aws-sdk-cognitoidentityprovider 1.48.0 → 1.53.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +348 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-cognitoidentityprovider.rb +2 -2
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +486 -8
- data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +39 -1
- data/lib/aws-sdk-cognitoidentityprovider/customizations.rb +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/errors.rb +49 -1
- data/lib/aws-sdk-cognitoidentityprovider/resource.rb +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +192 -11
- metadata +11 -9
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -345,6 +345,8 @@ module Aws::CognitoIdentityProvider
|
|
345
345
|
ResourceServersListType = Shapes::ListShape.new(name: 'ResourceServersListType')
|
346
346
|
RespondToAuthChallengeRequest = Shapes::StructureShape.new(name: 'RespondToAuthChallengeRequest')
|
347
347
|
RespondToAuthChallengeResponse = Shapes::StructureShape.new(name: 'RespondToAuthChallengeResponse')
|
348
|
+
RevokeTokenRequest = Shapes::StructureShape.new(name: 'RevokeTokenRequest')
|
349
|
+
RevokeTokenResponse = Shapes::StructureShape.new(name: 'RevokeTokenResponse')
|
348
350
|
RiskConfigurationType = Shapes::StructureShape.new(name: 'RiskConfigurationType')
|
349
351
|
RiskDecisionType = Shapes::StringShape.new(name: 'RiskDecisionType')
|
350
352
|
RiskExceptionConfigurationType = Shapes::StructureShape.new(name: 'RiskExceptionConfigurationType')
|
@@ -401,8 +403,11 @@ module Aws::CognitoIdentityProvider
|
|
401
403
|
TooManyFailedAttemptsException = Shapes::StructureShape.new(name: 'TooManyFailedAttemptsException')
|
402
404
|
TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
|
403
405
|
UICustomizationType = Shapes::StructureShape.new(name: 'UICustomizationType')
|
406
|
+
UnauthorizedException = Shapes::StructureShape.new(name: 'UnauthorizedException')
|
404
407
|
UnexpectedLambdaException = Shapes::StructureShape.new(name: 'UnexpectedLambdaException')
|
405
408
|
UnsupportedIdentityProviderException = Shapes::StructureShape.new(name: 'UnsupportedIdentityProviderException')
|
409
|
+
UnsupportedOperationException = Shapes::StructureShape.new(name: 'UnsupportedOperationException')
|
410
|
+
UnsupportedTokenTypeException = Shapes::StructureShape.new(name: 'UnsupportedTokenTypeException')
|
406
411
|
UnsupportedUserStateException = Shapes::StructureShape.new(name: 'UnsupportedUserStateException')
|
407
412
|
UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
|
408
413
|
UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
|
@@ -917,6 +922,7 @@ module Aws::CognitoIdentityProvider
|
|
917
922
|
CreateUserPoolClientRequest.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient"))
|
918
923
|
CreateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
|
919
924
|
CreateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
|
925
|
+
CreateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
|
920
926
|
CreateUserPoolClientRequest.struct_class = Types::CreateUserPoolClientRequest
|
921
927
|
|
922
928
|
CreateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
|
@@ -1506,6 +1512,13 @@ module Aws::CognitoIdentityProvider
|
|
1506
1512
|
RespondToAuthChallengeResponse.add_member(:authentication_result, Shapes::ShapeRef.new(shape: AuthenticationResultType, location_name: "AuthenticationResult"))
|
1507
1513
|
RespondToAuthChallengeResponse.struct_class = Types::RespondToAuthChallengeResponse
|
1508
1514
|
|
1515
|
+
RevokeTokenRequest.add_member(:token, Shapes::ShapeRef.new(shape: TokenModelType, required: true, location_name: "Token"))
|
1516
|
+
RevokeTokenRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, required: true, location_name: "ClientId"))
|
1517
|
+
