aws-sdk-cognitoidentityprovider 1.42.0 → 1.47.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f54a1c397a7bffad647c09ed1e65207398c2324ef019f507d03dcd00882bcbae
4
- data.tar.gz: 65e04a6716de9dd0ef3fe30f5ae5dd5fb6a4dc09f2ed9161559eb6387ff5a3af
3
+ metadata.gz: a721450b31c04d06876859751dfa353d137b249e70504014afe5f96bc4880813
4
+ data.tar.gz: e39836875a66d78d506d7ee0506637d889ed51ad2db88f6cdee792f4b244d317
5
5
  SHA512:
6
- metadata.gz: f45cfaf702ed5dde2a72e854cbfe572aaf3bca798122f72137aec9c57bec40ac963e168d9370d6a7b42c149d1a11e31c3e225ac5ed553975370263e9ab41ab32
7
- data.tar.gz: 4c54b298abe8d3003e0122ed56876e0beffbfb7893d2af2549cc6a92b537f8c0b342544415842e6954ab5daab10141af876b62b37639e3679f07c0378eebff45
6
+ metadata.gz: 8369e6432be49a65556c8046b7309783e9753c6bc6712f1198a7e103fbf7d47ad4e2b08bbdb27ae2c01177068d7009224a9250cfff2b81a83c657250e72a98ba
7
+ data.tar.gz: cf47dfa70fe08b2133f43d49f69dfc0ff035a418209c3967f17429359a07206cade8ec71546e19eac1e621593658c493ad7f7bdeaeb95f57ffdb5a8748e7ee38
@@ -7,6 +7,7 @@
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
44
45
  #
45
46
  # See {Errors} for more information.
46
47
  #
47
- # @service
48
+ # @!group service
48
49
  module Aws::CognitoIdentityProvider
49
50
 
50
- GEM_VERSION = '1.42.0'
51
+ GEM_VERSION = '1.47.0'
51
52
 
52
53
  end
@@ -85,13 +85,28 @@ module Aws::CognitoIdentityProvider
85
85
  # * `Aws::Credentials` - Used for configuring static, non-refreshing
86
86
  # credentials.
87
87
  #
88
+ # * `Aws::SharedCredentials` - Used for loading static credentials from a
89
+ # shared file, such as `~/.aws/config`.
90
+ #
91
+ # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
92
+ #
93
+ # * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
94
+ # assume a role after providing credentials via the web.
95
+ #
96
+ # * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
97
+ # access token generated from `aws login`.
98
+ #
99
+ # * `Aws::ProcessCredentials` - Used for loading credentials from a
100
+ # process that outputs to stdout.
101
+ #
88
102
  # * `Aws::InstanceProfileCredentials` - Used for loading credentials
89
103
  # from an EC2 IMDS on an EC2 instance.
90
104
  #
91
- # * `Aws::SharedCredentials` - Used for loading credentials from a
92
- # shared file, such as `~/.aws/config`.
105
+ # * `Aws::ECSCredentials` - Used for loading credentials from
106
+ # instances running in ECS.
93
107
  #
94
- # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
108
+ # * `Aws::CognitoIdentityCredentials` - Used for loading credentials
109
+ # from the Cognito Identity service.
95
110
  #
96
111
  # When `:credentials` are not configured directly, the following
97
112
  # locations will be searched for credentials:
@@ -101,10 +116,10 @@ module Aws::CognitoIdentityProvider
101
116
  # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
102
117
  # * `~/.aws/credentials`
103
118
  # * `~/.aws/config`
104
- # * EC2 IMDS instance profile - When used by default, the timeouts are
105
- # very aggressive. Construct and pass an instance of
106
- # `Aws::InstanceProfileCredentails` to enable retries and extended
107
- # timeouts.
119
+ # * EC2/ECS IMDS instance profile - When used by default, the timeouts
120
+ # are very aggressive. Construct and pass an instance of
121
+ # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
122
+ # enable retries and extended timeouts.
108
123
  #
109
124
  # @option options [required, String] :region
110
125
  # The AWS region to connect to. The configured `:region` is
@@ -471,19 +486,18 @@ module Aws::CognitoIdentityProvider
471
486
  # If `MessageAction` is not set, the default is to send a welcome
472
487
  # message via email or phone (SMS).
473
488
  #
474
- # <note markdown="1"> This message is based on a template that you configured in your call
475
- # to or . This template includes your custom sign-up instructions and
476
- # placeholders for user name and temporary password.
