# * **email**\: The email address of the user to whom the message that
|
452
454
|
# contains the code and username will be sent. Required if the
|
@@ -457,6 +459,10 @@ module Aws::CognitoIdentityProvider
|
|
457
459
|
# message that contains the code and username will be sent. Required
|
458
460
|
# if the `phone_number_verified` attribute is set to `True`, or if
|
459
461
|
# `"SMS"` is specified in the `DesiredDeliveryMediums` parameter.
|
462
|
+
#
|
463
|
+
#
|
464
|
+
#
|
465
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
|
460
466
|
# @return [Array<Types::AttributeType>]
|
461
467
|
#
|
462
468
|
# @!attribute [rw] validation_data
|
@@ -926,8 +932,8 @@ module Aws::CognitoIdentityProvider
|
|
926
932
|
# *This response parameter is no longer supported.* It provides
|
927
933
|
# information only about SMS MFA configurations. It doesn't provide
|
928
934
|
# information about TOTP software token MFA configurations. To look up
|
929
|
-
# information about either type of MFA configuration, use
|
930
|
-
#
|
935
|
+
# information about either type of MFA configuration, use
|
936
|
+
# UserMFASettingList instead.
|
931
937
|
# @return [Array<Types::MFAOptionType>]
|
932
938
|
#
|
933
939
|
# @!attribute [rw] preferred_mfa_setting
|
@@ -1042,18 +1048,20 @@ module Aws::CognitoIdentityProvider
|
|
1042
1048
|
#
|
1043
1049
|
# * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
|
1044
1050
|
# `SECRET_HASH` (required if the app client is configured with a
|
1045
|
-
# client secret), `DEVICE_KEY
|
1051
|
+
# client secret), `DEVICE_KEY`.
|
1046
1052
|
#
|
1047
1053
|
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN`
|
1048
1054
|
# (required), `SECRET_HASH` (required if the app client is
|
1049
|
-
# configured with a client secret), `DEVICE_KEY
|
1055
|
+
# configured with a client secret), `DEVICE_KEY`.
|
1050
1056
|
#
|
1051
1057
|
# * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
|
1052
1058
|
# app client is configured with client secret), `PASSWORD`
|
1053
|
-
# (required), `DEVICE_KEY
|
1059
|
+
# (required), `DEVICE_KEY`.
|
1054
1060
|
#
|
1055
1061
|
# * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
|
1056
|
-
# client is configured with client secret), `DEVICE_KEY
|
1062
|
+
# client is configured with client secret), `DEVICE_KEY`. To start
|
1063
|
+
# the authentication flow with password verification, include
|
1064
|
+
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
1057
1065
|
# @return [Hash<String,String>]
|
1058
1066
|
#
|
1059
1067
|
# @!attribute [rw] client_metadata
|
@@ -1637,7 +1645,12 @@ module Aws::CognitoIdentityProvider
|
|
1637
1645
|
# @return [String]
|
1638
1646
|
#
|
1639
1647
|
# @!attribute [rw] challenge_name
|
1640
|
-
# The challenge name. For more information, see
|
1648
|
+
# The challenge name. For more information, see
|
1649
|
+
# [AdminInitiateAuth][1].
|
1650
|
+
#
|
1651
|
+
#
|
1652
|
+
#
|
1653
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
|
1641
1654
|
# @return [String]
|
1642
1655
|
#
|
1643
1656
|
# @!attribute [rw] challenge_responses
|
@@ -1745,19 +1758,29 @@ module Aws::CognitoIdentityProvider
|
|
1745
1758
|
# Responds to the authentication challenge, as an administrator.
|
1746
1759
|
#
|
1747
1760
|
# @!attribute [rw] challenge_name
|
1748
|
-
