aws-sdk-cognitoidentityprovider 1.58.0 → 1.62.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
27
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
28
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
29
  require 'aws-sdk-core/plugins/http_checksum.rb'
30
+ require 'aws-sdk-core/plugins/defaults_mode.rb'
30
31
  require 'aws-sdk-core/plugins/signature_v4.rb'
31
32
  require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
32
33
 
@@ -73,6 +74,7 @@ module Aws::CognitoIdentityProvider
73
74
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
74
75
  add_plugin(Aws::Plugins::TransferEncoding)
75
76
  add_plugin(Aws::Plugins::HttpChecksum)
77
+ add_plugin(Aws::Plugins::DefaultsMode)
76
78
  add_plugin(Aws::Plugins::SignatureV4)
77
79
  add_plugin(Aws::Plugins::Protocols::JsonRpc)
78
80
 
@@ -119,7 +121,9 @@ module Aws::CognitoIdentityProvider
119
121
  # * EC2/ECS IMDS instance profile - When used by default, the timeouts
120
122
  # are very aggressive. Construct and pass an instance of
121
123
  # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
122
- # enable retries and extended timeouts.
124
+ # enable retries and extended timeouts. Instance profile credential
125
+ # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
126
+ # to true.
123
127
  #
124
128
  # @option options [required, String] :region
125
129
  # The AWS region to connect to. The configured `:region` is
@@ -173,6 +177,10 @@ module Aws::CognitoIdentityProvider
173
177
  # Used only in `standard` and adaptive retry modes. Specifies whether to apply
174
178
  # a clock skew correction and retry requests with skewed client clocks.
175
179
  #
180
+ # @option options [String] :defaults_mode ("legacy")
181
+ # See {Aws::DefaultsModeConfiguration} for a list of the
182
+ # accepted modes and the configuration defaults that are included.
183
+ #
176
184
  # @option options [Boolean] :disable_host_prefix_injection (false)
177
185
  # Set to true to disable SDK automatically adding host prefix
178
186
  # to default service endpoint when available.
@@ -285,6 +293,15 @@ module Aws::CognitoIdentityProvider
285
293
  # ** Please note ** When response stubbing is enabled, no HTTP
286
294
  # requests are made, and retries are disabled.
287
295
  #
296
+ # @option options [Boolean] :use_dualstack_endpoint
297
+ # When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
298
+ # will be used if available.
299
+ #
300
+ # @option options [Boolean] :use_fips_endpoint
301
+ # When set to `true`, fips compatible endpoints will be used if available.
302
+ # When a `fips` region is used, the region is normalized and this config
303
+ # is set to `true`.
304
+ #
288
305
  # @option options [Boolean] :validate_params (true)
289
306
  # When `true`, request parameters are validated before
290
307
  # sending the request.
@@ -296,7 +313,7 @@ module Aws::CognitoIdentityProvider
296
313
  # seconds to wait when opening a HTTP session before raising a
297
314
  # `Timeout::Error`.
298
315
  #
299
- # @option options [Integer] :http_read_timeout (60) The default
316
+ # @option options [Float] :http_read_timeout (60) The default
300
317
  # number of seconds to wait for response data. This value can
301
318
  # safely be set per-request on the session.
302
319
  #
@@ -312,6 +329,9 @@ module Aws::CognitoIdentityProvider
312
329
  # disables this behaviour. This value can safely be set per
313
330
  # request on the session.
314
331
  #
332
+ # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
333
+ # in seconds.
334
+ #
315
335
  # @option options [Boolean] :http_wire_trace (false) When `true`,
316
336
  # HTTP debug output will be sent to the `:logger`.
317
337
  #
@@ -440,19 +460,18 @@ module Aws::CognitoIdentityProvider
440
460
  # For more information, see [Customizing User Pool Workflows with Lambda
441
461
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
442
462
  #
443
- # <note markdown="1"> Take the following limitations into consideration when you use the
444
- # ClientMetadata parameter:
463
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
464
+ # Cognito won't do the following:
445
465
  #
446
- # * Amazon Cognito does not store the ClientMetadata value. This data is
447
- # available only to Lambda triggers that are assigned to a user pool
448
- # to support custom workflows. If your user pool configuration does
449
- # not include triggers, the ClientMetadata parameter serves no
450
- # purpose.
466
+ # * Store the ClientMetadata value. This data is available only to
467
+ # Lambda triggers that are assigned to a user pool to support custom
468
+ # workflows. If your user pool configuration doesn't include
469
+ # triggers, the ClientMetadata parameter serves no purpose.
451
470
  #
452
- # * Amazon Cognito does not validate the ClientMetadata value.
471
+ # * Validate the ClientMetadata value.
453
472
  #
454
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
455
- # don't use it to provide sensitive information.
473
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
474
+ # provide sensitive information.
456
475
  #
457
476
  # </note>
458
477
  #
@@ -483,27 +502,27 @@ module Aws::CognitoIdentityProvider
483
502
 
484
503
  # Creates a new user in the specified user pool.
485
504
  #
486
- # If `MessageAction` is not set, the default is to send a welcome
505
+ # If `MessageAction` isn't set, the default is to send a welcome
487
506
  # message via email or phone (SMS).
488
507
  #
489
508
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
490
- # U.S. telecom carriers require that you register an origination phone
509
+ # US telecom carriers require you to register an origination phone
491
510
  # number before you can send SMS messages to U.S. phone numbers. If you
492
511
  # use SMS text messages in Amazon Cognito, you must register a phone
493
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
494
- # number automatically. Otherwise, Cognito users that must receive SMS
495
- # messages might be unable to sign up, activate their accounts, or sign
496
- # in.
512
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
513
+ # registered number automatically. Otherwise, Amazon Cognito users that
514
+ # must receive SMS messages might be unable to sign up, activate their
515
+ # accounts, or sign in.
497
516
  #
498
517
  # If you have never used SMS text messages with Amazon Cognito or any
499
- # other Amazon Web Service, Amazon SNS might place your account in SMS
500
- # sandbox. In <i> <a
518
+ # other Amazon Web Service, Amazon Simple Notification Service might
519
+ # place your account in SMS sandbox. In <i> <a
501
520
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
502
- # mode</a> </i>, you’ll have limitations, such as sending messages to
503
- # only verified phone numbers. After testing in the sandbox environment,
504
- # you can move out of the SMS sandbox and into production. For more
505
- # information, see [ SMS message settings for Cognito User Pools][2] in
506
- # the *Amazon Cognito Developer Guide*.
521
+ # mode</a> </i>, you will have limitations, such as sending messages
522
+ # only to verified phone numbers. After testing in the sandbox
523
+ # environment, you can move out of the SMS sandbox and into production.
524
+ # For more information, see [ SMS message settings for Amazon Cognito
525
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
507
526
  #
508
527
  # </note>
509
528
  #
@@ -512,8 +531,8 @@ module Aws::CognitoIdentityProvider
512
531
  # sign-up instructions and placeholders for user name and temporary
513
532
  # password.
514
533
  #
515
- # Alternatively, you can call `AdminCreateUser` with SUPPRESS for the
516
- # `MessageAction` parameter, and Amazon Cognito will not send any email.
534
+ # Alternatively, you can call `AdminCreateUser` with `SUPPRESS` for the
535
+ # `MessageAction` parameter, and Amazon Cognito won't send any email.
517
536
  #
518
537
  # In either case, the user will be in the `FORCE_CHANGE_PASSWORD` state
519
538
  # until they sign in and change their password.
@@ -531,29 +550,29 @@ module Aws::CognitoIdentityProvider
531
550
  # @option params [required, String] :username
532
551
  # The username for the user. Must be unique within the user pool. Must
533
552
  # be a UTF-8 string between 1 and 128 characters. After the user is
534
- # created, the username cannot be changed.
553
+ # created, the username can't be changed.
535
554
  #
536
555
  # @option params [Array<Types::AttributeType>] :user_attributes
537
556
  # An array of name-value pairs that contain user attributes and
538
557
  # attribute values to be set for the user to be created. You can create
539
558
  # a user without specifying any attributes other than `Username`.
540
559
  # However, any attributes that you specify as required (when creating a
541
- # user pool or in the **Attributes** tab of the console) must be
542
- # supplied either by you (in your call to `AdminCreateUser`) or by the
543
- # user (when he or she signs up in response to your welcome message).
560
+ # user pool or in the **Attributes** tab of the console) either you
561
+ # should supply (in your call to `AdminCreateUser`) or the user should
562
+ # supply (when they sign up in response to your welcome message).
544
563
  #
545
564
  # For custom attributes, you must prepend the `custom:` prefix to the
546
565
  # attribute name.
547
566
  #
548
567
  # To send a message inviting the user to sign up, you must specify the
549
- # user's email address or phone number. This can be done in your call
550
- # to AdminCreateUser or in the **Users** tab of the Amazon Cognito
551
- # console for managing your user pools.
568
+ # user's email address or phone number. You can do this in your call to
569
+ # AdminCreateUser or in the **Users** tab of the Amazon Cognito console
570
+ # for managing your user pools.
552
571
  #
553
572
  # In your call to `AdminCreateUser`, you can set the `email_verified`
554
573
  # attribute to `True`, and you can set the `phone_number_verified`
555
- # attribute to `True`. (You can also do this by calling
556
- # [AdminUpdateUserAttributes][1].)
574
+ # attribute to `True`. You can also do this by calling
575
+ # [AdminUpdateUserAttributes][1].
557
576
  #
558
577
  # * **email**\: The email address of the user to whom the message that
559
578
  # contains the code and username will be sent. Required if the
@@ -581,7 +600,7 @@ module Aws::CognitoIdentityProvider
581
600
  # Guide. The Lambda trigger receives the validation data and uses it in
582
601
  # the validation process.
583
602
  #
584
- # The user's validation data is not persisted.
603
+ # The user's validation data isn't persisted.
585
604
  #
586
605
  # @option params [String] :temporary_password
587
606
  # The user's temporary password. This password must conform to the
@@ -589,10 +608,10 @@ module Aws::CognitoIdentityProvider
589
608
  #
590
609
  # The temporary password is valid only once. To complete the Admin
591
610
  # Create User flow, the user must enter the temporary password in the
592
- # sign-in page along with a new password to be used in all future
611
+ # sign-in page, along with a new password to be used in all future
593
612
  # sign-ins.
594
613
  #
595
- # This parameter is not required. If you do not specify a value, Amazon
614
+ # This parameter isn't required. If you don't specify a value, Amazon
596
615
  # Cognito generates one for you.
597
616
  #
598
617
  # The temporary password can only be used until the user account
@@ -602,7 +621,7 @@ module Aws::CognitoIdentityProvider
602
621
  # parameter.
603
622
  #
604
623
  # @option params [Boolean] :force_alias_creation
605
- # This parameter is only used if the `phone_number_verified` or
624
+ # This parameter is used only if the `phone_number_verified` or
606
625
  # `email_verified` attribute is set to `True`. Otherwise, it is ignored.
607
626
  #
608
627
  # If this parameter is set to `True` and the phone number or email
@@ -616,15 +635,15 @@ module Aws::CognitoIdentityProvider
616
635
  # value is `False`.
617
636
  #
618
637
  # @option params [String] :message_action
619
- # Set to `"RESEND"` to resend the invitation message to a user that
638
+ # Set to `RESEND` to resend the invitation message to a user that
620
639
  # already exists and reset the expiration limit on the user's account.
621
- # Set to `"SUPPRESS"` to suppress sending the message. Only one value
622
- # can be specified.
640
+ # Set to `SUPPRESS` to suppress sending the message. You can specify
641
+ # only one value.
623
642
  #
624
643
  # @option params [Array<String>] :desired_delivery_mediums
625
644
  # Specify `"EMAIL"` if email will be used to send the welcome message.
626
645
  # Specify `"SMS"` if the phone number will be used. The default value is
627
- # `"SMS"`. More than one value can be specified.
646
+ # `"SMS"`. You can specify more than one value.
628
647
  #
629
648
  # @option params [Hash<String,String>] :client_metadata
630
649
  # A map of custom key-value pairs that you can provide as input for any
@@ -643,19 +662,18 @@ module Aws::CognitoIdentityProvider
643
662
  # For more information, see [Customizing User Pool Workflows with Lambda
644
663
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
645
664
  #
646
- # <note markdown="1"> Take the following limitations into consideration when you use the
647
- # ClientMetadata parameter:
665
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
666
+ # Cognito won't do the following:
648
667
  #
649
- # * Amazon Cognito does not store the ClientMetadata value. This data is
650
- # available only to Lambda triggers that are assigned to a user pool
651
- # to support custom workflows. If your user pool configuration does
652
- # not include triggers, the ClientMetadata parameter serves no
653
- # purpose.
668
+ # * Store the ClientMetadata value. This data is available only to
669
+ # Lambda triggers that are assigned to a user pool to support custom
670
+ # workflows. If your user pool configuration doesn't include
671
+ # triggers, the ClientMetadata parameter serves no purpose.
654
672
  #
655
- # * Amazon Cognito does not validate the ClientMetadata value.
673
+ # * Validate the ClientMetadata value.
656
674
  #
657
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
658
- # don't use it to provide sensitive information.
675
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
676
+ # provide sensitive information.
659
677
  #
660
678
  # </note>
661
679
  #
@@ -724,7 +742,7 @@ module Aws::CognitoIdentityProvider
724
742
  # The user pool ID for the user pool where you want to delete the user.
725
743
  #
726
744
  # @option params [required, String] :username
727
- # The user name of the user you wish to delete.
745
+ # The user name of the user you want to delete.
728
746
  #
729
747
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
730
748
  #
@@ -758,7 +776,7 @@ module Aws::CognitoIdentityProvider
758
776
  # attributes.
759
777
  #
760
778
  # @option params [required, Array<String>] :user_attribute_names
761
- # An array of strings representing the user attribute names you wish to
779
+ # An array of strings representing the user attribute names you want to
762
780
  # delete.
763
781
  #
764
782
  # For custom attributes, you must prepend the `custom:` prefix to the
@@ -784,13 +802,14 @@ module Aws::CognitoIdentityProvider
784
802
  end
785
803
 
