aws-sdk-cognitoidentityprovider 1.58.0 → 1.62.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +713 -683
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +868 -838
- data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
- metadata +4 -4
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
30
31
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
31
32
|
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
32
33
|
|
@@ -73,6 +74,7 @@ module Aws::CognitoIdentityProvider
|
|
73
74
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
74
75
|
add_plugin(Aws::Plugins::TransferEncoding)
|
75
76
|
add_plugin(Aws::Plugins::HttpChecksum)
|
77
|
+
add_plugin(Aws::Plugins::DefaultsMode)
|
76
78
|
add_plugin(Aws::Plugins::SignatureV4)
|
77
79
|
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
78
80
|
|
@@ -119,7 +121,9 @@ module Aws::CognitoIdentityProvider
|
|
119
121
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
120
122
|
# are very aggressive. Construct and pass an instance of
|
121
123
|
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
122
|
-
# enable retries and extended timeouts.
|
124
|
+
# enable retries and extended timeouts. Instance profile credential
|
125
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
126
|
+
# to true.
|
123
127
|
#
|
124
128
|
# @option options [required, String] :region
|
125
129
|
# The AWS region to connect to. The configured `:region` is
|
@@ -173,6 +177,10 @@ module Aws::CognitoIdentityProvider
|
|
173
177
|
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
174
178
|
# a clock skew correction and retry requests with skewed client clocks.
|
175
179
|
#
|
180
|
+
# @option options [String] :defaults_mode ("legacy")
|
181
|
+
# See {Aws::DefaultsModeConfiguration} for a list of the
|
182
|
+
# accepted modes and the configuration defaults that are included.
|
183
|
+
#
|
176
184
|
# @option options [Boolean] :disable_host_prefix_injection (false)
|
177
185
|
# Set to true to disable SDK automatically adding host prefix
|
178
186
|
# to default service endpoint when available.
|
@@ -285,6 +293,15 @@ module Aws::CognitoIdentityProvider
|
|
285
293
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
286
294
|
# requests are made, and retries are disabled.
|
287
295
|
#
|
296
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
297
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
298
|
+
# will be used if available.
|
299
|
+
#
|
300
|
+
# @option options [Boolean] :use_fips_endpoint
|
301
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
302
|
+
# When a `fips` region is used, the region is normalized and this config
|
303
|
+
# is set to `true`.
|
304
|
+
#
|
288
305
|
# @option options [Boolean] :validate_params (true)
|
289
306
|
# When `true`, request parameters are validated before
|
290
307
|
# sending the request.
|
@@ -296,7 +313,7 @@ module Aws::CognitoIdentityProvider
|
|
296
313
|
# seconds to wait when opening a HTTP session before raising a
|
297
314
|
# `Timeout::Error`.
|
298
315
|
#
|
299
|
-
# @option options [
|
316
|
+
# @option options [Float] :http_read_timeout (60) The default
|
300
317
|
# number of seconds to wait for response data. This value can
|
301
318
|
# safely be set per-request on the session.
|
302
319
|
#
|
@@ -312,6 +329,9 @@ module Aws::CognitoIdentityProvider
|
|
312
329
|
# disables this behaviour. This value can safely be set per
|
313
330
|
# request on the session.
|
314
331
|
#
|
332
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
333
|
+
# in seconds.
|
334
|
+
#
|
315
335
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
316
336
|
# HTTP debug output will be sent to the `:logger`.
|
317
337
|
#
|
@@ -440,19 +460,18 @@ module Aws::CognitoIdentityProvider
|
|
440
460
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
441
461
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
442
462
|
#
|
443
|
-
# <note markdown="1">
|
444
|
-
#
|
463
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
464
|
+
# Cognito won't do the following:
|
445
465
|
#
|
446
|
-
# *
|
447
|
-
#
|
448
|
-
#
|
449
|
-
#
|
450
|
-
# purpose.
|
466
|
+
# * Store the ClientMetadata value. This data is available only to
|
467
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
468
|
+
# workflows. If your user pool configuration doesn't include
|
469
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
451
470
|
#
|
452
|
-
# *
|
471
|
+
# * Validate the ClientMetadata value.
|
453
472
|
#
|
454
|
-
# *
|
455
|
-
#
|
473
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
474
|
+
# provide sensitive information.
|
456
475
|
#
|
457
476
|
# </note>
|
458
477
|
#
|
@@ -483,27 +502,27 @@ module Aws::CognitoIdentityProvider
|
|
483
502
|
|
484
503
|
# Creates a new user in the specified user pool.
|
485
504
|
#
|
486
|
-
# If `MessageAction`
|
505
|
+
# If `MessageAction` isn't set, the default is to send a welcome
|
487
506
|
# message via email or phone (SMS).
|
488
507
|
#
|
489
508
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
490
|
-
#
|
509
|
+
# US telecom carriers require you to register an origination phone
|
491
510
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
492
511
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
493
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
494
|
-
# number automatically. Otherwise, Cognito users that
|
495
|
-
# messages might be unable to sign up, activate their
|
496
|
-
# in.
|
512
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
513
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
514
|
+
# must receive SMS messages might be unable to sign up, activate their
|
515
|
+
# accounts, or sign in.
|
497
516
|
#
|
498
517
|
# If you have never used SMS text messages with Amazon Cognito or any
|
499
|
-
# other Amazon Web Service, Amazon
|
500
|
-
# sandbox. In <i> <a
|
518
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
519
|
+
# place your account in SMS sandbox. In <i> <a
|
501
520
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
502
|
-
# mode</a> </i>, you
|
503
|
-
# only verified phone numbers. After testing in the sandbox
|
504
|
-
# you can move out of the SMS sandbox and into production.
|
505
|
-
# information, see [ SMS message settings for Cognito
|
506
|
-
# the *Amazon Cognito Developer Guide*.
|
521
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
522
|
+
# only to verified phone numbers. After testing in the sandbox
|
523
|
+
# environment, you can move out of the SMS sandbox and into production.
|
524
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
525
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
507
526
|
#
|
508
527
|
# </note>
|
509
528
|
#
|
@@ -512,8 +531,8 @@ module Aws::CognitoIdentityProvider
|
|
512
531
|
# sign-up instructions and placeholders for user name and temporary
|
513
532
|
# password.
|
514
533
|
#
|
515
|
-
# Alternatively, you can call `AdminCreateUser` with
|
516
|
-
# `MessageAction` parameter, and Amazon Cognito
|
534
|
+
# Alternatively, you can call `AdminCreateUser` with `SUPPRESS` for the
|
535
|
+
# `MessageAction` parameter, and Amazon Cognito won't send any email.
|
517
536
|
#
|
518
537
|
# In either case, the user will be in the `FORCE_CHANGE_PASSWORD` state
|
519
538
|
# until they sign in and change their password.
|
@@ -531,29 +550,29 @@ module Aws::CognitoIdentityProvider
|
|
531
550
|
# @option params [required, String] :username
|
532
551
|
# The username for the user. Must be unique within the user pool. Must
|
533
552
|
# be a UTF-8 string between 1 and 128 characters. After the user is
|
534
|
-
# created, the username
|
553
|
+
# created, the username can't be changed.
|
535
554
|
#
|
536
555
|
# @option params [Array<Types::AttributeType>] :user_attributes
|
537
556
|
# An array of name-value pairs that contain user attributes and
|
538
557
|
# attribute values to be set for the user to be created. You can create
|
539
558
|
# a user without specifying any attributes other than `Username`.
|
540
559
|
# However, any attributes that you specify as required (when creating a
|
541
|
-
# user pool or in the **Attributes** tab of the console)
|
542
|
-
#
|
543
|
-
#
|
560
|
+
# user pool or in the **Attributes** tab of the console) either you
|
561
|
+
# should supply (in your call to `AdminCreateUser`) or the user should
|
562
|
+
# supply (when they sign up in response to your welcome message).
|
544
563
|
#
|
545
564
|
# For custom attributes, you must prepend the `custom:` prefix to the
|
546
565
|
# attribute name.
|
547
566
|
#
|
548
567
|
# To send a message inviting the user to sign up, you must specify the
|
549
|
-
# user's email address or phone number.
|
550
|
-
#
|
551
|
-
#
|
568
|
+
# user's email address or phone number. You can do this in your call to
|
569
|
+
# AdminCreateUser or in the **Users** tab of the Amazon Cognito console
|
570
|
+
# for managing your user pools.
|
552
571
|
#
|
553
572
|
# In your call to `AdminCreateUser`, you can set the `email_verified`
|
554
573
|
# attribute to `True`, and you can set the `phone_number_verified`
|
555
|
-
# attribute to `True`.
|
556
|
-
# [AdminUpdateUserAttributes][1].
|
574
|
+
# attribute to `True`. You can also do this by calling
|
575
|
+
# [AdminUpdateUserAttributes][1].
|
557
576
|
#
|
558
577
|
# * **email**\: The email address of the user to whom the message that
|
559
578
|
# contains the code and username will be sent. Required if the
|
@@ -581,7 +600,7 @@ module Aws::CognitoIdentityProvider
|
|
581
600
|
# Guide. The Lambda trigger receives the validation data and uses it in
|
582
601
|
# the validation process.
|
583
602
|
#
|
584
|
-
# The user's validation data
|
603
|
+
# The user's validation data isn't persisted.
|
585
604
|
#
|
586
605
|
# @option params [String] :temporary_password
|
587
606
|
# The user's temporary password. This password must conform to the
|
@@ -589,10 +608,10 @@ module Aws::CognitoIdentityProvider
|
|
589
608
|
#
|
590
609
|
# The temporary password is valid only once. To complete the Admin
|
591
610
|
# Create User flow, the user must enter the temporary password in the
|
592
|
-
# sign-in page along with a new password to be used in all future
|
611
|
+
# sign-in page, along with a new password to be used in all future
|
593
612
|
# sign-ins.
|
594
613
|
#
|
595
|
-
# This parameter
|
614
|
+
# This parameter isn't required. If you don't specify a value, Amazon
|
596
615
|
# Cognito generates one for you.
|
597
616
|
#
|
598
617
|
# The temporary password can only be used until the user account
|
@@ -602,7 +621,7 @@ module Aws::CognitoIdentityProvider
|
|
602
621
|
# parameter.
|
603
622
|
#
|
604
623
|
# @option params [Boolean] :force_alias_creation
|
605
|
-
# This parameter is only
|
624
|
+
# This parameter is used only if the `phone_number_verified` or
|
606
625
|
# `email_verified` attribute is set to `True`. Otherwise, it is ignored.
|
607
626
|
#
|
608
627
|
# If this parameter is set to `True` and the phone number or email
|
@@ -616,15 +635,15 @@ module Aws::CognitoIdentityProvider
|
|
616
635
|
# value is `False`.
|
617
636
|
#
|
618
637
|
# @option params [String] :message_action
|
619
|
-
# Set to `
|
638
|
+
# Set to `RESEND` to resend the invitation message to a user that
|
620
639
|
# already exists and reset the expiration limit on the user's account.
|
621
|
-
# Set to `
|
622
|
-
#
|
640
|
+
# Set to `SUPPRESS` to suppress sending the message. You can specify
|
641
|
+
# only one value.
|
623
642
|
#
|
624
643
|
# @option params [Array<String>] :desired_delivery_mediums
|
625
644
|
# Specify `"EMAIL"` if email will be used to send the welcome message.
|
626
645
|
# Specify `"SMS"` if the phone number will be used. The default value is
|
627
|
-
# `"SMS"`.
|
646
|
+
# `"SMS"`. You can specify more than one value.
|
628
647
|
#
|
629
648
|
# @option params [Hash<String,String>] :client_metadata
|
630
649
|
# A map of custom key-value pairs that you can provide as input for any
|
@@ -643,19 +662,18 @@ module Aws::CognitoIdentityProvider
|
|
643
662
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
644
663
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
645
664
|
#
|
646
|
-
# <note markdown="1">
|
647
|
-
#
|
665
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
666
|
+
# Cognito won't do the following:
|
648
667
|
#
|
649
|
-
# *
|
650
|
-
#
|
651
|
-
#
|
652
|
-
#
|
653
|
-
# purpose.
|
668
|
+
# * Store the ClientMetadata value. This data is available only to
|
669
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
670
|
+
# workflows. If your user pool configuration doesn't include
|
671
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
654
672
|
#
|
655
|
-
# *
|
673
|
+
# * Validate the ClientMetadata value.
|
656
674
|
#
|
657
|
-
# *
|
658
|
-
#
|
675
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
676
|
+
# provide sensitive information.
|
659
677
|
#
|
660
678
|
# </note>
|
661
679
|
#
|
@@ -724,7 +742,7 @@ module Aws::CognitoIdentityProvider
|
|
724
742
|
# The user pool ID for the user pool where you want to delete the user.
|
725
743
|
#
|
726
744
|
# @option params [required, String] :username
|
727
|
-
# The user name of the user you
|
745
|
+
# The user name of the user you want to delete.
|
728
746
|
#
|
729
747
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
730
748
|
#
|
@@ -758,7 +776,7 @@ module Aws::CognitoIdentityProvider
|
|
758
776
|
# attributes.
|
759
777
|
#
|
760
778
|
# @option params [required, Array<String>] :user_attribute_names
|
761
|
-
# An array of strings representing the user attribute names you
|
779
|
+
# An array of strings representing the user attribute names you want to
|
762
780
|
# delete.
|
763
781
|
#
|
764
782
|
# For custom attributes, you must prepend the `custom:` prefix to the
|
@@ -784,13 +802,14 @@ module Aws::CognitoIdentityProvider
|
|
784
802
|
end
|
785
803
|
|
786
804
|
# Disables the user from signing in with the specified external (SAML or
|
787
|
-
# social) identity provider. If the user to disable is a Cognito
|
788
|
-
# Pools native username + password user, they
|
789
|
-
# their password to sign
|
790
|
-
# IdP user, any link between that user and
|
791
|
-
# The next time the external user (no
|
792
|
-
# linked `DestinationUser`) signs in,
|
793
|
-
# account. See
|
805
|
+
# social) identity provider. If the user to disable is a Amazon Cognito
|
806
|
+