477
- #
478
- # </note>
489
+ # This message is based on a template that you configured in your call
490
+ # to create or update a user pool. This template includes your custom
491
+ # sign-up instructions and placeholders for user name and temporary
492
+ # password.
479
493
  #
480
- # Alternatively, you can call AdminCreateUser with “SUPPRESS” for the
494
+ # Alternatively, you can call `AdminCreateUser` with “SUPPRESS” for the
481
495
  # `MessageAction` parameter, and Amazon Cognito will not send any email.
482
496
  #
483
497
  # In either case, the user will be in the `FORCE_CHANGE_PASSWORD` state
484
498
  # until they sign in and change their password.
485
499
  #
486
- # AdminCreateUser requires developer credentials.
500
+ # `AdminCreateUser` requires developer credentials.
487
501
  #
488
502
  # @option params [required, String] :user_pool_id
489
503
  # The user pool ID for the user pool where the user will be created.
@@ -497,10 +511,10 @@ module Aws::CognitoIdentityProvider
497
511
  # An array of name-value pairs that contain user attributes and
498
512
  # attribute values to be set for the user to be created. You can create
499
513
  # a user without specifying any attributes other than `Username`.
500
- # However, any attributes that you specify as required (in or in the
501
- # **Attributes** tab of the console) must be supplied either by you (in
502
- # your call to `AdminCreateUser`) or by the user (when he or she signs
503
- # up in response to your welcome message).
514
+ # However, any attributes that you specify as required (when creating a
515
+ # user pool or in the **Attributes** tab of the console) must be
516
+ # supplied either by you (in your call to `AdminCreateUser`) or by the
517
+ # user (when he or she signs up in response to your welcome message).
504
518
  #
505
519
  # For custom attributes, you must prepend the `custom:` prefix to the
506
520
  # attribute name.
@@ -512,7 +526,8 @@ module Aws::CognitoIdentityProvider
512
526
  #
513
527
  # In your call to `AdminCreateUser`, you can set the `email_verified`
514
528
  # attribute to `True`, and you can set the `phone_number_verified`
515
- # attribute to `True`. (You can also do this by calling .)
529
+ # attribute to `True`. (You can also do this by calling
530
+ # [AdminUpdateUserAttributes][1].)
516
531
  #
517
532
  # * **email**\: The email address of the user to whom the message that
518
533
  # contains the code and username will be sent. Required if the
@@ -524,6 +539,10 @@ module Aws::CognitoIdentityProvider
524
539
  # `phone_number_verified` attribute is set to `True`, or if `"SMS"` is
525
540
  # specified in the `DesiredDeliveryMediums` parameter.
526
541
  #
542
+ #
543
+ #
544
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
545
+ #
527
546
  # @option params [Array<Types::AttributeType>] :validation_data
528
547
  # The user's validation data. This is an array of name-value pairs that
529
548
  # contain user attributes and attribute values that you can use for
@@ -745,7 +764,7 @@ module Aws::CognitoIdentityProvider
745
764
  # IdP user, any link between that user and an existing user is removed.
746
765
  # The next time the external user (no longer attached to the previously
747
766
  # linked `DestinationUser`) signs in, they must create a new user
748
- # account. See .
767
+ # account. See [AdminLinkProviderForUser][1].
749
768
  #
750
769
  # This action is enabled only for admin access and requires developer
751
770
  # credentials.
@@ -766,12 +785,16 @@ module Aws::CognitoIdentityProvider
766
785
  # For de-linking a SAML identity, there are two scenarios. If the linked
767
786
  # identity has not yet been used to sign-in, the `ProviderAttributeName`
768
787
  # and `ProviderAttributeValue` must be the same values that were used
769
- # for the `SourceUser` when the identities were originally linked in the
770
- # call. (If the linking was done with `ProviderAttributeName` set to
771
- # `Cognito_Subject`, the same applies here). However, if the user has
772
- # already signed in, the `ProviderAttributeName` must be
773
- # `Cognito_Subject` and `ProviderAttributeValue` must be the subject of
774
- # the SAML assertion.
