aws-sdk-cognitoidentityprovider 1.61.0 → 1.64.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +695 -681
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +868 -838
- data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
- metadata +4 -4
@@ -55,13 +55,13 @@ module Aws::CognitoIdentityProvider
|
|
55
55
|
#
|
56
56
|
# * `BLOCK` Choosing this action will block the request.
|
57
57
|
#
|
58
|
-
# * `MFA_IF_CONFIGURED`
|
59
|
-
# else allow the request.
|
58
|
+
# * `MFA_IF_CONFIGURED` Present an MFA challenge if user has
|
59
|
+
# configured it, else allow the request.
|
60
60
|
#
|
61
|
-
# * `MFA_REQUIRED`
|
62
|
-
# block the request.
|
61
|
+
# * `MFA_REQUIRED` Present an MFA challenge if user has configured it,
|
62
|
+
# else block the request.
|
63
63
|
#
|
64
|
-
# * `NO_ACTION` Allow the user sign
|
64
|
+
# * `NO_ACTION` Allow the user to sign in.
|
65
65
|
# @return [String]
|
66
66
|
#
|
67
67
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AccountTakeoverActionType AWS API Documentation
|
@@ -163,7 +163,7 @@ module Aws::CognitoIdentityProvider
|
|
163
163
|
# @return [Types::NotifyConfigurationType]
|
164
164
|
#
|
165
165
|
# @!attribute [rw] actions
|
166
|
-
# Account takeover risk configuration actions
|
166
|
+
# Account takeover risk configuration actions.
|
167
167
|
# @return [Types::AccountTakeoverActionsType]
|
168
168
|
#
|
169
169
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AccountTakeoverRiskConfigurationType AWS API Documentation
|
@@ -295,19 +295,18 @@ module Aws::CognitoIdentityProvider
|
|
295
295
|
# For more information, see [Customizing User Pool Workflows with
|
296
296
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
297
297
|
#
|
298
|
-
# <note markdown="1">
|
299
|
-
#
|
298
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
299
|
+
# Cognito won't do the following:
|
300
300
|
#
|
301
|
-
# *
|
302
|
-
#
|
303
|
-
#
|
304
|
-
#
|
305
|
-
# purpose.
|
301
|
+
# * Store the ClientMetadata value. This data is available only to
|
302
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
303
|
+
# workflows. If your user pool configuration doesn't include
|
304
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
306
305
|
#
|
307
|
-
# *
|
306
|
+
# * Validate the ClientMetadata value.
|
308
307
|
#
|
309
|
-
# *
|
310
|
-
#
|
308
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
309
|
+
# provide sensitive information.
|
311
310
|
#
|
312
311
|
# </note>
|
313
312
|
#
|
@@ -361,8 +360,9 @@ module Aws::CognitoIdentityProvider
|
|
361
360
|
# 7.
|
362
361
|
#
|
363
362
|
# <note markdown="1"> If you set a value for `TemporaryPasswordValidityDays` in
|
364
|
-
# `PasswordPolicy`, that value will be used and
|
365
|
-
# `UnusedAccountValidityDays` will be
|
363
|
+
# `PasswordPolicy`, that value will be used, and
|
364
|
+
# `UnusedAccountValidityDays` will be no longer be an available
|
365
|
+
# parameter for that user pool.
|
366
366
|
#
|
367
367
|
# </note>
|
368
368
|
# @return [Integer]
|
@@ -424,7 +424,7 @@ module Aws::CognitoIdentityProvider
|
|
424
424
|
# @!attribute [rw] username
|
425
425
|
# The username for the user. Must be unique within the user pool. Must
|
426
426
|
# be a UTF-8 string between 1 and 128 characters. After the user is
|
427
|
-
# created, the username
|
427
|
+
# created, the username can't be changed.
|
428
428
|
# @return [String]
|
429
429
|
#
|
430
430
|
# @!attribute [rw] user_attributes
|
@@ -433,22 +433,22 @@ module Aws::CognitoIdentityProvider
|
|
433
433
|
# create a user without specifying any attributes other than
|
434
434
|
# `Username`. However, any attributes that you specify as required
|
435
435
|
# (when creating a user pool or in the **Attributes** tab of the
|
436
|
-
# console)
|
437
|
-
# `AdminCreateUser`) or
|
436
|
+
# console) either you should supply (in your call to
|
437
|
+
# `AdminCreateUser`) or the user should supply (when they sign up in
|
438
438
|
# response to your welcome message).
|
439
439
|
#
|
440
440
|
# For custom attributes, you must prepend the `custom:` prefix to the
|
441
441
|
# attribute name.
|
442
442
|
#
|
443
443
|
# To send a message inviting the user to sign up, you must specify the
|
444
|
-
# user's email address or phone number.
|
444
|
+
# user's email address or phone number. You can do this in your call
|
445
445
|
# to AdminCreateUser or in the **Users** tab of the Amazon Cognito
|
446
446
|
# console for managing your user pools.
|
447
447
|
#
|
448
448
|
# In your call to `AdminCreateUser`, you can set the `email_verified`
|
449
449
|
# attribute to `True`, and you can set the `phone_number_verified`
|
450
|
-
# attribute to `True`.
|
451
|
-
# [AdminUpdateUserAttributes][1].
|
450
|
+
# attribute to `True`. You can also do this by calling
|
451
|
+
# [AdminUpdateUserAttributes][1].
|
452
452
|
#
|
453
453
|
# * **email**\: The email address of the user to whom the message that
|
454
454
|
# contains the code and username will be sent. Required if the
|
@@ -477,7 +477,7 @@ module Aws::CognitoIdentityProvider
|
|
477
477
|
# Developer Guide. The Lambda trigger receives the validation data and
|
478
478
|
# uses it in the validation process.
|
479
479
|
#
|
480
|
-
# The user's validation data
|
480
|
+
# The user's validation data isn't persisted.
|
481
481
|
# @return [Array<Types::AttributeType>]
|
482
482
|
#
|
483
483
|
# @!attribute [rw] temporary_password
|
@@ -486,10 +486,10 @@ module Aws::CognitoIdentityProvider
|
|
486
486
|
#
|
487
487
|
# The temporary password is valid only once. To complete the Admin
|
488
488
|
# Create User flow, the user must enter the temporary password in the
|
489
|
-
# sign-in page along with a new password to be used in all future
|
489
|
+
# sign-in page, along with a new password to be used in all future
|
490
490
|
# sign-ins.
|
491
491
|
#
|
492
|
-
# This parameter
|
492
|
+
# This parameter isn't required. If you don't specify a value,
|
493
493
|
# Amazon Cognito generates one for you.
|
494
494
|
#
|
495
495
|
# The temporary password can only be used until the user account
|
@@ -500,7 +500,7 @@ module Aws::CognitoIdentityProvider
|
|
500
500
|
# @return [String]
|
501
501
|
#
|
502
502
|
# @!attribute [rw] force_alias_creation
|
503
|
-
# This parameter is only
|
503
|
+
# This parameter is used only if the `phone_number_verified` or
|
504
504
|
# `email_verified` attribute is set to `True`. Otherwise, it is
|
505
505
|
# ignored.
|
506
506
|
#
|
@@ -516,16 +516,16 @@ module Aws::CognitoIdentityProvider
|
|
516
516
|
# @return [Boolean]
|
517
517
|
#
|
518
518
|
# @!attribute [rw] message_action
|
519
|
-
# Set to `
|
519
|
+
# Set to `RESEND` to resend the invitation message to a user that
|
520
520
|
# already exists and reset the expiration limit on the user's
|
521
|
-
# account. Set to `
|
522
|
-
# one value
|
521
|
+
# account. Set to `SUPPRESS` to suppress sending the message. You can
|
522
|
+
# specify only one value.
|
523
523
|
# @return [String]
|
524
524
|
#
|
525
525
|
# @!attribute [rw] desired_delivery_mediums
|
526
526
|
# Specify `"EMAIL"` if email will be used to send the welcome message.
|
527
527
|
# Specify `"SMS"` if the phone number will be used. The default value
|
528
|
-
# is `"SMS"`.
|
528
|
+
# is `"SMS"`. You can specify more than one value.
|
529
529
|
# @return [Array<String>]
|
530
530
|
#
|
531
531
|
# @!attribute [rw] client_metadata
|
@@ -546,19 +546,18 @@ module Aws::CognitoIdentityProvider
|
|
546
546
|
# For more information, see [Customizing User Pool Workflows with
|
547
547
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
548
548
|
#
|
549
|
-
# <note markdown="1">
|
550
|
-
#
|
549
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
550
|
+
# Cognito won't do the following:
|
551
551
|
#
|
552
|
-
# *
|
553
|
-
#
|
554
|
-
#
|
555
|
-
#
|
556
|
-
# purpose.
|
552
|
+
# * Store the ClientMetadata value. This data is available only to
|
553
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
554
|
+
# workflows. If your user pool configuration doesn't include
|
555
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
557
556
|
#
|
558
|
-
# *
|
557
|
+
# * Validate the ClientMetadata value.
|
559
558
|
#
|
560
|
-
# *
|
561
|
-
#
|
559
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
560
|
+
# provide sensitive information.
|
562
561
|
#
|
563
562
|
# </note>
|
564
563
|
#
|
@@ -620,7 +619,7 @@ module Aws::CognitoIdentityProvider
|
|
620
619
|
# @return [String]
|
621
620
|
#
|
622
621
|
# @!attribute [rw] user_attribute_names
|
623
|
-
# An array of strings representing the user attribute names you
|
622
|
+
# An array of strings representing the user attribute names you want
|
624
623
|
# to delete.
|
625
624
|
#
|
626
625
|
# For custom attributes, you must prepend the `custom:` prefix to the
|
@@ -660,7 +659,7 @@ module Aws::CognitoIdentityProvider
|
|
660
659
|
# @return [String]
|
661
660
|
#
|
662
661
|
# @!attribute [rw] username
|
663
|
-
# The user name of the user you
|
662
|
+
# The user name of the user you want to delete.
|
664
663
|
# @return [String]
|
665
664
|
#
|
666
665
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminDeleteUserRequest AWS API Documentation
|
@@ -721,7 +720,7 @@ module Aws::CognitoIdentityProvider
|
|
721
720
|
# @return [String]
|
722
721
|
#
|
723
722
|
# @!attribute [rw] username
|
724
|
-
# The user name of the user you
|
723
|
+
# The user name of the user you want to disable.
|
725
724
|
# @return [String]
|
726
725
|
#
|
727
726
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminDisableUserRequest AWS API Documentation
|
@@ -756,7 +755,7 @@ module Aws::CognitoIdentityProvider
|
|
756
755
|
# @return [String]
|
757
756
|
#
|
758
757
|
# @!attribute [rw] username
|
759
|
-
# The user name of the user you
|
758
|
+
# The user name of the user you want to enable.
|
760
759
|
# @return [String]
|
761
760
|
#
|
762
761
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminEnableUserRequest AWS API Documentation
|
@@ -871,7 +870,7 @@ module Aws::CognitoIdentityProvider
|
|
871
870
|
# @return [String]
|
872
871
|
#
|
873
872
|
# @!attribute [rw] username
|
874
|
-
# The user name of the user you
|
873
|
+
# The user name of the user you want to retrieve.
|
875
874
|
# @return [String]
|
876
875
|
#
|
877
876
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminGetUserRequest AWS API Documentation