# User Pools native username + password user, they aren't permitted to
|
807
|
+
# use their password to sign in. If the user to deactivate is a linked
|
808
|
+
# external identity provider (IdP) user, any link between that user and
|
809
|
+
# an existing user is removed. The next time the external user (no
|
810
|
+
# longer attached to the previously linked `DestinationUser`) signs in,
|
811
|
+
# they must create a new user account. See
|
812
|
+
# [AdminLinkProviderForUser][1].
|
794
813
|
#
|
795
814
|
# This action is enabled only for admin access and requires developer
|
796
815
|
# credentials.
|
@@ -798,10 +817,10 @@ module Aws::CognitoIdentityProvider
|
|
798
817
|
# The `ProviderName` must match the value specified when creating an IdP
|
799
818
|
# for the pool.
|
800
819
|
#
|
801
|
-
# To
|
802
|
-
# must be `Cognito` and the `ProviderAttributeName` must be
|
803
|
-
# `Cognito_Subject
|
804
|
-
#
|
820
|
+
# To deactivate a native username + password user, the `ProviderName`
|
821
|
+
# value must be `Cognito` and the `ProviderAttributeName` must be
|
822
|
+
# `Cognito_Subject`. The `ProviderAttributeValue` must be the name that
|
823
|
+
# is used in the user pool for the user.
|
805
824
|
#
|
806
825
|
# The `ProviderAttributeName` must always be `Cognito_Subject` for
|
807
826
|
# social identity providers. The `ProviderAttributeValue` must always be
|
@@ -809,7 +828,7 @@ module Aws::CognitoIdentityProvider
|
|
809
828
|
# a source user.
|
810
829
|
#
|
811
830
|
# For de-linking a SAML identity, there are two scenarios. If the linked
|
812
|
-
# identity has not yet been used to sign
|
831
|
+
# identity has not yet been used to sign in, the `ProviderAttributeName`
|
813
832
|
# and `ProviderAttributeValue` must be the same values that were used
|
814
833
|
# for the `SourceUser` when the identities were originally linked using
|
815
834
|
# ` AdminLinkProviderForUser` call. (If the linking was done with
|
@@ -858,7 +877,7 @@ module Aws::CognitoIdentityProvider
|
|
858
877
|
# The user pool ID for the user pool where you want to disable the user.
|
859
878
|
#
|
860
879
|
# @option params [required, String] :username
|
861
|
-
# The user name of the user you
|
880
|
+
# The user name of the user you want to disable.
|
862
881
|
#
|
863
882
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
864
883
|
#
|
@@ -886,7 +905,7 @@ module Aws::CognitoIdentityProvider
|
|
886
905
|
# The user pool ID for the user pool where you want to enable the user.
|
887
906
|
#
|
888
907
|
# @option params [required, String] :username
|
889
|
-
# The user name of the user you
|
908
|
+
# The user name of the user you want to enable.
|
890
909
|
#
|
891
910
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
892
911
|
#
|
@@ -992,7 +1011,7 @@ module Aws::CognitoIdentityProvider
|
|
992
1011
|
# about the user.
|
993
1012
|
#
|
994
1013
|
# @option params [required, String] :username
|
995
|
-
# The user name of the user you
|
1014
|
+
# The user name of the user you want to retrieve.
|
996
1015
|
#
|
997
1016
|
# @return [Types::AdminGetUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
998
1017
|
#
|
@@ -1042,23 +1061,23 @@ module Aws::CognitoIdentityProvider
|
|
1042
1061
|
# Initiates the authentication flow, as an administrator.
|
1043
1062
|
#
|
1044
1063
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
1045
|
-
#
|
1064
|
+
# US telecom carriers require you to register an origination phone
|
1046
1065
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
1047
1066
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
1048
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
1049
|
-
# number automatically. Otherwise, Cognito users that
|
1050
|
-
# messages might be unable to sign up, activate their
|
1051
|
-
# in.
|
1067
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
1068
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
1069
|
+
# must receive SMS messages might be unable to sign up, activate their
|
1070
|
+
# accounts, or sign in.
|
1052
1071
|
#
|
1053
1072
|
# If you have never used SMS text messages with Amazon Cognito or any
|
1054
|
-
# other Amazon Web Service, Amazon
|
1055
|
-
# sandbox. In <i> <a
|
1073
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
1074
|
+
# place your account in SMS sandbox. In <i> <a
|
1056
1075
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
1057
|
-
# mode</a> </i>, you
|
1058
|
-
# only verified phone numbers. After testing in the sandbox
|
1059
|
-
# you can move out of the SMS sandbox and into production.
|
1060
|
-
# information, see [ SMS message settings for Cognito
|
1061
|
-
# the *Amazon Cognito Developer Guide*.
|
1076
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
1077
|
+
# only to verified phone numbers. After testing in the sandbox
|
1078
|
+
# environment, you can move out of the SMS sandbox and into production.
|
1079
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
1080
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
1062
1081
|
#
|
1063
1082
|
# </note>
|
1064
1083
|
#
|
@@ -1076,17 +1095,18 @@ module Aws::CognitoIdentityProvider
|
|
1076
1095
|
# The app client ID.
|
1077
1096
|
#
|
1078
1097
|
# @option params [required, String] :auth_flow
|
1079
|
-
# The authentication flow for this call to
|
1098
|
+
# The authentication flow for this call to run. The API action will
|
1080
1099
|
# depend on this value. For example:
|
1081
1100
|
#
|
1082
1101
|
# * `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
|
1083
1102
|
# new tokens.
|
1084
1103
|
#
|
1085
1104
|
# * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
|
1086
|
-
# SRP variables to be used for next
|
1105
|
+
# Secure Remote Password (SRP) protocol variables to be used for next
|
1106
|
+
# challenge execution.
|
1087
1107
|
#
|
1088
|
-
# * `
|
1089
|
-
# return the next challenge or tokens.
|
1108
|
+
# * `ADMIN_USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD`
|
1109
|
+
# and return the next challenge or tokens.
|
1090
1110
|
#
|
1091
1111
|
# Valid values include:
|
1092
1112
|
#
|
@@ -1103,19 +1123,14 @@ module Aws::CognitoIdentityProvider
|
|
1103
1123
|
# the USERNAME and PASSWORD directly if the flow is enabled for
|
1104
1124
|
# calling the app client.
|
1105
1125
|
#
|
1106
|
-
# * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
|
1107
|
-
# PASSWORD are passed directly. If a user migration Lambda trigger is
|
1108
|
-
# set, this flow will invoke the user migration Lambda if the USERNAME
|
1109
|
-
# is not found in the user pool.
|
1110
|
-
#
|
1111
1126
|
# * `ADMIN_USER_PASSWORD_AUTH`\: Admin-based user password
|
1112
1127
|
# authentication. This replaces the `ADMIN_NO_SRP_AUTH` authentication
|
1113
|
-
# flow. In this flow, Cognito receives the password in the
|
1114
|
-
# instead of using the SRP process to verify passwords.
|
1128
|
+
# flow. In this flow, Amazon Cognito receives the password in the
|
1129
|
+
# request instead of using the SRP process to verify passwords.
|
1115
1130
|
#
|
1116
1131
|
# @option params [Hash<String,String>] :auth_parameters
|
1117
1132
|
# The authentication parameters. These are inputs corresponding to the
|
1118
|
-
# `AuthFlow` that you
|
1133
|
+
# `AuthFlow` that you're invoking. The required values depend on the
|
1119
1134
|
# value of `AuthFlow`\:
|
1120
1135
|
#
|
1121
1136
|
# * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
|
@@ -1160,7 +1175,7 @@ module Aws::CognitoIdentityProvider
|
|
1160
1175
|
# specific needs.
|
1161
1176
|
#
|
1162
1177
|
# When you use the AdminInitiateAuth API action, Amazon Cognito also
|
1163
|
-
# invokes the functions for the following triggers, but it
|
1178
|
+
# invokes the functions for the following triggers, but it doesn't
|
1164
1179
|
# provide the ClientMetadata value as input:
|
1165
1180
|
#
|
1166
1181
|
# * Post authentication
|
@@ -1178,19 +1193,18 @@ module Aws::CognitoIdentityProvider
|
|
1178
1193
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
1179
1194
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
1180
1195
|
#
|
1181
|
-
# <note markdown="1">
|
1182
|
-
#
|
1196
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
1197
|
+
# Cognito won't do the following:
|
1183
1198
|
#
|
1184
|
-
# *
|
1185
|
-
#
|
1186
|
-
#
|
1187
|
-
#
|
1188
|
-
# purpose.
|
1199
|
+
# * Store the ClientMetadata value. This data is available only to
|
1200
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
1201
|
+
# workflows. If your user pool configuration doesn't include
|
1202
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
1189
1203
|
#
|
1190
|
-
# *
|
1204
|
+
# * Validate the ClientMetadata value.
|
1191
1205
|
#
|
1192
|
-
# *
|
1193
|
-
#
|
1206
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
1207
|
+
# provide sensitive information.
|
1194
1208
|
#
|
1195
1209
|
# </note>
|
1196
1210
|
#
|
@@ -1271,13 +1285,13 @@ module Aws::CognitoIdentityProvider
|
|
1271
1285
|
# a specified attribute name and value from the external identity
|
1272
1286
|
# provider. This allows you to create a link from the existing user
|
1273
1287
|
# account to an external federated user identity that has not yet been
|
1274
|
-
# used to sign in
|
1275
|
-
#
|
1288
|
+
# used to sign in. You can then use the federated user identity to sign
|
1289
|
+
# in as the existing user account.
|
1276
1290
|
#
|
1277
1291
|
# For example, if there is an existing user with a username and
|
1278
|
-
# password, this API links that user to a federated user identity
|
1279
|
-
#
|
1280
|
-
#
|
1292
|
+
# password, this API links that user to a federated user identity. When
|
1293
|
+
# the user signs in with a federated user identity, they sign in as the
|
1294
|
+
# existing user account.
|
1281
1295
|
#
|
1282
1296
|
# <note markdown="1"> The maximum number of federated identities linked to a user is 5.
|
1283
1297
|
#
|
@@ -1288,8 +1302,7 @@ module Aws::CognitoIdentityProvider
|
|
1288
1302
|
# only be used with external identity providers and provider attributes
|
1289
1303
|
# that have been trusted by the application owner.
|
1290
1304
|
#
|
1291
|
-
# This action is
|
1292
|
-
# credentials.
|
1305
|
+
# This action is administrative and requires developer credentials.
|
1293
1306
|
#
|
1294
1307
|
# @option params [required, String] :user_pool_id
|
1295
1308
|
# The user pool ID for the user pool.
|
@@ -1297,10 +1310,10 @@ module Aws::CognitoIdentityProvider
|
|
1297
1310
|
# @option params [required, Types::ProviderUserIdentifierType] :destination_user
|
1298
1311
|
# The existing user in the user pool to be linked to the external
|
1299
1312
|
# identity provider user account. Can be a native (Username + Password)
|
1300
|
-
# Cognito User Pools user or a federated user (for example, a
|
1301
|
-
# Facebook user). If the user doesn't exist, an exception is
|
1302
|
-
# This is the user that is returned when the new user (with the
|
1303
|
-
# identity provider attribute) signs in.
|
1313
|
+
# Amazon Cognito User Pools user or a federated user (for example, a
|
1314
|
+
# SAML or Facebook user). If the user doesn't exist, an exception is
|
1315
|
+
# thrown. This is the user that is returned when the new user (with the
|
1316
|
+
# linked identity provider attribute) signs in.
|
1304
1317
|
#
|
1305
1318
|
# For a native username + password user, the `ProviderAttributeValue`
|
1306
1319
|
# for the `DestinationUser` should be the username in the user pool. For
|
@@ -1311,30 +1324,34 @@ module Aws::CognitoIdentityProvider
|
|
1311
1324
|
# The `ProviderName` should be set to `Cognito` for users in Cognito
|
1312
1325
|
# user pools.
|
1313
1326
|
#
|
1327
|
+
# All attributes in the DestinationUser profile must be mutable. If you
|
1328
|
+
# have assigned the user any immutable custom attributes, the operation
|
1329
|
+
# won't succeed.
|
1330
|
+
#
|
1314
1331
|
# @option params [required, Types::ProviderUserIdentifierType] :source_user
|
1315
|
-
# An external identity provider account for a user who
|
1316
|
-
#
|
1317
|
-
#
|
1332
|
+
# An external identity provider account for a user who doesn't exist
|
1333
|
+
# yet in the user pool. This user must be a federated user (for example,
|
1334
|
+
# a SAML or Facebook user), not another native user.
|
1318
1335
|
#
|
1319
|
-
# If the `SourceUser` is a federated social identity provider
|
1320
|
-
#
|
1336
|
+
# If the `SourceUser` is using a federated social identity provider,
|
1337
|
+
# such as Facebook, Google, or Login with Amazon, you must set the
|
1321
1338
|
# `ProviderAttributeName` to `Cognito_Subject`. For social identity
|
1322
1339
|
# providers, the `ProviderName` will be `Facebook`, `Google`, or
|
1323
|
-
# `LoginWithAmazon`, and Cognito will automatically parse the
|
1324
|
-
# Google, and Login with Amazon tokens for `id`, `sub`, and
|
1325
|
-
# respectively. The `ProviderAttributeValue` for the user
|
1326
|
-
# same value as the `id`, `sub`, or `user_id` value found in
|
1327
|
-
# identity provider token.
|
1340
|
+
# `LoginWithAmazon`, and Amazon Cognito will automatically parse the
|
1341
|
+
# Facebook, Google, and Login with Amazon tokens for `id`, `sub`, and
|
1342
|
+
# `user_id`, respectively. The `ProviderAttributeValue` for the user
|
1343
|
+
# must be the same value as the `id`, `sub`, or `user_id` value found in
|
1344
|
+
# the social identity provider token.
|
1328
1345
|
#
|
1329
1346
|
#
|
1330
1347
|
#
|
1331
1348
|
# For SAML, the `ProviderAttributeName` can be any value that matches a
|
1332
|
-
# claim in the SAML assertion. If you
|
1349
|
+
# claim in the SAML assertion. If you want to link SAML users based on
|
1333
1350
|
# the subject of the SAML assertion, you should map the subject to a
|
1334
1351
|
# claim through the SAML identity provider and submit that claim name as
|
1335
1352
|
# the `ProviderAttributeName`. If you set `ProviderAttributeName` to
|
1336
|
-
# `Cognito_Subject`, Cognito will automatically parse the default
|
1337
|
-
# identifier found in the subject from the SAML token.
|
1353
|
+
# `Cognito_Subject`, Amazon Cognito will automatically parse the default
|
1354
|
+
# unique identifier found in the subject from the SAML token.
|
1338
1355
|
#
|
1339
1356
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1340
1357
|
#
|
@@ -1469,8 +1486,8 @@ module Aws::CognitoIdentityProvider
|
|
1469
1486
|
req.send_request(options)