788
+ # for the `SourceUser` when the identities were originally linked using
789
+ # ` AdminLinkProviderForUser` call. (If the linking was done with
790
+ # `ProviderAttributeName` set to `Cognito_Subject`, the same applies
791
+ # here). However, if the user has already signed in, the
792
+ # `ProviderAttributeName` must be `Cognito_Subject` and
793
+ # `ProviderAttributeValue` must be the subject of the SAML assertion.
794
+ #
795
+ #
796
+ #
797
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
775
798
  #
776
799
  # @option params [required, String] :user_pool_id
777
800
  # The user pool ID for the user pool.
@@ -1045,18 +1068,20 @@ module Aws::CognitoIdentityProvider
1045
1068
  #
1046
1069
  # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
1047
1070
  # `SECRET_HASH` (required if the app client is configured with a
1048
- # client secret), `DEVICE_KEY`
1071
+ # client secret), `DEVICE_KEY`.
1049
1072
  #
1050
1073
  # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
1051
1074
  # `SECRET_HASH` (required if the app client is configured with a
1052
- # client secret), `DEVICE_KEY`
1075
+ # client secret), `DEVICE_KEY`.
1053
1076
  #
1054
1077
  # * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
1055
1078
  # app client is configured with client secret), `PASSWORD` (required),
1056
- # `DEVICE_KEY`
1079
+ # `DEVICE_KEY`.
1057
1080
  #
1058
1081
  # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
1059
- # client is configured with client secret), `DEVICE_KEY`
1082
+ # client is configured with client secret), `DEVICE_KEY`. To start the
1083
+ # authentication flow with password verification, include
1084
+ # `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
1060
1085
  #
1061
1086
  # @option params [Hash<String,String>] :client_metadata
1062
1087
  # A map of custom key-value pairs that you can provide as input for
@@ -1202,13 +1227,15 @@ module Aws::CognitoIdentityProvider
1202
1227
  # that when the federated user identity is used, the user signs in as
1203
1228
  # the existing user account.
1204
1229
  #
1230
+ # <note markdown="1"> The maximum number of federated identities linked to a user is 5.
1231
+ #
1232
+ # </note>
1233
+ #
1205
1234
  # Because this API allows a user with an external federated identity to
1206
1235
  # sign in as an existing user in the user pool, it is critical that it
1207
1236
  # only be used with external identity providers and provider attributes
1208
1237
  # that have been trusted by the application owner.
1209
1238
  #
1210
- # See also .
1211
- #
1212
1239
  # This action is enabled only for admin access and requires developer
1213
1240
  # credentials.
1214
1241
  #
@@ -1578,7 +1605,11 @@ module Aws::CognitoIdentityProvider
1578
1605
  # The app client ID.
1579
1606
  #
1580
1607
  # @option params [required, String] :challenge_name
1581
- # The challenge name. For more information, see .
1608
+ # The challenge name. For more information, see [AdminInitiateAuth][1].
1609
+ #
1610
+ #
1611
+ #
1612
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
1582
1613
  #
1583
1614
  # @option params [Hash<String,String>] :challenge_responses
1584
1615
  # The challenge responses. These are inputs corresponding to the value
@@ -1816,9 +1847,13 @@ module Aws::CognitoIdentityProvider
1816
1847
 
1817
1848
  # *This action is no longer supported.* You can use it to configure only
1818
1849
  # SMS MFA. You can't use it to configure TOTP software token MFA. To
1819
- # configure either type of MFA, use the AdminSetUserMFAPreference action
1850
+ # configure either type of MFA, use [AdminSetUserMFAPreference][1]
1820
1851
  # instead.
1821
1852
  #
1853
+ #
1854
+ #
1855
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html
1856
+ #
1822
1857
  # @option params [required, String] :user_pool_id
1823
1858
  # The ID of the user pool that contains the user that you are setting
1824
1859
  # options for.
@@ -2176,7 +2211,11 @@ module Aws::CognitoIdentityProvider
2176
2211
  #
2177
2212
  # @option params [required, String] :confirmation_code
2178
2213
  # The confirmation code sent by a user's request to retrieve a
2179
- # forgotten password. For more information, see
2214
+ # forgotten password. For more information, see [ForgotPassword][1].