|
@@ -887,7 +886,7 @@ module Aws::CognitoIdentityProvider
|
|
887
886
|
# specified user as an administrator.
|
888
887
|
#
|
889
888
|
# @!attribute [rw] username
|
890
|
-
# The user name of the user about whom you
|
889
|
+
# The user name of the user about whom you're receiving information.
|
891
890
|
# @return [String]
|
892
891
|
#
|
893
892
|
# @!attribute [rw] user_attributes
|
@@ -903,7 +902,7 @@ module Aws::CognitoIdentityProvider
|
|
903
902
|
# @return [Time]
|
904
903
|
#
|
905
904
|
# @!attribute [rw] enabled
|
906
|
-
# Indicates that the status is enabled
|
905
|
+
# Indicates that the status is `enabled`.
|
907
906
|
# @return [Boolean]
|
908
907
|
#
|
909
908
|
# @!attribute [rw] user_status
|
@@ -917,23 +916,23 @@ module Aws::CognitoIdentityProvider
|
|
917
916
|
#
|
918
917
|
# * COMPROMISED - User is disabled due to a potential security threat.
|
919
918
|
#
|
920
|
-
# * UNKNOWN - User status
|
919
|
+
# * UNKNOWN - User status isn't known.
|
921
920
|
#
|
922
921
|
# * RESET\_REQUIRED - User is confirmed, but the user must request a
|
923
|
-
# code and reset
|
922
|
+
# code and reset their password before they can sign in.
|
924
923
|
#
|
925
924
|
# * FORCE\_CHANGE\_PASSWORD - The user is confirmed and the user can
|
926
925
|
# sign in using a temporary password, but on first sign-in, the user
|
927
|
-
# must change
|
928
|
-
#
|
926
|
+
# must change their password to a new value before doing anything
|
927
|
+
# else.
|
929
928
|
# @return [String]
|
930
929
|
#
|
931
930
|
# @!attribute [rw] mfa_options
|
932
931
|
# *This response parameter is no longer supported.* It provides
|
933
932
|
# information only about SMS MFA configurations. It doesn't provide
|
934
|
-
# information about TOTP software token
|
935
|
-
# information about either type of MFA
|
936
|
-
# UserMFASettingList instead.
|
933
|
+
# information about time-based one-time password (TOTP) software token
|
934
|
+
# MFA configurations. To look up information about either type of MFA
|
935
|
+
# configuration, use UserMFASettingList instead.
|
937
936
|
# @return [Array<Types::MFAOptionType>]
|
938
937
|
#
|
939
938
|
# @!attribute [rw] preferred_mfa_setting
|
@@ -941,7 +940,7 @@ module Aws::CognitoIdentityProvider
|
|
941
940
|
# @return [String]
|
942
941
|
#
|
943
942
|
# @!attribute [rw] user_mfa_setting_list
|
944
|
-
# The MFA options that are
|
943
|
+
# The MFA options that are activated for the user. The possible values
|
945
944
|
# in this list are `SMS_MFA` and `SOFTWARE_TOKEN_MFA`.
|
946
945
|
# @return [Array<String>]
|
947
946
|
#
|
@@ -1002,17 +1001,18 @@ module Aws::CognitoIdentityProvider
|
|
1002
1001
|
# @return [String]
|
1003
1002
|
#
|
1004
1003
|
# @!attribute [rw] auth_flow
|
1005
|
-
# The authentication flow for this call to
|
1006
|
-
#
|
1004
|
+
# The authentication flow for this call to run. The API action will
|
1005
|
+
# depend on this value. For example:
|
1007
1006
|
#
|
1008
1007
|
# * `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
|
1009
1008
|
# new tokens.
|
1010
1009
|
#
|
1011
1010
|
# * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
|
1012
|
-
# SRP variables to be used for
|
1011
|
+
# Secure Remote Password (SRP) protocol variables to be used for
|
1012
|
+
# next challenge execution.
|
1013
1013
|
#
|
1014
|
-
# * `
|
1015
|
-
# return the next challenge or tokens.
|
1014
|
+
# * `ADMIN_USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD`
|
1015
|
+
# and return the next challenge or tokens.
|
1016
1016
|
#
|
1017
1017
|
# Valid values include:
|
1018
1018
|
#
|
@@ -1029,21 +1029,16 @@ module Aws::CognitoIdentityProvider
|
|
1029
1029
|
# the USERNAME and PASSWORD directly if the flow is enabled for
|
1030
1030
|
# calling the app client.
|
1031
1031
|
#
|
1032
|
-
# * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
|
1033
|
-
# PASSWORD are passed directly. If a user migration Lambda trigger
|
1034
|
-
# is set, this flow will invoke the user migration Lambda if the
|
1035
|
-
# USERNAME is not found in the user pool.
|
1036
|
-
#
|
1037
1032
|
# * `ADMIN_USER_PASSWORD_AUTH`\: Admin-based user password
|
1038
1033
|
# authentication. This replaces the `ADMIN_NO_SRP_AUTH`
|
1039
|
-
# authentication flow. In this flow, Cognito receives the
|
1040
|
-
# in the request instead of using the SRP process to verify
|
1034
|
+
# authentication flow. In this flow, Amazon Cognito receives the
|
1035
|
+
# password in the request instead of using the SRP process to verify
|
1041
1036
|
# passwords.
|
1042
1037
|
# @return [String]
|
1043
1038
|
#
|
1044
1039
|
# @!attribute [rw] auth_parameters
|
1045
1040
|
# The authentication parameters. These are inputs corresponding to the
|
1046
|
-
# `AuthFlow` that you
|
1041
|
+
# `AuthFlow` that you're invoking. The required values depend on the
|
1047
1042
|
# value of `AuthFlow`\:
|
1048
1043
|
#
|
1049
1044
|
# * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
|
@@ -1089,7 +1084,7 @@ module Aws::CognitoIdentityProvider
|
|
1089
1084
|
# specific needs.
|
1090
1085
|
#
|
1091
1086
|
# When you use the AdminInitiateAuth API action, Amazon Cognito also
|
1092
|
-
# invokes the functions for the following triggers, but it
|
1087
|
+
# invokes the functions for the following triggers, but it doesn't
|
1093
1088
|
# provide the ClientMetadata value as input:
|
1094
1089
|
#
|
1095
1090
|
# * Post authentication
|
@@ -1107,19 +1102,18 @@ module Aws::CognitoIdentityProvider
|
|
1107
1102
|
# For more information, see [Customizing User Pool Workflows with
|
1108
1103
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
1109
1104
|
#
|
1110
|
-
# <note markdown="1">
|
1111
|
-
#
|
1105
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
1106
|
+
# Cognito won't do the following:
|
1112
1107
|
#
|
1113
|
-
# *
|
1114
|
-
#
|
1115
|
-
#
|
1116
|
-
#
|
1117
|
-
# purpose.
|
1108
|
+
# * Store the ClientMetadata value. This data is available only to
|
1109
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
1110
|
+
# workflows. If your user pool configuration doesn't include
|
1111
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
1118
1112
|
#
|
1119
|
-
# *
|
1113
|
+
# * Validate the ClientMetadata value.
|
1120
1114
|
#
|
1121
|
-
# *
|
1122
|
-
#
|
1115
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
1116
|
+
# provide sensitive information.
|
1123
1117
|
#
|
1124
1118
|
# </note>
|
1125
1119
|
#
|
@@ -1156,18 +1150,18 @@ module Aws::CognitoIdentityProvider
|
|
1156
1150
|
# Initiates the authentication response, as an administrator.
|
1157
1151
|
#
|
1158
1152
|
# @!attribute [rw] challenge_name
|
1159
|
-
# The name of the challenge
|
1160
|
-
#
|
1161
|
-
#
|
1153
|
+
# The name of the challenge that you're responding to with this call.
|
1154
|
+
# This is returned in the `AdminInitiateAuth` response if you must
|
1155
|
+
# pass another challenge.
|
1162
1156
|
#
|
1163
|
-
# * `MFA_SETUP`\: If MFA is required, users who
|
1157
|
+
# * `MFA_SETUP`\: If MFA is required, users who don't have at least
|
1164
1158
|
# one of the MFA methods set up are presented with an `MFA_SETUP`
|
1165
1159
|
# challenge. The user must set up at least one MFA type to continue
|
1166
1160
|
# to authenticate.
|
1167
1161
|
#
|
1168
1162
|
# * `SELECT_MFA_TYPE`\: Selects the MFA type. Valid MFA options are
|
1169
|
-
# `SMS_MFA` for text SMS MFA, and `SOFTWARE_TOKEN_MFA` for
|
1170
|
-
# software token MFA.
|
1163
|
+
# `SMS_MFA` for text SMS MFA, and `SOFTWARE_TOKEN_MFA` for
|
1164
|
+
# time-based one-time password (TOTP) software token MFA.
|
1171
1165
|
#
|
1172
1166
|
# * `SMS_MFA`\: Next challenge is to supply an `SMS_MFA_CODE`,
|
1173
1167
|
# delivered via SMS.
|
@@ -1180,14 +1174,14 @@ module Aws::CognitoIdentityProvider
|
|
1180
1174
|
# authentication flow determines that the user should pass another
|
1181
1175
|
# challenge before tokens are issued.
|
1182
1176
|
#
|
1183
|
-
# * `DEVICE_SRP_AUTH`\: If device tracking was
|
1177
|
+
# * `DEVICE_SRP_AUTH`\: If device tracking was activated in your user
|
1184
1178
|
# pool and the previous challenges were passed, this challenge is
|
1185
1179
|
# returned so that Amazon Cognito can start tracking this device.
|
1186
1180
|
#
|
1187
1181
|
# * `DEVICE_PASSWORD_VERIFIER`\: Similar to `PASSWORD_VERIFIER`, but
|
1188
1182
|
# for devices only.
|
1189
1183
|
#
|
1190
|
-
# * `ADMIN_NO_SRP_AUTH`\: This is returned if you
|
1184
|
+
# * `ADMIN_NO_SRP_AUTH`\: This is returned if you must authenticate
|
1191
1185
|
# with `USERNAME` and `PASSWORD` directly. An app client must be
|
1192
1186
|
# enabled to use this flow.
|
1193
1187
|
#
|
@@ -1196,47 +1190,46 @@ module Aws::CognitoIdentityProvider
|
|
1196
1190
|
# should be passed with `NEW_PASSWORD` and any other required
|
1197
1191
|
# attributes.
|
1198
1192
|
#
|
1199
|
-
# * `MFA_SETUP`\: For users who are required to
|
1200
|
-
# before they can sign
|
1193
|
+
# * `MFA_SETUP`\: For users who are required to set up an MFA factor
|
1194
|
+
# before they can sign in. The MFA types activated for the user pool
|
1201
1195
|
# will be listed in the challenge parameters `MFA_CAN_SETUP` value.
|
1202
1196
|
#
|
1203
|
-
# To
|
1197
|
+
# To set up software token MFA, use the session returned here from
|
1204
1198
|
# `InitiateAuth` as an input to `AssociateSoftwareToken`, and use
|
1205
1199
|
# the session returned by `VerifySoftwareToken` as an input to
|
1206
1200
|
# `RespondToAuthChallenge` with challenge name `MFA_SETUP` to
|
1207
|
-
# complete sign-in. To
|
1201
|
+
# complete sign-in. To set up SMS MFA, users will need help from an
|
1208
1202
|
# administrator to add a phone number to their account and then call
|
1209
1203
|
# `InitiateAuth` again to restart sign-in.
|
1210
1204
|
# @return [String]
|
1211
1205
|
#
|
1212
1206
|
# @!attribute [rw] session
|
1213
|
-
# The session
|
1207
|
+
# The session that should be passed both ways in challenge-response
|
1214
1208
|
# calls to the service. If `AdminInitiateAuth` or
|
1215
1209
|
# `AdminRespondToAuthChallenge` API call determines that the caller
|
1216
|
-
#
|
1217
|
-
#
|
1218
|
-
#
|
1210
|
+
# must pass another challenge, they return a session with other
|
1211
|
+
# challenge parameters. This session should be passed as it is to the
|
1212
|
+
# next `AdminRespondToAuthChallenge` API call.
|
1219
1213
|
# @return [String]
|
1220
1214
|
#
|
1221
1215
|
# @!attribute [rw] challenge_parameters
|
1222
1216
|
# The challenge parameters. These are returned to you in the
|
1223
|
-
# `AdminInitiateAuth` response if you
|
1224
|
-
#
|
1225
|
-
#
|
1217
|
+
# `AdminInitiateAuth` response if you must pass another challenge. The
|
1218
|
+
# responses in this parameter should be used to compute inputs to the
|
1219
|
+
# next call (`AdminRespondToAuthChallenge`).
|
1226
1220
|
#
|
1227
1221
|
# All challenges require `USERNAME` and `SECRET_HASH` (if applicable).
|
1228
1222
|
#
|
1229
|
-
# The value of the `USER_ID_FOR_SRP` attribute
|
1230
|
-
#
|
1231
|
-
#
|
1232
|
-
#
|
1233
|
-
# `
|
1234
|
-
# `USERNAME` attribute cannot be an alias.
|
1223
|
+
# The value of the `USER_ID_FOR_SRP` attribute is the user's actual
|
1224
|
+
# username, not an alias (such as email address or phone number), even
|
1225
|
+
# if you specified an alias in your call to `AdminInitiateAuth`. This
|
1226
|
+
# happens because, in the `AdminRespondToAuthChallenge` API
|
1227
|
+
# `ChallengeResponses`, the `USERNAME` attribute can't be an alias.
|
1235
1228
|
# @return [Hash<String,String>]
|
1236
1229
|
#
|
1237
1230
|
# @!attribute [rw] authentication_result
|
1238
1231
|
# The result of the authentication response. This is only returned if
|
1239
|
-
# the caller
|
1232
|
+
# the caller doesn't need to pass another challenge. If the caller
|
1240
1233
|
# does need to pass another challenge before it gets tokens,
|
1241
1234
|
# `ChallengeName`, `ChallengeParameters`, and `Session` are returned.
|
1242
1235
|
# @return [Types::AuthenticationResultType]
|
@@ -1276,10 +1269,10 @@ module Aws::CognitoIdentityProvider
|
|
1276
1269
|
# @!attribute [rw] destination_user
|
1277
1270
|
# The existing user in the user pool to be linked to the external
|
1278
1271
|
# identity provider user account. Can be a native (Username +
|
1279
|
-
# Password) Cognito User Pools user or a federated user (for
|
1280
|
-
# a SAML or Facebook user). If the user doesn't exist, an
|
1281
|
-
# is thrown. This is the user that is returned when the new
|
1282
|
-
# the linked identity provider attribute) signs in.
|
1272
|
+
# Password) Amazon Cognito User Pools user or a federated user (for
|
1273
|
+
# example, a SAML or Facebook user). If the user doesn't exist, an
|
1274
|
+
# exception is thrown. This is the user that is returned when the new
|
1275
|
+
# user (with the linked identity provider attribute) signs in.
|
1283
1276
|
#
|
1284
1277
|
# For a native username + password user, the `ProviderAttributeValue`
|
1285
1278
|
# for the `DestinationUser` should be the username in the user pool.
|
@@ -1289,19 +1282,22 @@ module Aws::CognitoIdentityProvider
|
|
1289
1282
|
#
|
1290
1283
|
# The `ProviderName` should be set to `Cognito` for users in Cognito
|
1291
1284
|
# user pools.
|
1285
|
+
#
|
1286
|
+
# All attributes in the DestinationUser profile must be mutable. If
|
1287
|
+
# you have assigned the user any immutable custom attributes, the
|
1288
|
+
# operation won't succeed.
|
1292
1289
|
# @return [Types::ProviderUserIdentifierType]
|
1293
1290
|
#
|
1294
1291
|
# @!attribute [rw] source_user
|
1295
|
-
# An external identity provider account for a user who
|
1296
|
-
#
|
1297
|
-
#
|
1298
|
-
# user.
|
1292
|
+
# An external identity provider account for a user who doesn't exist
|
1293
|
+
# yet in the user pool. This user must be a federated user (for
|
1294
|
+
# example, a SAML or Facebook user), not another native user.
|
1299
1295
|
#
|
1300
|
-
# If the `SourceUser` is a federated social identity provider
|
1301
|
-
#
|
1296
|
+
# If the `SourceUser` is using a federated social identity provider,
|
1297
|
+
# such as Facebook, Google, or Login with Amazon, you must set the
|
1302
1298
|
# `ProviderAttributeName` to `Cognito_Subject`. For social identity
|
1303
1299
|
# providers, the `ProviderName` will be `Facebook`, `Google`, or
|
1304
|
-
# `LoginWithAmazon`, and Cognito will automatically parse the
|
1300
|
+
# `LoginWithAmazon`, and Amazon Cognito will automatically parse the
|
1305
1301
|
# Facebook, Google, and Login with Amazon tokens for `id`, `sub`, and
|
1306
1302
|
# `user_id`, respectively. The `ProviderAttributeValue` for the user
|
1307
1303
|
# must be the same value as the `id`, `sub`, or `user_id` value found
|
@@ -1310,11 +1306,11 @@ module Aws::CognitoIdentityProvider
|
|
1310
1306
|
#
|
1311
1307
|
#
|
1312
1308
|
# For SAML, the `ProviderAttributeName` can be any value that matches
|
1313
|
-
# a claim in the SAML assertion. If you
|
1309
|
+
# a claim in the SAML assertion. If you want to link SAML users based
|
1314
1310
|
# on the subject of the SAML assertion, you should map the subject to
|
1315
1311
|
# a claim through the SAML identity provider and submit that claim
|
1316
1312
|
# name as the `ProviderAttributeName`. If you set
|
1317
|
-
# `ProviderAttributeName` to `Cognito_Subject`, Cognito will
|
1313
|
+
# `ProviderAttributeName` to `Cognito_Subject`, Amazon Cognito will
|
1318
1314
|
# automatically parse the default unique identifier found in the
|
1319
1315
|
# subject from the SAML token.
|
1320
1316
|
# @return [Types::ProviderUserIdentifierType]
|
@@ -1555,7 +1551,7 @@ module Aws::CognitoIdentityProvider
|
|
1555
1551
|
# @return [String]
|
1556
1552
|
#
|
1557
1553
|
# @!attribute [rw] username
|
1558
|
-
# The user name of the user whose password you
|
1554
|
+
# The user name of the user whose password you want to reset.
|
1559
1555
|
# @return [String]
|
1560
1556
|
#
|
1561
1557
|
# @!attribute [rw] client_metadata
|
@@ -1576,19 +1572,18 @@ module Aws::CognitoIdentityProvider
|
|
1576
1572
|
# For more information, see [Customizing User Pool Workflows with
|
1577
1573
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
1578
1574
|
#
|
1579
|
-
# <note markdown="1">
|
1580
|
-
#
|
1575
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
1576
|
+
# Cognito won't do the following:
|
1581
1577
|
#
|
1582
|
-
# *
|
1583
|
-
#
|
1584
|
-
#
|
1585
|
-
#
|
1586
|
-
# purpose.
|
1578
|
+
# * Store the ClientMetadata value. This data is available only to
|
1579
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
1580
|
+
# workflows. If your user pool configuration doesn't include
|
1581
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
1587
1582
|
#
|
1588
|
-
# *
|
1583
|
+
# * Validate the ClientMetadata value.
|
1589
1584
|
#
|
1590
|
-
# *
|
1591
|
-
#
|
1585
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
1586
|
+
# provide sensitive information.
|
1592
1587
|
#
|
1593
1588
|
# </note>
|
1594
1589
|
#
|
@@ -1676,6 +1671,11 @@ module Aws::CognitoIdentityProvider
|
|
1676
1671
|
# `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`,
|
1677
1672
|
# `SECRET_HASH` (if app client is configured with client secret).
|
1678
1673
|
#
|
1674
|
+
# <note markdown="1"> `PASSWORD_VERIFIER` requires `DEVICE_KEY` when signing in with a
|
1675
|
+
# remembered device.
|
1676
|
+
#
|
1677
|
+
# </note>
|
1678
|
+
#
|
1679
1679
|
# * `ADMIN_NO_SRP_AUTH`\: `PASSWORD`, `USERNAME`, `SECRET_HASH` (if
|
1680
1680
|
# app client is configured with client secret).
|
1681
1681
|
#
|
@@ -1683,23 +1683,24 @@ module Aws::CognitoIdentityProvider
|
|
1683
1683
|
# attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
|
1684
1684
|
# with client secret).
|
1685
1685
|
#
|
1686
|
-
# * `MFA_SETUP` requires `USERNAME`, plus you
|
1686
|
+
# * `MFA_SETUP` requires `USERNAME`, plus you must use the session
|
1687
1687
|
# value returned by `VerifySoftwareToken` in the `Session`
|
1688
1688
|
# parameter.
|
1689
1689
|
#
|
1690
1690
|
# The value of the `USERNAME` attribute must be the user's actual
|
1691
|
-
# username, not an alias (such as email address or phone number).
|
1692
|
-
# make this
|
1693
|
-
# actual username value in the `USERNAMEUSER_ID_FOR_SRP` attribute
|
1694
|
-
# even if you specified an alias in your call to
|
1691
|
+
# username, not an alias (such as an email address or phone number).
|
1692
|
+
# To make this simpler, the `AdminInitiateAuth` response includes the
|
1693
|
+
# actual username value in the `USERNAMEUSER_ID_FOR_SRP` attribute.
|
1694
|
+
# This happens even if you specified an alias in your call to
|
1695
|
+
# `AdminInitiateAuth`.
|
1695
1696
|
# @return [Hash<String,String>]
|
1696
1697
|
#
|
1697
1698
|
# @!attribute [rw] session
|
1698
|
-
# The session
|
1699
|
-
# calls to the service. If `InitiateAuth` or
|
1700
|
-
# API call determines that the caller
|
1701
|
-
# challenge,
|
1702
|
-
# This session should be passed as it is to the next
|
1699
|
+
# The session that should be passed both ways in challenge-response
|
1700
|
+
# calls to the service. If an `InitiateAuth` or
|
1701
|
+
# `RespondToAuthChallenge` API call determines that the caller must
|
1702
|
+
# pass another challenge, it returns a session with other challenge
|
1703
|
+
# parameters. This session should be passed as it is to the next
|
1703
1704
|
# `RespondToAuthChallenge` API call.
|
1704
1705
|
# @return [String]
|
1705
1706
|
#
|
@@ -1735,19 +1736,18 @@ module Aws::CognitoIdentityProvider
|
|
1735
1736
|
# For more information, see [Customizing User Pool Workflows with
|
1736
1737
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
1737
1738
|
#
|
1738
|
-
# <note markdown="1">
|
1739
|
-
#
|
1739
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
1740
|
+
# Cognito won't do the following:
|
1740
1741
|
#
|
1741
|
-
# *
|
1742
|
-
#
|
1743
|
-
#
|
1744
|
-
#
|
1745
|
-
# purpose.
|
1742
|
+
# * Store the ClientMetadata value. This data is available only to
|
1743
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
1744
|
+
# workflows. If your user pool configuration doesn't include
|
1745
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
1746
1746
|
#
|
1747
|
-
# *
|
1747
|
+
# * Validate the ClientMetadata value.
|
1748
1748
|
#
|
1749
|
-
# *
|
1750
|
-
#
|
1749
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
1750
|
+
# provide sensitive information.
|
1751
1751
|
#
|
1752
1752
|
# </note>
|
1753
1753
|
#
|
@@ -1783,11 +1783,11 @@ module Aws::CognitoIdentityProvider
|
|
1783
1783
|
# @return [String]
|
1784
1784
|
#
|
1785
1785
|
# @!attribute [rw] session
|
1786
|
-
# The session
|
1787
|
-
# calls to the service. If the caller
|
1788
|
-
#
|
1789
|
-
#
|
1790
|
-
#
|
1786
|
+
# The session that should be passed both ways in challenge-response
|
1787
|
+
# calls to the service. If the caller must pass another challenge,
|
1788
|
+
# they return a session with other challenge parameters. This session
|
1789
|
+
# should be passed as it is to the next `RespondToAuthChallenge` API
|
1790
|
+
# call.
|
1791
1791
|
# @return [String]
|
1792
1792
|
#
|
1793
1793
|
# @!attribute [rw] challenge_parameters
|
@@ -1878,7 +1878,7 @@ module Aws::CognitoIdentityProvider
|
|
1878
1878
|
# @return [String]
|
1879
1879
|
#
|
1880
1880
|
# @!attribute [rw] username
|
1881
|
-
# The user name of the user whose password you
|
1881
|
+
# The user name of the user whose password you want to set.
|
1882
1882
|
# @return [String]
|
1883
1883
|
#
|
1884
1884
|
# @!attribute [rw] password
|
@@ -1922,12 +1922,12 @@ module Aws::CognitoIdentityProvider
|
|
1922
1922
|
# }
|
1923
1923
|
#
|
1924
1924
|
# @!attribute [rw] user_pool_id
|
1925
|
-
# The ID of the user pool that contains the user
|
1926
|
-
#
|
1925
|
+
# The ID of the user pool that contains the user whose options you're
|
1926
|
+
# setting.
|
1927
1927
|
# @return [String]
|
1928
1928
|
#
|
1929
1929
|
# @!attribute [rw] username
|
1930
|
-
# The user name of the user
|
1930
|
+
# The user name of the user whose options you're setting.
|
1931
1931
|
# @return [String]
|
1932
1932
|
#
|
1933
1933
|
# @!attribute [rw] mfa_options
|
@@ -2032,7 +2032,7 @@ module Aws::CognitoIdentityProvider
|
|
2032
2032
|
include Aws::Structure
|
2033
2033
|
end
|
2034
2034
|
|
2035
|
-
# The status response
|
2035
|
+
# The status response to the request to update the device, as an
|
2036
2036
|
# administrator.
|
2037
2037
|
#
|
2038
2038
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminUpdateDeviceStatusResponse AWS API Documentation
|
@@ -2094,19 +2094,18 @@ module Aws::CognitoIdentityProvider
|
|
2094
2094
|
# For more information, see [Customizing User Pool Workflows with
|
2095
2095
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
2096
2096
|
#
|
2097
|
-
# <note markdown="1">
|
2098
|
-
#
|
2097
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
2098
|
+
# Cognito won't do the following:
|
2099
2099
|
#
|
2100
|
-
# *
|
2101
|
-
#
|
2102
|
-
#
|
2103
|
-
#
|
2104
|
-
# purpose.
|
2100
|
+
# * Store the ClientMetadata value. This data is available only to
|
2101
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
2102
|
+
# workflows. If your user pool configuration doesn't include
|
2103
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
2105
2104
|
#
|
2106
|
-
# *
|
2105
|
+
# * Validate the ClientMetadata value.
|
2107
2106
|
#
|
2108
|
-
# *
|
2109
|
-
#
|
2107
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
2108
|
+
# provide sensitive information.
|
2110
2109
|
#
|
2111
2110
|
# </note>
|
2112
2111
|
#
|
@@ -2186,10 +2185,10 @@ module Aws::CognitoIdentityProvider
|
|
2186
2185
|
# The Amazon Pinpoint analytics configuration for collecting metrics for
|
2187
2186
|
# a user pool.
|
2188
2187
|
#
|
2189
|
-
# <note markdown="1"> In
|
2190
|
-
#
|
2191
|
-
#
|
2192
|
-
#
|
2188
|
+
# <note markdown="1"> In Regions where Pinpoint isn't available, User Pools only supports
|
2189
|
+
# sending events to Amazon Pinpoint projects in us-east-1. In Regions
|
2190
|
+
# where Pinpoint is available, User Pools will support sending events to
|
2191
|
+
# Amazon Pinpoint projects within that same Region.
|
2193
2192
|
#
|
2194
2193
|
# </note>
|
2195
2194
|
#
|
@@ -2210,14 +2209,14 @@ module Aws::CognitoIdentityProvider
|
|
2210
2209
|
#
|
2211
2210
|
# @!attribute [rw] application_arn
|
2212
2211
|
# The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You
|
2213
|
-
# can use the Amazon Pinpoint project for
|
2214
|
-
#
|
2215
|
-
#
|
2212
|
+
# can use the Amazon Pinpoint project for integration with the chosen
|
2213
|
+
# User Pool Client. Amazon Cognito publishes events to the Amazon
|
2214
|
+
# Pinpointproject declared by the app ARN.
|
2216
2215
|
# @return [String]
|
2217
2216
|
#
|
2218
2217
|
# @!attribute [rw] role_arn
|
2219
|
-
# The ARN of an
|
2220
|
-
# events to Amazon Pinpoint analytics.
|
2218
|
+
# The ARN of an Identity and Access Management role that authorizes
|
2219
|
+
# Amazon Cognito to publish events to Amazon Pinpoint analytics.
|
2221
2220
|
# @return [String]
|
2222
2221
|
#
|
2223
2222
|
# @!attribute [rw] external_id
|
@@ -2246,9 +2245,9 @@ module Aws::CognitoIdentityProvider
|
|
2246
2245
|
# An endpoint uniquely identifies a mobile device, email address, or
|
2247
2246
|
# phone number that can receive messages from Amazon Pinpoint analytics.
|
2248
2247
|
#
|
2249
|
-
# <note markdown="1"> Cognito User Pools only supports sending events to Amazon
|
2250
|
-
# projects in the US East (N. Virginia) us-east-1 Region,
|
2251
|
-
# the
|
2248
|
+
# <note markdown="1"> Amazon Cognito User Pools only supports sending events to Amazon
|
2249
|
+
# Pinpoint projects in the US East (N. Virginia) us-east-1 Region,
|
2250
|
+
# regardless of the Region in which the user pool resides.
|
2252
2251
|
#
|
2253
2252
|
# </note>
|
2254
2253
|
#
|
@@ -2284,7 +2283,7 @@ module Aws::CognitoIdentityProvider
|
|
2284
2283
|
# @return [String]
|
2285
2284
|
#
|
2286
2285
|
# @!attribute [rw] session
|
2287
|
-
# The session
|
2286
|
+
# The session that should be passed both ways in challenge-response
|
2288
2287
|
# calls to the service. This allows authentication of the user as part
|
2289
2288
|
# of the MFA setup process.
|
2290
2289
|
# @return [String]
|
@@ -2299,12 +2298,12 @@ module Aws::CognitoIdentityProvider
|
|
2299
2298
|
end
|
2300
2299
|
|
2301
2300
|
# @!attribute [rw] secret_code
|
2302
|
-
# A unique generated shared secret code that is used in the
|
2303
|
-
# algorithm to generate a one
|
2301
|
+
# A unique generated shared secret code that is used in the time-based
|
2302
|
+
# one-time password (TOTP) algorithm to generate a one-time code.
|
2304
2303
|
# @return [String]
|
2305
2304
|
#
|
2306
2305
|
# @!attribute [rw] session
|
2307
|
-
# The session
|
2306
|
+
# The session that should be passed both ways in challenge-response
|
2308
2307
|
# calls to the service. This allows authentication of the user as part
|
2309
2308
|
# of the MFA setup process.
|
2310
2309
|
# @return [String]
|
@@ -2372,9 +2371,9 @@ module Aws::CognitoIdentityProvider
|
|
2372
2371
|
# @return [Array<Types::ChallengeResponseType>]
|
2373
2372
|
#
|
2374
2373
|
# @!attribute [rw] event_context_data
|
2375
|
-
# The user context data captured at the time of an event request.
|
2376
|
-
# provides additional information about the client from which
|
2377
|
-
# the request is received.
|
2374
|
+
# The user context data captured at the time of an event request. This
|
2375
|
+
# value provides additional information about the client from which
|
2376
|
+
# event the request is received.
|
2378
2377
|
# @return [Types::EventContextDataType]
|
2379
2378
|
#
|
2380
2379
|
# @!attribute [rw] event_feedback
|
@@ -2439,7 +2438,7 @@ module Aws::CognitoIdentityProvider
|
|
2439
2438
|
# The challenge response type.
|
2440
2439
|
#
|
2441
2440
|
# @!attribute [rw] challenge_name
|
2442
|
-
# The challenge name
|
2441
|
+
# The challenge name.
|
2443
2442
|
# @return [String]
|
2444
2443
|
#
|
2445
2444
|
# @!attribute [rw] challenge_response
|
@@ -2534,7 +2533,7 @@ module Aws::CognitoIdentityProvider
|
|
2534
2533
|
include Aws::Structure
|
2535
2534
|
end
|
2536
2535
|
|
2537
|
-
# This exception is thrown if the provided code
|
2536
|
+
# This exception is thrown if the provided code doesn't match what the
|
2538
2537
|
# server was expecting.
|
2539
2538
|
#
|
2540
2539
|
# @!attribute [rw] message
|
@@ -2549,7 +2548,7 @@ module Aws::CognitoIdentityProvider
|
|
2549
2548
|
include Aws::Structure
|
2550
2549
|
end
|
2551
2550
|
|
2552
|
-
# The compromised credentials actions type
|
2551
|
+
# The compromised credentials actions type.
|
2553
2552
|
#
|
2554
2553
|
# @note When making an API call, you may pass CompromisedCredentialsActionsType
|
2555
2554
|
# data as a hash:
|
@@ -2660,8 +2659,8 @@ module Aws::CognitoIdentityProvider
|
|
2660
2659
|
# Confirms the device response.
|
2661
2660
|
#
|
2662
2661
|
# @!attribute [rw] user_confirmation_necessary
|
2663
|
-
# Indicates whether the user confirmation
|
2664
|
-
#
|
2662
|
+
# Indicates whether the user confirmation must confirm the device
|
2663
|
+
# response.
|
2665
2664
|
# @return [Boolean]
|
2666
2665
|
#
|
2667
2666
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ConfirmDeviceResponse AWS API Documentation
