aws-sdk-cognitoidentityprovider 1.67.0 → 1.70.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7f1666db16e250b3d677b284f444a20990e8704cbf2e8fa133f1e22b62d5ed8a
4
- data.tar.gz: ca2c904117a70903e9700a5aefc5887c5ab8be887256ff33c58edd3d1afc7b48
3
+ metadata.gz: 1de940aa4198a67bc226ccb78d804e5915412e4b6b106b9dc3b05952c7cdec81
4
+ data.tar.gz: eca470406c2e4a4a50859eb8d453c6d1fe69f210fc1df8e5b8902cc5e6af4a80
5
5
  SHA512:
6
- metadata.gz: d6252319b024f9747d7a5e5eac8deec9705fb533adc9b5fc1f2f66fe7a423d29e8250a5c5a88699e1249841738a88ea7975cb5312f63c6f83d8755abbc7ba279
7
- data.tar.gz: 9e7772bfb31c59aeffe8c7a7d8c853c5648209b0be155d9c3d510e884269ba5fd351e16a3b4415c42353c2fa09cdec9e7517d7984ae2a1451a0108e5a8414236
6
+ metadata.gz: 77b66cec3d3b6820f4d6bce2b21f38d18b3f51e1cd3c3c0f23990339b0b7cb28988926de5bc33980a274c989fba643d4028225f3e4433688f506a52f3fa07e5e
7
+ data.tar.gz: 7a2e44f6160c961fd17deddb48f12e1b577864c74cfc590b6b10bc02128a8911bf9b9ef9c8c5f71d39d835758f978572119412cdfe71d30dc81e5ef8867c737d
data/CHANGELOG.md CHANGED
@@ -1,6 +1,21 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.70.0 (2022-09-02)
5
+ ------------------
6
+
7
+ * Feature - This release adds a new "AuthSessionValidity" field to the UserPoolClient in Cognito. Application admins can configure this value for their users' authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this field will also apply to the SMS MFA authentication flow.
8
+
9
+ 1.69.0 (2022-08-18)
10
+ ------------------
11
+
12
+ * Feature - This change is being made simply to fix the public documentation based on the models. We have included the PasswordChange and ResendCode events, along with the Pass, Fail and InProgress status. We have removed the Success and Failure status which are never returned by our APIs.
13
+
14
+ 1.68.0 (2022-08-03)
15
+ ------------------
16
+
17
+ * Feature - Add a new exception type, ForbiddenException, that is returned when request is not allowed
18
+
4
19
  1.67.0 (2022-05-31)
5
20
  ------------------
6
21
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.67.0
1
+ 1.70.0
@@ -1525,9 +1525,9 @@ module Aws::CognitoIdentityProvider
1525
1525
  #
1526
1526
  # resp.auth_events #=> Array
1527
1527
  # resp.auth_events[0].event_id #=> String
1528
- # resp.auth_events[0].event_type #=> String, one of "SignIn", "SignUp", "ForgotPassword"
1528
+ # resp.auth_events[0].event_type #=> String, one of "SignIn", "SignUp", "ForgotPassword", "PasswordChange", "ResendCode"
1529
1529
  # resp.auth_events[0].creation_date #=> Time
1530
- # resp.auth_events[0].event_response #=> String, one of "Success", "Failure"
1530
+ # resp.auth_events[0].event_response #=> String, one of "Pass", "Fail", "InProgress"
1531
1531
  # resp.auth_events[0].event_risk.risk_decision #=> String, one of "NoRisk", "AccountTakeover", "Block"
1532
1532
  # resp.auth_events[0].event_risk.risk_level #=> String, one of "Low", "Medium", "High"
1533
1533
  # resp.auth_events[0].event_risk.compromised_credentials_detected #=> Boolean
@@ -2286,12 +2286,12 @@ module Aws::CognitoIdentityProvider
2286
2286
  req.send_request(options)
2287
2287
  end
2288
2288
 