2215
+ #
2216
+ #
2217
+ #
2218
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
2180
2219
  #
2181
2220
  # @option params [required, String] :password
2182
2221
  # The password sent by a user's request to retrieve a forgotten
@@ -2446,7 +2485,15 @@ module Aws::CognitoIdentityProvider
2446
2485
  # The identity provider details. The following list describes the
2447
2486
  # provider detail keys for each identity provider type.
2448
2487
  #
2449
- # * For Google, Facebook and Login with Amazon:
2488
+ # * For Google and Login with Amazon:
2489
+ #
2490
+ # * client\_id
2491
+ #
2492
+ # * client\_secret
2493
+ #
2494
+ # * authorize\_scopes
2495
+ #
2496
+ # * For Facebook:
2450
2497
  #
2451
2498
  # * client\_id
2452
2499
  #
@@ -2454,6 +2501,8 @@ module Aws::CognitoIdentityProvider
2454
2501
  #
2455
2502
  # * authorize\_scopes
2456
2503
  #
2504
+ # * api\_version
2505
+ #
2457
2506
  # * For Sign in with Apple:
2458
2507
  #
2459
2508
  # * client\_id
@@ -2490,8 +2539,6 @@ module Aws::CognitoIdentityProvider
2490
2539
  # * jwks\_uri *if not available from discovery URL specified by
2491
2540
  # oidc\_issuer key*
2492
2541
  #
2493
- # * authorize\_scopes
2494
- #
2495
2542
  # * For SAML providers:
2496
2543
  #
2497
2544
  # * MetadataFile OR MetadataURL
@@ -2743,7 +2790,11 @@ module Aws::CognitoIdentityProvider
2743
2790
  # selected sign-in option. For example, when this is set to `False`,
2744
2791
  # users will be able to sign in using either "username" or
2745
2792
  # "Username". This configuration is immutable once it has been set.
2746
- # For more information, see .
2793
+ # For more information, see [UsernameConfigurationType][1].
2794
+ #
2795
+ #
2796
+ #
2797
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html
2747
2798
  #
2748
2799
  # @option params [Types::AccountRecoverySettingType] :account_recovery_setting
2749
2800
  # Use this setting to define which verified available method a user can
@@ -2754,12 +2805,6 @@ module Aws::CognitoIdentityProvider
2754
2805
  # the absence of this setting, Cognito uses the legacy behavior to
2755
2806
  # determine the recovery method where SMS is preferred over email.
2756
2807
  #
2757
- # <note markdown="1"> Starting February 1, 2020, the value of `AccountRecoverySetting` will
2758
- # default to `verified_email` first and `verified_phone_number` as the
2759
- # second option for newly created user pools if no value is provided.
2760
- #
2761
- # </note>
2762
- #
2763
2808
  # @return [Types::CreateUserPoolResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2764
2809
  #
2765
2810
  # * {Types::CreateUserPoolResponse#user_pool #user_pool} => Types::UserPoolType
@@ -2970,6 +3015,20 @@ module Aws::CognitoIdentityProvider
2970
3015
  # The time limit, in days, after which the refresh token is no longer
2971
3016
  # valid and cannot be used.
2972
3017
  #
3018
+ # @option params [Integer] :access_token_validity
3019
+ # The time limit, between 5 minutes and 1 day, after which the access
3020
+ # token is no longer valid and cannot be used. This value will be
3021
+ # overridden if you have entered a value in TokenValidityUnits.
3022
+ #
3023
+ # @option params [Integer] :id_token_validity
3024
+ # The time limit, between 5 minutes and 1 day, after which the ID token
3025
+ # is no longer valid and cannot be used. This value will be overridden
3026
+ # if you have entered a value in TokenValidityUnits.
3027
+ #
3028
+ # @option params [Types::TokenValidityUnitsType] :token_validity_units
3029
+ # The units in which the validity times are represented in. Default for
3030
+ # RefreshToken is days, and default for ID and access tokens are hours.
3031
+ #
2973
3032
  # @option params [Array<String>] :read_attributes
2974
3033
  # The read attributes.
2975
3034
  #
@@ -3094,9 +3153,10 @@ module Aws::CognitoIdentityProvider
3094
3153
  # The Amazon Pinpoint analytics configuration for collecting metrics for
3095
3154
  # this user pool.
3096
3155
  #
3097
- # <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
3098
- # projects in the US East (N. Virginia) us-east-1 Region, regardless of
3099
- # the region in which the user pool resides.
3156
+ # <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
3157
+ # supports sending events to Amazon Pinpoint projects in us-east-1. In
3158
+ # regions where Pinpoint is available, Cognito User Pools will support
3159
+ # sending events to Amazon Pinpoint projects within that same region.