RevokeTokenRequest.add_member(:client_secret, Shapes::ShapeRef.new(shape: ClientSecretType, location_name: "ClientSecret"))
|
1518
|
+
RevokeTokenRequest.struct_class = Types::RevokeTokenRequest
|
1519
|
+
|
1520
|
+
RevokeTokenResponse.struct_class = Types::RevokeTokenResponse
|
1521
|
+
|
1509
1522
|
RiskConfigurationType.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "UserPoolId"))
|
1510
1523
|
RiskConfigurationType.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, location_name: "ClientId"))
|
1511
1524
|
RiskConfigurationType.add_member(:compromised_credentials_risk_configuration, Shapes::ShapeRef.new(shape: CompromisedCredentialsRiskConfigurationType, location_name: "CompromisedCredentialsRiskConfiguration"))
|
@@ -1665,12 +1678,21 @@ module Aws::CognitoIdentityProvider
|
|
1665
1678
|
UICustomizationType.add_member(:creation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "CreationDate"))
|
1666
1679
|
UICustomizationType.struct_class = Types::UICustomizationType
|
1667
1680
|
|
1681
|
+
UnauthorizedException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
|
1682
|
+
UnauthorizedException.struct_class = Types::UnauthorizedException
|
1683
|
+
|
1668
1684
|
UnexpectedLambdaException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
|
1669
1685
|
UnexpectedLambdaException.struct_class = Types::UnexpectedLambdaException
|
1670
1686
|
|
1671
1687
|
UnsupportedIdentityProviderException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
|
1672
1688
|
UnsupportedIdentityProviderException.struct_class = Types::UnsupportedIdentityProviderException
|
1673
1689
|
|
1690
|
+
UnsupportedOperationException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
|
1691
|
+
UnsupportedOperationException.struct_class = Types::UnsupportedOperationException
|
1692
|
+
|
1693
|
+
UnsupportedTokenTypeException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
|
1694
|
+
UnsupportedTokenTypeException.struct_class = Types::UnsupportedTokenTypeException
|
1695
|
+
|
1674
1696
|
UnsupportedUserStateException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
|
1675
1697
|
UnsupportedUserStateException.struct_class = Types::UnsupportedUserStateException
|
1676
1698
|
|
@@ -1752,6 +1774,7 @@ module Aws::CognitoIdentityProvider
|
|
1752
1774
|
UpdateUserPoolClientRequest.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient"))
|
1753
1775
|
UpdateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
|
1754
1776
|
UpdateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
|
1777
|
+
UpdateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
|
1755
1778
|
UpdateUserPoolClientRequest.struct_class = Types::UpdateUserPoolClientRequest
|
1756
1779
|
|
1757
1780
|
UpdateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
|
@@ -1855,6 +1878,7 @@ module Aws::CognitoIdentityProvider
|
|
1855
1878
|
UserPoolClientType.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient", metadata: {"box"=>true}))
|
1856
1879
|
UserPoolClientType.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
|
1857
1880
|
UserPoolClientType.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
|
1881
|
+
UserPoolClientType.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
|
1858
1882
|
UserPoolClientType.struct_class = Types::UserPoolClientType
|
1859
1883
|
|
1860
1884
|
UserPoolDescriptionType.add_member(:id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "Id"))
|
@@ -3276,6 +3300,20 @@ module Aws::CognitoIdentityProvider
|
|
3276
3300
|
o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
|
3277
3301
|
end)
|
3278
3302
|
|
3303
|
+
api.add_operation(:revoke_token, Seahorse::Model::Operation.new.tap do |o|
|
3304
|
+
o.name = "RevokeToken"
|
3305
|
+
o.http_method = "POST"
|
3306
|
+
o.http_request_uri = "/"
|
3307
|
+