# The name of the challenge. For more information, see
|
1761
|
+
# The name of the challenge. For more information, see
|
1762
|
+
# [AdminInitiateAuth][1].
|
1763
|
+
#
|
1764
|
+
#
|
1765
|
+
#
|
1766
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
|
1749
1767
|
# @return [String]
|
1750
1768
|
#
|
1751
1769
|
# @!attribute [rw] session
|
1752
1770
|
# The session which should be passed both ways in challenge-response
|
1753
|
-
# calls to the service. If the
|
1754
|
-
#
|
1755
|
-
#
|
1756
|
-
#
|
1771
|
+
# calls to the service. If the caller needs to go through another
|
1772
|
+
# challenge, they return a session with other challenge parameters.
|
1773
|
+
# This session should be passed as it is to the next
|
1774
|
+
# `RespondToAuthChallenge` API call.
|
1757
1775
|
# @return [String]
|
1758
1776
|
#
|
1759
1777
|
# @!attribute [rw] challenge_parameters
|
1760
|
-
# The challenge parameters. For more information, see
|
1778
|
+
# The challenge parameters. For more information, see
|
1779
|
+
# [AdminInitiateAuth][1].
|
1780
|
+
#
|
1781
|
+
#
|
1782
|
+
#
|
1783
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
|
1761
1784
|
# @return [Hash<String,String>]
|
1762
1785
|
#
|
1763
1786
|
# @!attribute [rw] authentication_result
|
@@ -2147,9 +2170,10 @@ module Aws::CognitoIdentityProvider
|
|
2147
2170
|
# The Amazon Pinpoint analytics configuration for collecting metrics for
|
2148
2171
|
# a user pool.
|
2149
2172
|
#
|
2150
|
-
# <note markdown="1">
|
2151
|
-
#
|
2152
|
-
#
|
2173
|
+
# <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
|
2174
|
+
# supports sending events to Amazon Pinpoint projects in us-east-1. In
|
2175
|
+
# regions where Pinpoint is available, Cognito User Pools will support
|
2176
|
+
# sending events to Amazon Pinpoint projects within that same region.
|
2153
2177
|
#
|
2154
2178
|
# </note>
|
2155
2179
|
#
|
@@ -2157,9 +2181,10 @@ module Aws::CognitoIdentityProvider
|
|
2157
2181
|
# data as a hash:
|
2158
2182
|
#
|
2159
2183
|
# {
|
2160
|
-
# application_id: "HexStringType",
|
2161
|
-
#
|
2162
|
-
#
|
2184
|
+
# application_id: "HexStringType",
|
2185
|
+
# application_arn: "ArnType",
|
2186
|
+
# role_arn: "ArnType",
|
2187
|
+
# external_id: "StringType",
|
2163
2188
|
# user_data_shared: false,
|
2164
2189
|
# }
|
2165
2190
|
#
|
@@ -2167,6 +2192,13 @@ module Aws::CognitoIdentityProvider
|
|
2167
2192
|
# The application ID for an Amazon Pinpoint application.
|
2168
2193
|
# @return [String]
|
2169
2194
|
#
|
2195
|
+
# @!attribute [rw] application_arn
|
2196
|
+
# The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You
|
2197
|
+
# can use the Amazon Pinpoint project for Pinpoint integration with
|
2198
|
+
# the chosen User Pool Client. Amazon Cognito publishes events to the
|
2199
|
+
# pinpoint project declared by the app ARN.
|
2200
|
+
# @return [String]
|
2201
|
+
#
|
2170
2202
|
# @!attribute [rw] role_arn
|
2171
2203
|
# The ARN of an IAM role that authorizes Amazon Cognito to publish
|
2172
2204
|
# events to Amazon Pinpoint analytics.
|
@@ -2185,6 +2217,7 @@ module Aws::CognitoIdentityProvider
|
|
2185
2217
|
#
|
2186
2218
|
class AnalyticsConfigurationType < Struct.new(
|
2187
2219
|
:application_id,
|
2220
|
+
:application_arn,
|
2188
2221
|
:role_arn,
|
2189
2222
|
:external_id,
|
2190
2223
|
:user_data_shared)