3100
3160
  #
3101
3161
  # </note>
3102
3162
  #
@@ -3118,24 +3178,6 @@ module Aws::CognitoIdentityProvider
3118
3178
  # * `LEGACY` - This represents the old behavior of Cognito where user
3119
3179
  # existence related errors are not prevented.
3120
3180
  #
3121
- # This setting affects the behavior of following APIs:
3122
- #
3123
- # * AdminInitiateAuth
3124
- #
3125
- # * AdminRespondToAuthChallenge
3126
- #
3127
- # * InitiateAuth
3128
- #
3129
- # * RespondToAuthChallenge
3130
- #
3131
- # * ForgotPassword
3132
- #
3133
- # * ConfirmForgotPassword
3134
- #
3135
- # * ConfirmSignUp
3136
- #
3137
- # * ResendConfirmationCode
3138
- #
3139
3181
  # <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
3140
3182
  # will default to `ENABLED` for newly created user pool clients if no
3141
3183
  # value is provided.
@@ -3153,6 +3195,13 @@ module Aws::CognitoIdentityProvider
3153
3195
  # client_name: "ClientNameType", # required
3154
3196
  # generate_secret: false,
3155
3197
  # refresh_token_validity: 1,
3198
+ # access_token_validity: 1,
3199
+ # id_token_validity: 1,
3200
+ # token_validity_units: {
3201
+ # access_token: "seconds", # accepts seconds, minutes, hours, days
3202
+ # id_token: "seconds", # accepts seconds, minutes, hours, days
3203
+ # refresh_token: "seconds", # accepts seconds, minutes, hours, days
3204
+ # },
3156
3205
  # read_attributes: ["ClientPermissionType"],
3157
3206
  # write_attributes: ["ClientPermissionType"],
3158
3207
  # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
@@ -3164,9 +3213,10 @@ module Aws::CognitoIdentityProvider
3164
3213
  # allowed_o_auth_scopes: ["ScopeType"],
3165
3214
  # allowed_o_auth_flows_user_pool_client: false,
3166
3215
  # analytics_configuration: {
3167
- # application_id: "HexStringType", # required
3168
- # role_arn: "ArnType", # required
3169
- # external_id: "StringType", # required
3216
+ # application_id: "HexStringType",
3217
+ # application_arn: "ArnType",
3218
+ # role_arn: "ArnType",
3219
+ # external_id: "StringType",
3170
3220
  # user_data_shared: false,
3171
3221
  # },
3172
3222
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -3181,6 +3231,11 @@ module Aws::CognitoIdentityProvider
3181
3231
  # resp.user_pool_client.last_modified_date #=> Time
3182
3232
  # resp.user_pool_client.creation_date #=> Time
3183
3233
  # resp.user_pool_client.refresh_token_validity #=> Integer
3234
+ # resp.user_pool_client.access_token_validity #=> Integer
3235
+ # resp.user_pool_client.id_token_validity #=> Integer
3236
+ # resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
3237
+ # resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
3238
+ # resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
3184
3239
  # resp.user_pool_client.read_attributes #=> Array
3185
3240
  # resp.user_pool_client.read_attributes[0] #=> String
3186
3241
  # resp.user_pool_client.write_attributes #=> Array
@@ -3200,6 +3255,7 @@ module Aws::CognitoIdentityProvider
3200
3255
  # resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
3201
3256
  # resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
3202
3257
  # resp.user_pool_client.analytics_configuration.application_id #=> String
3258
+ # resp.user_pool_client.analytics_configuration.application_arn #=> String
3203
3259
  # resp.user_pool_client.analytics_configuration.role_arn #=> String
3204
3260
  # resp.user_pool_client.analytics_configuration.external_id #=> String
3205
3261
  # resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
@@ -3786,6 +3842,11 @@ module Aws::CognitoIdentityProvider
3786
3842
  # resp.user_pool_client.last_modified_date #=> Time
3787
3843
  # resp.user_pool_client.creation_date #=> Time
3788
3844
  # resp.user_pool_client.refresh_token_validity #=> Integer
3845
+ # resp.user_pool_client.access_token_validity #=> Integer
3846
+ # resp.user_pool_client.id_token_validity #=> Integer
3847
+ # resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
3848
+ # resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
3849
+ # resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
3789
3850
  # resp.user_pool_client.read_attributes #=> Array
3790
3851
  # resp.user_pool_client.read_attributes[0] #=> String
3791
3852
  # resp.user_pool_client.write_attributes #=> Array
@@ -3805,6 +3866,7 @@ module Aws::CognitoIdentityProvider
3805
3866
  # resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
3806
3867
  # resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
3807
3868
  # resp.user_pool_client.analytics_configuration.application_id #=> String
3869
+ # resp.user_pool_client.analytics_configuration.application_arn #=> String
3808
3870
  # resp.user_pool_client.analytics_configuration.role_arn #=> String
3809
3871
  # resp.user_pool_client.analytics_configuration.external_id #=> String
3810
3872
  # resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
@@ -3885,10 +3947,15 @@ module Aws::CognitoIdentityProvider
3885
3947
  # the `Username` parameter, you can use the username or user alias. The
3886
3948
  # method used to send the confirmation code is sent according to the
3887
3949
  # specified AccountRecoverySetting. For more information, see
3888
- # [Recovering User Accounts]() in the *Amazon Cognito Developer Guide*.