2289
- # Begins setup of time-based one-time password multi-factor
2290
- # authentication (TOTP MFA) for a user, with a unique private key that
2291
- # Amazon Cognito generates and returns in the API response. You can
2292
- # authorize an `AssociateSoftwareToken` request with either the user's
2293
- # access token, or a session string from a challenge response that you
2294
- # received from Amazon Cognito.
2289
+ # Begins setup of time-based one-time password (TOTP) multi-factor
2290
+ # authentication (MFA) for a user, with a unique private key that Amazon
2291
+ # Cognito generates and returns in the API response. You can authorize
2292
+ # an `AssociateSoftwareToken` request with either the user's access
2293
+ # token, or a session string from a challenge response that you received
2294
+ # from Amazon Cognito.
2295
2295
  #
2296
2296
  # <note markdown="1"> Amazon Cognito disassociates an existing software token when you
2297
2297
  # verify the new token in a [ VerifySoftwareToken][1] API request. If
@@ -2439,16 +2439,15 @@ module Aws::CognitoIdentityProvider
2439
2439
  # retrieve a forgotten password.
2440
2440
  #
2441
2441
  # @option params [required, String] :confirmation_code
2442
- # The confirmation code sent by a user's request to retrieve a
2443
- # forgotten password. For more information, see [ForgotPassword][1].
2442
+ # The confirmation code from your user's request to reset their
2443
+ # password. For more information, see [ForgotPassword][1].
2444
2444
  #
2445
2445
  #
2446
2446
  #
2447
2447
  # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
2448
2448
  #
2449
2449
  # @option params [required, String] :password
2450
- # The password sent by a user's request to retrieve a forgotten
2451
- # password.
2450
+ # The new password that your user wants to set.
2452
2451
  #
2453
2452
  # @option params [Types::AnalyticsMetadataType] :analytics_metadata
2454
2453
  # The Amazon Pinpoint analytics metadata for collecting metrics for
@@ -3006,25 +3005,28 @@ module Aws::CognitoIdentityProvider
3006
3005
  # username when they sign up.
3007
3006
  #
3008
3007
  # @option params [String] :sms_verification_message
3009
- # A string representing the SMS verification message.
3008
+ # This parameter is no longer used. See
3009
+ # [VerificationMessageTemplateType][1].
3010
+ #
3011
+ #
3012
+ #
3013
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
3010
3014
  #
3011
3015
  # @option params [String] :email_verification_message
3012
- # A string representing the email verification message.
3013
- # EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
3014
- # is DEVELOPER.
3016
+ # This parameter is no longer used. See
3017
+ # [VerificationMessageTemplateType][1].
3015
3018
  #
3016
3019
  #
3017
3020
  #
3018
- # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
3021
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
3019
3022
  #
3020
3023
  # @option params [String] :email_verification_subject
3021
- # A string representing the email verification subject.
3022
- # EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
3023
- # is DEVELOPER.
3024
+ # This parameter is no longer used. See
3025
+ # [VerificationMessageTemplateType][1].
3024
3026
  #
3025
3027
  #
3026
3028
  #
3027
- # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
3029
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
3028
3030
  #
3029
3031
  # @option params [Types::VerificationMessageTemplateType] :verification_message_template
3030
3032
  # The template for the verification message that the user sees when the
@@ -3041,7 +3043,7 @@ module Aws::CognitoIdentityProvider
3041
3043
  # the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
3042
3044
  # setting that tells Amazon Cognito how to handle changes to the value
3043
3045
  # of your users' email address and phone number attributes. For more
3044
- # information, see [ Verifying updates to to email addresses and phone
3046
+ # information, see [ Verifying updates to email addresses and phone
3045
3047
  # numbers][1].
3046
3048
  #
3047
3049
  #
@@ -3049,7 +3051,14 @@ module Aws::CognitoIdentityProvider
3049
3051
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
3050
3052
  #
3051
3053
  # @option params [Types::DeviceConfigurationType] :device_configuration
3052
- # The device configuration.
3054
+ # The device-remembering configuration for a user pool. A null value
3055
+ # indicates that you have deactivated device remembering in your user
3056
+ # pool.
3057
+ #
3058
+ # <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
3059
+ # activate the Amazon Cognito device-remembering feature.
3060
+ #
3061
+ # </note>
3053
3062
  #
3054
3063
  # @option params [Types::EmailConfigurationType] :email_configuration
3055
3064
  # The email configuration of your user pool. The email configuration
@@ -3412,31 +3421,41 @@ module Aws::CognitoIdentityProvider
3412
3421
  #
3413
3422
  # Valid values include:
3414
3423
  #
3415
- # * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
3416
- # authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
3417
- # replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
3418
- # flow, Amazon Cognito receives the password in the request instead of
3419
- # using the Secure Remote Password (SRP) protocol to verify passwords.
3424
+ # ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
3420
3425
  #
3421
- # * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
3426
+ # : Enable admin based user password authentication flow
3427
+ # `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
3428
+ # `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
3429
+ # Cognito receives the password in the request instead of using the
3430
+ # Secure Remote Password (SRP) protocol to verify passwords.
3422
3431
  #
3423
- # * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
3424
- # authentication. In this flow, Amazon Cognito receives the password
3425
- # in the request instead of using the SRP protocol to verify
3426
- # passwords.
3432
+ # ALLOW\_CUSTOM\_AUTH
3427
3433
  #
3428
- # * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
3434
+ # : Enable Lambda trigger based authentication.
3429
3435
  #
3430
- # * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
3436
+ # ALLOW\_USER\_PASSWORD\_AUTH
3437
+ #
3438
+ # : Enable user password-based authentication. In this flow, Amazon
3439
+ # Cognito receives the password in the request instead of using the
3440
+ # SRP protocol to verify passwords.
3431
3441
  #
3432
- # If you don't specify a value for `ExplicitAuthFlows`, your app client
3433
- # activates the `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`
3434
- # authentication flows.
3442
+ # ALLOW\_USER\_SRP\_AUTH
3443
+ #
3444
+ # : Enable SRP-based authentication.
3445
+ #
3446
+ # ALLOW\_REFRESH\_TOKEN\_AUTH
3447
+ #
3448
+ # : Enable the authflow that refreshes tokens.
3449
+ #
3450
+ # If you don't specify a value for `ExplicitAuthFlows`, your user
3451
+ # client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
3435
3452
  #
3436
3453
  # @option params [Array<String>] :supported_identity_providers
3437
- # A list of provider names for the IdPs that this client supports. The
3438
- # following are supported: `COGNITO`, `Facebook`, `Google`
3439
- # `LoginWithAmazon`, and the names of your own SAML and OIDC providers.
3454
+ # A list of provider names for the identity providers (IdPs) that are
3455
+ # supported on this client. The following are supported: `COGNITO`,
3456
+ # `Facebook`, `Google`, `SignInWithApple`, and `LoginWithAmazon`. You
3457
+ # can also specify the names that you configured for the SAML and OIDC
3458
+ # IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP`.
3440
3459
  #
3441
3460
  # @option params [Array<String>] :callback_urls
3442
3461
  # A list of allowed redirect (callback) URLs for the IdPs.
@@ -3569,6 +3588,12 @@ module Aws::CognitoIdentityProvider
3569
3588
  #
3570
3589
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
3571
3590
  #
3591
+ # @option params [Integer] :auth_session_validity
3592
+ # Amazon Cognito creates a session token for each API request in an
3593
+ # authentication flow. `AuthSessionValidity` is the duration, in
3594
+ # minutes, of that session token. Your user pool native user must
3595
+ # respond to each authentication challenge before the session expires.
3596
+ #
3572
3597
  # @return [Types::CreateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3573
3598
  #
3574
3599
  # * {Types::CreateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -3607,6 +3632,7 @@ module Aws::CognitoIdentityProvider
3607
3632
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
3608
3633
  # enable_token_revocation: false,
3609
3634
  # enable_propagate_additional_user_context_data: false,
3635
+ # auth_session_validity: 1,
3610
3636
  # })
3611
3637
  #
3612
3638
  # @example Response structure
@@ -3649,6 +3675,7 @@ module Aws::CognitoIdentityProvider
3649
3675
  # resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
3650
3676
  # resp.user_pool_client.enable_token_revocation #=> Boolean
3651
3677
  # resp.user_pool_client.enable_propagate_additional_user_context_data #=> Boolean
3678
+ # resp.user_pool_client.auth_session_validity #=> Integer
3652
3679
  #
3653
3680
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClient AWS API Documentation
3654
3681
  #
@@ -4276,6 +4303,7 @@ module Aws::CognitoIdentityProvider
4276
4303
  # resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
4277
4304
  # resp.user_pool_client.enable_token_revocation #=> Boolean
4278
4305
  # resp.user_pool_client.enable_propagate_additional_user_context_data #=> Boolean
4306
+ # resp.user_pool_client.auth_session_validity #=> Integer
4279
4307
  #
4280
4308
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolClient AWS API Documentation
4281
4309
  #
@@ -6255,7 +6283,7 @@ module Aws::CognitoIdentityProvider
6255
6283
  # The SMS text message multi-factor authentication (MFA) settings.
6256
6284
  #
6257
6285
  # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
6258
- # The time-based one-time password software token MFA settings.
6286
+ # The time-based one-time password (TOTP) software token MFA settings.
6259
6287
  #
6260
6288
  # @option params [required, String] :access_token
6261
6289
  # A valid access token that Amazon Cognito issued to the user whose MFA
@@ -7144,13 +7172,28 @@ module Aws::CognitoIdentityProvider
7144
7172
  # requests to update user pools.
7145
7173
  #
7146
7174
  # @option params [String] :sms_verification_message
7147
- # A container with information about the SMS verification message.
7175
+ # This parameter is no longer used. See
7176
+ # [VerificationMessageTemplateType][1].
7177
+ #
7178
+ #
7179
+ #
7180
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
7148
7181
  #
7149
7182
  # @option params [String] :email_verification_message
7150
- # The contents of the email verification message.
7183
+ # This parameter is no longer used. See
7184
+ # [VerificationMessageTemplateType][1].
7185
+ #
7186
+ #
7187
+ #
7188
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
7151
7189
  #
7152
7190
  # @option params [String] :email_verification_subject
7153
- # The subject of the email verification message.
7191
+ # This parameter is no longer used. See
7192
+ # [VerificationMessageTemplateType][1].
7193
+ #
7194
+ #
7195
+ #
7196
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
7154
7197
  #
7155
7198
  # @option params [Types::VerificationMessageTemplateType] :verification_message_template
7156
7199
  # The template for verification messages.
@@ -7163,7 +7206,7 @@ module Aws::CognitoIdentityProvider
7163
7206
  # the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
7164
7207
  # setting that tells Amazon Cognito how to handle changes to the value
7165
7208
  # of your users' email address and phone number attributes. For more
7166
- # information, see [ Verifying updates to to email addresses and phone
7209
+ # information, see [ Verifying updates to email addresses and phone
7167
7210
  # numbers][1].
7168
7211
  #
7169
7212
  #
@@ -7189,7 +7232,14 @@ module Aws::CognitoIdentityProvider
7189
7232
  # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html
7190
7233
  #
7191
7234
  # @option params [Types::DeviceConfigurationType] :device_configuration
7192
- # Device configuration.
7235
+ # The device-remembering configuration for a user pool. A null value
7236
+ # indicates that you have deactivated device remembering in your user
7237
+ # pool.
7238
+ #
7239
+ # <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
7240
+ # activate the Amazon Cognito device-remembering feature.
7241
+ #
7242
+ # </note>
7193
7243
  #
7194
7244
  # @option params [Types::EmailConfigurationType] :email_configuration
7195
7245
  # The email configuration of your user pool. The email configuration
@@ -7437,8 +7487,9 @@ module Aws::CognitoIdentityProvider
7437
7487
  #
7438
7488
  # @option params [Array<String>] :supported_identity_providers
7439
7489
  # A list of provider names for the IdPs that this client supports. The
7440
- # following are supported: `COGNITO`, `Facebook`, `Google`
7441
- # `LoginWithAmazon`, and the names of your own SAML and OIDC providers.
7490
+ # following are supported: `COGNITO`, `Facebook`, `Google`,
7491
+ # `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
7492
+ # and OIDC providers.
7442
7493
  #
7443
7494
  # @option params [Array<String>] :callback_urls
7444
7495
  # A list of allowed redirect (callback) URLs for the IdPs.
@@ -7568,6 +7619,12 @@ module Aws::CognitoIdentityProvider
7568
7619
  #
7569
7620
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
7570
7621
  #
7622
+ # @option params [Integer] :auth_session_validity
7623
+ # Amazon Cognito creates a session token for each API request in an
7624
+ # authentication flow. `AuthSessionValidity` is the duration, in
7625
+ # minutes, of that session token. Your user pool native user must
7626
+ # respond to each authentication challenge before the session expires.
7627
+ #
7571
7628
  # @return [Types::UpdateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7572
7629
  #
7573
7630
  # * {Types::UpdateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -7606,6 +7663,7 @@ module Aws::CognitoIdentityProvider
7606
7663
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
7607
7664
  # enable_token_revocation: false,
7608
7665
  # enable_propagate_additional_user_context_data: false,
7666
+ # auth_session_validity: 1,
7609
7667
  # })
7610
7668
  #
7611
7669
  # @example Response structure
@@ -7648,6 +7706,7 @@ module Aws::CognitoIdentityProvider
7648
7706
  # resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
7649
7707
  # resp.user_pool_client.enable_token_revocation #=> Boolean
7650
7708
  # resp.user_pool_client.enable_propagate_additional_user_context_data #=> Boolean
7709
+ # resp.user_pool_client.auth_session_validity #=> Integer
7651
7710
  #
7652
7711
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClient AWS API Documentation
7653
7712
  #
@@ -7843,7 +7902,7 @@ module Aws::CognitoIdentityProvider
7843
7902
  params: params,
7844
7903
  config: config)
7845
7904
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
7846
- context[:gem_version] = '1.67.0'
7905
+ context[:gem_version] = '1.70.0'
7847
7906
  Seahorse::Client::Request.new(handlers, context)
7848
7907
  end
7849
7908
 
