aws-sdk-cognitoidentityprovider 1.51.0 → 1.55.0

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb

@@ -345,6 +345,8 @@ module Aws::CognitoIdentityProvider
     ResourceServersListType = Shapes::ListShape.new(name: 'ResourceServersListType')
     RespondToAuthChallengeRequest = Shapes::StructureShape.new(name: 'RespondToAuthChallengeRequest')
     RespondToAuthChallengeResponse = Shapes::StructureShape.new(name: 'RespondToAuthChallengeResponse')
+    RevokeTokenRequest = Shapes::StructureShape.new(name: 'RevokeTokenRequest')
+    RevokeTokenResponse = Shapes::StructureShape.new(name: 'RevokeTokenResponse')
     RiskConfigurationType = Shapes::StructureShape.new(name: 'RiskConfigurationType')
     RiskDecisionType = Shapes::StringShape.new(name: 'RiskDecisionType')
     RiskExceptionConfigurationType = Shapes::StructureShape.new(name: 'RiskExceptionConfigurationType')
@@ -401,8 +403,11 @@ module Aws::CognitoIdentityProvider
     TooManyFailedAttemptsException = Shapes::StructureShape.new(name: 'TooManyFailedAttemptsException')
     TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
     UICustomizationType = Shapes::StructureShape.new(name: 'UICustomizationType')
+    UnauthorizedException = Shapes::StructureShape.new(name: 'UnauthorizedException')
     UnexpectedLambdaException = Shapes::StructureShape.new(name: 'UnexpectedLambdaException')
     UnsupportedIdentityProviderException = Shapes::StructureShape.new(name: 'UnsupportedIdentityProviderException')
+    UnsupportedOperationException = Shapes::StructureShape.new(name: 'UnsupportedOperationException')
+    UnsupportedTokenTypeException = Shapes::StructureShape.new(name: 'UnsupportedTokenTypeException')
     UnsupportedUserStateException = Shapes::StructureShape.new(name: 'UnsupportedUserStateException')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
@@ -917,6 +922,7 @@ module Aws::CognitoIdentityProvider
     CreateUserPoolClientRequest.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient"))
     CreateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
     CreateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
+    CreateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
     CreateUserPoolClientRequest.struct_class = Types::CreateUserPoolClientRequest
 
     CreateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1506,6 +1512,13 @@ module Aws::CognitoIdentityProvider
     RespondToAuthChallengeResponse.add_member(:authentication_result, Shapes::ShapeRef.new(shape: AuthenticationResultType, location_name: "AuthenticationResult"))
     RespondToAuthChallengeResponse.struct_class = Types::RespondToAuthChallengeResponse
 
+    RevokeTokenRequest.add_member(:token, Shapes::ShapeRef.new(shape: TokenModelType, required: true, location_name: "Token"))
+    RevokeTokenRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, required: true, location_name: "ClientId"))
+    RevokeTokenRequest.add_member(:client_secret, Shapes::ShapeRef.new(shape: ClientSecretType, location_name: "ClientSecret"))
+    RevokeTokenRequest.struct_class = Types::RevokeTokenRequest
+
+    RevokeTokenResponse.struct_class = Types::RevokeTokenResponse
+
     RiskConfigurationType.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "UserPoolId"))
     RiskConfigurationType.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, location_name: "ClientId"))
     RiskConfigurationType.add_member(:compromised_credentials_risk_configuration, Shapes::ShapeRef.new(shape: CompromisedCredentialsRiskConfigurationType, location_name: "CompromisedCredentialsRiskConfiguration"))
@@ -1665,12 +1678,21 @@ module Aws::CognitoIdentityProvider
     UICustomizationType.add_member(:creation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "CreationDate"))
     UICustomizationType.struct_class = Types::UICustomizationType
 
+    UnauthorizedException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
+    UnauthorizedException.struct_class = Types::UnauthorizedException
+
     UnexpectedLambdaException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
     UnexpectedLambdaException.struct_class = Types::UnexpectedLambdaException
 
     UnsupportedIdentityProviderException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
     UnsupportedIdentityProviderException.struct_class = Types::UnsupportedIdentityProviderException
 
+    UnsupportedOperationException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
+    UnsupportedOperationException.struct_class = Types::UnsupportedOperationException
+
+    UnsupportedTokenTypeException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
+    UnsupportedTokenTypeException.struct_class = Types::UnsupportedTokenTypeException
+
     UnsupportedUserStateException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
     UnsupportedUserStateException.struct_class = Types::UnsupportedUserStateException
 
@@ -1752,6 +1774,7 @@ module Aws::CognitoIdentityProvider
     UpdateUserPoolClientRequest.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient"))
     UpdateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
     UpdateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
+    UpdateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
     UpdateUserPoolClientRequest.struct_class = Types::UpdateUserPoolClientRequest
 
     UpdateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1855,6 +1878,7 @@ module Aws::CognitoIdentityProvider
     UserPoolClientType.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient", metadata: {"box"=>true}))
     UserPoolClientType.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
     UserPoolClientType.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
+    UserPoolClientType.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
     UserPoolClientType.struct_class = Types::UserPoolClientType
 
     UserPoolDescriptionType.add_member(:id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "Id"))
@@ -3276,6 +3300,20 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
       end)
 
+      api.add_operation(:revoke_token, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "RevokeToken"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: RevokeTokenRequest)
+        o.output = Shapes::ShapeRef.new(shape: RevokeTokenResponse)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedTokenTypeException)
+      end)
+
       api.add_operation(:set_risk_configuration, Seahorse::Model::Operation.new.tap do |o|
         o.name = "SetRiskConfiguration"
         o.http_method = "POST"

data/lib/aws-sdk-cognitoidentityprovider/errors.rb

@@ -54,8 +54,11 @@ module Aws::CognitoIdentityProvider
   # * {SoftwareTokenMFANotFoundException}
   # * {TooManyFailedAttemptsException}
   # * {TooManyRequestsException}
+  # * {UnauthorizedException}
   # * {UnexpectedLambdaException}
   # * {UnsupportedIdentityProviderException}
+  # * {UnsupportedOperationException}
+  # * {UnsupportedTokenTypeException}
   # * {UnsupportedUserStateException}
   # * {UserImportInProgressException}
   # * {UserLambdaValidationException}
@@ -476,6 +479,21 @@ module Aws::CognitoIdentityProvider
       end
     end
 
+    class UnauthorizedException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CognitoIdentityProvider::Types::UnauthorizedException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class UnexpectedLambdaException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -506,6 +524,36 @@ module Aws::CognitoIdentityProvider
       end
     end
 
+    class UnsupportedOperationException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CognitoIdentityProvider::Types::UnsupportedOperationException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    class UnsupportedTokenTypeException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CognitoIdentityProvider::Types::UnsupportedTokenTypeException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class UnsupportedUserStateException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-cognitoidentityprovider/types.rb