|
@@ -2662,7 +2695,11 @@ module Aws::CognitoIdentityProvider
|
|
2662
2695
|
#
|
2663
2696
|
# @!attribute [rw] confirmation_code
|
2664
2697
|
# The confirmation code sent by a user's request to retrieve a
|
2665
|
-
# forgotten password. For more information, see
|
2698
|
+
# forgotten password. For more information, see [ForgotPassword][1].
|
2699
|
+
#
|
2700
|
+
#
|
2701
|
+
#
|
2702
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
|
2666
2703
|
# @return [String]
|
2667
2704
|
#
|
2668
2705
|
# @!attribute [rw] password
|
@@ -3020,7 +3057,7 @@ module Aws::CognitoIdentityProvider
|
|
3020
3057
|
# The identity provider details. The following list describes the
|
3021
3058
|
# provider detail keys for each identity provider type.
|
3022
3059
|
#
|
3023
|
-
# * For Google
|
3060
|
+
# * For Google and Login with Amazon:
|
3024
3061
|
#
|
3025
3062
|
# * client\_id
|
3026
3063
|
#
|
@@ -3028,6 +3065,16 @@ module Aws::CognitoIdentityProvider
|
|
3028
3065
|
#
|
3029
3066
|
# * authorize\_scopes
|
3030
3067
|
#
|
3068
|
+
# * For Facebook:
|
3069
|
+
#
|
3070
|
+
# * client\_id
|
3071
|
+
#
|
3072
|
+
# * client\_secret
|
3073
|
+
#
|
3074
|
+
# * authorize\_scopes
|
3075
|
+
#
|
3076
|
+
# * api\_version
|
3077
|
+
#
|
3031
3078
|
# * For Sign in with Apple:
|
3032
3079
|
#
|
3033
3080
|
# * client\_id
|
@@ -3064,8 +3111,6 @@ module Aws::CognitoIdentityProvider
|
|
3064
3111
|
# * jwks\_uri *if not available from discovery URL specified by
|
3065
3112
|
# oidc\_issuer key*
|
3066
3113
|
#
|
3067
|
-
# * authorize\_scopes
|
3068
|
-
#
|
3069
3114
|
# * For SAML providers:
|
3070
3115
|
#
|
3071
3116
|
# * MetadataFile OR MetadataURL
|
@@ -3224,6 +3269,13 @@ module Aws::CognitoIdentityProvider
|
|
3224
3269
|
# client_name: "ClientNameType", # required
|
3225
3270
|
# generate_secret: false,
|
3226
3271
|
# refresh_token_validity: 1,
|
3272
|
+
# access_token_validity: 1,
|
3273
|
+
# id_token_validity: 1,
|
3274
|
+
# token_validity_units: {
|
3275
|
+
# access_token: "seconds", # accepts seconds, minutes, hours, days
|
3276
|
+
# id_token: "seconds", # accepts seconds, minutes, hours, days
|
3277
|
+
# refresh_token: "seconds", # accepts seconds, minutes, hours, days
|
3278
|
+
# },
|
3227
3279
|
# read_attributes: ["ClientPermissionType"],
|
3228
3280
|
# write_attributes: ["ClientPermissionType"],
|
3229
3281
|
# explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
|
@@ -3235,9 +3287,10 @@ module Aws::CognitoIdentityProvider
|
|
3235
3287
|
# allowed_o_auth_scopes: ["ScopeType"],
|
3236
3288
|
# allowed_o_auth_flows_user_pool_client: false,
|
3237
3289
|
# analytics_configuration: {
|
3238
|
-
# application_id: "HexStringType",
|
3239
|
-
#
|
3240
|
-
#
|
3290
|
+
# application_id: "HexStringType",
|
3291
|
+
# application_arn: "ArnType",
|
3292
|
+
# role_arn: "ArnType",
|
3293
|
+
# external_id: "StringType",
|
3241
3294
|
# user_data_shared: false,
|
3242
3295
|
# },
|
3243
3296
|
# prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
|
@@ -3262,6 +3315,24 @@ module Aws::CognitoIdentityProvider
|
|
3262
3315
|
# valid and cannot be used.
|
3263
3316
|
# @return [Integer]
|
3264
3317
|
#
|
3318
|
+
# @!attribute [rw] access_token_validity
|
3319
|
+
# The time limit, between 5 minutes and 1 day, after which the access
|
3320
|
+
# token is no longer valid and cannot be used. This value will be
|
3321
|
+
# overridden if you have entered a value in TokenValidityUnits.
|
3322
|
+
# @return [Integer]
|
3323
|
+
#
|
3324
|
+
# @!attribute [rw] id_token_validity
|
3325
|
+
# The time limit, between 5 minutes and 1 day, after which the ID
|
3326
|
+
# token is no longer valid and cannot be used. This value will be
|
3327
|
+
# overridden if you have entered a value in TokenValidityUnits.
|