@@ -95,6 +95,7 @@ module Aws::CognitoIdentityProvider
95
95
  AuthEventsType = Shapes::ListShape.new(name: 'AuthEventsType')
96
96
  AuthFlowType = Shapes::StringShape.new(name: 'AuthFlowType')
97
97
  AuthParametersType = Shapes::MapShape.new(name: 'AuthParametersType')
98
+ AuthSessionValidityType = Shapes::IntegerShape.new(name: 'AuthSessionValidityType')
98
99
  AuthenticationResultType = Shapes::StructureShape.new(name: 'AuthenticationResultType')
99
100
  BlockedIPRangeListType = Shapes::ListShape.new(name: 'BlockedIPRangeListType')
100
101
  BooleanType = Shapes::BooleanShape.new(name: 'BooleanType')
@@ -217,6 +218,7 @@ module Aws::CognitoIdentityProvider
217
218
  ExplicitAuthFlowsListType = Shapes::ListShape.new(name: 'ExplicitAuthFlowsListType')
218
219
  ExplicitAuthFlowsType = Shapes::StringShape.new(name: 'ExplicitAuthFlowsType')
219
220
  FeedbackValueType = Shapes::StringShape.new(name: 'FeedbackValueType')
221
+ ForbiddenException = Shapes::StructureShape.new(name: 'ForbiddenException')
220
222
  ForceAliasCreation = Shapes::BooleanShape.new(name: 'ForceAliasCreation')
221
223
  ForgetDeviceRequest = Shapes::StructureShape.new(name: 'ForgetDeviceRequest')
222
224
  ForgotPasswordRequest = Shapes::StructureShape.new(name: 'ForgotPasswordRequest')
@@ -929,6 +931,7 @@ module Aws::CognitoIdentityProvider
929
931
  CreateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
930
932
  CreateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
931
933
  CreateUserPoolClientRequest.add_member(:enable_propagate_additional_user_context_data, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnablePropagateAdditionalUserContextData"))
934
+ CreateUserPoolClientRequest.add_member(:auth_session_validity, Shapes::ShapeRef.new(shape: AuthSessionValidityType, location_name: "AuthSessionValidity"))
932
935
  CreateUserPoolClientRequest.struct_class = Types::CreateUserPoolClientRequest
933
936
 
