aws-sdk-cognitoidentityprovider 1.48.0 → 1.53.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -345,6 +345,8 @@ module Aws::CognitoIdentityProvider
345
345
  ResourceServersListType = Shapes::ListShape.new(name: 'ResourceServersListType')
346
346
  RespondToAuthChallengeRequest = Shapes::StructureShape.new(name: 'RespondToAuthChallengeRequest')
347
347
  RespondToAuthChallengeResponse = Shapes::StructureShape.new(name: 'RespondToAuthChallengeResponse')
348
+ RevokeTokenRequest = Shapes::StructureShape.new(name: 'RevokeTokenRequest')
349
+ RevokeTokenResponse = Shapes::StructureShape.new(name: 'RevokeTokenResponse')
348
350
  RiskConfigurationType = Shapes::StructureShape.new(name: 'RiskConfigurationType')
349
351
  RiskDecisionType = Shapes::StringShape.new(name: 'RiskDecisionType')
350
352
  RiskExceptionConfigurationType = Shapes::StructureShape.new(name: 'RiskExceptionConfigurationType')
@@ -401,8 +403,11 @@ module Aws::CognitoIdentityProvider
401
403
  TooManyFailedAttemptsException = Shapes::StructureShape.new(name: 'TooManyFailedAttemptsException')
402
404
  TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
403
405
  UICustomizationType = Shapes::StructureShape.new(name: 'UICustomizationType')
406
+ UnauthorizedException = Shapes::StructureShape.new(name: 'UnauthorizedException')
404
407
  UnexpectedLambdaException = Shapes::StructureShape.new(name: 'UnexpectedLambdaException')
405
408
  UnsupportedIdentityProviderException = Shapes::StructureShape.new(name: 'UnsupportedIdentityProviderException')
409
+ UnsupportedOperationException = Shapes::StructureShape.new(name: 'UnsupportedOperationException')
410
+ UnsupportedTokenTypeException = Shapes::StructureShape.new(name: 'UnsupportedTokenTypeException')
406
411
  UnsupportedUserStateException = Shapes::StructureShape.new(name: 'UnsupportedUserStateException')
407
412
  UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
408
413
  UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
@@ -917,6 +922,7 @@ module Aws::CognitoIdentityProvider
917
922
  CreateUserPoolClientRequest.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient"))
918
923
  CreateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
919
924
  CreateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
925
+ CreateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
920
926
  CreateUserPoolClientRequest.struct_class = Types::CreateUserPoolClientRequest
921
927
 
922
928
  CreateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1506,6 +1512,13 @@ module Aws::CognitoIdentityProvider
1506
1512
  RespondToAuthChallengeResponse.add_member(:authentication_result, Shapes::ShapeRef.new(shape: AuthenticationResultType, location_name: "AuthenticationResult"))
1507
1513
  RespondToAuthChallengeResponse.struct_class = Types::RespondToAuthChallengeResponse
1508
1514
 
1515
+ RevokeTokenRequest.add_member(:token, Shapes::ShapeRef.new(shape: TokenModelType, required: true, location_name: "Token"))
1516
+ RevokeTokenRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, required: true, location_name: "ClientId"))
1517
+ RevokeTokenRequest.add_member(:client_secret, Shapes::ShapeRef.new(shape: ClientSecretType, location_name: "ClientSecret"))
1518
+ RevokeTokenRequest.struct_class = Types::RevokeTokenRequest
1519
+
1520
+ RevokeTokenResponse.struct_class = Types::RevokeTokenResponse
1521
+
1509
1522
  RiskConfigurationType.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "UserPoolId"))
1510
1523
  RiskConfigurationType.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, location_name: "ClientId"))
1511
1524
  RiskConfigurationType.add_member(:compromised_credentials_risk_configuration, Shapes::ShapeRef.new(shape: CompromisedCredentialsRiskConfigurationType, location_name: "CompromisedCredentialsRiskConfiguration"))
@@ -1665,12 +1678,21 @@ module Aws::CognitoIdentityProvider
1665
1678
  UICustomizationType.add_member(:creation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "CreationDate"))
1666
1679
  UICustomizationType.struct_class = Types::UICustomizationType
1667
1680
 
1681
+ UnauthorizedException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1682
+ UnauthorizedException.struct_class = Types::UnauthorizedException
1683
+
1668
1684
  UnexpectedLambdaException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1669
1685
  UnexpectedLambdaException.struct_class = Types::UnexpectedLambdaException
1670
1686
 