3950
+ # [Recovering User Accounts][1] in the *Amazon Cognito Developer Guide*.
3889
3951
  # If neither a verified phone number nor a verified email exists, an
3890
3952
  # `InvalidParameterException` is thrown. To use the confirmation code
3891
- # for resetting the password, call .
3953
+ # for resetting the password, call [ConfirmForgotPassword][2].
3954
+ #
3955
+ #
3956
+ #
3957
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html
3958
+ # [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html
3892
3959
  #
3893
3960
  # @option params [required, String] :client_id
3894
3961
  # The ID of the client associated with the user pool.
@@ -4432,14 +4499,16 @@ module Aws::CognitoIdentityProvider
4432
4499
  #
4433
4500
  # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
4434
4501
  # `SECRET_HASH` (required if the app client is configured with a
4435
- # client secret), `DEVICE_KEY`
4502
+ # client secret), `DEVICE_KEY`.
4436
4503
  #
4437
4504
  # * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
4438
4505
  # `SECRET_HASH` (required if the app client is configured with a
4439
- # client secret), `DEVICE_KEY`
4506
+ # client secret), `DEVICE_KEY`.
4440
4507
  #
4441
4508
  # * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
4442
- # client is configured with client secret), `DEVICE_KEY`
4509
+ # client is configured with client secret), `DEVICE_KEY`. To start the
4510
+ # authentication flow with password verification, include
4511
+ # `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
4443
4512
  #
4444
4513
  # @option params [Hash<String,String>] :client_metadata
4445
4514
  # A map of custom key-value pairs that you can provide as input for
@@ -5219,10 +5288,14 @@ module Aws::CognitoIdentityProvider
5219
5288
  # The app client ID.
5220
5289
  #
5221
5290
  # @option params [required, String] :challenge_name
5222
- # The challenge name. For more information, see .
5291
+ # The challenge name. For more information, see [InitiateAuth][1].
5223
5292
  #
5224
5293
  # `ADMIN_NO_SRP_AUTH` is not a valid value.
5225
5294
  #
5295
+ #
5296
+ #
5297
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
5298
+ #
5226
5299
  # @option params [String] :session
5227
5300
  # The session which should be passed both ways in challenge-response
5228
5301
  # calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
@@ -5363,8 +5436,6 @@ module Aws::CognitoIdentityProvider
5363
5436
  # To enable Amazon Cognito advanced security features, update the user
5364
5437
  # pool to include the `UserPoolAddOns` key`AdvancedSecurityMode`.
5365
5438
  #
5366
- # See .
5367
- #
5368
5439
  # @option params [required, String] :user_pool_id
5369
5440
  # The user pool ID.
5370
5441
  #
@@ -5508,7 +5579,7 @@ module Aws::CognitoIdentityProvider
5508
5579
  # @option params [String] :css
5509
5580
  # The CSS values in the UI customization.
5510
5581
  #
5511
- # @option params [String, IO] :image_file
5582
+ # @option params [String, StringIO, File] :image_file
5512
5583
  # The uploaded logo image for the UI customization.
5513
5584
  #
5514
5585
  # @return [Types::SetUICustomizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -5647,8 +5718,11 @@ module Aws::CognitoIdentityProvider
5647
5718
 
5648
5719
  # *This action is no longer supported.* You can use it to configure only
5649
5720
  # SMS MFA. You can't use it to configure TOTP software token MFA. To
5650
- # configure either type of MFA, use the SetUserMFAPreference action
5651
- # instead.