934
937
  CreateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1129,6 +1132,9 @@ module Aws::CognitoIdentityProvider
1129
1132
 
1130
1133
  ExplicitAuthFlowsListType.member = Shapes::ShapeRef.new(shape: ExplicitAuthFlowsType)
1131
1134
 
1135
+ ForbiddenException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
1136
+ ForbiddenException.struct_class = Types::ForbiddenException
1137
+
1132
1138
  ForgetDeviceRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: TokenModelType, location_name: "AccessToken"))
1133
1139
  ForgetDeviceRequest.add_member(:device_key, Shapes::ShapeRef.new(shape: DeviceKeyType, required: true, location_name: "DeviceKey"))
1134
1140
  ForgetDeviceRequest.struct_class = Types::ForgetDeviceRequest
@@ -1784,6 +1790,7 @@ module Aws::CognitoIdentityProvider
1784
1790
  UpdateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
1785
1791
  UpdateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
1786
1792
  UpdateUserPoolClientRequest.add_member(:enable_propagate_additional_user_context_data, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnablePropagateAdditionalUserContextData"))
1793
+ UpdateUserPoolClientRequest.add_member(:auth_session_validity, Shapes::ShapeRef.new(shape: AuthSessionValidityType, location_name: "AuthSessionValidity"))
1787
1794
  UpdateUserPoolClientRequest.struct_class = Types::UpdateUserPoolClientRequest
1788
1795
 
1789
1796
  UpdateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1894,6 +1901,7 @@ module Aws::CognitoIdentityProvider
1894
1901
  UserPoolClientType.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
1895
1902
  UserPoolClientType.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
1896
1903
  UserPoolClientType.add_member(:enable_propagate_additional_user_context_data, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnablePropagateAdditionalUserContextData"))
1904
+ UserPoolClientType.add_member(:auth_session_validity, Shapes::ShapeRef.new(shape: AuthSessionValidityType, location_name: "AuthSessionValidity"))
1897
1905
  UserPoolClientType.struct_class = Types::UserPoolClientType
1898
1906
 
1899
1907
  UserPoolDescriptionType.add_member(:id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "Id"))
@@ -2477,6 +2485,7 @@ module Aws::CognitoIdentityProvider
2477
2485
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
2478
2486
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2479
2487
  o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
2488
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2480
2489
  end)
2481
2490
 
2482
2491
  api.add_operation(:change_password, Seahorse::Model::Operation.new.tap do |o|
@@ -2496,6 +2505,7 @@ module Aws::CognitoIdentityProvider
2496
2505
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
2497
2506
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
2498
2507
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2508
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2499
2509
  end)
2500
2510
 
2501
2511
  api.add_operation(:confirm_device, Seahorse::Model::Operation.new.tap do |o|
@@ -2516,6 +2526,7 @@ module Aws::CognitoIdentityProvider
2516
2526
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
2517
2527
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
2518
2528
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2529
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2519
2530
  end)
2520
2531
 
2521
2532
  api.add_operation(:confirm_forgot_password, Seahorse::Model::Operation.new.tap do |o|
@@ -2540,6 +2551,7 @@ module Aws::CognitoIdentityProvider
2540
2551
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
2541
2552
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
2542
2553
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2554
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2543
2555
  end)
2544
2556
 
2545
2557
  api.add_operation(:confirm_sign_up, Seahorse::Model::Operation.new.tap do |o|
@@ -2563,6 +2575,7 @@ module Aws::CognitoIdentityProvider
2563
2575
  o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
2564
2576
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
2565
2577
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2578
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2566
2579
  end)
2567
2580
 
2568
2581
  api.add_operation(:create_group, Seahorse::Model::Operation.new.tap do |o|
@@ -2725,6 +2738,7 @@ module Aws::CognitoIdentityProvider
2725
2738
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
2726
2739
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
2727
2740
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2741
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2728
2742
  end)
2729
2743
 
2730
2744
  api.add_operation(:delete_user_attributes, Seahorse::Model::Operation.new.tap do |o|
@@ -2742,6 +2756,7 @@ module Aws::CognitoIdentityProvider
2742
2756
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
2743
2757
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
2744
2758
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2759
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2745
2760
  end)
2746
2761
 
2747
2762
  api.add_operation(:delete_user_pool, Seahorse::Model::Operation.new.tap do |o|
@@ -2890,6 +2905,7 @@ module Aws::CognitoIdentityProvider
2890
2905
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
2891
2906
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
2892
2907
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2908
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2893
2909
  end)
2894
2910
 
2895
2911
  api.add_operation(:forgot_password, Seahorse::Model::Operation.new.tap do |o|
@@ -2913,6 +2929,7 @@ module Aws::CognitoIdentityProvider
2913
2929
  o.errors << Shapes::ShapeRef.new(shape: CodeDeliveryFailureException)
2914
2930
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
2915
2931
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2932
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2916
2933
  end)
2917
2934
 
2918
2935
  api.add_operation(:get_csv_header, Seahorse::Model::Operation.new.tap do |o|
@@ -2943,6 +2960,7 @@ module Aws::CognitoIdentityProvider
2943
2960
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
2944
2961
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
2945
2962
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2963
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
2946
2964
  end)
2947
2965
 
2948
2966
  api.add_operation(:get_group, Seahorse::Model::Operation.new.tap do |o|
@@ -3010,6 +3028,7 @@ module Aws::CognitoIdentityProvider
3010
3028
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
3011
3029
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3012
3030
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3031
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3013
3032
  end)
3014
3033
 
3015
3034
  api.add_operation(:get_user_attribute_verification_code, Seahorse::Model::Operation.new.tap do |o|
@@ -3035,6 +3054,7 @@ module Aws::CognitoIdentityProvider
3035
3054
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
3036
3055
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3037
3056
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3057
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3038
3058
  end)
3039
3059
 
3040
3060
  api.add_operation(:get_user_pool_mfa_config, Seahorse::Model::Operation.new.tap do |o|
@@ -3063,6 +3083,7 @@ module Aws::CognitoIdentityProvider
3063
3083
  o.errors << Shapes::ShapeRef.new(shape: PasswordResetRequiredException)
3064
3084
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3065
3085
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3086
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3066
3087
  end)
3067
3088
 
