aws-sdk-cognitoidentityprovider 1.66.0 → 1.69.0

data/lib/aws-sdk-cognitoidentityprovider/types.rb

@@ -1127,9 +1127,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::ContextDataType]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminInitiateAuthRequest AWS API Documentation
@@ -1737,9 +1739,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::ContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -2225,13 +2229,14 @@ module Aws::CognitoIdentityProvider
 
     # This exception is thrown when a user tries to confirm the account with
     # an email address or phone number that has already been supplied as an
-    # alias from a different account. This exception indicates that an
+    # alias for a different user profile. This exception indicates that an
     # account with this email address or phone already exists in a user pool
     # that you've configured to use email address or phone number as a
     # sign-in alias.
     #
     # @!attribute [rw] message
-    #   The message sent to the user when an alias exists.
+    #   The message that Amazon Cognito sends to the user when the value of
+    #   an alias attribute is already linked to another user profile.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AliasExistsException AWS API Documentation
@@ -2361,8 +2366,8 @@ module Aws::CognitoIdentityProvider
     end
 
     # @!attribute [rw] secret_code
-    #   A unique generated shared secret code that is used in the time-based
-    #   one-time password (TOTP) algorithm to generate a one-time code.
+    #   A unique generated shared secret code that is used in the TOTP
+    #   algorithm to generate a one-time code.
     #   @return [String]
     #
     # @!attribute [rw] session
@@ -2755,6 +2760,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         client_metadata: {
@@ -2778,8 +2784,8 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] confirmation_code
-    #   The confirmation code sent by a user's request to retrieve a
-    #   forgotten password. For more information, see [ForgotPassword][1].
+    #   The confirmation code from your user's request to reset their
+    #   password. For more information, see [ForgotPassword][1].
     #
     #
     #
@@ -2787,8 +2793,7 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] password
-    #   The password sent by a user's request to retrieve a forgotten
-    #   password.
+    #   The new password that your user wants to set.
     #   @return [String]
     #
     # @!attribute [rw] analytics_metadata
@@ -2797,9 +2802,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -2877,6 +2884,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         client_metadata: {
@@ -2919,9 +2927,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -3004,7 +3014,7 @@ module Aws::CognitoIdentityProvider
     #       }
     #
     # @!attribute [rw] ip_address
-    #   Source IP address of your user.
+    #   The source IP address of your user's device.
     #   @return [String]
     #
     # @!attribute [rw] server_name
@@ -3020,8 +3030,14 @@ module Aws::CognitoIdentityProvider
     #   @return [Array<Types::HttpHeader>]
     #
     # @!attribute [rw] encoded_data
-    #   Encoded data containing device fingerprinting details collected
-    #   using the Amazon Cognito context data collection library.
+    #   Encoded device-fingerprint details that your app collected with the
+    #   Amazon Cognito context data collection library. For more
+    #   information, see [Adding user device and session data to API
+    #   requests][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ContextDataType AWS API Documentation
@@ -3384,6 +3400,7 @@ module Aws::CognitoIdentityProvider
     #         },
     #         prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
     #         enable_token_revocation: false,
+    #         enable_propagate_additional_user_context_data: false,
     #       }
     #
     # @!attribute [rw] user_pool_id
@@ -3482,34 +3499,42 @@ module Aws::CognitoIdentityProvider
     #
     #   Valid values include:
     #
-    #   * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user
-    #     password authentication flow `ADMIN_USER_PASSWORD_AUTH`. This
-    #     setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this
-    #     authentication flow, Amazon Cognito receives the password in the
-    #     request instead of using the Secure Remote Password (SRP) protocol
-    #     to verify passwords.
+    #   ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
     #
-    #   * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
+    #   : Enable admin based user password authentication flow
+    #     `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
+    #     `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     Secure Remote Password (SRP) protocol to verify passwords.
     #
-    #   * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
-    #     authentication. In this flow, Amazon Cognito receives the password
-    #     in the request instead of using the SRP protocol to verify
-    #     passwords.