786
804
  # Disables the user from signing in with the specified external (SAML or
787
- # social) identity provider. If the user to disable is a Cognito User
788
- # Pools native username + password user, they are not permitted to use
789
- # their password to sign-in. If the user to disable is a linked external
790
- # IdP user, any link between that user and an existing user is removed.
791
- # The next time the external user (no longer attached to the previously
792
- # linked `DestinationUser`) signs in, they must create a new user
793
- # account. See [AdminLinkProviderForUser][1].
805
+ # social) identity provider. If the user to disable is a Amazon Cognito
806
+ # User Pools native username + password user, they aren't permitted to
807
+ # use their password to sign in. If the user to deactivate is a linked
808
+ # external identity provider (IdP) user, any link between that user and
809
+ # an existing user is removed. The next time the external user (no
810
+ # longer attached to the previously linked `DestinationUser`) signs in,
811
+ # they must create a new user account. See
812
+ # [AdminLinkProviderForUser][1].
794
813
  #
795
814
  # This action is enabled only for admin access and requires developer
796
815
  # credentials.
@@ -798,10 +817,10 @@ module Aws::CognitoIdentityProvider
798
817
  # The `ProviderName` must match the value specified when creating an IdP
799
818
  # for the pool.
800
819
  #
801
- # To disable a native username + password user, the `ProviderName` value
802
- # must be `Cognito` and the `ProviderAttributeName` must be
803
- # `Cognito_Subject`, with the `ProviderAttributeValue` being the name
804
- # that is used in the user pool for the user.
820
+ # To deactivate a native username + password user, the `ProviderName`
821
+ # value must be `Cognito` and the `ProviderAttributeName` must be
822
+ # `Cognito_Subject`. The `ProviderAttributeValue` must be the name that
823
+ # is used in the user pool for the user.
805
824
  #
806
825
  # The `ProviderAttributeName` must always be `Cognito_Subject` for
807
826
  # social identity providers. The `ProviderAttributeValue` must always be
@@ -809,7 +828,7 @@ module Aws::CognitoIdentityProvider
809
828
  # a source user.
810
829
  #
811
830
  # For de-linking a SAML identity, there are two scenarios. If the linked
812
- # identity has not yet been used to sign-in, the `ProviderAttributeName`
831
+ # identity has not yet been used to sign in, the `ProviderAttributeName`
813
832
  # and `ProviderAttributeValue` must be the same values that were used
814
833
  # for the `SourceUser` when the identities were originally linked using
815
834
  # ` AdminLinkProviderForUser` call. (If the linking was done with
@@ -858,7 +877,7 @@ module Aws::CognitoIdentityProvider
858
877
  # The user pool ID for the user pool where you want to disable the user.
859
878
  #
860
879
  # @option params [required, String] :username
861
- # The user name of the user you wish to disable.
880
+ # The user name of the user you want to disable.
862
881
  #
863
882
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
864
883
  #
@@ -886,7 +905,7 @@ module Aws::CognitoIdentityProvider
886
905
  # The user pool ID for the user pool where you want to enable the user.
887
906
  #
888
907
  # @option params [required, String] :username
889
- # The user name of the user you wish to enable.
908
+ # The user name of the user you want to enable.
890
909
  #
891
910
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
892
911
  #
@@ -992,7 +1011,7 @@ module Aws::CognitoIdentityProvider
992
1011
  # about the user.
993
1012
  #
994
1013
  # @option params [required, String] :username
995
- # The user name of the user you wish to retrieve.
1014
+ # The user name of the user you want to retrieve.
996
1015
  #
997
1016
  # @return [Types::AdminGetUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
998
1017
  #
@@ -1042,23 +1061,23 @@ module Aws::CognitoIdentityProvider
1042
1061
  # Initiates the authentication flow, as an administrator.
1043
1062
  #
1044
1063
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
1045
- # U.S. telecom carriers require that you register an origination phone
1064
+ # US telecom carriers require you to register an origination phone
1046
1065
  # number before you can send SMS messages to U.S. phone numbers. If you
1047
1066
  # use SMS text messages in Amazon Cognito, you must register a phone
1048
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
1049
- # number automatically. Otherwise, Cognito users that must receive SMS
1050
- # messages might be unable to sign up, activate their accounts, or sign
1051
- # in.
1067
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
1068
+ # registered number automatically. Otherwise, Amazon Cognito users that
1069
+ # must receive SMS messages might be unable to sign up, activate their
1070
+ # accounts, or sign in.
1052
1071
  #
1053
1072
  # If you have never used SMS text messages with Amazon Cognito or any
1054
- # other Amazon Web Service, Amazon SNS might place your account in SMS
1055
- # sandbox. In <i> <a
1073
+ # other Amazon Web Service, Amazon Simple Notification Service might
1074
+ # place your account in SMS sandbox. In <i> <a
1056
1075
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
1057
- # mode</a> </i>, you’ll have limitations, such as sending messages to
1058
- # only verified phone numbers. After testing in the sandbox environment,
1059
- # you can move out of the SMS sandbox and into production. For more
1060
- # information, see [ SMS message settings for Cognito User Pools][2] in
1061
- # the *Amazon Cognito Developer Guide*.
1076
+ # mode</a> </i>, you will have limitations, such as sending messages
1077
+ # only to verified phone numbers. After testing in the sandbox
1078
+ # environment, you can move out of the SMS sandbox and into production.
1079
+ # For more information, see [ SMS message settings for Amazon Cognito
1080
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
1062
1081
  #
1063
1082
  # </note>
1064
1083
  #
@@ -1076,17 +1095,18 @@ module Aws::CognitoIdentityProvider
1076
1095
  # The app client ID.
1077
1096
  #
1078
1097
  # @option params [required, String] :auth_flow
1079
- # The authentication flow for this call to execute. The API action will
1098
+ # The authentication flow for this call to run. The API action will
1080
1099
  # depend on this value. For example:
1081
1100
  #
1082
1101
  # * `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
1083
1102
  # new tokens.
1084
1103
  #
1085
1104
  # * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
1086
- # SRP variables to be used for next challenge execution.
1105
+ # Secure Remote Password (SRP) protocol variables to be used for next
1106
+ # challenge execution.
1087
1107
  #
1088
- # * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
1089
- # return the next challenge or tokens.
1108
+ # * `ADMIN_USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD`
1109
+ # and return the next challenge or tokens.
1090
1110
  #
1091
1111
  # Valid values include:
1092
1112
  #
@@ -1103,19 +1123,14 @@ module Aws::CognitoIdentityProvider
1103
1123
  # the USERNAME and PASSWORD directly if the flow is enabled for
1104
1124
  # calling the app client.
1105
1125
  #
1106
- # * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
1107
- # PASSWORD are passed directly. If a user migration Lambda trigger is
1108
- # set, this flow will invoke the user migration Lambda if the USERNAME
1109
- # is not found in the user pool.
1110
- #
1111
1126
  # * `ADMIN_USER_PASSWORD_AUTH`\: Admin-based user password
1112
1127
  # authentication. This replaces the `ADMIN_NO_SRP_AUTH` authentication
1113
- # flow. In this flow, Cognito receives the password in the request
1114
- # instead of using the SRP process to verify passwords.
1128
+ # flow. In this flow, Amazon Cognito receives the password in the
1129
+ # request instead of using the SRP process to verify passwords.
1115
1130
  #
1116
1131
  # @option params [Hash<String,String>] :auth_parameters
1117
1132
  # The authentication parameters. These are inputs corresponding to the
1118
- # `AuthFlow` that you are invoking. The required values depend on the
1133
+ # `AuthFlow` that you're invoking. The required values depend on the
1119
1134
  # value of `AuthFlow`\:
1120
1135
  #
1121
1136
  # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
@@ -1160,7 +1175,7 @@ module Aws::CognitoIdentityProvider
1160
1175
  # specific needs.
1161
1176
  #
1162
1177
  # When you use the AdminInitiateAuth API action, Amazon Cognito also
1163
- # invokes the functions for the following triggers, but it does not
1178
+ # invokes the functions for the following triggers, but it doesn't
1164
1179
  # provide the ClientMetadata value as input:
1165
1180
  #
1166
1181
  # * Post authentication
@@ -1178,19 +1193,18 @@ module Aws::CognitoIdentityProvider
1178
1193
  # For more information, see [Customizing User Pool Workflows with Lambda
1179
1194
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
1180
1195
  #
1181
- # <note markdown="1"> Take the following limitations into consideration when you use the
1182
- # ClientMetadata parameter:
1196
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
1197
+ # Cognito won't do the following:
1183
1198
  #
1184
- # * Amazon Cognito does not store the ClientMetadata value. This data is
1185
- # available only to Lambda triggers that are assigned to a user pool
1186
- # to support custom workflows. If your user pool configuration does
1187
- # not include triggers, the ClientMetadata parameter serves no
1188
- # purpose.
1199
+ # * Store the ClientMetadata value. This data is available only to
1200
+ # Lambda triggers that are assigned to a user pool to support custom
1201
+ # workflows. If your user pool configuration doesn't include
1202
+ # triggers, the ClientMetadata parameter serves no purpose.
1189
1203
  #
1190
- # * Amazon Cognito does not validate the ClientMetadata value.
1204
+ # * Validate the ClientMetadata value.
1191
1205
  #
1192
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
1193
- # don't use it to provide sensitive information.
1206
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
1207
+ # provide sensitive information.
1194
1208
  #
1195
1209
  # </note>
1196
1210
  #
@@ -1271,13 +1285,13 @@ module Aws::CognitoIdentityProvider
1271
1285
  # a specified attribute name and value from the external identity
1272
1286
  # provider. This allows you to create a link from the existing user
1273
1287
  # account to an external federated user identity that has not yet been
1274
- # used to sign in, so that the federated user identity can be used to
1275
- # sign in as the existing user account.
1288
+ # used to sign in. You can then use the federated user identity to sign
1289
+ # in as the existing user account.
1276
1290
  #
1277
1291
  # For example, if there is an existing user with a username and
1278
- # password, this API links that user to a federated user identity, so
1279
- # that when the federated user identity is used, the user signs in as
1280
- # the existing user account.
1292
+ # password, this API links that user to a federated user identity. When
1293
+ # the user signs in with a federated user identity, they sign in as the
1294
+ # existing user account.
1281
1295
  #
1282
1296
  # <note markdown="1"> The maximum number of federated identities linked to a user is 5.
1283
1297
  #
@@ -1288,8 +1302,7 @@ module Aws::CognitoIdentityProvider
1288
1302
  # only be used with external identity providers and provider attributes
1289
1303
  # that have been trusted by the application owner.
1290
1304
  #
1291
- # This action is enabled only for admin access and requires developer
1292
- # credentials.
1305
+ # This action is administrative and requires developer credentials.
1293
1306
  #
1294
1307
  # @option params [required, String] :user_pool_id
1295
1308
  # The user pool ID for the user pool.
@@ -1297,10 +1310,10 @@ module Aws::CognitoIdentityProvider
1297
1310
  # @option params [required, Types::ProviderUserIdentifierType] :destination_user
1298
1311
  # The existing user in the user pool to be linked to the external
1299
1312
  # identity provider user account. Can be a native (Username + Password)
1300
- # Cognito User Pools user or a federated user (for example, a SAML or
1301
- # Facebook user). If the user doesn't exist, an exception is thrown.
1302
- # This is the user that is returned when the new user (with the linked
1303
- # identity provider attribute) signs in.
1313
+ # Amazon Cognito User Pools user or a federated user (for example, a
1314
+ # SAML or Facebook user). If the user doesn't exist, an exception is
1315
+ # thrown. This is the user that is returned when the new user (with the
1316
+ # linked identity provider attribute) signs in.
1304
1317
  #
1305
1318
  # For a native username + password user, the `ProviderAttributeValue`
1306
1319
  # for the `DestinationUser` should be the username in the user pool. For
@@ -1311,30 +1324,34 @@ module Aws::CognitoIdentityProvider
1311
1324
  # The `ProviderName` should be set to `Cognito` for users in Cognito
1312
1325
  # user pools.
1313
1326
  #
1327
+ # All attributes in the DestinationUser profile must be mutable. If you
1328
+ # have assigned the user any immutable custom attributes, the operation
1329
+ # won't succeed.
1330
+ #
1314
1331
  # @option params [required, Types::ProviderUserIdentifierType] :source_user
1315
- # An external identity provider account for a user who does not
1316
- # currently exist yet in the user pool. This user must be a federated
1317
- # user (for example, a SAML or Facebook user), not another native user.
1332
+ # An external identity provider account for a user who doesn't exist
1333
+ # yet in the user pool. This user must be a federated user (for example,
1334
+ # a SAML or Facebook user), not another native user.
1318
1335
  #
1319
- # If the `SourceUser` is a federated social identity provider user
1320
- # (Facebook, Google, or Login with Amazon), you must set the
1336
+ # If the `SourceUser` is using a federated social identity provider,
1337
+ # such as Facebook, Google, or Login with Amazon, you must set the
1321
1338
  # `ProviderAttributeName` to `Cognito_Subject`. For social identity
1322
1339
  # providers, the `ProviderName` will be `Facebook`, `Google`, or
1323
- # `LoginWithAmazon`, and Cognito will automatically parse the Facebook,
1324
- # Google, and Login with Amazon tokens for `id`, `sub`, and `user_id`,
1325
- # respectively. The `ProviderAttributeValue` for the user must be the
1326
- # same value as the `id`, `sub`, or `user_id` value found in the social
1327
- # identity provider token.
1340
+ # `LoginWithAmazon`, and Amazon Cognito will automatically parse the
1341
+ # Facebook, Google, and Login with Amazon tokens for `id`, `sub`, and
1342
+ # `user_id`, respectively. The `ProviderAttributeValue` for the user
1343
+ # must be the same value as the `id`, `sub`, or `user_id` value found in
1344
+ # the social identity provider token.
1328
1345
  #
1329
1346
  #
1330
1347
  #
1331
1348
  # For SAML, the `ProviderAttributeName` can be any value that matches a
1332
- # claim in the SAML assertion. If you wish to link SAML users based on
1349
+ # claim in the SAML assertion. If you want to link SAML users based on
1333
1350
  # the subject of the SAML assertion, you should map the subject to a
1334
1351
  # claim through the SAML identity provider and submit that claim name as
1335
1352
  # the `ProviderAttributeName`. If you set `ProviderAttributeName` to
1336
- # `Cognito_Subject`, Cognito will automatically parse the default unique
1337
- # identifier found in the subject from the SAML token.
1353
+ # `Cognito_Subject`, Amazon Cognito will automatically parse the default
1354
+ # unique identifier found in the subject from the SAML token.
1338
1355
  #
1339
1356
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1340
1357
  #
@@ -1469,8 +1486,8 @@ module Aws::CognitoIdentityProvider
1469
1486
  req.send_request(options)
1470
1487
  end
1471
1488
 