@@ -283,14 +283,14 @@ module Aws::CognitoIdentityProvider
     #   any custom workflows that this action triggers.
     #
     #   If your user pool configuration includes triggers, the
-    #   AdminConfirmSignUp API action invokes the AWS Lambda function that
-    #   is specified for the *post confirmation* trigger. When Amazon
-    #   Cognito invokes this function, it passes a JSON payload, which the
-    #   function receives as input. In this payload, the `clientMetadata`
-    #   attribute provides the data that you assigned to the ClientMetadata
-    #   parameter in your AdminConfirmSignUp request. In your function code
-    #   in AWS Lambda, you can process the ClientMetadata value to enhance
-    #   your workflow for your specific needs.
+    #   AdminConfirmSignUp API action invokes the Lambda function that is
+    #   specified for the *post confirmation* trigger. When Amazon Cognito
+    #   invokes this function, it passes a JSON payload, which the function
+    #   receives as input. In this payload, the `clientMetadata` attribute
+    #   provides the data that you assigned to the ClientMetadata parameter
+    #   in your AdminConfirmSignUp request. In your function code in Lambda,
+    #   you can process the ClientMetadata value to enhance your workflow
+    #   for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -299,10 +299,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -532,16 +532,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the AdminCreateUser API action,
-    #   Amazon Cognito invokes the function that is assigned to the *pre
-    #   sign-up* trigger. When Amazon Cognito invokes this function, it
-    #   passes a JSON payload, which the function receives as input. This
-    #   payload contains a `clientMetadata` attribute, which provides the
-    #   data that you assigned to the ClientMetadata parameter in your
-    #   AdminCreateUser request. In your function code in AWS Lambda, you
-    #   can process the `clientMetadata` value to enhance your workflow for
-    #   your specific needs.
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the AdminCreateUser API action, Amazon
+    #   Cognito invokes the function that is assigned to the *pre sign-up*
+    #   trigger. When Amazon Cognito invokes this function, it passes a JSON
+    #   payload, which the function receives as input. This payload contains
+    #   a `clientMetadata` attribute, which provides the data that you
+    #   assigned to the ClientMetadata parameter in your AdminCreateUser
+    #   request. In your function code in Lambda, you can process the
+    #   `clientMetadata` value to enhance your workflow for your specific
+    #   needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -550,10 +550,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -1068,11 +1068,11 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   certain custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the AdminInitiateAuth API action,
-    #   Amazon Cognito invokes the AWS Lambda functions that are specified
-    #   for various triggers. The ClientMetadata value is passed as input to
-    #   the functions for only the following triggers:
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the AdminInitiateAuth API action, Amazon
+    #   Cognito invokes the Lambda functions that are specified for various
+    #   triggers. The ClientMetadata value is passed as input to the
+    #   functions for only the following triggers:
     #
     #   * Pre signup
     #
@@ -1084,9 +1084,9 @@ module Aws::CognitoIdentityProvider
     #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `validationData` attribute, which provides the
     #   data that you assigned to the ClientMetadata parameter in your
-    #   AdminInitiateAuth request. In your function code in AWS Lambda, you
-    #   can process the `validationData` value to enhance your workflow for
-    #   your specific needs.
+    #   AdminInitiateAuth request. In your function code in Lambda, you can
+    #   process the `validationData` value to enhance your workflow for your
+    #   specific needs.
     #
     #   When you use the AdminInitiateAuth API action, Amazon Cognito also
     #   invokes the functions for the following triggers, but it does not
@@ -1111,10 +1111,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -1562,16 +1562,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the AdminResetUserPassword API
-    #   action, Amazon Cognito invokes the function that is assigned to the
-    #   *custom message* trigger. When Amazon Cognito invokes this function,
-    #   it passes a JSON payload, which the function receives as input. This
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the AdminResetUserPassword API action,
+    #   Amazon Cognito invokes the function that is assigned to the *custom
+    #   message* trigger. When Amazon Cognito invokes this function, it
+    #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `clientMetadata` attribute, which provides the
     #   data that you assigned to the ClientMetadata parameter in your
-    #   AdminResetUserPassword request. In your function code in AWS Lambda,
-    #   you can process the `clientMetadata` value to enhance your workflow
-    #   for your specific needs.
+    #   AdminResetUserPassword request. In your function code in Lambda, you
+    #   can process the `clientMetadata` value to enhance your workflow for
+    #   your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -1580,10 +1580,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -1718,8 +1718,8 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the AdminRespondToAuthChallenge API
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the AdminRespondToAuthChallenge API
     #   action, Amazon Cognito invokes any functions that are assigned to
     #   the following triggers: *pre sign-up*, *custom message*, *post
     #   authentication*, *user migration*, *pre token generation*, *define
@@ -1728,7 +1728,7 @@ module Aws::CognitoIdentityProvider
     #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `clientMetadata` attribute, which provides the
     #   data that you assigned to the ClientMetadata parameter in your
-    #   AdminRespondToAuthChallenge request. In your function code in AWS
+    #   AdminRespondToAuthChallenge request. In your function code in
     #   Lambda, you can process the `clientMetadata` value to enhance your
     #   workflow for your specific needs.
     #
@@ -1739,10 +1739,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -2080,16 +2080,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the AdminUpdateUserAttributes API
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the AdminUpdateUserAttributes API
     #   action, Amazon Cognito invokes the function that is assigned to the
     #   *custom message* trigger. When Amazon Cognito invokes this function,
     #   it passes a JSON payload, which the function receives as input. This
     #   payload contains a `clientMetadata` attribute, which provides the
     #   data that you assigned to the ClientMetadata parameter in your
-    #   AdminUpdateUserAttributes request. In your function code in AWS
-    #   Lambda, you can process the `clientMetadata` value to enhance your
-    #   workflow for your specific needs.
+    #   AdminUpdateUserAttributes request. In your function code in Lambda,
+    #   you can process the `clientMetadata` value to enhance your workflow
+    #   for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -2098,10 +2098,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -2738,16 +2738,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the ConfirmForgotPassword API
-    #   action, Amazon Cognito invokes the function that is assigned to the
-    #   *post confirmation* trigger. When Amazon Cognito invokes this
-    #   function, it passes a JSON payload, which the function receives as
-    #   input. This payload contains a `clientMetadata` attribute, which
-    #   provides the data that you assigned to the ClientMetadata parameter
-    #   in your ConfirmForgotPassword request. In your function code in AWS
-    #   Lambda, you can process the `clientMetadata` value to enhance your
-    #   workflow for your specific needs.
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the ConfirmForgotPassword API action,
+    #   Amazon Cognito invokes the function that is assigned to the *post
+    #   confirmation* trigger. When Amazon Cognito invokes this function, it
+    #   passes a JSON payload, which the function receives as input. This
+    #   payload contains a `clientMetadata` attribute, which provides the
+    #   data that you assigned to the ClientMetadata parameter in your
+    #   ConfirmForgotPassword request. In your function code in Lambda, you
+    #   can process the `clientMetadata` value to enhance your workflow for
+    #   your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -2756,10 +2756,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -2861,14 +2861,14 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the ConfirmSignUp API action,
-    #   Amazon Cognito invokes the function that is assigned to the *post
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the ConfirmSignUp API action, Amazon
+    #   Cognito invokes the function that is assigned to the *post
     #   confirmation* trigger. When Amazon Cognito invokes this function, it