3328
|
+
# @return [Integer]
|
3329
|
+
#
|
3330
|
+
# @!attribute [rw] token_validity_units
|
3331
|
+
# The units in which the validity times are represented in. Default
|
3332
|
+
# for RefreshToken is days, and default for ID and access tokens are
|
3333
|
+
# hours.
|
3334
|
+
# @return [Types::TokenValidityUnitsType]
|
3335
|
+
#
|
3265
3336
|
# @!attribute [rw] read_attributes
|
3266
3337
|
# The read attributes.
|
3267
3338
|
# @return [Array<String>]
|
@@ -3398,9 +3469,10 @@ module Aws::CognitoIdentityProvider
|
|
3398
3469
|
# The Amazon Pinpoint analytics configuration for collecting metrics
|
3399
3470
|
# for this user pool.
|
3400
3471
|
#
|
3401
|
-
# <note markdown="1">
|
3402
|
-
#
|
3403
|
-
#
|
3472
|
+
# <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
|
3473
|
+
# supports sending events to Amazon Pinpoint projects in us-east-1. In
|
3474
|
+
# regions where Pinpoint is available, Cognito User Pools will support
|
3475
|
+
# sending events to Amazon Pinpoint projects within that same region.
|
3404
3476
|
#
|
3405
3477
|
# </note>
|
3406
3478
|
# @return [Types::AnalyticsConfigurationType]
|
@@ -3423,24 +3495,6 @@ module Aws::CognitoIdentityProvider
|
|
3423
3495
|
# * `LEGACY` - This represents the old behavior of Cognito where user
|
3424
3496
|
# existence related errors are not prevented.
|
3425
3497
|
#
|
3426
|
-
# This setting affects the behavior of following APIs:
|
3427
|
-
#
|
3428
|
-
# * AdminInitiateAuth
|
3429
|
-
#
|
3430
|
-
# * AdminRespondToAuthChallenge
|
3431
|
-
#
|
3432
|
-
# * InitiateAuth
|
3433
|
-
#
|
3434
|
-
# * RespondToAuthChallenge
|
3435
|
-
#
|
3436
|
-
# * ForgotPassword
|
3437
|
-
#
|
3438
|
-
# * ConfirmForgotPassword
|
3439
|
-
#
|
3440
|
-
# * ConfirmSignUp
|
3441
|
-
#
|
3442
|
-
# * ResendConfirmationCode
|
3443
|
-
#
|
3444
3498
|
# <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
|
3445
3499
|
# will default to `ENABLED` for newly created user pool clients if no
|
3446
3500
|
# value is provided.
|
@@ -3455,6 +3509,9 @@ module Aws::CognitoIdentityProvider
|
|
3455
3509
|
:client_name,
|
3456
3510
|
:generate_secret,
|
3457
3511
|
:refresh_token_validity,
|
3512
|
+
:access_token_validity,
|
3513
|
+
:id_token_validity,
|
3514
|
+
:token_validity_units,
|
3458
3515
|
:read_attributes,
|
3459
3516
|
:write_attributes,
|
3460
3517
|
:explicit_auth_flows,
|
@@ -3756,7 +3813,11 @@ module Aws::CognitoIdentityProvider
|
|
3756
3813
|
# selected sign-in option. For example, when this is set to `False`,
|
3757
3814
|
# users will be able to sign in using either "username" or
|
3758
3815
|
# "Username". This configuration is immutable once it has been set.
|
3759
|
-
# For more information, see .
|
3816
|
+
# For more information, see [UsernameConfigurationType][1].
|
3817
|
+
#
|
3818
|
+
#
|
3819
|
+
#
|
3820
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html
|
3760
3821
|
# @return [Types::UsernameConfigurationType]
|
3761
3822
|
#
|
3762
3823
|
# @!attribute [rw] account_recovery_setting
|
@@ -3768,13 +3829,6 @@ module Aws::CognitoIdentityProvider
|
|
3768
3829
|
# enabled. In the absence of this setting, Cognito uses the legacy
|
3769
3830
|
# behavior to determine the recovery method where SMS is preferred
|
3770
3831
|
# over email.
|
3771
|
-
#
|
3772
|
-
# <note markdown="1"> Starting February 1, 2020, the value of `AccountRecoverySetting`
|
3773
|
-
# will default to `verified_email` first and `verified_phone_number`
|
3774
|
-
# as the second option for newly created user pools if no value is
|
3775
|
-
# provided.
|
3776
|
-
#
|
3777
|
-
# </note>
|
3778
3832
|
# @return [Types::AccountRecoverySettingType]
|
3779
3833
|
#
|
3780
3834
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolRequest AWS API Documentation