1472
- # Lists a history of user activity and any risks detected as part of
1473
- # Amazon Cognito advanced security.
1489
+ # A history of user activity and any risks detected as part of Amazon
1490
+ # Cognito advanced security.
1474
1491
  #
1475
1492
  # @option params [required, String] :user_pool_id
1476
1493
  # The user pool ID.
@@ -1579,23 +1596,23 @@ module Aws::CognitoIdentityProvider
1579
1596
  # password.
1580
1597
  #
1581
1598
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
1582
- # U.S. telecom carriers require that you register an origination phone
1599
+ # US telecom carriers require you to register an origination phone
1583
1600
  # number before you can send SMS messages to U.S. phone numbers. If you
1584
1601
  # use SMS text messages in Amazon Cognito, you must register a phone
1585
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
1586
- # number automatically. Otherwise, Cognito users that must receive SMS
1587
- # messages might be unable to sign up, activate their accounts, or sign
1588
- # in.
1602
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
1603
+ # registered number automatically. Otherwise, Amazon Cognito users that
1604
+ # must receive SMS messages might be unable to sign up, activate their
1605
+ # accounts, or sign in.
1589
1606
  #
1590
1607
  # If you have never used SMS text messages with Amazon Cognito or any
1591
- # other Amazon Web Service, Amazon SNS might place your account in SMS
1592
- # sandbox. In <i> <a
1608
+ # other Amazon Web Service, Amazon Simple Notification Service might
1609
+ # place your account in SMS sandbox. In <i> <a
1593
1610
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
1594
- # mode</a> </i>, you’ll have limitations, such as sending messages to
1595
- # only verified phone numbers. After testing in the sandbox environment,
1596
- # you can move out of the SMS sandbox and into production. For more
1597
- # information, see [ SMS message settings for Cognito User Pools][2] in
1598
- # the *Amazon Cognito Developer Guide*.
1611
+ # mode</a> </i>, you will have limitations, such as sending messages
1612
+ # only to verified phone numbers. After testing in the sandbox
1613
+ # environment, you can move out of the SMS sandbox and into production.
1614
+ # For more information, see [ SMS message settings for Amazon Cognito
1615
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
1599
1616
  #
1600
1617
  # </note>
1601
1618
  #
@@ -1611,7 +1628,7 @@ module Aws::CognitoIdentityProvider
1611
1628
  # password.
1612
1629
  #
1613
1630
  # @option params [required, String] :username
1614
- # The user name of the user whose password you wish to reset.
1631
+ # The user name of the user whose password you want to reset.
1615
1632
  #
1616
1633
  # @option params [Hash<String,String>] :client_metadata
1617
1634
  # A map of custom key-value pairs that you can provide as input for any
@@ -1631,19 +1648,18 @@ module Aws::CognitoIdentityProvider
1631
1648
  # For more information, see [Customizing User Pool Workflows with Lambda
1632
1649
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
1633
1650
  #
1634
- # <note markdown="1"> Take the following limitations into consideration when you use the
1635
- # ClientMetadata parameter:
1651
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
1652
+ # Cognito won't do the following:
1636
1653
  #
1637
- # * Amazon Cognito does not store the ClientMetadata value. This data is
1638
- # available only to Lambda triggers that are assigned to a user pool
1639
- # to support custom workflows. If your user pool configuration does
1640
- # not include triggers, the ClientMetadata parameter serves no
1641
- # purpose.
1654
+ # * Store the ClientMetadata value. This data is available only to
1655
+ # Lambda triggers that are assigned to a user pool to support custom
1656
+ # workflows. If your user pool configuration doesn't include
1657
+ # triggers, the ClientMetadata parameter serves no purpose.
1642
1658
  #
1643
- # * Amazon Cognito does not validate the ClientMetadata value.
1659
+ # * Validate the ClientMetadata value.
1644
1660
  #
1645
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
1646
- # don't use it to provide sensitive information.
1661
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
1662
+ # provide sensitive information.
1647
1663
  #
1648
1664
  # </note>
1649
1665
  #
@@ -1675,23 +1691,23 @@ module Aws::CognitoIdentityProvider
1675
1691
  # Responds to an authentication challenge, as an administrator.
1676
1692
  #
1677
1693
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
1678
- # U.S. telecom carriers require that you register an origination phone
1694
+ # US telecom carriers require you to register an origination phone
1679
1695
  # number before you can send SMS messages to U.S. phone numbers. If you
1680
1696
  # use SMS text messages in Amazon Cognito, you must register a phone
1681
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
1682
- # number automatically. Otherwise, Cognito users that must receive SMS
1683
- # messages might be unable to sign up, activate their accounts, or sign
1684
- # in.
1697
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
1698
+ # registered number automatically. Otherwise, Amazon Cognito users that
1699
+ # must receive SMS messages might be unable to sign up, activate their
1700
+ # accounts, or sign in.
1685
1701
  #
1686
1702
  # If you have never used SMS text messages with Amazon Cognito or any
1687
- # other Amazon Web Service, Amazon SNS might place your account in SMS
1688
- # sandbox. In <i> <a
1703
+ # other Amazon Web Service, Amazon Simple Notification Service might
1704
+ # place your account in SMS sandbox. In <i> <a
1689
1705
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
1690
- # mode</a> </i>, you’ll have limitations, such as sending messages to
1691
- # only verified phone numbers. After testing in the sandbox environment,
1692
- # you can move out of the SMS sandbox and into production. For more
1693
- # information, see [ SMS message settings for Cognito User Pools][2] in
1694
- # the *Amazon Cognito Developer Guide*.
1706
+ # mode</a> </i>, you will have limitations, such as sending messages
1707
+ # only to verified phone numbers. After testing in the sandbox
1708
+ # environment, you can move out of the SMS sandbox and into production.
1709
+ # For more information, see [ SMS message settings for Amazon Cognito
1710
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
1695
1711
  #
1696
1712
  # </note>
1697
1713
  #
@@ -1726,6 +1742,11 @@ module Aws::CognitoIdentityProvider
1726
1742
  # `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`,
1727
1743
  # `SECRET_HASH` (if app client is configured with client secret).
1728
1744
  #
1745
+ # <note markdown="1"> `PASSWORD_VERIFIER` requires `DEVICE_KEY` when signing in with a
1746
+ # remembered device.
1747
+ #
1748
+ # </note>
1749
+ #
1729
1750
  # * `ADMIN_NO_SRP_AUTH`\: `PASSWORD`, `USERNAME`, `SECRET_HASH` (if app
1730
1751
  # client is configured with client secret).
1731
1752
  #
@@ -1733,22 +1754,22 @@ module Aws::CognitoIdentityProvider
1733
1754
  # attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
1734
1755
  # with client secret).
1735
1756
  #
1736
- # * `MFA_SETUP` requires `USERNAME`, plus you need to use the session
1737
- # value returned by `VerifySoftwareToken` in the `Session` parameter.
1757
+ # * `MFA_SETUP` requires `USERNAME`, plus you must use the session value
1758
+ # returned by `VerifySoftwareToken` in the `Session` parameter.
1738
1759
  #
1739
1760
  # The value of the `USERNAME` attribute must be the user's actual
1740
- # username, not an alias (such as email address or phone number). To
1741
- # make this easier, the `AdminInitiateAuth` response includes the actual
1742
- # username value in the `USERNAMEUSER_ID_FOR_SRP` attribute, even if you
1743
- # specified an alias in your call to `AdminInitiateAuth`.
1761
+ # username, not an alias (such as an email address or phone number). To
1762
+ # make this simpler, the `AdminInitiateAuth` response includes the
1763
+ # actual username value in the `USERNAMEUSER_ID_FOR_SRP` attribute. This
1764
+ # happens even if you specified an alias in your call to
1765
+ # `AdminInitiateAuth`.
1744
1766
  #
1745
1767
  # @option params [String] :session
1746
- # The session which should be passed both ways in challenge-response
1747
- # calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
1748
- # API call determines that the caller needs to go through another
1749
- # challenge, they return a session with other challenge parameters. This
1750
- # session should be passed as it is to the next `RespondToAuthChallenge`
1751
- # API call.
1768
+ # The session that should be passed both ways in challenge-response
1769
+ # calls to the service. If an `InitiateAuth` or `RespondToAuthChallenge`
1770
+ # API call determines that the caller must pass another challenge, it
1771
+ # returns a session with other challenge parameters. This session should
1772
+ # be passed as it is to the next `RespondToAuthChallenge` API call.
1752
1773
  #
1753
1774
  # @option params [Types::AnalyticsMetadataType] :analytics_metadata
1754
1775
  # The analytics metadata for collecting Amazon Pinpoint metrics for
@@ -1780,19 +1801,18 @@ module Aws::CognitoIdentityProvider
1780
1801
  # For more information, see [Customizing User Pool Workflows with Lambda
1781
1802
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
1782
1803
  #
1783
- # <note markdown="1"> Take the following limitations into consideration when you use the
1784
- # ClientMetadata parameter:
1804
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
1805
+ # Cognito won't do the following:
1785
1806
  #
1786
- # * Amazon Cognito does not store the ClientMetadata value. This data is
1787
- # available only to Lambda triggers that are assigned to a user pool
1788
- # to support custom workflows. If your user pool configuration does
1789
- # not include triggers, the ClientMetadata parameter serves no
1790
- # purpose.
1807
+ # * Store the ClientMetadata value. This data is available only to
1808
+ # Lambda triggers that are assigned to a user pool to support custom
1809
+ # workflows. If your user pool configuration doesn't include
1810
+ # triggers, the ClientMetadata parameter serves no purpose.
1791
1811
  #
1792
- # * Amazon Cognito does not validate the ClientMetadata value.
1812
+ # * Validate the ClientMetadata value.
1793
1813
  #
1794
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
1795
- # don't use it to provide sensitive information.
1814
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
1815
+ # provide sensitive information.
1796
1816
  #
1797
1817
  # </note>
1798
1818
  #
@@ -1860,12 +1880,12 @@ module Aws::CognitoIdentityProvider
1860
1880
  req.send_request(options)
1861
1881
  end
1862
1882
 
1863
- # Sets the user's multi-factor authentication (MFA) preference,
1864
- # including which MFA options are enabled and if any are preferred. Only
1865
- # one factor can be set as preferred. The preferred MFA factor will be
1866
- # used to authenticate a user if multiple factors are enabled. If
1867
- # multiple options are enabled and no preference is set, a challenge to
1868
- # choose an MFA option will be returned during sign in.
1883
+ # The user's multi-factor authentication (MFA) preference, including
1884
+ # which MFA options are activated, and if any are preferred. Only one
1885
+ # factor can be set as preferred. The preferred MFA factor will be used
1886
+ # to authenticate a user if multiple factors are activated. If multiple
1887
+ # options are activated and no preference is set, a challenge to choose
1888
+ # an MFA option will be returned during sign-in.
1869
1889
  #
1870
1890
  # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
1871
1891
  # The SMS text message MFA settings.
@@ -1909,22 +1929,21 @@ module Aws::CognitoIdentityProvider
1909
1929
  # administrator. Works on any user.
1910
1930
  #
1911
1931
  # The password can be temporary or permanent. If it is temporary, the
1912
- # user status will be placed into the `FORCE_CHANGE_PASSWORD` state.
1913
- # When the user next tries to sign in, the
1914
- # InitiateAuth/AdminInitiateAuth response will contain the
1915
- # `NEW_PASSWORD_REQUIRED` challenge. If the user does not sign in before
1916
- # it expires, the user will not be able to sign in and their password
1917
- # will need to be reset by an administrator.
1932
+ # user status enters the `FORCE_CHANGE_PASSWORD` state. When the user
1933
+ # next tries to sign in, the InitiateAuth/AdminInitiateAuth response
1934
+ # will contain the `NEW_PASSWORD_REQUIRED` challenge. If the user
1935
+ # doesn't sign in before it expires, the user won't be able to sign
1936
+ # in, and an administrator must reset their password.
1918
1937
  #
1919
1938
  # Once the user has set a new password, or the password is permanent,
1920
- # the user status will be set to `Confirmed`.
1939
+ # the user status is set to `Confirmed`.
1921
1940
  #
1922
1941
  # @option params [required, String] :user_pool_id
1923
1942
  # The user pool ID for the user pool where you want to set the user's
1924
1943
  # password.
1925
1944
  #
1926
1945
  # @option params [required, String] :username
1927
- # The user name of the user whose password you wish to set.
1946
+ # The user name of the user whose password you want to set.
1928
1947
  #
1929
1948
  # @option params [required, String] :password
1930
1949
  # The password for the user.
@@ -1953,20 +1972,20 @@ module Aws::CognitoIdentityProvider
1953
1972
  end
1954
1973
 
1955
1974
  # *This action is no longer supported.* You can use it to configure only
1956
- # SMS MFA. You can't use it to configure TOTP software token MFA. To
1957
- # configure either type of MFA, use [AdminSetUserMFAPreference][1]
1958
- # instead.
1975
+ # SMS MFA. You can't use it to configure time-based one-time password
1976
+ # (TOTP) software token MFA. To configure either type of MFA, use
1977
+ # [AdminSetUserMFAPreference][1] instead.
1959
1978
  #
1960
1979
  #
1961
1980
  #
1962
1981
  # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html
1963
1982
  #
1964
1983
  # @option params [required, String] :user_pool_id
1965
- # The ID of the user pool that contains the user that you are setting
1966
- # options for.
1984
+ # The ID of the user pool that contains the user whose options you're
1985
+ # setting.
1967
1986
  #
1968
1987
  # @option params [required, String] :username
1969
- # The user name of the user that you are setting options for.
1988
+ # The user name of the user whose options you're setting.
1970
1989
  #
1971
1990
  # @option params [required, Array<Types::MFAOptionType>] :mfa_options
1972
1991
  # You can use this parameter only to set an SMS configuration that uses
@@ -1996,7 +2015,7 @@ module Aws::CognitoIdentityProvider
1996
2015
  req.send_request(options)
1997
2016
  end
1998
2017
 
1999
- # Provides feedback for an authentication event as to whether it was
2018
+ # Provides feedback for an authentication event indicating if it was
2000
2019
  # from a valid user. This feedback is used for improving the risk
2001
2020
  # evaluation decision for the user pool as part of Amazon Cognito
2002
2021
  # advanced security.
@@ -2079,23 +2098,23 @@ module Aws::CognitoIdentityProvider
2079
2098
  # mark phone and email as verified.
2080
2099
  #
2081
2100
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
2082
- # U.S. telecom carriers require that you register an origination phone
2101
+ # US telecom carriers require you to register an origination phone
2083
2102
  # number before you can send SMS messages to U.S. phone numbers. If you
2084
2103
  # use SMS text messages in Amazon Cognito, you must register a phone
2085
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
2086
- # number automatically. Otherwise, Cognito users that must receive SMS
2087
- # messages might be unable to sign up, activate their accounts, or sign
2088
- # in.
2104
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
2105
+ # registered number automatically. Otherwise, Amazon Cognito users that
2106
+ # must receive SMS messages might be unable to sign up, activate their
2107
+ # accounts, or sign in.
2089
2108
  #
2090
2109
  # If you have never used SMS text messages with Amazon Cognito or any
2091
- # other Amazon Web Service, Amazon SNS might place your account in SMS
2092
- # sandbox. In <i> <a
2110
+ # other Amazon Web Service, Amazon Simple Notification Service might
2111
+ # place your account in SMS sandbox. In <i> <a
2093
2112
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
2094
- # mode</a> </i>, you’ll have limitations, such as sending messages to
2095
- # only verified phone numbers. After testing in the sandbox environment,
2096
- # you can move out of the SMS sandbox and into production. For more
2097
- # information, see [ SMS message settings for Cognito User Pools][2] in
2098
- # the *Amazon Cognito Developer Guide*.
2113
+ # mode</a> </i>, you will have limitations, such as sending messages
2114
+ # only to verified phone numbers. After testing in the sandbox
2115
+ # environment, you can move out of the SMS sandbox and into production.
2116
+ # For more information, see [ SMS message settings for Amazon Cognito
2117
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
2099
2118
  #
2100
2119
  # </note>
2101
2120
  #
@@ -2137,19 +2156,18 @@ module Aws::CognitoIdentityProvider
2137
2156
  # For more information, see [Customizing User Pool Workflows with Lambda
2138
2157
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
2139
2158
  #
2140
- # <note markdown="1"> Take the following limitations into consideration when you use the
2141
- # ClientMetadata parameter:
2159
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
2160
+ # Cognito won't do the following:
2142
2161
  #
2143
- # * Amazon Cognito does not store the ClientMetadata value. This data is
2144
- # available only to Lambda triggers that are assigned to a user pool
2145
- # to support custom workflows. If your user pool configuration does
2146
- # not include triggers, the ClientMetadata parameter serves no
2147
- # purpose.
2162
+ # * Store the ClientMetadata value. This data is available only to
2163
+ # Lambda triggers that are assigned to a user pool to support custom
2164
+ # workflows. If your user pool configuration doesn't include
2165
+ # triggers, the ClientMetadata parameter serves no purpose.
2148
2166
  #
2149
- # * Amazon Cognito does not validate the ClientMetadata value.
2167
+ # * Validate the ClientMetadata value.
2150
2168
  #
2151
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
2152
- # don't use it to provide sensitive information.
2169
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
2170
+ # provide sensitive information.
2153
2171
  #
2154
2172
  # </note>
2155
2173
  #
@@ -2187,7 +2205,7 @@ module Aws::CognitoIdentityProvider
2187
2205
  # Signs out users from all devices, as an administrator. It also
2188
2206
  # invalidates all refresh tokens issued to a user. The user's current
2189
2207
  # access and Id tokens remain valid until their expiry. Access and Id
2190
- # tokens expire one hour after they are issued.
2208
+ # tokens expire one hour after they're issued.
2191
2209
  #
2192
2210
  # Calling this action requires developer credentials.
2193
2211
  #
@@ -2221,11 +2239,11 @@ module Aws::CognitoIdentityProvider
2221
2239
  #
2222
2240
  # <note markdown="1"> Calling AssociateSoftwareToken immediately disassociates the existing
2223
2241
  # software token from the user account. If the user doesn't
2224
- # subsequently verify the software token, their account is essentially
2225
- # set up to authenticate without MFA. If MFA config is set to Optional
2226
- # at the user pool level, the user can then login without MFA. However,
2227
- # if MFA is set to Required for the user pool, the user will be asked to
2228
- # setup a new software token MFA during sign in.
2242
+ # subsequently verify the software token, their account is set up to
2243
+ # authenticate without MFA. If MFA config is set to Optional at the user
2244
+ # pool level, the user can then log in without MFA. However, if MFA is
2245
+ # set to Required for the user pool, the user is asked to set up a new
2246
+ # software token MFA during sign-in.
2229
2247
  #
2230
2248
  # </note>
2231
2249
  #
@@ -2233,7 +2251,7 @@ module Aws::CognitoIdentityProvider
2233
2251
  # The access token.
2234
2252
  #
2235
2253
  # @option params [String] :session
2236
- # The session which should be passed both ways in challenge-response
2254
+ # The session that should be passed both ways in challenge-response
2237
2255
  # calls to the service. This allows authentication of the user as part
2238
2256
  # of the MFA setup process.
2239
2257
  #
@@ -2391,19 +2409,18 @@ module Aws::CognitoIdentityProvider
2391
2409
  # For more information, see [Customizing User Pool Workflows with Lambda
2392
2410
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
2393
2411
  #
2394
- # <note markdown="1"> Take the following limitations into consideration when you use the
2395
- # ClientMetadata parameter:
2412
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
2413
+ # Cognito won't do the following:
2396
2414
  #
2397
- # * Amazon Cognito does not store the ClientMetadata value. This data is
2398
- # available only to Lambda triggers that are assigned to a user pool
2399
- # to support custom workflows. If your user pool configuration does
2400
- # not include triggers, the ClientMetadata parameter serves no
2401
- # purpose.
2415
+ # * Store the ClientMetadata value. This data is available only to
2416
+ # Lambda triggers that are assigned to a user pool to support custom
2417
+ # workflows. If your user pool configuration doesn't include
2418
+ # triggers, the ClientMetadata parameter serves no purpose.
2402
2419
  #
2403
- # * Amazon Cognito does not validate the ClientMetadata value.
2420
+ # * Validate the ClientMetadata value.
2404
2421
  #
2405
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
2406
- # don't use it to provide sensitive information.
2422
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
2423
+ # provide sensitive information.
2407
2424
  #
2408
2425
  # </note>
2409
2426
  #
@@ -2453,7 +2470,7 @@ module Aws::CognitoIdentityProvider
2453
2470
  # the message.
2454
2471
  #
2455
2472
  # @option params [required, String] :username
2456
- # The user name of the user whose registration you wish to confirm.
2473
+ # The user name of the user whose registration you want to confirm.
2457
2474
  #
2458
2475
  # @option params [required, String] :confirmation_code
2459
2476
  # The confirmation code sent by a user's request to confirm
@@ -2494,19 +2511,18 @@ module Aws::CognitoIdentityProvider
2494
2511
  # For more information, see [Customizing User Pool Workflows with Lambda
2495
2512
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
2496
2513
  #
2497
- # <note markdown="1"> Take the following limitations into consideration when you use the
2498
- # ClientMetadata parameter:
2514
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
2515
+ # Cognito won't do the following:
2499
2516
  #
2500
- # * Amazon Cognito does not store the ClientMetadata value. This data is
2501
- # available only to Lambda triggers that are assigned to a user pool
2502
- # to support custom workflows. If your user pool configuration does
2503
- # not include triggers, the ClientMetadata parameter serves no
2504
- # purpose.
2517
+ # * Store the ClientMetadata value. This data is available only to
2518
+ # Lambda triggers that are assigned to a user pool to support custom
2519
+ # workflows. If your user pool configuration doesn't include
2520
+ # triggers, the ClientMetadata parameter serves no purpose.
2505
2521
  #
2506
- # * Amazon Cognito does not validate the ClientMetadata value.
2522
+ # * Validate the ClientMetadata value.
2507
2523
  #
2508
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
2509
- # don't use it to provide sensitive information.
2524
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
2525
+ # provide sensitive information.
2510
2526
  #
2511
2527
  # </note>
2512
2528
  #
@@ -2558,24 +2574,24 @@ module Aws::CognitoIdentityProvider
2558
2574
  # A string containing the description of the group.
2559
2575
  #
2560
2576
  # @option params [String] :role_arn
2561
- # The role ARN for the group.
2577
+ # The role Amazon Resource Name (ARN) for the group.
2562
2578
  #
2563
2579
  # @option params [Integer] :precedence
2564
- # A nonnegative integer value that specifies the precedence of this
2580
+ # A non-negative integer value that specifies the precedence of this
2565
2581
  # group relative to the other groups that a user can belong to in the
2566
2582
  # user pool. Zero is the highest precedence value. Groups with lower
2567
- # `Precedence` values take precedence over groups with higher or null
2583
+ # `Precedence` values take precedence over groups with higher ornull
2568
2584
  # `Precedence` values. If a user belongs to two or more groups, it is
2569
- # the group with the lowest precedence value whose role ARN will be used
2570
- # in the `cognito:roles` and `cognito:preferred_role` claims in the
2571
- # user's tokens.
2585
+ # the group with the lowest precedence value whose role ARN is given in
2586
+ # the user's tokens for the `cognito:roles` and
2587
+ # `cognito:preferred_role` claims.
2572
2588
  #
2573
2589
  # Two groups can have the same `Precedence` value. If this happens,
2574
2590
  # neither group takes precedence over the other. If two groups with the
2575
2591
  # same `Precedence` have the same role ARN, that role is used in the
2576
2592
  # `cognito:preferred_role` claim in tokens for users in each group. If
2577
2593
  # the two groups have different role ARNs, the `cognito:preferred_role`
2578
- # claim is not set in users' tokens.
2594
+ # claim isn't set in users' tokens.
2579
2595
  #
2580
2596
  # The default `Precedence` value is null.
2581
2597
  #
@@ -2657,7 +2673,7 @@ module Aws::CognitoIdentityProvider
2657
2673
  #
2658
2674
  # * authorize\_scopes
2659
2675
  #
2660
- # * For OIDC providers:
2676
+ # * For OpenID Connect (OIDC) providers:
2661
2677
  #
2662
2678
  # * client\_id
2663
2679
  #
@@ -2681,11 +2697,14 @@ module Aws::CognitoIdentityProvider
2681
2697
  # * jwks\_uri *if not available from discovery URL specified by
2682
2698
  # oidc\_issuer key*
2683
2699
  #
2700
+ # * attributes\_url\_add\_attributes *a read-only property that is set
2701
+ # automatically*
2702
+ #
2684
2703
  # * For SAML providers:
2685
2704
  #
2686
2705
  # * MetadataFile OR MetadataURL
2687
2706
  #
2688
- # * IDPSignout *optional*
2707
+ # * IDPSignout (optional)
2689
2708
  #
2690
2709
  # @option params [Hash<String,String>] :attribute_mapping
2691
2710
  # A mapping of identity provider attributes to standard and custom user
@@ -2736,23 +2755,23 @@ module Aws::CognitoIdentityProvider
2736
2755
  req.send_request(options)
2737
2756
  end
2738
2757
 
