aws-sdk-cognitoidentityprovider 1.67.0 → 1.68.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f1666db16e250b3d677b284f444a20990e8704cbf2e8fa133f1e22b62d5ed8a
-  data.tar.gz: ca2c904117a70903e9700a5aefc5887c5ab8be887256ff33c58edd3d1afc7b48
+  metadata.gz: 9e65c9c00460118c6471adb6cd66ab179cbaf49b66b69fc2185cbee1853ee2b7
+  data.tar.gz: 3c7e855c75a534d70e18121f07309ce2fcdb995210cd66b9c69339964b1513e5
 SHA512:
-  metadata.gz: d6252319b024f9747d7a5e5eac8deec9705fb533adc9b5fc1f2f66fe7a423d29e8250a5c5a88699e1249841738a88ea7975cb5312f63c6f83d8755abbc7ba279
-  data.tar.gz: 9e7772bfb31c59aeffe8c7a7d8c853c5648209b0be155d9c3d510e884269ba5fd351e16a3b4415c42353c2fa09cdec9e7517d7984ae2a1451a0108e5a8414236
+  metadata.gz: 7588756648391c3778fe144d59fa6202042570c6dc75f284de0b9e1d21086f9b86ee2488d20747396c4a9f843762517ddbea550da0fd551f36ce915851efbe08
+  data.tar.gz: 3060bce657baa79a2f5d3f3723cfb8ebba109977e292a79b8e26e51c74945cbc8bf9b64cddaaccc6aa55bd4e5eda0c4ba387e18e98b3acc2ab8ecce29bb5f0af

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.68.0 (2022-08-03)
+------------------
+
+* Feature - Add a new exception type, ForbiddenException, that is returned when request is not allowed
+
 1.67.0 (2022-05-31)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.67.0
+1.68.0

