aws-sdk-cognitoidentityprovider 1.66.0 → 1.69.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 222aac64f4eed68afada8159643dcfcc46ecb036a71fd6babde3aa7fe6fd2265
-  data.tar.gz: fce9b8e9f33f66c1d04d8f42dbf5d3bd7d577ec4ecbb684ec986659f457bf1b6
+  metadata.gz: 3b0c1b613846b2cdb2ea2fee658581c78c8789b0df7ced9d753fabeccb7c4af3
+  data.tar.gz: abf38571520a1bcc81ee854f42e974ec1674295c211dcc3a52becf2063caa085
 SHA512:
-  metadata.gz: f2eb8646cdc7dff95a6b45c692ca225fbddfa1a2d75e89406444e9a61c329784bc922b6c8ebb053a92c72b82c1d43b43cc1d246b9b7b5fd75b609d4b08407a3c
-  data.tar.gz: 189cda1a984127d8261e32ceaae7b9e5a07bd368c2ffbc2593d9c271d77407c0e7bf9eee5cbb0494a8936995e543a53f89d9098a787ace324c59bd0648722f67
+  metadata.gz: 9b14e79d8a9a0de573aa119daef864172f8f7b107e380b8efb4d43a9a97a7e05cbc57e776bfe88cf59dd9e705bce00c26437fe8191d3aaf18c662d73d2053918
+  data.tar.gz: 0ea7ea807c66af61286903e2df84da3d59a95fbaf0be9c5cd6db53b020f7a89a1e81f7f942048b9d476d2882572769ccf123807123f9c570b3d8edd8f0cac712

data/CHANGELOG.md

@@ -1,6 +1,21 @@
 Unreleased Changes
 ------------------
 
+1.69.0 (2022-08-18)
+------------------
+
+* Feature - This change is being made simply to fix the public documentation based on the models. We have included the PasswordChange and ResendCode events, along with the Pass, Fail and InProgress status. We have removed the Success and Failure status which are never returned by our APIs.
+
+1.68.0 (2022-08-03)
+------------------
+
+* Feature - Add a new exception type, ForbiddenException, that is returned when request is not allowed
+
+1.67.0 (2022-05-31)
+------------------
+
+* Feature - Amazon Cognito now supports IP Address propagation for all unauthenticated APIs (e.g. SignUp, ForgotPassword).
+
 1.66.0 (2022-05-24)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.66.0
+1.69.0

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -1221,9 +1221,11 @@ module Aws::CognitoIdentityProvider
     #   `AdminInitiateAuth` calls.
     #
     # @option params [Types::ContextDataType] :context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @return [Types::AdminInitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1523,9 +1525,9 @@ module Aws::CognitoIdentityProvider
     #
     #   resp.auth_events #=> Array
     #   resp.auth_events[0].event_id #=> String
-    #   resp.auth_events[0].event_type #=> String, one of "SignIn", "SignUp", "ForgotPassword"
+    #   resp.auth_events[0].event_type #=> String, one of "SignIn", "SignUp", "ForgotPassword", "PasswordChange", "ResendCode"
     #   resp.auth_events[0].creation_date #=> Time
-    #   resp.auth_events[0].event_response #=> String, one of "Success", "Failure"
+    #   resp.auth_events[0].event_response #=> String, one of "Pass", "Fail", "InProgress"
     #   resp.auth_events[0].event_risk.risk_decision #=> String, one of "NoRisk", "AccountTakeover", "Block"
     #   resp.auth_events[0].event_risk.risk_level #=> String, one of "Low", "Medium", "High"
     #   resp.auth_events[0].event_risk.compromised_credentials_detected #=> Boolean
@@ -1791,9 +1793,11 @@ module Aws::CognitoIdentityProvider
     #   `AdminRespondToAuthChallenge` calls.
     #
     # @option params [Types::ContextDataType] :context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -2282,20 +2286,32 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # Returns a unique generated shared secret key code for the user
-    # account. The request takes an access token or a session string, but
-    # not both.
-    #
-    # <note markdown="1"> Calling AssociateSoftwareToken immediately disassociates the existing
-    # software token from the user account. If the user doesn't
-    # subsequently verify the software token, their account is set up to
-    # authenticate without MFA. If MFA config is set to Optional at the user
-    # pool level, the user can then log in without MFA. However, if MFA is
-    # set to Required for the user pool, the user is asked to set up a new
-    # software token MFA during sign-in.
+    # Begins setup of time-based one-time password (TOTP) multi-factor
+    # authentication (MFA) for a user, with a unique private key that Amazon
+    # Cognito generates and returns in the API response. You can authorize
+    # an `AssociateSoftwareToken` request with either the user's access
+    # token, or a session string from a challenge response that you received
+    # from Amazon Cognito.
+    #
+    # <note markdown="1"> Amazon Cognito disassociates an existing software token when you
+    # verify the new token in a [ VerifySoftwareToken][1] API request. If
+    # you don't verify the software token and your user pool doesn't
+    # require MFA, the user can then authenticate with user name and
+    # password credentials alone. If your user pool requires TOTP MFA,
+    # Amazon Cognito generates an `MFA_SETUP` or `SOFTWARE_TOKEN_SETUP`
+    # challenge each time your user signs. Complete setup with
+    # `AssociateSoftwareToken` and `VerifySoftwareToken`.