3068
3089
  api.add_operation(:initiate_auth, Seahorse::Model::Operation.new.tap do |o|
@@ -3086,6 +3107,7 @@ module Aws::CognitoIdentityProvider
3086
3107
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3087
3108
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
3088
3109
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
3110
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3089
3111
  end)
3090
3112
 
3091
3113
  api.add_operation(:list_devices, Seahorse::Model::Operation.new.tap do |o|
@@ -3103,6 +3125,7 @@ module Aws::CognitoIdentityProvider
3103
3125
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
3104
3126
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3105
3127
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3128
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3106
3129
  end)
3107
3130
 
3108
3131
  api.add_operation(:list_groups, Seahorse::Model::Operation.new.tap do |o|
@@ -3284,6 +3307,7 @@ module Aws::CognitoIdentityProvider
3284
3307
  o.errors << Shapes::ShapeRef.new(shape: CodeDeliveryFailureException)
3285
3308
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
3286
3309
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3310
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3287
3311
  end)
3288
3312
 
3289
3313
  api.add_operation(:respond_to_auth_challenge, Seahorse::Model::Operation.new.tap do |o|
@@ -3313,6 +3337,7 @@ module Aws::CognitoIdentityProvider
3313
3337
  o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
3314
3338
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3315
3339
  o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
3340
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3316
3341
  end)
3317
3342
 
3318
3343
  api.add_operation(:revoke_token, Seahorse::Model::Operation.new.tap do |o|
@@ -3327,6 +3352,7 @@ module Aws::CognitoIdentityProvider
3327
3352
  o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
3328
3353
  o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
3329
3354
  o.errors << Shapes::ShapeRef.new(shape: UnsupportedTokenTypeException)
3355
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3330
3356
  end)
3331
3357
 
3332
3358
  api.add_operation(:set_risk_configuration, Seahorse::Model::Operation.new.tap do |o|
@@ -3371,6 +3397,7 @@ module Aws::CognitoIdentityProvider
3371
3397
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
3372
3398
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3373
3399
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3400
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3374
3401
  end)
3375
3402
 
3376
3403
  api.add_operation(:set_user_pool_mfa_config, Seahorse::Model::Operation.new.tap do |o|
@@ -3402,6 +3429,7 @@ module Aws::CognitoIdentityProvider
3402
3429
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
3403
3430
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3404
3431
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3432
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3405
3433
  end)
3406
3434
 
3407
3435
  api.add_operation(:sign_up, Seahorse::Model::Operation.new.tap do |o|
@@ -3425,6 +3453,7 @@ module Aws::CognitoIdentityProvider
3425
3453
  o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
3426
3454
  o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
3427
3455
  o.errors << Shapes::ShapeRef.new(shape: CodeDeliveryFailureException)
3456
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3428
3457
  end)
3429
3458
 
3430
3459
  api.add_operation(:start_user_import_job, Seahorse::Model::Operation.new.tap do |o|
@@ -3511,6 +3540,7 @@ module Aws::CognitoIdentityProvider
3511
3540
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
3512
3541
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3513
3542
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3543
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3514
3544
  end)
3515
3545
 
3516
3546
  api.add_operation(:update_group, Seahorse::Model::Operation.new.tap do |o|
@@ -3578,6 +3608,7 @@ module Aws::CognitoIdentityProvider
3578
3608
  o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
3579
3609
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3580
3610
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3611
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3581
3612
  end)
3582
3613
 
3583
3614
  api.add_operation(:update_user_pool, Seahorse::Model::Operation.new.tap do |o|
@@ -3647,6 +3678,7 @@ module Aws::CognitoIdentityProvider
3647
3678
  o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
3648
3679
  o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
3649
3680
  o.errors << Shapes::ShapeRef.new(shape: CodeMismatchException)
3681
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3650
3682
  end)
3651
3683
 
3652
3684
  api.add_operation(:verify_user_attribute, Seahorse::Model::Operation.new.tap do |o|
@@ -3668,6 +3700,7 @@ module Aws::CognitoIdentityProvider
3668
3700
  o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
3669
3701
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
3670
3702
  o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
3703
+ o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
3671
3704
  end)
3672
3705
  end
3673
3706
 
@@ -34,6 +34,7 @@ module Aws::CognitoIdentityProvider
34
34
  # * {DuplicateProviderException}
35
35
  # * {EnableSoftwareTokenMFAException}
36
36
  # * {ExpiredCodeException}
37
+ # * {ForbiddenException}
37
38
  # * {GroupExistsException}
38
39
  # * {InternalErrorException}
39
40
  # * {InvalidEmailRoleAccessPolicyException}
@@ -179,6 +180,21 @@ module Aws::CognitoIdentityProvider
179
180
  end
180
181
  end
181
182
 
183
+ class ForbiddenException < ServiceError
184
+
185
+ # @param [Seahorse::Client::RequestContext] context
186
+ # @param [String] message
187
+ # @param [Aws::CognitoIdentityProvider::Types::ForbiddenException] data
188
+ def initialize(context, message, data = Aws::EmptyStructure.new)
189
+ super(context, message, data)
190
+ end
191
+
192
+ # @return [String]
193
+ def message
194
+ @message || @data[:message]
195
+ end
196
+ end
197
+
182
198
  class GroupExistsException < ServiceError
183
199
 
184
200
  # @param [Seahorse::Client::RequestContext] context
@@ -2235,7 +2235,8 @@ module Aws::CognitoIdentityProvider
2235
2235
  # sign-in alias.
2236
2236
  #
2237
2237
  # @!attribute [rw] message
2238
- # The message sent to the user when an alias exists.
2238
+ # The message that Amazon Cognito sends to the user when the value of
2239
+ # an alias attribute is already linked to another user profile.
2239
2240
  # @return [String]
2240
2241
  #
2241
2242
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AliasExistsException AWS API Documentation
@@ -2365,8 +2366,8 @@ module Aws::CognitoIdentityProvider
2365
2366
  end
2366
2367
 
