aws-sdk-cognitoidentityprovider 1.51.0 → 1.55.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -345,6 +345,8 @@ module Aws::CognitoIdentityProvider
345
345
  ResourceServersListType = Shapes::ListShape.new(name: 'ResourceServersListType')
346
346
  RespondToAuthChallengeRequest = Shapes::StructureShape.new(name: 'RespondToAuthChallengeRequest')
347
347
  RespondToAuthChallengeResponse = Shapes::StructureShape.new(name: 'RespondToAuthChallengeResponse')
348
+ RevokeTokenRequest = Shapes::StructureShape.new(name: 'RevokeTokenRequest')
349
+ RevokeTokenResponse = Shapes::StructureShape.new(name: 'RevokeTokenResponse')
348
350
  RiskConfigurationType = Shapes::StructureShape.new(name: 'RiskConfigurationType')
349
351
  RiskDecisionType = Shapes::StringShape.new(name: 'RiskDecisionType')
350
352
  RiskExceptionConfigurationType = Shapes::StructureShape.new(name: 'RiskExceptionConfigurationType')
@@ -401,8 +403,11 @@ module Aws::CognitoIdentityProvider
401
403
  TooManyFailedAttemptsException = Shapes::StructureShape.new(name: 'TooManyFailedAttemptsException')
402
404
  TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
403
405
  UICustomizationType = Shapes::StructureShape.new(name: 'UICustomizationType')
406
+ UnauthorizedException = Shapes::StructureShape.new(name: 'UnauthorizedException')
404
407
  UnexpectedLambdaException = Shapes::StructureShape.new(name: 'UnexpectedLambdaException')
405
408
  UnsupportedIdentityProviderException = Shapes::StructureShape.new(name: 'UnsupportedIdentityProviderException')
409
+ UnsupportedOperationException = Shapes::StructureShape.new(name: 'UnsupportedOperationException')
410
+ UnsupportedTokenTypeException = Shapes::StructureShape.new(name: 'UnsupportedTokenTypeException')
406
411
  UnsupportedUserStateException = Shapes::StructureShape.new(name: 'UnsupportedUserStateException')
407
412
  UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
408
413
  UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
@@ -917,6 +922,7 @@ module Aws::CognitoIdentityProvider
917
922
  CreateUserPoolClientRequest.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient"))
918
923
  CreateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
919
924
  CreateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
925
+ CreateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
920
926
  CreateUserPoolClientRequest.struct_class = Types::CreateUserPoolClientRequest
921
927
 
922
928
  CreateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1506,6 +1512,13 @@ module Aws::CognitoIdentityProvider
1506
1512
  RespondToAuthChallengeResponse.add_member(:authentication_result, Shapes::ShapeRef.new(shape: AuthenticationResultType, location_name: "AuthenticationResult"))
1507
1513
  RespondToAuthChallengeResponse.struct_class = Types::RespondToAuthChallengeResponse
1508
1514
 
1515
+ RevokeTokenRequest.add_member(:token, Shapes::ShapeRef.new(shape: TokenModelType, required: true, location_name: "Token"))
1516
+ RevokeTokenRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, required: true, location_name: "ClientId"))
1517
+ RevokeTokenRequest.add_member(:client_secret, Shapes::ShapeRef.new(shape: ClientSecretType, location_name: "ClientSecret"))
1518
+ RevokeTokenRequest.struct_class = Types::RevokeTokenRequest
1519
+
1520
+ RevokeTokenResponse.struct_class = Types::RevokeTokenResponse
1521
+
1509
1522
  RiskConfigurationType.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "UserPoolId"))
1510
1523
  RiskConfigurationType.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, location_name: "ClientId"))
1511
1524
  RiskConfigurationType.add_member(:compromised_credentials_risk_configuration, Shapes::ShapeRef.new(shape: CompromisedCredentialsRiskConfigurationType, location_name: "CompromisedCredentialsRiskConfiguration"))
@@ -1665,12 +1678,21 @@ module Aws::CognitoIdentityProvider
1665
1678
  UICustomizationType.add_member(:creation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "CreationDate"))
1666
1679
  UICustomizationType.struct_class = Types::UICustomizationType
1667
1680
 
1681
+ UnauthorizedException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1682
+ UnauthorizedException.struct_class = Types::UnauthorizedException
1683
+
1668
1684
  UnexpectedLambdaException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1669
1685
  UnexpectedLambdaException.struct_class = Types::UnexpectedLambdaException
1670
1686
 
1671
1687
  UnsupportedIdentityProviderException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1672
1688
  UnsupportedIdentityProviderException.struct_class = Types::UnsupportedIdentityProviderException
1673
1689
 
1690
+ UnsupportedOperationException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1691
+ UnsupportedOperationException.struct_class = Types::UnsupportedOperationException
1692
+
1693
+ UnsupportedTokenTypeException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1694
+ UnsupportedTokenTypeException.struct_class = Types::UnsupportedTokenTypeException
1695
+
1674
1696
  UnsupportedUserStateException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1675
1697
  UnsupportedUserStateException.struct_class = Types::UnsupportedUserStateException
1676
1698
 
@@ -1752,6 +1774,7 @@ module Aws::CognitoIdentityProvider
1752
1774
  UpdateUserPoolClientRequest.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient"))
1753
1775
  UpdateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
1754
1776
  UpdateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
1777
+ UpdateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
1755
1778
  UpdateUserPoolClientRequest.struct_class = Types::UpdateUserPoolClientRequest
1756
1779
 
1757
1780
  UpdateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1855,6 +1878,7 @@ module Aws::CognitoIdentityProvider
1855
1878
  UserPoolClientType.add_member(:allowed_o_auth_flows_user_pool_client, Shapes::ShapeRef.new(shape: BooleanType, location_name: "AllowedOAuthFlowsUserPoolClient", metadata: {"box"=>true}))
1856
1879
  UserPoolClientType.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
1857
1880
  UserPoolClientType.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
1881
+ UserPoolClientType.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
1858
1882
  UserPoolClientType.struct_class = Types::UserPoolClientType
1859
1883
 
1860
1884
  UserPoolDescriptionType.add_member(:id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "Id"))
@@ -3276,6 +3300,20 @@ module Aws::CognitoIdentityProvider
3276
3300
  o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
3277
3301
  end)
3278
3302
 
3303
+ api.add_operation(:revoke_token, Seahorse::Model::Operation.new.tap do |o|
3304
+ o.name = "RevokeToken"
3305
+ o.http_method = "POST"
3306
+ o.http_request_uri = "/"
3307
+ o.input = Shapes::ShapeRef.new(shape: RevokeTokenRequest)
3308
+ o.output = Shapes::ShapeRef.new(shape: RevokeTokenResponse)
3309
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
3310
+ o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3311
+ o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
3312
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
3313
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
3314
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedTokenTypeException)
3315
+ end)
3316
+
3279
3317
  api.add_operation(:set_risk_configuration, Seahorse::Model::Operation.new.tap do |o|
3280
3318
  o.name = "SetRiskConfiguration"
3281
3319
  o.http_method = "POST"
@@ -54,8 +54,11 @@ module Aws::CognitoIdentityProvider
54
54
  # * {SoftwareTokenMFANotFoundException}
55
55
  # * {TooManyFailedAttemptsException}
56
56
  # * {TooManyRequestsException}
57
+ # * {UnauthorizedException}
57
58
  # * {UnexpectedLambdaException}
58
59
  # * {UnsupportedIdentityProviderException}
60
+ # * {UnsupportedOperationException}
61
+ # * {UnsupportedTokenTypeException}
59
62
  # * {UnsupportedUserStateException}
60
63
  # * {UserImportInProgressException}
61
64
  # * {UserLambdaValidationException}
@@ -476,6 +479,21 @@ module Aws::CognitoIdentityProvider
476
479
  end
477
480
  end
478
481
 
482
+ class UnauthorizedException < ServiceError
483
+
484
+ # @param [Seahorse::Client::RequestContext] context
485
+ # @param [String] message
486
+ # @param [Aws::CognitoIdentityProvider::Types::UnauthorizedException] data
487
+ def initialize(context, message, data = Aws::EmptyStructure.new)
488
+ super(context, message, data)
489
+ end
490
+
491
+ # @return [String]
492
+ def message
493
+ @message || @data[:message]
494
+ end
495
+ end
496
+
479
497
  class UnexpectedLambdaException < ServiceError
480
498
 
481
499
  # @param [Seahorse::Client::RequestContext] context
@@ -506,6 +524,36 @@ module Aws::CognitoIdentityProvider
506
524
  end
507
525
  end
508
526
 