     #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `clientMetadata` attribute, which provides the
     #   data that you assigned to the ClientMetadata parameter in your
-    #   ConfirmSignUp request. In your function code in AWS Lambda, you can
+    #   ConfirmSignUp request. In your function code in Lambda, you can
     #   process the `clientMetadata` value to enhance your workflow for your
     #   specific needs.
     #
@@ -2879,10 +2879,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -3310,6 +3310,7 @@ module Aws::CognitoIdentityProvider
     #           user_data_shared: false,
     #         },
     #         prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
+    #         enable_token_revocation: false,
     #       }
     #
     # @!attribute [rw] user_pool_id
@@ -3472,8 +3473,8 @@ module Aws::CognitoIdentityProvider
     # @!attribute [rw] allowed_o_auth_scopes
     #   The allowed OAuth scopes. Possible values provided by OAuth are:
     #   `phone`, `email`, `openid`, and `profile`. Possible values provided
-    #   by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
-    #   in Resource Servers are also supported.
+    #   by Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
+    #   scopes created in Resource Servers are also supported.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_flows_user_pool_client
@@ -3518,6 +3519,18 @@ module Aws::CognitoIdentityProvider
     #    </note>
     #   @return [String]
     #
+    # @!attribute [rw] enable_token_revocation
+    #   Enables or disables token revocation. For more information about
+    #   revoking tokens, see [RevokeToken][1].
+    #
+    #   If you don't include this parameter, token revocation is
+    #   automatically enabled for the new user pool client.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClientRequest AWS API Documentation
     #
     class CreateUserPoolClientRequest < Struct.new(
@@ -3539,7 +3552,8 @@ module Aws::CognitoIdentityProvider
       :allowed_o_auth_scopes,
       :allowed_o_auth_flows_user_pool_client,
       :analytics_configuration,
-      :prevent_user_existence_errors)
+      :prevent_user_existence_errors,
+      :enable_token_revocation)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3751,7 +3765,7 @@ module Aws::CognitoIdentityProvider
     #    For more information on using the Lambda API to add permission, see
     #   [ AddPermission ][1].
     #
-    #    For adding permission using the AWS CLI, see [ add-permission ][2].
+    #    For adding permission using the CLI, see [ add-permission ][2].
     #
     #    </note>
     #
@@ -3922,7 +3936,7 @@ module Aws::CognitoIdentityProvider
     #       }
     #
     # @!attribute [rw] certificate_arn
-    #   The Amazon Resource Name (ARN) of an AWS Certificate Manager SSL
+    #   The Amazon Resource Name (ARN) of an Certificate Manager SSL
     #   certificate. You use this certificate for the subdomain of your
     #   custom domain.
     #   @return [String]
@@ -4566,7 +4580,7 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] aws_account_id
-    #   The AWS account ID for the user pool owner.
+    #   The account ID for the user pool owner.
     #   @return [String]
     #
     # @!attribute [rw] domain
@@ -4716,7 +4730,7 @@ module Aws::CognitoIdentityProvider
     #     configuration. Amazon Cognito calls Amazon SES on your behalf to
     #     send email from your verified email address. When you use this
     #     option, the email delivery limits are the same limits that apply
-    #     to your Amazon SES verified email address in your AWS account.
+    #     to your Amazon SES verified email address in your account.
     #
     #     If you use this option, you must provide the ARN of an Amazon SES
     #     verified email address for the `SourceArn` parameter.
@@ -4724,7 +4738,7 @@ module Aws::CognitoIdentityProvider
     #     Before Amazon Cognito can email your users, it requires additional
     #     permissions to call Amazon SES on your behalf. When you update
     #     your user pool with this option, Amazon Cognito creates a
-    #     *service-linked role*, which is a type of IAM role, in your AWS
+    #     *service-linked role*, which is a type of IAM role, in your
     #     account. This role contains the permissions that allow Amazon
     #     Cognito to access Amazon SES and send email messages with your
     #     address. For more information about the service-linked role that
@@ -4755,7 +4769,7 @@ module Aws::CognitoIdentityProvider
     #   * Event publishing – Amazon SES can track the number of send,
     #     delivery, open, click, bounce, and complaint events for each email
     #     sent. Use event publishing to send information about these events
-    #     to other AWS services such as SNS and CloudWatch.
+    #     to other Amazon Web Services services such as SNS and CloudWatch.
     #
     #   * IP pool management – When leasing dedicated IP addresses with
     #     Amazon SES, you can create groups of IP addresses, called
@@ -4965,17 +4979,17 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the ForgotPassword API action,
-    #   Amazon Cognito invokes any functions that are assigned to the
-    #   following triggers: *pre sign-up*, *custom message*, and *user
-    #   migration*. When Amazon Cognito invokes any of these functions, it
-    #   passes a JSON payload, which the function receives as input. This
-    #   payload contains a `clientMetadata` attribute, which provides the
-    #   data that you assigned to the ClientMetadata parameter in your
-    #   ForgotPassword request. In your function code in AWS Lambda, you can
-    #   process the `clientMetadata` value to enhance your workflow for your
-    #   specific needs.
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the ForgotPassword API action, Amazon
+    #   Cognito invokes any functions that are assigned to the following
+    #   triggers: *pre sign-up*, *custom message*, and *user migration*.
+    #   When Amazon Cognito invokes any of these functions, it passes a JSON
+    #   payload, which the function receives as input. This payload contains
+    #   a `clientMetadata` attribute, which provides the data that you
+    #   assigned to the ClientMetadata parameter in your ForgotPassword
+    #   request. In your function code in Lambda, you can process the
+    #   `clientMetadata` value to enhance your workflow for your specific
+    #   needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -4984,10 +4998,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -5288,17 +5302,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the
-    #   GetUserAttributeVerificationCode API action, Amazon Cognito invokes
-    #   the function that is assigned to the *custom message* trigger. When
-    #   Amazon Cognito invokes this function, it passes a JSON payload,
-    #   which the function receives as input. This payload contains a
-    #   `clientMetadata` attribute, which provides the data that you
-    #   assigned to the ClientMetadata parameter in your
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the GetUserAttributeVerificationCode API
+    #   action, Amazon Cognito invokes the function that is assigned to the
+    #   *custom message* trigger. When Amazon Cognito invokes this function,
+    #   it passes a JSON payload, which the function receives as input. This
+    #   payload contains a `clientMetadata` attribute, which provides the
+    #   data that you assigned to the ClientMetadata parameter in your
     #   GetUserAttributeVerificationCode request. In your function code in
-    #   AWS Lambda, you can process the `clientMetadata` value to enhance
-    #   your workflow for your specific needs.
+    #   Lambda, you can process the `clientMetadata` value to enhance your
+    #   workflow for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -5307,10 +5320,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -5664,8 +5677,6 @@ module Aws::CognitoIdentityProvider
     #     * jwks\_uri *if not available from discovery URL specified by
     #       oidc\_issuer key*
     #
-    #     * authorize\_scopes
-    #
     #   * For SAML providers:
     #
     #     * MetadataFile OR MetadataURL
@@ -5788,10 +5799,10 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   certain custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the InitiateAuth API action, Amazon
-    #   Cognito invokes the AWS Lambda functions that are specified for
-    #   various triggers. The ClientMetadata value is passed as input to the
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the InitiateAuth API action, Amazon
+    #   Cognito invokes the Lambda functions that are specified for various
+    #   triggers. The ClientMetadata value is passed as input to the
     #   functions for only the following triggers:
     #
     #   * Pre signup
@@ -5804,7 +5815,7 @@ module Aws::CognitoIdentityProvider
     #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `validationData` attribute, which provides the
     #   data that you assigned to the ClientMetadata parameter in your
-    #   InitiateAuth request. In your function code in AWS Lambda, you can
+    #   InitiateAuth request. In your function code in Lambda, you can
     #   process the `validationData` value to enhance your workflow for your
     #   specific needs.
     #
@@ -5831,10 +5842,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -5992,11 +6003,11 @@ module Aws::CognitoIdentityProvider
     end
 