5721
+ # configure either type of MFA, use [SetUserMFAPreference][1] instead.
5722
+ #
5723
+ #
5724
+ #
5725
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html
5652
5726
  #
5653
5727
  # @option params [required, String] :access_token
5654
5728
  # The access token for the set user settings request.
@@ -6063,7 +6137,11 @@ module Aws::CognitoIdentityProvider
6063
6137
  #
6064
6138
  # @option params [Integer] :precedence
6065
6139
  # The new precedence value for the group. For more information about
6066
- # this parameter, see .
6140
+ # this parameter, see [CreateGroup][1].
6141
+ #
6142
+ #
6143
+ #
6144
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html
6067
6145
  #
6068
6146
  # @return [Types::UpdateGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6069
6147
  #
@@ -6296,11 +6374,16 @@ module Aws::CognitoIdentityProvider
6296
6374
  end
6297
6375
 
6298
6376
  # Updates the specified user pool with the specified attributes. You can
6299
- # get a list of the current user pool settings with .
6377
+ # get a list of the current user pool settings using
6378
+ # [DescribeUserPool][1].
6300
6379
  #
6301
6380
  # If you don't provide a value for an attribute, it will be set to the
6302
6381
  # default value.
6303
6382
  #
6383
+ #
6384
+ #
6385
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html
6386
+ #
6304
6387
  # @option params [required, String] :user_pool_id
6305
6388
  # The user pool ID for the user pool you want to update.
6306
6389
  #
@@ -6465,11 +6548,15 @@ module Aws::CognitoIdentityProvider
6465
6548
 
6466
6549
  # Updates the specified user pool app client with the specified
6467
6550
  # attributes. You can get a list of the current user pool app client
6468
- # settings with .
6551
+ # settings using [DescribeUserPoolClient][1].
6469
6552
  #
6470
6553
  # If you don't provide a value for an attribute, it will be set to the
6471
6554
  # default value.
6472
6555
  #
6556
+ #
6557
+ #
6558
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html
6559
+ #
6473
6560
  # @option params [required, String] :user_pool_id
6474
6561
  # The user pool ID for the user pool where you want to update the user
6475
6562
  # pool client.
@@ -6484,6 +6571,18 @@ module Aws::CognitoIdentityProvider
6484
6571
  # The time limit, in days, after which the refresh token is no longer
6485
6572
  # valid and cannot be used.
6486
6573
  #
6574
+ # @option params [Integer] :access_token_validity
6575
+ # The time limit, after which the access token is no longer valid and
6576
+ # cannot be used.
6577
+ #
6578
+ # @option params [Integer] :id_token_validity
6579
+ # The time limit, after which the ID token is no longer valid and cannot
6580
+ # be used.
6581
+ #
6582
+ # @option params [Types::TokenValidityUnitsType] :token_validity_units
6583
+ # The units in which the validity times are represented in. Default for
6584
+ # RefreshToken is days, and default for ID and access tokens are hours.
6585
+ #
6487
6586
  # @option params [Array<String>] :read_attributes
6488
6587
  # The read-only attributes of the user pool.
6489
6588
  #
@@ -6594,9 +6693,10 @@ module Aws::CognitoIdentityProvider
6594
6693
  # The Amazon Pinpoint analytics configuration for collecting metrics for
6595
6694
  # this user pool.
6596
6695
  #
6597
- # <note markdown="1"> Cognito User Pools only supports sending events to Amazon Pinpoint
6598
- # projects in the US East (N. Virginia) us-east-1 Region, regardless of
6599
- # the region in which the user pool resides.
6696
+ # <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
6697
+ # supports sending events to Amazon Pinpoint projects in us-east-1. In
6698
+ # regions where Pinpoint is available, Cognito User Pools will support
6699
+ # sending events to Amazon Pinpoint projects within that same region.