527
+ class UnsupportedOperationException < ServiceError
528
+
529
+ # @param [Seahorse::Client::RequestContext] context
530
+ # @param [String] message
531
+ # @param [Aws::CognitoIdentityProvider::Types::UnsupportedOperationException] data
532
+ def initialize(context, message, data = Aws::EmptyStructure.new)
533
+ super(context, message, data)
534
+ end
535
+
536
+ # @return [String]
537
+ def message
538
+ @message || @data[:message]
539
+ end
540
+ end
541
+
542
+ class UnsupportedTokenTypeException < ServiceError
543
+
544
+ # @param [Seahorse::Client::RequestContext] context
545
+ # @param [String] message
546
+ # @param [Aws::CognitoIdentityProvider::Types::UnsupportedTokenTypeException] data
547
+ def initialize(context, message, data = Aws::EmptyStructure.new)
548
+ super(context, message, data)
549
+ end
550
+
551
+ # @return [String]
552
+ def message
553
+ @message || @data[:message]
554
+ end
555
+ end
556
+
509
557
  class UnsupportedUserStateException < ServiceError
510
558
 
511
559
  # @param [Seahorse::Client::RequestContext] context
@@ -283,14 +283,14 @@ module Aws::CognitoIdentityProvider
283
283
  # any custom workflows that this action triggers.
284
284
  #
285
285
  # If your user pool configuration includes triggers, the
286
- # AdminConfirmSignUp API action invokes the AWS Lambda function that
287
- # is specified for the *post confirmation* trigger. When Amazon
288
- # Cognito invokes this function, it passes a JSON payload, which the
289
- # function receives as input. In this payload, the `clientMetadata`
290
- # attribute provides the data that you assigned to the ClientMetadata
291
- # parameter in your AdminConfirmSignUp request. In your function code
292
- # in AWS Lambda, you can process the ClientMetadata value to enhance
293
- # your workflow for your specific needs.
286
+ # AdminConfirmSignUp API action invokes the Lambda function that is
287
+ # specified for the *post confirmation* trigger. When Amazon Cognito
288
+ # invokes this function, it passes a JSON payload, which the function
289
+ # receives as input. In this payload, the `clientMetadata` attribute
290
+ # provides the data that you assigned to the ClientMetadata parameter
291
+ # in your AdminConfirmSignUp request. In your function code in Lambda,
292
+ # you can process the ClientMetadata value to enhance your workflow
293
+ # for your specific needs.
294
294
  #
295
295
  # For more information, see [Customizing User Pool Workflows with
296
296
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -299,10 +299,10 @@ module Aws::CognitoIdentityProvider
299
299
  # ClientMetadata parameter:
300
300
  #
301
301
  # * Amazon Cognito does not store the ClientMetadata value. This data
302
- # is available only to AWS Lambda triggers that are assigned to a
303
- # user pool to support custom workflows. If your user pool
304
- # configuration does not include triggers, the ClientMetadata
305
- # parameter serves no purpose.
302
+ # is available only to Lambda triggers that are assigned to a user
303
+ # pool to support custom workflows. If your user pool configuration
304
+ # does not include triggers, the ClientMetadata parameter serves no
305
+ # purpose.
306
306
  #
307
307
  # * Amazon Cognito does not validate the ClientMetadata value.
308
308
  #
@@ -532,16 +532,16 @@ module Aws::CognitoIdentityProvider
532
532
  # A map of custom key-value pairs that you can provide as input for
533
533
  # any custom workflows that this action triggers.
534
534
  #
535
- # You create custom workflows by assigning AWS Lambda functions to
536
- # user pool triggers. When you use the AdminCreateUser API action,
537
- # Amazon Cognito invokes the function that is assigned to the *pre
538
- # sign-up* trigger. When Amazon Cognito invokes this function, it
539
- # passes a JSON payload, which the function receives as input. This
540
- # payload contains a `clientMetadata` attribute, which provides the
541
- # data that you assigned to the ClientMetadata parameter in your
542
- # AdminCreateUser request. In your function code in AWS Lambda, you
543
- # can process the `clientMetadata` value to enhance your workflow for
544
- # your specific needs.
535
+ # You create custom workflows by assigning Lambda functions to user
536
+ # pool triggers. When you use the AdminCreateUser API action, Amazon
537
+ # Cognito invokes the function that is assigned to the *pre sign-up*
538
+ # trigger. When Amazon Cognito invokes this function, it passes a JSON
539
+ # payload, which the function receives as input. This payload contains
540
+ # a `clientMetadata` attribute, which provides the data that you
541
+ # assigned to the ClientMetadata parameter in your AdminCreateUser
542
+ # request. In your function code in Lambda, you can process the
543
+ # `clientMetadata` value to enhance your workflow for your specific
544
+ # needs.
545
545
  #
546
546
  # For more information, see [Customizing User Pool Workflows with
547
547
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -550,10 +550,10 @@ module Aws::CognitoIdentityProvider
550
550
  # ClientMetadata parameter:
551
551
  #
552
552
  # * Amazon Cognito does not store the ClientMetadata value. This data
553
- # is available only to AWS Lambda triggers that are assigned to a
554
- # user pool to support custom workflows. If your user pool
555
- # configuration does not include triggers, the ClientMetadata
556
- # parameter serves no purpose.
553
+ # is available only to Lambda triggers that are assigned to a user
554
+ # pool to support custom workflows. If your user pool configuration
555
+ # does not include triggers, the ClientMetadata parameter serves no
556
+ # purpose.
557
557
  #
558
558
  # * Amazon Cognito does not validate the ClientMetadata value.
559
559
  #
@@ -1068,11 +1068,11 @@ module Aws::CognitoIdentityProvider
1068
1068
  # A map of custom key-value pairs that you can provide as input for
1069
1069
  # certain custom workflows that this action triggers.
1070
1070
  #
1071
- # You create custom workflows by assigning AWS Lambda functions to
1072
- # user pool triggers. When you use the AdminInitiateAuth API action,
1073
- # Amazon Cognito invokes the AWS Lambda functions that are specified
1074
- # for various triggers. The ClientMetadata value is passed as input to
1075
- # the functions for only the following triggers:
1071
+ # You create custom workflows by assigning Lambda functions to user
1072
+ # pool triggers. When you use the AdminInitiateAuth API action, Amazon
1073
+ # Cognito invokes the Lambda functions that are specified for various
1074
+ # triggers. The ClientMetadata value is passed as input to the
1075
+ # functions for only the following triggers:
1076
1076
  #
1077
1077
  # * Pre signup
1078
1078
  #
@@ -1084,9 +1084,9 @@ module Aws::CognitoIdentityProvider
1084
1084
  # passes a JSON payload, which the function receives as input. This
1085
1085
  # payload contains a `validationData` attribute, which provides the
1086
1086
  # data that you assigned to the ClientMetadata parameter in your
1087
- # AdminInitiateAuth request. In your function code in AWS Lambda, you
1088
- # can process the `validationData` value to enhance your workflow for
1089
- # your specific needs.
1087
+ # AdminInitiateAuth request. In your function code in Lambda, you can
1088
+ # process the `validationData` value to enhance your workflow for your
1089
+ # specific needs.
1090
1090
  #
1091
1091
  # When you use the AdminInitiateAuth API action, Amazon Cognito also
1092
1092
  # invokes the functions for the following triggers, but it does not
@@ -1111,10 +1111,10 @@ module Aws::CognitoIdentityProvider
1111
1111
  # ClientMetadata parameter:
1112
1112
  #
1113
1113
  # * Amazon Cognito does not store the ClientMetadata value. This data
1114
- # is available only to AWS Lambda triggers that are assigned to a
1115
- # user pool to support custom workflows. If your user pool
1116
- # configuration does not include triggers, the ClientMetadata
1117
- # parameter serves no purpose.
1114
+ # is available only to Lambda triggers that are assigned to a user
1115
+ # pool to support custom workflows. If your user pool configuration