+    #
+    #  After you set up software token MFA for your user, Amazon Cognito
+    # generates a `SOFTWARE_TOKEN_MFA` challenge when they authenticate.
+    # Respond to this challenge with your user's TOTP.
     #
     #  </note>
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html
+    #
     # @option params [String] :access_token
     #   A valid access token that Amazon Cognito issued to the user whose
     #   software token you want to generate.
@@ -2423,25 +2439,26 @@ module Aws::CognitoIdentityProvider
     #   retrieve a forgotten password.
     #
     # @option params [required, String] :confirmation_code
-    #   The confirmation code sent by a user's request to retrieve a
-    #   forgotten password. For more information, see [ForgotPassword][1].
+    #   The confirmation code from your user's request to reset their
+    #   password. For more information, see [ForgotPassword][1].
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
     #
     # @option params [required, String] :password
-    #   The password sent by a user's request to retrieve a forgotten
-    #   password.
+    #   The new password that your user wants to set.
     #
     # @option params [Types::AnalyticsMetadataType] :analytics_metadata
     #   The Amazon Pinpoint analytics metadata for collecting metrics for
     #   `ConfirmForgotPassword` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -2494,6 +2511,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     client_metadata: {
@@ -2541,9 +2559,11 @@ module Aws::CognitoIdentityProvider
     #   `ConfirmSignUp` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -2595,6 +2615,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     client_metadata: {
@@ -2988,7 +3009,7 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [String] :email_verification_message
     #   A string representing the email verification message.
-    #   EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
+    #   `EmailVerificationMessage` is allowed only if [EmailSendingAccount][1]
     #   is DEVELOPER.
     #
     #
@@ -2997,7 +3018,7 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [String] :email_verification_subject
     #   A string representing the email verification subject.
-    #   EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
+    #   `EmailVerificationSubject` is allowed only if [EmailSendingAccount][1]
     #   is DEVELOPER.
     #
     #
@@ -3015,9 +3036,26 @@ module Aws::CognitoIdentityProvider
     #   Specifies MFA configuration details.
     #
     # @option params [Types::UserAttributeUpdateSettingsType] :user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
+    #   setting that tells Amazon Cognito how to handle changes to the value
+    #   of your users' email address and phone number attributes. For more
+    #   information, see [ Verifying updates to email addresses and phone
+    #   numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #
     # @option params [Types::DeviceConfigurationType] :device_configuration
-    #   The device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #
     # @option params [Types::EmailConfigurationType] :email_configuration
     #   The email configuration of your user pool. The email configuration
@@ -3380,31 +3418,41 @@ module Aws::CognitoIdentityProvider
     #
     #   Valid values include:
     #
-    #   * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
-    #     authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
-    #     replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
-    #     flow, Amazon Cognito receives the password in the request instead of
-    #     using the Secure Remote Password (SRP) protocol to verify passwords.
+    #   ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
     #
-    #   * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
+    #   : Enable admin based user password authentication flow
+    #     `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
+    #     `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     Secure Remote Password (SRP) protocol to verify passwords.
     #
-    #   * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
-    #     authentication. In this flow, Amazon Cognito receives the password
-    #     in the request instead of using the SRP protocol to verify
-    #     passwords.
+    #   ALLOW\_CUSTOM\_AUTH
     #
-    #   * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
+    #   : Enable Lambda trigger based authentication.
     #
-    #   * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
+    #   ALLOW\_USER\_PASSWORD\_AUTH
     #
-    #   If you don't specify a value for `ExplicitAuthFlows`, your app client
-    #   activates the `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`
-    #   authentication flows.
+    #   : Enable user password-based authentication. In this flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     SRP protocol to verify passwords.
+    #
+    #   ALLOW\_USER\_SRP\_AUTH
+    #
+    #   : Enable SRP-based authentication.
+    #
+    #   ALLOW\_REFRESH\_TOKEN\_AUTH
+    #
+    #   : Enable the authflow that refreshes tokens.
+    #
+    #   If you don't specify a value for `ExplicitAuthFlows`, your user
+    #   client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
     #
     # @option params [Array<String>] :supported_identity_providers
-    #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC providers.
+    #   A list of provider names for the identity providers (IdPs) that are
+    #   supported on this client. The following are supported: `COGNITO`,
+    #   `Facebook`, `Google`, `SignInWithApple`, and `LoginWithAmazon`. You
+    #   can also specify the names that you configured for the SAML and OIDC
+    #   IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP`.