     # This exception is thrown when the Amazon Cognito service encounters an
-    # invalid AWS Lambda response.
+    # invalid Lambda response.
     #
     # @!attribute [rw] message
     #   The message returned when the Amazon Cognito service throws an
-    #   invalid AWS Lambda response exception.
+    #   invalid Lambda response exception.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InvalidLambdaResponseException AWS API Documentation
@@ -6070,7 +6081,7 @@ module Aws::CognitoIdentityProvider
 
     # This exception is thrown when the trust relationship is invalid for
     # the role provided for SMS configuration. This can happen if you do not
-    # trust **cognito-idp.amazonaws.com** or the external ID provided in the
+    # trust `cognito-idp.amazonaws.com` or the external ID provided in the
     # role does not match what is provided in the SMS configuration for the
     # user pool.
     #
@@ -6101,7 +6112,7 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
-    # Specifies the configuration for AWS Lambda triggers.
+    # Specifies the configuration for Lambda triggers.
     #
     # @note When making an API call, you may pass LambdaConfigType
     #   data as a hash:
@@ -6129,23 +6140,23 @@ module Aws::CognitoIdentityProvider
     #       }
     #
     # @!attribute [rw] pre_sign_up
-    #   A pre-registration AWS Lambda trigger.
+    #   A pre-registration Lambda trigger.
     #   @return [String]
     #
     # @!attribute [rw] custom_message
-    #   A custom Message AWS Lambda trigger.
+    #   A custom Message Lambda trigger.
     #   @return [String]
     #
     # @!attribute [rw] post_confirmation
-    #   A post-confirmation AWS Lambda trigger.
+    #   A post-confirmation Lambda trigger.
     #   @return [String]
     #
     # @!attribute [rw] pre_authentication
-    #   A pre-authentication AWS Lambda trigger.
+    #   A pre-authentication Lambda trigger.
     #   @return [String]
     #
     # @!attribute [rw] post_authentication
-    #   A post-authentication AWS Lambda trigger.
+    #   A post-authentication Lambda trigger.
     #   @return [String]
     #
     # @!attribute [rw] define_auth_challenge
@@ -6169,11 +6180,11 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] custom_sms_sender
-    #   A custom SMS sender AWS Lambda trigger.
+    #   A custom SMS sender Lambda trigger.
     #   @return [Types::CustomSMSLambdaVersionConfigType]
     #
     # @!attribute [rw] custom_email_sender
-    #   A custom email sender AWS Lambda trigger.
+    #   A custom email sender Lambda trigger.
     #   @return [Types::CustomEmailLambdaVersionConfigType]
     #
     # @!attribute [rw] kms_key_id
@@ -6204,7 +6215,7 @@ module Aws::CognitoIdentityProvider
     end
 