1116
+ # does not include triggers, the ClientMetadata parameter serves no
1117
+ # purpose.
1118
1118
  #
1119
1119
  # * Amazon Cognito does not validate the ClientMetadata value.
1120
1120
  #
@@ -1562,16 +1562,16 @@ module Aws::CognitoIdentityProvider
1562
1562
  # A map of custom key-value pairs that you can provide as input for
1563
1563
  # any custom workflows that this action triggers.
1564
1564
  #
1565
- # You create custom workflows by assigning AWS Lambda functions to
1566
- # user pool triggers. When you use the AdminResetUserPassword API
1567
- # action, Amazon Cognito invokes the function that is assigned to the
1568
- # *custom message* trigger. When Amazon Cognito invokes this function,
1569
- # it passes a JSON payload, which the function receives as input. This
1565
+ # You create custom workflows by assigning Lambda functions to user
1566
+ # pool triggers. When you use the AdminResetUserPassword API action,
1567
+ # Amazon Cognito invokes the function that is assigned to the *custom
1568
+ # message* trigger. When Amazon Cognito invokes this function, it
1569
+ # passes a JSON payload, which the function receives as input. This
1570
1570
  # payload contains a `clientMetadata` attribute, which provides the
1571
1571
  # data that you assigned to the ClientMetadata parameter in your
1572
- # AdminResetUserPassword request. In your function code in AWS Lambda,
1573
- # you can process the `clientMetadata` value to enhance your workflow
1574
- # for your specific needs.
1572
+ # AdminResetUserPassword request. In your function code in Lambda, you
1573
+ # can process the `clientMetadata` value to enhance your workflow for
1574
+ # your specific needs.
1575
1575
  #
1576
1576
  # For more information, see [Customizing User Pool Workflows with
1577
1577
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -1580,10 +1580,10 @@ module Aws::CognitoIdentityProvider
1580
1580
  # ClientMetadata parameter:
1581
1581
  #
1582
1582
  # * Amazon Cognito does not store the ClientMetadata value. This data
1583
- # is available only to AWS Lambda triggers that are assigned to a
1584
- # user pool to support custom workflows. If your user pool
1585
- # configuration does not include triggers, the ClientMetadata
1586
- # parameter serves no purpose.
1583
+ # is available only to Lambda triggers that are assigned to a user
1584
+ # pool to support custom workflows. If your user pool configuration
1585
+ # does not include triggers, the ClientMetadata parameter serves no
1586
+ # purpose.
1587
1587
  #
1588
1588
  # * Amazon Cognito does not validate the ClientMetadata value.
1589
1589
  #
@@ -1718,8 +1718,8 @@ module Aws::CognitoIdentityProvider
1718
1718
  # A map of custom key-value pairs that you can provide as input for
1719
1719
  # any custom workflows that this action triggers.
1720
1720
  #
1721
- # You create custom workflows by assigning AWS Lambda functions to
1722
- # user pool triggers. When you use the AdminRespondToAuthChallenge API
1721
+ # You create custom workflows by assigning Lambda functions to user
1722
+ # pool triggers. When you use the AdminRespondToAuthChallenge API
1723
1723
  # action, Amazon Cognito invokes any functions that are assigned to
1724
1724
  # the following triggers: *pre sign-up*, *custom message*, *post
1725
1725
  # authentication*, *user migration*, *pre token generation*, *define
@@ -1728,7 +1728,7 @@ module Aws::CognitoIdentityProvider
1728
1728
  # passes a JSON payload, which the function receives as input. This
1729
1729
  # payload contains a `clientMetadata` attribute, which provides the
1730
1730
  # data that you assigned to the ClientMetadata parameter in your
1731
- # AdminRespondToAuthChallenge request. In your function code in AWS
1731
+ # AdminRespondToAuthChallenge request. In your function code in
1732
1732
  # Lambda, you can process the `clientMetadata` value to enhance your
1733
1733
  # workflow for your specific needs.
1734
1734
  #
@@ -1739,10 +1739,10 @@ module Aws::CognitoIdentityProvider
1739
1739
  # ClientMetadata parameter:
1740
1740
  #
1741
1741
  # * Amazon Cognito does not store the ClientMetadata value. This data
1742
- # is available only to AWS Lambda triggers that are assigned to a
1743
- # user pool to support custom workflows. If your user pool
1744
- # configuration does not include triggers, the ClientMetadata
1745
- # parameter serves no purpose.
1742
+ # is available only to Lambda triggers that are assigned to a user
1743
+ # pool to support custom workflows. If your user pool configuration
1744
+ # does not include triggers, the ClientMetadata parameter serves no
1745
+ # purpose.
1746
1746
  #
1747
1747
  # * Amazon Cognito does not validate the ClientMetadata value.
1748
1748
  #
@@ -2080,16 +2080,16 @@ module Aws::CognitoIdentityProvider
2080
2080
  # A map of custom key-value pairs that you can provide as input for
2081
2081
  # any custom workflows that this action triggers.
2082
2082
  #
2083
- # You create custom workflows by assigning AWS Lambda functions to
2084
- # user pool triggers. When you use the AdminUpdateUserAttributes API
2083
+ # You create custom workflows by assigning Lambda functions to user
2084
+ # pool triggers. When you use the AdminUpdateUserAttributes API
2085
2085
  # action, Amazon Cognito invokes the function that is assigned to the
2086
2086
  # *custom message* trigger. When Amazon Cognito invokes this function,
2087
2087
  # it passes a JSON payload, which the function receives as input. This
2088
2088
  # payload contains a `clientMetadata` attribute, which provides the
2089
2089
  # data that you assigned to the ClientMetadata parameter in your
2090
- # AdminUpdateUserAttributes request. In your function code in AWS
2091
- # Lambda, you can process the `clientMetadata` value to enhance your
2092
- # workflow for your specific needs.
2090
+ # AdminUpdateUserAttributes request. In your function code in Lambda,
2091
+ # you can process the `clientMetadata` value to enhance your workflow
2092
+ # for your specific needs.
2093
2093
  #
2094
2094
  # For more information, see [Customizing User Pool Workflows with
2095
2095
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -2098,10 +2098,10 @@ module Aws::CognitoIdentityProvider
2098
2098
  # ClientMetadata parameter:
2099
2099
  #
2100
2100
  # * Amazon Cognito does not store the ClientMetadata value. This data
2101
- # is available only to AWS Lambda triggers that are assigned to a
2102
- # user pool to support custom workflows. If your user pool
2103
- # configuration does not include triggers, the ClientMetadata
2104
- # parameter serves no purpose.
2101
+ # is available only to Lambda triggers that are assigned to a user
2102
+ # pool to support custom workflows. If your user pool configuration
2103
+ # does not include triggers, the ClientMetadata parameter serves no
2104
+ # purpose.
2105
2105
  #
2106
2106
  # * Amazon Cognito does not validate the ClientMetadata value.
2107
2107
  #
@@ -2738,16 +2738,16 @@ module Aws::CognitoIdentityProvider
2738
2738
  # A map of custom key-value pairs that you can provide as input for
2739
2739
  # any custom workflows that this action triggers.
2740
2740
  #
2741
- # You create custom workflows by assigning AWS Lambda functions to
2742
- # user pool triggers. When you use the ConfirmForgotPassword API
2743
- # action, Amazon Cognito invokes the function that is assigned to the
2744
- # *post confirmation* trigger. When Amazon Cognito invokes this
2745
- # function, it passes a JSON payload, which the function receives as
2746
- # input. This payload contains a `clientMetadata` attribute, which
2747
- # provides the data that you assigned to the ClientMetadata parameter
2748
- # in your ConfirmForgotPassword request. In your function code in AWS
2749
- # Lambda, you can process the `clientMetadata` value to enhance your
2750
- # workflow for your specific needs.
2741
+ # You create custom workflows by assigning Lambda functions to user
2742
+ # pool triggers. When you use the ConfirmForgotPassword API action,
2743
+ # Amazon Cognito invokes the function that is assigned to the *post
2744