|
1470
1487
|
end
|
1471
1488
|
|
1472
|
-
#
|
1473
|
-
#
|
1489
|
+
# A history of user activity and any risks detected as part of Amazon
|
1490
|
+
# Cognito advanced security.
|
1474
1491
|
#
|
1475
1492
|
# @option params [required, String] :user_pool_id
|
1476
1493
|
# The user pool ID.
|
@@ -1579,23 +1596,23 @@ module Aws::CognitoIdentityProvider
|
|
1579
1596
|
# password.
|
1580
1597
|
#
|
1581
1598
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
1582
|
-
#
|
1599
|
+
# US telecom carriers require you to register an origination phone
|
1583
1600
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
1584
1601
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
1585
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
1586
|
-
# number automatically. Otherwise, Cognito users that
|
1587
|
-
# messages might be unable to sign up, activate their
|
1588
|
-
# in.
|
1602
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
1603
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
1604
|
+
# must receive SMS messages might be unable to sign up, activate their
|
1605
|
+
# accounts, or sign in.
|
1589
1606
|
#
|
1590
1607
|
# If you have never used SMS text messages with Amazon Cognito or any
|
1591
|
-
# other Amazon Web Service, Amazon
|
1592
|
-
# sandbox. In <i> <a
|
1608
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
1609
|
+
# place your account in SMS sandbox. In <i> <a
|
1593
1610
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
1594
|
-
# mode</a> </i>, you
|
1595
|
-
# only verified phone numbers. After testing in the sandbox
|
1596
|
-
# you can move out of the SMS sandbox and into production.
|
1597
|
-
# information, see [ SMS message settings for Cognito
|
1598
|
-
# the *Amazon Cognito Developer Guide*.
|
1611
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
1612
|
+
# only to verified phone numbers. After testing in the sandbox
|
1613
|
+
# environment, you can move out of the SMS sandbox and into production.
|
1614
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
1615
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
1599
1616
|
#
|
1600
1617
|
# </note>
|
1601
1618
|
#
|
@@ -1611,7 +1628,7 @@ module Aws::CognitoIdentityProvider
|
|
1611
1628
|
# password.
|
1612
1629
|
#
|
1613
1630
|
# @option params [required, String] :username
|
1614
|
-
# The user name of the user whose password you
|
1631
|
+
# The user name of the user whose password you want to reset.
|
1615
1632
|
#
|
1616
1633
|
# @option params [Hash<String,String>] :client_metadata
|
1617
1634
|
# A map of custom key-value pairs that you can provide as input for any
|
@@ -1631,19 +1648,18 @@ module Aws::CognitoIdentityProvider
|
|
1631
1648
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
1632
1649
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
1633
1650
|
#
|
1634
|
-
# <note markdown="1">
|
1635
|
-
#
|
1651
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
1652
|
+
# Cognito won't do the following:
|
1636
1653
|
#
|
1637
|
-
# *
|
1638
|
-
#
|
1639
|
-
#
|
1640
|
-
#
|
1641
|
-
# purpose.
|
1654
|
+
# * Store the ClientMetadata value. This data is available only to
|
1655
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
1656
|
+
# workflows. If your user pool configuration doesn't include
|
1657
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
1642
1658
|
#
|
1643
|
-
# *
|
1659
|
+
# * Validate the ClientMetadata value.
|
1644
1660
|
#
|
1645
|
-
# *
|
1646
|
-
#
|
1661
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
1662
|
+
# provide sensitive information.
|
1647
1663
|
#
|
1648
1664
|
# </note>
|
1649
1665
|
#
|
@@ -1675,23 +1691,23 @@ module Aws::CognitoIdentityProvider
|
|
1675
1691
|
# Responds to an authentication challenge, as an administrator.
|
1676
1692
|
#
|
1677
1693
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
1678
|
-
#
|
1694
|
+
# US telecom carriers require you to register an origination phone
|
1679
1695
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
1680
1696
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
1681
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
1682
|
-
# number automatically. Otherwise, Cognito users that
|
1683
|
-
# messages might be unable to sign up, activate their
|
1684
|
-
# in.
|
1697
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
1698
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
1699
|
+
# must receive SMS messages might be unable to sign up, activate their
|
1700
|
+
# accounts, or sign in.
|
1685
1701
|
#
|
1686
1702
|
# If you have never used SMS text messages with Amazon Cognito or any
|
1687
|
-
# other Amazon Web Service, Amazon
|
1688
|
-
# sandbox. In <i> <a
|
1703
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
1704
|
+
# place your account in SMS sandbox. In <i> <a
|
1689
1705
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
1690
|
-
# mode</a> </i>, you
|
1691
|
-
# only verified phone numbers. After testing in the sandbox
|
1692
|
-
# you can move out of the SMS sandbox and into production.
|
1693
|
-
# information, see [ SMS message settings for Cognito
|
1694
|
-
# the *Amazon Cognito Developer Guide*.
|
1706
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
1707
|
+
# only to verified phone numbers. After testing in the sandbox
|
1708
|
+
# environment, you can move out of the SMS sandbox and into production.
|
1709
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
1710
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
1695
1711
|
#
|
1696
1712
|
# </note>
|
1697
1713
|
#
|
@@ -1726,6 +1742,11 @@ module Aws::CognitoIdentityProvider
|
|
1726
1742
|
# `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`,
|
1727
1743
|
# `SECRET_HASH` (if app client is configured with client secret).
|
1728
1744
|
#
|
1745
|
+
# <note markdown="1"> `PASSWORD_VERIFIER` requires `DEVICE_KEY` when signing in with a
|
1746
|
+
# remembered device.
|
1747
|
+
#
|
1748
|
+
# </note>
|
1749
|
+
#
|
1729
1750
|
# * `ADMIN_NO_SRP_AUTH`\: `PASSWORD`, `USERNAME`, `SECRET_HASH` (if app
|
1730
1751
|
# client is configured with client secret).
|
1731
1752
|
#
|
@@ -1733,22 +1754,22 @@ module Aws::CognitoIdentityProvider
|
|
1733
1754
|
# attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
|
1734
1755
|
# with client secret).
|
1735
1756
|
#
|
1736
|
-
# * `MFA_SETUP` requires `USERNAME`, plus you
|
1737
|
-
#
|
1757
|
+
# * `MFA_SETUP` requires `USERNAME`, plus you must use the session value
|
1758
|
+
# returned by `VerifySoftwareToken` in the `Session` parameter.
|
1738
1759
|
#
|
1739
1760
|
# The value of the `USERNAME` attribute must be the user's actual
|
1740
|
-
# username, not an alias (such as email address or phone number). To
|
1741
|
-
# make this
|
1742
|
-
# username value in the `USERNAMEUSER_ID_FOR_SRP` attribute
|
1743
|
-
# specified an alias in your call to
|
1761
|
+
# username, not an alias (such as an email address or phone number). To
|
1762
|
+
# make this simpler, the `AdminInitiateAuth` response includes the
|
1763
|
+
# actual username value in the `USERNAMEUSER_ID_FOR_SRP` attribute. This
|
1764
|
+
# happens even if you specified an alias in your call to
|
1765
|
+
# `AdminInitiateAuth`.
|
1744
1766
|
#
|
1745
1767
|
# @option params [String] :session
|
1746
|
-
# The session
|
1747
|
-
# calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
|
1748
|
-
# API call determines that the caller
|
1749
|
-
#
|
1750
|
-
#
|
1751
|
-
# API call.
|
1768
|
+
# The session that should be passed both ways in challenge-response
|
1769
|
+
# calls to the service. If an `InitiateAuth` or `RespondToAuthChallenge`
|
1770
|
+
# API call determines that the caller must pass another challenge, it
|
1771
|
+
# returns a session with other challenge parameters. This session should
|
1772
|
+
# be passed as it is to the next `RespondToAuthChallenge` API call.
|
1752
1773
|
#
|
1753
1774
|
# @option params [Types::AnalyticsMetadataType] :analytics_metadata
|
1754
1775
|
# The analytics metadata for collecting Amazon Pinpoint metrics for
|
@@ -1780,19 +1801,18 @@ module Aws::CognitoIdentityProvider
|
|
1780
1801
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
1781
1802
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
1782
1803
|
#
|
1783
|
-
# <note markdown="1">
|
1784
|
-
#
|
1804
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
1805
|
+
# Cognito won't do the following:
|
1785
1806
|
#
|
1786
|
-
# *
|
1787
|
-
#
|
1788
|
-
#
|
1789
|
-
#
|
1790
|
-
# purpose.
|
1807
|
+
# * Store the ClientMetadata value. This data is available only to
|
1808
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
1809
|
+
# workflows. If your user pool configuration doesn't include
|
1810
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
1791
1811
|
#
|
1792
|
-
# *
|
1812
|
+
# * Validate the ClientMetadata value.
|
1793
1813
|
#
|
1794
|
-
# *
|
1795
|
-
#
|
1814
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
1815
|
+
# provide sensitive information.
|
1796
1816
|
#
|
1797
1817
|
# </note>
|
1798
1818
|
#
|
@@ -1860,12 +1880,12 @@ module Aws::CognitoIdentityProvider
|
|
1860
1880
|
req.send_request(options)
|
1861
1881
|
end
|
1862
1882
|
|
1863
|
-
#
|
1864
|
-
#
|
1865
|
-
#
|
1866
|
-
#
|
1867
|
-
#
|
1868
|
-
#
|
1883
|
+
# The user's multi-factor authentication (MFA) preference, including
|
1884
|
+
# which MFA options are activated, and if any are preferred. Only one
|
1885
|
+
# factor can be set as preferred. The preferred MFA factor will be used
|
1886
|
+
# to authenticate a user if multiple factors are activated. If multiple
|
1887
|
+
# options are activated and no preference is set, a challenge to choose
|
1888
|
+
# an MFA option will be returned during sign-in.
|
1869
1889
|
#
|
1870
1890
|
# @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
|
1871
1891
|
# The SMS text message MFA settings.
|
@@ -1909,22 +1929,21 @@ module Aws::CognitoIdentityProvider
|
|
1909
1929
|
# administrator. Works on any user.
|
1910
1930
|
#
|
1911
1931
|
# The password can be temporary or permanent. If it is temporary, the
|
1912
|
-
# user status
|
1913
|
-
#
|
1914
|
-
#
|
1915
|
-
#
|
1916
|
-
#
|
1917
|
-
# will need to be reset by an administrator.
|
1932
|
+
# user status enters the `FORCE_CHANGE_PASSWORD` state. When the user
|
1933
|
+
# next tries to sign in, the InitiateAuth/AdminInitiateAuth response
|
1934
|
+
# will contain the `NEW_PASSWORD_REQUIRED` challenge. If the user
|
1935
|
+
# doesn't sign in before it expires, the user won't be able to sign
|
1936
|
+
# in, and an administrator must reset their password.
|
1918
1937
|
#
|
1919
1938
|
# Once the user has set a new password, or the password is permanent,
|
1920
|
-
# the user status
|
1939
|
+
# the user status is set to `Confirmed`.
|
1921
1940
|
#
|
1922
1941
|
# @option params [required, String] :user_pool_id
|
1923
1942
|
# The user pool ID for the user pool where you want to set the user's
|
1924
1943
|
# password.
|
1925
1944
|
#
|
1926
1945
|
# @option params [required, String] :username
|
1927
|
-
# The user name of the user whose password you
|
1946
|
+
# The user name of the user whose password you want to set.
|
1928
1947
|
#
|
1929
1948
|
# @option params [required, String] :password
|
1930
1949
|
# The password for the user.
|
@@ -1953,20 +1972,20 @@ module Aws::CognitoIdentityProvider
|
|
1953
1972
|
end
|
1954
1973
|
|
1955
1974
|
# *This action is no longer supported.* You can use it to configure only
|
1956
|
-
# SMS MFA. You can't use it to configure
|
1957
|
-
# configure either type of MFA, use
|
1958
|
-
# instead.
|
1975
|
+
# SMS MFA. You can't use it to configure time-based one-time password
|
1976
|
+
# (TOTP) software token MFA. To configure either type of MFA, use
|
1977
|
+
# [AdminSetUserMFAPreference][1] instead.
|
1959
1978
|
#
|
1960
1979
|
#
|
1961
1980
|
#
|
1962
1981
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html
|
1963
1982
|
#
|
1964
1983
|
# @option params [required, String] :user_pool_id
|
1965
|
-
# The ID of the user pool that contains the user
|
1966
|
-
#
|
1984
|
+
# The ID of the user pool that contains the user whose options you're
|
1985
|
+
# setting.
|
1967
1986
|
#
|
1968
1987
|
# @option params [required, String] :username
|
1969
|
-
# The user name of the user
|
1988
|
+
# The user name of the user whose options you're setting.
|
1970
1989
|
#
|
1971
1990
|
# @option params [required, Array<Types::MFAOptionType>] :mfa_options
|
1972
1991
|
# You can use this parameter only to set an SMS configuration that uses
|
@@ -1996,7 +2015,7 @@ module Aws::CognitoIdentityProvider
|
|
1996
2015
|
req.send_request(options)