o.input = Shapes::ShapeRef.new(shape: RevokeTokenRequest)
|
3308
|
+
o.output = Shapes::ShapeRef.new(shape: RevokeTokenResponse)
|
3309
|
+
o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
|
3310
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
|
3311
|
+
o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
|
3312
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
3313
|
+
o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
|
3314
|
+
o.errors << Shapes::ShapeRef.new(shape: UnsupportedTokenTypeException)
|
3315
|
+
end)
|
3316
|
+
|
3279
3317
|
api.add_operation(:set_risk_configuration, Seahorse::Model::Operation.new.tap do |o|
|
3280
3318
|
o.name = "SetRiskConfiguration"
|
3281
3319
|
o.http_method = "POST"
|
@@ -2,7 +2,7 @@
|
|
2
2
|
# WARNING ABOUT GENERATED CODE
|
3
3
|
#
|
4
4
|
# This file is generated. See the contributing for info on making contributions:
|
5
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
5
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
6
6
|
#
|
7
7
|
# WARNING ABOUT GENERATED CODE
|
8
8
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -54,8 +54,11 @@ module Aws::CognitoIdentityProvider
|
|
54
54
|
# * {SoftwareTokenMFANotFoundException}
|
55
55
|
# * {TooManyFailedAttemptsException}
|
56
56
|
# * {TooManyRequestsException}
|
57
|
+
# * {UnauthorizedException}
|
57
58
|
# * {UnexpectedLambdaException}
|
58
59
|
# * {UnsupportedIdentityProviderException}
|
60
|
+
# * {UnsupportedOperationException}
|
61
|
+
# * {UnsupportedTokenTypeException}
|
59
62
|
# * {UnsupportedUserStateException}
|
60
63
|
# * {UserImportInProgressException}
|
61
64
|
# * {UserLambdaValidationException}
|
@@ -476,6 +479,21 @@ module Aws::CognitoIdentityProvider
|
|
476
479
|
end
|
477
480
|
end
|
478
481
|
|
482
|
+
class UnauthorizedException < ServiceError
|
483
|
+
|
484
|
+
# @param [Seahorse::Client::RequestContext] context
|
485
|
+
# @param [String] message
|
486
|
+
# @param [Aws::CognitoIdentityProvider::Types::UnauthorizedException] data
|
487
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
488
|
+
super(context, message, data)
|
489
|
+
end
|
490
|
+
|
491
|
+
# @return [String]
|
492
|
+
def message
|
493
|
+
@message || @data[:message]
|
494
|
+
end
|
495
|
+
end
|
496
|
+
|
479
497
|
class UnexpectedLambdaException < ServiceError
|
480
498
|
|
481
499
|
# @param [Seahorse::Client::RequestContext] context
|
@@ -506,6 +524,36 @@ module Aws::CognitoIdentityProvider
|
|
506
524
|
end
|
507
525
|
end
|
508
526
|
|
527
|
+
class UnsupportedOperationException < ServiceError
|
528
|
+
|
529
|
+
# @param [Seahorse::Client::RequestContext] context
|
530
|
+
# @param [String] message
|
531
|
+
# @param [Aws::CognitoIdentityProvider::Types::UnsupportedOperationException] data
|
532
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
533
|
+
super(context, message, data)
|
534
|
+
end
|
535
|
+
|
536
|
+
# @return [String]
|
537
|
+
def message
|
538
|
+
@message || @data[:message]
|
539
|
+
end
|
540
|
+
end
|
541
|
+
|
542
|
+
class UnsupportedTokenTypeException < ServiceError
|
543
|
+
|
544
|
+
# @param [Seahorse::Client::RequestContext] context
|
545
|
+
# @param [String] message
|
546
|
+
# @param [Aws::CognitoIdentityProvider::Types::UnsupportedTokenTypeException] data
|
547
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
548
|
+
super(context, message, data)
|
549
|
+
end
|
550
|
+
|
551
|
+
# @return [String]
|
552
|
+
def message
|
553
|
+
@message || @data[:message]
|
554
|
+
end
|
555
|
+
end
|
556
|
+
|
509
557
|
class UnsupportedUserStateException < ServiceError
|
510
558
|
|
511
559
|
# @param [Seahorse::Client::RequestContext] context
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -705,7 +705,7 @@ module Aws::CognitoIdentityProvider