+ # confirmation* trigger. When Amazon Cognito invokes this function, it
2745
+ # passes a JSON payload, which the function receives as input. This
2746
+ # payload contains a `clientMetadata` attribute, which provides the
2747
+ # data that you assigned to the ClientMetadata parameter in your
2748
+ # ConfirmForgotPassword request. In your function code in Lambda, you
2749
+ # can process the `clientMetadata` value to enhance your workflow for
2750
+ # your specific needs.
2751
2751
  #
2752
2752
  # For more information, see [Customizing User Pool Workflows with
2753
2753
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -2756,10 +2756,10 @@ module Aws::CognitoIdentityProvider
2756
2756
  # ClientMetadata parameter:
2757
2757
  #
2758
2758
  # * Amazon Cognito does not store the ClientMetadata value. This data
2759
- # is available only to AWS Lambda triggers that are assigned to a
2760
- # user pool to support custom workflows. If your user pool
2761
- # configuration does not include triggers, the ClientMetadata
2762
- # parameter serves no purpose.
2759
+ # is available only to Lambda triggers that are assigned to a user
2760
+ # pool to support custom workflows. If your user pool configuration
2761
+ # does not include triggers, the ClientMetadata parameter serves no
2762
+ # purpose.
2763
2763
  #
2764
2764
  # * Amazon Cognito does not validate the ClientMetadata value.
2765
2765
  #
@@ -2861,14 +2861,14 @@ module Aws::CognitoIdentityProvider
2861
2861
  # A map of custom key-value pairs that you can provide as input for
2862
2862
  # any custom workflows that this action triggers.
2863
2863
  #
2864
- # You create custom workflows by assigning AWS Lambda functions to
2865
- # user pool triggers. When you use the ConfirmSignUp API action,
2866
- # Amazon Cognito invokes the function that is assigned to the *post
2864
+ # You create custom workflows by assigning Lambda functions to user
2865
+ # pool triggers. When you use the ConfirmSignUp API action, Amazon
2866
+ # Cognito invokes the function that is assigned to the *post
2867
2867
  # confirmation* trigger. When Amazon Cognito invokes this function, it
2868
2868
  # passes a JSON payload, which the function receives as input. This
2869
2869
  # payload contains a `clientMetadata` attribute, which provides the
2870
2870
  # data that you assigned to the ClientMetadata parameter in your
2871
- # ConfirmSignUp request. In your function code in AWS Lambda, you can
2871
+ # ConfirmSignUp request. In your function code in Lambda, you can
2872
2872
  # process the `clientMetadata` value to enhance your workflow for your
2873
2873
  # specific needs.
2874
2874
  #
@@ -2879,10 +2879,10 @@ module Aws::CognitoIdentityProvider
2879
2879
  # ClientMetadata parameter:
2880
2880
  #
2881
2881
  # * Amazon Cognito does not store the ClientMetadata value. This data
2882
- # is available only to AWS Lambda triggers that are assigned to a
2883
- # user pool to support custom workflows. If your user pool
2884
- # configuration does not include triggers, the ClientMetadata
2885
- # parameter serves no purpose.
2882
+ # is available only to Lambda triggers that are assigned to a user
2883
+ # pool to support custom workflows. If your user pool configuration
2884
+ # does not include triggers, the ClientMetadata parameter serves no
2885
+ # purpose.
2886
2886
  #
2887
2887
  # * Amazon Cognito does not validate the ClientMetadata value.
2888
2888
  #
@@ -3310,6 +3310,7 @@ module Aws::CognitoIdentityProvider
3310
3310
  # user_data_shared: false,
3311
3311
  # },
3312
3312
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
3313
+ # enable_token_revocation: false,
3313
3314
  # }
3314
3315
  #
3315
3316
  # @!attribute [rw] user_pool_id
@@ -3472,8 +3473,8 @@ module Aws::CognitoIdentityProvider
3472
3473
  # @!attribute [rw] allowed_o_auth_scopes
3473
3474
  # The allowed OAuth scopes. Possible values provided by OAuth are:
3474
3475
  # `phone`, `email`, `openid`, and `profile`. Possible values provided
3475
- # by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
3476
- # in Resource Servers are also supported.
3476
+ # by Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
3477
+ # scopes created in Resource Servers are also supported.
3477
3478
  # @return [Array<String>]
3478
3479
  #
3479
3480
  # @!attribute [rw] allowed_o_auth_flows_user_pool_client
@@ -3518,6 +3519,18 @@ module Aws::CognitoIdentityProvider
3518
3519
  # </note>
3519
3520
  # @return [String]
3520
3521
  #
3522
+ # @!attribute [rw] enable_token_revocation
3523
+ # Enables or disables token revocation. For more information about
3524
+ # revoking tokens, see [RevokeToken][1].
3525
+ #
3526
+ # If you don't include this parameter, token revocation is
3527
+ # automatically enabled for the new user pool client.
3528
+ #
3529
+ #
3530
+ #
3531
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
3532
+ # @return [Boolean]
3533
+ #
3521
3534
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClientRequest AWS API Documentation
3522
3535
  #
3523
3536
  class CreateUserPoolClientRequest < Struct.new(
@@ -3539,7 +3552,8 @@ module Aws::CognitoIdentityProvider
3539
3552
  :allowed_o_auth_scopes,
3540
3553
  :allowed_o_auth_flows_user_pool_client,
3541
3554
  :analytics_configuration,
3542
- :prevent_user_existence_errors)
3555
+ :prevent_user_existence_errors,
3556
+ :enable_token_revocation)
3543
3557
  SENSITIVE = []
3544
3558
  include Aws::Structure
3545
3559
  end
@@ -3751,7 +3765,7 @@ module Aws::CognitoIdentityProvider
3751
3765
  # For more information on using the Lambda API to add permission, see
3752
3766
  # [ AddPermission ][1].
3753
3767
  #
3754
- # For adding permission using the AWS CLI, see [ add-permission ][2].
3768
+ # For adding permission using the CLI, see [ add-permission ][2].
3755
3769
  #
3756
3770
  # </note>
3757
3771
  #
@@ -3922,7 +3936,7 @@ module Aws::CognitoIdentityProvider
3922
3936
  # }
3923
3937
  #
3924
3938
  # @!attribute [rw] certificate_arn
3925
- # The Amazon Resource Name (ARN) of an AWS Certificate Manager SSL
3939
+ # The Amazon Resource Name (ARN) of an Certificate Manager SSL
3926
3940
  # certificate. You use this certificate for the subdomain of your
3927
3941
  # custom domain.
3928
3942
  # @return [String]
@@ -4566,7 +4580,7 @@ module Aws::CognitoIdentityProvider
4566
4580
  # @return [String]
4567
4581
  #
4568
4582
  # @!attribute [rw] aws_account_id
4569
- # The AWS account ID for the user pool owner.
4583
+ # The account ID for the user pool owner.
4570
4584
  # @return [String]
4571
4585
  #
4572
4586
  # @!attribute [rw] domain
@@ -4716,7 +4730,7 @@ module Aws::CognitoIdentityProvider
4716
4730
  # configuration. Amazon Cognito calls Amazon SES on your behalf to
4717
4731
  # send email from your verified email address. When you use this
4718
4732
  # option, the email delivery limits are the same limits that apply
4719
- # to your Amazon SES verified email address in your AWS account.
4733
+ # to your Amazon SES verified email address in your account.
4720
4734
  #
4721
4735
  # If you use this option, you must provide the ARN of an Amazon SES
4722
4736
  # verified email address for the `SourceArn` parameter.
@@ -4724,7 +4738,7 @@ module Aws::CognitoIdentityProvider
4724
4738
  # Before Amazon Cognito can email your users, it requires additional
4725
4739
  # permissions to call Amazon SES on your behalf. When you update
4726
4740
  # your user pool with this option, Amazon Cognito creates a
4727
- # *service-linked role*, which is a type of IAM role, in your AWS
4741
+ # *service-linked role*, which is a type of IAM role, in your
4728
4742
  # account. This role contains the permissions that allow Amazon
4729
4743
  # Cognito to access Amazon SES and send email messages with your
4730
4744
  # address. For more information about the service-linked role that
@@ -4755,7 +4769,7 @@ module Aws::CognitoIdentityProvider
4755
4769
  # * Event publishing – Amazon SES can track the number of send,
4756
4770
  # delivery, open, click, bounce, and complaint events for each email
4757
4771
  # sent. Use event publishing to send information about these events
4758