|
1997
2016
|
end
|
1998
2017
|
|
1999
|
-
# Provides feedback for an authentication event
|
2018
|
+
# Provides feedback for an authentication event indicating if it was
|
2000
2019
|
# from a valid user. This feedback is used for improving the risk
|
2001
2020
|
# evaluation decision for the user pool as part of Amazon Cognito
|
2002
2021
|
# advanced security.
|
@@ -2079,23 +2098,23 @@ module Aws::CognitoIdentityProvider
|
|
2079
2098
|
# mark phone and email as verified.
|
2080
2099
|
#
|
2081
2100
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
2082
|
-
#
|
2101
|
+
# US telecom carriers require you to register an origination phone
|
2083
2102
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
2084
2103
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
2085
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
2086
|
-
# number automatically. Otherwise, Cognito users that
|
2087
|
-
# messages might be unable to sign up, activate their
|
2088
|
-
# in.
|
2104
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
2105
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
2106
|
+
# must receive SMS messages might be unable to sign up, activate their
|
2107
|
+
# accounts, or sign in.
|
2089
2108
|
#
|
2090
2109
|
# If you have never used SMS text messages with Amazon Cognito or any
|
2091
|
-
# other Amazon Web Service, Amazon
|
2092
|
-
# sandbox. In <i> <a
|
2110
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
2111
|
+
# place your account in SMS sandbox. In <i> <a
|
2093
2112
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
2094
|
-
# mode</a> </i>, you
|
2095
|
-
# only verified phone numbers. After testing in the sandbox
|
2096
|
-
# you can move out of the SMS sandbox and into production.
|
2097
|
-
# information, see [ SMS message settings for Cognito
|
2098
|
-
# the *Amazon Cognito Developer Guide*.
|
2113
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
2114
|
+
# only to verified phone numbers. After testing in the sandbox
|
2115
|
+
# environment, you can move out of the SMS sandbox and into production.
|
2116
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
2117
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
2099
2118
|
#
|
2100
2119
|
# </note>
|
2101
2120
|
#
|
@@ -2137,19 +2156,18 @@ module Aws::CognitoIdentityProvider
|
|
2137
2156
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
2138
2157
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
2139
2158
|
#
|
2140
|
-
# <note markdown="1">
|
2141
|
-
#
|
2159
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
2160
|
+
# Cognito won't do the following:
|
2142
2161
|
#
|
2143
|
-
# *
|
2144
|
-
#
|
2145
|
-
#
|
2146
|
-
#
|
2147
|
-
# purpose.
|
2162
|
+
# * Store the ClientMetadata value. This data is available only to
|
2163
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
2164
|
+
# workflows. If your user pool configuration doesn't include
|
2165
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
2148
2166
|
#
|
2149
|
-
# *
|
2167
|
+
# * Validate the ClientMetadata value.
|
2150
2168
|
#
|
2151
|
-
# *
|
2152
|
-
#
|
2169
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
2170
|
+
# provide sensitive information.
|
2153
2171
|
#
|
2154
2172
|
# </note>
|
2155
2173
|
#
|
@@ -2187,7 +2205,7 @@ module Aws::CognitoIdentityProvider
|
|
2187
2205
|
# Signs out users from all devices, as an administrator. It also
|
2188
2206
|
# invalidates all refresh tokens issued to a user. The user's current
|
2189
2207
|
# access and Id tokens remain valid until their expiry. Access and Id
|
2190
|
-
# tokens expire one hour after they
|
2208
|
+
# tokens expire one hour after they're issued.
|
2191
2209
|
#
|
2192
2210
|
# Calling this action requires developer credentials.
|
2193
2211
|
#
|
@@ -2221,11 +2239,11 @@ module Aws::CognitoIdentityProvider
|
|
2221
2239
|
#
|
2222
2240
|
# <note markdown="1"> Calling AssociateSoftwareToken immediately disassociates the existing
|
2223
2241
|
# software token from the user account. If the user doesn't
|
2224
|
-
# subsequently verify the software token, their account is
|
2225
|
-
#
|
2226
|
-
#
|
2227
|
-
#
|
2228
|
-
#
|
2242
|
+
# subsequently verify the software token, their account is set up to
|
2243
|
+
# authenticate without MFA. If MFA config is set to Optional at the user
|
2244
|
+
# pool level, the user can then log in without MFA. However, if MFA is
|
2245
|
+
# set to Required for the user pool, the user is asked to set up a new
|
2246
|
+
# software token MFA during sign-in.
|
2229
2247
|
#
|
2230
2248
|
# </note>
|
2231
2249
|
#
|
@@ -2233,7 +2251,7 @@ module Aws::CognitoIdentityProvider
|
|
2233
2251
|
# The access token.
|
2234
2252
|
#
|
2235
2253
|
# @option params [String] :session
|
2236
|
-
# The session
|
2254
|
+
# The session that should be passed both ways in challenge-response
|
2237
2255
|
# calls to the service. This allows authentication of the user as part
|
2238
2256
|
# of the MFA setup process.
|
2239
2257
|
#
|
@@ -2391,19 +2409,18 @@ module Aws::CognitoIdentityProvider
|
|
2391
2409
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
2392
2410
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
2393
2411
|
#
|
2394
|
-
# <note markdown="1">
|
2395
|
-
#
|
2412
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
2413
|
+
# Cognito won't do the following:
|
2396
2414
|
#
|
2397
|
-
# *
|
2398
|
-
#
|
2399
|
-
#
|
2400
|
-
#
|
2401
|
-
# purpose.
|
2415
|
+
# * Store the ClientMetadata value. This data is available only to
|
2416
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
2417
|
+
# workflows. If your user pool configuration doesn't include
|
2418
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
2402
2419
|
#
|
2403
|
-
# *
|
2420
|
+
# * Validate the ClientMetadata value.
|
2404
2421
|
#
|
2405
|
-
# *
|
2406
|
-
#
|
2422
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
2423
|
+
# provide sensitive information.
|
2407
2424
|
#
|
2408
2425
|
# </note>
|
2409
2426
|
#
|
@@ -2453,7 +2470,7 @@ module Aws::CognitoIdentityProvider
|
|
2453
2470
|
# the message.
|
2454
2471
|
#
|
2455
2472
|
# @option params [required, String] :username
|
2456
|
-
# The user name of the user whose registration you
|
2473
|
+
# The user name of the user whose registration you want to confirm.
|
2457
2474
|
#
|
2458
2475
|
# @option params [required, String] :confirmation_code
|
2459
2476
|
# The confirmation code sent by a user's request to confirm
|
@@ -2494,19 +2511,18 @@ module Aws::CognitoIdentityProvider
|
|
2494
2511
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
2495
2512
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
2496
2513
|
#
|
2497
|
-
# <note markdown="1">
|
2498
|
-
#
|
2514
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
2515
|
+
# Cognito won't do the following:
|
2499
2516
|
#
|
2500
|
-
# *
|
2501
|
-
#
|
2502
|
-
#
|
2503
|
-
#
|
2504
|
-
# purpose.
|
2517
|
+
# * Store the ClientMetadata value. This data is available only to
|
2518
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
2519
|
+
# workflows. If your user pool configuration doesn't include
|
2520
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
2505
2521
|
#
|
2506
|
-
# *
|
2522
|
+
# * Validate the ClientMetadata value.
|
2507
2523
|
#
|
2508
|
-
# *
|
2509
|
-
#
|
2524
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
2525
|
+
# provide sensitive information.
|
2510
2526
|
#
|
2511
2527
|
# </note>
|
2512
2528
|
#
|
@@ -2558,24 +2574,24 @@ module Aws::CognitoIdentityProvider
|
|
2558
2574
|
# A string containing the description of the group.
|
2559
2575
|
#
|
2560
2576
|
# @option params [String] :role_arn
|
2561
|
-
# The role ARN for the group.
|
2577
|
+
# The role Amazon Resource Name (ARN) for the group.
|
2562
2578
|
#
|
2563
2579
|
# @option params [Integer] :precedence
|
2564
|
-
# A
|
2580
|
+
# A non-negative integer value that specifies the precedence of this
|
2565
2581
|
# group relative to the other groups that a user can belong to in the
|
2566
2582
|
# user pool. Zero is the highest precedence value. Groups with lower
|
2567
|
-
# `Precedence` values take precedence over groups with higher
|
2583
|
+
# `Precedence` values take precedence over groups with higher ornull
|
2568
2584
|
# `Precedence` values. If a user belongs to two or more groups, it is
|
2569
|
-
# the group with the lowest precedence value whose role ARN
|
2570
|
-
#
|
2571
|
-
#
|
2585
|
+
# the group with the lowest precedence value whose role ARN is given in
|
2586
|
+
# the user's tokens for the `cognito:roles` and
|
2587
|
+
# `cognito:preferred_role` claims.
|
2572
2588
|
#
|
2573
2589
|
# Two groups can have the same `Precedence` value. If this happens,
|
2574
2590
|
# neither group takes precedence over the other. If two groups with the
|
2575
2591
|
# same `Precedence` have the same role ARN, that role is used in the
|
2576
2592
|
# `cognito:preferred_role` claim in tokens for users in each group. If
|
2577
2593
|
# the two groups have different role ARNs, the `cognito:preferred_role`
|
2578
|
-
# claim
|
2594
|
+
# claim isn't set in users' tokens.
|
2579
2595
|
#
|
2580
2596
|
# The default `Precedence` value is null.
|
2581
2597
|
#
|
@@ -2657,7 +2673,7 @@ module Aws::CognitoIdentityProvider
|
|
2657
2673
|
#
|
2658
2674
|
# * authorize\_scopes
|
2659
2675
|
#
|
2660
|
-
# * For OIDC providers:
|
2676
|
+
# * For OpenID Connect (OIDC) providers:
|
2661
2677
|
#
|
2662
2678
|
# * client\_id
|
2663
2679
|
#
|
@@ -2681,11 +2697,14 @@ module Aws::CognitoIdentityProvider
|
|
2681
2697
|
# * jwks\_uri *if not available from discovery URL specified by
|
2682
2698
|
# oidc\_issuer key*
|
2683
2699
|
#
|
2700
|
+
# * attributes\_url\_add\_attributes *a read-only property that is set
|
2701
|
+
# automatically*
|
2702
|
+
#
|
2684
2703
|
# * For SAML providers:
|
2685
2704
|
#
|
2686
2705
|
# * MetadataFile OR MetadataURL
|
2687
2706
|
#
|
2688
|
-
# * IDPSignout
|
2707
|
+
# * IDPSignout (optional)
|
2689
2708
|
#
|
2690
2709
|
# @option params [Hash<String,String>] :attribute_mapping
|
2691
2710
|
# A mapping of identity provider attributes to standard and custom user
|
@@ -2736,23 +2755,23 @@ module Aws::CognitoIdentityProvider
|
|
2736
2755
|
req.send_request(options)
|
2737
2756
|
end
|
2738
2757
|
|
2739
|
-
# Creates a new OAuth2.0 resource server and defines custom scopes
|
2740
|
-
# it.
|
2758
|
+
# Creates a new OAuth2.0 resource server and defines custom scopes
|
2759
|
+
# within it.
|
2741
2760
|
#
|
2742
2761
|
# @option params [required, String] :user_pool_id
|
2743
2762
|
# The user pool ID for the user pool.
|
2744
2763
|
#
|
2745
2764
|
# @option params [required, String] :identifier
|
2746
2765
|
# A unique resource server identifier for the resource server. This
|
2747
|
-
# could be an HTTPS endpoint where the resource server is located
|
2748
|
-
#
|
2766
|
+
# could be an HTTPS endpoint where the resource server is located, such
|
2767
|
+
# as `https://my-weather-api.example.com`.
|
2749
2768
|
#
|
2750
2769
|
# @option params [required, String] :name
|
2751
2770
|
# A friendly name for the resource server.
|
2752
2771
|
#
|
2753
2772
|
# @option params [Array<Types::ResourceServerScopeType>] :scopes
|
2754
|
-
# A list of scopes. Each scope is map
|
2755
|
-
# `description`.
|
2773
|
+
# A list of scopes. Each scope is a key-value map with the keys `name`
|
2774
|
+
# and `description`.
|
2756
2775
|
#
|
2757
2776
|
# @return [Types::CreateResourceServerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2758
2777
|
#
|
@@ -2800,7 +2819,7 @@ module Aws::CognitoIdentityProvider
|
|
2800
2819
|
# into.
|
2801
2820
|
#
|
2802
2821
|
# @option params [required, String] :cloud_watch_logs_role_arn
|
2803
|
-
# The role ARN for the Amazon CloudWatch Logging role for the user
|
2822
|
+
# The role ARN for the Amazon CloudWatch Logs Logging role for the user
|
2804
2823
|
# import job.
|
2805
2824
|
#
|
2806
2825
|
# @return [Types::CreateUserImportJobResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -2844,23 +2863,23 @@ module Aws::CognitoIdentityProvider