|
|
705
705
|
#
|
706
706
|
class AdminDisableProviderForUserResponse < Aws::EmptyStructure; end
|
707
707
|
|
708
|
-
# Represents the request to disable
|
708
|
+
# Represents the request to disable the user as an administrator.
|
709
709
|
#
|
710
710
|
# @note When making an API call, you may pass AdminDisableUserRequest
|
711
711
|
# data as a hash:
|
@@ -1191,10 +1191,22 @@ module Aws::CognitoIdentityProvider
|
|
1191
1191
|
# with `USERNAME` and `PASSWORD` directly. An app client must be
|
1192
1192
|
# enabled to use this flow.
|
1193
1193
|
#
|
1194
|
-
# * `NEW_PASSWORD_REQUIRED`\: For users
|
1194
|
+
# * `NEW_PASSWORD_REQUIRED`\: For users who are required to change
|
1195
1195
|
# their passwords after successful first login. This challenge
|
1196
1196
|
# should be passed with `NEW_PASSWORD` and any other required
|
1197
1197
|
# attributes.
|
1198
|
+
#
|
1199
|
+
# * `MFA_SETUP`\: For users who are required to setup an MFA factor
|
1200
|
+
# before they can sign-in. The MFA types enabled for the user pool
|
1201
|
+
# will be listed in the challenge parameters `MFA_CAN_SETUP` value.
|
1202
|
+
#
|
1203
|
+
# To setup software token MFA, use the session returned here from
|
1204
|
+
# `InitiateAuth` as an input to `AssociateSoftwareToken`, and use
|
1205
|
+
# the session returned by `VerifySoftwareToken` as an input to
|
1206
|
+
# `RespondToAuthChallenge` with challenge name `MFA_SETUP` to
|
1207
|
+
# complete sign-in. To setup SMS MFA, users will need help from an
|
1208
|
+
# administrator to add a phone number to their account and then call
|
1209
|
+
# `InitiateAuth` again to restart sign-in.
|
1198
1210
|
# @return [String]
|
1199
1211
|
#
|
1200
1212
|
# @!attribute [rw] session
|
@@ -1671,6 +1683,10 @@ module Aws::CognitoIdentityProvider
|
|
1671
1683
|
# attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
|
1672
1684
|
# with client secret).
|
1673
1685
|
#
|
1686
|
+
# * `MFA_SETUP` requires `USERNAME`, plus you need to use the session
|
1687
|
+
# value returned by `VerifySoftwareToken` in the `Session`
|
1688
|
+
# parameter.
|
1689
|
+
#
|
1674
1690
|
# The value of the `USERNAME` attribute must be the user's actual
|
1675
1691
|
# username, not an alias (such as email address or phone number). To
|
1676
1692
|
# make this easier, the `AdminInitiateAuth` response includes the
|
@@ -3294,6 +3310,7 @@ module Aws::CognitoIdentityProvider
|
|
3294
3310
|
# user_data_shared: false,
|
3295
3311
|
# },
|
3296
3312
|
# prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
|
3313
|
+
# enable_token_revocation: false,
|
3297
3314
|
# }
|
3298
3315
|
#
|
3299
3316
|
# @!attribute [rw] user_pool_id
|
@@ -3502,6 +3519,18 @@ module Aws::CognitoIdentityProvider
|
|
3502
3519
|
# </note>
|
3503
3520
|
# @return [String]
|
3504
3521
|
#
|
3522
|
+
# @!attribute [rw] enable_token_revocation
|
3523
|
+
# Enables or disables token revocation. For more information about
|
3524
|
+
# revoking tokens, see [RevokeToken][1].
|
3525
|
+
#
|
3526
|
+
# If you don't include this parameter, token revocation is
|
3527
|
+
# automatically enabled for the new user pool client.
|
3528
|
+
#
|
3529
|
+
#
|
3530
|
+
#
|
3531
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
|
3532
|
+
# @return [Boolean]
|
3533
|
+
#
|
3505
3534
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClientRequest AWS API Documentation
|
3506
3535
|
#
|
3507
3536
|
class CreateUserPoolClientRequest < Struct.new(
|
@@ -3523,7 +3552,8 @@ module Aws::CognitoIdentityProvider
|
|
3523
3552
|
:allowed_o_auth_scopes,
|
3524
3553
|
:allowed_o_auth_flows_user_pool_client,
|
3525
3554
|
:analytics_configuration,
|
3526
|
-
:prevent_user_existence_errors
|
3555
|
+
:prevent_user_existence_errors,
|
3556
|
+
:enable_token_revocation)
|
3527
3557
|
SENSITIVE = []