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -2286,12 +2286,12 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # Begins setup of time-based one-time password multi-factor
-    # authentication (TOTP MFA) for a user, with a unique private key that
-    # Amazon Cognito generates and returns in the API response. You can
-    # authorize an `AssociateSoftwareToken` request with either the user's
-    # access token, or a session string from a challenge response that you
-    # received from Amazon Cognito.
+    # Begins setup of time-based one-time password (TOTP) multi-factor
+    # authentication (MFA) for a user, with a unique private key that Amazon
+    # Cognito generates and returns in the API response. You can authorize
+    # an `AssociateSoftwareToken` request with either the user's access
+    # token, or a session string from a challenge response that you received
+    # from Amazon Cognito.
     #
     # <note markdown="1"> Amazon Cognito disassociates an existing software token when you
     # verify the new token in a [ VerifySoftwareToken][1] API request. If
@@ -2439,16 +2439,15 @@ module Aws::CognitoIdentityProvider
     #   retrieve a forgotten password.
     #
     # @option params [required, String] :confirmation_code
-    #   The confirmation code sent by a user's request to retrieve a
-    #   forgotten password. For more information, see [ForgotPassword][1].
+    #   The confirmation code from your user's request to reset their
+    #   password. For more information, see [ForgotPassword][1].
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
     #
     # @option params [required, String] :password
-    #   The password sent by a user's request to retrieve a forgotten
-    #   password.
+    #   The new password that your user wants to set.
     #
     # @option params [Types::AnalyticsMetadataType] :analytics_metadata
     #   The Amazon Pinpoint analytics metadata for collecting metrics for
@@ -3010,7 +3009,7 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [String] :email_verification_message
     #   A string representing the email verification message.
-    #   EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
+    #   `EmailVerificationMessage` is allowed only if [EmailSendingAccount][1]
     #   is DEVELOPER.
     #
     #
@@ -3019,7 +3018,7 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [String] :email_verification_subject
     #   A string representing the email verification subject.
-    #   EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
+    #   `EmailVerificationSubject` is allowed only if [EmailSendingAccount][1]
     #   is DEVELOPER.
     #
     #
@@ -3041,7 +3040,7 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
     #   setting that tells Amazon Cognito how to handle changes to the value
     #   of your users' email address and phone number attributes. For more
-    #   information, see [ Verifying updates to to email addresses and phone
+    #   information, see [ Verifying updates to email addresses and phone
     #   numbers][1].
     #
     #
@@ -3049,7 +3048,14 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #
     # @option params [Types::DeviceConfigurationType] :device_configuration
-    #   The device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #
     # @option params [Types::EmailConfigurationType] :email_configuration
     #   The email configuration of your user pool. The email configuration
@@ -3412,31 +3418,41 @@ module Aws::CognitoIdentityProvider
     #
     #   Valid values include:
     #
-    #   * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
-    #     authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
-    #     replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
-    #     flow, Amazon Cognito receives the password in the request instead of
-    #     using the Secure Remote Password (SRP) protocol to verify passwords.
+    #   ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
     #
-    #   * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
+    #   : Enable admin based user password authentication flow
+    #     `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
+    #     `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     Secure Remote Password (SRP) protocol to verify passwords.
     #
-    #   * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
-    #     authentication. In this flow, Amazon Cognito receives the password
-    #     in the request instead of using the SRP protocol to verify
-    #     passwords.
+    #   ALLOW\_CUSTOM\_AUTH
     #
-    #   * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
+    #   : Enable Lambda trigger based authentication.
     #
-    #   * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
+    #   ALLOW\_USER\_PASSWORD\_AUTH
+    #
+    #   : Enable user password-based authentication. In this flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     SRP protocol to verify passwords.
+    #
+    #   ALLOW\_USER\_SRP\_AUTH
+    #
+    #   : Enable SRP-based authentication.
+    #
+    #   ALLOW\_REFRESH\_TOKEN\_AUTH
     #
-    #   If you don't specify a value for `ExplicitAuthFlows`, your app client
-    #   activates the `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`
-    #   authentication flows.
+    #   : Enable the authflow that refreshes tokens.
+    #
+    #   If you don't specify a value for `ExplicitAuthFlows`, your user
+    #   client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
     #
     # @option params [Array<String>] :supported_identity_providers
-    #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC providers.
+    #   A list of provider names for the identity providers (IdPs) that are
+    #   supported on this client. The following are supported: `COGNITO`,
+    #   `Facebook`, `Google`, `SignInWithApple`, and `LoginWithAmazon`. You
+    #   can also specify the names that you configured for the SAML and OIDC
+    #   IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP`.
     #
     # @option params [Array<String>] :callback_urls
     #   A list of allowed redirect (callback) URLs for the IdPs.
@@ -6255,7 +6271,7 @@ module Aws::CognitoIdentityProvider
     #   The SMS text message multi-factor authentication (MFA) settings.
     #
     # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
-    #   The time-based one-time password software token MFA settings.
+    #   The time-based one-time password (TOTP) software token MFA settings.
     #
     # @option params [required, String] :access_token
     #   A valid access token that Amazon Cognito issued to the user whose MFA
@@ -7163,7 +7179,7 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
     #   setting that tells Amazon Cognito how to handle changes to the value
     #   of your users' email address and phone number attributes. For more
-    #   information, see [ Verifying updates to to email addresses and phone
+    #   information, see [ Verifying updates to email addresses and phone
     #   numbers][1].
     #
     #
@@ -7189,7 +7205,14 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html
     #
     # @option params [Types::DeviceConfigurationType] :device_configuration
-    #   Device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #
     # @option params [Types::EmailConfigurationType] :email_configuration
     #   The email configuration of your user pool. The email configuration
@@ -7437,8 +7460,9 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [Array<String>] :supported_identity_providers
     #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC providers.
+    #   following are supported: `COGNITO`, `Facebook`, `Google`,
+    #   `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
+    #   and OIDC providers.
     #
     # @option params [Array<String>] :callback_urls
     #   A list of allowed redirect (callback) URLs for the IdPs.
@@ -7843,7 +7867,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.67.0'
+      context[:gem_version] = '1.68.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb

@@ -217,6 +217,7 @@ module Aws::CognitoIdentityProvider
     ExplicitAuthFlowsListType = Shapes::ListShape.new(name: 'ExplicitAuthFlowsListType')
     ExplicitAuthFlowsType = Shapes::StringShape.new(name: 'ExplicitAuthFlowsType')
     FeedbackValueType = Shapes::StringShape.new(name: 'FeedbackValueType')
+    ForbiddenException = Shapes::StructureShape.new(name: 'ForbiddenException')
     ForceAliasCreation = Shapes::BooleanShape.new(name: 'ForceAliasCreation')
     ForgetDeviceRequest = Shapes::StructureShape.new(name: 'ForgetDeviceRequest')
     ForgotPasswordRequest = Shapes::StructureShape.new(name: 'ForgotPasswordRequest')
@@ -1129,6 +1130,9 @@ module Aws::CognitoIdentityProvider
 
     ExplicitAuthFlowsListType.member = Shapes::ShapeRef.new(shape: ExplicitAuthFlowsType)
 
+    ForbiddenException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
+    ForbiddenException.struct_class = Types::ForbiddenException
+
     ForgetDeviceRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: TokenModelType, location_name: "AccessToken"))
     ForgetDeviceRequest.add_member(:device_key, Shapes::ShapeRef.new(shape: DeviceKeyType, required: true, location_name: "DeviceKey"))
     ForgetDeviceRequest.struct_class = Types::ForgetDeviceRequest
@@ -2477,6 +2481,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:change_password, Seahorse::Model::Operation.new.tap do |o|
@@ -2496,6 +2501,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:confirm_device, Seahorse::Model::Operation.new.tap do |o|
@@ -2516,6 +2522,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:confirm_forgot_password, Seahorse::Model::Operation.new.tap do |o|
@@ -2540,6 +2547,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:confirm_sign_up, Seahorse::Model::Operation.new.tap do |o|
@@ -2563,6 +2571,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:create_group, Seahorse::Model::Operation.new.tap do |o|
@@ -2725,6 +2734,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:delete_user_attributes, Seahorse::Model::Operation.new.tap do |o|
@@ -2742,6 +2752,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:delete_user_pool, Seahorse::Model::Operation.new.tap do |o|
@@ -2890,6 +2901,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:forgot_password, Seahorse::Model::Operation.new.tap do |o|
@@ -2913,6 +2925,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: CodeDeliveryFailureException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:get_csv_header, Seahorse::Model::Operation.new.tap do |o|
@@ -2943,6 +2956,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:get_group, Seahorse::Model::Operation.new.tap do |o|
@@ -3010,6 +3024,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:get_user_attribute_verification_code, Seahorse::Model::Operation.new.tap do |o|
@@ -3035,6 +3050,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:get_user_pool_mfa_config, Seahorse::Model::Operation.new.tap do |o|
@@ -3063,6 +3079,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: PasswordResetRequiredException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:initiate_auth, Seahorse::Model::Operation.new.tap do |o|
@@ -3086,6 +3103,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:list_devices, Seahorse::Model::Operation.new.tap do |o|
@@ -3103,6 +3121,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:list_groups, Seahorse::Model::Operation.new.tap do |o|
@@ -3284,6 +3303,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: CodeDeliveryFailureException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:respond_to_auth_challenge, Seahorse::Model::Operation.new.tap do |o|
@@ -3313,6 +3333,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:revoke_token, Seahorse::Model::Operation.new.tap do |o|
@@ -3327,6 +3348,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedTokenTypeException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:set_risk_configuration, Seahorse::Model::Operation.new.tap do |o|
@@ -3371,6 +3393,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:set_user_pool_mfa_config, Seahorse::Model::Operation.new.tap do |o|
@@ -3402,6 +3425,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:sign_up, Seahorse::Model::Operation.new.tap do |o|
@@ -3425,6 +3449,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: CodeDeliveryFailureException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:start_user_import_job, Seahorse::Model::Operation.new.tap do |o|
@@ -3511,6 +3536,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:update_group, Seahorse::Model::Operation.new.tap do |o|
@@ -3578,6 +3604,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:update_user_pool, Seahorse::Model::Operation.new.tap do |o|
@@ -3647,6 +3674,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
         o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: CodeMismatchException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
 