- # to other AWS services such as SNS and CloudWatch.
4772
+ # to other Amazon Web Services services such as SNS and CloudWatch.
4759
4773
  #
4760
4774
  # * IP pool management – When leasing dedicated IP addresses with
4761
4775
  # Amazon SES, you can create groups of IP addresses, called
@@ -4965,17 +4979,17 @@ module Aws::CognitoIdentityProvider
4965
4979
  # A map of custom key-value pairs that you can provide as input for
4966
4980
  # any custom workflows that this action triggers.
4967
4981
  #
4968
- # You create custom workflows by assigning AWS Lambda functions to
4969
- # user pool triggers. When you use the ForgotPassword API action,
4970
- # Amazon Cognito invokes any functions that are assigned to the
4971
- # following triggers: *pre sign-up*, *custom message*, and *user
4972
- # migration*. When Amazon Cognito invokes any of these functions, it
4973
- # passes a JSON payload, which the function receives as input. This
4974
- # payload contains a `clientMetadata` attribute, which provides the
4975
- # data that you assigned to the ClientMetadata parameter in your
4976
- # ForgotPassword request. In your function code in AWS Lambda, you can
4977
- # process the `clientMetadata` value to enhance your workflow for your
4978
- # specific needs.
4982
+ # You create custom workflows by assigning Lambda functions to user
4983
+ # pool triggers. When you use the ForgotPassword API action, Amazon
4984
+ # Cognito invokes any functions that are assigned to the following
4985
+ # triggers: *pre sign-up*, *custom message*, and *user migration*.
4986
+ # When Amazon Cognito invokes any of these functions, it passes a JSON
4987
+ # payload, which the function receives as input. This payload contains
4988
+ # a `clientMetadata` attribute, which provides the data that you
4989
+ # assigned to the ClientMetadata parameter in your ForgotPassword
4990
+ # request. In your function code in Lambda, you can process the
4991
+ # `clientMetadata` value to enhance your workflow for your specific
4992
+ # needs.
4979
4993
  #
4980
4994
  # For more information, see [Customizing User Pool Workflows with
4981
4995
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -4984,10 +4998,10 @@ module Aws::CognitoIdentityProvider
4984
4998
  # ClientMetadata parameter:
4985
4999
  #
4986
5000
  # * Amazon Cognito does not store the ClientMetadata value. This data
4987
- # is available only to AWS Lambda triggers that are assigned to a
4988
- # user pool to support custom workflows. If your user pool
4989
- # configuration does not include triggers, the ClientMetadata
4990
- # parameter serves no purpose.
5001
+ # is available only to Lambda triggers that are assigned to a user
5002
+ # pool to support custom workflows. If your user pool configuration
5003
+ # does not include triggers, the ClientMetadata parameter serves no
5004
+ # purpose.
4991
5005
  #
4992
5006
  # * Amazon Cognito does not validate the ClientMetadata value.
4993
5007
  #
@@ -5288,17 +5302,16 @@ module Aws::CognitoIdentityProvider
5288
5302
  # A map of custom key-value pairs that you can provide as input for
5289
5303
  # any custom workflows that this action triggers.
5290
5304
  #
5291
- # You create custom workflows by assigning AWS Lambda functions to
5292
- # user pool triggers. When you use the
5293
- # GetUserAttributeVerificationCode API action, Amazon Cognito invokes
5294
- # the function that is assigned to the *custom message* trigger. When
5295
- # Amazon Cognito invokes this function, it passes a JSON payload,
5296
- # which the function receives as input. This payload contains a
5297
- # `clientMetadata` attribute, which provides the data that you
5298
- # assigned to the ClientMetadata parameter in your
5305
+ # You create custom workflows by assigning Lambda functions to user
5306
+ # pool triggers. When you use the GetUserAttributeVerificationCode API
5307
+ # action, Amazon Cognito invokes the function that is assigned to the
5308
+ # *custom message* trigger. When Amazon Cognito invokes this function,
5309
+ # it passes a JSON payload, which the function receives as input. This
5310
+ # payload contains a `clientMetadata` attribute, which provides the
5311
+ # data that you assigned to the ClientMetadata parameter in your
5299
5312
  # GetUserAttributeVerificationCode request. In your function code in
5300
- # AWS Lambda, you can process the `clientMetadata` value to enhance
5301
- # your workflow for your specific needs.
5313
+ # Lambda, you can process the `clientMetadata` value to enhance your
5314
+ # workflow for your specific needs.
5302
5315
  #
5303
5316
  # For more information, see [Customizing User Pool Workflows with
5304
5317
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -5307,10 +5320,10 @@ module Aws::CognitoIdentityProvider
5307
5320
  # ClientMetadata parameter:
5308
5321
  #
5309
5322
  # * Amazon Cognito does not store the ClientMetadata value. This data
5310
- # is available only to AWS Lambda triggers that are assigned to a
5311
- # user pool to support custom workflows. If your user pool
5312
- # configuration does not include triggers, the ClientMetadata
5313
- # parameter serves no purpose.
5323
+ # is available only to Lambda triggers that are assigned to a user
5324
+ # pool to support custom workflows. If your user pool configuration
5325
+ # does not include triggers, the ClientMetadata parameter serves no
5326
+ # purpose.
5314
5327
  #
5315
5328
  # * Amazon Cognito does not validate the ClientMetadata value.
5316
5329
  #
@@ -5664,8 +5677,6 @@ module Aws::CognitoIdentityProvider
5664
5677
  # * jwks\_uri *if not available from discovery URL specified by
5665
5678
  # oidc\_issuer key*
5666
5679
  #
5667
- # * authorize\_scopes
5668
- #
5669
5680
  # * For SAML providers:
5670
5681
  #
5671
5682
  # * MetadataFile OR MetadataURL
@@ -5788,10 +5799,10 @@ module Aws::CognitoIdentityProvider
5788
5799
  # A map of custom key-value pairs that you can provide as input for
5789
5800
  # certain custom workflows that this action triggers.
5790
5801
  #
5791
- # You create custom workflows by assigning AWS Lambda functions to
5792
- # user pool triggers. When you use the InitiateAuth API action, Amazon
5793
- # Cognito invokes the AWS Lambda functions that are specified for
5794
- # various triggers. The ClientMetadata value is passed as input to the
5802
+ # You create custom workflows by assigning Lambda functions to user
5803
+ # pool triggers. When you use the InitiateAuth API action, Amazon
5804
+ # Cognito invokes the Lambda functions that are specified for various
5805
+ # triggers. The ClientMetadata value is passed as input to the
5795
5806
  # functions for only the following triggers:
5796
5807
  #
5797
5808
  # * Pre signup
@@ -5804,7 +5815,7 @@ module Aws::CognitoIdentityProvider
5804
5815
  # passes a JSON payload, which the function receives as input. This
5805
5816
  # payload contains a `validationData` attribute, which provides the
5806
5817
  # data that you assigned to the ClientMetadata parameter in your
5807
- # InitiateAuth request. In your function code in AWS Lambda, you can
5818
+ # InitiateAuth request. In your function code in Lambda, you can
5808
5819
  # process the `validationData` value to enhance your workflow for your
5809
5820
  # specific needs.
5810
5821
  #
@@ -5831,10 +5842,10 @@ module Aws::CognitoIdentityProvider
5831
5842
  # ClientMetadata parameter:
5832
5843
  #
5833
5844
  # * Amazon Cognito does not store the ClientMetadata value. This data
5834
- # is available only to AWS Lambda triggers that are assigned to a
5835
- # user pool to support custom workflows. If your user pool
5836
- # configuration does not include triggers, the ClientMetadata
5837
- # parameter serves no purpose.
5845
+ # is available only to Lambda triggers that are assigned to a user
5846
+ # pool to support custom workflows. If your user pool configuration
5847
+ # does not include triggers, the ClientMetadata parameter serves no
5848
+ # purpose.
5838
5849
  #
5839
5850
  # * Amazon Cognito does not validate the ClientMetadata value.
5840
5851
  #
@@ -5992,11 +6003,11 @@ module Aws::CognitoIdentityProvider
5992
6003
  end
5993
6004
 