1671
1687
  UnsupportedIdentityProviderException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1672
1688
  UnsupportedIdentityProviderException.struct_class = Types::UnsupportedIdentityProviderException
1673
1689
 
1690
+ UnsupportedOperationException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1691
+ UnsupportedOperationException.struct_class = Types::UnsupportedOperationException
1692
+
1693
+ UnsupportedTokenTypeException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1694
+ UnsupportedTokenTypeException.struct_class = Types::UnsupportedTokenTypeException
1695
+
1674
1696
  UnsupportedUserStateException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1675
1697
  UnsupportedUserStateException.struct_class = Types::UnsupportedUserStateException
1676
1698
 
@@ -1752,6 +1774,7 @@ module Aws::CognitoIdentityProvider
1752
1774
  UpdateUserPoolClientRequest.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient"))
1753
1775
  UpdateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
1754
1776
  UpdateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
1777
+ UpdateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
1755
1778
  UpdateUserPoolClientRequest.struct_class = Types::UpdateUserPoolClientRequest
1756
1779
 
1757
1780
  UpdateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1855,6 +1878,7 @@ module Aws::CognitoIdentityProvider
1855
1878
  UserPoolClientType.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient", metadata: {"box"=>true}))
1856
1879
  UserPoolClientType.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
1857
1880
  UserPoolClientType.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
1881
+ UserPoolClientType.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
1858
1882
  UserPoolClientType.struct_class = Types::UserPoolClientType
1859
1883
 
1860
1884
  UserPoolDescriptionType.add_member(:id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "Id"))
@@ -3276,6 +3300,20 @@ module Aws::CognitoIdentityProvider
3276
3300
  o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
3277
3301
  end)
3278
3302
 
3303
+ api.add_operation(:revoke_token, Seahorse::Model::Operation.new.tap do |o|
3304
+ o.name = "RevokeToken"
3305
+ o.http_method = "POST"
3306
+ o.http_request_uri = "/"
3307
+ o.input = Shapes::ShapeRef.new(shape: RevokeTokenRequest)
3308
+ o.output = Shapes::ShapeRef.new(shape: RevokeTokenResponse)
3309
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
3310
+ o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3311
+ o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
3312
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
3313
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
3314
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedTokenTypeException)
3315
+ end)
3316
+
3279
3317
  api.add_operation(:set_risk_configuration, Seahorse::Model::Operation.new.tap do |o|
3280
3318
  o.name = "SetRiskConfiguration"
3281
3319
  o.http_method = "POST"
@@ -2,7 +2,7 @@
2
2
  # WARNING ABOUT GENERATED CODE
3
3
  #
4
4
  # This file is generated. See the contributing for info on making contributions:
5
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
6
6
  #
7
7
  # WARNING ABOUT GENERATED CODE
8
8
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -54,8 +54,11 @@ module Aws::CognitoIdentityProvider
54
54
  # * {SoftwareTokenMFANotFoundException}
55
55
  # * {TooManyFailedAttemptsException}
56
56
  # * {TooManyRequestsException}
57
+ # * {UnauthorizedException}
57
58
  # * {UnexpectedLambdaException}
58
59
  # * {UnsupportedIdentityProviderException}
60
+ # * {UnsupportedOperationException}
61
+ # * {UnsupportedTokenTypeException}
59
62
  # * {UnsupportedUserStateException}
60
63
  # * {UserImportInProgressException}
61
64
  # * {UserLambdaValidationException}
@@ -476,6 +479,21 @@ module Aws::CognitoIdentityProvider
476
479
  end
477
480
  end
478
481
 
482
+ class UnauthorizedException < ServiceError
483
+
484
+ # @param [Seahorse::Client::RequestContext] context
485
+ # @param [String] message
486
+ # @param [Aws::CognitoIdentityProvider::Types::UnauthorizedException] data
487
+ def initialize(context, message, data = Aws::EmptyStructure.new)
488
+ super(context, message, data)
489
+ end
490
+
491
+ # @return [String]
492
+ def message
493
+ @message || @data[:message]
494
+ end
495
+ end
496
+
479
497
  class UnexpectedLambdaException < ServiceError
480
498
 
481
499
  # @param [Seahorse::Client::RequestContext] context
@@ -506,6 +524,36 @@ module Aws::CognitoIdentityProvider
506
524
  end
507
525
  end
508
526
 