2367
2368
  # @!attribute [rw] secret_code
2368
- # A unique generated shared secret code that is used in the time-based
2369
- # one-time password (TOTP) algorithm to generate a one-time code.
2369
+ # A unique generated shared secret code that is used in the TOTP
2370
+ # algorithm to generate a one-time code.
2370
2371
  # @return [String]
2371
2372
  #
2372
2373
  # @!attribute [rw] session
@@ -2783,8 +2784,8 @@ module Aws::CognitoIdentityProvider
2783
2784
  # @return [String]
2784
2785
  #
2785
2786
  # @!attribute [rw] confirmation_code
2786
- # The confirmation code sent by a user's request to retrieve a
2787
- # forgotten password. For more information, see [ForgotPassword][1].
2787
+ # The confirmation code from your user's request to reset their
2788
+ # password. For more information, see [ForgotPassword][1].
2788
2789
  #
2789
2790
  #
2790
2791
  #
@@ -2792,8 +2793,7 @@ module Aws::CognitoIdentityProvider
2792
2793
  # @return [String]
2793
2794
  #
2794
2795
  # @!attribute [rw] password
2795
- # The password sent by a user's request to retrieve a forgotten
2796
- # password.
2796
+ # The new password that your user wants to set.
2797
2797
  # @return [String]
2798
2798
  #
2799
2799
  # @!attribute [rw] analytics_metadata
@@ -3401,6 +3401,7 @@ module Aws::CognitoIdentityProvider
3401
3401
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
3402
3402
  # enable_token_revocation: false,
3403
3403
  # enable_propagate_additional_user_context_data: false,
3404
+ # auth_session_validity: 1,
3404
3405
  # }
3405
3406
  #
3406
3407
  # @!attribute [rw] user_pool_id
@@ -3499,34 +3500,42 @@ module Aws::CognitoIdentityProvider
3499
3500
  #
3500
3501
  # Valid values include:
3501
3502
  #
3502
- # * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user
3503
- # password authentication flow `ADMIN_USER_PASSWORD_AUTH`. This
3504
- # setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this
3505
- # authentication flow, Amazon Cognito receives the password in the
3506
- # request instead of using the Secure Remote Password (SRP) protocol
3507
- # to verify passwords.
3503
+ # ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
3508
3504
  #
3509
- # * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
3505
+ # : Enable admin based user password authentication flow
3506
+ # `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
3507
+ # `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
3508
+ # Cognito receives the password in the request instead of using the
3509
+ # Secure Remote Password (SRP) protocol to verify passwords.
3510
3510
  #
3511
- # * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
3512
- # authentication. In this flow, Amazon Cognito receives the password
3513
- # in the request instead of using the SRP protocol to verify
3514
- # passwords.
3511
+ # ALLOW\_CUSTOM\_AUTH
3515
3512
  #
3516
- # * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
3513
+ # : Enable Lambda trigger based authentication.
3517
3514
  #
3518
- # * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
3515
+ # ALLOW\_USER\_PASSWORD\_AUTH
3516
+ #
3517
+ # : Enable user password-based authentication. In this flow, Amazon
3518
+ # Cognito receives the password in the request instead of using the
3519
+ # SRP protocol to verify passwords.
3520
+ #
3521
+ # ALLOW\_USER\_SRP\_AUTH
3519
3522
  #
3520
- # If you don't specify a value for `ExplicitAuthFlows`, your app
3521
- # client activates the `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`
3522
- # authentication flows.
3523
+ # : Enable SRP-based authentication.
3524
+ #
3525
+ # ALLOW\_REFRESH\_TOKEN\_AUTH
3526
+ #
3527
+ # : Enable the authflow that refreshes tokens.
3528
+ #
3529
+ # If you don't specify a value for `ExplicitAuthFlows`, your user
3530
+ # client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
3523
3531
  # @return [Array<String>]
3524
3532
  #
3525
3533
  # @!attribute [rw] supported_identity_providers
3526
- # A list of provider names for the IdPs that this client supports. The
3527
- # following are supported: `COGNITO`, `Facebook`, `Google`
3528
- # `LoginWithAmazon`, and the names of your own SAML and OIDC
3529
- # providers.
3534
+ # A list of provider names for the identity providers (IdPs) that are
3535
+ # supported on this client. The following are supported: `COGNITO`,
3536
+ # `Facebook`, `Google`, `SignInWithApple`, and `LoginWithAmazon`. You
3537
+ # can also specify the names that you configured for the SAML and OIDC
3538
+ # IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP`.
3530
3539
  # @return [Array<String>]
3531
3540
  #
3532
3541
  # @!attribute [rw] callback_urls
@@ -3670,6 +3679,13 @@ module Aws::CognitoIdentityProvider
3670
3679
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
3671
3680
  # @return [Boolean]
3672
3681
  #
3682
+ # @!attribute [rw] auth_session_validity
3683
+ # Amazon Cognito creates a session token for each API request in an
3684
+ # authentication flow. `AuthSessionValidity` is the duration, in
3685
+ # minutes, of that session token. Your user pool native user must
3686
+ # respond to each authentication challenge before the session expires.
3687
+ # @return [Integer]
3688
+ #
3673
3689
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClientRequest AWS API Documentation
3674
3690
  #
3675
3691
  class CreateUserPoolClientRequest < Struct.new(
@@ -3693,7 +3709,8 @@ module Aws::CognitoIdentityProvider
3693
3709
  :analytics_configuration,
3694
3710
  :prevent_user_existence_errors,
3695
3711
  :enable_token_revocation,
3696
- :enable_propagate_additional_user_context_data)
3712
+ :enable_propagate_additional_user_context_data,
3713
+ :auth_session_validity)
3697
3714
  SENSITIVE = []
3698
3715
  include Aws::Structure
3699
3716
  end
@@ -3937,27 +3954,30 @@ module Aws::CognitoIdentityProvider
3937
3954
  # @return [Array<String>]
3938
3955
  #
3939
3956
  # @!attribute [rw] sms_verification_message
3940
- # A string representing the SMS verification message.
3957
+ # This parameter is no longer used. See
3958
+ # [VerificationMessageTemplateType][1].
3959
+ #
3960
+ #
3961
+ #
3962
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
3941
3963
  # @return [String]
3942
3964
  #
3943
3965
  # @!attribute [rw] email_verification_message
3944
- # A string representing the email verification message.
3945
- # EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
3946
- # is DEVELOPER.
3966
+ # This parameter is no longer used. See
3967
+ # [VerificationMessageTemplateType][1].
3947
3968
  #
3948
3969
  #
3949
3970
  #
3950
- # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
3971
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
3951
3972
  # @return [String]
3952
3973
  #
3953
3974
  # @!attribute [rw] email_verification_subject
3954
- # A string representing the email verification subject.
3955
- # EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
3956
- # is DEVELOPER.
3975
+ # This parameter is no longer used. See
3976
+ # [VerificationMessageTemplateType][1].
3957
3977
  #
3958
3978
  #
3959
3979
  #
3960
- # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
3980
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
3961
3981
  # @return [String]
3962
3982
  #
3963
3983
  # @!attribute [rw] verification_message_template
@@ -3978,8 +3998,8 @@ module Aws::CognitoIdentityProvider
3978
3998
  # the property `AttributesRequireVerificationBeforeUpdate`, a
3979
3999
  # user-pool setting that tells Amazon Cognito how to handle changes to
3980
4000
  # the value of your users' email address and phone number attributes.
3981
- # For more information, see [ Verifying updates to to email addresses
3982
- # and phone numbers][1].
4001
+ # For more information, see [ Verifying updates to email addresses and
4002
+ # phone numbers][1].
3983
4003
  #
3984
4004
  #
3985
4005
  #
@@ -3987,7 +4007,14 @@ module Aws::CognitoIdentityProvider
3987
4007
  # @return [Types::UserAttributeUpdateSettingsType]
3988
4008
  #
3989
4009
  # @!attribute [rw] device_configuration
3990
- # The device configuration.
4010
+ # The device-remembering configuration for a user pool. A null value
4011
+ # indicates that you have deactivated device remembering in your user
4012
+ # pool.
4013
+ #
4014
+ # <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
4015
+ # activate the Amazon Cognito device-remembering feature.
4016
+ #
4017
+ # </note>
3991
4018
  # @return [Types::DeviceConfigurationType]
3992
4019
  #
3993
4020
  # @!attribute [rw] email_configuration
@@ -4657,14 +4684,35 @@ module Aws::CognitoIdentityProvider
4657
4684
  include Aws::Structure
4658
4685
  end
4659
4686
 