2739
- # Creates a new OAuth2.0 resource server and defines custom scopes in
2740
- # it.
2758
+ # Creates a new OAuth2.0 resource server and defines custom scopes
2759
+ # within it.
2741
2760
  #
2742
2761
  # @option params [required, String] :user_pool_id
2743
2762
  # The user pool ID for the user pool.
2744
2763
  #
2745
2764
  # @option params [required, String] :identifier
2746
2765
  # A unique resource server identifier for the resource server. This
2747
- # could be an HTTPS endpoint where the resource server is located. For
2748
- # example, `https://my-weather-api.example.com`.
2766
+ # could be an HTTPS endpoint where the resource server is located, such
2767
+ # as `https://my-weather-api.example.com`.
2749
2768
  #
2750
2769
  # @option params [required, String] :name
2751
2770
  # A friendly name for the resource server.
2752
2771
  #
2753
2772
  # @option params [Array<Types::ResourceServerScopeType>] :scopes
2754
- # A list of scopes. Each scope is map, where the keys are `name` and
2755
- # `description`.
2773
+ # A list of scopes. Each scope is a key-value map with the keys `name`
2774
+ # and `description`.
2756
2775
  #
2757
2776
  # @return [Types::CreateResourceServerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2758
2777
  #
@@ -2800,7 +2819,7 @@ module Aws::CognitoIdentityProvider
2800
2819
  # into.
2801
2820
  #
2802
2821
  # @option params [required, String] :cloud_watch_logs_role_arn
2803
- # The role ARN for the Amazon CloudWatch Logging role for the user
2822
+ # The role ARN for the Amazon CloudWatch Logs Logging role for the user
2804
2823
  # import job.
2805
2824
  #
2806
2825
  # @return [Types::CreateUserImportJobResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -2844,23 +2863,23 @@ module Aws::CognitoIdentityProvider
2844
2863
  # for the pool.
2845
2864
  #
2846
2865
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
2847
- # U.S. telecom carriers require that you register an origination phone
2866
+ # US telecom carriers require you to register an origination phone
2848
2867
  # number before you can send SMS messages to U.S. phone numbers. If you
2849
2868
  # use SMS text messages in Amazon Cognito, you must register a phone
2850
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
2851
- # number automatically. Otherwise, Cognito users that must receive SMS
2852
- # messages might be unable to sign up, activate their accounts, or sign
2853
- # in.
2869
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
2870
+ # registered number automatically. Otherwise, Amazon Cognito users that
2871
+ # must receive SMS messages might be unable to sign up, activate their
2872
+ # accounts, or sign in.
2854
2873
  #
2855
2874
  # If you have never used SMS text messages with Amazon Cognito or any
2856
- # other Amazon Web Service, Amazon SNS might place your account in SMS
2857
- # sandbox. In <i> <a
2875
+ # other Amazon Web Service, Amazon Simple Notification Service might
2876
+ # place your account in SMS sandbox. In <i> <a
2858
2877
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
2859
- # mode</a> </i>, you’ll have limitations, such as sending messages to
2860
- # only verified phone numbers. After testing in the sandbox environment,
2861
- # you can move out of the SMS sandbox and into production. For more
2862
- # information, see [ SMS message settings for Cognito User Pools][2] in
2863
- # the *Amazon Cognito Developer Guide*.
2878
+ # mode</a> </i>, you will have limitations, such as sending messages
2879
+ # only to verified phone numbers. After testing in the sandbox
2880
+ # environment, you can move out of the SMS sandbox and into production.
2881
+ # For more information, see [ SMS message settings for Amazon Cognito
2882
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
2864
2883
  #
2865
2884
  # </note>
2866
2885
  #
@@ -2879,16 +2898,16 @@ module Aws::CognitoIdentityProvider
2879
2898
  # The Lambda trigger configuration information for the new user pool.
2880
2899
  #
2881
2900
  # <note markdown="1"> In a push model, event sources (such as Amazon S3 and custom
2882
- # applications) need permission to invoke a function. So you will need
2883
- # to make an extra call to add permission for these event sources to
2884
- # invoke your Lambda function.
2901
+ # applications) need permission to invoke a function. So you must make
2902
+ # an extra call to add permission for these event sources to invoke your
2903
+ # Lambda function.
2885
2904
  #
2886
2905
  #
2887
2906
  #
2888
- # For more information on using the Lambda API to add permission, see [
2907
+ # For more information on using the Lambda API to add permission, see[
2889
2908
  # AddPermission ][1].
2890
2909
  #
2891
- # For adding permission using the CLI, see [ add-permission ][2].
2910
+ # For adding permission using the CLI, see[ add-permission ][2].
2892
2911
  #
2893
2912
  # </note>
2894
2913
  #
@@ -2906,8 +2925,8 @@ module Aws::CognitoIdentityProvider
2906
2925
  # **phone\_number**, **email**, or **preferred\_username**.
2907
2926
  #
2908
2927
  # @option params [Array<String>] :username_attributes
2909
- # Specifies whether email addresses or phone numbers can be specified as
2910
- # usernames when a user signs up.
2928
+ # Specifies whether a user can use an email address or phone number as a
2929
+ # username when they sign up.
2911
2930
  #
2912
2931
  # @option params [String] :sms_verification_message
2913
2932
  # A string representing the SMS verification message.
@@ -2962,28 +2981,29 @@ module Aws::CognitoIdentityProvider
2962
2981
  # can be standard or custom attributes.
2963
2982
  #
2964
2983
  # @option params [Types::UserPoolAddOnsType] :user_pool_add_ons
2965
- # Used to enable advanced security risk detection. Set the key
2984
+ # Enables advanced security risk detection. Set the key
2966
2985
  # `AdvancedSecurityMode` to the value "AUDIT".
2967
2986
  #
2968
2987
  # @option params [Types::UsernameConfigurationType] :username_configuration
2969
- # You can choose to set case sensitivity on the username input for the
2970
- # selected sign-in option. For example, when this is set to `False`,
2971
- # users will be able to sign in using either "username" or
2972
- # "Username". This configuration is immutable once it has been set.
2973
- # For more information, see [UsernameConfigurationType][1].
2988
+ # Case sensitivity on the username input for the selected sign-in
2989
+ # option. For example, when case sensitivity is set to `False`, users
2990
+ # can sign in using either "username" or "Username". This
2991
+ # configuration is immutable once it has been set. For more information,
2992
+ # see [UsernameConfigurationType][1].
2974
2993
  #
2975
2994
  #
2976
2995
  #
2977
2996
  # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html
2978
2997
  #
2979
2998
  # @option params [Types::AccountRecoverySettingType] :account_recovery_setting
2980
- # Use this setting to define which verified available method a user can
2981
- # use to recover their password when they call `ForgotPassword`. It
2982
- # allows you to define a preferred method when a user has more than one
2983
- # method available. With this setting, SMS does not qualify for a valid
2984
- # password recovery mechanism if the user also has SMS MFA enabled. In
2985
- # the absence of this setting, Cognito uses the legacy behavior to
2986
- # determine the recovery method where SMS is preferred over email.
2999
+ # The available verified method a user can use to recover their password
3000
+ # when they call `ForgotPassword`. You can use this setting to define a
3001
+ # preferred method when a user has more than one method available. With
3002
+ # this setting, SMS doesn't qualify for a valid password recovery
3003
+ # mechanism if the user also has SMS multi-factor authentication (MFA)
3004
+ # activated. In the absence of this setting, Amazon Cognito uses the
3005
+ # legacy behavior to determine the recovery method where SMS is
3006
+ # preferred through email.
2987
3007
  #
2988
3008
  # @return [Types::CreateUserPoolResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2989
3009
  #
@@ -3195,8 +3215,8 @@ module Aws::CognitoIdentityProvider
3195
3215
  # Creates the user pool client.
3196
3216
  #
3197
3217
  # When you create a new user pool client, token revocation is
3198
- # automatically enabled. For more information about revoking tokens, see
3199
- # [RevokeToken][1].
3218
+ # automatically activated. For more information about revoking tokens,
3219
+ # see [RevokeToken][1].
3200
3220
  #
3201
3221
  #
3202
3222
  #
@@ -3215,20 +3235,20 @@ module Aws::CognitoIdentityProvider
3215
3235
  #
3216
3236
  # @option params [Integer] :refresh_token_validity
3217
3237
  # The time limit, in days, after which the refresh token is no longer
3218
- # valid and cannot be used.
3238
+ # valid and can't be used.
3219
3239
  #
3220
3240
  # @option params [Integer] :access_token_validity
3221
3241
  # The time limit, between 5 minutes and 1 day, after which the access
3222
- # token is no longer valid and cannot be used. This value will be
3223
- # overridden if you have entered a value in TokenValidityUnits.
3242
+ # token is no longer valid and can't be used. If you supply a
3243
+ # TokenValidityUnits value, you will override the default time unit.
3224
3244
  #
3225
3245
  # @option params [Integer] :id_token_validity
3226
- # The time limit, between 5 minutes and 1 day, after which the ID token
3227
- # is no longer valid and cannot be used. This value will be overridden
3228
- # if you have entered a value in TokenValidityUnits.
3246
+ # The time limit, between 5 minutes and 1 day, after which the access
3247
+ # token is no longer valid and can't be used. If you supply a
3248
+ # TokenValidityUnits value, you will override the default time unit.
3229
3249
  #
3230
3250
  # @option params [Types::TokenValidityUnitsType] :token_validity_units
3231
- # The units in which the validity times are represented in. Default for
3251
+ # The units in which the validity times are represented. Default for
3232
3252
  # RefreshToken is days, and default for ID and access tokens are hours.
3233
3253
  #
3234
3254
  # @option params [Array<String>] :read_attributes
@@ -3242,7 +3262,7 @@ module Aws::CognitoIdentityProvider
3242
3262
  # identity provider attributes. Amazon Cognito updates mapped attributes
3243
3263
  # when users sign in to your application through an identity provider.
3244
3264
  # If your app client lacks write access to a mapped attribute, Amazon
3245
- # Cognito throws an error when it attempts to update the attribute. For
3265
+ # Cognito throws an error when it tries to update the attribute. For
3246
3266
  # more information, see [Specifying Identity Provider Attribute Mappings
3247
3267
  # for Your User Pool][1].
3248
3268
  #
@@ -3252,26 +3272,26 @@ module Aws::CognitoIdentityProvider
3252
3272
  #
3253
3273
  # @option params [Array<String>] :explicit_auth_flows
3254
3274
  # The authentication flows that are supported by the user pool clients.
3255
- # Flow names without the `ALLOW_` prefix are deprecated in favor of new
3256
- # names with the `ALLOW_` prefix. Note that values with `ALLOW_` prefix
3257
- # cannot be used along with values without `ALLOW_` prefix.
3275
+ # Flow names without the `ALLOW_` prefix are no longer supported, in
3276
+ # favor of new names with the `ALLOW_` prefix. Note that values with
3277
+ # `ALLOW_` prefix must be used only along with the `ALLOW_` prefix.
3258
3278
  #
3259
3279
  # Valid values include:
3260
3280
  #
3261
3281
  # * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
3262
3282
  # authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
3263
3283
  # replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
3264
- # flow, Cognito receives the password in the request instead of using
3265
- # the SRP (Secure Remote Password protocol) protocol to verify
3266
- # passwords.
3284
+ # flow, Amazon Cognito receives the password in the request instead of
3285
+ # using the Secure Remote Password (SRP) protocol to verify passwords.
3267
3286
  #
3268
3287
  # * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
3269
3288
  #
3270
3289
  # * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
3271
- # authentication. In this flow, Cognito receives the password in the
3272
- # request instead of using the SRP protocol to verify passwords.
3290
+ # authentication. In this flow, Amazon Cognito receives the password
3291
+ # in the request instead of using the SRP protocol to verify
3292
+ # passwords.
3273
3293
  #
3274
- # * `ALLOW_USER_SRP_AUTH`\: Enable SRP based authentication.
3294
+ # * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
3275
3295
  #
3276
3296
  # * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
3277
3297
  #
@@ -3349,49 +3369,44 @@ module Aws::CognitoIdentityProvider
3349
3369
  #
3350
3370
  # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
3351
3371
  # Set to true if the client is allowed to follow the OAuth protocol when
3352
- # interacting with Cognito user pools.
3372
+ # interacting with Amazon Cognito user pools.
3353
3373
  #
3354
3374
  # @option params [Types::AnalyticsConfigurationType] :analytics_configuration
3355
3375
  # The Amazon Pinpoint analytics configuration for collecting metrics for
3356
3376
  # this user pool.
3357
3377
  #
3358
- # <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
3359
- # supports sending events to Amazon Pinpoint projects in us-east-1. In
3360
- # regions where Pinpoint is available, Cognito User Pools will support
3361
- # sending events to Amazon Pinpoint projects within that same region.
3378
+ # <note markdown="1"> In Amazon Web Services Regions where isn't available, User Pools only
3379
+ # supports sending events to Amazon Pinpoint projects in Amazon Web
3380
+ # Services Region us-east-1. In Regions where is available, User Pools
3381
+ # will support sending events to Amazon Pinpoint projects within that
3382
+ # same Region.
3362
3383
  #
3363
3384
  # </note>
3364
3385
  #
3365
3386
  # @option params [String] :prevent_user_existence_errors
3366
- # Use this setting to choose which errors and responses are returned by
3367
- # Cognito APIs during authentication, account confirmation, and password
3368
- # recovery when the user does not exist in the user pool. When set to
3369
- # `ENABLED` and the user does not exist, authentication returns an error
3370
- # indicating either the username or password was incorrect, and account
3387
+ # Errors and responses that you want Amazon Cognito APIs to return
3388
+ # during authentication, account confirmation, and password recovery
3389
+ # when the user doesn't exist in the user pool. When set to `ENABLED`
3390
+ # and the user doesn't exist, authentication returns an error
3391
+ # indicating either the username or password was incorrect. Account
3371
3392
  # confirmation and password recovery return a response indicating a code
3372
3393
  # was sent to a simulated destination. When set to `LEGACY`, those APIs
3373
- # will return a `UserNotFoundException` exception if the user does not
3374
- # exist in the user pool.
3394
+ # return a `UserNotFoundException` exception if the user doesn't exist
3395
+ # in the user pool.
3375
3396
  #
3376
3397
  # Valid values include:
3377
3398
  #
3378
3399
  # * `ENABLED` - This prevents user existence-related errors.
3379
3400
  #
3380
- # * `LEGACY` - This represents the old behavior of Cognito where user
3381
- # existence related errors are not prevented.
3382
- #
3383
- # <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
3384
- # will default to `ENABLED` for newly created user pool clients if no
3385
- # value is provided.
3386
- #
3387
- # </note>
3401
+ # * `LEGACY` - This represents the early behavior of Amazon Cognito
3402
+ # where user existence related errors aren't prevented.
3388
3403
  #
3389
3404
  # @option params [Boolean] :enable_token_revocation
3390
- # Enables or disables token revocation. For more information about
3405
+ # Activates or deactivates token revocation. For more information about
3391
3406
  # revoking tokens, see [RevokeToken][1].
3392
3407
  #
3393
3408
  # If you don't include this parameter, token revocation is
3394
- # automatically enabled for the new user pool client.
3409
+ # automatically activated for the new user pool client.
3395
3410
  #
3396
3411
  #
3397
3412
  #
@@ -3488,7 +3503,9 @@ module Aws::CognitoIdentityProvider
3488
3503
  # Creates a new domain for a user pool.
3489
3504
  #
3490
3505
  # @option params [required, String] :domain
3491
- # The domain string.
3506
+ # The domain string. For custom domains, this is the fully-qualified
3507
+ # domain name, such as `auth.example.com`. For Amazon Cognito prefix
3508
+ # domains, this is the prefix alone, such as `auth`.
3492
3509
  #
3493
3510
  # @option params [required, String] :user_pool_id
3494
3511
  # The user pool ID.
@@ -3640,11 +3657,11 @@ module Aws::CognitoIdentityProvider
3640
3657
  # Deletes the attributes for a user.
3641
3658
  #
3642
3659
  # @option params [required, Array<String>] :user_attribute_names
3643
- # An array of strings representing the user attribute names you wish to
3660
+ # An array of strings representing the user attribute names you want to
3644
3661
  # delete.
3645
3662
  #
3646
- # For custom attributes, you must prepend the `custom:` prefix to the
3647
- # attribute name.
3663
+ # For custom attributes, you must prependattach the `custom:` prefix to
3664
+ # the front of the attribute name.
3648
3665
  #
3649
3666
  # @option params [required, String] :access_token
3650
3667
  # The access token used in the request to delete user attributes.
@@ -3719,7 +3736,9 @@ module Aws::CognitoIdentityProvider
3719
3736
  # Deletes a domain for a user pool.
3720
3737
  #
3721
3738
  # @option params [required, String] :domain
3722
- # The domain string.
3739
+ # The domain string. For custom domains, this is the fully-qualified
3740
+ # domain name, such as `auth.example.com`. For Amazon Cognito prefix
3741
+ # domains, this is the prefix alone, such as `auth`.
3723
3742
  #
3724
3743
  # @option params [required, String] :user_pool_id
3725
3744
  # The user pool ID.
@@ -4105,7 +4124,9 @@ module Aws::CognitoIdentityProvider
4105
4124
  # Gets information about a domain.
4106
4125
  #
4107
4126
  # @option params [required, String] :domain
4108
- # The domain string.
4127
+ # The domain string. For custom domains, this is the fully-qualified
4128
+ # domain name, such as `auth.example.com`. For Amazon Cognito prefix
4129
+ # domains, this is the prefix alone, such as `auth`.
4109
4130
  #
4110
4131
  # @return [Types::DescribeUserPoolDomainResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4111
4132
  #
@@ -4174,23 +4195,23 @@ module Aws::CognitoIdentityProvider
4174
4195
  # for resetting the password, call [ConfirmForgotPassword][2].
4175
4196
  #
4176
4197
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
4177
- # U.S. telecom carriers require that you register an origination phone
4198
+ # US telecom carriers require you to register an origination phone
4178
4199
  # number before you can send SMS messages to U.S. phone numbers. If you
4179
4200
  # use SMS text messages in Amazon Cognito, you must register a phone
4180
- # number with [Amazon Pinpoint][3]. Cognito will use the the registered
4181
- # number automatically. Otherwise, Cognito users that must receive SMS
4182
- # messages might be unable to sign up, activate their accounts, or sign
4183
- # in.
4201
+ # number with [Amazon Pinpoint][3]. Amazon Cognito will use the
4202
+ # registered number automatically. Otherwise, Amazon Cognito users that
4203
+ # must receive SMS messages might be unable to sign up, activate their
4204
+ # accounts, or sign in.
4184
4205
  #
4185
4206
  # If you have never used SMS text messages with Amazon Cognito or any
4186
- # other Amazon Web Service, Amazon SNS might place your account in SMS
4187
- # sandbox. In <i> <a
4207
+ # other Amazon Web Service, Amazon Simple Notification Service might
4208
+ # place your account in SMS sandbox. In <i> <a
4188
4209
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
4189
- # mode</a> </i>, you’ll have limitations, such as sending messages to
4190
- # only verified phone numbers. After testing in the sandbox environment,
4191
- # you can move out of the SMS sandbox and into production. For more
4192
- # information, see [ SMS message settings for Cognito User Pools][4] in
4193
- # the *Amazon Cognito Developer Guide*.
4210
+ # mode</a> </i>, you will have limitations, such as sending messages
4211
+ # only to verified phone numbers. After testing in the sandbox
4212
+ # environment, you can move out of the SMS sandbox and into production.
4213
+ # For more information, see [ SMS message settings for Amazon Cognito
4214
+ # User Pools][4] in the *Amazon Cognito Developer Guide*.
4194
4215
  #
4195
4216
  # </note>
4196
4217
  #
@@ -4240,19 +4261,18 @@ module Aws::CognitoIdentityProvider
4240
4261
  # For more information, see [Customizing User Pool Workflows with Lambda
4241
4262
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
4242
4263
  #
4243
- # <note markdown="1"> Take the following limitations into consideration when you use the
4244
- # ClientMetadata parameter:
4264
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
4265
+ # Cognito won't do the following:
4245
4266
  #
4246
- # * Amazon Cognito does not store the ClientMetadata value. This data is
4247
- # available only to Lambda triggers that are assigned to a user pool
4248
- # to support custom workflows. If your user pool configuration does
4249
- # not include triggers, the ClientMetadata parameter serves no
4250
- # purpose.
4267
+ # * Store the ClientMetadata value. This data is available only to
4268
+ # Lambda triggers that are assigned to a user pool to support custom
4269
+ # workflows. If your user pool configuration doesn't include
4270
+ # triggers, the ClientMetadata parameter serves no purpose.
4251
4271
  #
4252
- # * Amazon Cognito does not validate the ClientMetadata value.
4272
+ # * Validate the ClientMetadata value.
4253
4273
  #
4254
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
4255
- # don't use it to provide sensitive information.
4274
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
4275
+ # provide sensitive information.
4256
4276
  #
4257
4277
  # </note>
4258
4278
  #
@@ -4296,8 +4316,8 @@ module Aws::CognitoIdentityProvider
4296
4316
  req.send_request(options)
4297
4317
  end
4298
4318
 