     # This exception is thrown when a user exceeds the limit for a requested
-    # AWS resource.
+    # Amazon Web Services resource.
     #
     # @!attribute [rw] message
     #   The message returned when Amazon Cognito throws a limit exceeded
@@ -7288,16 +7299,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the ResendConfirmationCode API
-    #   action, Amazon Cognito invokes the function that is assigned to the
-    #   *custom message* trigger. When Amazon Cognito invokes this function,
-    #   it passes a JSON payload, which the function receives as input. This
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the ResendConfirmationCode API action,
+    #   Amazon Cognito invokes the function that is assigned to the *custom
+    #   message* trigger. When Amazon Cognito invokes this function, it
+    #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `clientMetadata` attribute, which provides the
     #   data that you assigned to the ClientMetadata parameter in your
-    #   ResendConfirmationCode request. In your function code in AWS Lambda,
-    #   you can process the `clientMetadata` value to enhance your workflow
-    #   for your specific needs.
+    #   ResendConfirmationCode request. In your function code in Lambda, you
+    #   can process the `clientMetadata` value to enhance your workflow for
+    #   your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -7306,10 +7317,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -7516,18 +7527,18 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the RespondToAuthChallenge API
-    #   action, Amazon Cognito invokes any functions that are assigned to
-    #   the following triggers: *post authentication*, *pre token
-    #   generation*, *define auth challenge*, *create auth challenge*, and
-    #   *verify auth challenge*. When Amazon Cognito invokes any of these
-    #   functions, it passes a JSON payload, which the function receives as
-    #   input. This payload contains a `clientMetadata` attribute, which
-    #   provides the data that you assigned to the ClientMetadata parameter
-    #   in your RespondToAuthChallenge request. In your function code in AWS
-    #   Lambda, you can process the `clientMetadata` value to enhance your
-    #   workflow for your specific needs.
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the RespondToAuthChallenge API action,
+    #   Amazon Cognito invokes any functions that are assigned to the
+    #   following triggers: *post authentication*, *pre token generation*,
+    #   *define auth challenge*, *create auth challenge*, and *verify auth
+    #   challenge*. When Amazon Cognito invokes any of these functions, it
+    #   passes a JSON payload, which the function receives as input. This
+    #   payload contains a `clientMetadata` attribute, which provides the
+    #   data that you assigned to the ClientMetadata parameter in your
+    #   RespondToAuthChallenge request. In your function code in Lambda, you
+    #   can process the `clientMetadata` value to enhance your workflow for
+    #   your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -7536,10 +7547,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -7610,6 +7621,42 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass RevokeTokenRequest
+    #   data as a hash:
+    #
+    #       {
+    #         token: "TokenModelType", # required
+    #         client_id: "ClientIdType", # required
+    #         client_secret: "ClientSecretType",
+    #       }
+    #
+    # @!attribute [rw] token
+    #   The token that you want to revoke.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_id
+    #   The client ID for the token that you want to revoke.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_secret
+    #   The secret for the client ID. This is required only if the client ID
+    #   has a secret.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeTokenRequest AWS API Documentation
+    #
+    class RevokeTokenRequest < Struct.new(
+      :token,
+      :client_id,
+      :client_secret)
+      SENSITIVE = [:token, :client_id, :client_secret]
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeTokenResponse AWS API Documentation
+    #
+    class RevokeTokenResponse < Aws::EmptyStructure; end
+
     # The risk configuration type.
     #
     # @!attribute [rw] user_pool_id
@@ -8219,17 +8266,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the SignUp API action, Amazon
-    #   Cognito invokes any functions that are assigned to the following
-    #   triggers: *pre sign-up*, *custom message*, and *post confirmation*.
-    #   When Amazon Cognito invokes any of these functions, it passes a JSON
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the SignUp API action, Amazon Cognito
+    #   invokes any functions that are assigned to the following triggers:
+    #   *pre sign-up*, *custom message*, and *post confirmation*. When
+    #   Amazon Cognito invokes any of these functions, it passes a JSON
     #   payload, which the function receives as input. This payload contains
     #   a `clientMetadata` attribute, which provides the data that you
     #   assigned to the ClientMetadata parameter in your SignUp request. In
-    #   your function code in AWS Lambda, you can process the
-    #   `clientMetadata` value to enhance your workflow for your specific
-    #   needs.
+    #   your function code in Lambda, you can process the `clientMetadata`
+    #   value to enhance your workflow for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -8238,10 +8284,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -8300,9 +8346,9 @@ module Aws::CognitoIdentityProvider
 