527
+ class UnsupportedOperationException < ServiceError
528
+
529
+ # @param [Seahorse::Client::RequestContext] context
530
+ # @param [String] message
531
+ # @param [Aws::CognitoIdentityProvider::Types::UnsupportedOperationException] data
532
+ def initialize(context, message, data = Aws::EmptyStructure.new)
533
+ super(context, message, data)
534
+ end
535
+
536
+ # @return [String]
537
+ def message
538
+ @message || @data[:message]
539
+ end
540
+ end
541
+
542
+ class UnsupportedTokenTypeException < ServiceError
543
+
544
+ # @param [Seahorse::Client::RequestContext] context
545
+ # @param [String] message
546
+ # @param [Aws::CognitoIdentityProvider::Types::UnsupportedTokenTypeException] data
547
+ def initialize(context, message, data = Aws::EmptyStructure.new)
548
+ super(context, message, data)
549
+ end
550
+
551
+ # @return [String]
552
+ def message
553
+ @message || @data[:message]
554
+ end
555
+ end
556
+
509
557
  class UnsupportedUserStateException < ServiceError
510
558
 
511
559
  # @param [Seahorse::Client::RequestContext] context
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -705,7 +705,7 @@ module Aws::CognitoIdentityProvider
705
705
  #
706
706
  class AdminDisableProviderForUserResponse < Aws::EmptyStructure; end
707
707
 