4299
- # Gets the header information for the .csv file to be used as input for
4300
- # the user import job.
4319
+ # Gets the header information for the comma-separated value (CSV) file
4320
+ # to be used as input for the user import job.
4301
4321
  #
4302
4322
  # @option params [required, String] :user_pool_id
4303
4323
  # The user pool ID for the user pool that the users are to be imported
@@ -4477,11 +4497,12 @@ module Aws::CognitoIdentityProvider
4477
4497
  req.send_request(options)
4478
4498
  end
4479
4499
 
4480
- # Gets the UI Customization information for a particular app client's
4481
- # app UI, if there is something set. If nothing is set for the
4482
- # particular client, but there is an existing pool level customization
4483
- # (app `clientId` will be `ALL`), then that is returned. If nothing is
4484
- # present, then an empty shape is returned.
4500
+ # Gets the user interface (UI) Customization information for a
4501
+ # particular app client's app UI, if any such information exists for
4502
+ # the client. If nothing is set for the particular client, but there is
4503
+ # an existing pool level customization (the app `clientId` is `ALL`),
4504
+ # then that information is returned. If nothing is present, then an
4505
+ # empty shape is returned.
4485
4506
  #
4486
4507
  # @option params [required, String] :user_pool_id
4487
4508
  # The user pool ID for the user pool.
@@ -4565,23 +4586,23 @@ module Aws::CognitoIdentityProvider
4565
4586
  # name.
4566
4587
  #
4567
4588
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
4568
- # U.S. telecom carriers require that you register an origination phone
4589
+ # US telecom carriers require you to register an origination phone
4569
4590
  # number before you can send SMS messages to U.S. phone numbers. If you
4570
4591
  # use SMS text messages in Amazon Cognito, you must register a phone
4571
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
4572
- # number automatically. Otherwise, Cognito users that must receive SMS
4573
- # messages might be unable to sign up, activate their accounts, or sign
4574
- # in.
4592
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
4593
+ # registered number automatically. Otherwise, Amazon Cognito users that
4594
+ # must receive SMS messages might be unable to sign up, activate their
4595
+ # accounts, or sign in.
4575
4596
  #
4576
4597
  # If you have never used SMS text messages with Amazon Cognito or any
4577
- # other Amazon Web Service, Amazon SNS might place your account in SMS
4578
- # sandbox. In <i> <a
4598
+ # other Amazon Web Service, Amazon Simple Notification Service might
4599
+ # place your account in SMS sandbox. In <i> <a
4579
4600
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
4580
- # mode</a> </i>, you’ll have limitations, such as sending messages to
4581
- # only verified phone numbers. After testing in the sandbox environment,
4582
- # you can move out of the SMS sandbox and into production. For more
4583
- # information, see [ SMS message settings for Cognito User Pools][2] in
4584
- # the *Amazon Cognito Developer Guide*.
4601
+ # mode</a> </i>, you will have limitations, such as sending messages
4602
+ # only to verified phone numbers. After testing in the sandbox
4603
+ # environment, you can move out of the SMS sandbox and into production.
4604
+ # For more information, see [ SMS message settings for Amazon Cognito
4605
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
4585
4606
  #
4586
4607
  # </note>
4587
4608
  #
@@ -4616,19 +4637,18 @@ module Aws::CognitoIdentityProvider
4616
4637
  # For more information, see [Customizing User Pool Workflows with Lambda
4617
4638
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
4618
4639
  #
4619
- # <note markdown="1"> Take the following limitations into consideration when you use the
4620
- # ClientMetadata parameter:
4640
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
4641
+ # Cognito won't do the following:
4621
4642
  #
4622
- # * Amazon Cognito does not store the ClientMetadata value. This data is
4623
- # available only to Lambda triggers that are assigned to a user pool
4624
- # to support custom workflows. If your user pool configuration does
4625
- # not include triggers, the ClientMetadata parameter serves no
4626
- # purpose.
4643
+ # * Store the ClientMetadata value. This data is available only to
4644
+ # Lambda triggers that are assigned to a user pool to support custom
4645
+ # workflows. If your user pool configuration doesn't include
4646
+ # triggers, the ClientMetadata parameter serves no purpose.
4627
4647
  #
4628
- # * Amazon Cognito does not validate the ClientMetadata value.
4648
+ # * Validate the ClientMetadata value.
4629
4649
  #
4630
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
4631
- # don't use it to provide sensitive information.
4650
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
4651
+ # provide sensitive information.
4632
4652
  #
4633
4653
  # </note>
4634
4654
  #
@@ -4700,9 +4720,9 @@ module Aws::CognitoIdentityProvider
4700
4720
  end
4701
4721
 
4702
4722
  # Signs out users from all devices. It also invalidates all refresh
4703
- # tokens issued to a user. The user's current access and Id tokens
4723
+ # tokens issued to a user. The user's current access and ID tokens
4704
4724
  # remain valid until their expiry. Access and Id tokens expire one hour
4705
- # after they are issued.
4725
+ # after they're issued.
4706
4726
  #
4707
4727
  # @option params [required, String] :access_token
4708
4728
  # The access token.
@@ -4727,23 +4747,23 @@ module Aws::CognitoIdentityProvider
4727
4747
  # Initiates the authentication flow.
4728
4748
  #
4729
4749
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
4730
- # U.S. telecom carriers require that you register an origination phone
4750
+ # US telecom carriers require you to register an origination phone
4731
4751
  # number before you can send SMS messages to U.S. phone numbers. If you
4732
4752
  # use SMS text messages in Amazon Cognito, you must register a phone
4733
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
4734
- # number automatically. Otherwise, Cognito users that must receive SMS
4735
- # messages might be unable to sign up, activate their accounts, or sign
4736
- # in.
4753
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
4754
+ # registered number automatically. Otherwise, Amazon Cognito users that
4755
+ # must receive SMS messages might be unable to sign up, activate their
4756
+ # accounts, or sign in.
4737
4757
  #
4738
4758
  # If you have never used SMS text messages with Amazon Cognito or any
4739
- # other Amazon Web Service, Amazon SNS might place your account in SMS
4740
- # sandbox. In <i> <a
4759
+ # other Amazon Web Service, Amazon Simple Notification Service might
4760
+ # place your account in SMS sandbox. In <i> <a
4741
4761
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
4742
- # mode</a> </i>, you’ll have limitations, such as sending messages to
4743
- # only verified phone numbers. After testing in the sandbox environment,
4744
- # you can move out of the SMS sandbox and into production. For more
4745
- # information, see [ SMS message settings for Cognito User Pools][2] in
4746
- # the *Amazon Cognito Developer Guide*.
4762
+ # mode</a> </i>, you will have limitations, such as sending messages
4763
+ # only to verified phone numbers. After testing in the sandbox
4764
+ # environment, you can move out of the SMS sandbox and into production.
4765
+ # For more information, see [ SMS message settings for Amazon Cognito
4766
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
4747
4767
  #
4748
4768
  # </note>
4749
4769
  #
@@ -4753,17 +4773,17 @@ module Aws::CognitoIdentityProvider
4753
4773
  # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
4754
4774
  #
4755
4775
  # @option params [required, String] :auth_flow
4756
- # The authentication flow for this call to execute. The API action will
4776
+ # The authentication flow for this call to run. The API action will
4757
4777
  # depend on this value. For example:
4758
4778
  #
4759
- # * `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
4760
- # new tokens.
4779
+ # * `REFRESH_TOKEN_AUTH` takes in a valid refresh token and returns new
4780
+ # tokens.
4761
4781
  #
4762
- # * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
4763
- # SRP variables to be used for next challenge execution.
4782
+ # * `USER_SRP_AUTH` takes in `USERNAME` and `SRP_A` and returns the SRP
4783
+ # variables to be used for next challenge execution.
4764
4784
  #
4765
- # * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
4766
- # return the next challenge or tokens.
4785
+ # * `USER_PASSWORD_AUTH` takes in `USERNAME` and `PASSWORD` and returns
4786
+ # the next challenge or tokens.
4767
4787
  #
4768
4788
  # Valid values include:
4769
4789
  #
@@ -4778,19 +4798,14 @@ module Aws::CognitoIdentityProvider
4778
4798
  #
4779
4799
  # * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
4780
4800
  # PASSWORD are passed directly. If a user migration Lambda trigger is
4781
- # set, this flow will invoke the user migration Lambda if the USERNAME
4782
- # is not found in the user pool.
4783
- #
4784
- # * `ADMIN_USER_PASSWORD_AUTH`\: Admin-based user password
4785
- # authentication. This replaces the `ADMIN_NO_SRP_AUTH` authentication
4786
- # flow. In this flow, Cognito receives the password in the request
4787
- # instead of using the SRP process to verify passwords.
4801
+ # set, this flow will invoke the user migration Lambda if it doesn't
4802
+ # find the USERNAME in the user pool.
4788
4803
  #
4789
- # `ADMIN_NO_SRP_AUTH` is not a valid value.
4804
+ # `ADMIN_NO_SRP_AUTH` isn't a valid value.
4790
4805
  #
4791
4806
  # @option params [Hash<String,String>] :auth_parameters
4792
4807
  # The authentication parameters. These are inputs corresponding to the
4793
- # `AuthFlow` that you are invoking. The required values depend on the
4808
+ # `AuthFlow` that you're invoking. The required values depend on the
4794
4809
  # value of `AuthFlow`\:
4795
4810
  #
4796
4811
  # * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
@@ -4831,7 +4846,7 @@ module Aws::CognitoIdentityProvider
4831
4846
  # needs.
4832
4847
  #
4833
4848
  # When you use the InitiateAuth API action, Amazon Cognito also invokes
4834
- # the functions for the following triggers, but it does not provide the
4849
+ # the functions for the following triggers, but it doesn't provide the
4835
4850
  # ClientMetadata value as input:
4836
4851
  #
4837
4852
  # * Post authentication
@@ -4849,19 +4864,18 @@ module Aws::CognitoIdentityProvider
4849
4864
  # For more information, see [Customizing User Pool Workflows with Lambda
4850
4865
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
4851
4866
  #
4852
- # <note markdown="1"> Take the following limitations into consideration when you use the
4853
- # ClientMetadata parameter:
4867
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
4868
+ # Cognito won't do the following:
4854
4869
  #
4855
- # * Amazon Cognito does not store the ClientMetadata value. This data is
4856
- # available only to Lambda triggers that are assigned to a user pool
4857
- # to support custom workflows. If your user pool configuration does
4858
- # not include triggers, the ClientMetadata parameter serves no
4859
- # purpose.
4870
+ # * Store the ClientMetadata value. This data is available only to
4871
+ # Lambda triggers that are assigned to a user pool to support custom
4872
+ # workflows. If your user pool configuration doesn't include
4873
+ # triggers, the ClientMetadata parameter serves no purpose.
4860
4874
  #
4861
- # * Amazon Cognito does not validate the ClientMetadata value.
4875
+ # * Validate the ClientMetadata value.
4862
4876
  #
4863
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
4864
- # don't use it to provide sensitive information.
4877
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
4878
+ # provide sensitive information.
4865
4879
  #
4866
4880
  # </note>
4867
4881
  #
@@ -5253,7 +5267,7 @@ module Aws::CognitoIdentityProvider
5253
5267
  req.send_request(options)
5254
5268
  end
5255
5269
 