5994
6005
  # This exception is thrown when the Amazon Cognito service encounters an
5995
- # invalid AWS Lambda response.
6006
+ # invalid Lambda response.
5996
6007
  #
5997
6008
  # @!attribute [rw] message
5998
6009
  # The message returned when the Amazon Cognito service throws an
5999
- # invalid AWS Lambda response exception.
6010
+ # invalid Lambda response exception.
6000
6011
  # @return [String]
6001
6012
  #
6002
6013
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InvalidLambdaResponseException AWS API Documentation
@@ -6070,7 +6081,7 @@ module Aws::CognitoIdentityProvider
6070
6081
 
6071
6082
  # This exception is thrown when the trust relationship is invalid for
6072
6083
  # the role provided for SMS configuration. This can happen if you do not
6073
- # trust **cognito-idp.amazonaws.com** or the external ID provided in the
6084
+ # trust `cognito-idp.amazonaws.com` or the external ID provided in the
6074
6085
  # role does not match what is provided in the SMS configuration for the
6075
6086
  # user pool.
6076
6087
  #
@@ -6101,7 +6112,7 @@ module Aws::CognitoIdentityProvider
6101
6112
  include Aws::Structure
6102
6113
  end
6103
6114
 
6104
- # Specifies the configuration for AWS Lambda triggers.
6115
+ # Specifies the configuration for Lambda triggers.
6105
6116
  #
6106
6117
  # @note When making an API call, you may pass LambdaConfigType
6107
6118
  # data as a hash:
@@ -6129,23 +6140,23 @@ module Aws::CognitoIdentityProvider
6129
6140
  # }
6130
6141
  #
6131
6142
  # @!attribute [rw] pre_sign_up
6132
- # A pre-registration AWS Lambda trigger.
6143
+ # A pre-registration Lambda trigger.
6133
6144
  # @return [String]
6134
6145
  #
6135
6146
  # @!attribute [rw] custom_message
6136
- # A custom Message AWS Lambda trigger.
6147
+ # A custom Message Lambda trigger.
6137
6148
  # @return [String]
6138
6149
  #
6139
6150
  # @!attribute [rw] post_confirmation
6140
- # A post-confirmation AWS Lambda trigger.
6151
+ # A post-confirmation Lambda trigger.
6141
6152
  # @return [String]
6142
6153
  #
6143
6154
  # @!attribute [rw] pre_authentication
6144
- # A pre-authentication AWS Lambda trigger.
6155
+ # A pre-authentication Lambda trigger.
6145
6156
  # @return [String]
6146
6157
  #
6147
6158
  # @!attribute [rw] post_authentication
6148
- # A post-authentication AWS Lambda trigger.
6159
+ # A post-authentication Lambda trigger.
6149
6160
  # @return [String]
6150
6161
  #
6151
6162
  # @!attribute [rw] define_auth_challenge
@@ -6169,11 +6180,11 @@ module Aws::CognitoIdentityProvider
6169
6180
  # @return [String]
6170
6181
  #
6171
6182
  # @!attribute [rw] custom_sms_sender
6172
- # A custom SMS sender AWS Lambda trigger.
6183
+ # A custom SMS sender Lambda trigger.
6173
6184
  # @return [Types::CustomSMSLambdaVersionConfigType]
6174
6185
  #
6175
6186
  # @!attribute [rw] custom_email_sender
6176
- # A custom email sender AWS Lambda trigger.
6187
+ # A custom email sender Lambda trigger.
6177
6188
  # @return [Types::CustomEmailLambdaVersionConfigType]
6178
6189
  #
6179
6190
  # @!attribute [rw] kms_key_id
@@ -6204,7 +6215,7 @@ module Aws::CognitoIdentityProvider
6204
6215
  end
6205
6216
 
6206
6217
  # This exception is thrown when a user exceeds the limit for a requested
6207
- # AWS resource.
6218
+ # Amazon Web Services resource.
6208
6219
  #
6209
6220
  # @!attribute [rw] message
6210
6221
  # The message returned when Amazon Cognito throws a limit exceeded
@@ -7288,16 +7299,16 @@ module Aws::CognitoIdentityProvider
7288
7299
  # A map of custom key-value pairs that you can provide as input for
7289
7300
  # any custom workflows that this action triggers.
7290
7301
  #
7291
- # You create custom workflows by assigning AWS Lambda functions to
7292
- # user pool triggers. When you use the ResendConfirmationCode API
7293
- # action, Amazon Cognito invokes the function that is assigned to the
7294
- # *custom message* trigger. When Amazon Cognito invokes this function,
7295
- # it passes a JSON payload, which the function receives as input. This
7302
+ # You create custom workflows by assigning Lambda functions to user
7303
+ # pool triggers. When you use the ResendConfirmationCode API action,
7304
+ # Amazon Cognito invokes the function that is assigned to the *custom
7305
+ # message* trigger. When Amazon Cognito invokes this function, it
7306
+ # passes a JSON payload, which the function receives as input. This
7296
7307
  # payload contains a `clientMetadata` attribute, which provides the
7297
7308
  # data that you assigned to the ClientMetadata parameter in your
7298
- # ResendConfirmationCode request. In your function code in AWS Lambda,
7299
- # you can process the `clientMetadata` value to enhance your workflow
7300
- # for your specific needs.
7309
+ # ResendConfirmationCode request. In your function code in Lambda, you
7310
+ # can process the `clientMetadata` value to enhance your workflow for
7311
+ # your specific needs.
7301
7312
  #
7302
7313
  # For more information, see [Customizing User Pool Workflows with
7303
7314
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -7306,10 +7317,10 @@ module Aws::CognitoIdentityProvider
7306
7317
  # ClientMetadata parameter:
7307
7318
  #
7308
7319
  # * Amazon Cognito does not store the ClientMetadata value. This data
7309
- # is available only to AWS Lambda triggers that are assigned to a
7310
- # user pool to support custom workflows. If your user pool
7311
- # configuration does not include triggers, the ClientMetadata
7312
- # parameter serves no purpose.
7320
+ # is available only to Lambda triggers that are assigned to a user
7321
+ # pool to support custom workflows. If your user pool configuration
7322
+ # does not include triggers, the ClientMetadata parameter serves no
7323
+ # purpose.
7313
7324
  #
7314
7325
  # * Amazon Cognito does not validate the ClientMetadata value.
7315
7326
  #
@@ -7516,18 +7527,18 @@ module Aws::CognitoIdentityProvider
7516
7527
  # A map of custom key-value pairs that you can provide as input for
7517
7528
  # any custom workflows that this action triggers.
7518
7529
  #
7519
- # You create custom workflows by assigning AWS Lambda functions to
7520
- # user pool triggers. When you use the RespondToAuthChallenge API
7521
- # action, Amazon Cognito invokes any functions that are assigned to
7522
- # the following triggers: *post authentication*, *pre token
7523
- # generation*, *define auth challenge*, *create auth challenge*, and
7524
- # *verify auth challenge*. When Amazon Cognito invokes any of these
7525
- # functions, it passes a JSON payload, which the function receives as
7526
- # input. This payload contains a `clientMetadata` attribute, which
7527
- # provides the data that you assigned to the ClientMetadata parameter
7528
- # in your RespondToAuthChallenge request. In your function code in AWS
7529
- # Lambda, you can process the `clientMetadata` value to enhance your
7530
- # workflow for your specific needs.
7530
+ # You create custom workflows by assigning Lambda functions to user
7531
+ # pool triggers. When you use the RespondToAuthChallenge API action,
7532
+ # Amazon Cognito invokes any functions that are assigned to the
7533
+ # following triggers: *post authentication*, *pre token generation*,
7534
+ # *define auth challenge*, *create auth challenge*, and *verify auth
7535
+ # challenge*. When Amazon Cognito invokes any of these functions, it
7536
+ # passes a JSON payload, which the function receives as input. This
7537
+ # payload contains a `clientMetadata` attribute, which provides the
7538
+ # data that you assigned to the ClientMetadata parameter in your
7539
+ # RespondToAuthChallenge request. In your function code in Lambda, you
7540
+ # can process the `clientMetadata` value to enhance your workflow for
7541
+ # your specific needs.
7531
7542
  #
7532
7543
  # For more information, see [Customizing User Pool Workflows with
7533
7544
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -7536,10 +7547,10 @@ module Aws::CognitoIdentityProvider
7536
7547
  # ClientMetadata parameter:
7537
7548
  #
7538
7549
  # * Amazon Cognito does not store the ClientMetadata value. This data
7539
- # is available only to AWS Lambda triggers that are assigned to a
7540
- # user pool to support custom workflows. If your user pool
7541
- # configuration does not include triggers, the ClientMetadata
7542
- # parameter serves no purpose.
7550
+ # is available only to Lambda triggers that are assigned to a user
7551
+ # pool to support custom workflows. If your user pool configuration
7552
+ # does not include triggers, the ClientMetadata parameter serves no
7553
+ # purpose.
7543
7554
  #
7544
7555
  # * Amazon Cognito does not validate the ClientMetadata value.
7545
7556
  #
@@ -7610,6 +7621,42 @@ module Aws::CognitoIdentityProvider
7610
7621
  include Aws::Structure
7611
7622
  end
7612
7623
 