|
@@ -2752,19 +2751,18 @@ module Aws::CognitoIdentityProvider
|
|
2752
2751
|
# For more information, see [Customizing User Pool Workflows with
|
2753
2752
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
2754
2753
|
#
|
2755
|
-
# <note markdown="1">
|
2756
|
-
#
|
2754
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
2755
|
+
# Cognito won't do the following:
|
2757
2756
|
#
|
2758
|
-
# *
|
2759
|
-
#
|
2760
|
-
#
|
2761
|
-
#
|
2762
|
-
# purpose.
|
2757
|
+
# * Store the ClientMetadata value. This data is available only to
|
2758
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
2759
|
+
# workflows. If your user pool configuration doesn't include
|
2760
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
2763
2761
|
#
|
2764
|
-
# *
|
2762
|
+
# * Validate the ClientMetadata value.
|
2765
2763
|
#
|
2766
|
-
# *
|
2767
|
-
#
|
2764
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
2765
|
+
# provide sensitive information.
|
2768
2766
|
#
|
2769
2767
|
# </note>
|
2770
2768
|
#
|
@@ -2828,7 +2826,7 @@ module Aws::CognitoIdentityProvider
|
|
2828
2826
|
# @return [String]
|
2829
2827
|
#
|
2830
2828
|
# @!attribute [rw] username
|
2831
|
-
# The user name of the user whose registration you
|
2829
|
+
# The user name of the user whose registration you want to confirm.
|
2832
2830
|
# @return [String]
|
2833
2831
|
#
|
2834
2832
|
# @!attribute [rw] confirmation_code
|
@@ -2875,19 +2873,18 @@ module Aws::CognitoIdentityProvider
|
|
2875
2873
|
# For more information, see [Customizing User Pool Workflows with
|
2876
2874
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
2877
2875
|
#
|
2878
|
-
# <note markdown="1">
|
2879
|
-
#
|
2876
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
2877
|
+
# Cognito won't do the following:
|
2880
2878
|
#
|
2881
|
-
# *
|
2882
|
-
#
|
2883
|
-
#
|
2884
|
-
#
|
2885
|
-
# purpose.
|
2879
|
+
# * Store the ClientMetadata value. This data is available only to
|
2880
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
2881
|
+
# workflows. If your user pool configuration doesn't include
|
2882
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
2886
2883
|
#
|
2887
|
-
# *
|
2884
|
+
# * Validate the ClientMetadata value.
|
2888
2885
|
#
|
2889
|
-
# *
|
2890
|
-
#
|
2886
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
2887
|
+
# provide sensitive information.
|
2891
2888
|
#
|
2892
2889
|
# </note>
|
2893
2890
|
#
|
@@ -2954,7 +2951,7 @@ module Aws::CognitoIdentityProvider
|
|
2954
2951
|
# @return [Array<Types::HttpHeader>]
|
2955
2952
|
#
|
2956
2953
|
# @!attribute [rw] encoded_data
|
2957
|
-
# Encoded data containing device fingerprinting details
|
2954
|
+
# Encoded data containing device fingerprinting details collected
|
2958
2955
|
# using the Amazon Cognito context data collection library.
|
2959
2956
|
# @return [String]
|
2960
2957
|
#
|
@@ -2994,25 +2991,25 @@ module Aws::CognitoIdentityProvider
|
|
2994
2991
|
# @return [String]
|
2995
2992
|
#
|
2996
2993
|
# @!attribute [rw] role_arn
|
2997
|
-
# The role ARN for the group.
|
2994
|
+
# The role Amazon Resource Name (ARN) for the group.
|
2998
2995
|
# @return [String]
|
2999
2996
|
#
|
3000
2997
|
# @!attribute [rw] precedence
|
3001
|
-
# A
|
2998
|
+
# A non-negative integer value that specifies the precedence of this
|
3002
2999
|
# group relative to the other groups that a user can belong to in the
|
3003
3000
|
# user pool. Zero is the highest precedence value. Groups with lower
|
3004
|
-
# `Precedence` values take precedence over groups with higher
|
3001
|
+
# `Precedence` values take precedence over groups with higher ornull
|
3005
3002
|
# `Precedence` values. If a user belongs to two or more groups, it is
|
3006
|
-
# the group with the lowest precedence value whose role ARN
|
3007
|
-
#
|
3008
|
-
#
|
3003
|
+
# the group with the lowest precedence value whose role ARN is given
|
3004
|
+
# in the user's tokens for the `cognito:roles` and
|
3005
|
+
# `cognito:preferred_role` claims.
|
3009
3006
|
#
|
3010
3007
|
# Two groups can have the same `Precedence` value. If this happens,
|
3011
3008
|
# neither group takes precedence over the other. If two groups with
|
3012
3009
|
# the same `Precedence` have the same role ARN, that role is used in
|
3013
3010
|
# the `cognito:preferred_role` claim in tokens for users in each
|
3014
3011
|
# group. If the two groups have different role ARNs, the
|
3015
|
-
# `cognito:preferred_role` claim
|
3012
|
+
# `cognito:preferred_role` claim isn't set in users' tokens.
|
3016
3013
|
#
|
3017
3014
|
# The default `Precedence` value is null.
|
3018
3015
|
# @return [Integer]
|
@@ -3103,7 +3100,7 @@ module Aws::CognitoIdentityProvider
|
|
3103
3100
|
#
|
3104
3101
|
# * authorize\_scopes
|
3105
3102
|
#
|
3106
|
-
# * For OIDC providers:
|
3103
|
+
# * For OpenID Connect (OIDC) providers:
|
3107
3104
|
#
|
3108
3105
|
# * client\_id
|
3109
3106
|
#
|
@@ -3127,11 +3124,14 @@ module Aws::CognitoIdentityProvider
|
|
3127
3124
|
# * jwks\_uri *if not available from discovery URL specified by
|
3128
3125
|
# oidc\_issuer key*
|
3129
3126
|
#
|
3127
|
+
# * attributes\_url\_add\_attributes *a read-only property that is
|
3128
|
+
# set automatically*
|
3129
|
+
#
|
3130
3130
|
# * For SAML providers:
|
3131
3131
|
#
|
3132
3132
|
# * MetadataFile OR MetadataURL
|
3133
3133
|
#
|
3134
|
-
# * IDPSignout
|
3134
|
+
# * IDPSignout (optional)
|
3135
3135
|
# @return [Hash<String,String>]
|
3136
3136
|
#
|
3137
3137
|
# @!attribute [rw] attribute_mapping
|
@@ -3189,8 +3189,8 @@ module Aws::CognitoIdentityProvider
|
|
3189
3189
|
#
|
3190
3190
|
# @!attribute [rw] identifier
|
3191
3191
|
# A unique resource server identifier for the resource server. This
|
3192
|
-
# could be an HTTPS endpoint where the resource server is located
|
3193
|
-
#
|
3192
|
+
# could be an HTTPS endpoint where the resource server is located,
|
3193
|
+
# such as `https://my-weather-api.example.com`.
|
3194
3194
|
# @return [String]
|
3195
3195
|
#
|
3196
3196
|
# @!attribute [rw] name
|
@@ -3198,8 +3198,8 @@ module Aws::CognitoIdentityProvider
|
|
3198
3198
|
# @return [String]
|
3199
3199
|
#
|
3200
3200
|
# @!attribute [rw] scopes
|
3201
|
-
# A list of scopes. Each scope is map
|
3202
|
-
# `description`.
|
3201
|
+
# A list of scopes. Each scope is a key-value map with the keys `name`
|
3202
|
+
# and `description`.
|
3203
3203
|
# @return [Array<Types::ResourceServerScopeType>]
|
3204
3204
|
#
|
3205
3205
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateResourceServerRequest AWS API Documentation
|
@@ -3246,8 +3246,8 @@ module Aws::CognitoIdentityProvider
|
|
3246
3246
|
# @return [String]
|
3247
3247
|
#
|
3248
3248
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
3249
|
-
# The role ARN for the Amazon CloudWatch Logging role for the
|
3250
|
-
# import job.
|
3249
|
+
# The role ARN for the Amazon CloudWatch Logs Logging role for the
|
3250
|
+
# user import job.
|
3251
3251
|
# @return [String]
|
3252
3252
|
#
|
3253
3253
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserImportJobRequest AWS API Documentation
|
@@ -3329,24 +3329,24 @@ module Aws::CognitoIdentityProvider
|
|
3329
3329
|
#
|
3330
3330
|
# @!attribute [rw] refresh_token_validity
|
3331
3331
|
# The time limit, in days, after which the refresh token is no longer
|
3332
|
-
# valid and
|
3332
|
+
# valid and can't be used.
|
3333
3333
|
# @return [Integer]
|
3334
3334
|
#
|
3335
3335
|
# @!attribute [rw] access_token_validity
|
3336
3336
|
# The time limit, between 5 minutes and 1 day, after which the access
|
3337
|
-
# token is no longer valid and
|
3338
|
-
#
|
3337
|
+
# token is no longer valid and can't be used. If you supply a
|
3338
|
+
# TokenValidityUnits value, you will override the default time unit.
|
3339
3339
|
# @return [Integer]
|
3340
3340
|
#
|
3341
3341
|
# @!attribute [rw] id_token_validity
|
3342
|
-
# The time limit, between 5 minutes and 1 day, after which the
|
3343
|
-
# token is no longer valid and
|
3344
|
-
#
|
3342
|
+
# The time limit, between 5 minutes and 1 day, after which the access
|
3343
|
+
# token is no longer valid and can't be used. If you supply a
|
3344
|
+
# TokenValidityUnits value, you will override the default time unit.
|
3345
3345
|
# @return [Integer]
|
3346
3346
|
#
|
3347
3347
|
# @!attribute [rw] token_validity_units
|
3348
|
-
# The units in which the validity times are represented
|
3349
|
-
#
|
3348
|
+
# The units in which the validity times are represented. Default for
|
3349
|
+
# RefreshToken is days, and default for ID and access tokens are
|
3350
3350
|
# hours.
|
3351
3351
|
# @return [Types::TokenValidityUnitsType]
|
3352
3352
|
#
|
@@ -3362,7 +3362,7 @@ module Aws::CognitoIdentityProvider
|
|
3362
3362
|
# identity provider attributes. Amazon Cognito updates mapped
|
3363
3363
|
# attributes when users sign in to your application through an
|
3364
3364
|
# identity provider. If your app client lacks write access to a mapped
|
3365
|
-
# attribute, Amazon Cognito throws an error when it
|
3365
|
+
# attribute, Amazon Cognito throws an error when it tries to update
|
3366
3366
|
# the attribute. For more information, see [Specifying Identity
|
3367
3367
|
# Provider Attribute Mappings for Your User Pool][1].
|
3368
3368
|
#
|
@@ -3373,27 +3373,28 @@ module Aws::CognitoIdentityProvider
|
|
3373
3373
|
#
|
3374
3374
|
# @!attribute [rw] explicit_auth_flows
|
3375
3375
|
# The authentication flows that are supported by the user pool
|
3376
|
-
# clients. Flow names without the `ALLOW_` prefix are
|
3377
|
-
# favor of new names with the `ALLOW_` prefix. Note that
|
3378
|
-
# `ALLOW_` prefix
|
3379
|
-
# prefix.
|
3376
|
+
# clients. Flow names without the `ALLOW_` prefix are no longer
|
3377
|
+
# supported, in favor of new names with the `ALLOW_` prefix. Note that
|
3378
|
+
# values with `ALLOW_` prefix must be used only along with the
|
3379
|
+
# `ALLOW_` prefix.
|
3380
3380
|
#
|
3381
3381
|
# Valid values include:
|
3382
3382
|
#
|
3383
3383
|
# * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user
|
3384
3384
|
# password authentication flow `ADMIN_USER_PASSWORD_AUTH`. This
|
3385
3385
|
# setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this
|
3386
|
-
# authentication flow, Cognito receives the password in the
|
3387
|
-
# instead of using the
|
3388
|
-
#
|
3386
|
+
# authentication flow, Amazon Cognito receives the password in the
|
3387
|
+
# request instead of using the Secure Remote Password (SRP) protocol
|
3388
|
+
# to verify passwords.
|
3389
3389
|
#
|
3390
3390
|
# * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
|
3391
3391
|
#
|
3392
3392
|
# * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
|
3393
|
-
# authentication. In this flow, Cognito receives the password
|
3394
|
-
# request instead of using the SRP protocol to verify
|
3393
|
+
# authentication. In this flow, Amazon Cognito receives the password
|
3394
|
+
# in the request instead of using the SRP protocol to verify
|
3395
|
+
# passwords.
|
3395
3396
|
#
|
3396
|
-
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP
|
3397
|
+
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
|
3397
3398
|
#
|
3398
3399
|
# * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
|
3399
3400
|
# @return [Array<String>]
|
@@ -3479,52 +3480,47 @@ module Aws::CognitoIdentityProvider
|
|
3479
3480
|
#
|
3480
3481
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
3481
3482
|
# Set to true if the client is allowed to follow the OAuth protocol
|
3482
|
-
# when interacting with Cognito user pools.
|
3483
|
+
# when interacting with Amazon Cognito user pools.
|
3483
3484
|
# @return [Boolean]
|
3484
3485
|
#
|
3485
3486
|
# @!attribute [rw] analytics_configuration
|
3486
3487
|
# The Amazon Pinpoint analytics configuration for collecting metrics
|
3487
3488
|
# for this user pool.
|
3488
3489
|
#
|
3489
|
-
# <note markdown="1"> In
|
3490
|
-
# supports sending events to Amazon Pinpoint projects in
|
3491
|
-
#
|
3492
|
-
# sending events to Amazon Pinpoint projects within
|
3490
|
+
# <note markdown="1"> In Amazon Web Services Regions where isn't available, User Pools
|
3491
|
+
# only supports sending events to Amazon Pinpoint projects in Amazon
|
3492
|
+
# Web Services Region us-east-1. In Regions where is available, User
|
3493
|
+
# Pools will support sending events to Amazon Pinpoint projects within
|
3494
|
+
# that same Region.
|
3493
3495
|
#
|
3494
3496
|
# </note>
|
3495
3497
|
# @return [Types::AnalyticsConfigurationType]
|
3496
3498
|
#
|
3497
3499
|
# @!attribute [rw] prevent_user_existence_errors
|
3498
|
-
#
|
3499
|
-
#
|
3500
|
-
#
|
3501
|
-
#
|
3502
|
-
#
|
3503
|
-
#
|
3504
|
-
#
|
3505
|
-
#
|
3506
|
-
#
|
3500
|
+
# Errors and responses that you want Amazon Cognito APIs to return
|
3501
|
+
# during authentication, account confirmation, and password recovery
|
3502
|
+
# when the user doesn't exist in the user pool. When set to `ENABLED`
|
3503
|
+
# and the user doesn't exist, authentication returns an error
|
3504
|
+
# indicating either the username or password was incorrect. Account
|
3505
|
+
# confirmation and password recovery return a response indicating a
|
3506
|
+
# code was sent to a simulated destination. When set to `LEGACY`,
|
3507
|
+
# those APIs return a `UserNotFoundException` exception if the user
|
3508
|
+
# doesn't exist in the user pool.
|
3507
3509
|
#
|
3508
3510
|
# Valid values include:
|
3509
3511
|
#
|
3510
3512
|
# * `ENABLED` - This prevents user existence-related errors.
|
3511
3513
|
#
|
3512
|
-
# * `LEGACY` - This represents the
|
3513
|
-
# existence related errors
|
3514
|
-
#
|
3515
|
-
# <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
|
3516
|
-
# will default to `ENABLED` for newly created user pool clients if no
|
3517
|
-
# value is provided.
|
3518
|
-
#
|
3519
|
-
# </note>
|
3514
|
+
# * `LEGACY` - This represents the early behavior of Amazon Cognito
|
3515
|
+
# where user existence related errors aren't prevented.
|
3520
3516
|
# @return [String]
|
3521
3517
|
#
|
3522
3518
|
# @!attribute [rw] enable_token_revocation
|
3523
|
-
#
|
3524
|
-
# revoking tokens, see [RevokeToken][1].
|
3519
|
+
# Activates or deactivates token revocation. For more information
|
3520
|
+
# about revoking tokens, see [RevokeToken][1].
|
3525
3521
|
#
|
3526
3522
|
# If you don't include this parameter, token revocation is
|
3527
|
-
# automatically
|
3523
|
+
# automatically activated for the new user pool client.
|
3528
3524
|
#
|
3529
3525
|
#
|
3530
3526
|
#
|
@@ -3584,7 +3580,9 @@ module Aws::CognitoIdentityProvider
|
|
3584
3580
|
# }
|
3585
3581
|
#
|
3586
3582
|
# @!attribute [rw] domain
|
3587
|
-
# The domain string.
|
3583
|
+
# The domain string. For custom domains, this is the fully-qualified
|
3584
|
+
# domain name, such as `auth.example.com`. For Amazon Cognito prefix
|
3585
|
+
# domains, this is the prefix alone, such as `auth`.
|
3588
3586
|
# @return [String]
|
3589
3587
|
#
|
3590
3588
|
# @!attribute [rw] user_pool_id
|
@@ -3756,16 +3754,16 @@ module Aws::CognitoIdentityProvider
|
|
3756
3754
|
# The Lambda trigger configuration information for the new user pool.
|
3757
3755
|
#
|
3758
3756
|
# <note markdown="1"> In a push model, event sources (such as Amazon S3 and custom
|
3759
|
-
# applications) need permission to invoke a function. So you
|
3760
|
-
#
|
3761
|
-
#
|
3757
|
+
# applications) need permission to invoke a function. So you must make
|
3758
|
+
# an extra call to add permission for these event sources to invoke
|
3759
|
+
# your Lambda function.
|
3762
3760
|
#
|
3763
3761
|
#
|
3764
3762
|
#
|
3765
|
-
# For more information on using the Lambda API to add permission, see
|
3766
|
-
#
|
3763
|
+
# For more information on using the Lambda API to add permission, see[
|
3764
|
+
# AddPermission ][1].
|
3767
3765
|
#
|
3768
|
-
# For adding permission using the CLI, see
|
3766
|
+
# For adding permission using the CLI, see[ add-permission ][2].
|
3769
3767
|
#
|
3770
3768
|
# </note>
|
3771
3769
|
#
|
@@ -3786,8 +3784,8 @@ module Aws::CognitoIdentityProvider
|
|
3786
3784
|
# @return [Array<String>]
|
3787
3785
|
#
|
3788
3786
|
# @!attribute [rw] username_attributes
|
3789
|
-
# Specifies whether email
|
3790
|
-
#
|
3787
|
+
# Specifies whether a user can use an email address or phone number as
|
3788
|
+
# a username when they sign up.
|
3791
3789
|
# @return [Array<String>]
|
3792
3790
|
#
|
3793
3791
|
# @!attribute [rw] sms_verification_message
|
@@ -3855,16 +3853,16 @@ module Aws::CognitoIdentityProvider
|
|
3855
3853
|
# @return [Array<Types::SchemaAttributeType>]
|
3856
3854
|
#
|
3857
3855
|
# @!attribute [rw] user_pool_add_ons
|
3858
|
-
#
|
3856
|
+
# Enables advanced security risk detection. Set the key
|
3859
3857
|
# `AdvancedSecurityMode` to the value "AUDIT".
|
3860
3858
|
# @return [Types::UserPoolAddOnsType]
|
3861
3859
|
#
|
3862
3860
|
# @!attribute [rw] username_configuration
|
3863
|
-
#
|
3864
|
-
#
|
3865
|
-
#
|
3866
|
-
#
|
3867
|
-
#
|
3861
|
+
# Case sensitivity on the username input for the selected sign-in
|
3862
|
+
# option. For example, when case sensitivity is set to `False`, users
|
3863
|
+
# can sign in using either "username" or "Username". This
|
3864
|
+
# configuration is immutable once it has been set. For more
|
3865
|
+
# information, see [UsernameConfigurationType][1].
|
3868
3866
|
#
|
3869
3867
|
#
|
3870
3868
|
#
|
@@ -3872,14 +3870,14 @@ module Aws::CognitoIdentityProvider
|
|
3872
3870
|
# @return [Types::UsernameConfigurationType]
|
3873
3871
|
#
|
3874
3872
|
# @!attribute [rw] account_recovery_setting
|
3875
|
-
#
|
3876
|
-
#
|
3877
|
-
#
|
3878
|
-
#
|
3879
|
-
#
|
3880
|
-
#
|
3881
|
-
#
|
3882
|
-
#
|
3873
|
+
# The available verified method a user can use to recover their
|
3874
|
+
# password when they call `ForgotPassword`. You can use this setting
|
3875
|
+
# to define a preferred method when a user has more than one method
|
3876
|
+
# available. With this setting, SMS doesn't qualify for a valid
|
3877
|
+
# password recovery mechanism if the user also has SMS multi-factor
|
3878
|
+
# authentication (MFA) activated. In the absence of this setting,
|
3879
|
+
# Amazon Cognito uses the legacy behavior to determine the recovery
|
3880
|
+
# method where SMS is preferred through email.
|
3883
3881
|
# @return [Types::AccountRecoverySettingType]
|
3884
3882
|
#
|
3885
3883
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolRequest AWS API Documentation
|
@@ -3960,14 +3958,14 @@ module Aws::CognitoIdentityProvider
|
|
3960
3958
|
# }
|
3961
3959
|
#
|
3962
3960
|
# @!attribute [rw] lambda_version
|
3963
|
-
#
|
3964
|
-
#
|
3965
|
-
#
|
3961
|
+
# Signature of the "request" attribute in the "event" information
|
3962
|
+
# Amazon Cognito passes to your custom email Lambda function. The only
|
3963
|
+
# supported value is `V1_0`.
|
3966
3964
|
# @return [String]
|
3967
3965
|
#
|
3968
3966
|
# @!attribute [rw] lambda_arn
|
3969
|
-
# The
|
3970
|
-
# Cognito
|
3967
|
+
# The Amazon Resource Name (ARN) of the Lambda function that Amazon
|
3968
|
+
# Cognito activates to send email notifications to users.
|
3971
3969
|
# @return [String]
|
3972
3970
|
#
|
3973
3971
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CustomEmailLambdaVersionConfigType AWS API Documentation
|
@@ -3990,14 +3988,14 @@ module Aws::CognitoIdentityProvider
|
|
3990
3988
|
# }
|
3991
3989
|
#
|
3992
3990
|
# @!attribute [rw] lambda_version
|
3993
|
-
#
|
3994
|
-
#
|
3995
|
-
#
|
3991
|
+
# Signature of the "request" attribute in the "event" information
|
3992
|
+
# that Amazon Cognito passes to your custom SMS Lambda function. The
|
3993
|
+
# only supported value is `V1_0`.
|
3996
3994
|
# @return [String]
|
3997
3995
|
#
|
3998
3996
|
# @!attribute [rw] lambda_arn
|
3999
|
-
# The
|
4000
|
-
# Cognito
|
3997
|
+
# The Amazon Resource Name (ARN) of the Lambda function that Amazon
|
3998
|
+
# Cognito activates to send SMS notifications to users.
|
4001
3999
|
# @return [String]
|
4002
4000
|
#
|
4003
4001
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CustomSMSLambdaVersionConfigType AWS API Documentation
|
@@ -4095,11 +4093,11 @@ module Aws::CognitoIdentityProvider
|
|
4095
4093
|
# }
|
4096
4094
|
#
|
4097
4095
|
# @!attribute [rw] user_attribute_names
|
4098
|
-
# An array of strings representing the user attribute names you
|
4096
|
+
# An array of strings representing the user attribute names you want
|
4099
4097
|
# to delete.
|
4100
4098
|
#
|
4101
|
-
# For custom attributes, you must
|
4102
|
-
# attribute name.
|
4099
|
+
# For custom attributes, you must prependattach the `custom:` prefix
|
4100
|
+
# to the front of the attribute name.
|
4103
4101
|
# @return [Array<String>]
|
4104
4102
|
#
|
4105
4103
|
# @!attribute [rw] access_token
|
@@ -4158,7 +4156,9 @@ module Aws::CognitoIdentityProvider
|
|
4158
4156
|
# }
|
4159
4157
|
#
|
4160
4158
|
# @!attribute [rw] domain
|
4161
|
-
# The domain string.
|
4159
|
+
# The domain string. For custom domains, this is the fully-qualified
|
4160
|
+
# domain name, such as `auth.example.com`. For Amazon Cognito prefix
|
4161
|
+
# domains, this is the prefix alone, such as `auth`.
|
4162
4162
|
# @return [String]
|
4163
4163
|
#
|
4164
4164
|
# @!attribute [rw] user_pool_id
|
@@ -4425,7 +4425,9 @@ module Aws::CognitoIdentityProvider
|
|
4425
4425
|
# }
|
4426
4426
|
#
|
4427
4427
|
# @!attribute [rw] domain
|
4428
|
-
# The domain string.
|
4428
|
+
# The domain string. For custom domains, this is the fully-qualified
|
4429
|
+
# domain name, such as `auth.example.com`. For Amazon Cognito prefix
|
4430
|
+
# domains, this is the prefix alone, such as `auth`.
|
4429
4431
|
# @return [String]
|
4430
4432
|
#
|
4431
4433
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolDomainRequest AWS API Documentation