+    #   ALLOW\_CUSTOM\_AUTH
     #
-    #   * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
+    #   : Enable Lambda trigger based authentication.
     #
-    #   * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
+    #   ALLOW\_USER\_PASSWORD\_AUTH
+    #
+    #   : Enable user password-based authentication. In this flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     SRP protocol to verify passwords.
+    #
+    #   ALLOW\_USER\_SRP\_AUTH
+    #
+    #   : Enable SRP-based authentication.
+    #
+    #   ALLOW\_REFRESH\_TOKEN\_AUTH
+    #
+    #   : Enable the authflow that refreshes tokens.
     #
-    #   If you don't specify a value for `ExplicitAuthFlows`, your app
-    #   client activates the `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`
-    #   authentication flows.
+    #   If you don't specify a value for `ExplicitAuthFlows`, your user
+    #   client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] supported_identity_providers
-    #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC
-    #   providers.
+    #   A list of provider names for the identity providers (IdPs) that are
+    #   supported on this client. The following are supported: `COGNITO`,
+    #   `Facebook`, `Google`, `SignInWithApple`, and `LoginWithAmazon`. You
+    #   can also specify the names that you configured for the SAML and OIDC
+    #   IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] callback_urls
@@ -3639,6 +3664,20 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #   @return [Boolean]
     #
+    # @!attribute [rw] enable_propagate_additional_user_context_data
+    #   Activates the propagation of additional user context data. For more
+    #   information about propagation of user context data, see [ Adding
+    #   advanced security to a user pool][1]. If you don’t include this
+    #   parameter, you can't send device fingerprint information, including
+    #   source IP address, to Amazon Cognito advanced security. You can only
+    #   activate `EnablePropagateAdditionalUserContextData` in an app client
+    #   that has a client secret.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClientRequest AWS API Documentation
     #
     class CreateUserPoolClientRequest < Struct.new(
@@ -3661,7 +3700,8 @@ module Aws::CognitoIdentityProvider
       :allowed_o_auth_flows_user_pool_client,
       :analytics_configuration,
       :prevent_user_existence_errors,
-      :enable_token_revocation)
+      :enable_token_revocation,
+      :enable_propagate_additional_user_context_data)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3910,8 +3950,8 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] email_verification_message
     #   A string representing the email verification message.
-    #   EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
-    #   is DEVELOPER.
+    #   `EmailVerificationMessage` is allowed only if
+    #   [EmailSendingAccount][1] is DEVELOPER.
     #
     #
     #
@@ -3920,8 +3960,8 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] email_verification_subject
     #   A string representing the email verification subject.
-    #   EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
-    #   is DEVELOPER.
+    #   `EmailVerificationSubject` is allowed only if
+    #   [EmailSendingAccount][1] is DEVELOPER.
     #
     #
     #
@@ -3942,10 +3982,27 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a
+    #   user-pool setting that tells Amazon Cognito how to handle changes to
+    #   the value of your users' email address and phone number attributes.
+    #   For more information, see [ Verifying updates to email addresses and
+    #   phone numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #   @return [Types::UserAttributeUpdateSettingsType]
     #
     # @!attribute [rw] device_configuration
-    #   The device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #   @return [Types::DeviceConfigurationType]
     #
     # @!attribute [rw] email_configuration
@@ -4615,11 +4672,12 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
-    # The device tracking configuration for a user pool. A user pool with
-    # device tracking deactivated returns a null value.
+    # The device-remembering configuration for a user pool. A null value
+    # indicates that you have deactivated device remembering in your user
+    # pool.
     #
-    # <note markdown="1"> When you provide values for any DeviceConfiguration field, you
-    # activate device tracking.
+    # <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    # activate the Amazon Cognito device-remembering feature.
     #
     #  </note>
     #
@@ -4636,17 +4694,23 @@ module Aws::CognitoIdentityProvider
     #   one-time password (TOTP) factors for multi-factor authentication
     #   (MFA).
     #
-    #   <note markdown="1"> Users that sign in with devices that have not been confirmed or
-    #   remembered will still have to provide a second factor, whether or
-    #   not ChallengeRequiredOnNewDevice is true, when your user pool
-    #   requires MFA.