|
3528
3558
|
include Aws::Structure
|
3529
3559
|
end
|
@@ -5648,8 +5678,6 @@ module Aws::CognitoIdentityProvider
|
|
5648
5678
|
# * jwks\_uri *if not available from discovery URL specified by
|
5649
5679
|
# oidc\_issuer key*
|
5650
5680
|
#
|
5651
|
-
# * authorize\_scopes
|
5652
|
-
#
|
5653
5681
|
# * For SAML providers:
|
5654
5682
|
#
|
5655
5683
|
# * MetadataFile OR MetadataURL
|
@@ -5889,10 +5917,22 @@ module Aws::CognitoIdentityProvider
|
|
5889
5917
|
# * `DEVICE_PASSWORD_VERIFIER`\: Similar to `PASSWORD_VERIFIER`, but
|
5890
5918
|
# for devices only.
|
5891
5919
|
#
|
5892
|
-
# * `NEW_PASSWORD_REQUIRED`\: For users
|
5920
|
+
# * `NEW_PASSWORD_REQUIRED`\: For users who are required to change
|
5893
5921
|
# their passwords after successful first login. This challenge
|
5894
5922
|
# should be passed with `NEW_PASSWORD` and any other required
|
5895
5923
|
# attributes.
|
5924
|
+
#
|
5925
|
+
# * `MFA_SETUP`\: For users who are required to setup an MFA factor
|
5926
|
+
# before they can sign-in. The MFA types enabled for the user pool
|
5927
|
+
# will be listed in the challenge parameters `MFA_CAN_SETUP` value.
|
5928
|
+
#
|
5929
|
+
# To setup software token MFA, use the session returned here from
|
5930
|
+
# `InitiateAuth` as an input to `AssociateSoftwareToken`, and use
|
5931
|
+
# the session returned by `VerifySoftwareToken` as an input to
|
5932
|
+
# `RespondToAuthChallenge` with challenge name `MFA_SETUP` to
|
5933
|
+
# complete sign-in. To setup SMS MFA, users will need help from an
|
5934
|
+
# administrator to add a phone number to their account and then call
|
5935
|
+
# `InitiateAuth` again to restart sign-in.
|
5896
5936
|
# @return [String]
|
5897
5937
|
#
|
5898
5938
|
# @!attribute [rw] session
|
@@ -7467,6 +7507,10 @@ module Aws::CognitoIdentityProvider
|
|
7467
7507
|
#
|
7468
7508
|
# * `DEVICE_PASSWORD_VERIFIER` requires everything that
|
7469
7509
|
# `PASSWORD_VERIFIER` requires plus `DEVICE_KEY`.
|
7510
|
+
#
|
7511
|
+
# * `MFA_SETUP` requires `USERNAME`, plus you need to use the session
|
7512
|
+
# value returned by `VerifySoftwareToken` in the `Session`
|
7513
|
+
# parameter.
|
7470
7514
|
# @return [Hash<String,String>]
|
7471
7515
|
#
|
7472
7516
|
# @!attribute [rw] analytics_metadata
|
@@ -7578,6 +7622,42 @@ module Aws::CognitoIdentityProvider
|
|
7578
7622
|
include Aws::Structure
|
7579
7623
|
end
|
7580
7624
|
|
7625
|
+
# @note When making an API call, you may pass RevokeTokenRequest
|
7626
|
+
# data as a hash:
|
7627
|
+
#
|
7628
|
+
# {
|
7629
|
+
# token: "TokenModelType", # required
|
7630
|
+