       api.add_operation(:verify_user_attribute, Seahorse::Model::Operation.new.tap do |o|
@@ -3668,6 +3696,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
     end
 

data/lib/aws-sdk-cognitoidentityprovider/errors.rb

@@ -34,6 +34,7 @@ module Aws::CognitoIdentityProvider
   # * {DuplicateProviderException}
   # * {EnableSoftwareTokenMFAException}
   # * {ExpiredCodeException}
+  # * {ForbiddenException}
   # * {GroupExistsException}
   # * {InternalErrorException}
   # * {InvalidEmailRoleAccessPolicyException}
@@ -179,6 +180,21 @@ module Aws::CognitoIdentityProvider
       end
     end
 
+    class ForbiddenException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CognitoIdentityProvider::Types::ForbiddenException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class GroupExistsException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-cognitoidentityprovider/types.rb

@@ -2235,7 +2235,8 @@ module Aws::CognitoIdentityProvider
     # sign-in alias.
     #
     # @!attribute [rw] message
-    #   The message sent to the user when an alias exists.
+    #   The message that Amazon Cognito sends to the user when the value of
+    #   an alias attribute is already linked to another user profile.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AliasExistsException AWS API Documentation
@@ -2365,8 +2366,8 @@ module Aws::CognitoIdentityProvider
     end
 