+    #   <note markdown="1"> Regardless of the value of this field, users that sign in with new
+    #   devices that have not been confirmed or remembered must provide a
+    #   second factor if your user pool requires MFA.
     #
     #    </note>
     #   @return [Boolean]
     #
     # @!attribute [rw] device_only_remembered_on_user_prompt
-    #   When true, users can opt in to remembering their device. Your app
-    #   code must use callback functions to return the user's choice.
+    #   When true, Amazon Cognito doesn't remember newly-confirmed devices.
+    #   Users who want to authenticate with their device can instead opt in
+    #   to remembering their device. To collect a choice from your user,
+    #   create an input prompt in your app and return the value that the
+    #   user chooses in an [UpdateDeviceStatus][1] API request.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeviceConfigurationType AWS API Documentation
@@ -4959,7 +5023,7 @@ module Aws::CognitoIdentityProvider
     # request.
     #
     # @!attribute [rw] ip_address
-    #   The user's IP address.
+    #   The source IP address of your user's device.
     #   @return [String]
     #
     # @!attribute [rw] device_name
@@ -5053,6 +5117,22 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # This exception is thrown when WAF doesn't allow your request based on
+    # a web ACL that's associated with your user pool.
+    #
+    # @!attribute [rw] message
+    #   The message returned when WAF doesn't allow your request based on a
+    #   web ACL that's associated with your user pool.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ForbiddenException AWS API Documentation
+    #
+    class ForbiddenException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Represents the request to forget the device.
     #
     # @note When making an API call, you may pass ForgetDeviceRequest
@@ -5090,6 +5170,7 @@ module Aws::CognitoIdentityProvider
     #         client_id: "ClientIdType", # required
     #         secret_hash: "SecretHashType",
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         username: "UsernameType", # required
@@ -5112,9 +5193,11 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] username
@@ -5179,8 +5262,7 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
-    # Represents the response from the server regarding the request to reset
-    # a password.
+    # The response from Amazon Cognito to a request to reset a password.
     #
     # @!attribute [rw] code_delivery_details
     #   The code delivery details returned by the server in response to the
@@ -5534,15 +5616,17 @@ module Aws::CognitoIdentityProvider
     end
 
     # @!attribute [rw] sms_mfa_configuration
-    #   The SMS text message multi-factor (MFA) configuration.
+    #   The SMS text message multi-factor authentication (MFA)
+    #   configuration.
     #   @return [Types::SmsMfaConfigType]
     #
     # @!attribute [rw] software_token_mfa_configuration
-    #   The software token multi-factor (MFA) configuration.
+    #   The software token multi-factor authentication (MFA) configuration.
     #   @return [Types::SoftwareTokenMfaConfigType]
     #
     # @!attribute [rw] mfa_configuration
-    #   The multi-factor (MFA) configuration. Valid values include:
+    #   The multi-factor authentication (MFA) configuration. Valid values
+    #   include:
     #
     #   * `OFF` MFA won't be used for any users.
     #
@@ -5895,6 +5979,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #       }
@@ -6023,9 +6108,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InitiateAuthRequest AWS API Documentation
@@ -7450,6 +7537,7 @@ module Aws::CognitoIdentityProvider
     #         client_id: "ClientIdType", # required
     #         secret_hash: "SecretHashType",
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         username: "UsernameType", # required
@@ -7472,9 +7560,11 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] username
@@ -7642,6 +7732,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         client_metadata: {
@@ -7729,9 +7820,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -8255,7 +8348,7 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::SMSMfaSettingsType]
     #
     # @!attribute [rw] software_token_mfa_settings
-    #   The time-based one-time password software token MFA settings.
+    #   The time-based one-time password (TOTP) software token MFA settings.