708
- # Represents the request to disable any user as an administrator.
708
+ # Represents the request to disable the user as an administrator.
709
709
  #
710
710
  # @note When making an API call, you may pass AdminDisableUserRequest
711
711
  # data as a hash:
@@ -1191,10 +1191,22 @@ module Aws::CognitoIdentityProvider
1191
1191
  # with `USERNAME` and `PASSWORD` directly. An app client must be
1192
1192
  # enabled to use this flow.
1193
1193
  #
1194
- # * `NEW_PASSWORD_REQUIRED`\: For users which are required to change
1194
+ # * `NEW_PASSWORD_REQUIRED`\: For users who are required to change
1195
1195
  # their passwords after successful first login. This challenge
1196
1196
  # should be passed with `NEW_PASSWORD` and any other required
1197
1197
  # attributes.
1198
+ #
1199
+ # * `MFA_SETUP`\: For users who are required to setup an MFA factor
1200
+ # before they can sign-in. The MFA types enabled for the user pool
1201
+ # will be listed in the challenge parameters `MFA_CAN_SETUP` value.
1202
+ #
1203
+ # To setup software token MFA, use the session returned here from
1204
+ # `InitiateAuth` as an input to `AssociateSoftwareToken`, and use
1205
+ # the session returned by `VerifySoftwareToken` as an input to
1206
+ # `RespondToAuthChallenge` with challenge name `MFA_SETUP` to
1207
+ # complete sign-in. To setup SMS MFA, users will need help from an
1208
+ # administrator to add a phone number to their account and then call
1209
+ # `InitiateAuth` again to restart sign-in.
1198
1210
  # @return [String]
1199
1211
  #
1200
1212
  # @!attribute [rw] session
@@ -1671,6 +1683,10 @@ module Aws::CognitoIdentityProvider
1671
1683
  # attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
1672
1684
  # with client secret).
1673
1685
  #
1686
+ # * `MFA_SETUP` requires `USERNAME`, plus you need to use the session
1687
+ # value returned by `VerifySoftwareToken` in the `Session`
1688
+ # parameter.
1689
+ #
1674
1690
  # The value of the `USERNAME` attribute must be the user's actual
1675
1691
  # username, not an alias (such as email address or phone number). To
1676
1692
  # make this easier, the `AdminInitiateAuth` response includes the
@@ -3294,6 +3310,7 @@ module Aws::CognitoIdentityProvider
3294
3310
  # user_data_shared: false,
3295
3311
  # },
3296
3312
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
3313
+ # enable_token_revocation: false,
3297
3314
  # }
3298
3315
  #
3299
3316
  # @!attribute [rw] user_pool_id
@@ -3502,6 +3519,18 @@ module Aws::CognitoIdentityProvider
3502
3519
  # </note>
3503
3520
  # @return [String]
3504
3521
  #
3522
+ # @!attribute [rw] enable_token_revocation
3523
+ # Enables or disables token revocation. For more information about
3524
+ # revoking tokens, see [RevokeToken][1].
3525
+ #
3526
+ # If you don't include this parameter, token revocation is
3527
+ # automatically enabled for the new user pool client.
3528
+ #
3529
+ #
3530
+ #
3531
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
3532
+ # @return [Boolean]
3533
+ #
3505
3534
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClientRequest AWS API Documentation
3506
3535
  #
3507
3536
  class CreateUserPoolClientRequest < Struct.new(
@@ -3523,7 +3552,8 @@ module Aws::CognitoIdentityProvider
3523
3552
  :allowed_o_auth_scopes,
3524
3553
  :allowed_o_auth_flows_user_pool_client,
3525
3554
  :analytics_configuration,
3526
- :prevent_user_existence_errors)
3555
+ :prevent_user_existence_errors,
3556
+ :enable_token_revocation)
3527
3557
  SENSITIVE = []
3528
3558
  include Aws::Structure
3529
3559
  end
@@ -5648,8 +5678,6 @@ module Aws::CognitoIdentityProvider
5648
5678
  # * jwks\_uri *if not available from discovery URL specified by
5649
5679
  # oidc\_issuer key*
5650
5680
  #
5651
- # * authorize\_scopes
5652
- #
5653
5681
  # * For SAML providers:
5654
5682
  #
5655
5683
  # * MetadataFile OR MetadataURL
@@ -5889,10 +5917,22 @@ module Aws::CognitoIdentityProvider
5889
5917
  # * `DEVICE_PASSWORD_VERIFIER`\: Similar to `PASSWORD_VERIFIER`, but
5890
5918
  # for devices only.
5891
5919
  #
5892
- # * `NEW_PASSWORD_REQUIRED`\: For users which are required to change
5920
+ # * `NEW_PASSWORD_REQUIRED`\: For users who are required to change
5893
5921
  # their passwords after successful first login. This challenge
5894
5922
  # should be passed with `NEW_PASSWORD` and any other required
5895
5923
  # attributes.
5924
+ #
5925
+ # * `MFA_SETUP`\: For users who are required to setup an MFA factor
5926
+ # before they can sign-in. The MFA types enabled for the user pool
5927
+ # will be listed in the challenge parameters `MFA_CAN_SETUP` value.
5928
+ #
5929
+ # To setup software token MFA, use the session returned here from
5930
+ # `InitiateAuth` as an input to `AssociateSoftwareToken`, and use
5931
+ # the session returned by `VerifySoftwareToken` as an input to
5932
+ # `RespondToAuthChallenge` with challenge name `MFA_SETUP` to
5933
+ # complete sign-in. To setup SMS MFA, users will need help from an
5934
+ # administrator to add a phone number to their account and then call
5935
+ # `InitiateAuth` again to restart sign-in.
5896
5936
  # @return [String]
5897
5937
  #
5898
5938
  # @!attribute [rw] session
@@ -7467,6 +7507,10 @@ module Aws::CognitoIdentityProvider
7467
7507
  #
7468
7508
  # * `DEVICE_PASSWORD_VERIFIER` requires everything that
7469
7509
  # `PASSWORD_VERIFIER` requires plus `DEVICE_KEY`.
7510
+ #
7511
+ # * `MFA_SETUP` requires `USERNAME`, plus you need to use the session
7512
+ # value returned by `VerifySoftwareToken` in the `Session`
7513
+ # parameter.
7470
7514
  # @return [Hash<String,String>]
7471
7515
  #
7472
7516
  # @!attribute [rw] analytics_metadata
@@ -7578,6 +7622,42 @@ module Aws::CognitoIdentityProvider
7578
7622
  include Aws::Structure
7579
7623
  end
7580
7624
 