     # The SMS configuration type that includes the settings the Cognito User
     # Pool needs to call for the Amazon SNS service to send an SMS message
-    # from your AWS account. The Cognito User Pool makes the request to the
-    # Amazon SNS Service by using an AWS IAM role that you provide for your
-    # AWS account.
+    # from your account. The Cognito User Pool makes the request to the
+    # Amazon SNS Service by using an IAM role that you provide for your
+    # account.
     #
     # @note When making an API call, you may pass SmsConfigurationType
     #   data as a hash:
@@ -8314,7 +8360,7 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] sns_caller_arn
     #   The Amazon Resource Name (ARN) of the Amazon Simple Notification
-    #   Service (SNS) caller. This is the ARN of the IAM role in your AWS
+    #   Service (SNS) caller. This is the ARN of the IAM role in your
     #   account which Cognito will use to send SMS messages. SMS messages
     #   are subject to a [spending limit][1].
     #
@@ -8335,8 +8381,8 @@ module Aws::CognitoIdentityProvider
     #   `ExternalId`.
     #
     #   For more information about the `ExternalId` of a role, see [How to
-    #   use an external ID when granting access to your AWS resources to a
-    #   third party][1]
+    #   use an external ID when granting access to your Amazon Web Services
+    #   resources to a third party][1]
     #
     #
     #
@@ -8716,12 +8762,26 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # This exception is thrown when the request is not authorized. This can
+    # happen due to an invalid access token in the request.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnauthorizedException AWS API Documentation
+    #
+    class UnauthorizedException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # This exception is thrown when the Amazon Cognito service encounters an
-    # unexpected exception with the AWS Lambda service.
+    # unexpected exception with the Lambda service.
     #
     # @!attribute [rw] message
     #   The message returned when the Amazon Cognito service returns an
-    #   unexpected AWS Lambda exception.
+    #   unexpected Lambda exception.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnexpectedLambdaException AWS API Documentation
@@ -8746,6 +8806,34 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # This exception is thrown when you attempt to perform an operation that
+    # is not enabled for the user pool client.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnsupportedOperationException AWS API Documentation
+    #
+    class UnsupportedOperationException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This exception is thrown when an unsupported token is passed to an
+    # operation.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnsupportedTokenTypeException AWS API Documentation
+    #
+    class UnsupportedTokenTypeException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request failed because the user is in an unsupported state.
     #
     # @!attribute [rw] message
@@ -9084,16 +9172,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   any custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to
-    #   user pool triggers. When you use the UpdateUserAttributes API
-    #   action, Amazon Cognito invokes the function that is assigned to the
-    #   *custom message* trigger. When Amazon Cognito invokes this function,
-    #   it passes a JSON payload, which the function receives as input. This
+    #   You create custom workflows by assigning Lambda functions to user
+    #   pool triggers. When you use the UpdateUserAttributes API action,
+    #   Amazon Cognito invokes the function that is assigned to the *custom
+    #   message* trigger. When Amazon Cognito invokes this function, it
+    #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `clientMetadata` attribute, which provides the
     #   data that you assigned to the ClientMetadata parameter in your
-    #   UpdateUserAttributes request. In your function code in AWS Lambda,
-    #   you can process the `clientMetadata` value to enhance your workflow
-    #   for your specific needs.
+    #   UpdateUserAttributes request. In your function code in Lambda, you
+    #   can process the `clientMetadata` value to enhance your workflow for
+    #   your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with
     #   Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -9102,10 +9190,10 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data
-    #     is available only to AWS Lambda triggers that are assigned to a
-    #     user pool to support custom workflows. If your user pool
-    #     configuration does not include triggers, the ClientMetadata
-    #     parameter serves no purpose.
+    #     is available only to Lambda triggers that are assigned to a user
+    #     pool to support custom workflows. If your user pool configuration
+    #     does not include triggers, the ClientMetadata parameter serves no
+    #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
     #
@@ -9180,6 +9268,7 @@ module Aws::CognitoIdentityProvider
     #           user_data_shared: false,
     #         },
     #         prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
+    #         enable_token_revocation: false,
     #       }
     #
     # @!attribute [rw] user_pool_id
@@ -9325,8 +9414,8 @@ module Aws::CognitoIdentityProvider
     # @!attribute [rw] allowed_o_auth_scopes
     #   The allowed OAuth scopes. Possible values provided by OAuth are:
     #   `phone`, `email`, `openid`, and `profile`. Possible values provided
-    #   by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
-    #   in Resource Servers are also supported.
+    #   by Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
+    #   scopes created in Resource Servers are also supported.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_flows_user_pool_client
@@ -9371,6 +9460,15 @@ module Aws::CognitoIdentityProvider
     #    </note>
     #   @return [String]
     #
+    # @!attribute [rw] enable_token_revocation
+    #   Enables or disables token revocation. For more information about
+    #   revoking tokens, see [RevokeToken][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClientRequest AWS API Documentation
     #
     class UpdateUserPoolClientRequest < Struct.new(
@@ -9392,7 +9490,8 @@ module Aws::CognitoIdentityProvider
       :allowed_o_auth_scopes,
       :allowed_o_auth_flows_user_pool_client,
       :analytics_configuration,
-      :prevent_user_existence_errors)
+      :prevent_user_existence_errors,
+      :enable_token_revocation)
       SENSITIVE = [:client_id]
       include Aws::Structure
     end
@@ -9572,8 +9671,8 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::UserPoolPolicyType]
     #
     # @!attribute [rw] lambda_config
-    #   The AWS Lambda configuration information from the request to update
-    #   the user pool.
+    #   The Lambda configuration information from the request to update the
+    #   user pool.
     #   @return [Types::LambdaConfigType]
     #
     # @!attribute [rw] auto_verified_attributes
@@ -9828,11 +9927,11 @@ module Aws::CognitoIdentityProvider
     end
 