|
|
2844
2863
|
# for the pool.
|
2845
2864
|
#
|
2846
2865
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
2847
|
-
#
|
2866
|
+
# US telecom carriers require you to register an origination phone
|
2848
2867
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
2849
2868
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
2850
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
2851
|
-
# number automatically. Otherwise, Cognito users that
|
2852
|
-
# messages might be unable to sign up, activate their
|
2853
|
-
# in.
|
2869
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
2870
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
2871
|
+
# must receive SMS messages might be unable to sign up, activate their
|
2872
|
+
# accounts, or sign in.
|
2854
2873
|
#
|
2855
2874
|
# If you have never used SMS text messages with Amazon Cognito or any
|
2856
|
-
# other Amazon Web Service, Amazon
|
2857
|
-
# sandbox. In <i> <a
|
2875
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
2876
|
+
# place your account in SMS sandbox. In <i> <a
|
2858
2877
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
2859
|
-
# mode</a> </i>, you
|
2860
|
-
# only verified phone numbers. After testing in the sandbox
|
2861
|
-
# you can move out of the SMS sandbox and into production.
|
2862
|
-
# information, see [ SMS message settings for Cognito
|
2863
|
-
# the *Amazon Cognito Developer Guide*.
|
2878
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
2879
|
+
# only to verified phone numbers. After testing in the sandbox
|
2880
|
+
# environment, you can move out of the SMS sandbox and into production.
|
2881
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
2882
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
2864
2883
|
#
|
2865
2884
|
# </note>
|
2866
2885
|
#
|
@@ -2879,16 +2898,16 @@ module Aws::CognitoIdentityProvider
|
|
2879
2898
|
# The Lambda trigger configuration information for the new user pool.
|
2880
2899
|
#
|
2881
2900
|
# <note markdown="1"> In a push model, event sources (such as Amazon S3 and custom
|
2882
|
-
# applications) need permission to invoke a function. So you
|
2883
|
-
#
|
2884
|
-
#
|
2901
|
+
# applications) need permission to invoke a function. So you must make
|
2902
|
+
# an extra call to add permission for these event sources to invoke your
|
2903
|
+
# Lambda function.
|
2885
2904
|
#
|
2886
2905
|
#
|
2887
2906
|
#
|
2888
|
-
# For more information on using the Lambda API to add permission, see
|
2907
|
+
# For more information on using the Lambda API to add permission, see[
|
2889
2908
|
# AddPermission ][1].
|
2890
2909
|
#
|
2891
|
-
# For adding permission using the CLI, see
|
2910
|
+
# For adding permission using the CLI, see[ add-permission ][2].
|
2892
2911
|
#
|
2893
2912
|
# </note>
|
2894
2913
|
#
|
@@ -2906,8 +2925,8 @@ module Aws::CognitoIdentityProvider
|
|
2906
2925
|
# **phone\_number**, **email**, or **preferred\_username**.
|
2907
2926
|
#
|
2908
2927
|
# @option params [Array<String>] :username_attributes
|
2909
|
-
# Specifies whether email
|
2910
|
-
#
|
2928
|
+
# Specifies whether a user can use an email address or phone number as a
|
2929
|
+
# username when they sign up.
|
2911
2930
|
#
|
2912
2931
|
# @option params [String] :sms_verification_message
|
2913
2932
|
# A string representing the SMS verification message.
|
@@ -2962,28 +2981,29 @@ module Aws::CognitoIdentityProvider
|
|
2962
2981
|
# can be standard or custom attributes.
|
2963
2982
|
#
|
2964
2983
|
# @option params [Types::UserPoolAddOnsType] :user_pool_add_ons
|
2965
|
-
#
|
2984
|
+
# Enables advanced security risk detection. Set the key
|
2966
2985
|
# `AdvancedSecurityMode` to the value "AUDIT".
|
2967
2986
|
#
|
2968
2987
|
# @option params [Types::UsernameConfigurationType] :username_configuration
|
2969
|
-
#
|
2970
|
-
#
|
2971
|
-
#
|
2972
|
-
#
|
2973
|
-
#
|
2988
|
+
# Case sensitivity on the username input for the selected sign-in
|
2989
|
+
# option. For example, when case sensitivity is set to `False`, users
|
2990
|
+
# can sign in using either "username" or "Username". This
|
2991
|
+
# configuration is immutable once it has been set. For more information,
|
2992
|
+
# see [UsernameConfigurationType][1].
|
2974
2993
|
#
|
2975
2994
|
#
|
2976
2995
|
#
|
2977
2996
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html
|
2978
2997
|
#
|
2979
2998
|
# @option params [Types::AccountRecoverySettingType] :account_recovery_setting
|
2980
|
-
#
|
2981
|
-
#
|
2982
|
-
#
|
2983
|
-
#
|
2984
|
-
#
|
2985
|
-
# the absence of this setting, Cognito uses the
|
2986
|
-
# determine the recovery method where SMS is
|
2999
|
+
# The available verified method a user can use to recover their password
|
3000
|
+
# when they call `ForgotPassword`. You can use this setting to define a
|
3001
|
+
# preferred method when a user has more than one method available. With
|
3002
|
+
# this setting, SMS doesn't qualify for a valid password recovery
|
3003
|
+
# mechanism if the user also has SMS multi-factor authentication (MFA)
|
3004
|
+
# activated. In the absence of this setting, Amazon Cognito uses the
|
3005
|
+
# legacy behavior to determine the recovery method where SMS is
|
3006
|
+
# preferred through email.
|
2987
3007
|
#
|
2988
3008
|
# @return [Types::CreateUserPoolResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2989
3009
|
#
|
@@ -3195,8 +3215,8 @@ module Aws::CognitoIdentityProvider
|
|
3195
3215
|
# Creates the user pool client.
|
3196
3216
|
#
|
3197
3217
|
# When you create a new user pool client, token revocation is
|
3198
|
-
# automatically
|
3199
|
-
# [RevokeToken][1].
|
3218
|
+
# automatically activated. For more information about revoking tokens,
|
3219
|
+
# see [RevokeToken][1].
|
3200
3220
|
#
|
3201
3221
|
#
|
3202
3222
|
#
|
@@ -3215,20 +3235,20 @@ module Aws::CognitoIdentityProvider
|
|
3215
3235
|
#
|
3216
3236
|
# @option params [Integer] :refresh_token_validity
|
3217
3237
|
# The time limit, in days, after which the refresh token is no longer
|
3218
|
-
# valid and
|
3238
|
+
# valid and can't be used.
|
3219
3239
|
#
|
3220
3240
|
# @option params [Integer] :access_token_validity
|
3221
3241
|
# The time limit, between 5 minutes and 1 day, after which the access
|
3222
|
-
# token is no longer valid and
|
3223
|
-
#
|
3242
|
+
# token is no longer valid and can't be used. If you supply a
|
3243
|
+
# TokenValidityUnits value, you will override the default time unit.
|
3224
3244
|
#
|
3225
3245
|
# @option params [Integer] :id_token_validity
|
3226
|
-
# The time limit, between 5 minutes and 1 day, after which the
|
3227
|
-
# is no longer valid and
|
3228
|
-
#
|
3246
|
+
# The time limit, between 5 minutes and 1 day, after which the access
|
3247
|
+
# token is no longer valid and can't be used. If you supply a
|
3248
|
+
# TokenValidityUnits value, you will override the default time unit.
|
3229
3249
|
#
|
3230
3250
|
# @option params [Types::TokenValidityUnitsType] :token_validity_units
|
3231
|
-
# The units in which the validity times are represented
|
3251
|
+
# The units in which the validity times are represented. Default for
|
3232
3252
|
# RefreshToken is days, and default for ID and access tokens are hours.
|
3233
3253
|
#
|
3234
3254
|
# @option params [Array<String>] :read_attributes
|
@@ -3242,7 +3262,7 @@ module Aws::CognitoIdentityProvider
|
|
3242
3262
|
# identity provider attributes. Amazon Cognito updates mapped attributes
|
3243
3263
|
# when users sign in to your application through an identity provider.
|
3244
3264
|
# If your app client lacks write access to a mapped attribute, Amazon
|
3245
|
-
# Cognito throws an error when it
|
3265
|
+
# Cognito throws an error when it tries to update the attribute. For
|
3246
3266
|
# more information, see [Specifying Identity Provider Attribute Mappings
|
3247
3267
|
# for Your User Pool][1].
|
3248
3268
|
#
|
@@ -3252,26 +3272,26 @@ module Aws::CognitoIdentityProvider
|
|
3252
3272
|
#
|
3253
3273
|
# @option params [Array<String>] :explicit_auth_flows
|
3254
3274
|
# The authentication flows that are supported by the user pool clients.
|
3255
|
-
# Flow names without the `ALLOW_` prefix are
|
3256
|
-
# names with the `ALLOW_` prefix. Note that values with
|
3257
|
-
#
|
3275
|
+
# Flow names without the `ALLOW_` prefix are no longer supported, in
|
3276
|
+
# favor of new names with the `ALLOW_` prefix. Note that values with
|
3277
|
+
# `ALLOW_` prefix must be used only along with the `ALLOW_` prefix.
|
3258
3278
|
#
|
3259
3279
|
# Valid values include:
|
3260
3280
|
#
|
3261
3281
|
# * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
|
3262
3282
|
# authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
|
3263
3283
|
# replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
|
3264
|
-
# flow, Cognito receives the password in the request instead of
|
3265
|
-
# the
|
3266
|
-
# passwords.
|
3284
|
+
# flow, Amazon Cognito receives the password in the request instead of
|
3285
|
+
# using the Secure Remote Password (SRP) protocol to verify passwords.
|
3267
3286
|
#
|
3268
3287
|
# * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
|
3269
3288
|
#
|
3270
3289
|
# * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
|
3271
|
-
# authentication. In this flow, Cognito receives the password
|
3272
|
-
# request instead of using the SRP protocol to verify
|
3290
|
+
# authentication. In this flow, Amazon Cognito receives the password
|
3291
|
+
# in the request instead of using the SRP protocol to verify
|
3292
|
+
# passwords.
|
3273
3293
|
#
|
3274
|
-
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP
|
3294
|
+
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
|
3275
3295
|
#
|
3276
3296
|
# * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
|
3277
3297
|
#
|
@@ -3349,49 +3369,44 @@ module Aws::CognitoIdentityProvider
|
|
3349
3369
|
#
|
3350
3370
|
# @option params [Boolean] :allowed_o_auth_flows_user_pool_client
|
3351
3371
|
# Set to true if the client is allowed to follow the OAuth protocol when
|
3352
|
-
# interacting with Cognito user pools.
|
3372
|
+
# interacting with Amazon Cognito user pools.
|
3353
3373
|
#
|
3354
3374
|
# @option params [Types::AnalyticsConfigurationType] :analytics_configuration
|
3355
3375
|
# The Amazon Pinpoint analytics configuration for collecting metrics for
|
3356
3376
|
# this user pool.
|
3357
3377
|
#
|
3358
|
-
# <note markdown="1"> In
|
3359
|
-
# supports sending events to Amazon Pinpoint projects in
|
3360
|
-
#
|
3361
|
-
# sending events to Amazon Pinpoint projects within that
|
3378
|
+
# <note markdown="1"> In Amazon Web Services Regions where isn't available, User Pools only
|
3379
|
+
# supports sending events to Amazon Pinpoint projects in Amazon Web
|
3380
|
+
# Services Region us-east-1. In Regions where is available, User Pools
|
3381
|
+
# will support sending events to Amazon Pinpoint projects within that
|
3382
|
+
# same Region.
|
3362
3383
|
#
|
3363
3384
|
# </note>
|
3364
3385
|
#
|
3365
3386
|
# @option params [String] :prevent_user_existence_errors
|
3366
|
-
#
|
3367
|
-
#
|
3368
|
-
#
|
3369
|
-
#
|
3370
|
-
# indicating either the username or password was incorrect
|
3387
|
+
# Errors and responses that you want Amazon Cognito APIs to return
|
3388
|
+
# during authentication, account confirmation, and password recovery
|
3389
|
+
# when the user doesn't exist in the user pool. When set to `ENABLED`
|
3390
|
+
# and the user doesn't exist, authentication returns an error
|
3391
|
+
# indicating either the username or password was incorrect. Account
|
3371
3392
|
# confirmation and password recovery return a response indicating a code
|
3372
3393
|
# was sent to a simulated destination. When set to `LEGACY`, those APIs
|
3373
|
-
#
|
3374
|
-
#
|
3394
|
+
# return a `UserNotFoundException` exception if the user doesn't exist
|
3395
|
+
# in the user pool.
|
3375
3396
|
#
|
3376
3397
|
# Valid values include:
|
3377
3398
|
#
|
3378
3399
|
# * `ENABLED` - This prevents user existence-related errors.
|
3379
3400
|
#
|
3380
|
-
# * `LEGACY` - This represents the
|
3381
|
-
# existence related errors
|
3382
|
-
#
|
3383
|
-
# <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
|
3384
|
-
# will default to `ENABLED` for newly created user pool clients if no
|
3385
|
-
# value is provided.
|
3386
|
-
#
|
3387
|
-
# </note>
|
3401
|
+
# * `LEGACY` - This represents the early behavior of Amazon Cognito
|
3402
|
+
# where user existence related errors aren't prevented.
|
3388
3403
|
#
|
3389
3404
|
# @option params [Boolean] :enable_token_revocation
|
3390
|
-
#
|
3405
|
+
# Activates or deactivates token revocation. For more information about
|
3391
3406
|
# revoking tokens, see [RevokeToken][1].
|
3392
3407
|
#
|
3393
3408
|
# If you don't include this parameter, token revocation is
|
3394
|
-
# automatically
|
3409
|
+
# automatically activated for the new user pool client.
|
3395
3410
|
#
|
3396
3411
|
#
|
3397
3412
|
#
|
@@ -3488,7 +3503,9 @@ module Aws::CognitoIdentityProvider
|
|
3488
3503
|
# Creates a new domain for a user pool.
|
3489
3504
|
#
|
3490
3505
|
# @option params [required, String] :domain
|
3491
|
-
# The domain string.
|
3506
|
+
# The domain string. For custom domains, this is the fully-qualified
|
3507
|
+
# domain name, such as `auth.example.com`. For Amazon Cognito prefix
|
3508
|
+
# domains, this is the prefix alone, such as `auth`.
|
3492
3509
|
#
|
3493
3510
|
# @option params [required, String] :user_pool_id
|
3494
3511
|
# The user pool ID.
|
@@ -3640,11 +3657,11 @@ module Aws::CognitoIdentityProvider
|
|
3640
3657
|
# Deletes the attributes for a user.
|
3641
3658
|
#
|
3642
3659
|
# @option params [required, Array<String>] :user_attribute_names
|
3643
|
-
# An array of strings representing the user attribute names you
|
3660
|
+
# An array of strings representing the user attribute names you want to
|
3644
3661
|
# delete.
|
3645
3662
|
#
|
3646
|
-
# For custom attributes, you must
|
3647
|
-
# attribute name.
|
3663
|
+
# For custom attributes, you must prependattach the `custom:` prefix to
|
3664
|
+
# the front of the attribute name.
|
3648
3665
|
#
|
3649
3666
|
# @option params [required, String] :access_token
|
3650
3667
|
# The access token used in the request to delete user attributes.
|
@@ -3719,7 +3736,9 @@ module Aws::CognitoIdentityProvider
|
|
3719
3736
|
# Deletes a domain for a user pool.
|
3720
3737
|
#
|
3721
3738
|
# @option params [required, String] :domain
|
3722
|
-
# The domain string.
|
3739
|
+
# The domain string. For custom domains, this is the fully-qualified
|
3740
|
+
# domain name, such as `auth.example.com`. For Amazon Cognito prefix
|
3741
|
+
# domains, this is the prefix alone, such as `auth`.
|
3723
3742
|
#
|
3724
3743
|
# @option params [required, String] :user_pool_id
|
3725
3744
|
# The user pool ID.
|
@@ -4105,7 +4124,9 @@ module Aws::CognitoIdentityProvider
|
|
4105
4124
|
# Gets information about a domain.
|
4106
4125
|
#
|
4107
4126
|
# @option params [required, String] :domain
|
4108
|
-
# The domain string.
|
4127
|
+
# The domain string. For custom domains, this is the fully-qualified
|
4128
|
+
# domain name, such as `auth.example.com`. For Amazon Cognito prefix
|
4129
|
+
# domains, this is the prefix alone, such as `auth`.
|
4109
4130
|
#
|
4110
4131
|
# @return [Types::DescribeUserPoolDomainResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4111
4132
|
#
|
@@ -4174,23 +4195,23 @@ module Aws::CognitoIdentityProvider
|
|
4174
4195
|
# for resetting the password, call [ConfirmForgotPassword][2].
|
4175
4196
|
#
|
4176
4197
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
4177
|
-
#
|
4198
|
+
# US telecom carriers require you to register an origination phone
|
4178
4199
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
4179
4200
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
4180
|
-
# number with [Amazon Pinpoint][3]. Cognito will use the
|
4181
|
-
# number automatically. Otherwise, Cognito users that
|
4182
|
-
# messages might be unable to sign up, activate their
|
4183
|
-
# in.
|
4201
|
+
# number with [Amazon Pinpoint][3]. Amazon Cognito will use the
|
4202
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
4203
|
+
# must receive SMS messages might be unable to sign up, activate their
|
4204
|
+
# accounts, or sign in.
|
4184
4205
|
#
|
4185
4206
|
# If you have never used SMS text messages with Amazon Cognito or any
|
4186
|
-
# other Amazon Web Service, Amazon
|
4187
|
-
# sandbox. In <i> <a
|
4207
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
4208
|
+
# place your account in SMS sandbox. In <i> <a
|
4188
4209
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
4189
|
-
# mode</a> </i>, you
|
4190
|
-
# only verified phone numbers. After testing in the sandbox
|
4191
|
-
# you can move out of the SMS sandbox and into production.
|
4192
|
-
# information, see [ SMS message settings for Cognito
|
4193
|
-
# the *Amazon Cognito Developer Guide*.
|
4210
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
4211
|
+
# only to verified phone numbers. After testing in the sandbox
|
4212
|
+
# environment, you can move out of the SMS sandbox and into production.
|
4213
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
4214
|
+
# User Pools][4] in the *Amazon Cognito Developer Guide*.
|
4194
4215
|
#
|
4195
4216
|
# </note>
|
4196
4217
|
#
|
@@ -4240,19 +4261,18 @@ module Aws::CognitoIdentityProvider
|
|
4240
4261
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
4241
4262
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
4242
4263
|
#
|
4243
|
-
# <note markdown="1">
|
4244
|
-
#
|
4264
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
4265
|
+
# Cognito won't do the following:
|
4245
4266
|
#
|
4246
|
-
# *
|
4247
|
-
#
|
4248
|
-
#
|
4249
|
-
#
|
4250
|
-
# purpose.
|
4267
|
+
# * Store the ClientMetadata value. This data is available only to
|
4268
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
4269
|
+
# workflows. If your user pool configuration doesn't include
|
4270
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
4251
4271
|
#
|
4252
|
-
# *
|
4272
|
+
# * Validate the ClientMetadata value.
|
4253
4273
|
#
|
4254
|
-
# *
|
4255
|
-
#
|
4274
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
4275
|
+
# provide sensitive information.
|
4256
4276
|
#
|
4257
4277
|
# </note>
|
4258
4278
|
#
|
@@ -4296,8 +4316,8 @@ module Aws::CognitoIdentityProvider
|
|
4296
4316
|
req.send_request(options)
|
4297
4317
|
end
|
4298
4318
|
|
4299
|
-
# Gets the header information for the
|
4300
|
-
# the user import job.
|
4319
|
+
# Gets the header information for the comma-separated value (CSV) file
|
4320
|
+
# to be used as input for the user import job.
|
4301
4321
|
#
|
4302
4322
|
# @option params [required, String] :user_pool_id
|
4303
4323
|
# The user pool ID for the user pool that the users are to be imported
|
@@ -4477,11 +4497,12 @@ module Aws::CognitoIdentityProvider
|
|
4477
4497
|
req.send_request(options)