|
@@ -4484,7 +4486,13 @@ module Aws::CognitoIdentityProvider
|
|
4484
4486
|
include Aws::Structure
|
4485
4487
|
end
|
4486
4488
|
|
4487
|
-
# The configuration for
|
4489
|
+
# The device tracking configuration for a user pool. A user pool with
|
4490
|
+
# device tracking deactivated returns a null value.
|
4491
|
+
#
|
4492
|
+
# <note markdown="1"> When you provide values for any DeviceConfiguration field, you
|
4493
|
+
# activate device tracking.
|
4494
|
+
#
|
4495
|
+
# </note>
|
4488
4496
|
#
|
4489
4497
|
# @note When making an API call, you may pass DeviceConfigurationType
|
4490
4498
|
# data as a hash:
|
@@ -4495,12 +4503,21 @@ module Aws::CognitoIdentityProvider
|
|
4495
4503
|
# }
|
4496
4504
|
#
|
4497
4505
|
# @!attribute [rw] challenge_required_on_new_device
|
4498
|
-
#
|
4499
|
-
#
|
4506
|
+
# When true, device authentication can replace SMS and time-based
|
4507
|
+
# one-time password (TOTP) factors for multi-factor authentication
|
4508
|
+
# (MFA).
|
4509
|
+
#
|
4510
|
+
# <note markdown="1"> Users that sign in with devices that have not been confirmed or
|
4511
|
+
# remembered will still have to provide a second factor, whether or
|
4512
|
+
# not ChallengeRequiredOnNewDevice is true, when your user pool
|
4513
|
+
# requires MFA.
|
4514
|
+
#
|
4515
|
+
# </note>
|
4500
4516
|
# @return [Boolean]
|
4501
4517
|
#
|
4502
4518
|
# @!attribute [rw] device_only_remembered_on_user_prompt
|
4503
|
-
#
|
4519
|
+
# When true, users can opt in to remembering their device. Your app
|
4520
|
+
# code must use callback functions to return the user's choice.
|
4504
4521
|
# @return [Boolean]
|
4505
4522
|
#
|
4506
4523
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeviceConfigurationType AWS API Documentation
|
@@ -4512,7 +4529,7 @@ module Aws::CognitoIdentityProvider
|
|
4512
4529
|
include Aws::Structure
|
4513
4530
|
end
|
4514
4531
|
|
4515
|
-
# The device verifier against which it
|
4532
|
+
# The device verifier against which it is authenticated.
|
4516
4533
|
#
|
4517
4534
|
# @note When making an API call, you may pass DeviceSecretVerifierConfigType
|
4518
4535
|
# data as a hash:
|
@@ -4558,7 +4575,7 @@ module Aws::CognitoIdentityProvider
|
|
4558
4575
|
# @return [Time]
|
4559
4576
|
#
|
4560
4577
|
# @!attribute [rw] device_last_authenticated_date
|
4561
|
-
# The date
|
4578
|
+
# The date when the device was last authenticated.
|
4562
4579
|
# @return [Time]
|
4563
4580
|
#
|
4564
4581
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeviceType AWS API Documentation
|
@@ -4580,19 +4597,23 @@ module Aws::CognitoIdentityProvider
|
|
4580
4597
|
# @return [String]
|
4581
4598
|
#
|
4582
4599
|
# @!attribute [rw] aws_account_id
|
4583
|
-
# The
|
4600
|
+
# The Amazon Web Services ID for the user pool owner.
|
4584
4601
|
# @return [String]
|
4585
4602
|
#
|
4586
4603
|
# @!attribute [rw] domain
|
4587
|
-
# The domain string.
|
4604
|
+
# The domain string. For custom domains, this is the fully-qualified
|
4605
|
+
# domain name, such as `auth.example.com`. For Amazon Cognito prefix
|
4606
|
+
# domains, this is the prefix alone, such as `auth`.
|
4588
4607
|
# @return [String]
|
4589
4608
|
#
|
4590
4609
|
# @!attribute [rw] s3_bucket
|
4591
|
-
# The S3 bucket where the static files for this domain are
|
4610
|
+
# The Amazon S3 bucket where the static files for this domain are
|
4611
|
+
# stored.
|
4592
4612
|
# @return [String]
|
4593
4613
|
#
|
4594
4614
|
# @!attribute [rw] cloud_front_distribution
|
4595
|
-
# The ARN of the CloudFront
|
4615
|
+
# The Amazon Resource Name (ARN) of the Amazon CloudFront
|
4616
|
+
# distribution.
|
4596
4617
|
# @return [String]
|
4597
4618
|
#
|
4598
4619
|
# @!attribute [rw] version
|
@@ -4639,9 +4660,9 @@ module Aws::CognitoIdentityProvider
|
|
4639
4660
|
|
4640
4661
|
# The email configuration type.
|
4641
4662
|
#
|
4642
|
-
# <note markdown="1"> Amazon Cognito has specific
|
4643
|
-
# information on the supported
|
4644
|
-
# Cognito
|
4663
|
+
# <note markdown="1"> Amazon Cognito has specific Regions for use with Amazon Simple Email
|
4664
|
+
# Service. For more information on the supported Regions, see [Email
|
4665
|
+
# settings for Amazon Cognito user pools][1].
|
4645
4666
|
#
|
4646
4667
|
# </note>
|
4647
4668
|
#
|
@@ -4661,13 +4682,12 @@ module Aws::CognitoIdentityProvider
|
|
4661
4682
|
# }
|
4662
4683
|
#
|
4663
4684
|
# @!attribute [rw] source_arn
|
4664
|
-
# The
|
4665
|
-
#
|
4666
|
-
#
|
4667
|
-
# `EmailSendingAccount` parameter:
|
4685
|
+
# The ARN of a verified email address in Amazon SES. Amazon Cognito
|
4686
|
+
# uses this email address in one of the following ways, depending on
|
4687
|
+
# the value that you specify for the `EmailSendingAccount` parameter:
|
4668
4688
|
#
|
4669
4689
|
# * If you specify `COGNITO_DEFAULT`, Amazon Cognito uses this address
|
4670
|
-
# as the custom FROM address when it emails your users
|
4690
|
+
# as the custom FROM address when it emails your users using its
|
4671
4691
|
# built-in email account.
|
4672
4692
|
#
|
4673
4693
|
# * If you specify `DEVELOPER`, Amazon Cognito emails your users with
|
@@ -4675,13 +4695,13 @@ module Aws::CognitoIdentityProvider
|
|
4675
4695
|
# @return [String]
|
4676
4696
|
#
|
4677
4697
|
# @!attribute [rw] reply_to_email_address
|
4678
|
-
# The destination to which the receiver of the email should reply
|
4698
|
+
# The destination to which the receiver of the email should reply.
|
4679
4699
|
# @return [String]
|
4680
4700
|
#
|
4681
4701
|
# @!attribute [rw] email_sending_account
|
4682
4702
|
# Specifies whether Amazon Cognito emails your users by using its
|
4683
|
-
# built-in email functionality or your Amazon
|
4684
|
-
# Specify one of the following values:
|
4703
|
+
# built-in email functionality or your Amazon Simple Email Service
|
4704
|
+
# email configuration. Specify one of the following values:
|
4685
4705
|
#
|
4686
4706
|
# COGNITO\_DEFAULT
|
4687
4707
|
#
|
@@ -4689,20 +4709,20 @@ module Aws::CognitoIdentityProvider
|
|
4689
4709
|
# functionality. When you use the default option, Amazon Cognito
|
4690
4710
|
# allows only a limited number of emails each day for your user
|
4691
4711
|
# pool. For typical production environments, the default email limit
|
4692
|
-
# is
|
4712
|
+
# is less than the required delivery volume. To achieve a higher
|
4693
4713
|
# delivery volume, specify DEVELOPER to use your Amazon SES email
|
4694
4714
|
# configuration.
|
4695
4715
|
#
|
4696
4716
|
# To look up the email delivery limit for the default option, see
|
4697
|
-
# [Limits in
|
4698
|
-
# Guide*.
|
4717
|
+
# [Limits in ][1] in the <i> Developer Guide</i>.
|
4699
4718
|
#
|
4700
|
-
# The default FROM address is no-reply@verificationemail.com
|
4701
|
-
# customize the FROM address, provide the
|
4702
|
-
# verified email address for the `SourceArn`
|
4719
|
+
# The default FROM address is `no-reply@verificationemail.com`. To
|
4720
|
+
# customize the FROM address, provide the Amazon Resource Name (ARN)
|
4721
|
+
# of an Amazon SES verified email address for the `SourceArn`
|
4722
|
+
# parameter.
|
4703
4723
|
#
|
4704
|
-
# If EmailSendingAccount is COGNITO\_DEFAULT, the
|
4705
|
-
# parameters
|
4724
|
+
# If EmailSendingAccount is COGNITO\_DEFAULT, you can't use the
|
4725
|
+
# following parameters:
|
4706
4726
|
#
|
4707
4727
|
# * EmailVerificationMessage
|
4708
4728
|
#
|
@@ -4730,7 +4750,8 @@ module Aws::CognitoIdentityProvider
|
|
4730
4750
|
# configuration. Amazon Cognito calls Amazon SES on your behalf to
|
4731
4751
|
# send email from your verified email address. When you use this
|
4732
4752
|
# option, the email delivery limits are the same limits that apply
|
4733
|
-
# to your Amazon SES verified email address in your
|
4753
|
+
# to your Amazon SES verified email address in your Amazon Web
|
4754
|
+
# Services account.
|
4734
4755
|
#
|
4735
4756
|
# If you use this option, you must provide the ARN of an Amazon SES
|
4736
4757
|
# verified email address for the `SourceArn` parameter.
|
@@ -4738,12 +4759,12 @@ module Aws::CognitoIdentityProvider
|
|
4738
4759
|
# Before Amazon Cognito can email your users, it requires additional
|
4739
4760
|
# permissions to call Amazon SES on your behalf. When you update
|
4740
4761
|
# your user pool with this option, Amazon Cognito creates a
|
4741
|
-
# *service-linked role*, which is a type of
|
4742
|
-
# account. This role contains the permissions that allow
|
4743
|
-
#
|
4744
|
-
#
|
4745
|
-
#
|
4746
|
-
#
|
4762
|
+
# *service-linked role*, which is a type of role, in your Amazon Web
|
4763
|
+
# Services account. This role contains the permissions that allow to
|
4764
|
+
# access Amazon SES and send email messages with your address. For
|
4765
|
+
# more information about the service-linked role that Amazon Cognito
|
4766
|
+
# creates, see [Using Service-Linked Roles for Amazon Cognito][2] in
|
4767
|
+
# the *Amazon Cognito Developer Guide*.
|
4747
4768
|
#
|
4748
4769
|
#
|
4749
4770
|
#
|
@@ -4752,29 +4773,30 @@ module Aws::CognitoIdentityProvider
|
|
4752
4773
|
# @return [String]
|
4753
4774
|
#
|
4754
4775
|
# @!attribute [rw] from
|
4755
|
-
#
|
4756
|
-
#
|
4757
|
-
#
|
4758
|
-
#
|
4776
|
+
# Either the sender’s email address or the sender’s name with their
|
4777
|
+
# email address. For example, `testuser@example.com` or `Test User
|
4778
|
+
# <testuser@example.com>`. This address appears before the body of the
|
4779
|
+
# email.
|
4759
4780
|
# @return [String]
|
4760
4781
|
#
|
4761
4782
|
# @!attribute [rw] configuration_set
|
4762
4783
|
# The set of configuration rules that can be applied to emails sent
|
4763
|
-
# using Amazon
|
4764
|
-
# including a reference to the configuration set in the
|
4765
|
-
# email. Once applied, all of the rules in that
|
4766
|
-
# applied to the email. Configuration sets can
|
4767
|
-
# following types of rules to emails:
|
4768
|
-
#
|
4769
|
-
# * Event publishing – Amazon
|
4770
|
-
# delivery, open, click, bounce, and complaint
|
4771
|
-
# sent. Use event publishing to send
|
4772
|
-
# to other Amazon Web Services
|
4784
|
+
# using Amazon Simple Email Service. A configuration set is applied to
|
4785
|
+
# an email by including a reference to the configuration set in the
|
4786
|
+
# headers of the email. Once applied, all of the rules in that
|
4787
|
+
# configuration set are applied to the email. Configuration sets can
|
4788
|
+
# be used to apply the following types of rules to emails:
|
4789
|
+
#
|
4790
|
+
# * Event publishing – Amazon Simple Email Service can track the
|
4791
|
+
# number of send, delivery, open, click, bounce, and complaint
|
4792
|
+
# events for each email sent. Use event publishing to send
|
4793
|
+
# information about these events to other Amazon Web Services
|
4794
|
+
# services such as and Amazon CloudWatch.
|
4773
4795
|
#
|
4774
4796
|
# * IP pool management – When leasing dedicated IP addresses with
|
4775
|
-
# Amazon
|
4776
|
-
# dedicated IP pools. You can then associate the
|
4777
|
-
# with configuration sets.
|
4797
|
+
# Amazon Simple Email Service, you can create groups of IP
|
4798
|
+
# addresses, called dedicated IP pools. You can then associate the
|
4799
|
+
# dedicated IP pools with configuration sets.
|
4778
4800
|
# @return [String]
|
4779
4801
|
#
|
4780
4802
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/EmailConfigurationType AWS API Documentation
|
@@ -4994,19 +5016,18 @@ module Aws::CognitoIdentityProvider
|
|
4994
5016
|
# For more information, see [Customizing User Pool Workflows with
|
4995
5017
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
4996
5018
|
#
|
4997
|
-
# <note markdown="1">
|
4998
|
-
#
|
5019
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
5020
|
+
# Cognito won't do the following:
|
4999
5021
|
#
|
5000
|
-
# *
|
5001
|
-
#
|
5002
|
-
#
|
5003
|
-
#
|
5004
|
-
# purpose.
|
5022
|
+
# * Store the ClientMetadata value. This data is available only to
|
5023
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
5024
|
+
# workflows. If your user pool configuration doesn't include
|
5025
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
5005
5026
|
#
|
5006
|
-
# *
|
5027
|
+
# * Validate the ClientMetadata value.
|
5007
5028
|
#
|
5008
|
-
# *
|
5009
|
-
#
|
5029
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
5030
|
+
# provide sensitive information.
|
5010
5031
|
#
|
5011
5032
|
# </note>
|
5012
5033
|
#
|
@@ -5044,7 +5065,7 @@ module Aws::CognitoIdentityProvider
|
|
5044
5065
|
include Aws::Structure
|
5045
5066
|
end
|
5046
5067
|
|
5047
|
-
# Represents the request to get the header information
|
5068
|
+
# Represents the request to get the header information of the CSV file
|
5048
5069
|
# for the user import job.
|
5049
5070
|
#
|
5050
5071
|
# @note When making an API call, you may pass GetCSVHeaderRequest
|
@@ -5068,7 +5089,7 @@ module Aws::CognitoIdentityProvider
|
|
5068
5089
|
end
|
5069
5090
|
|
5070
5091
|
# Represents the response from the server to the request to get the
|
5071
|
-
# header information
|
5092
|
+
# header information of the CSV file for the user import job.
|
5072
5093
|
#
|
5073
5094
|
# @!attribute [rw] user_pool_id
|
5074
5095
|
# The user pool ID for the user pool that the users are to be imported
|
@@ -5076,7 +5097,7 @@ module Aws::CognitoIdentityProvider
|
|
5076
5097
|
# @return [String]
|
5077
5098
|
#
|
5078
5099
|
# @!attribute [rw] csv_header
|
5079
|
-
# The header information
|
5100
|
+
# The header information of the CSV file for the user import job.
|
5080
5101
|
# @return [Array<String>]
|
5081
5102
|
#
|
5082
5103
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetCSVHeaderResponse AWS API Documentation
|
@@ -5203,7 +5224,7 @@ module Aws::CognitoIdentityProvider
|
|
5203
5224
|
include Aws::Structure
|
5204
5225
|
end
|
5205
5226
|
|
5206
|
-
# Request to get a signing certificate from Cognito.
|
5227
|
+
# Request to get a signing certificate from Amazon Cognito.
|
5207
5228
|
#
|
5208
5229
|
# @note When making an API call, you may pass GetSigningCertificateRequest
|
5209
5230
|
# data as a hash:
|
@@ -5224,7 +5245,7 @@ module Aws::CognitoIdentityProvider
|
|
5224
5245
|
include Aws::Structure
|
5225
5246
|
end
|
5226
5247
|
|
5227
|
-
# Response from Cognito for a signing certificate request.
|
5248
|
+
# Response from Amazon Cognito for a signing certificate request.
|
5228
5249
|
#
|
5229
5250
|
# @!attribute [rw] certificate
|
5230
5251
|
# The signing certificate.
|
@@ -5316,19 +5337,18 @@ module Aws::CognitoIdentityProvider
|
|
5316
5337
|
# For more information, see [Customizing User Pool Workflows with
|
5317
5338
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
5318
5339
|
#
|
5319
|
-
# <note markdown="1">
|
5320
|
-
#
|
5340
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
5341
|
+
# Cognito won't do the following:
|
5321
5342
|
#
|
5322
|
-
# *
|
5323
|
-
#
|
5324
|
-
#
|
5325
|
-
#
|
5326
|
-
# purpose.
|
5343
|
+
# * Store the ClientMetadata value. This data is available only to
|
5344
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
5345
|
+
# workflows. If your user pool configuration doesn't include
|
5346
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
5327
5347
|
#
|
5328
|
-
# *
|
5348
|
+
# * Validate the ClientMetadata value.
|
5329
5349
|
#
|
5330
|
-
# *
|
5331
|
-
#
|
5350
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
5351
|
+
# provide sensitive information.
|
5332
5352
|
#
|
5333
5353
|
# </note>
|
5334
5354
|
#
|
@@ -5393,12 +5413,12 @@ module Aws::CognitoIdentityProvider
|
|
5393
5413
|
# @!attribute [rw] mfa_configuration
|
5394
5414
|
# The multi-factor (MFA) configuration. Valid values include:
|
5395
5415
|
#
|
5396
|
-
# * `OFF` MFA
|
5416
|
+
# * `OFF` MFA won't be used for any users.
|
5397
5417
|
#
|
5398
5418
|
# * `ON` MFA is required for all users to sign in.
|
5399
5419
|
#
|
5400
5420
|
# * `OPTIONAL` MFA will be required only for individual users who have
|
5401
|
-
# an MFA factor
|
5421
|
+
# an MFA factor activated.
|
5402
5422
|
# @return [String]
|
5403
5423
|
#
|
5404
5424
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserPoolMfaConfigResponse AWS API Documentation