     # @!attribute [rw] secret_code
-    #   A unique generated shared secret code that is used in the time-based
-    #   one-time password (TOTP) algorithm to generate a one-time code.
+    #   A unique generated shared secret code that is used in the TOTP
+    #   algorithm to generate a one-time code.
     #   @return [String]
     #
     # @!attribute [rw] session
@@ -2783,8 +2784,8 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] confirmation_code
-    #   The confirmation code sent by a user's request to retrieve a
-    #   forgotten password. For more information, see [ForgotPassword][1].
+    #   The confirmation code from your user's request to reset their
+    #   password. For more information, see [ForgotPassword][1].
     #
     #
     #
@@ -2792,8 +2793,7 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] password
-    #   The password sent by a user's request to retrieve a forgotten
-    #   password.
+    #   The new password that your user wants to set.
     #   @return [String]
     #
     # @!attribute [rw] analytics_metadata
@@ -3499,34 +3499,42 @@ module Aws::CognitoIdentityProvider
     #
     #   Valid values include:
     #
-    #   * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user
-    #     password authentication flow `ADMIN_USER_PASSWORD_AUTH`. This
-    #     setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this
-    #     authentication flow, Amazon Cognito receives the password in the
-    #     request instead of using the Secure Remote Password (SRP) protocol
-    #     to verify passwords.
+    #   ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
     #
-    #   * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
+    #   : Enable admin based user password authentication flow
+    #     `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
+    #     `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     Secure Remote Password (SRP) protocol to verify passwords.
     #
-    #   * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
-    #     authentication. In this flow, Amazon Cognito receives the password
-    #     in the request instead of using the SRP protocol to verify
-    #     passwords.
+    #   ALLOW\_CUSTOM\_AUTH
     #
-    #   * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
+    #   : Enable Lambda trigger based authentication.
     #
-    #   * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
+    #   ALLOW\_USER\_PASSWORD\_AUTH
+    #
+    #   : Enable user password-based authentication. In this flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     SRP protocol to verify passwords.
+    #
+    #   ALLOW\_USER\_SRP\_AUTH
+    #
+    #   : Enable SRP-based authentication.
+    #
+    #   ALLOW\_REFRESH\_TOKEN\_AUTH
+    #
+    #   : Enable the authflow that refreshes tokens.
     #
-    #   If you don't specify a value for `ExplicitAuthFlows`, your app
-    #   client activates the `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`
-    #   authentication flows.
+    #   If you don't specify a value for `ExplicitAuthFlows`, your user
+    #   client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] supported_identity_providers
-    #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC
-    #   providers.
+    #   A list of provider names for the identity providers (IdPs) that are
+    #   supported on this client. The following are supported: `COGNITO`,
+    #   `Facebook`, `Google`, `SignInWithApple`, and `LoginWithAmazon`. You
+    #   can also specify the names that you configured for the SAML and OIDC
+    #   IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] callback_urls
@@ -3942,8 +3950,8 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] email_verification_message
     #   A string representing the email verification message.
-    #   EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
-    #   is DEVELOPER.
+    #   `EmailVerificationMessage` is allowed only if
+    #   [EmailSendingAccount][1] is DEVELOPER.
     #
     #
     #
@@ -3952,8 +3960,8 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] email_verification_subject
     #   A string representing the email verification subject.
-    #   EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
-    #   is DEVELOPER.
+    #   `EmailVerificationSubject` is allowed only if
+    #   [EmailSendingAccount][1] is DEVELOPER.
     #
     #
     #
@@ -3978,8 +3986,8 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a
     #   user-pool setting that tells Amazon Cognito how to handle changes to
     #   the value of your users' email address and phone number attributes.
-    #   For more information, see [ Verifying updates to to email addresses
-    #   and phone numbers][1].
+    #   For more information, see [ Verifying updates to email addresses and
+    #   phone numbers][1].
     #
     #
     #
@@ -3987,7 +3995,14 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::UserAttributeUpdateSettingsType]
     #
     # @!attribute [rw] device_configuration
-    #   The device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #   @return [Types::DeviceConfigurationType]
     #
     # @!attribute [rw] email_configuration
@@ -4657,11 +4672,12 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
-    # The device tracking configuration for a user pool. A user pool with
-    # device tracking deactivated returns a null value.
+    # The device-remembering configuration for a user pool. A null value
+    # indicates that you have deactivated device remembering in your user
+    # pool.
     #
-    # <note markdown="1"> When you provide values for any DeviceConfiguration field, you
-    # activate device tracking.
+    # <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    # activate the Amazon Cognito device-remembering feature.
     #
     #  </note>
     #
@@ -4678,17 +4694,23 @@ module Aws::CognitoIdentityProvider
     #   one-time password (TOTP) factors for multi-factor authentication
     #   (MFA).
     #
-    #   <note markdown="1"> Users that sign in with devices that have not been confirmed or
-    #   remembered will still have to provide a second factor, whether or
-    #   not ChallengeRequiredOnNewDevice is true, when your user pool
-    #   requires MFA.
+    #   <note markdown="1"> Regardless of the value of this field, users that sign in with new
+    #   devices that have not been confirmed or remembered must provide a
+    #   second factor if your user pool requires MFA.
     #
     #    </note>
     #   @return [Boolean]
     #
     # @!attribute [rw] device_only_remembered_on_user_prompt
-    #   When true, users can opt in to remembering their device. Your app
-    #   code must use callback functions to return the user's choice.
+    #   When true, Amazon Cognito doesn't remember newly-confirmed devices.
+    #   Users who want to authenticate with their device can instead opt in
+    #   to remembering their device. To collect a choice from your user,
+    #   create an input prompt in your app and return the value that the
+    #   user chooses in an [UpdateDeviceStatus][1] API request.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeviceConfigurationType AWS API Documentation
@@ -5095,6 +5117,22 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # This exception is thrown when WAF doesn't allow your request based on
+    # a web ACL that's associated with your user pool.
+    #
+    # @!attribute [rw] message
+    #   The message returned when WAF doesn't allow your request based on a
+    #   web ACL that's associated with your user pool.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ForbiddenException AWS API Documentation
+    #
+    class ForbiddenException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Represents the request to forget the device.
     #
     # @note When making an API call, you may pass ForgetDeviceRequest
@@ -5578,15 +5616,17 @@ module Aws::CognitoIdentityProvider
     end
 