|
@@ -5255,8 +5309,8 @@ module Aws::CognitoIdentityProvider
|
|
5255
5309
|
# *This response parameter is no longer supported.* It provides
|
5256
5310
|
# information only about SMS MFA configurations. It doesn't provide
|
5257
5311
|
# information about TOTP software token MFA configurations. To look up
|
5258
|
-
# information about either type of MFA configuration, use
|
5259
|
-
#
|
5312
|
+
# information about either type of MFA configuration, use
|
5313
|
+
# UserMFASettingList instead.
|
5260
5314
|
# @return [Array<Types::MFAOptionType>]
|
5261
5315
|
#
|
5262
5316
|
# @!attribute [rw] preferred_mfa_setting
|
@@ -5426,7 +5480,15 @@ module Aws::CognitoIdentityProvider
|
|
5426
5480
|
# The identity provider details. The following list describes the
|
5427
5481
|
# provider detail keys for each identity provider type.
|
5428
5482
|
#
|
5429
|
-
# * For Google
|
5483
|
+
# * For Google and Login with Amazon:
|
5484
|
+
#
|
5485
|
+
# * client\_id
|
5486
|
+
#
|
5487
|
+
# * client\_secret
|
5488
|
+
#
|
5489
|
+
# * authorize\_scopes
|
5490
|
+
#
|
5491
|
+
# * For Facebook:
|
5430
5492
|
#
|
5431
5493
|
# * client\_id
|
5432
5494
|
#
|
@@ -5434,6 +5496,8 @@ module Aws::CognitoIdentityProvider
|
|
5434
5496
|
#
|
5435
5497
|
# * authorize\_scopes
|
5436
5498
|
#
|
5499
|
+
# * api\_version
|
5500
|
+
#
|
5437
5501
|
# * For Sign in with Apple:
|
5438
5502
|
#
|
5439
5503
|
# * client\_id
|
@@ -5578,14 +5642,16 @@ module Aws::CognitoIdentityProvider
|
|
5578
5642
|
#
|
5579
5643
|
# * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
|
5580
5644
|
# `SECRET_HASH` (required if the app client is configured with a
|
5581
|
-
# client secret), `DEVICE_KEY
|
5645
|
+
# client secret), `DEVICE_KEY`.
|
5582
5646
|
#
|
5583
5647
|
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN`
|
5584
5648
|
# (required), `SECRET_HASH` (required if the app client is
|
5585
|
-
# configured with a client secret), `DEVICE_KEY
|
5649
|
+
# configured with a client secret), `DEVICE_KEY`.
|
5586
5650
|
#
|
5587
5651
|
# * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
|
5588
|
-
# client is configured with client secret), `DEVICE_KEY
|
5652
|
+
# client is configured with client secret), `DEVICE_KEY`. To start
|
5653
|
+
# the authentication flow with password verification, include
|
5654
|
+
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
5589
5655
|
# @return [Hash<String,String>]
|
5590
5656
|
#
|
5591
5657
|
# @!attribute [rw] client_metadata
|
@@ -5717,10 +5783,10 @@ module Aws::CognitoIdentityProvider
|
|
5717
5783
|
#
|
5718
5784
|
# @!attribute [rw] session
|
5719
5785
|
# The session which should be passed both ways in challenge-response
|
5720
|
-
# calls to the service. If the
|
5721
|
-
#
|
5722
|
-
#
|
5723
|
-
#
|
5786
|
+
# calls to the service. If the caller needs to go through another
|
5787
|
+
# challenge, they return a session with other challenge parameters.
|
5788
|
+
# This session should be passed as it is to the next
|
5789
|
+
# `RespondToAuthChallenge` API call.
|
5724
5790
|
# @return [String]
|
5725
5791
|
#
|
5726
5792
|
# @!attribute [rw] challenge_parameters
|
@@ -6581,13 +6647,6 @@ module Aws::CognitoIdentityProvider
|
|
6581
6647
|
# MFA configurations. You can't use it for TOTP software token MFA
|
6582
6648
|
# configurations.
|
6583
6649
|
#
|
6584
|
-
# To set either type of MFA configuration, use the
|
6585
|
-
# AdminSetUserMFAPreference or SetUserMFAPreference actions.
|
6586
|
-
#
|
6587
|
-
# To look up information about either type of MFA configuration, use the
|
6588
|
-
# AdminGetUserResponse$UserMFASettingList or
|
6589
|
-
# GetUserResponse$UserMFASettingList responses.
|
6590
|
-
#
|
6591
6650
|
# @note When making an API call, you may pass MFAOptionType
|
6592
6651
|
# data as a hash:
|
6593
6652
|
#
|
@@ -7214,9 +7273,13 @@ module Aws::CognitoIdentityProvider
|
|
7214
7273
|
# @return [String]
|
7215
7274
|
#
|
7216
7275
|
# @!attribute [rw] challenge_name
|
7217
|
-
# The challenge name. For more information, see .
|