# client_id: "ClientIdType", # required
|
7631
|
+
# client_secret: "ClientSecretType",
|
7632
|
+
# }
|
7633
|
+
#
|
7634
|
+
# @!attribute [rw] token
|
7635
|
+
# The token that you want to revoke.
|
7636
|
+
# @return [String]
|
7637
|
+
#
|
7638
|
+
# @!attribute [rw] client_id
|
7639
|
+
# The client ID for the token that you want to revoke.
|
7640
|
+
# @return [String]
|
7641
|
+
#
|
7642
|
+
# @!attribute [rw] client_secret
|
7643
|
+
# The secret for the client ID. This is required only if the client ID
|
7644
|
+
# has a secret.
|
7645
|
+
# @return [String]
|
7646
|
+
#
|
7647
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeTokenRequest AWS API Documentation
|
7648
|
+
#
|
7649
|
+
class RevokeTokenRequest < Struct.new(
|
7650
|
+
:token,
|
7651
|
+
:client_id,
|
7652
|
+
:client_secret)
|
7653
|
+
SENSITIVE = [:token, :client_id, :client_secret]
|
7654
|
+
include Aws::Structure
|
7655
|
+
end
|
7656
|
+
|
7657
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeTokenResponse AWS API Documentation
|
7658
|
+
#
|
7659
|
+
class RevokeTokenResponse < Aws::EmptyStructure; end
|
7660
|
+
|
7581
7661
|
# The risk configuration type.
|
7582
7662
|
#
|
7583
7663
|
# @!attribute [rw] user_pool_id
|
@@ -8017,7 +8097,11 @@ module Aws::CognitoIdentityProvider
|
|
8017
8097
|
# @return [Types::SoftwareTokenMfaConfigType]
|
8018
8098
|
#
|
8019
8099
|
# @!attribute [rw] mfa_configuration
|
8020
|
-
# The MFA configuration.
|
8100
|
+
# The MFA configuration. Users who don't have an MFA factor set up
|
8101
|
+
# won't be able to sign-in if you set the MfaConfiguration value to
|
8102
|
+
# ‘ON’. See [Adding Multi-Factor Authentication (MFA) to a User
|
8103
|
+
# Pool](cognito/latest/developerguide/user-pool-settings-mfa.html) to
|
8104
|
+
# learn more. Valid values include:
|
8021
8105
|
#
|
8022
8106
|
# * `OFF` MFA will not be used for any users.
|
8023
8107
|
#
|
@@ -8297,6 +8381,14 @@ module Aws::CognitoIdentityProvider
|
|
8297
8381
|
# role for SMS MFA, Cognito will create a role with the required
|
8298
8382
|
# permissions and a trust policy that demonstrates use of the
|
8299
8383
|
# `ExternalId`.
|
8384
|
+
#
|
8385
|
+
# For more information about the `ExternalId` of a role, see [How to
|
8386
|
+
# use an external ID when granting access to your AWS resources to a
|
8387
|
+
# third party][1]
|
8388
|
+
#
|
8389
|
+
#
|
8390
|
+
#
|
8391
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
|
8300
8392
|
# @return [String]
|
8301
8393
|
#
|
8302
8394
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SmsConfigurationType AWS API Documentation