4660
- # The device tracking configuration for a user pool. A user pool with
4661
- # device tracking deactivated returns a null value.
4687
+ # The device-remembering configuration for a user pool. A [
4688
+ # DescribeUserPool][1] request returns a null value for this object when
4689
+ # the user pool isn't configured to remember devices. When device
4690
+ # remembering is active, you can remember a user's device with a
4691
+ # [ConfirmDevice][2] API request. Additionally. when the property
4692
+ # `DeviceOnlyRememberedOnUserPrompt` is `true`, you must follow
4693
+ # `ConfirmDevice` with an [UpdateDeviceStatus][3] API request that sets
4694
+ # the user's device to `remembered` or `not_remembered`.
4662
4695
  #
4663
- # <note markdown="1"> When you provide values for any DeviceConfiguration field, you
4664
- # activate device tracking.
4696
+ # To sign in with a remembered device, include `DEVICE_KEY` in the
4697
+ # authentication parameters in your user's [ InitiateAuth][4] request.
4698
+ # If your app doesn't include a `DEVICE_KEY` parameter, the
4699
+ # [response][5] from Amazon Cognito includes newly-generated
4700
+ # `DEVICE_KEY` and `DEVICE_GROUP_KEY` values under `NewDeviceMetadata`.
4701
+ # Store these values to use in future device-authentication requests.
4702
+ #
4703
+ # <note markdown="1"> When you provide a value for any property of `DeviceConfiguration`,
4704
+ # you activate the device remembering for the user pool.
4665
4705
  #
4666
4706
  # </note>
4667
4707
  #
4708
+ #
4709
+ #
4710
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html
4711
+ # [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html
4712
+ # [3]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html
4713
+ # [4]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
4714
+ # [5]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_ResponseSyntax
4715
+ #
4668
4716
  # @note When making an API call, you may pass DeviceConfigurationType
4669
4717
  # data as a hash:
4670
4718
  #
@@ -4674,21 +4722,32 @@ module Aws::CognitoIdentityProvider
4674
4722
  # }
4675
4723
  #
4676
4724
  # @!attribute [rw] challenge_required_on_new_device
4677
- # When true, device authentication can replace SMS and time-based
4678
- # one-time password (TOTP) factors for multi-factor authentication
4679
- # (MFA).
4725
+ # When true, a remembered device can sign in with device
4726
+ # authentication instead of SMS and time-based one-time password
4727
+ # (TOTP) factors for multi-factor authentication (MFA).
4680
4728
  #
4681
- # <note markdown="1"> Users that sign in with devices that have not been confirmed or
4682
- # remembered will still have to provide a second factor, whether or
4683
- # not ChallengeRequiredOnNewDevice is true, when your user pool
4684
- # requires MFA.
4729
+ # <note markdown="1"> Whether or not `ChallengeRequiredOnNewDevice` is true, users who
4730
+ # sign in with devices that have not been confirmed or remembered must
4731
+ # still provide a second factor in a user pool that requires MFA.
4685
4732
  #
4686
4733
  # </note>
4687
4734
  # @return [Boolean]
4688
4735
  #
4689
4736
  # @!attribute [rw] device_only_remembered_on_user_prompt
4690
- # When true, users can opt in to remembering their device. Your app
4691
- # code must use callback functions to return the user's choice.
4737
+ # When true, Amazon Cognito doesn't automatically remember a user's
4738
+ # device when your app sends a [ ConfirmDevice][1] API request. In
4739
+ # your app, create a prompt for your user to choose whether they want
4740
+ # to remember their device. Return the user's choice in an [
4741
+ # UpdateDeviceStatus][2] API request.
4742
+ #
4743
+ # When `DeviceOnlyRememberedOnUserPrompt` is `false`, Amazon Cognito
4744
+ # immediately remembers devices that you register in a `ConfirmDevice`
4745
+ # API request.
4746
+ #
4747
+ #
4748
+ #
4749
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html
4750
+ # [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html
4692
4751
  # @return [Boolean]
4693
4752
  #
4694
4753
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeviceConfigurationType AWS API Documentation
@@ -5095,6 +5154,22 @@ module Aws::CognitoIdentityProvider
5095
5154
  include Aws::Structure
5096
5155
  end
5097
5156
 
5157
+ # This exception is thrown when WAF doesn't allow your request based on
5158
+ # a web ACL that's associated with your user pool.
5159
+ #
5160
+ # @!attribute [rw] message
5161
+ # The message returned when WAF doesn't allow your request based on a
5162
+ # web ACL that's associated with your user pool.
5163
+ # @return [String]
5164
+ #
5165
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ForbiddenException AWS API Documentation
5166
+ #
5167
+ class ForbiddenException < Struct.new(
5168
+ :message)
5169
+ SENSITIVE = []
5170
+ include Aws::Structure
5171
+ end
5172
+
5098
5173
  # Represents the request to forget the device.
5099
5174
  #
5100
5175
  # @note When making an API call, you may pass ForgetDeviceRequest
@@ -5578,15 +5653,17 @@ module Aws::CognitoIdentityProvider
5578
5653
  end
5579
5654
 