     #
     # @option params [Array<String>] :callback_urls
     #   A list of allowed redirect (callback) URLs for the IdPs.
@@ -3524,6 +3572,19 @@ module Aws::CognitoIdentityProvider
     #
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #
+    # @option params [Boolean] :enable_propagate_additional_user_context_data
+    #   Activates the propagation of additional user context data. For more
+    #   information about propagation of user context data, see [ Adding
+    #   advanced security to a user pool][1]. If you don’t include this
+    #   parameter, you can't send device fingerprint information, including
+    #   source IP address, to Amazon Cognito advanced security. You can only
+    #   activate `EnablePropagateAdditionalUserContextData` in an app client
+    #   that has a client secret.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+    #
     # @return [Types::CreateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -3561,6 +3622,7 @@ module Aws::CognitoIdentityProvider
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
     #     enable_token_revocation: false,
+    #     enable_propagate_additional_user_context_data: false,
     #   })
     #
     # @example Response structure
@@ -3602,6 +3664,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
     #   resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
     #   resp.user_pool_client.enable_token_revocation #=> Boolean
+    #   resp.user_pool_client.enable_propagate_additional_user_context_data #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClient AWS API Documentation
     #
@@ -4228,6 +4291,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
     #   resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
     #   resp.user_pool_client.enable_token_revocation #=> Boolean
+    #   resp.user_pool_client.enable_propagate_additional_user_context_data #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolClient AWS API Documentation
     #
@@ -4349,9 +4413,11 @@ module Aws::CognitoIdentityProvider
     #   the message.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [required, String] :username
     #   The user name of the user for whom you want to enter a code to reset a
@@ -4408,6 +4474,7 @@ module Aws::CognitoIdentityProvider
     #     client_id: "ClientIdType", # required
     #     secret_hash: "SecretHashType",
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     username: "UsernameType", # required
@@ -5019,9 +5086,11 @@ module Aws::CognitoIdentityProvider
     #   metrics for `InitiateAuth` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @return [Types::InitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -5045,6 +5114,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #   })
@@ -5683,9 +5753,11 @@ module Aws::CognitoIdentityProvider
     #   the message.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [required, String] :username
     #   The `username` attribute of the user to whom you want to resend a
@@ -5742,6 +5814,7 @@ module Aws::CognitoIdentityProvider
     #     client_id: "ClientIdType", # required
     #     secret_hash: "SecretHashType",
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     username: "UsernameType", # required
@@ -5868,9 +5941,11 @@ module Aws::CognitoIdentityProvider
     #   metrics for `RespondToAuthChallenge` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -5931,6 +6006,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     client_metadata: {
@@ -6195,7 +6271,7 @@ module Aws::CognitoIdentityProvider
     #   The SMS text message multi-factor authentication (MFA) settings.
     #
     # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
-    #   The time-based one-time password software token MFA settings.
+    #   The time-based one-time password (TOTP) software token MFA settings.
     #
     # @option params [required, String] :access_token
     #   A valid access token that Amazon Cognito issued to the user whose MFA
@@ -6416,9 +6492,11 @@ module Aws::CognitoIdentityProvider
     #   metrics for `SignUp` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -6486,6 +6564,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     client_metadata: {
@@ -7096,6 +7175,16 @@ module Aws::CognitoIdentityProvider
     #   The contents of the SMS authentication message.
     #
     # @option params [Types::UserAttributeUpdateSettingsType] :user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
+    #   setting that tells Amazon Cognito how to handle changes to the value
+    #   of your users' email address and phone number attributes. For more
+    #   information, see [ Verifying updates to email addresses and phone
+    #   numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #
     # @option params [String] :mfa_configuration
     #   Possible values include:
@@ -7116,7 +7205,14 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html
     #
     # @option params [Types::DeviceConfigurationType] :device_configuration
-    #   Device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #
     # @option params [Types::EmailConfigurationType] :email_configuration
     #   The email configuration of your user pool. The email configuration
@@ -7364,8 +7460,9 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [Array<String>] :supported_identity_providers
     #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC providers.
+    #   following are supported: `COGNITO`, `Facebook`, `Google`,
+    #   `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
+    #   and OIDC providers.
     #
     # @option params [Array<String>] :callback_urls
     #   A list of allowed redirect (callback) URLs for the IdPs.
@@ -7482,6 +7579,19 @@ module Aws::CognitoIdentityProvider
     #
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #
+    # @option params [Boolean] :enable_propagate_additional_user_context_data
+    #   Activates the propagation of additional user context data. For more
+    #   information about propagation of user context data, see [ Adding
+    #   advanced security to a user pool][1]. If you don’t include this
+    #   parameter, you can't send device fingerprint information, including
+    #   source IP address, to Amazon Cognito advanced security. You can only
+    #   activate `EnablePropagateAdditionalUserContextData` in an app client
+    #   that has a client secret.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+    #
     # @return [Types::UpdateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -7519,6 +7629,7 @@ module Aws::CognitoIdentityProvider
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
     #     enable_token_revocation: false,
+    #     enable_propagate_additional_user_context_data: false,
     #   })
     #
     # @example Response structure
@@ -7560,6 +7671,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
     #   resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
     #   resp.user_pool_client.enable_token_revocation #=> Boolean
+    #   resp.user_pool_client.enable_propagate_additional_user_context_data #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClient AWS API Documentation
     #
@@ -7755,7 +7867,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.66.0'
+      context[:gem_version] = '1.69.0'
       Seahorse::Client::Request.new(handlers, context)
     end