     #   @return [Types::SoftwareTokenMfaSettingsType]
     #
     # @!attribute [rw] access_token
@@ -8429,6 +8522,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         client_metadata: {
@@ -8471,9 +8565,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -8899,18 +8995,21 @@ module Aws::CognitoIdentityProvider
     #       }
     #
     # @!attribute [rw] access_token
-    #   A time unit in “seconds”, “minutes”, “hours”, or “days” for the
-    #   value in AccessTokenValidity, defaulting to hours.
+    #   A time unit of `seconds`, `minutes`, `hours`, or `days` for the
+    #   value that you set in the `AccessTokenValidity` parameter. The
+    #   default `AccessTokenValidity` time unit is hours.
     #   @return [String]
     #
     # @!attribute [rw] id_token
-    #   A time unit in “seconds”, “minutes”, “hours”, or “days” for the
-    #   value in IdTokenValidity, defaulting to hours.
+    #   A time unit of `seconds`, `minutes`, `hours`, or `days` for the
+    #   value that you set in the `IdTokenValidity` parameter. The default
+    #   `IdTokenValidity` time unit is hours.
     #   @return [String]
     #
     # @!attribute [rw] refresh_token
-    #   A time unit in “seconds”, “minutes”, “hours”, or “days” for the
-    #   value in RefreshTokenValidity, defaulting to days.
+    #   A time unit of `seconds`, `minutes`, `hours`, or `days` for the
+    #   value that you set in the `RefreshTokenValidity` parameter. The
+    #   default `RefreshTokenValidity` time unit is days.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TokenValidityUnitsType AWS API Documentation
@@ -9517,6 +9616,7 @@ module Aws::CognitoIdentityProvider
     #         },
     #         prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
     #         enable_token_revocation: false,
+    #         enable_propagate_additional_user_context_data: false,
     #       }
     #
     # @!attribute [rw] user_pool_id
@@ -9620,9 +9720,9 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] supported_identity_providers
     #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC
-    #   providers.
+    #   following are supported: `COGNITO`, `Facebook`, `Google`,
+    #   `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
+    #   and OIDC providers.
     #   @return [Array<String>]
     #
     # @!attribute [rw] callback_urls
@@ -9749,6 +9849,20 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #   @return [Boolean]
     #
+    # @!attribute [rw] enable_propagate_additional_user_context_data
+    #   Activates the propagation of additional user context data. For more
+    #   information about propagation of user context data, see [ Adding
+    #   advanced security to a user pool][1]. If you don’t include this
+    #   parameter, you can't send device fingerprint information, including
+    #   source IP address, to Amazon Cognito advanced security. You can only
+    #   activate `EnablePropagateAdditionalUserContextData` in an app client
+    #   that has a client secret.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClientRequest AWS API Documentation
     #
     class UpdateUserPoolClientRequest < Struct.new(
@@ -9771,7 +9885,8 @@ module Aws::CognitoIdentityProvider
       :allowed_o_auth_flows_user_pool_client,
       :analytics_configuration,
       :prevent_user_existence_errors,
-      :enable_token_revocation)
+      :enable_token_revocation,
+      :enable_propagate_additional_user_context_data)
       SENSITIVE = [:client_id]
       include Aws::Structure
     end
@@ -9986,6 +10101,16 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a
+    #   user-pool setting that tells Amazon Cognito how to handle changes to
+    #   the value of your users' email address and phone number attributes.
+    #   For more information, see [ Verifying updates to email addresses and
+    #   phone numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #   @return [Types::UserAttributeUpdateSettingsType]
     #
     # @!attribute [rw] mfa_configuration
@@ -10008,7 +10133,14 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] device_configuration
-    #   Device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #   @return [Types::DeviceConfigurationType]
     #
     # @!attribute [rw] email_configuration
@@ -10085,7 +10217,16 @@ module Aws::CognitoIdentityProvider
     #
     class UpdateUserPoolResponse < Aws::EmptyStructure; end
 
-    # The settings for updates to user attributes.