7625
+ # @note When making an API call, you may pass RevokeTokenRequest
7626
+ # data as a hash:
7627
+ #
7628
+ # {
7629
+ # token: "TokenModelType", # required
7630
+ # client_id: "ClientIdType", # required
7631
+ # client_secret: "ClientSecretType",
7632
+ # }
7633
+ #
7634
+ # @!attribute [rw] token
7635
+ # The token that you want to revoke.
7636
+ # @return [String]
7637
+ #
7638
+ # @!attribute [rw] client_id
7639
+ # The client ID for the token that you want to revoke.
7640
+ # @return [String]
7641
+ #
7642
+ # @!attribute [rw] client_secret
7643
+ # The secret for the client ID. This is required only if the client ID
7644
+ # has a secret.
7645
+ # @return [String]
7646
+ #
7647
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeTokenRequest AWS API Documentation
7648
+ #
7649
+ class RevokeTokenRequest < Struct.new(
7650
+ :token,
7651
+ :client_id,
7652
+ :client_secret)
7653
+ SENSITIVE = [:token, :client_id, :client_secret]
7654
+ include Aws::Structure
7655
+ end
7656
+
7657
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeTokenResponse AWS API Documentation
7658
+ #
7659
+ class RevokeTokenResponse < Aws::EmptyStructure; end
7660
+
7581
7661
  # The risk configuration type.
7582
7662
  #
7583
7663
  # @!attribute [rw] user_pool_id
@@ -8017,7 +8097,11 @@ module Aws::CognitoIdentityProvider
8017
8097
  # @return [Types::SoftwareTokenMfaConfigType]
8018
8098
  #
8019
8099
  # @!attribute [rw] mfa_configuration
8020
- # The MFA configuration. Valid values include:
8100
+ # The MFA configuration. Users who don't have an MFA factor set up
8101
+ # won't be able to sign-in if you set the MfaConfiguration value to
8102
+ # ‘ON’. See [Adding Multi-Factor Authentication (MFA) to a User
8103
+ # Pool](cognito/latest/developerguide/user-pool-settings-mfa.html) to
8104
+ # learn more. Valid values include:
8021
8105
  #
8022
8106
  # * `OFF` MFA will not be used for any users.
8023
8107
  #
@@ -8297,6 +8381,14 @@ module Aws::CognitoIdentityProvider
8297
8381
  # role for SMS MFA, Cognito will create a role with the required
8298
8382
  # permissions and a trust policy that demonstrates use of the
8299
8383
  # `ExternalId`.
8384
+ #
8385
+ # For more information about the `ExternalId` of a role, see [How to
8386
+ # use an external ID when granting access to your AWS resources to a
8387
+ # third party][1]
8388
+ #
8389
+ #
8390
+ #
8391
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
8300
8392
  # @return [String]
8301
8393
  #
8302
8394
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SmsConfigurationType AWS API Documentation
@@ -8672,6 +8764,20 @@ module Aws::CognitoIdentityProvider
8672
8764
  include Aws::Structure
8673
8765
  end
8674
8766
 
8767
+ # This exception is thrown when the request is not authorized. This can
8768
+ # happen due to an invalid access token in the request.
8769
+ #
8770
+ # @!attribute [rw] message
8771
+ # @return [String]
8772
+ #
8773
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnauthorizedException AWS API Documentation
8774
+ #
8775
+ class UnauthorizedException < Struct.new(
8776
+ :message)
8777
+ SENSITIVE = []
8778
+ include Aws::Structure
8779
+ end
8780
+
8675
8781
  # This exception is thrown when the Amazon Cognito service encounters an
8676
8782
  # unexpected exception with the AWS Lambda service.
8677
8783
  #
@@ -8702,6 +8808,34 @@ module Aws::CognitoIdentityProvider
8702
8808
  include Aws::Structure
8703
8809
  end
8704
8810
 