7276
|
+
# The challenge name. For more information, see [InitiateAuth][1].
|
7218
7277
|
#
|
7219
7278
|
# `ADMIN_NO_SRP_AUTH` is not a valid value.
|
7279
|
+
#
|
7280
|
+
#
|
7281
|
+
#
|
7282
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
|
7220
7283
|
# @return [String]
|
7221
7284
|
#
|
7222
7285
|
# @!attribute [rw] session
|
@@ -7324,19 +7387,28 @@ module Aws::CognitoIdentityProvider
|
|
7324
7387
|
# The response to respond to the authentication challenge.
|
7325
7388
|
#
|
7326
7389
|
# @!attribute [rw] challenge_name
|
7327
|
-
# The challenge name. For more information, see .
|
7390
|
+
# The challenge name. For more information, see [InitiateAuth][1].
|
7391
|
+
#
|
7392
|
+
#
|
7393
|
+
#
|
7394
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
|
7328
7395
|
# @return [String]
|
7329
7396
|
#
|
7330
7397
|
# @!attribute [rw] session
|
7331
7398
|
# The session which should be passed both ways in challenge-response
|
7332
|
-
# calls to the service. If the
|
7333
|
-
#
|
7334
|
-
#
|
7335
|
-
#
|
7399
|
+
# calls to the service. If the caller needs to go through another
|
7400
|
+
# challenge, they return a session with other challenge parameters.
|
7401
|
+
# This session should be passed as it is to the next
|
7402
|
+
# `RespondToAuthChallenge` API call.
|
7336
7403
|
# @return [String]
|
7337
7404
|
#
|
7338
7405
|
# @!attribute [rw] challenge_parameters
|
7339
|
-
# The challenge parameters. For more information, see
|
7406
|
+
# The challenge parameters. For more information, see
|
7407
|
+
# [InitiateAuth][1].
|
7408
|
+
#
|
7409
|
+
#
|
7410
|
+
#
|
7411
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
|
7340
7412
|
# @return [Hash<String,String>]
|
7341
7413
|
#
|
7342
7414
|
# @!attribute [rw] authentication_result
|
@@ -7493,8 +7565,9 @@ module Aws::CognitoIdentityProvider
|
|
7493
7565
|
# Specifies whether the attribute type is developer only. This
|
7494
7566
|
# attribute can only be modified by an administrator. Users will not
|
7495
7567
|
# be able to modify this attribute using their access token. For
|
7496
|
-
# example, `DeveloperOnlyAttribute` can be modified using
|
7497
|
-
# cannot be updated using
|
7568
|
+
# example, `DeveloperOnlyAttribute` can be modified using
|
7569
|
+
# AdminUpdateUserAttributes but cannot be updated using
|
7570
|
+
# UpdateUserAttributes.
|
7498
7571
|
#
|
7499
7572
|
#
|
7500
7573
|
#
|
@@ -8311,6 +8384,43 @@ module Aws::CognitoIdentityProvider
|
|
8311
8384
|
#
|
8312
8385
|
class TagResourceResponse < Aws::EmptyStructure; end
|
8313
8386
|
|
8387
|
+
# The data type for TokenValidityUnits that specifics the time
|
8388
|
+
# measurements for token validity.
|
8389
|
+
#
|
8390
|
+
# @note When making an API call, you may pass TokenValidityUnitsType
|
8391
|
+
# data as a hash:
|
8392
|
+
#
|
8393
|
+
# {
|
8394
|
+
# access_token: "seconds", # accepts seconds, minutes, hours, days
|
8395
|
+
# id_token: "seconds", # accepts seconds, minutes, hours, days
|
8396
|
+
# refresh_token: "seconds", # accepts seconds, minutes, hours, days
|
8397
|
+
# }
|
8398
|
+
#
|
8399
|
+
# @!attribute [rw] access_token
|
8400
|
+
# A time unit in “seconds”, “minutes”, “hours” or “days” for the value
|
8401
|
+
# in AccessTokenValidity, defaults to hours.
|
8402
|
+
# @return [String]
|
8403
|
+
#
|
8404
|
+
# @!attribute [rw] id_token
|
8405
|
+
# A time unit in “seconds”, “minutes”, “hours” or “days” for the value
|
8406
|
+
# in IdTokenValidity, defaults to hours.
|
8407
|
+
# @return [String]
|
8408
|
+
#
|
8409
|
+
# @!attribute [rw] refresh_token
|
8410
|
+
# A time unit in “seconds”, “minutes”, “hours” or “days” for the value
|
8411
|
+
# in RefreshTokenValidity, defaults to days.
|
8412
|
+
# @return [String]
|
8413
|
+
#
|
8414
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TokenValidityUnitsType AWS API Documentation
|
8415
|
+
#
|
8416
|
+
class TokenValidityUnitsType < Struct.new(
|
8417
|
+
:access_token,
|
8418
|
+
:id_token,
|
8419
|
+
:refresh_token)
|
8420
|
+
SENSITIVE = []