|
4478
4498
|
end
|
4479
4499
|
|
4480
|
-
# Gets the UI Customization information for a
|
4481
|
-
# app UI, if
|
4482
|
-
#
|
4483
|
-
# (app `clientId`
|
4484
|
-
#
|
4500
|
+
# Gets the user interface (UI) Customization information for a
|
4501
|
+
# particular app client's app UI, if any such information exists for
|
4502
|
+
# the client. If nothing is set for the particular client, but there is
|
4503
|
+
# an existing pool level customization (the app `clientId` is `ALL`),
|
4504
|
+
# then that information is returned. If nothing is present, then an
|
4505
|
+
# empty shape is returned.
|
4485
4506
|
#
|
4486
4507
|
# @option params [required, String] :user_pool_id
|
4487
4508
|
# The user pool ID for the user pool.
|
@@ -4565,23 +4586,23 @@ module Aws::CognitoIdentityProvider
|
|
4565
4586
|
# name.
|
4566
4587
|
#
|
4567
4588
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
4568
|
-
#
|
4589
|
+
# US telecom carriers require you to register an origination phone
|
4569
4590
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
4570
4591
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
4571
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
4572
|
-
# number automatically. Otherwise, Cognito users that
|
4573
|
-
# messages might be unable to sign up, activate their
|
4574
|
-
# in.
|
4592
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
4593
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
4594
|
+
# must receive SMS messages might be unable to sign up, activate their
|
4595
|
+
# accounts, or sign in.
|
4575
4596
|
#
|
4576
4597
|
# If you have never used SMS text messages with Amazon Cognito or any
|
4577
|
-
# other Amazon Web Service, Amazon
|
4578
|
-
# sandbox. In <i> <a
|
4598
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
4599
|
+
# place your account in SMS sandbox. In <i> <a
|
4579
4600
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
4580
|
-
# mode</a> </i>, you
|
4581
|
-
# only verified phone numbers. After testing in the sandbox
|
4582
|
-
# you can move out of the SMS sandbox and into production.
|
4583
|
-
# information, see [ SMS message settings for Cognito
|
4584
|
-
# the *Amazon Cognito Developer Guide*.
|
4601
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
4602
|
+
# only to verified phone numbers. After testing in the sandbox
|
4603
|
+
# environment, you can move out of the SMS sandbox and into production.
|
4604
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
4605
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
4585
4606
|
#
|
4586
4607
|
# </note>
|
4587
4608
|
#
|
@@ -4616,19 +4637,18 @@ module Aws::CognitoIdentityProvider
|
|
4616
4637
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
4617
4638
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
4618
4639
|
#
|
4619
|
-
# <note markdown="1">
|
4620
|
-
#
|
4640
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
4641
|
+
# Cognito won't do the following:
|
4621
4642
|
#
|
4622
|
-
# *
|
4623
|
-
#
|
4624
|
-
#
|
4625
|
-
#
|
4626
|
-
# purpose.
|
4643
|
+
# * Store the ClientMetadata value. This data is available only to
|
4644
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
4645
|
+
# workflows. If your user pool configuration doesn't include
|
4646
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
4627
4647
|
#
|
4628
|
-
# *
|
4648
|
+
# * Validate the ClientMetadata value.
|
4629
4649
|
#
|
4630
|
-
# *
|
4631
|
-
#
|
4650
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
4651
|
+
# provide sensitive information.
|
4632
4652
|
#
|
4633
4653
|
# </note>
|
4634
4654
|
#
|
@@ -4700,9 +4720,9 @@ module Aws::CognitoIdentityProvider
|
|
4700
4720
|
end
|
4701
4721
|
|
4702
4722
|
# Signs out users from all devices. It also invalidates all refresh
|
4703
|
-
# tokens issued to a user. The user's current access and
|
4723
|
+
# tokens issued to a user. The user's current access and ID tokens
|
4704
4724
|
# remain valid until their expiry. Access and Id tokens expire one hour
|
4705
|
-
# after they
|
4725
|
+
# after they're issued.
|
4706
4726
|
#
|
4707
4727
|
# @option params [required, String] :access_token
|
4708
4728
|
# The access token.
|
@@ -4727,23 +4747,23 @@ module Aws::CognitoIdentityProvider
|
|
4727
4747
|
# Initiates the authentication flow.
|
4728
4748
|
#
|
4729
4749
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
4730
|
-
#
|
4750
|
+
# US telecom carriers require you to register an origination phone
|
4731
4751
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
4732
4752
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
4733
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
4734
|
-
# number automatically. Otherwise, Cognito users that
|
4735
|
-
# messages might be unable to sign up, activate their
|
4736
|
-
# in.
|
4753
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
4754
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
4755
|
+
# must receive SMS messages might be unable to sign up, activate their
|
4756
|
+
# accounts, or sign in.
|
4737
4757
|
#
|
4738
4758
|
# If you have never used SMS text messages with Amazon Cognito or any
|
4739
|
-
# other Amazon Web Service, Amazon
|
4740
|
-
# sandbox. In <i> <a
|
4759
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
4760
|
+
# place your account in SMS sandbox. In <i> <a
|
4741
4761
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
4742
|
-
# mode</a> </i>, you
|
4743
|
-
# only verified phone numbers. After testing in the sandbox
|
4744
|
-
# you can move out of the SMS sandbox and into production.
|
4745
|
-
# information, see [ SMS message settings for Cognito
|
4746
|
-
# the *Amazon Cognito Developer Guide*.
|
4762
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
4763
|
+
# only to verified phone numbers. After testing in the sandbox
|
4764
|
+
# environment, you can move out of the SMS sandbox and into production.
|
4765
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
4766
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
4747
4767
|
#
|
4748
4768
|
# </note>
|
4749
4769
|
#
|
@@ -4753,17 +4773,17 @@ module Aws::CognitoIdentityProvider
|
|
4753
4773
|
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
|
4754
4774
|
#
|
4755
4775
|
# @option params [required, String] :auth_flow
|
4756
|
-
# The authentication flow for this call to
|
4776
|
+
# The authentication flow for this call to run. The API action will
|
4757
4777
|
# depend on this value. For example:
|
4758
4778
|
#
|
4759
|
-
# * `REFRESH_TOKEN_AUTH`
|
4760
|
-
#
|
4779
|
+
# * `REFRESH_TOKEN_AUTH` takes in a valid refresh token and returns new
|
4780
|
+
# tokens.
|
4761
4781
|
#
|
4762
|
-
# * `USER_SRP_AUTH`
|
4763
|
-
#
|
4782
|
+
# * `USER_SRP_AUTH` takes in `USERNAME` and `SRP_A` and returns the SRP
|
4783
|
+
# variables to be used for next challenge execution.
|
4764
4784
|
#
|
4765
|
-
# * `USER_PASSWORD_AUTH`
|
4766
|
-
#
|
4785
|
+
# * `USER_PASSWORD_AUTH` takes in `USERNAME` and `PASSWORD` and returns
|
4786
|
+
# the next challenge or tokens.
|
4767
4787
|
#
|
4768
4788
|
# Valid values include:
|
4769
4789
|
#
|
@@ -4778,19 +4798,14 @@ module Aws::CognitoIdentityProvider
|
|
4778
4798
|
#
|
4779
4799
|
# * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
|
4780
4800
|
# PASSWORD are passed directly. If a user migration Lambda trigger is
|
4781
|
-
# set, this flow will invoke the user migration Lambda if
|
4782
|
-
#
|
4783
|
-
#
|
4784
|
-
# * `ADMIN_USER_PASSWORD_AUTH`\: Admin-based user password
|
4785
|
-
# authentication. This replaces the `ADMIN_NO_SRP_AUTH` authentication
|
4786
|
-
# flow. In this flow, Cognito receives the password in the request
|
4787
|
-
# instead of using the SRP process to verify passwords.
|
4801
|
+
# set, this flow will invoke the user migration Lambda if it doesn't
|
4802
|
+
# find the USERNAME in the user pool.
|
4788
4803
|
#
|
4789
|
-
# `ADMIN_NO_SRP_AUTH`
|
4804
|
+
# `ADMIN_NO_SRP_AUTH` isn't a valid value.
|
4790
4805
|
#
|
4791
4806
|
# @option params [Hash<String,String>] :auth_parameters
|
4792
4807
|
# The authentication parameters. These are inputs corresponding to the
|
4793
|
-
# `AuthFlow` that you
|
4808
|
+
# `AuthFlow` that you're invoking. The required values depend on the
|
4794
4809
|
# value of `AuthFlow`\:
|
4795
4810
|
#
|
4796
4811
|
# * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
|
@@ -4831,7 +4846,7 @@ module Aws::CognitoIdentityProvider
|
|
4831
4846
|
# needs.
|
4832
4847
|
#
|
4833
4848
|
# When you use the InitiateAuth API action, Amazon Cognito also invokes
|
4834
|
-
# the functions for the following triggers, but it
|
4849
|
+
# the functions for the following triggers, but it doesn't provide the
|
4835
4850
|
# ClientMetadata value as input:
|
4836
4851
|
#
|
4837
4852
|
# * Post authentication
|
@@ -4849,19 +4864,18 @@ module Aws::CognitoIdentityProvider
|
|
4849
4864
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
4850
4865
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
4851
4866
|
#
|
4852
|
-
# <note markdown="1">
|
4853
|
-
#
|
4867
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
4868
|
+
# Cognito won't do the following:
|
4854
4869
|
#
|
4855
|
-
# *
|
4856
|
-
#
|
4857
|
-
#
|
4858
|
-
#
|
4859
|
-
# purpose.
|
4870
|
+
# * Store the ClientMetadata value. This data is available only to
|
4871
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
4872
|
+
# workflows. If your user pool configuration doesn't include
|
4873
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
4860
4874
|
#
|
4861
|
-
# *
|
4875
|
+
# * Validate the ClientMetadata value.
|
4862
4876
|
#
|
4863
|
-
# *
|
4864
|
-
#
|
4877
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
4878
|
+
# provide sensitive information.
|
4865
4879
|
#
|
4866
4880
|
# </note>
|
4867
4881
|
#
|
@@ -5253,7 +5267,7 @@ module Aws::CognitoIdentityProvider
|
|
5253
5267
|
req.send_request(options)
|
5254
5268
|
end
|
5255
5269
|
|
5256
|
-
# Lists the user pools associated with an account.
|
5270
|
+
# Lists the user pools associated with an Amazon Web Services account.
|
5257
5271
|
#
|
5258
5272
|
# @option params [String] :next_token
|
5259
5273
|
# An identifier that was returned from the previous call to this
|
@@ -5373,16 +5387,32 @@ module Aws::CognitoIdentityProvider
|
|
5373
5387
|
#
|
5374
5388
|
# * `sub`
|
5375
5389
|
#
|
5376
|
-
# Custom attributes
|
5390
|
+
# Custom attributes aren't searchable.
|
5391
|
+
#
|
5392
|
+
# <note markdown="1"> You can also list users with a client-side filter. The server-side
|
5393
|
+
# filter matches no more than 1 attribute. For an advanced search, use a
|
5394
|
+
# client-side filter with the `--query` parameter of the `list-users`
|
5395
|
+
# action in the CLI. When you use a client-side filter, ListUsers
|
5396
|
+
# returns a paginated list of zero or more users. You can receive
|
5397
|
+
# multiple pages in a row with zero results. Repeat the query with each
|
5398
|
+
# pagination token that is returned until you receive a null pagination
|
5399
|
+
# token value, and then review the combined result.
|
5400
|
+
#
|
5401
|
+
# For more information about server-side and client-side filtering, see
|
5402
|
+
# [FilteringCLI output][1] in the [Command Line Interface User
|
5403
|
+
# Guide][1].
|
5404
|
+
#
|
5405
|
+
# </note>
|
5377
5406
|
#
|
5378
5407
|
# For more information, see [Searching for Users Using the ListUsers
|
5379
|
-
# API][
|
5408
|
+
# API][2] and [Examples of Using the ListUsers API][3] in the *Amazon
|
5380
5409
|
# Cognito Developer Guide*.
|
5381
5410
|
#
|
5382
5411
|
#
|
5383
5412
|
#
|
5384
|
-
# [1]: https://docs.aws.amazon.com/
|
5385
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api
|
5413
|
+
# [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html
|
5414
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
|
5415
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
|
5386
5416
|
#
|
5387
5417
|
# @return [Types::ListUsersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5388
5418
|
#
|
@@ -5489,23 +5519,23 @@ module Aws::CognitoIdentityProvider
|
|
5489
5519
|
# specific user in the user pool.
|
5490
5520
|
#
|
5491
5521
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
5492
|
-
#
|
5522
|
+
# US telecom carriers require you to register an origination phone
|
5493
5523
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
5494
5524
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
5495
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
5496
|
-
# number automatically. Otherwise, Cognito users that
|
5497
|
-
# messages might be unable to sign up, activate their
|
5498
|
-
# in.
|
5525
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
5526
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
5527
|
+
# must receive SMS messages might be unable to sign up, activate their
|
5528
|
+
# accounts, or sign in.
|
5499
5529
|
#
|
5500
5530
|
# If you have never used SMS text messages with Amazon Cognito or any
|
5501
|
-
# other Amazon Web Service, Amazon
|
5502
|
-
# sandbox. In <i> <a
|
5531
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
5532
|
+
# place your account in SMS sandbox. In <i> <a
|
5503
5533
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
5504
|
-
# mode</a> </i>, you
|
5505
|
-
# only verified phone numbers. After testing in the sandbox
|
5506
|
-
# you can move out of the SMS sandbox and into production.
|
5507
|
-
# information, see [ SMS message settings for Cognito
|
5508
|
-
# the *Amazon Cognito Developer Guide*.
|
5534
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
5535
|
+
# only to verified phone numbers. After testing in the sandbox
|
5536
|
+
# environment, you can move out of the SMS sandbox and into production.
|
5537
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
5538
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
5509
5539
|
#
|
5510
5540
|
# </note>
|
5511
5541
|
#
|
@@ -5528,8 +5558,8 @@ module Aws::CognitoIdentityProvider
|
|
5528
5558
|
# Cognito advanced security.
|
5529
5559
|
#
|
5530
5560
|
# @option params [required, String] :username
|
5531
|
-
# The
|
5532
|
-
# code.
|
5561
|
+
# The `username` attribute of the user to whom you want to resend a
|
5562
|
+
# confirmation code.
|
5533
5563
|
#
|
5534
5564
|
# @option params [Types::AnalyticsMetadataType] :analytics_metadata
|
5535
5565
|
# The Amazon Pinpoint analytics metadata for collecting metrics for
|
@@ -5553,19 +5583,18 @@ module Aws::CognitoIdentityProvider
|
|
5553
5583
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
5554
5584
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
5555
5585
|
#
|
5556
|
-
# <note markdown="1">
|
5557
|
-
#
|
5586
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
5587
|
+
# Cognito won't do the following:
|
5558
5588
|
#
|
5559
|
-
# *
|
5560
|
-
#
|
5561
|
-
#
|
5562
|
-
#
|
5563
|
-
# purpose.
|
5589
|
+
# * Store the ClientMetadata value. This data is available only to
|
5590
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
5591
|
+
# workflows. If your user pool configuration doesn't include
|
5592
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
5564
5593
|
#
|
5565
|
-
# *
|
5594
|
+
# * Validate the ClientMetadata value.
|
5566
5595
|
#
|
5567
|
-
# *
|
5568
|
-
#
|
5596
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
5597
|
+
# provide sensitive information.
|
5569
5598
|
#
|
5570
5599
|
# </note>
|
5571
5600
|
#
|
@@ -5612,23 +5641,23 @@ module Aws::CognitoIdentityProvider
|
|
5612
5641
|
# Responds to the authentication challenge.
|
5613
5642
|
#
|
5614
5643
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
5615
|
-
#
|
5644
|
+
# US telecom carriers require you to register an origination phone
|
5616
5645
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
5617
5646
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
5618
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
5619
|
-
# number automatically. Otherwise, Cognito users that
|
5620
|
-
# messages might be unable to sign up, activate their
|
5621
|
-
# in.
|
5647
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
5648
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
5649
|
+
# must receive SMS messages might be unable to sign up, activate their
|
5650
|
+
# accounts, or sign in.
|
5622
5651
|
#
|
5623
5652
|
# If you have never used SMS text messages with Amazon Cognito or any
|
5624
|
-
# other Amazon Web Service, Amazon
|
5625
|
-
# sandbox. In <i> <a
|
5653
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
5654
|
+
# place your account in SMS sandbox. In <i> <a
|
5626
5655
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
5627
|
-
# mode</a> </i>, you
|
5628
|
-
# only verified phone numbers. After testing in the sandbox
|
5629
|
-
# you can move out of the SMS sandbox and into production.
|
5630
|
-
# information, see [ SMS message settings for Cognito
|
5631
|
-
# the *Amazon Cognito Developer Guide*.
|
5656
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
5657
|
+
# only to verified phone numbers. After testing in the sandbox
|
5658
|
+
# environment, you can move out of the SMS sandbox and into production.
|
5659
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
5660
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
5632
5661
|
#
|
5633
5662
|
# </note>
|
5634
5663
|
#
|
@@ -5643,26 +5672,25 @@ module Aws::CognitoIdentityProvider
|
|
5643
5672
|
# @option params [required, String] :challenge_name
|
5644
5673
|
# The challenge name. For more information, see [InitiateAuth][1].
|
5645
5674
|
#
|
5646
|
-
# `ADMIN_NO_SRP_AUTH`
|
5675
|
+
# `ADMIN_NO_SRP_AUTH` isn't a valid value.
|
5647
5676
|
#
|
5648
5677
|
#
|
5649
5678
|
#
|
5650
5679
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
|
5651
5680
|
#
|
5652
5681
|
# @option params [String] :session
|
5653
|
-
# The session
|
5682
|
+
# The session that should be passed both ways in challenge-response
|
5654
5683
|
# calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
|
5655
|
-
# API call determines that the caller
|
5656
|
-
#
|
5657
|
-
#
|
5658
|
-
# API call.
|
5684
|
+
# API call determines that the caller must pass another challenge, they
|
5685
|
+
# return a session with other challenge parameters. This session should
|
5686
|
+
# be passed as it is to the next `RespondToAuthChallenge` API call.
|
5659
5687
|
#
|
5660
5688
|
# @option params [Hash<String,String>] :challenge_responses
|
5661
5689
|
# The challenge responses. These are inputs corresponding to the value
|
5662
5690
|
# of `ChallengeName`, for example:
|
5663
5691
|
#
|
5664
5692
|
# <note markdown="1"> `SECRET_HASH` (if app client is configured with client secret) applies
|
5665
|
-
# to all inputs
|
5693
|
+
# to all of the inputs that follow (including `SOFTWARE_TOKEN_MFA`).
|
5666
5694
|
#
|
5667
5695
|
# </note>
|
5668
5696
|
#
|
@@ -5671,6 +5699,11 @@ module Aws::CognitoIdentityProvider
|
|
5671
5699
|
# * `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
|
5672
5700
|
# `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`.
|
5673
5701
|
#
|
5702
|
+
# <note markdown="1"> `PASSWORD_VERIFIER` requires `DEVICE_KEY` when signing in with a
|
5703
|
+
# remembered device.
|
5704
|
+
#
|
5705
|
+
# </note>
|
5706
|
+
#
|
5674
5707
|
# * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
|
5675
5708
|
# attributes, `USERNAME`.
|
5676
5709
|
#
|
@@ -5681,10 +5714,10 @@ module Aws::CognitoIdentityProvider
|
|
5681
5714
|
# `SECRET_HASH`).
|
5682
5715
|
#
|
5683
5716
|
# * `DEVICE_PASSWORD_VERIFIER` requires everything that
|
5684
|
-
# `PASSWORD_VERIFIER` requires plus `DEVICE_KEY`.
|
5717
|
+
# `PASSWORD_VERIFIER` requires, plus `DEVICE_KEY`.
|
5685
5718
|
#
|
5686
|
-
# * `MFA_SETUP` requires `USERNAME`, plus you
|
5687
|
-
#
|
5719
|
+
# * `MFA_SETUP` requires `USERNAME`, plus you must use the session value
|
5720
|
+
# returned by `VerifySoftwareToken` in the `Session` parameter.
|
5688
5721
|
#
|
5689
5722
|
# @option params [Types::AnalyticsMetadataType] :analytics_metadata
|
5690
5723
|
# The Amazon Pinpoint analytics metadata for collecting metrics for
|
@@ -5715,19 +5748,18 @@ module Aws::CognitoIdentityProvider
|
|
5715
5748
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
5716
5749
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
5717
5750
|
#
|
5718
|
-
# <note markdown="1">
|
5719
|
-
#
|
5751
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
5752
|
+
# Cognito won't do the following:
|
5720
5753
|
#
|
5721
|
-
# *
|
5722
|
-
#
|
5723
|
-
#
|
5724
|
-
#
|
5725
|
-
# purpose.
|
5754
|
+
# * Store the ClientMetadata value. This data is available only to
|
5755
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
5756
|
+
# workflows. If your user pool configuration doesn't include
|
5757
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
5726
5758
|
#
|
5727
|
-
# *
|
5759
|
+
# * Validate the ClientMetadata value.
|
5728
5760
|
#
|
5729
|
-
# *
|
5730
|
-
#
|
5761
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
5762
|
+
# provide sensitive information.
|
5731
5763
|
#
|
5732
5764
|
# </note>
|
5733
5765
|
#
|
@@ -5786,11 +5818,11 @@ module Aws::CognitoIdentityProvider
|
|
5786
5818
|
end
|
5787
5819
|
|
5788
5820
|
# Revokes all of the access tokens generated by the specified refresh
|
5789
|
-
# token. After the token is revoked, you can
|
5790
|
-
#
|
5821
|
+
# token. After the token is revoked, you can't use the revoked token to
|
5822
|
+
# access Amazon Cognito authenticated APIs.
|
5791
5823
|
#
|
5792
5824
|
# @option params [required, String] :token
|
5793
|
-
# The token that you want to revoke.
|
5825
|
+
# The refresh token that you want to revoke.
|
5794
5826
|
#
|
5795
5827
|
# @option params [required, String] :client_id
|
5796
5828
|
# The client ID for the token that you want to revoke.
|
@@ -5822,7 +5854,7 @@ module Aws::CognitoIdentityProvider
|
|
5822
5854
|
# for `UserPoolId` or `ClientId`, pass null values for all four
|
5823
5855
|
# configuration types.
|
5824
5856
|
#
|
5825
|
-
# To
|
5857
|
+
# To activate Amazon Cognito advanced security features, update the user
|
5826
5858
|
# pool to include the `UserPoolAddOns` key`AdvancedSecurityMode`.
|
5827
5859
|
#
|
5828
5860
|
# @option params [required, String] :user_pool_id
|
@@ -5833,8 +5865,8 @@ module Aws::CognitoIdentityProvider
|
|
5833
5865
|
# is mapped to `userPoolId`. When the client ID is null, the same risk
|
5834
5866
|
# configuration is applied to all the clients in the userPool.
|
5835
5867
|
#
|
5836
|
-
# Otherwise, `ClientId` is mapped to the client. When the client ID
|
5837
|
-
#
|
5868
|
+
# Otherwise, `ClientId` is mapped to the client. When the client ID
|
5869
|
+
# isn't null, the user pool configuration is overridden and the risk
|
5838
5870
|
# configuration for the client is used instead.
|
5839
5871
|
#
|
5840
5872
|
# @option params [Types::CompromisedCredentialsRiskConfigurationType] :compromised_credentials_risk_configuration
|
@@ -5943,15 +5975,15 @@ module Aws::CognitoIdentityProvider
|
|
5943
5975
|
req.send_request(options)