|
@@ -8672,6 +8764,20 @@ module Aws::CognitoIdentityProvider
|
|
8672
8764
|
include Aws::Structure
|
8673
8765
|
end
|
8674
8766
|
|
8767
|
+
# This exception is thrown when the request is not authorized. This can
|
8768
|
+
# happen due to an invalid access token in the request.
|
8769
|
+
#
|
8770
|
+
# @!attribute [rw] message
|
8771
|
+
# @return [String]
|
8772
|
+
#
|
8773
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnauthorizedException AWS API Documentation
|
8774
|
+
#
|
8775
|
+
class UnauthorizedException < Struct.new(
|
8776
|
+
:message)
|
8777
|
+
SENSITIVE = []
|
8778
|
+
include Aws::Structure
|
8779
|
+
end
|
8780
|
+
|
8675
8781
|
# This exception is thrown when the Amazon Cognito service encounters an
|
8676
8782
|
# unexpected exception with the AWS Lambda service.
|
8677
8783
|
#
|
@@ -8702,6 +8808,34 @@ module Aws::CognitoIdentityProvider
|
|
8702
8808
|
include Aws::Structure
|
8703
8809
|
end
|
8704
8810
|
|
8811
|
+
# This exception is thrown when you attempt to perform an operation that
|
8812
|
+
# is not enabled for the user pool client.
|
8813
|
+
#
|
8814
|
+
# @!attribute [rw] message
|
8815
|
+
# @return [String]
|
8816
|
+
#
|
8817
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnsupportedOperationException AWS API Documentation
|
8818
|
+
#
|
8819
|
+
class UnsupportedOperationException < Struct.new(
|
8820
|
+
:message)
|
8821
|
+
SENSITIVE = []
|
8822
|
+
include Aws::Structure
|
8823
|
+
end
|
8824
|
+
|
8825
|
+
# This exception is thrown when an unsupported token is passed to an
|
8826
|
+
# operation.
|
8827
|
+
#
|
8828
|
+
# @!attribute [rw] message
|
8829
|
+
# @return [String]
|
8830
|
+
#
|
8831
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnsupportedTokenTypeException AWS API Documentation
|
8832
|
+
#
|
8833
|
+
class UnsupportedTokenTypeException < Struct.new(
|
8834
|
+
:message)
|
8835
|
+
SENSITIVE = []
|
8836
|
+
include Aws::Structure
|
8837
|
+
end
|
8838
|
+
|
8705
8839
|
# The request failed because the user is in an unsupported state.
|
8706
8840
|
#
|
8707
8841
|
# @!attribute [rw] message
|
@@ -9136,6 +9270,7 @@ module Aws::CognitoIdentityProvider
|
|
9136
9270
|
# user_data_shared: false,
|
9137
9271
|
# },
|
9138
9272
|
# prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
|
9273
|
+
# enable_token_revocation: false,
|
9139
9274
|
# }
|
9140
9275
|
#
|
9141
9276
|
# @!attribute [rw] user_pool_id
|
@@ -9327,6 +9462,15 @@ module Aws::CognitoIdentityProvider
|
|
9327
9462
|
# </note>
|
9328
9463
|
# @return [String]
|
9329
9464
|
#
|
9465
|
+
# @!attribute [rw] enable_token_revocation
|
9466
|
+
# Enables or disables token revocation. For more information about
|
9467
|
+
# revoking tokens, see [RevokeToken][1].
|
9468
|
+
#
|
9469
|
+
#
|
9470
|
+
#
|
9471
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
|
9472
|
+
# @return [Boolean]
|
9473
|
+
#
|
9330
9474
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClientRequest AWS API Documentation
|
9331
9475
|
#
|
9332
9476
|
class UpdateUserPoolClientRequest < Struct.new(
|
@@ -9348,7 +9492,8 @@ module Aws::CognitoIdentityProvider
|
|
9348
9492
|
:allowed_o_auth_scopes,
|
9349
9493
|
:allowed_o_auth_flows_user_pool_client,
|
9350
9494
|
:analytics_configuration,
|
9351
|
-
:prevent_user_existence_errors
|
9495
|
+
:prevent_user_existence_errors,
|
9496
|
+
:enable_token_revocation)
|
9352
9497
|
SENSITIVE = [:client_id]