5256
- # Lists the user pools associated with an account.
5270
+ # Lists the user pools associated with an Amazon Web Services account.
5257
5271
  #
5258
5272
  # @option params [String] :next_token
5259
5273
  # An identifier that was returned from the previous call to this
@@ -5373,16 +5387,32 @@ module Aws::CognitoIdentityProvider
5373
5387
  #
5374
5388
  # * `sub`
5375
5389
  #
5376
- # Custom attributes are not searchable.
5390
+ # Custom attributes aren't searchable.
5391
+ #
5392
+ # <note markdown="1"> You can also list users with a client-side filter. The server-side
5393
+ # filter matches no more than 1 attribute. For an advanced search, use a
5394
+ # client-side filter with the `--query` parameter of the `list-users`
5395
+ # action in the CLI. When you use a client-side filter, ListUsers
5396
+ # returns a paginated list of zero or more users. You can receive
5397
+ # multiple pages in a row with zero results. Repeat the query with each
5398
+ # pagination token that is returned until you receive a null pagination
5399
+ # token value, and then review the combined result.
5400
+ #
5401
+ # For more information about server-side and client-side filtering, see
5402
+ # [FilteringCLI output][1] in the [Command Line Interface User
5403
+ # Guide][1].
5404
+ #
5405
+ # </note>
5377
5406
  #
5378
5407
  # For more information, see [Searching for Users Using the ListUsers
5379
- # API][1] and [Examples of Using the ListUsers API][2] in the *Amazon
5408
+ # API][2] and [Examples of Using the ListUsers API][3] in the *Amazon
5380
5409
  # Cognito Developer Guide*.
5381
5410
  #
5382
5411
  #
5383
5412
  #
5384
- # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
5385
- # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
5413
+ # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html
5414
+ # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
5415
+ # [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
5386
5416
  #
5387
5417
  # @return [Types::ListUsersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5388
5418
  #
@@ -5489,23 +5519,23 @@ module Aws::CognitoIdentityProvider
5489
5519
  # specific user in the user pool.
5490
5520
  #
5491
5521
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
5492
- # U.S. telecom carriers require that you register an origination phone
5522
+ # US telecom carriers require you to register an origination phone
5493
5523
  # number before you can send SMS messages to U.S. phone numbers. If you
5494
5524
  # use SMS text messages in Amazon Cognito, you must register a phone
5495
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
5496
- # number automatically. Otherwise, Cognito users that must receive SMS
5497
- # messages might be unable to sign up, activate their accounts, or sign
5498
- # in.
5525
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
5526
+ # registered number automatically. Otherwise, Amazon Cognito users that
5527
+ # must receive SMS messages might be unable to sign up, activate their
5528
+ # accounts, or sign in.
5499
5529
  #
5500
5530
  # If you have never used SMS text messages with Amazon Cognito or any
5501
- # other Amazon Web Service, Amazon SNS might place your account in SMS
5502
- # sandbox. In <i> <a
5531
+ # other Amazon Web Service, Amazon Simple Notification Service might
5532
+ # place your account in SMS sandbox. In <i> <a
5503
5533
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
5504
- # mode</a> </i>, you’ll have limitations, such as sending messages to
5505
- # only verified phone numbers. After testing in the sandbox environment,
5506
- # you can move out of the SMS sandbox and into production. For more
5507
- # information, see [ SMS message settings for Cognito User Pools][2] in
5508
- # the *Amazon Cognito Developer Guide*.
5534
+ # mode</a> </i>, you will have limitations, such as sending messages
5535
+ # only to verified phone numbers. After testing in the sandbox
5536
+ # environment, you can move out of the SMS sandbox and into production.
5537
+ # For more information, see [ SMS message settings for Amazon Cognito
5538
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
5509
5539
  #
5510
5540
  # </note>
5511
5541
  #
@@ -5528,8 +5558,8 @@ module Aws::CognitoIdentityProvider
5528
5558
  # Cognito advanced security.
5529
5559
  #
5530
5560
  # @option params [required, String] :username
5531
- # The user name of the user to whom you wish to resend a confirmation
5532
- # code.
5561
+ # The `username` attribute of the user to whom you want to resend a
5562
+ # confirmation code.
5533
5563
  #
5534
5564
  # @option params [Types::AnalyticsMetadataType] :analytics_metadata
5535
5565
  # The Amazon Pinpoint analytics metadata for collecting metrics for
@@ -5553,19 +5583,18 @@ module Aws::CognitoIdentityProvider
5553
5583
  # For more information, see [Customizing User Pool Workflows with Lambda
5554
5584
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
5555
5585
  #
5556
- # <note markdown="1"> Take the following limitations into consideration when you use the
5557
- # ClientMetadata parameter:
5586
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
5587
+ # Cognito won't do the following:
5558
5588
  #
5559
- # * Amazon Cognito does not store the ClientMetadata value. This data is
5560
- # available only to Lambda triggers that are assigned to a user pool
5561
- # to support custom workflows. If your user pool configuration does
5562
- # not include triggers, the ClientMetadata parameter serves no
5563
- # purpose.
5589
+ # * Store the ClientMetadata value. This data is available only to
5590
+ # Lambda triggers that are assigned to a user pool to support custom
5591
+ # workflows. If your user pool configuration doesn't include
5592
+ # triggers, the ClientMetadata parameter serves no purpose.
5564
5593
  #
5565
- # * Amazon Cognito does not validate the ClientMetadata value.
5594
+ # * Validate the ClientMetadata value.
5566
5595
  #
5567
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
5568
- # don't use it to provide sensitive information.
5596
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
5597
+ # provide sensitive information.
5569
5598
  #
5570
5599
  # </note>
5571
5600
  #
@@ -5612,23 +5641,23 @@ module Aws::CognitoIdentityProvider
5612
5641
  # Responds to the authentication challenge.
5613
5642
  #
5614
5643
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
5615
- # U.S. telecom carriers require that you register an origination phone
5644
+ # US telecom carriers require you to register an origination phone
5616
5645
  # number before you can send SMS messages to U.S. phone numbers. If you
5617
5646
  # use SMS text messages in Amazon Cognito, you must register a phone
5618
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
5619
- # number automatically. Otherwise, Cognito users that must receive SMS
5620
- # messages might be unable to sign up, activate their accounts, or sign
5621
- # in.
5647
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
5648
+ # registered number automatically. Otherwise, Amazon Cognito users that
5649
+ # must receive SMS messages might be unable to sign up, activate their
5650
+ # accounts, or sign in.
5622
5651
  #
5623
5652
  # If you have never used SMS text messages with Amazon Cognito or any
5624
- # other Amazon Web Service, Amazon SNS might place your account in SMS
5625
- # sandbox. In <i> <a
5653
+ # other Amazon Web Service, Amazon Simple Notification Service might
5654
+ # place your account in SMS sandbox. In <i> <a
5626
5655
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
5627
- # mode</a> </i>, you’ll have limitations, such as sending messages to
5628
- # only verified phone numbers. After testing in the sandbox environment,
5629
- # you can move out of the SMS sandbox and into production. For more
5630
- # information, see [ SMS message settings for Cognito User Pools][2] in
5631
- # the *Amazon Cognito Developer Guide*.
5656
+ # mode</a> </i>, you will have limitations, such as sending messages
5657
+ # only to verified phone numbers. After testing in the sandbox
5658
+ # environment, you can move out of the SMS sandbox and into production.
5659
+ # For more information, see [ SMS message settings for Amazon Cognito
5660
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
5632
5661
  #
5633
5662
  # </note>
5634
5663
  #
@@ -5643,26 +5672,25 @@ module Aws::CognitoIdentityProvider
5643
5672
  # @option params [required, String] :challenge_name
5644
5673
  # The challenge name. For more information, see [InitiateAuth][1].
5645
5674
  #
5646
- # `ADMIN_NO_SRP_AUTH` is not a valid value.
5675
+ # `ADMIN_NO_SRP_AUTH` isn't a valid value.
5647
5676
  #
5648
5677
  #
5649
5678
  #
5650
5679
  # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
5651
5680
  #
5652
5681
  # @option params [String] :session
5653
- # The session which should be passed both ways in challenge-response
5682
+ # The session that should be passed both ways in challenge-response
5654
5683
  # calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
5655
- # API call determines that the caller needs to go through another
5656
- # challenge, they return a session with other challenge parameters. This
5657
- # session should be passed as it is to the next `RespondToAuthChallenge`
5658
- # API call.
5684
+ # API call determines that the caller must pass another challenge, they
5685
+ # return a session with other challenge parameters. This session should
5686
+ # be passed as it is to the next `RespondToAuthChallenge` API call.
5659
5687
  #
5660
5688
  # @option params [Hash<String,String>] :challenge_responses
5661
5689
  # The challenge responses. These are inputs corresponding to the value
5662
5690
  # of `ChallengeName`, for example:
5663
5691
  #
5664
5692
  # <note markdown="1"> `SECRET_HASH` (if app client is configured with client secret) applies
5665
- # to all inputs below (including `SOFTWARE_TOKEN_MFA`).
5693
+ # to all of the inputs that follow (including `SOFTWARE_TOKEN_MFA`).
5666
5694
  #
5667
5695
  # </note>
5668
5696
  #
@@ -5671,6 +5699,11 @@ module Aws::CognitoIdentityProvider
5671
5699
  # * `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
5672
5700
  # `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`.
5673
5701
  #
5702
+ # <note markdown="1"> `PASSWORD_VERIFIER` requires `DEVICE_KEY` when signing in with a
5703
+ # remembered device.
5704
+ #
5705
+ # </note>
5706
+ #
5674
5707
  # * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
5675
5708
  # attributes, `USERNAME`.
5676
5709
  #
@@ -5681,10 +5714,10 @@ module Aws::CognitoIdentityProvider
5681
5714
  # `SECRET_HASH`).
5682
5715
  #
5683
5716
  # * `DEVICE_PASSWORD_VERIFIER` requires everything that
5684
- # `PASSWORD_VERIFIER` requires plus `DEVICE_KEY`.
5717
+ # `PASSWORD_VERIFIER` requires, plus `DEVICE_KEY`.
5685
5718
  #
5686
- # * `MFA_SETUP` requires `USERNAME`, plus you need to use the session
5687
- # value returned by `VerifySoftwareToken` in the `Session` parameter.
5719
+ # * `MFA_SETUP` requires `USERNAME`, plus you must use the session value
5720
+ # returned by `VerifySoftwareToken` in the `Session` parameter.
5688
5721
  #
5689
5722
  # @option params [Types::AnalyticsMetadataType] :analytics_metadata
5690
5723
  # The Amazon Pinpoint analytics metadata for collecting metrics for
@@ -5715,19 +5748,18 @@ module Aws::CognitoIdentityProvider
5715
5748
  # For more information, see [Customizing User Pool Workflows with Lambda
5716
5749
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
5717
5750
  #
5718
- # <note markdown="1"> Take the following limitations into consideration when you use the
5719
- # ClientMetadata parameter:
5751
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
5752
+ # Cognito won't do the following:
5720
5753
  #
5721
- # * Amazon Cognito does not store the ClientMetadata value. This data is
5722
- # available only to Lambda triggers that are assigned to a user pool
5723
- # to support custom workflows. If your user pool configuration does
5724
- # not include triggers, the ClientMetadata parameter serves no
5725
- # purpose.
5754
+ # * Store the ClientMetadata value. This data is available only to
5755
+ # Lambda triggers that are assigned to a user pool to support custom
5756
+ # workflows. If your user pool configuration doesn't include
5757
+ # triggers, the ClientMetadata parameter serves no purpose.
5726
5758
  #
5727
- # * Amazon Cognito does not validate the ClientMetadata value.
5759
+ # * Validate the ClientMetadata value.
5728
5760
  #
5729
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
5730
- # don't use it to provide sensitive information.
5761
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
5762
+ # provide sensitive information.
5731
5763
  #
5732
5764
  # </note>
5733
5765
  #
@@ -5786,11 +5818,11 @@ module Aws::CognitoIdentityProvider
5786
5818
  end
5787
5819
 
5788
5820
  # Revokes all of the access tokens generated by the specified refresh
5789
- # token. After the token is revoked, you can not use the revoked token
5790
- # to access Cognito authenticated APIs.
5821
+ # token. After the token is revoked, you can't use the revoked token to
5822
+ # access Amazon Cognito authenticated APIs.
5791
5823
  #
5792
5824
  # @option params [required, String] :token
5793
- # The token that you want to revoke.
5825
+ # The refresh token that you want to revoke.
5794
5826
  #
5795
5827
  # @option params [required, String] :client_id
5796
5828
  # The client ID for the token that you want to revoke.
@@ -5822,7 +5854,7 @@ module Aws::CognitoIdentityProvider
5822
5854
  # for `UserPoolId` or `ClientId`, pass null values for all four
5823
5855
  # configuration types.
5824
5856
  #
5825
- # To enable Amazon Cognito advanced security features, update the user
5857
+ # To activate Amazon Cognito advanced security features, update the user
5826
5858
  # pool to include the `UserPoolAddOns` key`AdvancedSecurityMode`.
5827
5859
  #
5828
5860
  # @option params [required, String] :user_pool_id
@@ -5833,8 +5865,8 @@ module Aws::CognitoIdentityProvider
5833
5865
  # is mapped to `userPoolId`. When the client ID is null, the same risk
5834
5866
  # configuration is applied to all the clients in the userPool.
5835
5867
  #
5836
- # Otherwise, `ClientId` is mapped to the client. When the client ID is
5837
- # not null, the user pool configuration is overridden and the risk
5868
+ # Otherwise, `ClientId` is mapped to the client. When the client ID
5869
+ # isn't null, the user pool configuration is overridden and the risk
5838
5870
  # configuration for the client is used instead.
5839
5871
  #
5840
5872
  # @option params [Types::CompromisedCredentialsRiskConfigurationType] :compromised_credentials_risk_configuration
@@ -5943,15 +5975,15 @@ module Aws::CognitoIdentityProvider
5943
5975
  req.send_request(options)
5944
5976
  end
5945
5977
 
5946
- # Sets the UI customization information for a user pool's built-in app
5947
- # UI.
5978
+ # Sets the user interface (UI) customization information for a user
5979
+ # pool's built-in app UI.
5948
5980
  #
5949
5981
  # You can specify app UI customization settings for a single client
5950
5982
  # (with a specific `clientId`) or for all clients (by setting the
5951
5983
  # `clientId` to `ALL`). If you specify `ALL`, the default configuration
5952
- # will be used for every client that has no UI customization set
5953
- # previously. If you specify UI customization settings for a particular
5954
- # client, it will no longer fall back to the `ALL` configuration.
5984
+ # is used for every client that has no previously set UI customization.
5985
+ # If you specify UI customization settings for a particular client, it
5986
+ # will no longer return to the `ALL` configuration.
5955
5987
  #
5956
5988
  # <note markdown="1"> To use this API, your user pool must have a domain associated with it.
5957
5989
  # Otherwise, there is no place to host the app's pages, and the service
@@ -6004,16 +6036,16 @@ module Aws::CognitoIdentityProvider
6004
6036
  end
6005
6037
 