|
8421
|
+
include Aws::Structure
|
8422
|
+
end
|
8423
|
+
|
8314
8424
|
# This exception is thrown when the user has made too many failed
|
8315
8425
|
# attempts for a given action (e.g., sign in).
|
8316
8426
|
#
|
@@ -8578,7 +8688,11 @@ module Aws::CognitoIdentityProvider
|
|
8578
8688
|
#
|
8579
8689
|
# @!attribute [rw] precedence
|
8580
8690
|
# The new precedence value for the group. For more information about
|
8581
|
-
# this parameter, see .
|
8691
|
+
# this parameter, see [CreateGroup][1].
|
8692
|
+
#
|
8693
|
+
#
|
8694
|
+
#
|
8695
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html
|
8582
8696
|
# @return [Integer]
|
8583
8697
|
#
|
8584
8698
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateGroupRequest AWS API Documentation
|
@@ -8823,6 +8937,13 @@ module Aws::CognitoIdentityProvider
|
|
8823
8937
|
# client_id: "ClientIdType", # required
|
8824
8938
|
# client_name: "ClientNameType",
|
8825
8939
|
# refresh_token_validity: 1,
|
8940
|
+
# access_token_validity: 1,
|
8941
|
+
# id_token_validity: 1,
|
8942
|
+
# token_validity_units: {
|
8943
|
+
# access_token: "seconds", # accepts seconds, minutes, hours, days
|
8944
|
+
# id_token: "seconds", # accepts seconds, minutes, hours, days
|
8945
|
+
# refresh_token: "seconds", # accepts seconds, minutes, hours, days
|
8946
|
+
# },
|
8826
8947
|
# read_attributes: ["ClientPermissionType"],
|
8827
8948
|
# write_attributes: ["ClientPermissionType"],
|
8828
8949
|
# explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
|
@@ -8834,9 +8955,10 @@ module Aws::CognitoIdentityProvider
|
|
8834
8955
|
# allowed_o_auth_scopes: ["ScopeType"],
|
8835
8956
|
# allowed_o_auth_flows_user_pool_client: false,
|
8836
8957
|
# analytics_configuration: {
|
8837
|
-
# application_id: "HexStringType",
|
8838
|
-
#
|
8839
|
-
#
|
8958
|
+
# application_id: "HexStringType",
|
8959
|
+
# application_arn: "ArnType",
|
8960
|
+
# role_arn: "ArnType",
|
8961
|
+
# external_id: "StringType",
|
8840
8962
|
# user_data_shared: false,
|
8841
8963
|
# },
|
8842
8964
|
# prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
|
@@ -8860,6 +8982,22 @@ module Aws::CognitoIdentityProvider
|
|
8860
8982
|
# valid and cannot be used.
|
8861
8983
|
# @return [Integer]
|
8862
8984
|
#
|
8985
|
+
# @!attribute [rw] access_token_validity
|
8986
|
+
# The time limit, after which the access token is no longer valid and
|
8987
|
+
# cannot be used.
|
8988
|
+
# @return [Integer]
|
8989
|
+
#
|
8990
|
+
# @!attribute [rw] id_token_validity
|
8991
|
+
# The time limit, after which the ID token is no longer valid and
|
8992
|
+
# cannot be used.
|
8993
|
+
# @return [Integer]
|
8994
|
+
#
|
8995
|
+
# @!attribute [rw] token_validity_units
|
8996
|
+
# The units in which the validity times are represented in. Default
|
8997
|
+
# for RefreshToken is days, and default for ID and access tokens are
|
8998
|
+
# hours.
|
8999
|
+
# @return [Types::TokenValidityUnitsType]
|
9000
|
+
#
|
8863
9001
|
# @!attribute [rw] read_attributes
|
8864
9002
|
# The read-only attributes of the user pool.
|
8865
9003
|
# @return [Array<String>]
|
@@ -8982,9 +9120,10 @@ module Aws::CognitoIdentityProvider
|
|
8982
9120
|
# The Amazon Pinpoint analytics configuration for collecting metrics
|
8983
9121
|
# for this user pool.
|
8984
9122
|
#
|
8985
|
-
# <note markdown="1">
|
8986
|
-
#
|
8987
|
-
#
|
9123
|
+
# <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
|
9124
|
+
# supports sending events to Amazon Pinpoint projects in us-east-1. In
|
9125
|
+
# regions where Pinpoint is available, Cognito User Pools will support
|
9126
|
+
# sending events to Amazon Pinpoint projects within that same region.
|
8988
9127
|
#
|
8989
9128
|
# </note>
|
8990
9129
|
# @return [Types::AnalyticsConfigurationType]
|
@@ -9007,24 +9146,6 @@ module Aws::CognitoIdentityProvider
|
|
9007
9146
|
# * `LEGACY` - This represents the old behavior of Cognito where user
|
9008
9147
|
# existence related errors are not prevented.
|
9009
9148
|
#
|
9010
|
-
# This setting affects the behavior of following APIs:
|
9011
|
-
#
|
9012
|
-
# * AdminInitiateAuth
|
9013
|
-
#
|
9014
|
-
# * AdminRespondToAuthChallenge
|
9015
|
-
#
|
9016
|
-
# * InitiateAuth
|