|
9353
9498
|
include Aws::Structure
|
9354
9499
|
end
|
@@ -9564,10 +9709,16 @@ module Aws::CognitoIdentityProvider
|
|
9564
9709
|
# user registration.
|
9565
9710
|
#
|
9566
9711
|
# * `ON` - MFA tokens are required for all user registrations. You can
|
9567
|
-
# only specify
|
9712
|
+
# only specify ON when you are initially creating a user pool. You
|
9713
|
+
# can use the [SetUserPoolMfaConfig][1] API operation to turn MFA
|
9714
|
+
# "ON" for existing user pools.
|
9568
9715
|
#
|
9569
9716
|
# * `OPTIONAL` - Users have the option when registering to create an
|
9570
9717
|
# MFA token.
|
9718
|
+
#
|
9719
|
+
#
|
9720
|
+
#
|
9721
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html
|
9571
9722
|
# @return [String]
|
9572
9723
|
#
|
9573
9724
|
# @!attribute [rw] device_configuration
|
@@ -10082,6 +10233,17 @@ module Aws::CognitoIdentityProvider
|
|
10082
10233
|
# </note>
|
10083
10234
|
# @return [String]
|
10084
10235
|
#
|
10236
|
+
# @!attribute [rw] enable_token_revocation
|
10237
|
+
# Indicates whether token revocation is enabled for the user pool
|
10238
|
+
# client. When you create a new user pool client, token revocation is
|
10239
|
+
# enabled by default. For more information about revoking tokens, see
|
10240
|
+
# [RevokeToken][1].
|
10241
|
+
#
|
10242
|
+
#
|
10243
|
+
#
|
10244
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
|
10245
|
+
# @return [Boolean]
|
10246
|
+
#
|
10085
10247
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolClientType AWS API Documentation
|
10086
10248
|
#
|
10087
10249
|
class UserPoolClientType < Struct.new(
|
@@ -10106,7 +10268,8 @@ module Aws::CognitoIdentityProvider
|
|
10106
10268
|
:allowed_o_auth_scopes,
|
10107
10269
|
:allowed_o_auth_flows_user_pool_client,
|
10108
10270
|
:analytics_configuration,
|
10109
|
-
:prevent_user_existence_errors
|
10271
|
+
:prevent_user_existence_errors,
|
10272
|
+
:enable_token_revocation)
|
10110
10273
|
SENSITIVE = [:client_id, :client_secret]
|
10111
10274
|
include Aws::Structure
|
10112
10275
|
end
|
@@ -10298,6 +10461,24 @@ module Aws::CognitoIdentityProvider
|
|
10298
10461
|
# @!attribute [rw] sms_configuration_failure
|
10299
10462
|
# The reason why the SMS configuration cannot send the messages to
|
10300
10463
|
# your users.
|
10464
|
+
#
|
10465
|
+
# This message might include comma-separated values to describe why
|
10466
|
+
# your SMS configuration can't send messages to user pool end users.
|
10467
|
+
#
|
10468
|
+
# * InvalidSmsRoleAccessPolicyException - The IAM role which Cognito
|
10469
|
+
# uses to send SMS messages is not properly configured. For more
|
10470
|
+
# information, see [SmsConfigurationType][1].
|
10471
|
+
#
|
10472
|
+
# * SNSSandbox - The AWS account is in SNS Sandbox and messages won’t
|
10473
|
+
# reach unverified end users. This parameter won’t get populated
|
10474
|
+
# with SNSSandbox if the IAM user creating the user pool doesn’t
|
10475
|
+
# have SNS permissions. To learn how to move your AWS account out of
|
10476
|
+
# the sandbox, see [Moving out of the SMS sandbox][2].
|
10477
|
+
#
|
10478
|
+
#
|
10479
|
+
#
|
10480
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SmsConfigurationType.html
|
10481
|
+
# [2]: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox-moving-to-production.html
|
10301
10482
|
# @return [String]
|
10302
10483
|
#
|
10303
10484
|
# @!attribute [rw] email_configuration_failure
|