6006
6038
  # Set the user's multi-factor authentication (MFA) method preference,
6007
- # including which MFA factors are enabled and if any are preferred. Only
6008
- # one factor can be set as preferred. The preferred MFA factor will be
6009
- # used to authenticate a user if multiple factors are enabled. If
6010
- # multiple options are enabled and no preference is set, a challenge to
6011
- # choose an MFA option will be returned during sign in. If an MFA type
6012
- # is enabled for a user, the user will be prompted for MFA during all
6013
- # sign in attempts, unless device tracking is turned on and the device
6014
- # has been trusted. If you would like MFA to be applied selectively
6015
- # based on the assessed risk level of sign in attempts, disable MFA for
6016
- # users and turn on Adaptive Authentication for the user pool.
6039
+ # including which MFA factors are activated and if any are preferred.
6040
+ # Only one factor can be set as preferred. The preferred MFA factor will
6041
+ # be used to authenticate a user if multiple factors are activated. If
6042
+ # multiple options are activated and no preference is set, a challenge
6043
+ # to choose an MFA option will be returned during sign-in. If an MFA
6044
+ # type is activated for a user, the user will be prompted for MFA during
6045
+ # all sign-in attempts unless device tracking is turned on and the
6046
+ # device has been trusted. If you want MFA to be applied selectively
6047
+ # based on the assessed risk level of sign-in attempts, deactivate MFA
6048
+ # for users and turn on Adaptive Authentication for the user pool.
6017
6049
  #
6018
6050
  # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
6019
6051
  # The SMS text message multi-factor authentication (MFA) settings.
@@ -6049,26 +6081,26 @@ module Aws::CognitoIdentityProvider
6049
6081
  req.send_request(options)
6050
6082
  end
6051
6083
 
6052
- # Set the user pool multi-factor authentication (MFA) configuration.
6084
+ # Sets the user pool multi-factor authentication (MFA) configuration.
6053
6085
  #
6054
6086
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
6055
- # U.S. telecom carriers require that you register an origination phone
6087
+ # US telecom carriers require you to register an origination phone
6056
6088
  # number before you can send SMS messages to U.S. phone numbers. If you
6057
6089
  # use SMS text messages in Amazon Cognito, you must register a phone
6058
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
6059
- # number automatically. Otherwise, Cognito users that must receive SMS
6060
- # messages might be unable to sign up, activate their accounts, or sign
6061
- # in.
6090
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
6091
+ # registered number automatically. Otherwise, Amazon Cognito users that
6092
+ # must receive SMS messages might be unable to sign up, activate their
6093
+ # accounts, or sign in.
6062
6094
  #
6063
6095
  # If you have never used SMS text messages with Amazon Cognito or any
6064
- # other Amazon Web Service, Amazon SNS might place your account in SMS
6065
- # sandbox. In <i> <a
6096
+ # other Amazon Web Service, Amazon Simple Notification Service might
6097
+ # place your account in SMS sandbox. In <i> <a
6066
6098
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6067
- # mode</a> </i>, you’ll have limitations, such as sending messages to
6068
- # only verified phone numbers. After testing in the sandbox environment,
6069
- # you can move out of the SMS sandbox and into production. For more
6070
- # information, see [ SMS message settings for Cognito User Pools][2] in
6071
- # the *Amazon Cognito Developer Guide*.
6099
+ # mode</a> </i>, you will have limitations, such as sending messages
6100
+ # only to verified phone numbers. After testing in the sandbox
6101
+ # environment, you can move out of the SMS sandbox and into production.
6102
+ # For more information, see [ SMS message settings for Amazon Cognito
6103
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
6072
6104
  #
6073
6105
  # </note>
6074
6106
  #
@@ -6087,18 +6119,18 @@ module Aws::CognitoIdentityProvider
6087
6119
  # The software token MFA configuration.
6088
6120
  #
6089
6121
  # @option params [String] :mfa_configuration
6090
- # The MFA configuration. Users who don't have an MFA factor set up
6091
- # won't be able to sign-in if you set the MfaConfiguration value to
6092
- # ‘ON’. See [Adding Multi-Factor Authentication (MFA) to a User
6093
- # Pool](cognito/latest/developerguide/user-pool-settings-mfa.html) to
6094
- # learn more. Valid values include:
6122
+ # The MFA configuration. If you set the MfaConfiguration value to ‘ON’,
6123
+ # only users with an MFA factor set up can sign in. To learn more, see
6124
+ # [Adding Multi-Factor Authentication (MFA) to a User
6125
+ # Pool](cognito/latest/developerguide/user-pool-settings-mfa.html).
6126
+ # Valid values include:
6095
6127
  #
6096
- # * `OFF` MFA will not be used for any users.
6128
+ # * `OFF` MFA won't be used for any users.
6097
6129
  #
6098
6130
  # * `ON` MFA is required for all users to sign in.
6099
6131
  #
6100
6132
  # * `OPTIONAL` MFA will be required only for individual users who have
6101
- # an MFA factor enabled.
6133
+ # an MFA factor activated.
6102
6134
  #
6103
6135
  # @return [Types::SetUserPoolMfaConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6104
6136
  #
@@ -6141,8 +6173,9 @@ module Aws::CognitoIdentityProvider
6141
6173
  end
6142
6174
 
6143
6175
  # *This action is no longer supported.* You can use it to configure only
6144
- # SMS MFA. You can't use it to configure TOTP software token MFA. To
6145
- # configure either type of MFA, use [SetUserMFAPreference][1] instead.
6176
+ # SMS MFA. You can't use it to configure time-based one-time password
6177
+ # (TOTP) software token MFA. To configure either type of MFA, use
6178
+ # [SetUserMFAPreference][1] instead.
6146
6179
  #
6147
6180
  #
6148
6181
  #
@@ -6182,23 +6215,23 @@ module Aws::CognitoIdentityProvider
6182
6215
  # password, and user attributes.
6183
6216
  #
6184
6217
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
6185
- # U.S. telecom carriers require that you register an origination phone
6218
+ # US telecom carriers require you to register an origination phone
6186
6219
  # number before you can send SMS messages to U.S. phone numbers. If you
6187
6220
  # use SMS text messages in Amazon Cognito, you must register a phone
6188
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
6189
- # number automatically. Otherwise, Cognito users that must receive SMS
6190
- # messages might be unable to sign up, activate their accounts, or sign
6191
- # in.
6221
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
6222
+ # registered number automatically. Otherwise, Amazon Cognito users that
6223
+ # must receive SMS messages might be unable to sign up, activate their
6224
+ # accounts, or sign in.
6192
6225
  #
6193
6226
  # If you have never used SMS text messages with Amazon Cognito or any
6194
- # other Amazon Web Service, Amazon SNS might place your account in SMS
6195
- # sandbox. In <i> <a
6227
+ # other Amazon Web Service, Amazon Simple Notification Service might
6228
+ # place your account in SMS sandbox. In <i> <a
6196
6229
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6197
- # mode</a> </i>, you’ll have limitations, such as sending messages to
6198
- # only verified phone numbers. After testing in the sandbox environment,
6199
- # you can move out of the SMS sandbox and into production. For more
6200
- # information, see [ SMS message settings for Cognito User Pools][2] in
6201
- # the *Amazon Cognito Developer Guide*.
6230
+ # mode</a> </i>, you will have limitations, such as sending messages
6231
+ # only to verified phone numbers. After testing in the sandbox
6232
+ # environment, you can move out of the SMS sandbox and into production.
6233
+ # For more information, see [ SMS message settings for Amazon Cognito
6234
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
6202
6235
  #
6203
6236
  # </note>
6204
6237
  #
@@ -6216,10 +6249,10 @@ module Aws::CognitoIdentityProvider
6216
6249
  # the message.
6217
6250
  #
6218
6251
  # @option params [required, String] :username
6219
- # The user name of the user you wish to register.
6252
+ # The user name of the user you want to register.
6220
6253
  #
6221
6254
  # @option params [required, String] :password
6222
- # The password of the user you wish to register.
6255
+ # The password of the user you want to register.
6223
6256
  #
6224
6257
  # @option params [Array<Types::AttributeType>] :user_attributes
6225
6258
  # An array of name-value pairs representing user attributes.
@@ -6257,19 +6290,18 @@ module Aws::CognitoIdentityProvider
6257
6290
  # For more information, see [Customizing User Pool Workflows with Lambda
6258
6291
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
6259
6292
  #
6260
- # <note markdown="1"> Take the following limitations into consideration when you use the
6261
- # ClientMetadata parameter:
6293
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
6294
+ # Cognito won't do the following:
6262
6295
  #
6263
- # * Amazon Cognito does not store the ClientMetadata value. This data is
6264
- # available only to Lambda triggers that are assigned to a user pool
6265
- # to support custom workflows. If your user pool configuration does
6266
- # not include triggers, the ClientMetadata parameter serves no
6267
- # purpose.
6296
+ # * Store the ClientMetadata value. This data is available only to
6297
+ # Lambda triggers that are assigned to a user pool to support custom
6298
+ # workflows. If your user pool configuration doesn't include
6299
+ # triggers, the ClientMetadata parameter serves no purpose.
6268
6300
  #
6269
- # * Amazon Cognito does not validate the ClientMetadata value.
6301
+ # * Validate the ClientMetadata value.
6270
6302
  #
6271
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
6272
- # don't use it to provide sensitive information.
6303
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
6304
+ # provide sensitive information.
6273
6305
  #
6274
6306
  # </note>
6275
6307
  #
@@ -6428,14 +6460,14 @@ module Aws::CognitoIdentityProvider
6428
6460
  # is a general category for more specific values. For example, if you
6429
6461
  # have two versions of a user pool, one for testing and another for
6430
6462
  # production, you might assign an `Environment` tag key to both user
6431
- # pools. The value of this key might be `Test` for one user pool and
6463
+ # pools. The value of this key might be `Test` for one user pool, and
6432
6464
  # `Production` for the other.
6433
6465
  #
6434
6466
  # Tags are useful for cost tracking and access control. You can activate
6435
6467
  # your tags so that they appear on the Billing and Cost Management
6436
6468
  # console, where you can track the costs associated with your user
6437
- # pools. In an IAM policy, you can constrain permissions for user pools
6438
- # based on specific tags or tag values.
6469
+ # pools. In an Identity and Access Management policy, you can constrain
6470
+ # permissions for user pools based on specific tags or tag values.
6439
6471
  #
6440
6472
  # You can use this action up to 5 times per second, per account. A user
6441
6473
  # pool can have as many as 50 tags.
@@ -6467,7 +6499,7 @@ module Aws::CognitoIdentityProvider
6467
6499
  end
6468
6500
 
6469
6501
  # Removes the specified tags from an Amazon Cognito user pool. You can
6470
- # use this action up to 5 times per second, per account
6502
+ # use this action up to 5 times per second, per account.
6471
6503
  #
6472
6504
  # @option params [required, String] :resource_arn
6473
6505
  # The Amazon Resource Name (ARN) of the user pool that the tags are
@@ -6494,7 +6526,7 @@ module Aws::CognitoIdentityProvider
6494
6526
  req.send_request(options)
6495
6527
  end
6496
6528
 