     # @!attribute [rw] sms_mfa_configuration
-    #   The SMS text message multi-factor (MFA) configuration.
+    #   The SMS text message multi-factor authentication (MFA)
+    #   configuration.
     #   @return [Types::SmsMfaConfigType]
     #
     # @!attribute [rw] software_token_mfa_configuration
-    #   The software token multi-factor (MFA) configuration.
+    #   The software token multi-factor authentication (MFA) configuration.
     #   @return [Types::SoftwareTokenMfaConfigType]
     #
     # @!attribute [rw] mfa_configuration
-    #   The multi-factor (MFA) configuration. Valid values include:
+    #   The multi-factor authentication (MFA) configuration. Valid values
+    #   include:
     #
     #   * `OFF` MFA won't be used for any users.
     #
@@ -8308,7 +8348,7 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::SMSMfaSettingsType]
     #
     # @!attribute [rw] software_token_mfa_settings
-    #   The time-based one-time password software token MFA settings.
+    #   The time-based one-time password (TOTP) software token MFA settings.
     #   @return [Types::SoftwareTokenMfaSettingsType]
     #
     # @!attribute [rw] access_token
@@ -9680,9 +9720,9 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] supported_identity_providers
     #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC
-    #   providers.
+    #   following are supported: `COGNITO`, `Facebook`, `Google`,
+    #   `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
+    #   and OIDC providers.
     #   @return [Array<String>]
     #
     # @!attribute [rw] callback_urls
@@ -10065,8 +10105,8 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a
     #   user-pool setting that tells Amazon Cognito how to handle changes to
     #   the value of your users' email address and phone number attributes.
-    #   For more information, see [ Verifying updates to to email addresses
-    #   and phone numbers][1].
+    #   For more information, see [ Verifying updates to email addresses and
+    #   phone numbers][1].
     #
     #
     #
@@ -10093,7 +10133,14 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] device_configuration
-    #   Device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #   @return [Types::DeviceConfigurationType]
     #
     # @!attribute [rw] email_configuration
@@ -10174,7 +10221,7 @@ module Aws::CognitoIdentityProvider
     # the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
     # setting that tells Amazon Cognito how to handle changes to the value
     # of your users' email address and phone number attributes. For more
-    # information, see [ Verifying updates to to email addresses and phone
+    # information, see [ Verifying updates to email addresses and phone
     # numbers][1].
     #
     #
@@ -10590,9 +10637,9 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] supported_identity_providers
     #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC
-    #   providers.
+    #   following are supported: `COGNITO`, `Facebook`, `Google`,
+    #   `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
+    #   and OIDC providers.
     #   @return [Array<String>]
     #
     # @!attribute [rw] callback_urls
@@ -10931,8 +10978,8 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a
     #   user-pool setting that tells Amazon Cognito how to handle changes to
     #   the value of your users' email address and phone number attributes.
-    #   For more information, see [ Verifying updates to to email addresses
-    #   and phone numbers][1].
+    #   For more information, see [ Verifying updates to email addresses and
+    #   phone numbers][1].
     #
     #
     #
@@ -10953,7 +11000,14 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] device_configuration
-    #   The device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #   @return [Types::DeviceConfigurationType]
     #
     # @!attribute [rw] estimated_number_of_users

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # @!group service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.67.0'
+  GEM_VERSION = '1.68.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentityprovider
 version: !ruby/object:Gem::Version
-  version: 1.67.0
+  version: 1.68.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-05-31 00:00:00.000000000 Z
+date: 2022-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core