+    # The settings for updates to user attributes. These settings include
+    # the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
+    # setting that tells Amazon Cognito how to handle changes to the value
+    # of your users' email address and phone number attributes. For more
+    # information, see [ Verifying updates to email addresses and phone
+    # numbers][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #
     # @note When making an API call, you may pass UserAttributeUpdateSettingsType
     #   data as a hash:
@@ -10130,27 +10271,37 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
-    # Information that your app generates about a user's
-    # `AdminInitiateAuth` or `AdminRespondToAuthChallenge` session. Amazon
-    # Cognito advanced security features calculate risk levels for user
-    # sessions based on this context data.
+    # Contextual data, such as the user's device fingerprint, IP address,
+    # or location, used for evaluating the risk of an unexpected event by
+    # Amazon Cognito advanced security.
     #
     # @note When making an API call, you may pass UserContextDataType
     #   data as a hash:
     #
     #       {
+    #         ip_address: "StringType",
     #         encoded_data: "StringType",
     #       }
     #
+    # @!attribute [rw] ip_address
+    #   The source IP address of your user's device.
+    #   @return [String]
+    #
     # @!attribute [rw] encoded_data
-    #   Contextual data, such as the user's device fingerprint, IP address,
-    #   or location, used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Encoded device-fingerprint details that your app collected with the
+    #   Amazon Cognito context data collection library. For more
+    #   information, see [Adding user device and session data to API
+    #   requests][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserContextDataType AWS API Documentation
     #
     class UserContextDataType < Struct.new(
+      :ip_address,
       :encoded_data)
       SENSITIVE = []
       include Aws::Structure
@@ -10486,9 +10637,9 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] supported_identity_providers
     #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC
-    #   providers.
+    #   following are supported: `COGNITO`, `Facebook`, `Google`,
+    #   `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
+    #   and OIDC providers.
     #   @return [Array<String>]
     #
     # @!attribute [rw] callback_urls
@@ -10616,6 +10767,33 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #   @return [Boolean]
     #
+    # @!attribute [rw] enable_propagate_additional_user_context_data
+    #   When `EnablePropagateAdditionalUserContextData` is true, Amazon
+    #   Cognito accepts an `IpAddress` value that you send in the
+    #   `UserContextData` parameter. The `UserContextData` parameter sends
+    #   information to Amazon Cognito advanced security for risk analysis.
+    #   You can send `UserContextData` when you sign in Amazon Cognito
+    #   native users with the `InitiateAuth` and `RespondToAuthChallenge`
+    #   API operations.
+    #
+    #   When `EnablePropagateAdditionalUserContextData` is false, you can't
+    #   send your user's source IP address to Amazon Cognito advanced
+    #   security with unauthenticated API operations.
+    #   `EnablePropagateAdditionalUserContextData` doesn't affect whether
+    #   you can send a source IP address in a `ContextData` parameter with
+    #   the authenticated API operations `AdminInitiateAuth` and
+    #   `AdminRespondToAuthChallenge`.
+    #
+    #   You can only activate `EnablePropagateAdditionalUserContextData` in
+    #   an app client that has a client secret. For more information about
+    #   propagation of user context data, see [Adding user device and
+    #   session data to API requests][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolClientType AWS API Documentation
     #
     class UserPoolClientType < Struct.new(
@@ -10641,7 +10819,8 @@ module Aws::CognitoIdentityProvider
       :allowed_o_auth_flows_user_pool_client,
       :analytics_configuration,
       :prevent_user_existence_errors,
-      :enable_token_revocation)
+      :enable_token_revocation,
+      :enable_propagate_additional_user_context_data)
       SENSITIVE = [:client_id, :client_secret]
       include Aws::Structure
     end
@@ -10795,6 +10974,16 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a
+    #   user-pool setting that tells Amazon Cognito how to handle changes to
+    #   the value of your users' email address and phone number attributes.
+    #   For more information, see [ Verifying updates to email addresses and
+    #   phone numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #   @return [Types::UserAttributeUpdateSettingsType]
     #
     # @!attribute [rw] mfa_configuration
@@ -10811,7 +11000,14 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] device_configuration
-    #   The device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #   @return [Types::DeviceConfigurationType]
     #
     # @!attribute [rw] estimated_number_of_users