6497
- # Provides the feedback for an authentication event whether it was from
6529
+ # Provides the feedback for an authentication event, whether it was from
6498
6530
  # a valid user or not. This feedback is used for improving the risk
6499
6531
  # evaluation decision for the user pool as part of Amazon Cognito
6500
6532
  # advanced security.
@@ -6579,8 +6611,9 @@ module Aws::CognitoIdentityProvider
6579
6611
  # A string containing the new description of the group.
6580
6612
  #
6581
6613
  # @option params [String] :role_arn
6582
- # The new role ARN for the group. This is used for setting the
6583
- # `cognito:roles` and `cognito:preferred_role` claims in the token.
6614
+ # The new role Amazon Resource Name (ARN) for the group. This is used
6615
+ # for setting the `cognito:roles` and `cognito:preferred_role` claims in
6616
+ # the token.
6584
6617
  #
6585
6618
  # @option params [Integer] :precedence
6586
6619
  # The new precedence value for the group. For more information about
@@ -6685,7 +6718,7 @@ module Aws::CognitoIdentityProvider
6685
6718
  # Updates the name and scopes of resource server. All other fields are
6686
6719
  # read-only.
6687
6720
  #
6688
- # If you don't provide a value for an attribute, it will be set to the
6721
+ # If you don't provide a value for an attribute, it is set to the
6689
6722
  # default value.
6690
6723
  #
6691
6724
  # @option params [required, String] :user_pool_id
@@ -6739,23 +6772,23 @@ module Aws::CognitoIdentityProvider
6739
6772
  # Allows a user to update a specific attribute (one at a time).
6740
6773
  #
6741
6774
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
6742
- # U.S. telecom carriers require that you register an origination phone
6775
+ # US telecom carriers require you to register an origination phone
6743
6776
  # number before you can send SMS messages to U.S. phone numbers. If you
6744
6777
  # use SMS text messages in Amazon Cognito, you must register a phone
6745
- # number with [Amazon Pinpoint][1]. Cognito will use the the registered
6746
- # number automatically. Otherwise, Cognito users that must receive SMS
6747
- # messages might be unable to sign up, activate their accounts, or sign
6748
- # in.
6778
+ # number with [Amazon Pinpoint][1]. Amazon Cognito will use the
6779
+ # registered number automatically. Otherwise, Amazon Cognito users that
6780
+ # must receive SMS messages might be unable to sign up, activate their
6781
+ # accounts, or sign in.
6749
6782
  #
6750
6783
  # If you have never used SMS text messages with Amazon Cognito or any
6751
- # other Amazon Web Service, Amazon SNS might place your account in SMS
6752
- # sandbox. In <i> <a
6784
+ # other Amazon Web Service, Amazon Simple Notification Service might
6785
+ # place your account in SMS sandbox. In <i> <a
6753
6786
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6754
- # mode</a> </i>, you’ll have limitations, such as sending messages to
6755
- # only verified phone numbers. After testing in the sandbox environment,
6756
- # you can move out of the SMS sandbox and into production. For more
6757
- # information, see [ SMS message settings for Cognito User Pools][2] in
6758
- # the *Amazon Cognito Developer Guide*.
6787
+ # mode</a> </i>, you will have limitations, such as sending messages
6788
+ # only to verified phone numbers. After testing in the sandbox
6789
+ # environment, you can move out of the SMS sandbox and into production.
6790
+ # For more information, see [ SMS message settings for Amazon Cognito
6791
+ # User Pools][2] in the *Amazon Cognito Developer Guide*.
6759
6792
  #
6760
6793
  # </note>
6761
6794
  #
@@ -6775,7 +6808,7 @@ module Aws::CognitoIdentityProvider
6775
6808
  #
6776
6809
  # @option params [Hash<String,String>] :client_metadata
6777
6810
  # A map of custom key-value pairs that you can provide as input for any
6778
- # custom workflows that this action triggers.
6811
+ # custom workflows that this action initiates.
6779
6812
  #
6780
6813
  # You create custom workflows by assigning Lambda functions to user pool
6781
6814
  # triggers. When you use the UpdateUserAttributes API action, Amazon
@@ -6790,19 +6823,18 @@ module Aws::CognitoIdentityProvider
6790
6823
  # For more information, see [Customizing User Pool Workflows with Lambda
6791
6824
  # Triggers][1] in the *Amazon Cognito Developer Guide*.
6792
6825
  #
6793
- # <note markdown="1"> Take the following limitations into consideration when you use the
6794
- # ClientMetadata parameter:
6826
+ # <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
6827
+ # Cognito won't do the following:
6795
6828
  #
6796
- # * Amazon Cognito does not store the ClientMetadata value. This data is
6797
- # available only to Lambda triggers that are assigned to a user pool
6798
- # to support custom workflows. If your user pool configuration does
6799
- # not include triggers, the ClientMetadata parameter serves no
6800
- # purpose.
6829
+ # * Store the ClientMetadata value. This data is available only to
6830
+ # Lambda triggers that are assigned to a user pool to support custom
6831
+ # workflows. If your user pool configuration doesn't include
6832
+ # triggers, the ClientMetadata parameter serves no purpose.
6801
6833
  #
6802
- # * Amazon Cognito does not validate the ClientMetadata value.
6834
+ # * Validate the ClientMetadata value.
6803
6835
  #
6804
- # * Amazon Cognito does not encrypt the the ClientMetadata value, so
6805
- # don't use it to provide sensitive information.
6836
+ # * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
6837
+ # provide sensitive information.
6806
6838
  #
6807
6839
  # </note>
6808
6840
  #
@@ -6851,23 +6883,23 @@ module Aws::CognitoIdentityProvider
6851
6883
  # it will be set to the default value.
6852
6884
  #
6853
6885
  # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
6854
- # U.S. telecom carriers require that you register an origination phone
6886
+ # US telecom carriers require you to register an origination phone
6855
6887
  # number before you can send SMS messages to U.S. phone numbers. If you
6856
6888
  # use SMS text messages in Amazon Cognito, you must register a phone
6857
- # number with [Amazon Pinpoint][2]. Cognito will use the the registered
6858
- # number automatically. Otherwise, Cognito users that must receive SMS
6859
- # messages might be unable to sign up, activate their accounts, or sign
6860
- # in.
6889
+ # number with [Amazon Pinpoint][2]. Amazon Cognito will use the
6890
+ # registered number automatically. Otherwise, Amazon Cognito users that
6891
+ # must receive SMS messages might be unable to sign up, activate their
6892
+ # accounts, or sign in.
6861
6893
  #
6862
6894
  # If you have never used SMS text messages with Amazon Cognito or any
6863
- # other Amazon Web Service, Amazon SNS might place your account in SMS
6864
- # sandbox. In <i> <a
6895
+ # other Amazon Web Service, Amazon Simple Notification Service might
6896
+ # place your account in SMS sandbox. In <i> <a
6865
6897
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6866
- # mode</a> </i>, you’ll have limitations, such as sending messages to
6867
- # only verified phone numbers. After testing in the sandbox environment,
6868
- # you can move out of the SMS sandbox and into production. For more
6869
- # information, see [ SMS message settings for Cognito User Pools][3] in
6870
- # the *Amazon Cognito Developer Guide*.
6898
+ # mode</a> </i>, you will have limitations, such as sending messages
6899
+ # only to verified phone numbers. After testing in the sandbox
6900
+ # environment, you can move out of the SMS sandbox and into production.
6901
+ # For more information, see [ SMS message settings for Amazon Cognito
6902
+ # User Pools][3] in the *Amazon Cognito Developer Guide*.
6871
6903
  #
6872
6904
  # </note>
6873
6905
  #
@@ -6881,15 +6913,15 @@ module Aws::CognitoIdentityProvider
6881
6913
  # The user pool ID for the user pool you want to update.
6882
6914
  #
6883
6915
  # @option params [Types::UserPoolPolicyType] :policies
6884
- # A container with the policies you wish to update in a user pool.
6916
+ # A container with the policies you want to update in a user pool.
6885
6917
  #
6886
6918
  # @option params [Types::LambdaConfigType] :lambda_config
6887
6919
  # The Lambda configuration information from the request to update the
6888
6920
  # user pool.
6889
6921
  #
6890
6922
  # @option params [Array<String>] :auto_verified_attributes
6891
- # The attributes that are automatically verified when the Amazon Cognito
6892
- # service makes a request to update user pools.
6923
+ # The attributes that are automatically verified when Amazon Cognito
6924
+ # requests to update user pools.
6893
6925
  #
6894
6926
  # @option params [String] :sms_verification_message
6895
6927
  # A container with information about the SMS verification message.
@@ -6909,11 +6941,11 @@ module Aws::CognitoIdentityProvider
6909
6941
  # @option params [String] :mfa_configuration
6910
6942
  # Can be one of the following values:
6911
6943
  #
6912
- # * `OFF` - MFA tokens are not required and cannot be specified during
6944
+ # * `OFF` - MFA tokens aren't required and can't be specified during
6913
6945
  # user registration.
6914
6946
  #
6915
6947
  # * `ON` - MFA tokens are required for all user registrations. You can
6916
- # only specify ON when you are initially creating a user pool. You can
6948
+ # only specify ON when you're initially creating a user pool. You can
6917
6949
  # use the [SetUserPoolMfaConfig][1] API operation to turn MFA "ON"
6918
6950
  # for existing user pools.
6919
6951
  #
@@ -6942,17 +6974,18 @@ module Aws::CognitoIdentityProvider
6942
6974
  # The configuration for `AdminCreateUser` requests.
6943
6975
  #
6944
6976
  # @option params [Types::UserPoolAddOnsType] :user_pool_add_ons
6945
- # Used to enable advanced security risk detection. Set the key
6977
+ # Enables advanced security risk detection. Set the key
6946
6978
  # `AdvancedSecurityMode` to the value "AUDIT".
6947
6979
  #
6948
6980
  # @option params [Types::AccountRecoverySettingType] :account_recovery_setting
6949
- # Use this setting to define which verified available method a user can
6950
- # use to recover their password when they call `ForgotPassword`. It
6951
- # allows you to define a preferred method when a user has more than one
6952
- # method available. With this setting, SMS does not qualify for a valid
6953
- # password recovery mechanism if the user also has SMS MFA enabled. In
6954
- # the absence of this setting, Cognito uses the legacy behavior to
6955
- # determine the recovery method where SMS is preferred over email.
6981
+ # The available verified method a user can use to recover their password
6982
+ # when they call `ForgotPassword`. You can use this setting to define a
6983
+ # preferred method when a user has more than one method available. With
6984
+ # this setting, SMS doesn't qualify for a valid password recovery
6985
+ # mechanism if the user also has SMS multi-factor authentication (MFA)
6986
+ # activated. In the absence of this setting, Amazon Cognito uses the
6987
+ # legacy behavior to determine the recovery method where SMS is
6988
+ # preferred through email.
6956
6989
  #
6957
6990
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
6958
6991
  #
@@ -7082,19 +7115,19 @@ module Aws::CognitoIdentityProvider
7082
7115
  #
7083
7116
  # @option params [Integer] :refresh_token_validity
7084
7117
  # The time limit, in days, after which the refresh token is no longer
7085
- # valid and cannot be used.
7118
+ # valid and can't be used.
7086
7119
  #
7087
7120
  # @option params [Integer] :access_token_validity
7088
- # The time limit, after which the access token is no longer valid and
7089
- # cannot be used.
7121
+ # The time limit after which the access token is no longer valid and
7122
+ # can't be used.
7090
7123
  #
7091
7124
  # @option params [Integer] :id_token_validity
7092
- # The time limit, after which the ID token is no longer valid and cannot
7125
+ # The time limit after which the ID token is no longer valid and can't
7093
7126
  # be used.
7094
7127
  #
7095
7128
  # @option params [Types::TokenValidityUnitsType] :token_validity_units
7096
- # The units in which the validity times are represented in. Default for
7097
- # RefreshToken is days, and default for ID and access tokens are hours.
7129
+ # The units in which the validity times are represented. Default for
7130
+ # RefreshToken is days, and default for ID and access tokens is hours.
7098
7131
  #
7099
7132
  # @option params [Array<String>] :read_attributes
7100
7133
  # The read-only attributes of the user pool.
@@ -7104,26 +7137,27 @@ module Aws::CognitoIdentityProvider
7104
7137
  #
7105
7138
  # @option params [Array<String>] :explicit_auth_flows
7106
7139
  # The authentication flows that are supported by the user pool clients.
7107
- # Flow names without the `ALLOW_` prefix are deprecated in favor of new
7108
- # names with the `ALLOW_` prefix. Note that values with `ALLOW_` prefix
7109
- # cannot be used along with values without `ALLOW_` prefix.
7140
+ # Flow names without the `ALLOW_` prefix are no longer supported in
7141
+ # favor of new names with the `ALLOW_` prefix. Note that values with
7142
+ # `ALLOW_` prefix must be used only along with values with the `ALLOW_`
7143
+ # prefix.
7110
7144
  #
7111
7145
  # Valid values include:
7112
7146
  #
7113
7147
  # * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
7114
7148
  # authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
7115
7149
  # replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
7116
- # flow, Cognito receives the password in the request instead of using
7117
- # the SRP (Secure Remote Password protocol) protocol to verify
7118
- # passwords.
7150
+ # flow, Amazon Cognito receives the password in the request instead of
7151
+ # using the Secure Remote Password (SRP) protocol to verify passwords.
7119
7152
  #
7120
7153
  # * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
7121
7154
  #
7122
7155
  # * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
7123
- # authentication. In this flow, Cognito receives the password in the
7124
- # request instead of using the SRP protocol to verify passwords.
7156
+ # authentication. In this flow, Amazon Cognito receives the password
7157
+ # in the request instead of using the SRP protocol to verify
7158
+ # passwords.
7125
7159
  #
7126
- # * `ALLOW_USER_SRP_AUTH`\: Enable SRP based authentication.
7160
+ # * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
7127
7161
  #
7128
7162
  # * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
7129
7163
  #
@@ -7147,7 +7181,7 @@ module Aws::CognitoIdentityProvider
7147
7181
  # Amazon Cognito requires HTTPS over HTTP except for http://localhost
7148
7182
  # for testing purposes only.
7149
7183
  #
7150
- # App callback URLs such as myapp://example are also supported.
7184
+ # App callback URLs such as `myapp://example` are also supported.
7151
7185
  #
7152
7186
  #
7153
7187
  #
@@ -7169,10 +7203,10 @@ module Aws::CognitoIdentityProvider
7169
7203
  #
7170
7204
  # See [OAuth 2.0 - Redirection Endpoint][1].
7171
7205
  #
7172
- # Amazon Cognito requires HTTPS over HTTP except for http://localhost
7206
+ # Amazon Cognito requires HTTPS over HTTP except for `http://localhost`
7173
7207
  # for testing purposes only.
7174
7208
  #
7175
- # App callback URLs such as myapp://example are also supported.
7209
+ # App callback URLs such as `myapp://example` are also supported.
7176
7210
  #
7177
7211
  #
7178
7212
  #
@@ -7200,45 +7234,39 @@ module Aws::CognitoIdentityProvider
7200
7234
  #
7201
7235
  # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
7202
7236
  # Set to true if the client is allowed to follow the OAuth protocol when
7203
- # interacting with Cognito user pools.
7237
+ # interacting with Amazon Cognito user pools.
7204
7238
  #
7205
7239
  # @option params [Types::AnalyticsConfigurationType] :analytics_configuration
7206
7240
  # The Amazon Pinpoint analytics configuration for collecting metrics for
7207
7241
  # this user pool.
7208
7242
  #
7209
- # <note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
7243
+ # <note markdown="1"> In Amazon Web Services Regions where isn't available, User Pools only
7210
7244
  # supports sending events to Amazon Pinpoint projects in us-east-1. In
7211
- # regions where Pinpoint is available, Cognito User Pools will support
7212
- # sending events to Amazon Pinpoint projects within that same region.
7245
+ # Regions where Pinpoint is available, User Pools will support sending
7246
+ # events to Amazon Pinpoint projects within that same Region.
7213
7247
  #
7214
7248
  # </note>
7215
7249
  #
7216
7250
  # @option params [String] :prevent_user_existence_errors
7217
- # Use this setting to choose which errors and responses are returned by
7218
- # Cognito APIs during authentication, account confirmation, and password
7219
- # recovery when the user does not exist in the user pool. When set to
7220
- # `ENABLED` and the user does not exist, authentication returns an error
7221
- # indicating either the username or password was incorrect, and account
7251
+ # Errors and responses that you want Amazon Cognito APIs to return
7252
+ # during authentication, account confirmation, and password recovery
7253
+ # when the user doesn't exist in the user pool. When set to `ENABLED`
7254
+ # and the user doesn't exist, authentication returns an error
7255
+ # indicating either the username or password was incorrect. Account
7222
7256
  # confirmation and password recovery return a response indicating a code
7223
7257
  # was sent to a simulated destination. When set to `LEGACY`, those APIs
7224
- # will return a `UserNotFoundException` exception if the user does not
7225
- # exist in the user pool.
7258
+ # return a `UserNotFoundException` exception if the user doesn't exist
7259
+ # in the user pool.
7226
7260
  #
7227
7261
  # Valid values include:
7228
7262
  #
7229
7263
  # * `ENABLED` - This prevents user existence-related errors.
7230
7264
  #
7231
- # * `LEGACY` - This represents the old behavior of Cognito where user
7232
- # existence related errors are not prevented.
7233
- #
7234
- # <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
7235
- # will default to `ENABLED` for newly created user pool clients if no
7236
- # value is provided.
7237
- #
7238
- # </note>
7265
+ # * `LEGACY` - This represents the early behavior of Amazon Cognito
7266
+ # where user existence related errors aren't prevented.
7239
7267
  #
7240
7268
  # @option params [Boolean] :enable_token_revocation
7241
- # Enables or disables token revocation. For more information about
7269
+ # Activates or deactivates token revocation. For more information about
7242
7270
  # revoking tokens, see [RevokeToken][1].
7243
7271
  #
7244
7272
  #
@@ -7337,7 +7365,7 @@ module Aws::CognitoIdentityProvider
7337
7365
  # domain for your user pool.
7338
7366
  #
7339
7367
  # You can use this operation to provide the Amazon Resource Name (ARN)
7340
- # of a new certificate to Amazon Cognito. You cannot use it to change
7368
+ # of a new certificate to Amazon Cognito. You can't use it to change
7341
7369
  # the domain for a user pool.
7342
7370
  #
7343
7371
  # A custom domain is used to host the Amazon Cognito hosted UI, which
@@ -7356,7 +7384,7 @@ module Aws::CognitoIdentityProvider
7356
7384
  # your custom domain, you must provide this ARN to Amazon Cognito.
7357
7385
  #
7358
7386
  # When you add your new certificate in ACM, you must choose US East (N.
7359
- # Virginia) as the Region.
7387
+ # Virginia) as the Amazon Web Services Region.
7360
7388
  #
7361
7389
  # After you submit your request, Amazon Cognito requires up to 1 hour to
7362
7390
  # distribute your new certificate to your custom domain.
@@ -7370,15 +7398,16 @@ module Aws::CognitoIdentityProvider
7370
7398
  #
7371
7399
  # @option params [required, String] :domain
7372
7400
  # The domain name for the custom domain that hosts the sign-up and
7373
- # sign-in pages for your application. For example: `auth.example.com`.
7401
+ # sign-in pages for your application. One example might be
7402
+ # `auth.example.com`.
7374
7403
  #
7375
7404
  # This string can include only lowercase letters, numbers, and hyphens.
7376
- # Do not use a hyphen for the first or last character. Use periods to
7405
+ # Don't use a hyphen for the first or last character. Use periods to
7377
7406
  # separate subdomain names.
7378
7407
  #
7379
7408
  # @option params [required, String] :user_pool_id
7380
- # The ID of the user pool that is associated with the custom domain that
7381
- # you are updating the certificate for.
7409
+ # The ID of the user pool that is associated with the custom domain
7410
+ # whose certificate you're updating.
7382
7411
  #
7383
7412
  # @option params [required, Types::CustomDomainConfigType] :custom_domain_config
7384
7413
  # The configuration for a custom domain that hosts the sign-up and
@@ -7412,20 +7441,21 @@ module Aws::CognitoIdentityProvider
7412
7441
  req.send_request(options)
7413
7442
  end
7414
7443
 
7415
- # Use this API to register a user's entered TOTP code and mark the
7416
- # user's software token MFA status as "verified" if successful. The
7417
- # request takes an access token or a session string, but not both.
7444
+ # Use this API to register a user's entered time-based one-time
7445
+ # password (TOTP) code and mark the user's software token MFA status as
7446
+ # "verified" if successful. The request takes an access token or a
7447
+ # session string, but not both.
7418
7448
  #
7419
7449
  # @option params [String] :access_token
7420
7450
  # The access token.
7421
7451
  #
7422
7452
  # @option params [String] :session
7423
- # The session which should be passed both ways in challenge-response
7453
+ # The session that should be passed both ways in challenge-response
7424
7454
  # calls to the service.
7425
7455
  #
7426
7456
  # @option params [required, String] :user_code
7427
- # The one time password computed using the secret code returned by
7428
- # [AssociateSoftwareToken"][1].
7457
+ # The one- time password computed using the secret code returned by
7458
+ # [AssociateSoftwareToken][1].
7429
7459
  #
7430
7460
  #
7431
7461
  #
@@ -7465,7 +7495,7 @@ module Aws::CognitoIdentityProvider
7465
7495
  # Verifies the specified user attributes in the user pool.
7466
7496
  #
7467
7497
  # @option params [required, String] :access_token
7468
- # Represents the access token of the request to verify user attributes.
7498
+ # The access token of the request to verify user attributes.
7469
7499
  #
7470
7500
  # @option params [required, String] :attribute_name
7471
7501
  # The attribute name in the request to verify user attributes.
@@ -7505,7 +7535,7 @@ module Aws::CognitoIdentityProvider
7505
7535
  params: params,
7506
7536
  config: config)
7507
7537
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
7508
- context[:gem_version] = '1.58.0'
7538
+ context[:gem_version] = '1.62.0'
7509
7539
  Seahorse::Client::Request.new(handlers, context)
7510
7540
  end
7511
7541