8811
+ # This exception is thrown when you attempt to perform an operation that
8812
+ # is not enabled for the user pool client.
8813
+ #
8814
+ # @!attribute [rw] message
8815
+ # @return [String]
8816
+ #
8817
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnsupportedOperationException AWS API Documentation
8818
+ #
8819
+ class UnsupportedOperationException < Struct.new(
8820
+ :message)
8821
+ SENSITIVE = []
8822
+ include Aws::Structure
8823
+ end
8824
+
8825
+ # This exception is thrown when an unsupported token is passed to an
8826
+ # operation.
8827
+ #
8828
+ # @!attribute [rw] message
8829
+ # @return [String]
8830
+ #
8831
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnsupportedTokenTypeException AWS API Documentation
8832
+ #
8833
+ class UnsupportedTokenTypeException < Struct.new(
8834
+ :message)
8835
+ SENSITIVE = []
8836
+ include Aws::Structure
8837
+ end
8838
+
8705
8839
  # The request failed because the user is in an unsupported state.
8706
8840
  #
8707
8841
  # @!attribute [rw] message
@@ -9136,6 +9270,7 @@ module Aws::CognitoIdentityProvider
9136
9270
  # user_data_shared: false,
9137
9271
  # },
9138
9272
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
9273
+ # enable_token_revocation: false,
9139
9274
  # }
9140
9275
  #
9141
9276
  # @!attribute [rw] user_pool_id
@@ -9327,6 +9462,15 @@ module Aws::CognitoIdentityProvider
9327
9462
  # </note>
9328
9463
  # @return [String]
9329
9464
  #
9465
+ # @!attribute [rw] enable_token_revocation
9466
+ # Enables or disables token revocation. For more information about
9467
+ # revoking tokens, see [RevokeToken][1].
9468
+ #
9469
+ #
9470
+ #
9471
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
9472
+ # @return [Boolean]
9473
+ #
9330
9474
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClientRequest AWS API Documentation
9331
9475
  #
9332
9476
  class UpdateUserPoolClientRequest < Struct.new(
@@ -9348,7 +9492,8 @@ module Aws::CognitoIdentityProvider
9348
9492
  :allowed_o_auth_scopes,
9349
9493
  :allowed_o_auth_flows_user_pool_client,
9350
9494
  :analytics_configuration,
9351
- :prevent_user_existence_errors)
9495
+ :prevent_user_existence_errors,
9496
+ :enable_token_revocation)
9352
9497
  SENSITIVE = [:client_id]
9353
9498
  include Aws::Structure
9354
9499
  end
@@ -9564,10 +9709,16 @@ module Aws::CognitoIdentityProvider
9564
9709
  # user registration.
9565
9710
  #
9566
9711
  # * `ON` - MFA tokens are required for all user registrations. You can
9567
- # only specify required when you are initially creating a user pool.
9712
+ # only specify ON when you are initially creating a user pool. You
9713
+ # can use the [SetUserPoolMfaConfig][1] API operation to turn MFA
9714
+ # "ON" for existing user pools.
9568
9715
  #
9569
9716
  # * `OPTIONAL` - Users have the option when registering to create an
9570
9717
  # MFA token.
9718
+ #
9719
+ #
9720
+ #
9721
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html
9571
9722
  # @return [String]
9572
9723
  #
9573
9724
  # @!attribute [rw] device_configuration
@@ -10082,6 +10233,17 @@ module Aws::CognitoIdentityProvider
10082
10233
  # </note>
10083
10234
  # @return [String]
10084
10235
  #
10236
+ # @!attribute [rw] enable_token_revocation
10237
+ # Indicates whether token revocation is enabled for the user pool
10238
+ # client. When you create a new user pool client, token revocation is
10239
+ # enabled by default. For more information about revoking tokens, see
10240
+ # [RevokeToken][1].
10241
+ #
10242
+ #
10243
+ #
10244
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
10245
+ # @return [Boolean]
10246
+ #
10085
10247
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolClientType AWS API Documentation
10086
10248
  #
10087
10249
  class UserPoolClientType < Struct.new(
@@ -10106,7 +10268,8 @@ module Aws::CognitoIdentityProvider
10106
10268
  :allowed_o_auth_scopes,
10107
10269
  :allowed_o_auth_flows_user_pool_client,
10108
10270
  :analytics_configuration,
10109
- :prevent_user_existence_errors)
10271
+ :prevent_user_existence_errors,
10272
+ :enable_token_revocation)
10110
10273
  SENSITIVE = [:client_id, :client_secret]
10111
10274
  include Aws::Structure
10112
10275
  end
@@ -10298,6 +10461,24 @@ module Aws::CognitoIdentityProvider
10298
10461
  # @!attribute [rw] sms_configuration_failure
10299
10462
  # The reason why the SMS configuration cannot send the messages to
10300
10463
  # your users.
10464
+ #
10465
+ # This message might include comma-separated values to describe why
10466
+ # your SMS configuration can't send messages to user pool end users.
10467
+ #
10468
+ # * InvalidSmsRoleAccessPolicyException - The IAM role which Cognito
10469
+ # uses to send SMS messages is not properly configured. For more
10470
+ # information, see [SmsConfigurationType][1].
10471
+ #
10472
+ # * SNSSandbox - The AWS account is in SNS Sandbox and messages won’t
10473
+ # reach unverified end users. This parameter won’t get populated
10474
+ # with SNSSandbox if the IAM user creating the user pool doesn’t
10475
+ # have SNS permissions. To learn how to move your AWS account out of
10476
+ # the sandbox, see [Moving out of the SMS sandbox][2].
10477
+ #
10478
+ #
10479
+ #
10480
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SmsConfigurationType.html
10481
+ # [2]: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox-moving-to-production.html
10301
10482
  # @return [String]
10302
10483
  #
10303
10484
  # @!attribute [rw] email_configuration_failure