|
5944
5976
|
end
|
5945
5977
|
|
5946
|
-
# Sets the UI customization information for a user
|
5947
|
-
# UI.
|
5978
|
+
# Sets the user interface (UI) customization information for a user
|
5979
|
+
# pool's built-in app UI.
|
5948
5980
|
#
|
5949
5981
|
# You can specify app UI customization settings for a single client
|
5950
5982
|
# (with a specific `clientId`) or for all clients (by setting the
|
5951
5983
|
# `clientId` to `ALL`). If you specify `ALL`, the default configuration
|
5952
|
-
#
|
5953
|
-
#
|
5954
|
-
#
|
5984
|
+
# is used for every client that has no previously set UI customization.
|
5985
|
+
# If you specify UI customization settings for a particular client, it
|
5986
|
+
# will no longer return to the `ALL` configuration.
|
5955
5987
|
#
|
5956
5988
|
# <note markdown="1"> To use this API, your user pool must have a domain associated with it.
|
5957
5989
|
# Otherwise, there is no place to host the app's pages, and the service
|
@@ -6004,16 +6036,16 @@ module Aws::CognitoIdentityProvider
|
|
6004
6036
|
end
|
6005
6037
|
|
6006
6038
|
# Set the user's multi-factor authentication (MFA) method preference,
|
6007
|
-
# including which MFA factors are
|
6008
|
-
# one factor can be set as preferred. The preferred MFA factor will
|
6009
|
-
# used to authenticate a user if multiple factors are
|
6010
|
-
# multiple options are
|
6011
|
-
# choose an MFA option will be returned during sign
|
6012
|
-
# is
|
6013
|
-
# sign
|
6014
|
-
# has been trusted. If you
|
6015
|
-
# based on the assessed risk level of sign
|
6016
|
-
# users and turn on Adaptive Authentication for the user pool.
|
6039
|
+
# including which MFA factors are activated and if any are preferred.
|
6040
|
+
# Only one factor can be set as preferred. The preferred MFA factor will
|
6041
|
+
# be used to authenticate a user if multiple factors are activated. If
|
6042
|
+
# multiple options are activated and no preference is set, a challenge
|
6043
|
+
# to choose an MFA option will be returned during sign-in. If an MFA
|
6044
|
+
# type is activated for a user, the user will be prompted for MFA during
|
6045
|
+
# all sign-in attempts unless device tracking is turned on and the
|
6046
|
+
# device has been trusted. If you want MFA to be applied selectively
|
6047
|
+
# based on the assessed risk level of sign-in attempts, deactivate MFA
|
6048
|
+
# for users and turn on Adaptive Authentication for the user pool.
|
6017
6049
|
#
|
6018
6050
|
# @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
|
6019
6051
|
# The SMS text message multi-factor authentication (MFA) settings.
|
@@ -6049,26 +6081,26 @@ module Aws::CognitoIdentityProvider
|
|
6049
6081
|
req.send_request(options)
|
6050
6082
|
end
|
6051
6083
|
|
6052
|
-
#
|
6084
|
+
# Sets the user pool multi-factor authentication (MFA) configuration.
|
6053
6085
|
#
|
6054
6086
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
6055
|
-
#
|
6087
|
+
# US telecom carriers require you to register an origination phone
|
6056
6088
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
6057
6089
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
6058
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
6059
|
-
# number automatically. Otherwise, Cognito users that
|
6060
|
-
# messages might be unable to sign up, activate their
|
6061
|
-
# in.
|
6090
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
6091
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
6092
|
+
# must receive SMS messages might be unable to sign up, activate their
|
6093
|
+
# accounts, or sign in.
|
6062
6094
|
#
|
6063
6095
|
# If you have never used SMS text messages with Amazon Cognito or any
|
6064
|
-
# other Amazon Web Service, Amazon
|
6065
|
-
# sandbox. In <i> <a
|
6096
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
6097
|
+
# place your account in SMS sandbox. In <i> <a
|
6066
6098
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
6067
|
-
# mode</a> </i>, you
|
6068
|
-
# only verified phone numbers. After testing in the sandbox
|
6069
|
-
# you can move out of the SMS sandbox and into production.
|
6070
|
-
# information, see [ SMS message settings for Cognito
|
6071
|
-
# the *Amazon Cognito Developer Guide*.
|
6099
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
6100
|
+
# only to verified phone numbers. After testing in the sandbox
|
6101
|
+
# environment, you can move out of the SMS sandbox and into production.
|
6102
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
6103
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
6072
6104
|
#
|
6073
6105
|
# </note>
|
6074
6106
|
#
|
@@ -6087,18 +6119,18 @@ module Aws::CognitoIdentityProvider
|
|
6087
6119
|
# The software token MFA configuration.
|
6088
6120
|
#
|
6089
6121
|
# @option params [String] :mfa_configuration
|
6090
|
-
# The MFA configuration.
|
6091
|
-
#
|
6092
|
-
#
|
6093
|
-
# Pool](cognito/latest/developerguide/user-pool-settings-mfa.html)
|
6094
|
-
#
|
6122
|
+
# The MFA configuration. If you set the MfaConfiguration value to ‘ON’,
|
6123
|
+
# only users with an MFA factor set up can sign in. To learn more, see
|
6124
|
+
# [Adding Multi-Factor Authentication (MFA) to a User
|
6125
|
+
# Pool](cognito/latest/developerguide/user-pool-settings-mfa.html).
|
6126
|
+
# Valid values include:
|
6095
6127
|
#
|
6096
|
-
# * `OFF` MFA
|
6128
|
+
# * `OFF` MFA won't be used for any users.
|
6097
6129
|
#
|
6098
6130
|
# * `ON` MFA is required for all users to sign in.
|
6099
6131
|
#
|
6100
6132
|
# * `OPTIONAL` MFA will be required only for individual users who have
|
6101
|
-
# an MFA factor
|
6133
|
+
# an MFA factor activated.
|
6102
6134
|
#
|
6103
6135
|
# @return [Types::SetUserPoolMfaConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6104
6136
|
#
|
@@ -6141,8 +6173,9 @@ module Aws::CognitoIdentityProvider
|
|
6141
6173
|
end
|
6142
6174
|
|
6143
6175
|
# *This action is no longer supported.* You can use it to configure only
|
6144
|
-
# SMS MFA. You can't use it to configure
|
6145
|
-
# configure either type of MFA, use
|
6176
|
+
# SMS MFA. You can't use it to configure time-based one-time password
|
6177
|
+
# (TOTP) software token MFA. To configure either type of MFA, use
|
6178
|
+
# [SetUserMFAPreference][1] instead.
|
6146
6179
|
#
|
6147
6180
|
#
|
6148
6181
|
#
|
@@ -6182,23 +6215,23 @@ module Aws::CognitoIdentityProvider
|
|
6182
6215
|
# password, and user attributes.
|
6183
6216
|
#
|
6184
6217
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
6185
|
-
#
|
6218
|
+
# US telecom carriers require you to register an origination phone
|
6186
6219
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
6187
6220
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
6188
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
6189
|
-
# number automatically. Otherwise, Cognito users that
|
6190
|
-
# messages might be unable to sign up, activate their
|
6191
|
-
# in.
|
6221
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
6222
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
6223
|
+
# must receive SMS messages might be unable to sign up, activate their
|
6224
|
+
# accounts, or sign in.
|
6192
6225
|
#
|
6193
6226
|
# If you have never used SMS text messages with Amazon Cognito or any
|
6194
|
-
# other Amazon Web Service, Amazon
|
6195
|
-
# sandbox. In <i> <a
|
6227
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
6228
|
+
# place your account in SMS sandbox. In <i> <a
|
6196
6229
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
6197
|
-
# mode</a> </i>, you
|
6198
|
-
# only verified phone numbers. After testing in the sandbox
|
6199
|
-
# you can move out of the SMS sandbox and into production.
|
6200
|
-
# information, see [ SMS message settings for Cognito
|
6201
|
-
# the *Amazon Cognito Developer Guide*.
|
6230
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
6231
|
+
# only to verified phone numbers. After testing in the sandbox
|
6232
|
+
# environment, you can move out of the SMS sandbox and into production.
|
6233
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
6234
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
6202
6235
|
#
|
6203
6236
|
# </note>
|
6204
6237
|
#
|
@@ -6216,10 +6249,10 @@ module Aws::CognitoIdentityProvider
|
|
6216
6249
|
# the message.
|
6217
6250
|
#
|
6218
6251
|
# @option params [required, String] :username
|
6219
|
-
# The user name of the user you
|
6252
|
+
# The user name of the user you want to register.
|
6220
6253
|
#
|
6221
6254
|
# @option params [required, String] :password
|
6222
|
-
# The password of the user you
|
6255
|
+
# The password of the user you want to register.
|
6223
6256
|
#
|
6224
6257
|
# @option params [Array<Types::AttributeType>] :user_attributes
|
6225
6258
|
# An array of name-value pairs representing user attributes.
|
@@ -6257,19 +6290,18 @@ module Aws::CognitoIdentityProvider
|
|
6257
6290
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
6258
6291
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
6259
6292
|
#
|
6260
|
-
# <note markdown="1">
|
6261
|
-
#
|
6293
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
6294
|
+
# Cognito won't do the following:
|
6262
6295
|
#
|
6263
|
-
# *
|
6264
|
-
#
|
6265
|
-
#
|
6266
|
-
#
|
6267
|
-
# purpose.
|
6296
|
+
# * Store the ClientMetadata value. This data is available only to
|
6297
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
6298
|
+
# workflows. If your user pool configuration doesn't include
|
6299
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
6268
6300
|
#
|
6269
|
-
# *
|
6301
|
+
# * Validate the ClientMetadata value.
|
6270
6302
|
#
|
6271
|
-
# *
|
6272
|
-
#
|
6303
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
6304
|
+
# provide sensitive information.
|
6273
6305
|
#
|
6274
6306
|
# </note>
|
6275
6307
|
#
|
@@ -6428,14 +6460,14 @@ module Aws::CognitoIdentityProvider
|
|
6428
6460
|
# is a general category for more specific values. For example, if you
|
6429
6461
|
# have two versions of a user pool, one for testing and another for
|
6430
6462
|
# production, you might assign an `Environment` tag key to both user
|
6431
|
-
# pools. The value of this key might be `Test` for one user pool and
|
6463
|
+
# pools. The value of this key might be `Test` for one user pool, and
|
6432
6464
|
# `Production` for the other.
|
6433
6465
|
#
|
6434
6466
|
# Tags are useful for cost tracking and access control. You can activate
|
6435
6467
|
# your tags so that they appear on the Billing and Cost Management
|
6436
6468
|
# console, where you can track the costs associated with your user
|
6437
|
-
# pools. In an
|
6438
|
-
# based on specific tags or tag values.
|
6469
|
+
# pools. In an Identity and Access Management policy, you can constrain
|
6470
|
+
# permissions for user pools based on specific tags or tag values.
|
6439
6471
|
#
|
6440
6472
|
# You can use this action up to 5 times per second, per account. A user
|
6441
6473
|
# pool can have as many as 50 tags.
|
@@ -6467,7 +6499,7 @@ module Aws::CognitoIdentityProvider
|
|
6467
6499
|
end
|
6468
6500
|
|
6469
6501
|
# Removes the specified tags from an Amazon Cognito user pool. You can
|
6470
|
-
# use this action up to 5 times per second, per account
|
6502
|
+
# use this action up to 5 times per second, per account.
|
6471
6503
|
#
|
6472
6504
|
# @option params [required, String] :resource_arn
|
6473
6505
|
# The Amazon Resource Name (ARN) of the user pool that the tags are
|
@@ -6494,7 +6526,7 @@ module Aws::CognitoIdentityProvider
|
|
6494
6526
|
req.send_request(options)