7624
+ # @note When making an API call, you may pass RevokeTokenRequest
7625
+ # data as a hash:
7626
+ #
7627
+ # {
7628
+ # token: "TokenModelType", # required
7629
+ # client_id: "ClientIdType", # required
7630
+ # client_secret: "ClientSecretType",
7631
+ # }
7632
+ #
7633
+ # @!attribute [rw] token
7634
+ # The token that you want to revoke.
7635
+ # @return [String]
7636
+ #
7637
+ # @!attribute [rw] client_id
7638
+ # The client ID for the token that you want to revoke.
7639
+ # @return [String]
7640
+ #
7641
+ # @!attribute [rw] client_secret
7642
+ # The secret for the client ID. This is required only if the client ID
7643
+ # has a secret.
7644
+ # @return [String]
7645
+ #
7646
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeTokenRequest AWS API Documentation
7647
+ #
7648
+ class RevokeTokenRequest < Struct.new(
7649
+ :token,
7650
+ :client_id,
7651
+ :client_secret)
7652
+ SENSITIVE = [:token, :client_id, :client_secret]
7653
+ include Aws::Structure
7654
+ end
7655
+
7656
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeTokenResponse AWS API Documentation
7657
+ #
7658
+ class RevokeTokenResponse < Aws::EmptyStructure; end
7659
+
7613
7660
  # The risk configuration type.
7614
7661
  #
7615
7662
  # @!attribute [rw] user_pool_id
@@ -8219,17 +8266,16 @@ module Aws::CognitoIdentityProvider
8219
8266
  # A map of custom key-value pairs that you can provide as input for
8220
8267
  # any custom workflows that this action triggers.
8221
8268
  #
8222
- # You create custom workflows by assigning AWS Lambda functions to
8223
- # user pool triggers. When you use the SignUp API action, Amazon
8224
- # Cognito invokes any functions that are assigned to the following
8225
- # triggers: *pre sign-up*, *custom message*, and *post confirmation*.
8226
- # When Amazon Cognito invokes any of these functions, it passes a JSON
8269
+ # You create custom workflows by assigning Lambda functions to user
8270
+ # pool triggers. When you use the SignUp API action, Amazon Cognito
8271
+ # invokes any functions that are assigned to the following triggers:
8272
+ # *pre sign-up*, *custom message*, and *post confirmation*. When
8273
+ # Amazon Cognito invokes any of these functions, it passes a JSON
8227
8274
  # payload, which the function receives as input. This payload contains
8228
8275
  # a `clientMetadata` attribute, which provides the data that you
8229
8276
  # assigned to the ClientMetadata parameter in your SignUp request. In
8230
- # your function code in AWS Lambda, you can process the
8231
- # `clientMetadata` value to enhance your workflow for your specific
8232
- # needs.
8277
+ # your function code in Lambda, you can process the `clientMetadata`
8278
+ # value to enhance your workflow for your specific needs.
8233
8279
  #
8234
8280
  # For more information, see [Customizing User Pool Workflows with
8235
8281
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -8238,10 +8284,10 @@ module Aws::CognitoIdentityProvider
8238
8284
  # ClientMetadata parameter:
8239
8285
  #
8240
8286
  # * Amazon Cognito does not store the ClientMetadata value. This data
8241
- # is available only to AWS Lambda triggers that are assigned to a
8242
- # user pool to support custom workflows. If your user pool
8243
- # configuration does not include triggers, the ClientMetadata
8244
- # parameter serves no purpose.
8287
+ # is available only to Lambda triggers that are assigned to a user
8288
+ # pool to support custom workflows. If your user pool configuration
8289
+ # does not include triggers, the ClientMetadata parameter serves no
8290
+ # purpose.
8245
8291
  #
8246
8292
  # * Amazon Cognito does not validate the ClientMetadata value.
8247
8293
  #
@@ -8300,9 +8346,9 @@ module Aws::CognitoIdentityProvider
8300
8346
 
8301
8347
  # The SMS configuration type that includes the settings the Cognito User
8302
8348
  # Pool needs to call for the Amazon SNS service to send an SMS message
8303
- # from your AWS account. The Cognito User Pool makes the request to the
8304
- # Amazon SNS Service by using an AWS IAM role that you provide for your
8305
- # AWS account.
8349
+ # from your account. The Cognito User Pool makes the request to the
8350
+ # Amazon SNS Service by using an IAM role that you provide for your
8351
+ # account.
8306
8352
  #
8307
8353
  # @note When making an API call, you may pass SmsConfigurationType
8308
8354
  # data as a hash:
@@ -8314,7 +8360,7 @@ module Aws::CognitoIdentityProvider
8314
8360
  #
8315
8361
  # @!attribute [rw] sns_caller_arn
8316
8362
  # The Amazon Resource Name (ARN) of the Amazon Simple Notification
8317
- # Service (SNS) caller. This is the ARN of the IAM role in your AWS
8363
+ # Service (SNS) caller. This is the ARN of the IAM role in your
8318
8364
  # account which Cognito will use to send SMS messages. SMS messages
8319
8365
  # are subject to a [spending limit][1].
8320
8366
  #
@@ -8335,8 +8381,8 @@ module Aws::CognitoIdentityProvider
8335
8381
  # `ExternalId`.
8336
8382
  #
8337
8383
  # For more information about the `ExternalId` of a role, see [How to
8338
- # use an external ID when granting access to your AWS resources to a
8339
- # third party][1]
8384
+ # use an external ID when granting access to your Amazon Web Services
8385
+ # resources to a third party][1]
8340
8386
  #
8341
8387
  #
8342
8388
  #
@@ -8716,12 +8762,26 @@ module Aws::CognitoIdentityProvider
8716
8762
  include Aws::Structure
8717
8763
  end
8718
8764
 
8765
+ # This exception is thrown when the request is not authorized. This can
8766
+ # happen due to an invalid access token in the request.
8767
+ #
8768
+ # @!attribute [rw] message
8769
+ # @return [String]
8770
+ #
8771
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnauthorizedException AWS API Documentation
8772
+ #
8773
+ class UnauthorizedException < Struct.new(
8774
+ :message)
8775
+ SENSITIVE = []
8776
+ include Aws::Structure
8777
+ end
8778
+
8719
8779
  # This exception is thrown when the Amazon Cognito service encounters an
8720
- # unexpected exception with the AWS Lambda service.
8780
+ # unexpected exception with the Lambda service.
8721
8781
  #
8722
8782
  # @!attribute [rw] message
8723
8783
  # The message returned when the Amazon Cognito service returns an
8724
- # unexpected AWS Lambda exception.
8784
+ # unexpected Lambda exception.
8725
8785
  # @return [String]
8726
8786
  #
8727
8787
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnexpectedLambdaException AWS API Documentation
@@ -8746,6 +8806,34 @@ module Aws::CognitoIdentityProvider
8746
8806
  include Aws::Structure
8747
8807
  end
8748
8808
 