|
@@ -5437,7 +5457,7 @@ module Aws::CognitoIdentityProvider
|
|
5437
5457
|
# information about the user.
|
5438
5458
|
#
|
5439
5459
|
# @!attribute [rw] username
|
5440
|
-
# The user name of the user you
|
5460
|
+
# The user name of the user you want to retrieve from the get user
|
5441
5461
|
# request.
|
5442
5462
|
# @return [String]
|
5443
5463
|
#
|
@@ -5451,9 +5471,9 @@ module Aws::CognitoIdentityProvider
|
|
5451
5471
|
# @!attribute [rw] mfa_options
|
5452
5472
|
# *This response parameter is no longer supported.* It provides
|
5453
5473
|
# information only about SMS MFA configurations. It doesn't provide
|
5454
|
-
# information about TOTP software token
|
5455
|
-
# information about either type of MFA
|
5456
|
-
# UserMFASettingList instead.
|
5474
|
+
# information about time-based one-time password (TOTP) software token
|
5475
|
+
# MFA configurations. To look up information about either type of MFA
|
5476
|
+
# configuration, use UserMFASettingList instead.
|
5457
5477
|
# @return [Array<Types::MFAOptionType>]
|
5458
5478
|
#
|
5459
5479
|
# @!attribute [rw] preferred_mfa_setting
|
@@ -5461,7 +5481,7 @@ module Aws::CognitoIdentityProvider
|
|
5461
5481
|
# @return [String]
|
5462
5482
|
#
|
5463
5483
|
# @!attribute [rw] user_mfa_setting_list
|
5464
|
-
# The MFA options that are
|
5484
|
+
# The MFA options that are activated for the user. The possible values
|
5465
5485
|
# in this list are `SMS_MFA` and `SOFTWARE_TOKEN_MFA`.
|
5466
5486
|
# @return [Array<String>]
|
5467
5487
|
#
|
@@ -5533,25 +5553,25 @@ module Aws::CognitoIdentityProvider
|
|
5533
5553
|
# @return [String]
|
5534
5554
|
#
|
5535
5555
|
# @!attribute [rw] role_arn
|
5536
|
-
# The role ARN for the group.
|
5556
|
+
# The role Amazon Resource Name (ARN) for the group.
|
5537
5557
|
# @return [String]
|
5538
5558
|
#
|
5539
5559
|
# @!attribute [rw] precedence
|
5540
|
-
# A
|
5560
|
+
# A non-negative integer value that specifies the precedence of this
|
5541
5561
|
# group relative to the other groups that a user can belong to in the
|
5542
|
-
# user pool.
|
5543
|
-
#
|
5544
|
-
# `
|
5545
|
-
#
|
5546
|
-
#
|
5547
|
-
#
|
5562
|
+
# user pool. Zero is the highest precedence value. Groups with lower
|
5563
|
+
# `Precedence` values take precedence over groups with higher ornull
|
5564
|
+
# `Precedence` values. If a user belongs to two or more groups, it is
|
5565
|
+
# the group with the lowest precedence value whose role ARN is given
|
5566
|
+
# in the user's tokens for the `cognito:roles` and
|
5567
|
+
# `cognito:preferred_role` claims.
|
5548
5568
|
#
|
5549
5569
|
# Two groups can have the same `Precedence` value. If this happens,
|
5550
5570
|
# neither group takes precedence over the other. If two groups with
|
5551
5571
|
# the same `Precedence` have the same role ARN, that role is used in
|
5552
5572
|
# the `cognito:preferred_role` claim in tokens for users in each
|
5553
5573
|
# group. If the two groups have different role ARNs, the
|
5554
|
-
# `cognito:preferred_role` claim
|
5574
|
+
# `cognito:preferred_role` claim isn't set in users' tokens.
|
5555
5575
|
#
|
5556
5576
|
# The default `Precedence` value is null.
|
5557
5577
|
# @return [Integer]
|
@@ -5589,7 +5609,7 @@ module Aws::CognitoIdentityProvider
|
|
5589
5609
|
# }
|
5590
5610
|
#
|
5591
5611
|
# @!attribute [rw] header_name
|
5592
|
-
# The header name
|
5612
|
+
# The header name.
|
5593
5613
|
# @return [String]
|
5594
5614
|
#
|
5595
5615
|
# @!attribute [rw] header_value
|
@@ -5677,9 +5697,12 @@ module Aws::CognitoIdentityProvider
|
|
5677
5697
|
# * jwks\_uri *if not available from discovery URL specified by
|
5678
5698
|
# oidc\_issuer key*
|
5679
5699
|
#
|
5700
|
+
# * attributes\_url\_add\_attributes *a read-only property that is
|
5701
|
+
# set automatically*
|
5702
|
+
#
|
5680
5703
|
# * For SAML providers:
|
5681
5704
|
#
|
5682
|
-
# * MetadataFile
|
5705
|
+
# * MetadataFile or MetadataURL
|
5683
5706
|
#
|
5684
5707
|
# * IDPSignOut *optional*
|
5685
5708
|
# @return [Hash<String,String>]
|
@@ -5739,17 +5762,17 @@ module Aws::CognitoIdentityProvider
|
|
5739
5762
|
# }
|
5740
5763
|
#
|
5741
5764
|
# @!attribute [rw] auth_flow
|
5742
|
-
# The authentication flow for this call to
|
5743
|
-
#
|
5765
|
+
# The authentication flow for this call to run. The API action will
|
5766
|
+
# depend on this value. For example:
|
5744
5767
|
#
|
5745
|
-
# * `REFRESH_TOKEN_AUTH`
|
5768
|
+
# * `REFRESH_TOKEN_AUTH` takes in a valid refresh token and returns
|
5746
5769
|
# new tokens.
|
5747
5770
|
#
|
5748
|
-
# * `USER_SRP_AUTH`
|
5771
|
+
# * `USER_SRP_AUTH` takes in `USERNAME` and `SRP_A` and returns the
|
5749
5772
|
# SRP variables to be used for next challenge execution.
|
5750
5773
|
#
|
5751
|
-
# * `USER_PASSWORD_AUTH`
|
5752
|
-
#
|
5774
|
+
# * `USER_PASSWORD_AUTH` takes in `USERNAME` and `PASSWORD` and
|
5775
|
+
# returns the next challenge or tokens.
|
5753
5776
|
#
|
5754
5777
|
# Valid values include:
|
5755
5778
|
#
|
@@ -5764,21 +5787,15 @@ module Aws::CognitoIdentityProvider
|
|
5764
5787
|
#
|
5765
5788
|
# * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
|
5766
5789
|
# PASSWORD are passed directly. If a user migration Lambda trigger
|
5767
|
-
# is set, this flow will invoke the user migration Lambda if
|
5768
|
-
#
|
5790
|
+
# is set, this flow will invoke the user migration Lambda if it
|
5791
|
+
# doesn't find the USERNAME in the user pool.
|
5769
5792
|
#
|
5770
|
-
#
|
5771
|
-
# authentication. This replaces the `ADMIN_NO_SRP_AUTH`
|
5772
|
-
# authentication flow. In this flow, Cognito receives the password
|
5773
|
-
# in the request instead of using the SRP process to verify
|
5774
|
-
# passwords.
|
5775
|
-
#
|
5776
|
-
# `ADMIN_NO_SRP_AUTH` is not a valid value.
|
5793
|
+
# `ADMIN_NO_SRP_AUTH` isn't a valid value.
|
5777
5794
|
# @return [String]
|
5778
5795
|
#
|
5779
5796
|
# @!attribute [rw] auth_parameters
|
5780
5797
|
# The authentication parameters. These are inputs corresponding to the
|
5781
|
-
# `AuthFlow` that you
|
5798
|
+
# `AuthFlow` that you're invoking. The required values depend on the
|
5782
5799
|
# value of `AuthFlow`\:
|
5783
5800
|
#
|
5784
5801
|
# * For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
|
@@ -5820,7 +5837,7 @@ module Aws::CognitoIdentityProvider
|
|
5820
5837
|
# specific needs.
|
5821
5838
|
#
|
5822
5839
|
# When you use the InitiateAuth API action, Amazon Cognito also
|
5823
|
-
# invokes the functions for the following triggers, but it
|
5840
|
+
# invokes the functions for the following triggers, but it doesn't
|
5824
5841
|
# provide the ClientMetadata value as input:
|
5825
5842
|
#
|
5826
5843
|
# * Post authentication
|
@@ -5838,19 +5855,18 @@ module Aws::CognitoIdentityProvider
|
|
5838
5855
|
# For more information, see [Customizing User Pool Workflows with
|
5839
5856
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
5840
5857
|
#
|
5841
|
-
# <note markdown="1">
|
5842
|
-
#
|
5858
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
5859
|
+
# Cognito won't do the following:
|
5843
5860
|
#
|
5844
|
-
# *
|
5845
|
-
#
|
5846
|
-
#
|
5847
|
-
#
|
5848
|
-
# purpose.
|
5861
|
+
# * Store the ClientMetadata value. This data is available only to
|
5862
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
5863
|
+
# workflows. If your user pool configuration doesn't include
|
5864
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
5849
5865
|
#
|
5850
|
-
# *
|
5866
|
+
# * Validate the ClientMetadata value.
|
5851
5867
|
#
|
5852
|
-
# *
|
5853
|
-
#
|
5868
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
5869
|
+
# provide sensitive information.
|
5854
5870
|
#
|
5855
5871
|
# </note>
|
5856
5872
|
#
|
@@ -5890,9 +5906,9 @@ module Aws::CognitoIdentityProvider
|
|
5890
5906
|
# Initiates the authentication response.
|
5891
5907
|
#
|
5892
5908
|
# @!attribute [rw] challenge_name
|
5893
|
-
# The name of the challenge
|
5894
|
-
#
|
5895
|
-
#
|
5909
|
+
# The name of the challenge that you're responding to with this call.
|
5910
|
+
# This name is returned in the `AdminInitiateAuth` response if you
|
5911
|
+
# must pass another challenge.
|
5896
5912
|
#
|
5897
5913
|
# Valid values include the following. Note that all of these
|
5898
5914
|
# challenges require `USERNAME` and `SECRET_HASH` (if applicable) in
|
@@ -5909,7 +5925,7 @@ module Aws::CognitoIdentityProvider
|
|
5909
5925
|
# authentication flow determines that the user should pass another
|
5910
5926
|
# challenge before tokens are issued.
|
5911
5927
|
#
|
5912
|
-
# * `DEVICE_SRP_AUTH`\: If device tracking was
|
5928
|
+
# * `DEVICE_SRP_AUTH`\: If device tracking was activated on your user
|
5913
5929
|
# pool and the previous challenges were passed, this challenge is
|
5914
5930
|
# returned so that Amazon Cognito can start tracking this device.
|
5915
5931
|
#
|
@@ -5922,40 +5938,41 @@ module Aws::CognitoIdentityProvider
|
|
5922
5938
|
# attributes.
|
5923
5939
|
#
|
5924
5940
|
# * `MFA_SETUP`\: For users who are required to setup an MFA factor
|
5925
|
-
# before they can sign
|
5941
|
+
# before they can sign in. The MFA types activated for the user pool
|
5926
5942
|
# will be listed in the challenge parameters `MFA_CAN_SETUP` value.
|
5927
5943
|
#
|
5928
|
-
# To
|
5929
|
-
# `InitiateAuth` as an input to `AssociateSoftwareToken
|
5930
|
-
#
|
5944
|
+
# To set up software token MFA, use the session returned here from
|
5945
|
+
# `InitiateAuth` as an input to `AssociateSoftwareToken`. Use the
|
5946
|
+
# session returned by `VerifySoftwareToken` as an input to
|
5931
5947
|
# `RespondToAuthChallenge` with challenge name `MFA_SETUP` to
|
5932
|
-
# complete sign-in. To
|
5933
|
-
#
|
5934
|
-
# `InitiateAuth` again to restart sign-in.
|
5948
|
+
# complete sign-in. To set up SMS MFA, an administrator should help
|
5949
|
+
# the user to add a phone number to their account, and then the user
|
5950
|
+
# should call `InitiateAuth` again to restart sign-in.
|
5935
5951
|
# @return [String]
|
5936
5952
|
#
|
5937
5953
|
# @!attribute [rw] session
|
5938
|
-
# The session
|
5939
|
-
#
|
5940
|
-
#
|
5941
|
-
#
|
5942
|
-
#
|
5954
|
+
# The session that should pass both ways in challenge-response calls
|
5955
|
+
# to the service. If the caller must pass another challenge, they
|
5956
|
+
# return a session with other challenge parameters. This session
|
5957
|
+
# should be passed as it is to the next `RespondToAuthChallenge` API
|
5958
|
+
# call.
|
5943
5959
|
# @return [String]
|
5944
5960
|
#
|
5945
5961
|
# @!attribute [rw] challenge_parameters
|
5946
|
-
# The challenge parameters. These are returned
|
5947
|
-
#
|
5948
|
-
#
|
5949
|
-
#
|
5962
|
+
# The challenge parameters. These are returned in the `InitiateAuth`
|
5963
|
+
# response if you must pass another challenge. The responses in this
|
5964
|
+
# parameter should be used to compute inputs to the next call
|
5965
|
+
# (`RespondToAuthChallenge`).
|
5950
5966
|
#
|
5951
5967
|
# All challenges require `USERNAME` and `SECRET_HASH` (if applicable).
|
5952
5968
|
# @return [Hash<String,String>]
|
5953
5969
|
#
|
5954
5970
|
# @!attribute [rw] authentication_result
|
5955
|
-
# The result of the authentication response. This is only
|
5956
|
-
# the caller
|
5957
|
-
# does need to pass another challenge before it gets
|
5958
|
-
# `ChallengeName`, `ChallengeParameters`, and `Session` are
|
5971
|
+
# The result of the authentication response. This result is only
|
5972
|
+
# returned if the caller doesn't need to pass another challenge. If
|
5973
|
+
# the caller does need to pass another challenge before it gets
|
5974
|
+
# tokens, `ChallengeName`, `ChallengeParameters`, and `Session` are
|
5975
|
+
# returned.
|
5959
5976
|
# @return [Types::AuthenticationResultType]
|
5960
5977
|
#
|
5961
5978
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InitiateAuthResponse AWS API Documentation
|
@@ -5985,12 +6002,12 @@ module Aws::CognitoIdentityProvider
|
|
5985
6002
|
include Aws::Structure
|
5986
6003
|
end
|
5987
6004
|
|
5988
|
-
# This exception is thrown when Amazon Cognito
|
6005
|
+
# This exception is thrown when Amazon Cognito isn't allowed to use
|
5989
6006
|
# your email identity. HTTP status code: 400.
|
5990
6007
|
#
|
5991
6008
|
# @!attribute [rw] message
|
5992
6009
|
# The message returned when you have an unverified email address or
|
5993
|
-
# the identity policy
|
6010
|
+
# the identity policy isn't set on an email address that Amazon
|
5994
6011
|
# Cognito can access.
|
5995
6012
|
# @return [String]
|
5996
6013
|
#
|
@@ -6002,12 +6019,12 @@ module Aws::CognitoIdentityProvider
|
|
6002
6019
|
include Aws::Structure
|
6003
6020
|
end
|
6004
6021
|
|
6005
|
-
# This exception is thrown when
|
6006
|
-
#
|
6022
|
+
# This exception is thrown when Amazon Cognito encounters an invalid
|
6023
|
+
# Lambda response.
|
6007
6024
|
#
|
6008
6025
|
# @!attribute [rw] message
|
6009
|
-
# The message returned when
|
6010
|
-
#
|
6026
|
+
# The message returned when Amazon Cognito hrows an invalid Lambda
|
6027
|
+
# response exception.
|
6011
6028
|
# @return [String]
|
6012
6029
|
#
|
6013
6030
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InvalidLambdaResponseException AWS API Documentation
|
@@ -6018,7 +6035,7 @@ module Aws::CognitoIdentityProvider
|
|
6018
6035
|
include Aws::Structure
|
6019
6036
|
end
|
6020
6037
|
|
6021
|
-
# This exception is thrown when the specified OAuth flow is
|
6038
|
+
# This exception is thrown when the specified OAuth flow is not valid.
|
6022
6039
|
#
|
6023
6040
|
# @!attribute [rw] message
|
6024
6041
|
# @return [String]
|
@@ -6047,12 +6064,12 @@ module Aws::CognitoIdentityProvider
|
|
6047
6064
|
include Aws::Structure
|
6048
6065
|
end
|
6049
6066
|
|
6050
|
-
# This exception is thrown when
|
6051
|
-
#
|
6067
|
+
# This exception is thrown when Amazon Cognito encounters an invalid
|
6068
|
+
# password.
|
6052
6069
|
#
|
6053
6070
|
# @!attribute [rw] message
|
6054
|
-
# The message returned when
|
6055
|
-
#
|
6071
|
+
# The message returned when Amazon Cognito throws an invalid user
|
6072
|
+
# password exception.
|
6056
6073
|
# @return [String]
|
6057
6074
|
#
|
6058
6075
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InvalidPasswordException AWS API Documentation
|
@@ -6064,10 +6081,10 @@ module Aws::CognitoIdentityProvider
|
|
6064
6081
|
end
|
6065
6082
|
|
6066
6083
|
# This exception is returned when the role provided for SMS
|
6067
|
-
# configuration
|
6084
|
+
# configuration doesn't have permission to publish using Amazon SNS.
|
6068
6085
|
#
|
6069
6086
|
# @!attribute [rw] message
|
6070
|
-
# The message
|
6087
|
+
# The message returned when the invalid SMS role access policy
|
6071
6088
|
# exception is thrown.
|
6072
6089
|
# @return [String]
|
6073
6090
|
#
|
@@ -6079,15 +6096,15 @@ module Aws::CognitoIdentityProvider
|
|
6079
6096
|
include Aws::Structure
|
6080
6097
|
end
|
6081
6098
|
|
6082
|
-
# This exception is thrown when the trust relationship is
|
6083
|
-
# the role provided for SMS configuration. This can happen if you
|
6099
|
+
# This exception is thrown when the trust relationship is not valid for
|
6100
|
+
# the role provided for SMS configuration. This can happen if you don't
|
6084
6101
|
# trust `cognito-idp.amazonaws.com` or the external ID provided in the
|
6085
6102
|
# role does not match what is provided in the SMS configuration for the
|
6086
6103
|
# user pool.
|
6087
6104
|
#
|
6088
6105
|
# @!attribute [rw] message
|
6089
6106
|
# The message returned when the role trust relationship for the SMS
|
6090
|
-
# message is
|
6107
|
+
# message is not valid.
|
6091
6108
|
# @return [String]
|
6092
6109
|
#
|
6093
6110
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InvalidSmsRoleTrustRelationshipException AWS API Documentation
|
@@ -6098,10 +6115,11 @@ module Aws::CognitoIdentityProvider
|
|
6098
6115
|
include Aws::Structure
|
6099
6116
|
end
|
6100
6117
|
|
6101
|
-
# This exception is thrown when the user pool configuration is
|
6118
|
+
# This exception is thrown when the user pool configuration is not
|
6119
|
+
# valid.
|
6102
6120
|
#
|
6103
6121
|
# @!attribute [rw] message
|
6104
|
-
# The message returned when the user pool configuration is
|
6122
|
+
# The message returned when the user pool configuration is not valid.
|
6105
6123
|
# @return [String]
|
6106
6124
|
#
|
6107
6125
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InvalidUserPoolConfigurationException AWS API Documentation
|
@@ -6188,8 +6206,8 @@ module Aws::CognitoIdentityProvider
|
|
6188
6206
|
# @return [Types::CustomEmailLambdaVersionConfigType]
|
6189
6207
|
#
|
6190
6208
|
# @!attribute [rw] kms_key_id
|
6191
|
-
# The Amazon Resource Name of
|
6192
|
-
#
|
6209
|
+
# The Amazon Resource Name (ARN) of an [KMS
|
6210
|
+
# key](/kms/latest/developerguide/concepts.html#master_keys). Amazon
|
6193
6211
|
# Cognito uses the key to encrypt codes and temporary passwords sent
|
6194
6212
|
# to `CustomEmailSender` and `CustomSMSSender`.
|
6195
6213
|
# @return [String]
|
@@ -6762,16 +6780,32 @@ module Aws::CognitoIdentityProvider
|
|
6762
6780
|
#
|
6763
6781
|
# * `sub`
|
6764
6782
|
#
|
6765
|
-
# Custom attributes
|
6783
|
+
# Custom attributes aren't searchable.
|
6784
|
+
#
|
6785
|
+
# <note markdown="1"> You can also list users with a client-side filter. The server-side
|
6786
|
+
# filter matches no more than 1 attribute. For an advanced search, use
|
6787
|
+
# a client-side filter with the `--query` parameter of the
|
6788
|
+
# `list-users` action in the CLI. When you use a client-side filter,
|
6789
|
+
# ListUsers returns a paginated list of zero or more users. You can
|
6790
|
+
# receive multiple pages in a row with zero results. Repeat the query
|
6791
|
+
# with each pagination token that is returned until you receive a null
|
6792
|
+
# pagination token value, and then review the combined result.
|
6793
|
+
#
|
6794
|
+
# For more information about server-side and client-side filtering,
|
6795
|
+
# see [FilteringCLI output][1] in the [Command Line Interface User
|
6796
|
+
# Guide][1].
|
6797
|
+
#
|
6798
|
+
# </note>
|
6766
6799
|
#
|
6767
6800
|
# For more information, see [Searching for Users Using the ListUsers
|
6768
|
-
# API][
|
6801
|
+
# API][2] and [Examples of Using the ListUsers API][3] in the *Amazon
|
6769
6802
|
# Cognito Developer Guide*.
|
6770
6803
|
#
|
6771
6804
|
#
|
6772
6805
|
#
|
6773
|
-
# [1]: https://docs.aws.amazon.com/
|
6774
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api
|
6806
|
+
# [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html
|
6807
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
|
6808
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
|
6775
6809
|
# @return [String]
|
6776
6810
|
#
|
6777
6811
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListUsersRequest AWS API Documentation
|
@@ -6807,7 +6841,7 @@ module Aws::CognitoIdentityProvider
|
|
6807
6841
|
include Aws::Structure
|
6808
6842
|
end
|
6809
6843
|
|
6810
|
-
# This exception is thrown when Amazon Cognito
|
6844
|
+
# This exception is thrown when Amazon Cognito can't find a
|
6811
6845
|
# multi-factor authentication (MFA) method.
|
6812
6846
|
#
|
6813
6847
|
# @!attribute [rw] message
|
@@ -6824,7 +6858,8 @@ module Aws::CognitoIdentityProvider
|
|
6824
6858
|
end
|
6825
6859
|
|
6826
6860
|
# *This data type is no longer supported.* You can use it only for SMS
|
6827
|
-
# MFA configurations. You can't use it
|
6861
|
+
# multi-factor authentication (MFA) configurations. You can't use it
|
6862
|
+
# for time-based one-time password (TOTP) software token MFA
|
6828
6863
|
# configurations.
|
6829
6864
|
#
|
6830
6865
|
# @note When making an API call, you may pass MFAOptionType
|
@@ -6916,7 +6951,7 @@ module Aws::CognitoIdentityProvider
|
|
6916
6951
|
include Aws::Structure
|
6917
6952
|
end
|
6918
6953
|
|
6919
|
-
# This exception is thrown when a user
|
6954
|
+
# This exception is thrown when a user isn't authorized.
|
6920
6955
|
#
|
6921
6956
|
# @!attribute [rw] message
|
6922
6957
|
# The message returned when the Amazon Cognito service returns a not
|
@@ -6958,9 +6993,9 @@ module Aws::CognitoIdentityProvider
|
|
6958
6993
|
# }
|
6959
6994
|
#
|
6960
6995
|
# @!attribute [rw] from
|
6961
|
-
# The email address that is sending the email.
|
6962
|
-
# individually verified with Amazon
|
6963
|
-
# been verified with Amazon SES.
|
6996
|
+
# The email address that is sending the email. The address must be
|
6997
|
+
# either individually verified with Amazon Simple Email Service, or
|
6998
|
+
# from a domain that has been verified with Amazon SES.
|
6964
6999
|
# @return [String]
|
6965
7000
|
#
|
6966
7001
|
# @!attribute [rw] reply_to
|
@@ -6969,8 +7004,9 @@ module Aws::CognitoIdentityProvider
|
|
6969
7004
|
#
|
6970
7005
|
# @!attribute [rw] source_arn
|
6971
7006
|
# The Amazon Resource Name (ARN) of the identity that is associated
|
6972
|
-
# with the sending authorization policy.
|
6973
|
-
# send for the email address specified in the `From`
|
7007
|
+
# with the sending authorization policy. This identity permits Amazon
|
7008
|
+
# Cognito to send for the email address specified in the `From`
|
7009
|
+
# parameter.
|
6974
7010
|
# @return [String]
|
6975
7011
|
#
|
6976
7012
|
# @!attribute [rw] block_email
|
@@ -6982,8 +7018,8 @@ module Aws::CognitoIdentityProvider
|
|
6982
7018
|
# @return [Types::NotifyEmailType]
|
6983
7019
|
#
|
6984
7020
|
# @!attribute [rw] mfa_email
|
6985
|
-
# The MFA email template used when MFA
|
6986
|
-
# detected risk.
|
7021
|
+
# The multi-factor authentication (MFA) email template used when MFA
|
7022
|
+
# is challenged as part of a detected risk.
|
6987
7023
|
# @return [Types::NotifyEmailType]
|
6988
7024
|
#
|
6989
7025
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/NotifyConfigurationType AWS API Documentation
|
@@ -7011,15 +7047,15 @@ module Aws::CognitoIdentityProvider
|
|
7011
7047
|
# }
|
7012
7048
|
#
|
7013
7049
|
# @!attribute [rw] subject
|
7014
|
-
# The subject.
|
7050
|
+
# The email subject.
|
7015
7051
|
# @return [String]
|
7016
7052
|
#
|
7017
7053
|
# @!attribute [rw] html_body
|
7018
|
-
# The HTML body.
|
7054
|
+
# The email HTML body.
|
7019
7055
|
# @return [String]
|
7020
7056
|
#
|
7021
7057
|
# @!attribute [rw] text_body
|
7022
|
-
# The text body.
|
7058
|
+
# The email text body.
|
7023
7059
|
# @return [String]
|
7024
7060
|
#
|
7025
7061
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/NotifyEmailType AWS API Documentation
|
@@ -7032,7 +7068,7 @@ module Aws::CognitoIdentityProvider
|
|
7032
7068
|
include Aws::Structure
|
7033
7069
|
end
|
7034
7070
|
|
7035
|
-
# The minimum and maximum
|
7071
|
+
# The minimum and maximum values of an attribute that is of the number
|
7036
7072
|
# data type.
|
7037
7073
|
#
|
7038
7074
|
# @note When making an API call, you may pass NumberAttributeConstraintsType
|
@@ -7075,8 +7111,8 @@ module Aws::CognitoIdentityProvider
|
|
7075
7111
|
# }
|
7076
7112
|
#
|
7077
7113
|
# @!attribute [rw] minimum_length
|
7078
|
-
# The minimum length of the password policy that you have set.
|
7079
|
-
# be less than 6.
|
7114
|
+
# The minimum length of the password in the policy that you have set.
|
7115
|
+
# This value can't be less than 6.
|
7080
7116
|
# @return [Integer]
|
7081
7117
|
#
|
7082
7118
|
# @!attribute [rw] require_uppercase
|
@@ -7102,13 +7138,13 @@ module Aws::CognitoIdentityProvider
|
|
7102
7138
|
# @return [Boolean]
|
7103
7139
|
#
|
7104
7140
|
# @!attribute [rw] temporary_password_validity_days
|
7105
|
-
#
|
7106
|
-
#
|
7107
|
-
#
|
7141
|
+
# The number of days a temporary password is valid in the password
|
7142
|
+
# policy. If the user doesn't sign in during this time, an
|
7143
|
+
# administrator must reset their password.
|
7108
7144
|
#
|
7109
7145
|
# <note markdown="1"> When you set `TemporaryPasswordValidityDays` for a user pool, you
|
7110
|
-
#
|
7111
|
-
#
|
7146
|
+
# can no longer set the deprecated `UnusedAccountValidityDays` value
|
7147
|
+
# for that user pool.
|
7112
7148
|
#
|
7113
7149
|
# </note>
|
7114
7150
|
# @return [Integer]
|
@@ -7196,17 +7232,16 @@ module Aws::CognitoIdentityProvider
|
|
7196
7232
|
# }
|
7197
7233
|
#
|
7198
7234
|
# @!attribute [rw] provider_name
|
7199
|
-
# The name of the provider,
|
7200
|
-
#
|
7235
|
+
# The name of the provider, such as Facebook, Google, or Login with
|
7236
|
+
# Amazon.
|
7201
7237
|
# @return [String]
|
7202
7238
|
#
|
7203
7239
|
# @!attribute [rw] provider_attribute_name
|
7204
|
-
# The name of the provider attribute to link to,
|
7205
|
-
# `NameID`.
|
7240
|
+
# The name of the provider attribute to link to, such as `NameID`.
|
7206
7241
|
# @return [String]
|
7207
7242
|
#
|
7208
7243
|
# @!attribute [rw] provider_attribute_value
|
7209
|
-
# The value of the provider attribute to link to,
|
7244
|
+
# The value of the provider attribute to link to, such as
|
7210
7245
|
# `xxxxx_account`.
|
7211
7246
|
# @return [String]
|
7212
7247
|
#
|
@@ -7237,7 +7272,7 @@ module Aws::CognitoIdentityProvider
|
|
7237
7272
|
# @return [Integer]
|
7238
7273
|
#
|
7239
7274
|
# @!attribute [rw] name
|
7240
|
-
#
|
7275
|
+
# The recovery method for a user.
|
7241
7276
|
# @return [String]
|
7242
7277
|
#
|
7243
7278
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RecoveryOptionType AWS API Documentation