9017
|
-
#
|
9018
|
-
# * RespondToAuthChallenge
|
9019
|
-
#
|
9020
|
-
# * ForgotPassword
|
9021
|
-
#
|
9022
|
-
# * ConfirmForgotPassword
|
9023
|
-
#
|
9024
|
-
# * ConfirmSignUp
|
9025
|
-
#
|
9026
|
-
# * ResendConfirmationCode
|
9027
|
-
#
|
9028
9149
|
# <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
|
9029
9150
|
# will default to `ENABLED` for newly created user pool clients if no
|
9030
9151
|
# value is provided.
|
@@ -9039,6 +9160,9 @@ module Aws::CognitoIdentityProvider
|
|
9039
9160
|
:client_id,
|
9040
9161
|
:client_name,
|
9041
9162
|
:refresh_token_validity,
|
9163
|
+
:access_token_validity,
|
9164
|
+
:id_token_validity,
|
9165
|
+
:token_validity_units,
|
9042
9166
|
:read_attributes,
|
9043
9167
|
:write_attributes,
|
9044
9168
|
:explicit_auth_flows,
|
@@ -9604,6 +9728,23 @@ module Aws::CognitoIdentityProvider
|
|
9604
9728
|
# valid and cannot be used.
|
9605
9729
|
# @return [Integer]
|
9606
9730
|
#
|
9731
|
+
# @!attribute [rw] access_token_validity
|
9732
|
+
# The time limit, specified by tokenValidityUnits, defaulting to
|
9733
|
+
# hours, after which the access token is no longer valid and cannot be
|
9734
|
+
# used.
|
9735
|
+
# @return [Integer]
|
9736
|
+
#
|
9737
|
+
# @!attribute [rw] id_token_validity
|
9738
|
+
# The time limit, specified by tokenValidityUnits, defaulting to
|
9739
|
+
# hours, after which the refresh token is no longer valid and cannot
|
9740
|
+
# be used.
|
9741
|
+
# @return [Integer]
|
9742
|
+
#
|
9743
|
+
# @!attribute [rw] token_validity_units
|
9744
|
+
# The time units used to specify the token validity times of their
|
9745
|
+
# respective token.
|
9746
|
+
# @return [Types::TokenValidityUnitsType]
|
9747
|
+
#
|
9607
9748
|
# @!attribute [rw] read_attributes
|
9608
9749
|
# The Read-only attributes.
|
9609
9750
|
# @return [Array<String>]
|
@@ -9751,24 +9892,6 @@ module Aws::CognitoIdentityProvider
|
|
9751
9892
|
# * `LEGACY` - This represents the old behavior of Cognito where user
|
9752
9893
|
# existence related errors are not prevented.
|
9753
9894
|
#
|
9754
|
-
# This setting affects the behavior of following APIs:
|
9755
|
-
#
|
9756
|
-
# * AdminInitiateAuth
|
9757
|
-
#
|
9758
|
-
# * AdminRespondToAuthChallenge
|
9759
|
-
#
|
9760
|
-
# * InitiateAuth
|
9761
|
-
#
|
9762
|
-
# * RespondToAuthChallenge
|
9763
|
-
#
|
9764
|
-
# * ForgotPassword
|
9765
|
-
#
|
9766
|
-
# * ConfirmForgotPassword
|
9767
|
-
#
|
9768
|
-
# * ConfirmSignUp
|
9769
|
-
#
|
9770
|
-
# * ResendConfirmationCode
|
9771
|
-
#
|
9772
9895
|
# <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
|
9773
9896
|
# will default to `ENABLED` for newly created user pool clients if no
|
9774
9897
|
# value is provided.
|
@@ -9786,6 +9909,9 @@ module Aws::CognitoIdentityProvider
|
|
9786
9909
|
:last_modified_date,
|
9787
9910
|
:creation_date,
|
9788
9911
|
:refresh_token_validity,
|
9912
|
+
:access_token_validity,
|
9913
|
+
:id_token_validity,
|
9914
|
+
:token_validity_units,
|
9789
9915
|
:read_attributes,
|
9790
9916
|
:write_attributes,
|
9791
9917
|
:explicit_auth_flows,
|
@@ -10028,7 +10154,11 @@ module Aws::CognitoIdentityProvider
|
|
10028
10154
|
# the selected sign-in option. For example, when this is set to
|
10029
10155
|
# `False`, users will be able to sign in using either "username" or
|
10030
10156
|
# "Username". This configuration is immutable once it has been set.
|
10031
|
-
# For more information, see .
|
10157
|
+
# For more information, see [UsernameConfigurationType][1].
|
10158
|
+
#
|
10159
|
+
#
|
10160
|
+
#
|
10161
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html
|
10032
10162
|
# @return [Types::UsernameConfigurationType]
|
10033
10163
|
#
|
10034
10164
|
# @!attribute [rw] arn
|
@@ -10272,6 +10402,11 @@ module Aws::CognitoIdentityProvider
|
|
10272
10402
|
#
|
10273
10403
|
# @!attribute [rw] user_code
|
10274
10404
|
# The one time password computed using the secret code returned by
|
10405
|
+
# [AssociateSoftwareToken"][1].
|
10406
|
+
#
|
10407
|
+
#
|
10408
|
+
#
|
10409
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html
|
10275
10410
|
# @return [String]
|
10276
10411
|
#
|
10277
10412
|
# @!attribute [rw] friendly_device_name
|