     # This exception is thrown when the Amazon Cognito service encounters a
-    # user validation exception with the AWS Lambda service.
+    # user validation exception with the Lambda service.
     #
     # @!attribute [rw] message
     #   The message returned when the Amazon Cognito service returns a user
-    #   validation exception with the AWS Lambda service.
+    #   validation exception with the Lambda service.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserLambdaValidationException AWS API Documentation
@@ -10087,8 +10186,8 @@ module Aws::CognitoIdentityProvider
     # @!attribute [rw] allowed_o_auth_scopes
     #   The allowed OAuth scopes. Possible values provided by OAuth are:
     #   `phone`, `email`, `openid`, and `profile`. Possible values provided
-    #   by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
-    #   in Resource Servers are also supported.
+    #   by Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
+    #   scopes created in Resource Servers are also supported.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_flows_user_pool_client
@@ -10132,6 +10231,17 @@ module Aws::CognitoIdentityProvider
     #    </note>
     #   @return [String]
     #
+    # @!attribute [rw] enable_token_revocation
+    #   Indicates whether token revocation is enabled for the user pool
+    #   client. When you create a new user pool client, token revocation is
+    #   enabled by default. For more information about revoking tokens, see
+    #   [RevokeToken][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolClientType AWS API Documentation
     #
     class UserPoolClientType < Struct.new(
@@ -10156,7 +10266,8 @@ module Aws::CognitoIdentityProvider
       :allowed_o_auth_scopes,
       :allowed_o_auth_flows_user_pool_client,
       :analytics_configuration,
-      :prevent_user_existence_errors)
+      :prevent_user_existence_errors,
+      :enable_token_revocation)
       SENSITIVE = [:client_id, :client_secret]
       include Aws::Structure
     end
@@ -10172,7 +10283,7 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] lambda_config
-    #   The AWS Lambda configuration information in a user pool description.
+    #   The Lambda configuration information in a user pool description.
     #   @return [Types::LambdaConfigType]
     #
     # @!attribute [rw] status
@@ -10257,7 +10368,7 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::UserPoolPolicyType]
     #
     # @!attribute [rw] lambda_config
-    #   The AWS Lambda triggers associated with the user pool.
+    #   The Lambda triggers associated with the user pool.
     #   @return [Types::LambdaConfigType]
     #
     # @!attribute [rw] status
@@ -10348,6 +10459,24 @@ module Aws::CognitoIdentityProvider
     # @!attribute [rw] sms_configuration_failure
     #   The reason why the SMS configuration cannot send the messages to
     #   your users.
+    #
+    #   This message might include comma-separated values to describe why
+    #   your SMS configuration can't send messages to user pool end users.
+    #
+    #   * InvalidSmsRoleAccessPolicyException - The IAM role which Cognito
+    #     uses to send SMS messages is not properly configured. For more
+    #     information, see [SmsConfigurationType][1].
+    #
+    #   * SNSSandbox - The account is in SNS Sandbox and messages won’t
+    #     reach unverified end users. This parameter won’t get populated
+    #     with SNSSandbox if the IAM user creating the user pool doesn’t
+    #     have SNS permissions. To learn how to move your account out of the
+    #     sandbox, see [Moving out of the SMS sandbox][2].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SmsConfigurationType.html
+    #   [2]: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox-moving-to-production.html
     #   @return [String]
     #
     # @!attribute [rw] email_configuration_failure