|
6495
6527
|
end
|
6496
6528
|
|
6497
|
-
# Provides the feedback for an authentication event whether it was from
|
6529
|
+
# Provides the feedback for an authentication event, whether it was from
|
6498
6530
|
# a valid user or not. This feedback is used for improving the risk
|
6499
6531
|
# evaluation decision for the user pool as part of Amazon Cognito
|
6500
6532
|
# advanced security.
|
@@ -6579,8 +6611,9 @@ module Aws::CognitoIdentityProvider
|
|
6579
6611
|
# A string containing the new description of the group.
|
6580
6612
|
#
|
6581
6613
|
# @option params [String] :role_arn
|
6582
|
-
# The new role ARN for the group. This is used
|
6583
|
-
# `cognito:roles` and `cognito:preferred_role` claims in
|
6614
|
+
# The new role Amazon Resource Name (ARN) for the group. This is used
|
6615
|
+
# for setting the `cognito:roles` and `cognito:preferred_role` claims in
|
6616
|
+
# the token.
|
6584
6617
|
#
|
6585
6618
|
# @option params [Integer] :precedence
|
6586
6619
|
# The new precedence value for the group. For more information about
|
@@ -6685,7 +6718,7 @@ module Aws::CognitoIdentityProvider
|
|
6685
6718
|
# Updates the name and scopes of resource server. All other fields are
|
6686
6719
|
# read-only.
|
6687
6720
|
#
|
6688
|
-
# If you don't provide a value for an attribute, it
|
6721
|
+
# If you don't provide a value for an attribute, it is set to the
|
6689
6722
|
# default value.
|
6690
6723
|
#
|
6691
6724
|
# @option params [required, String] :user_pool_id
|
@@ -6739,23 +6772,23 @@ module Aws::CognitoIdentityProvider
|
|
6739
6772
|
# Allows a user to update a specific attribute (one at a time).
|
6740
6773
|
#
|
6741
6774
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
6742
|
-
#
|
6775
|
+
# US telecom carriers require you to register an origination phone
|
6743
6776
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
6744
6777
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
6745
|
-
# number with [Amazon Pinpoint][1]. Cognito will use the
|
6746
|
-
# number automatically. Otherwise, Cognito users that
|
6747
|
-
# messages might be unable to sign up, activate their
|
6748
|
-
# in.
|
6778
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito will use the
|
6779
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
6780
|
+
# must receive SMS messages might be unable to sign up, activate their
|
6781
|
+
# accounts, or sign in.
|
6749
6782
|
#
|
6750
6783
|
# If you have never used SMS text messages with Amazon Cognito or any
|
6751
|
-
# other Amazon Web Service, Amazon
|
6752
|
-
# sandbox. In <i> <a
|
6784
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
6785
|
+
# place your account in SMS sandbox. In <i> <a
|
6753
6786
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
6754
|
-
# mode</a> </i>, you
|
6755
|
-
# only verified phone numbers. After testing in the sandbox
|
6756
|
-
# you can move out of the SMS sandbox and into production.
|
6757
|
-
# information, see [ SMS message settings for Cognito
|
6758
|
-
# the *Amazon Cognito Developer Guide*.
|
6787
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
6788
|
+
# only to verified phone numbers. After testing in the sandbox
|
6789
|
+
# environment, you can move out of the SMS sandbox and into production.
|
6790
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
6791
|
+
# User Pools][2] in the *Amazon Cognito Developer Guide*.
|
6759
6792
|
#
|
6760
6793
|
# </note>
|
6761
6794
|
#
|
@@ -6775,7 +6808,7 @@ module Aws::CognitoIdentityProvider
|
|
6775
6808
|
#
|
6776
6809
|
# @option params [Hash<String,String>] :client_metadata
|
6777
6810
|
# A map of custom key-value pairs that you can provide as input for any
|
6778
|
-
# custom workflows that this action
|
6811
|
+
# custom workflows that this action initiates.
|
6779
6812
|
#
|
6780
6813
|
# You create custom workflows by assigning Lambda functions to user pool
|
6781
6814
|
# triggers. When you use the UpdateUserAttributes API action, Amazon
|
@@ -6790,19 +6823,18 @@ module Aws::CognitoIdentityProvider
|
|
6790
6823
|
# For more information, see [Customizing User Pool Workflows with Lambda
|
6791
6824
|
# Triggers][1] in the *Amazon Cognito Developer Guide*.
|
6792
6825
|
#
|
6793
|
-
# <note markdown="1">
|
6794
|
-
#
|
6826
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
6827
|
+
# Cognito won't do the following:
|
6795
6828
|
#
|
6796
|
-
# *
|
6797
|
-
#
|
6798
|
-
#
|
6799
|
-
#
|
6800
|
-
# purpose.
|
6829
|
+
# * Store the ClientMetadata value. This data is available only to
|
6830
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
6831
|
+
# workflows. If your user pool configuration doesn't include
|
6832
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
6801
6833
|
#
|
6802
|
-
# *
|
6834
|
+
# * Validate the ClientMetadata value.
|
6803
6835
|
#
|
6804
|
-
# *
|
6805
|
-
#
|
6836
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
6837
|
+
# provide sensitive information.
|
6806
6838
|
#
|
6807
6839
|
# </note>
|
6808
6840
|
#
|
@@ -6851,23 +6883,23 @@ module Aws::CognitoIdentityProvider
|
|
6851
6883
|
# it will be set to the default value.
|
6852
6884
|
#
|
6853
6885
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
6854
|
-
#
|
6886
|
+
# US telecom carriers require you to register an origination phone
|
6855
6887
|
# number before you can send SMS messages to U.S. phone numbers. If you
|
6856
6888
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
6857
|
-
# number with [Amazon Pinpoint][2]. Cognito will use the
|
6858
|
-
# number automatically. Otherwise, Cognito users that
|
6859
|
-
# messages might be unable to sign up, activate their
|
6860
|
-
# in.
|
6889
|
+
# number with [Amazon Pinpoint][2]. Amazon Cognito will use the
|
6890
|
+
# registered number automatically. Otherwise, Amazon Cognito users that
|
6891
|
+
# must receive SMS messages might be unable to sign up, activate their
|
6892
|
+
# accounts, or sign in.
|
6861
6893
|
#
|
6862
6894
|
# If you have never used SMS text messages with Amazon Cognito or any
|
6863
|
-
# other Amazon Web Service, Amazon
|
6864
|
-
# sandbox. In <i> <a
|
6895
|
+
# other Amazon Web Service, Amazon Simple Notification Service might
|
6896
|
+
# place your account in SMS sandbox. In <i> <a
|
6865
6897
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
6866
|
-
# mode</a> </i>, you
|
6867
|
-
# only verified phone numbers. After testing in the sandbox
|
6868
|
-
# you can move out of the SMS sandbox and into production.
|
6869
|
-
# information, see [ SMS message settings for Cognito
|
6870
|
-
# the *Amazon Cognito Developer Guide*.
|
6898
|
+
# mode</a> </i>, you will have limitations, such as sending messages
|
6899
|
+
# only to verified phone numbers. After testing in the sandbox
|
6900
|
+
# environment, you can move out of the SMS sandbox and into production.
|
6901
|
+
# For more information, see [ SMS message settings for Amazon Cognito
|
6902
|
+
# User Pools][3] in the *Amazon Cognito Developer Guide*.
|
6871
6903
|
#
|
6872
6904
|
# </note>
|
6873
6905
|
#
|
@@ -6881,15 +6913,15 @@ module Aws::CognitoIdentityProvider
|
|
6881
6913
|
# The user pool ID for the user pool you want to update.
|
6882
6914
|
#
|
6883
6915
|
# @option params [Types::UserPoolPolicyType] :policies
|
6884
|
-
# A container with the policies you
|
6916
|
+
# A container with the policies you want to update in a user pool.
|
6885
6917
|
#
|
6886
6918
|
# @option params [Types::LambdaConfigType] :lambda_config
|
6887
6919
|
# The Lambda configuration information from the request to update the
|
6888
6920
|
# user pool.
|
6889
6921
|
#
|
6890
6922
|
# @option params [Array<String>] :auto_verified_attributes
|
6891
|
-
# The attributes that are automatically verified when
|
6892
|
-
#
|
6923
|
+
# The attributes that are automatically verified when Amazon Cognito
|
6924
|
+
# requests to update user pools.
|
6893
6925
|
#
|
6894
6926
|
# @option params [String] :sms_verification_message
|
6895
6927
|
# A container with information about the SMS verification message.
|
@@ -6909,11 +6941,11 @@ module Aws::CognitoIdentityProvider
|
|
6909
6941
|
# @option params [String] :mfa_configuration
|
6910
6942
|
# Can be one of the following values:
|
6911
6943
|
#
|
6912
|
-
# * `OFF` - MFA tokens
|
6944
|
+
# * `OFF` - MFA tokens aren't required and can't be specified during
|
6913
6945
|
# user registration.
|
6914
6946
|
#
|
6915
6947
|
# * `ON` - MFA tokens are required for all user registrations. You can
|
6916
|
-
# only specify ON when you
|
6948
|
+
# only specify ON when you're initially creating a user pool. You can
|
6917
6949
|
# use the [SetUserPoolMfaConfig][1] API operation to turn MFA "ON"
|
6918
6950
|
# for existing user pools.
|
6919
6951
|
#
|
@@ -6942,17 +6974,18 @@ module Aws::CognitoIdentityProvider
|
|
6942
6974
|
# The configuration for `AdminCreateUser` requests.
|
6943
6975
|
#
|
6944
6976
|
# @option params [Types::UserPoolAddOnsType] :user_pool_add_ons
|
6945
|
-
#
|
6977
|
+
# Enables advanced security risk detection. Set the key
|
6946
6978
|
# `AdvancedSecurityMode` to the value "AUDIT".
|
6947
6979
|
#
|
6948
6980
|
# @option params [Types::AccountRecoverySettingType] :account_recovery_setting
|
6949
|
-
#
|
6950
|
-
#
|
6951
|
-
#
|
6952
|
-
#
|
6953
|
-
#
|
6954
|
-
# the absence of this setting, Cognito uses the
|
6955
|
-
# determine the recovery method where SMS is
|
6981
|
+
# The available verified method a user can use to recover their password
|
6982
|
+
# when they call `ForgotPassword`. You can use this setting to define a
|
6983
|
+
# preferred method when a user has more than one method available. With
|
6984
|
+
# this setting, SMS doesn't qualify for a valid password recovery
|
6985
|
+
# mechanism if the user also has SMS multi-factor authentication (MFA)
|
6986
|
+
# activated. In the absence of this setting, Amazon Cognito uses the
|
6987
|
+
# legacy behavior to determine the recovery method where SMS is
|
6988
|
+
# preferred through email.
|
6956
6989
|
#
|
6957
6990
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
6958
6991
|
#
|
@@ -7082,19 +7115,19 @@ module Aws::CognitoIdentityProvider
|
|
7082
7115
|
#
|
7083
7116
|
# @option params [Integer] :refresh_token_validity
|
7084
7117
|
# The time limit, in days, after which the refresh token is no longer
|
7085
|
-
# valid and
|
7118
|
+
# valid and can't be used.
|
7086
7119
|
#
|
7087
7120
|
# @option params [Integer] :access_token_validity
|
7088
|
-
# The time limit
|
7089
|
-
#
|
7121
|
+
# The time limit after which the access token is no longer valid and
|
7122
|
+
# can't be used.
|
7090
7123
|
#
|
7091
7124
|
# @option params [Integer] :id_token_validity
|
7092
|
-
# The time limit
|
7125
|
+
# The time limit after which the ID token is no longer valid and can't
|
7093
7126
|
# be used.
|
7094
7127
|
#
|
7095
7128
|
# @option params [Types::TokenValidityUnitsType] :token_validity_units
|
7096
|
-
# The units in which the validity times are represented
|
7097
|
-
# RefreshToken is days, and default for ID and access tokens
|
7129
|
+
# The units in which the validity times are represented. Default for
|
7130
|
+
# RefreshToken is days, and default for ID and access tokens is hours.
|
7098
7131
|
#
|
7099
7132
|
# @option params [Array<String>] :read_attributes
|
7100
7133
|
# The read-only attributes of the user pool.
|
@@ -7104,26 +7137,27 @@ module Aws::CognitoIdentityProvider
|
|
7104
7137
|
#
|
7105
7138
|
# @option params [Array<String>] :explicit_auth_flows
|
7106
7139
|
# The authentication flows that are supported by the user pool clients.
|
7107
|
-
# Flow names without the `ALLOW_` prefix are
|
7108
|
-
# names with the `ALLOW_` prefix. Note that values with
|
7109
|
-
#
|
7140
|
+
# Flow names without the `ALLOW_` prefix are no longer supported in
|
7141
|
+
# favor of new names with the `ALLOW_` prefix. Note that values with
|
7142
|
+
# `ALLOW_` prefix must be used only along with values with the `ALLOW_`
|
7143
|
+
# prefix.
|
7110
7144
|
#
|
7111
7145
|
# Valid values include:
|
7112
7146
|
#
|
7113
7147
|
# * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
|
7114
7148
|
# authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
|
7115
7149
|
# replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
|
7116
|
-
# flow, Cognito receives the password in the request instead of
|
7117
|
-
# the
|
7118
|
-
# passwords.
|
7150
|
+
# flow, Amazon Cognito receives the password in the request instead of
|
7151
|
+
# using the Secure Remote Password (SRP) protocol to verify passwords.
|
7119
7152
|
#
|
7120
7153
|
# * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
|
7121
7154
|
#
|
7122
7155
|
# * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
|
7123
|
-
# authentication. In this flow, Cognito receives the password
|
7124
|
-
# request instead of using the SRP protocol to verify
|
7156
|
+
# authentication. In this flow, Amazon Cognito receives the password
|
7157
|
+
# in the request instead of using the SRP protocol to verify
|
7158
|
+
# passwords.
|
7125
7159
|
#
|
7126
|
-
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP
|
7160
|
+
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
|
7127
7161
|
#
|
7128
7162
|
# * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
|
7129
7163
|
#
|
@@ -7147,7 +7181,7 @@ module Aws::CognitoIdentityProvider
|
|
7147
7181
|
# Amazon Cognito requires HTTPS over HTTP except for http://localhost
|
7148
7182
|
# for testing purposes only.
|
7149
7183
|
#
|
7150
|
-
# App callback URLs such as myapp://example are also supported.
|
7184
|
+
# App callback URLs such as `myapp://example` are also supported.
|
7151
7185
|
#
|
7152
7186
|
#
|
7153
7187
|
#
|
@@ -7169,10 +7203,10 @@ module Aws::CognitoIdentityProvider
|
|
7169
7203
|
#
|
7170
7204
|
# See [OAuth 2.0 - Redirection Endpoint][1].
|
7171
7205
|
#
|
7172
|
-
# Amazon Cognito requires HTTPS over HTTP except for http://localhost
|
7206
|
+
# Amazon Cognito requires HTTPS over HTTP except for `http://localhost`
|
7173
7207
|
# for testing purposes only.
|
7174
7208
|
#
|
7175
|
-
# App callback URLs such as myapp://example are also supported.
|
7209
|
+
# App callback URLs such as `myapp://example` are also supported.
|
7176
7210
|
#
|
7177
7211
|
#
|
7178
7212
|
#
|
@@ -7200,45 +7234,39 @@ module Aws::CognitoIdentityProvider
|
|
7200
7234
|
#
|
7201
7235
|
# @option params [Boolean] :allowed_o_auth_flows_user_pool_client
|
7202
7236
|
# Set to true if the client is allowed to follow the OAuth protocol when
|
7203
|
-
# interacting with Cognito user pools.
|
7237
|
+
# interacting with Amazon Cognito user pools.
|
7204
7238
|
#
|
7205
7239
|
# @option params [Types::AnalyticsConfigurationType] :analytics_configuration
|
7206
7240
|
# The Amazon Pinpoint analytics configuration for collecting metrics for
|
7207
7241
|
# this user pool.
|
7208
7242
|
#
|
7209
|
-
# <note markdown="1"> In
|
7243
|
+
# <note markdown="1"> In Amazon Web Services Regions where isn't available, User Pools only
|
7210
7244
|
# supports sending events to Amazon Pinpoint projects in us-east-1. In
|
7211
|
-
#
|
7212
|
-
#
|
7245
|
+
# Regions where Pinpoint is available, User Pools will support sending
|
7246
|
+
# events to Amazon Pinpoint projects within that same Region.
|
7213
7247
|
#
|
7214
7248
|
# </note>
|
7215
7249
|
#
|
7216
7250
|
# @option params [String] :prevent_user_existence_errors
|
7217
|
-
#
|
7218
|
-
#
|
7219
|
-
#
|
7220
|
-
#
|
7221
|
-
# indicating either the username or password was incorrect
|
7251
|
+
# Errors and responses that you want Amazon Cognito APIs to return
|
7252
|
+
# during authentication, account confirmation, and password recovery
|
7253
|
+
# when the user doesn't exist in the user pool. When set to `ENABLED`
|
7254
|
+
# and the user doesn't exist, authentication returns an error
|
7255
|
+
# indicating either the username or password was incorrect. Account
|
7222
7256
|
# confirmation and password recovery return a response indicating a code
|
7223
7257
|
# was sent to a simulated destination. When set to `LEGACY`, those APIs
|
7224
|
-
#
|
7225
|
-
#
|
7258
|
+
# return a `UserNotFoundException` exception if the user doesn't exist
|
7259
|
+
# in the user pool.
|
7226
7260
|
#
|
7227
7261
|
# Valid values include:
|
7228
7262
|
#
|
7229
7263
|
# * `ENABLED` - This prevents user existence-related errors.
|
7230
7264
|
#
|
7231
|
-
# * `LEGACY` - This represents the
|
7232
|
-
# existence related errors
|
7233
|
-
#
|
7234
|
-
# <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
|
7235
|
-
# will default to `ENABLED` for newly created user pool clients if no
|
7236
|
-
# value is provided.
|
7237
|
-
#
|
7238
|
-
# </note>
|
7265
|
+
# * `LEGACY` - This represents the early behavior of Amazon Cognito
|
7266
|
+
# where user existence related errors aren't prevented.
|
7239
7267
|
#
|
7240
7268
|
# @option params [Boolean] :enable_token_revocation
|
7241
|
-
#
|
7269
|
+
# Activates or deactivates token revocation. For more information about
|
7242
7270
|
# revoking tokens, see [RevokeToken][1].
|
7243
7271
|
#
|
7244
7272
|
#
|
@@ -7337,7 +7365,7 @@ module Aws::CognitoIdentityProvider
|
|
7337
7365
|
# domain for your user pool.
|
7338
7366
|
#
|
7339
7367
|
# You can use this operation to provide the Amazon Resource Name (ARN)
|
7340
|
-
# of a new certificate to Amazon Cognito. You
|
7368
|
+
# of a new certificate to Amazon Cognito. You can't use it to change
|
7341
7369
|
# the domain for a user pool.
|
7342
7370
|
#
|
7343
7371
|
# A custom domain is used to host the Amazon Cognito hosted UI, which
|
@@ -7356,7 +7384,7 @@ module Aws::CognitoIdentityProvider
|
|
7356
7384
|
# your custom domain, you must provide this ARN to Amazon Cognito.
|
7357
7385
|
#
|
7358
7386
|
# When you add your new certificate in ACM, you must choose US East (N.
|
7359
|
-
# Virginia) as the Region.
|
7387
|
+
# Virginia) as the Amazon Web Services Region.
|
7360
7388
|
#
|
7361
7389
|
# After you submit your request, Amazon Cognito requires up to 1 hour to
|
7362
7390
|
# distribute your new certificate to your custom domain.
|
@@ -7370,15 +7398,16 @@ module Aws::CognitoIdentityProvider
|
|
7370
7398
|
#
|
7371
7399
|
# @option params [required, String] :domain
|
7372
7400
|
# The domain name for the custom domain that hosts the sign-up and
|
7373
|
-
# sign-in pages for your application.
|
7401
|
+
# sign-in pages for your application. One example might be
|
7402
|
+
# `auth.example.com`.
|
7374
7403
|
#
|
7375
7404
|
# This string can include only lowercase letters, numbers, and hyphens.
|
7376
|
-
#
|
7405
|
+
# Don't use a hyphen for the first or last character. Use periods to
|
7377
7406
|
# separate subdomain names.
|
7378
7407
|
#
|
7379
7408
|
# @option params [required, String] :user_pool_id
|
7380
|
-
# The ID of the user pool that is associated with the custom domain
|
7381
|
-
# you
|
7409
|
+
# The ID of the user pool that is associated with the custom domain
|
7410
|
+
# whose certificate you're updating.
|
7382
7411
|
#
|
7383
7412
|
# @option params [required, Types::CustomDomainConfigType] :custom_domain_config
|
7384
7413
|
# The configuration for a custom domain that hosts the sign-up and
|
@@ -7412,20 +7441,21 @@ module Aws::CognitoIdentityProvider
|
|
7412
7441
|
req.send_request(options)
|
7413
7442
|
end
|
7414
7443
|
|
7415
|
-
# Use this API to register a user's entered
|
7416
|
-
# user's software token MFA status as
|
7417
|
-
# request takes an access token or a
|
7444
|
+
# Use this API to register a user's entered time-based one-time
|
7445
|
+
# password (TOTP) code and mark the user's software token MFA status as
|
7446
|
+
# "verified" if successful. The request takes an access token or a
|
7447
|
+
# session string, but not both.
|
7418
7448
|
#
|
7419
7449
|
# @option params [String] :access_token
|
7420
7450
|
# The access token.
|
7421
7451
|
#
|
7422
7452
|
# @option params [String] :session
|
7423
|
-
# The session
|
7453
|
+
# The session that should be passed both ways in challenge-response
|
7424
7454
|
# calls to the service.
|
7425
7455
|
#
|
7426
7456
|
# @option params [required, String] :user_code
|
7427
|
-
# The one time password computed using the secret code returned by
|
7428
|
-
# [AssociateSoftwareToken
|
7457
|
+
# The one- time password computed using the secret code returned by
|
7458
|
+
# [AssociateSoftwareToken][1].
|
7429
7459
|
#
|
7430
7460
|
#
|
7431
7461
|
#
|
@@ -7465,7 +7495,7 @@ module Aws::CognitoIdentityProvider
|
|
7465
7495
|
# Verifies the specified user attributes in the user pool.
|
7466
7496
|
#
|
7467
7497
|
# @option params [required, String] :access_token
|
7468
|
-
#
|
7498
|
+
# The access token of the request to verify user attributes.
|
7469
7499
|
#
|
7470
7500
|
# @option params [required, String] :attribute_name
|
7471
7501
|
# The attribute name in the request to verify user attributes.
|
@@ -7505,7 +7535,7 @@ module Aws::CognitoIdentityProvider
|
|
7505
7535
|
params: params,
|
7506
7536
|
config: config)
|
7507
7537
|
context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
|
7508
|
-
context[:gem_version] = '1.
|
7538
|
+
context[:gem_version] = '1.62.0'
|
7509
7539
|
Seahorse::Client::Request.new(handlers, context)
|
7510
7540
|
end
|
7511
7541
|
|