8809
+ # This exception is thrown when you attempt to perform an operation that
8810
+ # is not enabled for the user pool client.
8811
+ #
8812
+ # @!attribute [rw] message
8813
+ # @return [String]
8814
+ #
8815
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnsupportedOperationException AWS API Documentation
8816
+ #
8817
+ class UnsupportedOperationException < Struct.new(
8818
+ :message)
8819
+ SENSITIVE = []
8820
+ include Aws::Structure
8821
+ end
8822
+
8823
+ # This exception is thrown when an unsupported token is passed to an
8824
+ # operation.
8825
+ #
8826
+ # @!attribute [rw] message
8827
+ # @return [String]
8828
+ #
8829
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnsupportedTokenTypeException AWS API Documentation
8830
+ #
8831
+ class UnsupportedTokenTypeException < Struct.new(
8832
+ :message)
8833
+ SENSITIVE = []
8834
+ include Aws::Structure
8835
+ end
8836
+
8749
8837
  # The request failed because the user is in an unsupported state.
8750
8838
  #
8751
8839
  # @!attribute [rw] message
@@ -9084,16 +9172,16 @@ module Aws::CognitoIdentityProvider
9084
9172
  # A map of custom key-value pairs that you can provide as input for
9085
9173
  # any custom workflows that this action triggers.
9086
9174
  #
9087
- # You create custom workflows by assigning AWS Lambda functions to
9088
- # user pool triggers. When you use the UpdateUserAttributes API
9089
- # action, Amazon Cognito invokes the function that is assigned to the
9090
- # *custom message* trigger. When Amazon Cognito invokes this function,
9091
- # it passes a JSON payload, which the function receives as input. This
9175
+ # You create custom workflows by assigning Lambda functions to user
9176
+ # pool triggers. When you use the UpdateUserAttributes API action,
9177
+ # Amazon Cognito invokes the function that is assigned to the *custom
9178
+ # message* trigger. When Amazon Cognito invokes this function, it
9179
+ # passes a JSON payload, which the function receives as input. This
9092
9180
  # payload contains a `clientMetadata` attribute, which provides the
9093
9181
  # data that you assigned to the ClientMetadata parameter in your
9094
- # UpdateUserAttributes request. In your function code in AWS Lambda,
9095
- # you can process the `clientMetadata` value to enhance your workflow
9096
- # for your specific needs.
9182
+ # UpdateUserAttributes request. In your function code in Lambda, you
9183
+ # can process the `clientMetadata` value to enhance your workflow for
9184
+ # your specific needs.
9097
9185
  #
9098
9186
  # For more information, see [Customizing User Pool Workflows with
9099
9187
  # Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -9102,10 +9190,10 @@ module Aws::CognitoIdentityProvider
9102
9190
  # ClientMetadata parameter:
9103
9191
  #
9104
9192
  # * Amazon Cognito does not store the ClientMetadata value. This data
9105
- # is available only to AWS Lambda triggers that are assigned to a
9106
- # user pool to support custom workflows. If your user pool
9107
- # configuration does not include triggers, the ClientMetadata
9108
- # parameter serves no purpose.
9193
+ # is available only to Lambda triggers that are assigned to a user
9194
+ # pool to support custom workflows. If your user pool configuration
9195
+ # does not include triggers, the ClientMetadata parameter serves no
9196
+ # purpose.
9109
9197
  #
9110
9198
  # * Amazon Cognito does not validate the ClientMetadata value.
9111
9199
  #
@@ -9180,6 +9268,7 @@ module Aws::CognitoIdentityProvider
9180
9268
  # user_data_shared: false,
9181
9269
  # },
9182
9270
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
9271
+ # enable_token_revocation: false,
9183
9272
  # }
9184
9273
  #
9185
9274
  # @!attribute [rw] user_pool_id
@@ -9325,8 +9414,8 @@ module Aws::CognitoIdentityProvider
9325
9414
  # @!attribute [rw] allowed_o_auth_scopes
9326
9415
  # The allowed OAuth scopes. Possible values provided by OAuth are:
9327
9416
  # `phone`, `email`, `openid`, and `profile`. Possible values provided
9328
- # by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
9329
- # in Resource Servers are also supported.
9417
+ # by Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
9418
+ # scopes created in Resource Servers are also supported.
9330
9419
  # @return [Array<String>]
9331
9420
  #
9332
9421
  # @!attribute [rw] allowed_o_auth_flows_user_pool_client
@@ -9371,6 +9460,15 @@ module Aws::CognitoIdentityProvider
9371
9460
  # </note>
9372
9461
  # @return [String]
9373
9462
  #
9463
+ # @!attribute [rw] enable_token_revocation
9464
+ # Enables or disables token revocation. For more information about
9465
+ # revoking tokens, see [RevokeToken][1].
9466
+ #
9467
+ #
9468
+ #
9469
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
9470
+ # @return [Boolean]
9471
+ #
9374
9472
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClientRequest AWS API Documentation
9375
9473
  #
9376
9474
  class UpdateUserPoolClientRequest < Struct.new(
@@ -9392,7 +9490,8 @@ module Aws::CognitoIdentityProvider
9392
9490
  :allowed_o_auth_scopes,
9393
9491
  :allowed_o_auth_flows_user_pool_client,
9394
9492
  :analytics_configuration,
9395
- :prevent_user_existence_errors)
9493
+ :prevent_user_existence_errors,
9494
+ :enable_token_revocation)
9396
9495
  SENSITIVE = [:client_id]
9397
9496
  include Aws::Structure
9398
9497
  end
@@ -9572,8 +9671,8 @@ module Aws::CognitoIdentityProvider
9572
9671
  # @return [Types::UserPoolPolicyType]
9573
9672
  #
9574
9673
  # @!attribute [rw] lambda_config
9575
- # The AWS Lambda configuration information from the request to update
9576
- # the user pool.
9674
+ # The Lambda configuration information from the request to update the
9675
+ # user pool.
9577
9676
  # @return [Types::LambdaConfigType]
9578
9677
  #
9579
9678
  # @!attribute [rw] auto_verified_attributes
@@ -9828,11 +9927,11 @@ module Aws::CognitoIdentityProvider
9828
9927
  end
9829
9928
 
9830
9929
  # This exception is thrown when the Amazon Cognito service encounters a
9831
- # user validation exception with the AWS Lambda service.
9930
+ # user validation exception with the Lambda service.
9832
9931
  #
9833
9932
  # @!attribute [rw] message
9834
9933
  # The message returned when the Amazon Cognito service returns a user
9835
- # validation exception with the AWS Lambda service.
9934
+ # validation exception with the Lambda service.
9836
9935
  # @return [String]
9837
9936
  #
9838
9937
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserLambdaValidationException AWS API Documentation
@@ -10087,8 +10186,8 @@ module Aws::CognitoIdentityProvider
10087
10186
  # @!attribute [rw] allowed_o_auth_scopes
10088
10187
  # The allowed OAuth scopes. Possible values provided by OAuth are:
10089
10188
  # `phone`, `email`, `openid`, and `profile`. Possible values provided
10090
- # by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
10091
- # in Resource Servers are also supported.
10189
+ # by Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
10190
+ # scopes created in Resource Servers are also supported.
10092
10191
  # @return [Array<String>]
10093
10192
  #
10094
10193
  # @!attribute [rw] allowed_o_auth_flows_user_pool_client
@@ -10132,6 +10231,17 @@ module Aws::CognitoIdentityProvider
10132
10231
  # </note>
10133
10232
  # @return [String]
10134
10233
  #
10234
+ # @!attribute [rw] enable_token_revocation
10235
+ # Indicates whether token revocation is enabled for the user pool
10236
+ # client. When you create a new user pool client, token revocation is
10237
+ # enabled by default. For more information about revoking tokens, see
10238
+ # [RevokeToken][1].
10239
+ #
10240
+ #
10241
+ #
10242
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
10243
+ # @return [Boolean]
10244
+ #
10135
10245
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolClientType AWS API Documentation
10136
10246
  #
10137
10247
  class UserPoolClientType < Struct.new(
@@ -10156,7 +10266,8 @@ module Aws::CognitoIdentityProvider
10156
10266
  :allowed_o_auth_scopes,
10157
10267
  :allowed_o_auth_flows_user_pool_client,
10158
10268
  :analytics_configuration,
10159
- :prevent_user_existence_errors)
10269
+ :prevent_user_existence_errors,
10270
+ :enable_token_revocation)
10160
10271
  SENSITIVE = [:client_id, :client_secret]
10161
10272
  include Aws::Structure
10162
10273
  end
@@ -10172,7 +10283,7 @@ module Aws::CognitoIdentityProvider
10172
10283
  # @return [String]
10173
10284
  #
10174
10285
  # @!attribute [rw] lambda_config
10175
- # The AWS Lambda configuration information in a user pool description.
10286
+ # The Lambda configuration information in a user pool description.
10176
10287
  # @return [Types::LambdaConfigType]
10177
10288
  #
10178
10289
  # @!attribute [rw] status
@@ -10257,7 +10368,7 @@ module Aws::CognitoIdentityProvider
10257
10368
  # @return [Types::UserPoolPolicyType]
10258
10369
  #
10259
10370
  # @!attribute [rw] lambda_config
10260
- # The AWS Lambda triggers associated with the user pool.
10371
+ # The Lambda triggers associated with the user pool.
10261
10372
  # @return [Types::LambdaConfigType]
10262
10373
  #
10263
10374
  # @!attribute [rw] status
@@ -10348,6 +10459,24 @@ module Aws::CognitoIdentityProvider
10348
10459
  # @!attribute [rw] sms_configuration_failure
10349
10460
  # The reason why the SMS configuration cannot send the messages to
10350
10461
  # your users.
10462
+ #
10463
+ # This message might include comma-separated values to describe why
10464
+ # your SMS configuration can't send messages to user pool end users.
10465
+ #
10466
+ # * InvalidSmsRoleAccessPolicyException - The IAM role which Cognito
10467
+ # uses to send SMS messages is not properly configured. For more
10468
+ # information, see [SmsConfigurationType][1].
10469
+ #
10470
+ # * SNSSandbox - The account is in SNS Sandbox and messages won’t
10471
+ # reach unverified end users. This parameter won’t get populated
10472
+ # with SNSSandbox if the IAM user creating the user pool doesn’t
10473
+ # have SNS permissions. To learn how to move your account out of the
10474
+ # sandbox, see [Moving out of the SMS sandbox][2].
10475
+ #
10476
+ #
10477
+ #
10478
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SmsConfigurationType.html
10479
+ # [2]: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox-moving-to-production.html
10351
10480
  # @return [String]
10352
10481
  #
10353
10482
  # @!attribute [rw] email_configuration_failure