6600
6700
  #
6601
6701
  # </note>
6602
6702
  #
@@ -6618,24 +6718,6 @@ module Aws::CognitoIdentityProvider
6618
6718
  # * `LEGACY` - This represents the old behavior of Cognito where user
6619
6719
  # existence related errors are not prevented.
6620
6720
  #
6621
- # This setting affects the behavior of following APIs:
6622
- #
6623
- # * AdminInitiateAuth
6624
- #
6625
- # * AdminRespondToAuthChallenge
6626
- #
6627
- # * InitiateAuth
6628
- #
6629
- # * RespondToAuthChallenge
6630
- #
6631
- # * ForgotPassword
6632
- #
6633
- # * ConfirmForgotPassword
6634
- #
6635
- # * ConfirmSignUp
6636
- #
6637
- # * ResendConfirmationCode
6638
- #
6639
6721
  # <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
6640
6722
  # will default to `ENABLED` for newly created user pool clients if no
6641
6723
  # value is provided.
@@ -6653,6 +6735,13 @@ module Aws::CognitoIdentityProvider
6653
6735
  # client_id: "ClientIdType", # required
6654
6736
  # client_name: "ClientNameType",
6655
6737
  # refresh_token_validity: 1,
6738
+ # access_token_validity: 1,
6739
+ # id_token_validity: 1,
6740
+ # token_validity_units: {
6741
+ # access_token: "seconds", # accepts seconds, minutes, hours, days
6742
+ # id_token: "seconds", # accepts seconds, minutes, hours, days
6743
+ # refresh_token: "seconds", # accepts seconds, minutes, hours, days
6744
+ # },
6656
6745
  # read_attributes: ["ClientPermissionType"],
6657
6746
  # write_attributes: ["ClientPermissionType"],
6658
6747
  # explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
@@ -6664,9 +6753,10 @@ module Aws::CognitoIdentityProvider
6664
6753
  # allowed_o_auth_scopes: ["ScopeType"],
6665
6754
  # allowed_o_auth_flows_user_pool_client: false,
6666
6755
  # analytics_configuration: {
6667
- # application_id: "HexStringType", # required
6668
- # role_arn: "ArnType", # required
6669
- # external_id: "StringType", # required
6756
+ # application_id: "HexStringType",
6757
+ # application_arn: "ArnType",
6758
+ # role_arn: "ArnType",
6759
+ # external_id: "StringType",
6670
6760
  # user_data_shared: false,
6671
6761
  # },
6672
6762
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -6681,6 +6771,11 @@ module Aws::CognitoIdentityProvider
6681
6771
  # resp.user_pool_client.last_modified_date #=> Time
6682
6772
  # resp.user_pool_client.creation_date #=> Time
6683
6773
  # resp.user_pool_client.refresh_token_validity #=> Integer
6774
+ # resp.user_pool_client.access_token_validity #=> Integer
6775
+ # resp.user_pool_client.id_token_validity #=> Integer
6776
+ # resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
6777
+ # resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
6778
+ # resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
6684
6779
  # resp.user_pool_client.read_attributes #=> Array
6685
6780
  # resp.user_pool_client.read_attributes[0] #=> String
6686
6781
  # resp.user_pool_client.write_attributes #=> Array
@@ -6700,6 +6795,7 @@ module Aws::CognitoIdentityProvider
6700
6795
  # resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
6701
6796
  # resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
6702
6797
  # resp.user_pool_client.analytics_configuration.application_id #=> String
6798
+ # resp.user_pool_client.analytics_configuration.application_arn #=> String
6703
6799
  # resp.user_pool_client.analytics_configuration.role_arn #=> String
6704
6800
  # resp.user_pool_client.analytics_configuration.external_id #=> String
6705
6801
  # resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
@@ -6806,6 +6902,11 @@ module Aws::CognitoIdentityProvider
6806
6902
  #
6807
6903
  # @option params [required, String] :user_code
6808
6904
  # The one time password computed using the secret code returned by
6905
+ # [AssociateSoftwareToken"][1].
6906
+ #
6907
+ #
6908
+ #
6909
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html
6809
6910
  #
6810
6911
  # @option params [String] :friendly_device_name
6811
6912
  # The friendly device name.
@@ -6881,7 +6982,7 @@ module Aws::CognitoIdentityProvider
6881
6982
  params: params,
6882
6983
  config: config)
6883
6984
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
6884
- context[:gem_version] = '1.42.0'
6985
+ context[:gem_version] = '1.47.0'
6885
6986
  Seahorse::Client::Request.new(handlers, context)
6886
6987
  end
6887
6988