|
@@ -7286,8 +7321,8 @@ module Aws::CognitoIdentityProvider
|
|
7286
7321
|
# @return [Types::UserContextDataType]
|
7287
7322
|
#
|
7288
7323
|
# @!attribute [rw] username
|
7289
|
-
# The
|
7290
|
-
# code.
|
7324
|
+
# The `username` attribute of the user to whom you want to resend a
|
7325
|
+
# confirmation code.
|
7291
7326
|
# @return [String]
|
7292
7327
|
#
|
7293
7328
|
# @!attribute [rw] analytics_metadata
|
@@ -7313,19 +7348,18 @@ module Aws::CognitoIdentityProvider
|
|
7313
7348
|
# For more information, see [Customizing User Pool Workflows with
|
7314
7349
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
7315
7350
|
#
|
7316
|
-
# <note markdown="1">
|
7317
|
-
#
|
7351
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
7352
|
+
# Cognito won't do the following:
|
7318
7353
|
#
|
7319
|
-
# *
|
7320
|
-
#
|
7321
|
-
#
|
7322
|
-
#
|
7323
|
-
# purpose.
|
7354
|
+
# * Store the ClientMetadata value. This data is available only to
|
7355
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
7356
|
+
# workflows. If your user pool configuration doesn't include
|
7357
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
7324
7358
|
#
|
7325
|
-
# *
|
7359
|
+
# * Validate the ClientMetadata value.
|
7326
7360
|
#
|
7327
|
-
# *
|
7328
|
-
#
|
7361
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
7362
|
+
# provide sensitive information.
|
7329
7363
|
#
|
7330
7364
|
# </note>
|
7331
7365
|
#
|
@@ -7347,8 +7381,8 @@ module Aws::CognitoIdentityProvider
|
|
7347
7381
|
include Aws::Structure
|
7348
7382
|
end
|
7349
7383
|
|
7350
|
-
# The response from the server when
|
7351
|
-
#
|
7384
|
+
# The response from the server when Amazon Cognito makes the request to
|
7385
|
+
# resend a confirmation code.
|
7352
7386
|
#
|
7353
7387
|
# @!attribute [rw] code_delivery_details
|
7354
7388
|
# The code delivery details returned by the server in response to the
|
@@ -7363,7 +7397,7 @@ module Aws::CognitoIdentityProvider
|
|
7363
7397
|
include Aws::Structure
|
7364
7398
|
end
|
7365
7399
|
|
7366
|
-
# This exception is thrown when the Amazon Cognito service
|
7400
|
+
# This exception is thrown when the Amazon Cognito service can't find
|
7367
7401
|
# the requested resource.
|
7368
7402
|
#
|
7369
7403
|
# @!attribute [rw] message
|
@@ -7465,7 +7499,7 @@ module Aws::CognitoIdentityProvider
|
|
7465
7499
|
# @!attribute [rw] challenge_name
|
7466
7500
|
# The challenge name. For more information, see [InitiateAuth][1].
|
7467
7501
|
#
|
7468
|
-
# `ADMIN_NO_SRP_AUTH`
|
7502
|
+
# `ADMIN_NO_SRP_AUTH` isn't a valid value.
|
7469
7503
|
#
|
7470
7504
|
#
|
7471
7505
|
#
|
@@ -7473,12 +7507,12 @@ module Aws::CognitoIdentityProvider
|
|
7473
7507
|
# @return [String]
|
7474
7508
|
#
|
7475
7509
|
# @!attribute [rw] session
|
7476
|
-
# The session
|
7510
|
+
# The session that should be passed both ways in challenge-response
|
7477
7511
|
# calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
|
7478
|
-
# API call determines that the caller
|
7479
|
-
#
|
7480
|
-
#
|
7481
|
-
#
|
7512
|
+
# API call determines that the caller must pass another challenge,
|
7513
|
+
# they return a session with other challenge parameters. This session
|
7514
|
+
# should be passed as it is to the next `RespondToAuthChallenge` API
|
7515
|
+
# call.
|
7482
7516
|
# @return [String]
|
7483
7517
|
#
|
7484
7518
|
# @!attribute [rw] challenge_responses
|
@@ -7486,7 +7520,8 @@ module Aws::CognitoIdentityProvider
|
|
7486
7520
|
# of `ChallengeName`, for example:
|
7487
7521
|
#
|
7488
7522
|
# <note markdown="1"> `SECRET_HASH` (if app client is configured with client secret)
|
7489
|
-
# applies to all inputs
|
7523
|
+
# applies to all of the inputs that follow (including
|
7524
|
+
# `SOFTWARE_TOKEN_MFA`).
|
7490
7525
|
#
|
7491
7526
|
# </note>
|
7492
7527
|
#
|
@@ -7495,6 +7530,11 @@ module Aws::CognitoIdentityProvider
|
|
7495
7530
|
# * `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
|
7496
7531
|
# `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`.
|
7497
7532
|
#
|
7533
|
+
# <note markdown="1"> `PASSWORD_VERIFIER` requires `DEVICE_KEY` when signing in with a
|
7534
|
+
# remembered device.
|
7535
|
+
#
|
7536
|
+
# </note>
|
7537
|
+
#
|
7498
7538
|
# * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
|
7499
7539
|
# attributes, `USERNAME`.
|
7500
7540
|
#
|
@@ -7505,9 +7545,9 @@ module Aws::CognitoIdentityProvider
|
|
7505
7545
|
# `SECRET_HASH`).
|
7506
7546
|
#
|
7507
7547
|
# * `DEVICE_PASSWORD_VERIFIER` requires everything that
|
7508
|
-
# `PASSWORD_VERIFIER` requires plus `DEVICE_KEY`.
|
7548
|
+
# `PASSWORD_VERIFIER` requires, plus `DEVICE_KEY`.
|
7509
7549
|
#
|
7510
|
-
# * `MFA_SETUP` requires `USERNAME`, plus you
|
7550
|
+
# * `MFA_SETUP` requires `USERNAME`, plus you must use the session
|
7511
7551
|
# value returned by `VerifySoftwareToken` in the `Session`
|
7512
7552
|
# parameter.
|
7513
7553
|
# @return [Hash<String,String>]
|
@@ -7543,19 +7583,18 @@ module Aws::CognitoIdentityProvider
|
|
7543
7583
|
# For more information, see [Customizing User Pool Workflows with
|
7544
7584
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
7545
7585
|
#
|
7546
|
-
# <note markdown="1">
|
7547
|
-
#
|
7586
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
7587
|
+
# Cognito won't do the following:
|
7548
7588
|
#
|
7549
|
-
# *
|
7550
|
-
#
|
7551
|
-
#
|
7552
|
-
#
|
7553
|
-
# purpose.
|
7589
|
+
# * Store the ClientMetadata value. This data is available only to
|
7590
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
7591
|
+
# workflows. If your user pool configuration doesn't include
|
7592
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
7554
7593
|
#
|
7555
|
-
# *
|
7594
|
+
# * Validate the ClientMetadata value.
|
7556
7595
|
#
|
7557
|
-
# *
|
7558
|
-
#
|
7596
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
7597
|
+
# provide sensitive information.
|
7559
7598
|
#
|
7560
7599
|
# </note>
|
7561
7600
|
#
|
@@ -7589,11 +7628,11 @@ module Aws::CognitoIdentityProvider
|
|
7589
7628
|
# @return [String]
|
7590
7629
|
#
|
7591
7630
|
# @!attribute [rw] session
|
7592
|
-
# The session
|
7593
|
-
# calls to the service. If the caller
|
7594
|
-
#
|
7595
|
-
#
|
7596
|
-
#
|
7631
|
+
# The session that should be passed both ways in challenge-response
|
7632
|
+
# calls to the service. If the caller must pass another challenge,
|
7633
|
+
# they return a session with other challenge parameters. This session
|
7634
|
+
# should be passed as it is to the next `RespondToAuthChallenge` API
|
7635
|
+
# call.
|
7597
7636
|
# @return [String]
|
7598
7637
|
#
|
7599
7638
|
# @!attribute [rw] challenge_parameters
|
@@ -7631,7 +7670,7 @@ module Aws::CognitoIdentityProvider
|
|
7631
7670
|
# }
|
7632
7671
|
#
|
7633
7672
|
# @!attribute [rw] token
|
7634
|
-
# The token that you want to revoke.
|
7673
|
+
# The refresh token that you want to revoke.
|
7635
7674
|
# @return [String]
|
7636
7675
|
#
|
7637
7676
|
# @!attribute [rw] client_id
|
@@ -7668,13 +7707,13 @@ module Aws::CognitoIdentityProvider
|
|
7668
7707
|
# @return [String]
|
7669
7708
|
#
|
7670
7709
|
# @!attribute [rw] compromised_credentials_risk_configuration
|
7671
|
-
# The compromised credentials risk configuration object including the
|
7672
|
-
# `EventFilter` and the `EventAction
|
7710
|
+
# The compromised credentials risk configuration object, including the
|
7711
|
+
# `EventFilter` and the `EventAction`.
|
7673
7712
|
# @return [Types::CompromisedCredentialsRiskConfigurationType]
|
7674
7713
|
#
|
7675
7714
|
# @!attribute [rw] account_takeover_risk_configuration
|
7676
|
-
# The account takeover risk configuration object including the
|
7677
|
-
# `NotifyConfiguration` object and `Actions` to take
|
7715
|
+
# The account takeover risk configuration object, including the
|
7716
|
+
# `NotifyConfiguration` object and `Actions` to take if there is an
|
7678
7717
|
# account takeover.
|
7679
7718
|
# @return [Types::AccountTakeoverRiskConfigurationType]
|
7680
7719
|
#
|
@@ -7711,12 +7750,12 @@ module Aws::CognitoIdentityProvider
|
|
7711
7750
|
#
|
7712
7751
|
# @!attribute [rw] blocked_ip_range_list
|
7713
7752
|
# Overrides the risk decision to always block the pre-authentication
|
7714
|
-
# requests. The IP range is in CIDR notation
|
7715
|
-
# of an IP address and its
|
7753
|
+
# requests. The IP range is in CIDR notation, a compact representation
|
7754
|
+
# of an IP address and its routing prefix.
|
7716
7755
|
# @return [Array<String>]
|
7717
7756
|
#
|
7718
7757
|
# @!attribute [rw] skipped_ip_range_list
|
7719
|
-
# Risk detection
|
7758
|
+
# Risk detection isn't performed on the IP addresses in this range
|
7720
7759
|
# list. The IP range is in CIDR notation.
|
7721
7760
|
# @return [Array<String>]
|
7722
7761
|
#
|
@@ -7729,13 +7768,14 @@ module Aws::CognitoIdentityProvider
|
|
7729
7768
|
include Aws::Structure
|
7730
7769
|
end
|
7731
7770
|
|
7732
|
-
# The type used for enabling SMS MFA at
|
7733
|
-
# don't need to be verified to be used
|
7734
|
-
#
|
7735
|
-
# in attempts, unless device tracking
|
7736
|
-
# been trusted. If you would like MFA to
|
7737
|
-
# the assessed risk level of sign
|
7738
|
-
# turn on Adaptive Authentication
|
7771
|
+
# The type used for enabling SMS multi-factor authentication (MFA) at
|
7772
|
+
# the user level. Phone numbers don't need to be verified to be used
|
7773
|
+
# for SMS MFA. If an MFA type is activated for a user, the user will be
|
7774
|
+
# prompted for MFA during all sign-in attempts, unless device tracking
|
7775
|
+
# is turned on and the device has been trusted. If you would like MFA to
|
7776
|
+
# be applied selectively based on the assessed risk level of sign-in
|
7777
|
+
# attempts, deactivate MFA for users and turn on Adaptive Authentication
|
7778
|
+
# for the user pool.
|
7739
7779
|
#
|
7740
7780
|
# @note When making an API call, you may pass SMSMfaSettingsType
|
7741
7781
|
# data as a hash:
|
@@ -7746,10 +7786,10 @@ module Aws::CognitoIdentityProvider
|
|
7746
7786
|
# }
|
7747
7787
|
#
|
7748
7788
|
# @!attribute [rw] enabled
|
7749
|
-
# Specifies whether SMS text message MFA is
|
7750
|
-
#
|
7751
|
-
# sign
|
7752
|
-
# has been trusted.
|
7789
|
+
# Specifies whether SMS text message MFA is activated. If an MFA type
|
7790
|
+
# is activated for a user, the user will be prompted for MFA during
|
7791
|
+
# all sign-in attempts, unless device tracking is turned on and the
|
7792
|
+
# device has been trusted.
|
7753
7793
|
# @return [Boolean]
|
7754
7794
|
#
|
7755
7795
|
# @!attribute [rw] preferred_mfa
|
@@ -7795,17 +7835,17 @@ module Aws::CognitoIdentityProvider
|
|
7795
7835
|
# @return [String]
|
7796
7836
|
#
|
7797
7837
|
# @!attribute [rw] developer_only_attribute
|
7798
|
-
# <note markdown="1">
|
7799
|
-
#
|
7800
|
-
#
|
7838
|
+
# <note markdown="1"> You should use [WriteAttributes][1] in the user pool client to
|
7839
|
+
# control how attributes can be mutated for new use cases instead of
|
7840
|
+
# using `DeveloperOnlyAttribute`.
|
7801
7841
|
#
|
7802
7842
|
# </note>
|
7803
7843
|
#
|
7804
7844
|
# Specifies whether the attribute type is developer only. This
|
7805
|
-
# attribute can only be modified by an administrator. Users
|
7806
|
-
#
|
7807
|
-
#
|
7808
|
-
# AdminUpdateUserAttributes but
|
7845
|
+
# attribute can only be modified by an administrator. Users won't be
|
7846
|
+
# able to modify this attribute using their access token. For example,
|
7847
|
+
# `DeveloperOnlyAttribute` can be modified using
|
7848
|
+
# AdminUpdateUserAttributes but can't be updated using
|
7809
7849
|
# UpdateUserAttributes.
|
7810
7850
|
#
|
7811
7851
|
#
|
@@ -7816,7 +7856,7 @@ module Aws::CognitoIdentityProvider
|
|
7816
7856
|
# @!attribute [rw] mutable
|
7817
7857
|
# Specifies whether the value of the attribute can be changed.
|
7818
7858
|
#
|
7819
|
-
# For any user pool attribute that
|
7859
|
+
# For any user pool attribute that is mapped to an identity provider
|
7820
7860
|
# attribute, you must set this parameter to `true`. Amazon Cognito
|
7821
7861
|
# updates mapped attributes when users sign in to your application
|
7822
7862
|
# through an identity provider. If an attribute is immutable, Amazon
|
@@ -7831,7 +7871,7 @@ module Aws::CognitoIdentityProvider
|
|
7831
7871
|
#
|
7832
7872
|
# @!attribute [rw] required
|
7833
7873
|
# Specifies whether a user pool attribute is required. If the
|
7834
|
-
# attribute is required and the user
|
7874
|
+
# attribute is required and the user doesn't provide a value,
|
7835
7875
|
# registration or sign-in will fail.
|
7836
7876
|
# @return [Boolean]
|
7837
7877
|
#
|
@@ -7857,7 +7897,7 @@ module Aws::CognitoIdentityProvider
|
|
7857
7897
|
include Aws::Structure
|
7858
7898
|
end
|
7859
7899
|
|
7860
|
-
# This exception is thrown when the specified scope
|
7900
|
+
# This exception is thrown when the specified scope doesn't exist.
|
7861
7901
|
#
|
7862
7902
|
# @!attribute [rw] message
|
7863
7903
|
# @return [String]
|
@@ -7934,8 +7974,8 @@ module Aws::CognitoIdentityProvider
|
|
7934
7974
|
# the same risk configuration is applied to all the clients in the
|
7935
7975
|
# userPool.
|
7936
7976
|
#
|
7937
|
-
# Otherwise, `ClientId` is mapped to the client. When the client ID
|
7938
|
-
#
|
7977
|
+
# Otherwise, `ClientId` is mapped to the client. When the client ID
|
7978
|
+
# isn't null, the user pool configuration is overridden and the risk
|
7939
7979
|
# configuration for the client is used instead.
|
7940
7980
|
# @return [String]
|
7941
7981
|
#
|
@@ -8096,18 +8136,18 @@ module Aws::CognitoIdentityProvider
|
|
8096
8136
|
# @return [Types::SoftwareTokenMfaConfigType]
|
8097
8137
|
#
|
8098
8138
|
# @!attribute [rw] mfa_configuration
|
8099
|
-
# The MFA configuration.
|
8100
|
-
#
|
8101
|
-
#
|
8102
|
-
# Pool](cognito/latest/developerguide/user-pool-settings-mfa.html)
|
8103
|
-
#
|
8139
|
+
# The MFA configuration. If you set the MfaConfiguration value to
|
8140
|
+
# ‘ON’, only users with an MFA factor set up can sign in. To learn
|
8141
|
+
# more, see [Adding Multi-Factor Authentication (MFA) to a User
|
8142
|
+
# Pool](cognito/latest/developerguide/user-pool-settings-mfa.html).
|
8143
|
+
# Valid values include:
|
8104
8144
|
#
|
8105
|
-
# * `OFF` MFA
|
8145
|
+
# * `OFF` MFA won't be used for any users.
|
8106
8146
|
#
|
8107
8147
|
# * `ON` MFA is required for all users to sign in.
|
8108
8148
|
#
|
8109
8149
|
# * `OPTIONAL` MFA will be required only for individual users who have
|
8110
|
-
# an MFA factor
|
8150
|
+
# an MFA factor activated.
|
8111
8151
|
# @return [String]
|
8112
8152
|
#
|
8113
8153
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserPoolMfaConfigRequest AWS API Documentation
|
@@ -8132,7 +8172,7 @@ module Aws::CognitoIdentityProvider
|
|
8132
8172
|
# @!attribute [rw] mfa_configuration
|
8133
8173
|
# The MFA configuration. Valid values include:
|
8134
8174
|
#
|
8135
|
-
# * `OFF` MFA
|
8175
|
+
# * `OFF` MFA won't be used for any users.
|
8136
8176
|
#
|
8137
8177
|
# * `ON` MFA is required for all users to sign in.
|
8138
8178
|
#
|
@@ -8233,11 +8273,11 @@ module Aws::CognitoIdentityProvider
|
|
8233
8273
|
# @return [String]
|
8234
8274
|
#
|
8235
8275
|
# @!attribute [rw] username
|
8236
|
-
# The user name of the user you
|
8276
|
+
# The user name of the user you want to register.
|
8237
8277
|
# @return [String]
|
8238
8278
|
#
|
8239
8279
|
# @!attribute [rw] password
|
8240
|
-
# The password of the user you
|
8280
|
+
# The password of the user you want to register.
|
8241
8281
|
# @return [String]
|
8242
8282
|
#
|
8243
8283
|
# @!attribute [rw] user_attributes
|
@@ -8280,19 +8320,18 @@ module Aws::CognitoIdentityProvider
|
|
8280
8320
|
# For more information, see [Customizing User Pool Workflows with
|
8281
8321
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
8282
8322
|
#
|
8283
|
-
# <note markdown="1">
|
8284
|
-
#
|
8323
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
8324
|
+
# Cognito won't do the following:
|
8285
8325
|
#
|
8286
|
-
# *
|
8287
|
-
#
|
8288
|
-
#
|
8289
|
-
#
|
8290
|
-
# purpose.
|
8326
|
+
# * Store the ClientMetadata value. This data is available only to
|
8327
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
8328
|
+
# workflows. If your user pool configuration doesn't include
|
8329
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
8291
8330
|
#
|
8292
|
-
# *
|
8331
|
+
# * Validate the ClientMetadata value.
|
8293
8332
|
#
|
8294
|
-
# *
|
8295
|
-
#
|
8333
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
8334
|
+
# provide sensitive information.
|
8296
8335
|
#
|
8297
8336
|
# </note>
|
8298
8337
|
#
|
@@ -8330,7 +8369,7 @@ module Aws::CognitoIdentityProvider
|
|
8330
8369
|
# @return [Types::CodeDeliveryDetailsType]
|
8331
8370
|
#
|
8332
8371
|
# @!attribute [rw] user_sub
|
8333
|
-
# The UUID of the authenticated user. This
|
8372
|
+
# The UUID of the authenticated user. This isn't the same as
|
8334
8373
|
# `username`.
|
8335
8374
|
# @return [String]
|
8336
8375
|
#
|
@@ -8344,11 +8383,12 @@ module Aws::CognitoIdentityProvider
|
|
8344
8383
|
include Aws::Structure
|
8345
8384
|
end
|
8346
8385
|
|
8347
|
-
# The SMS configuration type that includes the settings the
|
8348
|
-
# Pool
|
8349
|
-
#
|
8350
|
-
# Amazon
|
8351
|
-
#
|
8386
|
+
# The SMS configuration type that includes the settings the Amazon
|
8387
|
+
# Cognito User Pool must call for the Amazon Simple Notification Service
|
8388
|
+
# service to send an SMS message from your Amazon Web Services account.
|
8389
|
+
# The Amazon Cognito User Pool makes the request to the Amazon SNS
|
8390
|
+
# Service by using an Identity and Access Management role that you
|
8391
|
+
# provide for your Amazon Web Services account.
|
8352
8392
|
#
|
8353
8393
|
# @note When making an API call, you may pass SmsConfigurationType
|
8354
8394
|
# data as a hash:
|
@@ -8359,10 +8399,10 @@ module Aws::CognitoIdentityProvider
|
|
8359
8399
|
# }
|
8360
8400
|
#
|
8361
8401
|
# @!attribute [rw] sns_caller_arn
|
8362
|
-
# The Amazon Resource Name (ARN) of the Amazon
|
8363
|
-
#
|
8364
|
-
#
|
8365
|
-
#
|
8402
|
+
# The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the
|
8403
|
+
# ARN of the IAM role in your Amazon Web Services account that Amazon
|
8404
|
+
# Cognito will use to send SMS messages. SMS messages are subject to a
|
8405
|
+
# [spending limit][1].
|
8366
8406
|
#
|
8367
8407
|
#
|
8368
8408
|
#
|
@@ -8370,15 +8410,15 @@ module Aws::CognitoIdentityProvider
|
|
8370
8410
|
# @return [String]
|
8371
8411
|
#
|
8372
8412
|
# @!attribute [rw] external_id
|
8373
|
-
# The external ID is a value that
|
8374
|
-
#
|
8375
|
-
#
|
8413
|
+
# The external ID is a value that you should use to add security to
|
8414
|
+
# your IAM role that is used to call Amazon SNS to send SMS messages
|
8415
|
+
# for your user pool. If you provide an `ExternalId`, the Amazon
|
8376
8416
|
# Cognito User Pool will include it when attempting to assume your IAM
|
8377
|
-
# role
|
8378
|
-
# `ExternalID`. If you use the Cognito Management Console to
|
8379
|
-
# role for SMS MFA,
|
8380
|
-
#
|
8381
|
-
# `ExternalId`.
|
8417
|
+
# role so that you can set your roles trust policy to require the
|
8418
|
+
# `ExternalID`. If you use the Amazon Cognito Management Console to
|
8419
|
+
# create a role for SMS multi-factor authentication (MFA), Amazon
|
8420
|
+
# Cognito will create a role with the required permissions and a trust
|
8421
|
+
# policy that demonstrates use of the `ExternalId`.
|
8382
8422
|
#
|
8383
8423
|
# For more information about the `ExternalId` of a role, see [How to
|
8384
8424
|
# use an external ID when granting access to your Amazon Web Services
|
@@ -8414,9 +8454,9 @@ module Aws::CognitoIdentityProvider
|
|
8414
8454
|
#
|
8415
8455
|
# @!attribute [rw] sms_authentication_message
|
8416
8456
|
# The SMS authentication message that will be sent to users with the
|
8417
|
-
# code they
|
8418
|
-
#
|
8419
|
-
#
|
8457
|
+
# code they must sign in. The message must contain the ‘\\\{####\\}’
|
8458
|
+
# placeholder, which is replaced with the code. If the message isn't
|
8459
|
+
# included, and default message will be used.
|
8420
8460
|
# @return [String]
|
8421
8461
|
#
|
8422
8462
|
# @!attribute [rw] sms_configuration
|
@@ -8432,8 +8472,9 @@ module Aws::CognitoIdentityProvider
|
|
8432
8472
|
include Aws::Structure
|
8433
8473
|
end
|
8434
8474
|
|
8435
|
-
# This exception is thrown when the software token
|
8436
|
-
# authentication (MFA)
|
8475
|
+
# This exception is thrown when the software token time-based one-time
|
8476
|
+
# password (TOTP) multi-factor authentication (MFA) isn't activated for
|
8477
|
+
# the user pool.
|
8437
8478
|
#
|
8438
8479
|
# @!attribute [rw] message
|
8439
8480
|
# @return [String]
|
@@ -8456,7 +8497,7 @@ module Aws::CognitoIdentityProvider
|
|
8456
8497
|
# }
|
8457
8498
|
#
|
8458
8499
|
# @!attribute [rw] enabled
|
8459
|
-
# Specifies whether software token MFA is
|
8500
|
+
# Specifies whether software token MFA is activated.
|
8460
8501
|
# @return [Boolean]
|
8461
8502
|
#
|
8462
8503
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SoftwareTokenMfaConfigType AWS API Documentation
|
@@ -8468,12 +8509,11 @@ module Aws::CognitoIdentityProvider
|
|
8468
8509
|
end
|
8469
8510
|
|
8470
8511
|
# The type used for enabling software token MFA at the user level. If an
|
8471
|
-
# MFA type is
|
8472
|
-
# during all sign
|
8473
|
-
# the device has been trusted. If you
|
8474
|
-
#
|
8475
|
-
#
|
8476
|
-
# pool.
|
8512
|
+
# MFA type is activated for a user, the user will be prompted for MFA
|
8513
|
+
# during all sign-in attempts, unless device tracking is turned on and
|
8514
|
+
# the device has been trusted. If you want MFA to be applied selectively
|
8515
|
+
# based on the assessed risk level of sign-in attempts, deactivate MFA
|
8516
|
+
# for users and turn on Adaptive Authentication for the user pool.
|
8477
8517
|
#
|
8478
8518
|
# @note When making an API call, you may pass SoftwareTokenMfaSettingsType
|
8479
8519
|
# data as a hash:
|
@@ -8484,9 +8524,9 @@ module Aws::CognitoIdentityProvider
|
|
8484
8524
|
# }
|
8485
8525
|
#
|
8486
8526
|
# @!attribute [rw] enabled
|
8487
|
-
# Specifies whether software token MFA is
|
8488
|
-
#
|
8489
|
-
# sign
|
8527
|
+
# Specifies whether software token MFA is activated. If an MFA type is
|
8528
|
+
# activated for a user, the user will be prompted for MFA during all
|
8529
|
+
# sign-in attempts, unless device tracking is turned on and the device
|
8490
8530
|
# has been trusted.
|
8491
8531
|
# @return [Boolean]
|
8492
8532
|
#
|
@@ -8661,18 +8701,18 @@ module Aws::CognitoIdentityProvider
|
|
8661
8701
|
# }
|
8662
8702
|
#
|
8663
8703
|
# @!attribute [rw] access_token
|
8664
|
-
# A time unit in “seconds”, “minutes”, “hours
|
8665
|
-
# in AccessTokenValidity,
|
8704
|
+
# A time unit in “seconds”, “minutes”, “hours”, or “days” for the
|
8705
|
+
# value in AccessTokenValidity, defaulting to hours.
|
8666
8706
|
# @return [String]
|
8667
8707
|
#
|
8668
8708
|
# @!attribute [rw] id_token
|
8669
|
-
# A time unit in “seconds”, “minutes”, “hours
|
8670
|
-
# in IdTokenValidity,
|
8709
|
+
# A time unit in “seconds”, “minutes”, “hours”, or “days” for the
|
8710
|
+
# value in IdTokenValidity, defaulting to hours.
|
8671
8711
|
# @return [String]
|
8672
8712
|
#
|
8673
8713
|
# @!attribute [rw] refresh_token
|
8674
|
-
# A time unit in “seconds”, “minutes”, “hours
|
8675
|
-
# in RefreshTokenValidity,
|
8714
|
+
# A time unit in “seconds”, “minutes”, “hours”, or “days” for the
|
8715
|
+
# value in RefreshTokenValidity, defaulting to days.
|
8676
8716
|
# @return [String]
|
8677
8717
|
#
|
8678
8718
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TokenValidityUnitsType AWS API Documentation
|
@@ -8686,11 +8726,11 @@ module Aws::CognitoIdentityProvider
|
|
8686
8726
|
end
|
8687
8727
|
|
8688
8728
|
# This exception is thrown when the user has made too many failed
|
8689
|
-
# attempts for a given action
|
8729
|
+
# attempts for a given action, such as sign-in.
|
8690
8730
|
#
|
8691
8731
|
# @!attribute [rw] message
|
8692
|
-
# The message returned when
|
8693
|
-
#
|
8732
|
+
# The message returned when Amazon Cognito returns a
|
8733
|
+
# `TooManyFailedAttempts` exception.
|
8694
8734
|
# @return [String]
|
8695
8735
|
#
|
8696
8736
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TooManyFailedAttemptsException AWS API Documentation
|
@@ -8762,7 +8802,7 @@ module Aws::CognitoIdentityProvider
|
|
8762
8802
|
include Aws::Structure
|
8763
8803
|
end
|
8764
8804
|
|
8765
|
-
#
|
8805
|
+
# Exception that is thrown when the request isn't authorized. This can
|
8766
8806
|
# happen due to an invalid access token in the request.
|
8767
8807
|
#
|
8768
8808
|
# @!attribute [rw] message
|
@@ -8776,12 +8816,12 @@ module Aws::CognitoIdentityProvider
|
|
8776
8816
|
include Aws::Structure
|
8777
8817
|
end
|
8778
8818
|
|
8779
|
-
# This exception is thrown when
|
8780
|
-
#
|
8819
|
+
# This exception is thrown when Amazon Cognito encounters an unexpected
|
8820
|
+
# exception with Lambda.
|
8781
8821
|
#
|
8782
8822
|
# @!attribute [rw] message
|
8783
|
-
# The message returned when
|
8784
|
-
#
|
8823
|
+
# The message returned when Amazon Cognito returns an unexpected
|
8824
|
+
# Lambda exception.
|
8785
8825
|
# @return [String]
|
8786
8826
|
#
|
8787
8827
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UnexpectedLambdaException AWS API Documentation
|
@@ -8792,7 +8832,7 @@ module Aws::CognitoIdentityProvider
|
|
8792
8832
|
include Aws::Structure
|
8793
8833
|
end
|
8794
8834
|
|
8795
|
-
# This exception is thrown when the specified identifier
|
8835
|
+
# This exception is thrown when the specified identifier isn't
|
8796
8836
|
# supported.
|
8797
8837
|
#
|
8798
8838
|
# @!attribute [rw] message
|
@@ -8806,8 +8846,8 @@ module Aws::CognitoIdentityProvider
|
|
8806
8846
|
include Aws::Structure
|
8807
8847
|
end
|
8808
8848
|
|
8809
|
-
#
|
8810
|
-
#
|
8849
|
+
# Exception that is thrown when you attempt to perform an operation that
|
8850
|
+
# isn't enabled for the user pool client.
|
8811
8851
|
#
|
8812
8852
|
# @!attribute [rw] message
|
8813
8853
|
# @return [String]
|
@@ -8820,7 +8860,7 @@ module Aws::CognitoIdentityProvider
|
|
8820
8860
|
include Aws::Structure
|
8821
8861
|
end
|
8822
8862
|
|
8823
|
-
#
|
8863
|
+
# Exception that is thrown when an unsupported token is passed to an
|
8824
8864
|
# operation.
|
8825
8865
|
#
|
8826
8866
|
# @!attribute [rw] message
|
@@ -8988,8 +9028,9 @@ module Aws::CognitoIdentityProvider
|
|
8988
9028
|
# @return [String]
|
8989
9029
|
#
|
8990
9030
|
# @!attribute [rw] role_arn
|
8991
|
-
# The new role ARN for the group. This is used
|
8992
|
-
# `cognito:roles` and `cognito:preferred_role` claims
|
9031
|
+
# The new role Amazon Resource Name (ARN) for the group. This is used
|
9032
|
+
# for setting the `cognito:roles` and `cognito:preferred_role` claims
|
9033
|
+
# in the token.
|
8993
9034
|
# @return [String]
|
8994
9035
|
#
|
8995
9036
|
# @!attribute [rw] precedence
|
@@ -9170,7 +9211,7 @@ module Aws::CognitoIdentityProvider
|
|
9170
9211
|
#
|
9171
9212
|
# @!attribute [rw] client_metadata
|
9172
9213
|
# A map of custom key-value pairs that you can provide as input for
|
9173
|
-
# any custom workflows that this action
|
9214
|
+
# any custom workflows that this action initiates.
|
9174
9215
|
#
|
9175
9216
|
# You create custom workflows by assigning Lambda functions to user
|
9176
9217
|
# pool triggers. When you use the UpdateUserAttributes API action,
|
@@ -9186,19 +9227,18 @@ module Aws::CognitoIdentityProvider
|
|
9186
9227
|
# For more information, see [Customizing User Pool Workflows with
|
9187
9228
|
# Lambda Triggers][1] in the *Amazon Cognito Developer Guide*.
|
9188
9229
|
#
|
9189
|
-
# <note markdown="1">
|
9190
|
-
#
|
9230
|
+
# <note markdown="1"> When you use the ClientMetadata parameter, remember that Amazon
|
9231
|
+
# Cognito won't do the following:
|
9191
9232
|
#
|
9192
|
-
# *
|
9193
|
-
#
|
9194
|
-
#
|
9195
|
-
#
|
9196
|
-
# purpose.
|
9233
|
+
# * Store the ClientMetadata value. This data is available only to
|
9234
|
+
# Lambda triggers that are assigned to a user pool to support custom
|
9235
|
+
# workflows. If your user pool configuration doesn't include
|
9236
|
+
# triggers, the ClientMetadata parameter serves no purpose.
|
9197
9237
|
#
|
9198
|
-
# *
|
9238
|
+
# * Validate the ClientMetadata value.
|
9199
9239
|
#
|
9200
|
-
# *
|
9201
|
-
#
|
9240
|
+
# * Encrypt the ClientMetadata value. Don't use Amazon Cognito to
|
9241
|
+
# provide sensitive information.
|
9202
9242
|
#
|
9203
9243
|
# </note>
|
9204
9244
|
#
|
@@ -9286,23 +9326,22 @@ module Aws::CognitoIdentityProvider
|
|
9286
9326
|
#
|
9287
9327
|
# @!attribute [rw] refresh_token_validity
|
9288
9328
|
# The time limit, in days, after which the refresh token is no longer
|
9289
|
-
# valid and
|
9329
|
+
# valid and can't be used.
|
9290
9330
|
# @return [Integer]
|
9291
9331
|
#
|
9292
9332
|
# @!attribute [rw] access_token_validity
|
9293
|
-
# The time limit
|
9294
|
-
#
|
9333
|
+
# The time limit after which the access token is no longer valid and
|
9334
|
+
# can't be used.
|
9295
9335
|
# @return [Integer]
|
9296
9336
|
#
|
9297
9337
|
# @!attribute [rw] id_token_validity
|
9298
|
-
# The time limit
|
9299
|
-
#
|
9338
|
+
# The time limit after which the ID token is no longer valid and
|
9339
|
+
# can't be used.
|
9300
9340
|
# @return [Integer]
|
9301
9341
|
#
|
9302
9342
|
# @!attribute [rw] token_validity_units
|
9303
|
-
# The units in which the validity times are represented
|
9304
|
-
#
|
9305
|
-
# hours.
|
9343
|
+
# The units in which the validity times are represented. Default for
|
9344
|
+
# RefreshToken is days, and default for ID and access tokens is hours.
|
9306
9345
|
# @return [Types::TokenValidityUnitsType]
|
9307
9346
|
#
|
9308
9347
|
# @!attribute [rw] read_attributes
|
@@ -9315,27 +9354,28 @@ module Aws::CognitoIdentityProvider
|
|
9315
9354
|
#
|
9316
9355
|
# @!attribute [rw] explicit_auth_flows
|
9317
9356
|
# The authentication flows that are supported by the user pool
|
9318
|
-
# clients. Flow names without the `ALLOW_` prefix are
|
9319
|
-
# favor of new names with the `ALLOW_` prefix. Note that
|
9320
|
-
# `ALLOW_` prefix
|
9321
|
-
# prefix.
|
9357
|
+
# clients. Flow names without the `ALLOW_` prefix are no longer
|
9358
|
+
# supported in favor of new names with the `ALLOW_` prefix. Note that
|
9359
|
+
# values with `ALLOW_` prefix must be used only along with values with
|
9360
|
+
# the `ALLOW_` prefix.
|
9322
9361
|
#
|
9323
9362
|
# Valid values include:
|
9324
9363
|
#
|
9325
9364
|
# * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user
|
9326
9365
|
# password authentication flow `ADMIN_USER_PASSWORD_AUTH`. This
|
9327
9366
|
# setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this
|
9328
|
-
# authentication flow, Cognito receives the password in the
|
9329
|
-
# instead of using the
|
9330
|
-
#
|
9367
|
+
# authentication flow, Amazon Cognito receives the password in the
|
9368
|
+
# request instead of using the Secure Remote Password (SRP) protocol
|
9369
|
+
# to verify passwords.
|
9331
9370
|
#
|
9332
9371
|
# * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
|
9333
9372
|
#
|
9334
9373
|
# * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
|
9335
|
-
# authentication. In this flow, Cognito receives the password
|
9336
|
-
# request instead of using the SRP protocol to verify
|
9374
|
+
# authentication. In this flow, Amazon Cognito receives the password
|
9375
|
+
# in the request instead of using the SRP protocol to verify
|
9376
|
+
# passwords.
|
9337
9377
|
#
|
9338
|
-
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP
|
9378
|
+
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
|
9339
9379
|
#
|
9340
9380
|
# * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
|
9341
9381
|
# @return [Array<String>]
|
@@ -9362,7 +9402,7 @@ module Aws::CognitoIdentityProvider
|
|
9362
9402
|
# Amazon Cognito requires HTTPS over HTTP except for http://localhost
|
9363
9403
|
# for testing purposes only.
|
9364
9404
|
#
|
9365
|
-
# App callback URLs such as myapp://example are also supported.
|
9405
|
+
# App callback URLs such as `myapp://example` are also supported.
|
9366
9406
|
#
|
9367
9407
|
#
|
9368
9408
|
#
|
@@ -9386,10 +9426,10 @@ module Aws::CognitoIdentityProvider
|
|
9386
9426
|
#
|
9387
9427
|
# See [OAuth 2.0 - Redirection Endpoint][1].
|
9388
9428
|
#
|
9389
|
-
# Amazon Cognito requires HTTPS over HTTP except for
|
9390
|
-
# for testing purposes only.
|
9429
|
+
# Amazon Cognito requires HTTPS over HTTP except for
|
9430
|
+
# `http://localhost` for testing purposes only.
|
9391
9431
|
#
|
9392
|
-
# App callback URLs such as myapp://example are also supported.
|
9432
|
+
# App callback URLs such as `myapp://example` are also supported.
|
9393
9433
|
#
|
9394
9434
|
#
|
9395
9435
|
#
|
@@ -9420,49 +9460,44 @@ module Aws::CognitoIdentityProvider
|
|
9420
9460
|
#
|
9421
9461
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
9422
9462
|
# Set to true if the client is allowed to follow the OAuth protocol
|
9423
|
-
# when interacting with Cognito user pools.
|
9463
|
+
# when interacting with Amazon Cognito user pools.
|
9424
9464
|
# @return [Boolean]
|
9425
9465
|
#
|
9426
9466
|
# @!attribute [rw] analytics_configuration
|
9427
9467
|
# The Amazon Pinpoint analytics configuration for collecting metrics
|
9428
9468
|
# for this user pool.
|
9429
9469
|
#
|
9430
|
-
# <note markdown="1"> In
|
9431
|
-
# supports sending events to Amazon Pinpoint projects in
|
9432
|
-
#
|
9433
|
-
# sending events to Amazon Pinpoint projects within that same
|
9470
|
+
# <note markdown="1"> In Amazon Web Services Regions where isn't available, User Pools
|
9471
|
+
# only supports sending events to Amazon Pinpoint projects in
|
9472
|
+
# us-east-1. In Regions where Pinpoint is available, User Pools will
|
9473
|
+
# support sending events to Amazon Pinpoint projects within that same
|
9474
|
+
# Region.
|
9434
9475
|
#
|
9435
9476
|
# </note>
|
9436
9477
|
# @return [Types::AnalyticsConfigurationType]
|
9437
9478
|
#
|
9438
9479
|
# @!attribute [rw] prevent_user_existence_errors
|
9439
|
-
#
|
9440
|
-
#
|
9441
|
-
#
|
9442
|
-
#
|
9443
|
-
#
|
9444
|
-
#
|
9445
|
-
#
|
9446
|
-
#
|
9447
|
-
#
|
9480
|
+
# Errors and responses that you want Amazon Cognito APIs to return
|
9481
|
+
# during authentication, account confirmation, and password recovery
|
9482
|
+
# when the user doesn't exist in the user pool. When set to `ENABLED`
|
9483
|
+
# and the user doesn't exist, authentication returns an error
|
9484
|
+
# indicating either the username or password was incorrect. Account
|
9485
|
+
# confirmation and password recovery return a response indicating a
|
9486
|
+
# code was sent to a simulated destination. When set to `LEGACY`,
|
9487
|
+
# those APIs return a `UserNotFoundException` exception if the user
|
9488
|
+
# doesn't exist in the user pool.
|
9448
9489
|
#
|
9449
9490
|
# Valid values include:
|
9450
9491
|
#
|
9451
9492
|
# * `ENABLED` - This prevents user existence-related errors.
|
9452
9493
|
#
|
9453
|
-
# * `LEGACY` - This represents the
|
9454
|
-
# existence related errors
|
9455
|
-
#
|
9456
|
-
# <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
|
9457
|
-
# will default to `ENABLED` for newly created user pool clients if no
|
9458
|
-
# value is provided.
|
9459
|
-
#
|
9460
|
-
# </note>
|
9494
|
+
# * `LEGACY` - This represents the early behavior of Amazon Cognito
|
9495
|
+
# where user existence related errors aren't prevented.
|
9461
9496
|
# @return [String]
|
9462
9497
|
#
|
9463
9498
|
# @!attribute [rw] enable_token_revocation
|
9464
|
-
#
|
9465
|
-
# revoking tokens, see [RevokeToken][1].
|
9499
|
+
# Activates or deactivates token revocation. For more information
|
9500
|
+
# about revoking tokens, see [RevokeToken][1].
|
9466
9501
|
#
|
9467
9502
|
#
|
9468
9503
|
#
|
@@ -9500,8 +9535,8 @@ module Aws::CognitoIdentityProvider
|
|
9500
9535
|
# user pool client.
|
9501
9536
|
#
|
9502
9537
|
# @!attribute [rw] user_pool_client
|
9503
|
-
# The user pool client value from the response from the server when
|
9504
|
-
# update user pool client
|
9538
|
+
# The user pool client value from the response from the server when
|
9539
|
+
# you request to update the user pool client.
|
9505
9540
|
# @return [Types::UserPoolClientType]
|
9506
9541
|
#
|
9507
9542
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClientResponse AWS API Documentation
|
@@ -9527,16 +9562,17 @@ module Aws::CognitoIdentityProvider
|
|
9527
9562
|
#
|
9528
9563
|
# @!attribute [rw] domain
|
9529
9564
|
# The domain name for the custom domain that hosts the sign-up and
|
9530
|
-
# sign-in pages for your application.
|
9565
|
+
# sign-in pages for your application. One example might be
|
9566
|
+
# `auth.example.com`.
|
9531
9567
|
#
|
9532
9568
|
# This string can include only lowercase letters, numbers, and
|
9533
|
-
# hyphens.
|
9569
|
+
# hyphens. Don't use a hyphen for the first or last character. Use
|
9534
9570
|
# periods to separate subdomain names.
|
9535
9571
|
# @return [String]
|
9536
9572
|
#
|
9537
9573
|
# @!attribute [rw] user_pool_id
|
9538
9574
|
# The ID of the user pool that is associated with the custom domain
|
9539
|
-
#
|
9575
|
+
# whose certificate you're updating.
|
9540
9576
|
# @return [String]
|
9541
9577
|
#
|
9542
9578
|
# @!attribute [rw] custom_domain_config
|
@@ -9667,7 +9703,7 @@ module Aws::CognitoIdentityProvider
|
|
9667
9703
|
# @return [String]
|
9668
9704
|
#
|
9669
9705
|
# @!attribute [rw] policies
|
9670
|
-
# A container with the policies you
|
9706
|
+
# A container with the policies you want to update in a user pool.
|
9671
9707
|
# @return [Types::UserPoolPolicyType]
|
9672
9708
|
#
|
9673
9709
|
# @!attribute [rw] lambda_config
|
@@ -9676,8 +9712,8 @@ module Aws::CognitoIdentityProvider
|
|
9676
9712
|
# @return [Types::LambdaConfigType]
|
9677
9713
|
#
|
9678
9714
|
# @!attribute [rw] auto_verified_attributes
|
9679
|
-
# The attributes that are automatically verified when
|
9680
|
-
#
|
9715
|
+
# The attributes that are automatically verified when Amazon Cognito
|
9716
|
+
# requests to update user pools.
|
9681
9717
|
# @return [Array<String>]
|
9682
9718
|
#
|
9683
9719
|
# @!attribute [rw] sms_verification_message
|
@@ -9703,11 +9739,11 @@ module Aws::CognitoIdentityProvider
|
|
9703
9739
|
# @!attribute [rw] mfa_configuration
|
9704
9740
|
# Can be one of the following values:
|
9705
9741
|
#
|
9706
|
-
# * `OFF` - MFA tokens
|
9742
|
+
# * `OFF` - MFA tokens aren't required and can't be specified during
|
9707
9743
|
# user registration.
|
9708
9744
|
#
|
9709
9745
|
# * `ON` - MFA tokens are required for all user registrations. You can
|
9710
|
-
# only specify ON when you
|
9746
|
+
# only specify ON when you're initially creating a user pool. You
|
9711
9747
|
# can use the [SetUserPoolMfaConfig][1] API operation to turn MFA
|
9712
9748
|
# "ON" for existing user pools.
|
9713
9749
|
#
|
@@ -9742,19 +9778,19 @@ module Aws::CognitoIdentityProvider
|
|
9742
9778
|
# @return [Types::AdminCreateUserConfigType]
|
9743
9779
|
#
|
9744
9780
|
# @!attribute [rw] user_pool_add_ons
|
9745
|
-
#
|
9781
|
+
# Enables advanced security risk detection. Set the key
|
9746
9782
|
# `AdvancedSecurityMode` to the value "AUDIT".
|
9747
9783
|
# @return [Types::UserPoolAddOnsType]
|
9748
9784
|
#
|
9749
9785
|
# @!attribute [rw] account_recovery_setting
|
9750
|
-
#
|
9751
|
-
#
|
9752
|
-
#
|
9753
|
-
#
|
9754
|
-
#
|
9755
|
-
#
|
9756
|
-
#
|
9757
|
-
#
|
9786
|
+
# The available verified method a user can use to recover their
|
9787
|
+
# password when they call `ForgotPassword`. You can use this setting
|
9788
|
+
# to define a preferred method when a user has more than one method
|
9789
|
+
# available. With this setting, SMS doesn't qualify for a valid
|
9790
|
+
# password recovery mechanism if the user also has SMS multi-factor
|
9791
|
+
# authentication (MFA) activated. In the absence of this setting,
|
9792
|
+
# Amazon Cognito uses the legacy behavior to determine the recovery
|
9793
|
+
# method where SMS is preferred through email.
|
9758
9794
|
# @return [Types::AccountRecoverySettingType]
|
9759
9795
|
#
|
9760
9796
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolRequest AWS API Documentation
|
@@ -9788,9 +9824,9 @@ module Aws::CognitoIdentityProvider
|
|
9788
9824
|
#
|
9789
9825
|
class UpdateUserPoolResponse < Aws::EmptyStructure; end
|
9790
9826
|
|
9791
|
-
# Contextual data such as the user's device fingerprint, IP address,
|
9792
|
-
# location used for evaluating the risk of an unexpected event by
|
9793
|
-
# Cognito advanced security.
|
9827
|
+
# Contextual data, such as the user's device fingerprint, IP address,
|
9828
|
+
# or location, used for evaluating the risk of an unexpected event by
|
9829
|
+
# Amazon Cognito advanced security.
|
9794
9830
|
#
|
9795
9831
|
# @note When making an API call, you may pass UserContextDataType
|
9796
9832
|
# data as a hash:
|
@@ -9800,8 +9836,8 @@ module Aws::CognitoIdentityProvider
|
|
9800
9836
|
# }
|
9801
9837
|
#
|
9802
9838
|
# @!attribute [rw] encoded_data
|
9803
|
-
# Contextual data such as the user's device fingerprint, IP address,
|
9804
|
-
# or location used for evaluating the risk of an unexpected event by
|
9839
|
+
# Contextual data, such as the user's device fingerprint, IP address,
|
9840
|
+
# or location, used for evaluating the risk of an unexpected event by
|
9805
9841
|
# Amazon Cognito advanced security.
|
9806
9842
|
# @return [String]
|
9807
9843
|
#
|
@@ -9813,7 +9849,7 @@ module Aws::CognitoIdentityProvider
|
|
9813
9849
|
include Aws::Structure
|
9814
9850
|
end
|
9815
9851
|
|
9816
|
-
# This exception is thrown when you
|
9852
|
+
# This exception is thrown when you're trying to modify a user pool
|
9817
9853
|
# while a user import job is in progress for that pool.
|
9818
9854
|
#
|
9819
9855
|
# @!attribute [rw] message
|
@@ -9881,13 +9917,14 @@ module Aws::CognitoIdentityProvider
|
|
9881
9917
|
#
|
9882
9918
|
# * `Expired` - You created a job, but did not start the job within
|
9883
9919
|
# 24-48 hours. All data associated with the job was deleted, and the
|
9884
|
-
# job
|
9920
|
+
# job can't be started.
|
9885
9921
|
# @return [String]
|
9886
9922
|
#
|
9887
9923
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
9888
|
-
# The role ARN for the Amazon CloudWatch
|
9889
|
-
# import job. For more information, see
|
9890
|
-
# IAM Role" in the Amazon Cognito
|
9924
|
+
# The role Amazon Resource Name (ARN) for the Amazon CloudWatch
|
9925
|
+
# Logging role for the user import job. For more information, see
|
9926
|
+
# "Creating the CloudWatch Logs IAM Role" in the Amazon Cognito
|
9927
|
+
# Developer Guide.
|
9891
9928
|
# @return [String]
|
9892
9929
|
#
|
9893
9930
|
# @!attribute [rw] imported_users
|
@@ -9899,7 +9936,7 @@ module Aws::CognitoIdentityProvider
|
|
9899
9936
|
# @return [Integer]
|
9900
9937
|
#
|
9901
9938
|
# @!attribute [rw] failed_users
|
9902
|
-
# The number of users that
|
9939
|
+
# The number of users that couldn't be imported.
|
9903
9940
|
# @return [Integer]
|
9904
9941
|
#
|
9905
9942
|
# @!attribute [rw] completion_message
|
@@ -9942,10 +9979,10 @@ module Aws::CognitoIdentityProvider
|
|
9942
9979
|
include Aws::Structure
|
9943
9980
|
end
|
9944
9981
|
|
9945
|
-
# This exception is thrown when a user
|
9982
|
+
# This exception is thrown when a user isn't confirmed successfully.
|
9946
9983
|
#
|
9947
9984
|
# @!attribute [rw] message
|
9948
|
-
# The message returned when a user
|
9985
|
+
# The message returned when a user isn't confirmed successfully.
|
9949
9986
|
# @return [String]
|
9950
9987
|
#
|
9951
9988
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserNotConfirmedException AWS API Documentation
|
@@ -9956,10 +9993,10 @@ module Aws::CognitoIdentityProvider
|
|
9956
9993
|
include Aws::Structure
|
9957
9994
|
end
|
9958
9995
|
|
9959
|
-
# This exception is thrown when a user
|
9996
|
+
# This exception is thrown when a user isn't found.
|
9960
9997
|
#
|
9961
9998
|
# @!attribute [rw] message
|
9962
|
-
# The message returned when a user
|
9999
|
+
# The message returned when a user isn't found.
|
9963
10000
|
# @return [String]
|
9964
10001
|
#
|
9965
10002
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserNotFoundException AWS API Documentation
|
@@ -9970,7 +10007,7 @@ module Aws::CognitoIdentityProvider
|
|
9970
10007
|
include Aws::Structure
|
9971
10008
|
end
|
9972
10009
|
|
9973
|
-
# This exception is thrown when user pool add-ons
|
10010
|
+
# This exception is thrown when user pool add-ons aren't enabled.
|
9974
10011
|
#
|
9975
10012
|
# @!attribute [rw] message
|
9976
10013
|
# @return [String]
|
@@ -10057,19 +10094,18 @@ module Aws::CognitoIdentityProvider
|
|
10057
10094
|
#
|
10058
10095
|
# @!attribute [rw] refresh_token_validity
|
10059
10096
|
# The time limit, in days, after which the refresh token is no longer
|
10060
|
-
# valid and
|
10097
|
+
# valid and can't be used.
|
10061
10098
|
# @return [Integer]
|
10062
10099
|
#
|
10063
10100
|
# @!attribute [rw] access_token_validity
|
10064
10101
|
# The time limit, specified by tokenValidityUnits, defaulting to
|
10065
|
-
# hours, after which the access token is no longer valid and
|
10102
|
+
# hours, after which the access token is no longer valid and can't be
|
10066
10103
|
# used.
|
10067
10104
|
# @return [Integer]
|
10068
10105
|
#
|
10069
10106
|
# @!attribute [rw] id_token_validity
|
10070
|
-
# The time limit
|
10071
|
-
#
|
10072
|
-
# be used.
|
10107
|
+
# The time limit specified by tokenValidityUnits, defaulting to hours,
|
10108
|
+
# after which the refresh token is no longer valid and can't be used.
|
10073
10109
|
# @return [Integer]
|
10074
10110
|
#
|
10075
10111
|
# @!attribute [rw] token_validity_units
|
@@ -10087,27 +10123,28 @@ module Aws::CognitoIdentityProvider
|
|
10087
10123
|
#
|
10088
10124
|
# @!attribute [rw] explicit_auth_flows
|
10089
10125
|
# The authentication flows that are supported by the user pool
|
10090
|
-
# clients. Flow names without the `ALLOW_` prefix are
|
10091
|
-
# favor of new names with the `ALLOW_` prefix. Note that
|
10092
|
-
# `ALLOW_` prefix
|
10093
|
-
# prefix.
|
10126
|
+
# clients. Flow names without the `ALLOW_` prefix are no longer
|
10127
|
+
# supported in favor of new names with the `ALLOW_` prefix. Note that
|
10128
|
+
# values with `ALLOW_` prefix must be used only along with values
|
10129
|
+
# including the `ALLOW_` prefix.
|
10094
10130
|
#
|
10095
10131
|
# Valid values include:
|
10096
10132
|
#
|
10097
10133
|
# * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user
|
10098
10134
|
# password authentication flow `ADMIN_USER_PASSWORD_AUTH`. This
|
10099
10135
|
# setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this
|
10100
|
-
# authentication flow, Cognito receives the password in the
|
10101
|
-
# instead of using the
|
10102
|
-
#
|
10136
|
+
# authentication flow, Amazon Cognito receives the password in the
|
10137
|
+
# request instead of using the Secure Remote Password (SRP) protocol
|
10138
|
+
# to verify passwords.
|
10103
10139
|
#
|
10104
10140
|
# * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
|
10105
10141
|
#
|
10106
10142
|
# * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
|
10107
|
-
# authentication. In this flow, Cognito receives the password
|
10108
|
-
# request instead of using the SRP protocol to verify
|
10143
|
+
# authentication. In this flow, Amazon Cognito receives the password
|
10144
|
+
# in the request instead of using the SRP protocol to verify
|
10145
|
+
# passwords.
|
10109
10146
|
#
|
10110
|
-
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP
|
10147
|
+
# * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
|
10111
10148
|
#
|
10112
10149
|
# * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
|
10113
10150
|
# @return [Array<String>]
|
@@ -10192,50 +10229,44 @@ module Aws::CognitoIdentityProvider
|
|
10192
10229
|
#
|
10193
10230
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
10194
10231
|
# Set to true if the client is allowed to follow the OAuth protocol
|
10195
|
-
# when interacting with Cognito user pools.
|
10232
|
+
# when interacting with Amazon Cognito user pools.
|
10196
10233
|
# @return [Boolean]
|
10197
10234
|
#
|
10198
10235
|
# @!attribute [rw] analytics_configuration
|
10199
10236
|
# The Amazon Pinpoint analytics configuration for the user pool
|
10200
10237
|
# client.
|
10201
10238
|
#
|
10202
|
-
# <note markdown="1"> Cognito User Pools only supports sending events to Amazon
|
10203
|
-
# projects in the US East (N. Virginia) us-east-1 Region,
|
10204
|
-
# of the
|
10239
|
+
# <note markdown="1"> Amazon Cognito User Pools only supports sending events to Amazon
|
10240
|
+
# Pinpoint projects in the US East (N. Virginia) us-east-1 Region,
|
10241
|
+
# regardless of the Region in which the user pool resides.
|
10205
10242
|
#
|
10206
10243
|
# </note>
|
10207
10244
|
# @return [Types::AnalyticsConfigurationType]
|
10208
10245
|
#
|
10209
10246
|
# @!attribute [rw] prevent_user_existence_errors
|
10210
|
-
#
|
10211
|
-
#
|
10212
|
-
#
|
10213
|
-
#
|
10214
|
-
#
|
10215
|
-
#
|
10216
|
-
#
|
10217
|
-
#
|
10218
|
-
#
|
10247
|
+
# Errors and responses that you want Amazon Cognito APIs to return
|
10248
|
+
# during authentication, account confirmation, and password recovery
|
10249
|
+
# when the user doesn't exist in the user pool. When set to `ENABLED`
|
10250
|
+
# and the user doesn't exist, authentication returns an error
|
10251
|
+
# indicating either the username or password was incorrect. Account
|
10252
|
+
# confirmation and password recovery return a response indicating a
|
10253
|
+
# code was sent to a simulated destination. When set to `LEGACY`,
|
10254
|
+
# those APIs return a `UserNotFoundException` exception if the user
|
10255
|
+
# doesn't exist in the user pool.
|
10219
10256
|
#
|
10220
10257
|
# Valid values include:
|
10221
10258
|
#
|
10222
10259
|
# * `ENABLED` - This prevents user existence-related errors.
|
10223
10260
|
#
|
10224
10261
|
# * `LEGACY` - This represents the old behavior of Cognito where user
|
10225
|
-
# existence related errors
|
10226
|
-
#
|
10227
|
-
# <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
|
10228
|
-
# will default to `ENABLED` for newly created user pool clients if no
|
10229
|
-
# value is provided.
|
10230
|
-
#
|
10231
|
-
# </note>
|
10262
|
+
# existence related errors aren't prevented.
|
10232
10263
|
# @return [String]
|
10233
10264
|
#
|
10234
10265
|
# @!attribute [rw] enable_token_revocation
|
10235
|
-
# Indicates whether token revocation is
|
10266
|
+
# Indicates whether token revocation is activated for the user pool
|
10236
10267
|
# client. When you create a new user pool client, token revocation is
|
10237
|
-
#
|
10238
|
-
# [RevokeToken][1].
|
10268
|
+
# activated by default. For more information about revoking tokens,
|
10269
|
+
# see [RevokeToken][1].
|
10239
10270
|
#
|
10240
10271
|
#
|
10241
10272
|
#
|
@@ -10339,7 +10370,7 @@ module Aws::CognitoIdentityProvider
|
|
10339
10370
|
include Aws::Structure
|
10340
10371
|
end
|
10341
10372
|
|
10342
|
-
# This exception is thrown when a user pool tag
|
10373
|
+
# This exception is thrown when a user pool tag can't be set or
|
10343
10374
|
# updated.
|
10344
10375
|
#
|
10345
10376
|
# @!attribute [rw] message
|
@@ -10388,16 +10419,16 @@ module Aws::CognitoIdentityProvider
|
|
10388
10419
|
# @return [Array<Types::SchemaAttributeType>]
|
10389
10420
|
#
|
10390
10421
|
# @!attribute [rw] auto_verified_attributes
|
10391
|
-
#
|
10422
|
+
# The attributes that are auto-verified in a user pool.
|
10392
10423
|
# @return [Array<String>]
|
10393
10424
|
#
|
10394
10425
|
# @!attribute [rw] alias_attributes
|
10395
|
-
#
|
10426
|
+
# The attributes that are aliased in a user pool.
|
10396
10427
|
# @return [Array<String>]
|
10397
10428
|
#
|
10398
10429
|
# @!attribute [rw] username_attributes
|
10399
|
-
# Specifies whether email
|
10400
|
-
#
|
10430
|
+
# Specifies whether a user can use an email address or phone number as
|
10431
|
+
# a username when they sign up.
|
10401
10432
|
# @return [Array<String>]
|
10402
10433
|
#
|
10403
10434
|
# @!attribute [rw] sms_verification_message
|
@@ -10423,11 +10454,11 @@ module Aws::CognitoIdentityProvider
|
|
10423
10454
|
# @!attribute [rw] mfa_configuration
|
10424
10455
|
# Can be one of the following values:
|
10425
10456
|
#
|
10426
|
-
# * `OFF` - MFA tokens
|
10457
|
+
# * `OFF` - MFA tokens aren't required and can't be specified during
|
10427
10458
|
# user registration.
|
10428
10459
|
#
|
10429
10460
|
# * `ON` - MFA tokens are required for all user registrations. You can
|
10430
|
-
# only specify required when you
|
10461
|
+
# only specify required when you're initially creating a user pool.
|
10431
10462
|
#
|
10432
10463
|
# * `OPTIONAL` - Users have the option when registering to create an
|
10433
10464
|
# MFA token.
|
@@ -10457,21 +10488,23 @@ module Aws::CognitoIdentityProvider
|
|
10457
10488
|
# @return [Hash<String,String>]
|
10458
10489
|
#
|
10459
10490
|
# @!attribute [rw] sms_configuration_failure
|
10460
|
-
# The reason why the SMS configuration
|
10491
|
+
# The reason why the SMS configuration can't send the messages to
|
10461
10492
|
# your users.
|
10462
10493
|
#
|
10463
10494
|
# This message might include comma-separated values to describe why
|
10464
10495
|
# your SMS configuration can't send messages to user pool end users.
|
10465
10496
|
#
|
10466
|
-
# * InvalidSmsRoleAccessPolicyException - The
|
10467
|
-
# uses to send SMS messages
|
10468
|
-
# information, see
|
10497
|
+
# * InvalidSmsRoleAccessPolicyException - The Identity and Access
|
10498
|
+
# Management role that Amazon Cognito uses to send SMS messages
|
10499
|
+
# isn't properly configured. For more information, see
|
10500
|
+
# [SmsConfigurationType][1].
|
10469
10501
|
#
|
10470
|
-
# * SNSSandbox - The account is in SNS Sandbox and
|
10471
|
-
# reach
|
10472
|
-
# with SNSSandbox if the IAM user creating the user
|
10473
|
-
# have SNS permissions. To learn how to move your
|
10474
|
-
# sandbox, see [Moving out of
|
10502
|
+
# * SNSSandbox - The Amazon Web Services account is in SNS Sandbox and
|
10503
|
+
# messages will only reach verified end users. This parameter won’t
|
10504
|
+
# get populated with SNSSandbox if the IAM user creating the user
|
10505
|
+
# pool doesn’t have SNS permissions. To learn how to move your
|
10506
|
+
# Amazon Web Services account out of the sandbox, see [Moving out of
|
10507
|
+
# the SMS sandbox][2].
|
10475
10508
|
#
|
10476
10509
|
#
|
10477
10510
|
#
|
@@ -10480,20 +10513,19 @@ module Aws::CognitoIdentityProvider
|
|
10480
10513
|
# @return [String]
|
10481
10514
|
#
|
10482
10515
|
# @!attribute [rw] email_configuration_failure
|
10483
|
-
# The reason why the email configuration
|
10516
|
+
# The reason why the email configuration can't send the messages to
|
10484
10517
|
# your users.
|
10485
10518
|
# @return [String]
|
10486
10519
|
#
|
10487
10520
|
# @!attribute [rw] domain
|
10488
|
-
#
|
10489
|
-
# with it.
|
10521
|
+
# The domain prefix, if the user pool has a domain associated with it.
|
10490
10522
|
# @return [String]
|
10491
10523
|
#
|
10492
10524
|
# @!attribute [rw] custom_domain
|
10493
10525
|
# A custom domain name that you provide to Amazon Cognito. This
|
10494
10526
|
# parameter applies only if you use a custom domain to host the
|
10495
|
-
# sign-up and sign-in pages for your application.
|
10496
|
-
# `auth.example.com`.
|
10527
|
+
# sign-up and sign-in pages for your application. An example of a
|
10528
|
+
# custom domain name might be `auth.example.com`.
|
10497
10529
|
#
|
10498
10530
|
# For more information about adding a custom domain to your user pool,
|
10499
10531
|
# see [Using Your Own Domain for the Hosted UI][1].
|
@@ -10512,11 +10544,11 @@ module Aws::CognitoIdentityProvider
|
|
10512
10544
|
# @return [Types::UserPoolAddOnsType]
|
10513
10545
|
#
|
10514
10546
|
# @!attribute [rw] username_configuration
|
10515
|
-
#
|
10516
|
-
#
|
10517
|
-
#
|
10518
|
-
#
|
10519
|
-
#
|
10547
|
+
# Case sensitivity of the username input for the selected sign-in
|
10548
|
+
# option. For example, when case sensitivity is set to `False`, users
|
10549
|
+
# can sign in using either "username" or "Username". This
|
10550
|
+
# configuration is immutable once it has been set. For more
|
10551
|
+
# information, see [UsernameConfigurationType][1].
|
10520
10552
|
#
|
10521
10553
|
#
|
10522
10554
|
#
|
@@ -10528,14 +10560,14 @@ module Aws::CognitoIdentityProvider
|
|
10528
10560
|
# @return [String]
|
10529
10561
|
#
|
10530
10562
|
# @!attribute [rw] account_recovery_setting
|
10531
|
-
#
|
10532
|
-
#
|
10533
|
-
#
|
10534
|
-
#
|
10535
|
-
#
|
10536
|
-
#
|
10537
|
-
#
|
10538
|
-
#
|
10563
|
+
# The available verified method a user can use to recover their
|
10564
|
+
# password when they call `ForgotPassword`. You can use this setting
|
10565
|
+
# to define a preferred method when a user has more than one method
|
10566
|
+
# available. With this setting, SMS doesn't qualify for a valid
|
10567
|
+
# password recovery mechanism if the user also has SMS multi-factor
|
10568
|
+
# authentication (MFA) activated. In the absence of this setting,
|
10569
|
+
# Amazon Cognito uses the legacy behavior to determine the recovery
|
10570
|
+
# method where SMS is preferred through email.
|
10539
10571
|
# @return [Types::AccountRecoverySettingType]
|
10540
10572
|
#
|
10541
10573
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolType AWS API Documentation
|
@@ -10579,7 +10611,7 @@ module Aws::CognitoIdentityProvider
|
|
10579
10611
|
# The user type.
|
10580
10612
|
#
|
10581
10613
|
# @!attribute [rw] username
|
10582
|
-
# The user name of the user you
|
10614
|
+
# The user name of the user you want to describe.
|
10583
10615
|
# @return [String]
|
10584
10616
|
#
|
10585
10617
|
# @!attribute [rw] attributes
|
@@ -10599,7 +10631,7 @@ module Aws::CognitoIdentityProvider
|
|
10599
10631
|
# @return [Boolean]
|
10600
10632
|
#
|
10601
10633
|
# @!attribute [rw] user_status
|
10602
|
-
# The user status.
|
10634
|
+
# The user status. This can be one of the following:
|
10603
10635
|
#
|
10604
10636
|
# * UNCONFIRMED - User has been created but not confirmed.
|
10605
10637
|
#
|
@@ -10609,15 +10641,15 @@ module Aws::CognitoIdentityProvider
|
|
10609
10641
|
#
|
10610
10642
|
# * COMPROMISED - User is disabled due to a potential security threat.
|
10611
10643
|
#
|
10612
|
-
# * UNKNOWN - User status
|
10644
|
+
# * UNKNOWN - User status isn't known.
|
10613
10645
|
#
|
10614
10646
|
# * RESET\_REQUIRED - User is confirmed, but the user must request a
|
10615
|
-
# code and reset
|
10647
|
+
# code and reset their password before they can sign in.
|
10616
10648
|
#
|
10617
10649
|
# * FORCE\_CHANGE\_PASSWORD - The user is confirmed and the user can
|
10618
10650
|
# sign in using a temporary password, but on first sign-in, the user
|
10619
|
-
# must change
|
10620
|
-
#
|
10651
|
+
# must change their password to a new value before doing anything
|
10652
|
+
# else.
|
10621
10653
|
# @return [String]
|
10622
10654
|
#
|
10623
10655
|
# @!attribute [rw] mfa_options
|
@@ -10649,21 +10681,20 @@ module Aws::CognitoIdentityProvider
|
|
10649
10681
|
#
|
10650
10682
|
# @!attribute [rw] case_sensitive
|
10651
10683
|
# Specifies whether username case sensitivity will be applied for all
|
10652
|
-
# users in the user pool through Cognito APIs.
|
10684
|
+
# users in the user pool through Amazon Cognito APIs.
|
10653
10685
|
#
|
10654
10686
|
# Valid values include:
|
10655
10687
|
#
|
10656
10688
|
# * <b> <code>True</code> </b>\: Enables case sensitivity for all
|
10657
10689
|
# username input. When this option is set to `True`, users must sign
|
10658
|
-
# in using the exact capitalization of their given username
|
10659
|
-
#
|
10690
|
+
# in using the exact capitalization of their given username, such as
|
10691
|
+
# “UserName”. This is the default value.
|
10660
10692
|
#
|
10661
10693
|
# * <b> <code>False</code> </b>\: Enables case insensitivity for all
|
10662
10694
|
# username input. For example, when this option is set to `False`,
|
10663
|
-
# users
|
10664
|
-
#
|
10665
|
-
#
|
10666
|
-
# `username` attribute.
|
10695
|
+
# users can sign in using either "username" or "Username". This
|
10696
|
+
# option also enables both `preferred_username` and `email` alias to
|
10697
|
+
# be case insensitive, in addition to the `username` attribute.
|
10667
10698
|
# @return [Boolean]
|
10668
10699
|
#
|
10669
10700
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UsernameConfigurationType AWS API Documentation
|
@@ -10778,13 +10809,13 @@ module Aws::CognitoIdentityProvider
|
|
10778
10809
|
# @return [String]
|
10779
10810
|
#
|
10780
10811
|
# @!attribute [rw] session
|
10781
|
-
# The session
|
10812
|
+
# The session that should be passed both ways in challenge-response
|
10782
10813
|
# calls to the service.
|
10783
10814
|
# @return [String]
|
10784
10815
|
#
|
10785
10816
|
# @!attribute [rw] user_code
|
10786
|
-
# The one time password computed using the secret code returned by
|
10787
|
-
# [AssociateSoftwareToken
|
10817
|
+
# The one- time password computed using the secret code returned by
|
10818
|
+
# [AssociateSoftwareToken][1].
|
10788
10819
|
#
|
10789
10820
|
#
|
10790
10821
|
#
|
@@ -10811,7 +10842,7 @@ module Aws::CognitoIdentityProvider
|
|
10811
10842
|
# @return [String]
|
10812
10843
|
#
|
10813
10844
|
# @!attribute [rw] session
|
10814
|
-
# The session
|
10845
|
+
# The session that should be passed both ways in challenge-response
|
10815
10846
|
# calls to the service.
|
10816
10847
|
# @return [String]
|
10817
10848
|
#
|
@@ -10836,8 +10867,7 @@ module Aws::CognitoIdentityProvider
|
|
10836
10867
|
# }
|
10837
10868
|
#
|
10838
10869
|
# @!attribute [rw] access_token
|
10839
|
-
#
|
10840
|
-
# attributes.
|
10870
|
+
# The access token of the request to verify user attributes.
|
10841
10871
|
# @return [String]
|
10842
10872
|
#
|
10843
10873
|
# @!attribute [rw] attribute_name
|