5580
5655
  # @!attribute [rw] sms_mfa_configuration
5581
- # The SMS text message multi-factor (MFA) configuration.
5656
+ # The SMS text message multi-factor authentication (MFA)
5657
+ # configuration.
5582
5658
  # @return [Types::SmsMfaConfigType]
5583
5659
  #
5584
5660
  # @!attribute [rw] software_token_mfa_configuration
5585
- # The software token multi-factor (MFA) configuration.
5661
+ # The software token multi-factor authentication (MFA) configuration.
5586
5662
  # @return [Types::SoftwareTokenMfaConfigType]
5587
5663
  #
5588
5664
  # @!attribute [rw] mfa_configuration
5589
- # The multi-factor (MFA) configuration. Valid values include:
5665
+ # The multi-factor authentication (MFA) configuration. Valid values
5666
+ # include:
5590
5667
  #
5591
5668
  # * `OFF` MFA won't be used for any users.
5592
5669
  #
@@ -8308,7 +8385,7 @@ module Aws::CognitoIdentityProvider
8308
8385
  # @return [Types::SMSMfaSettingsType]
8309
8386
  #
8310
8387
  # @!attribute [rw] software_token_mfa_settings
8311
- # The time-based one-time password software token MFA settings.
8388
+ # The time-based one-time password (TOTP) software token MFA settings.
8312
8389
  # @return [Types::SoftwareTokenMfaSettingsType]
8313
8390
  #
8314
8391
  # @!attribute [rw] access_token
@@ -9577,6 +9654,7 @@ module Aws::CognitoIdentityProvider
9577
9654
  # prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
9578
9655
  # enable_token_revocation: false,
9579
9656
  # enable_propagate_additional_user_context_data: false,
9657
+ # auth_session_validity: 1,
9580
9658
  # }
9581
9659
  #
9582
9660
  # @!attribute [rw] user_pool_id
@@ -9680,9 +9758,9 @@ module Aws::CognitoIdentityProvider
9680
9758
  #
9681
9759
  # @!attribute [rw] supported_identity_providers
9682
9760
  # A list of provider names for the IdPs that this client supports. The
9683
- # following are supported: `COGNITO`, `Facebook`, `Google`
9684
- # `LoginWithAmazon`, and the names of your own SAML and OIDC
9685
- # providers.
9761
+ # following are supported: `COGNITO`, `Facebook`, `Google`,
9762
+ # `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
9763
+ # and OIDC providers.
9686
9764
  # @return [Array<String>]
9687
9765
  #
9688
9766
  # @!attribute [rw] callback_urls
@@ -9823,6 +9901,13 @@ module Aws::CognitoIdentityProvider
9823
9901
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
9824
9902
  # @return [Boolean]
9825
9903
  #
9904
+ # @!attribute [rw] auth_session_validity
9905
+ # Amazon Cognito creates a session token for each API request in an
9906
+ # authentication flow. `AuthSessionValidity` is the duration, in
9907
+ # minutes, of that session token. Your user pool native user must
9908
+ # respond to each authentication challenge before the session expires.
9909
+ # @return [Integer]
9910
+ #
9826
9911
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClientRequest AWS API Documentation
9827
9912
  #
9828
9913
  class UpdateUserPoolClientRequest < Struct.new(
@@ -9846,7 +9931,8 @@ module Aws::CognitoIdentityProvider
9846
9931
  :analytics_configuration,
9847
9932
  :prevent_user_existence_errors,
9848
9933
  :enable_token_revocation,
9849
- :enable_propagate_additional_user_context_data)
9934
+ :enable_propagate_additional_user_context_data,
9935
+ :auth_session_validity)
9850
9936
  SENSITIVE = [:client_id]
9851
9937
  include Aws::Structure
9852
9938
  end
@@ -10041,15 +10127,30 @@ module Aws::CognitoIdentityProvider
10041
10127
  # @return [Array<String>]
10042
10128
  #
10043
10129
  # @!attribute [rw] sms_verification_message
10044
- # A container with information about the SMS verification message.
10130
+ # This parameter is no longer used. See
10131
+ # [VerificationMessageTemplateType][1].
10132
+ #
10133
+ #
10134
+ #
10135
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
10045
10136
  # @return [String]
10046
10137
  #
10047
10138
  # @!attribute [rw] email_verification_message
10048
- # The contents of the email verification message.
10139
+ # This parameter is no longer used. See
10140
+ # [VerificationMessageTemplateType][1].
10141
+ #
10142
+ #
10143
+ #
10144
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
10049
10145
  # @return [String]
10050
10146
  #
10051
10147
  # @!attribute [rw] email_verification_subject
10052
- # The subject of the email verification message.
10148
+ # This parameter is no longer used. See
10149
+ # [VerificationMessageTemplateType][1].
10150
+ #
10151
+ #
10152
+ #
10153
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
10053
10154
  # @return [String]
10054
10155
  #
10055
10156
  # @!attribute [rw] verification_message_template
@@ -10065,8 +10166,8 @@ module Aws::CognitoIdentityProvider
10065
10166
  # the property `AttributesRequireVerificationBeforeUpdate`, a
10066
10167
  # user-pool setting that tells Amazon Cognito how to handle changes to
10067
10168
  # the value of your users' email address and phone number attributes.
10068
- # For more information, see [ Verifying updates to to email addresses
10069
- # and phone numbers][1].
10169
+ # For more information, see [ Verifying updates to email addresses and
10170
+ # phone numbers][1].
10070
10171
  #
10071
10172
  #
10072
10173
  #
@@ -10093,7 +10194,14 @@ module Aws::CognitoIdentityProvider
10093
10194
  # @return [String]
10094
10195
  #
10095
10196
  # @!attribute [rw] device_configuration
10096
- # Device configuration.
10197
+ # The device-remembering configuration for a user pool. A null value
10198
+ # indicates that you have deactivated device remembering in your user
10199
+ # pool.
10200
+ #
10201
+ # <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
10202
+ # activate the Amazon Cognito device-remembering feature.
10203
+ #
10204
+ # </note>
10097
10205
  # @return [Types::DeviceConfigurationType]
10098
10206
  #
10099
10207
  # @!attribute [rw] email_configuration
@@ -10174,7 +10282,7 @@ module Aws::CognitoIdentityProvider
10174
10282
  # the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
10175
10283
  # setting that tells Amazon Cognito how to handle changes to the value
10176
10284
  # of your users' email address and phone number attributes. For more
10177
- # information, see [ Verifying updates to to email addresses and phone
10285
+ # information, see [ Verifying updates to email addresses and phone
10178
10286
  # numbers][1].
10179
10287
  #
10180
10288
  #
@@ -10590,9 +10698,9 @@ module Aws::CognitoIdentityProvider
10590
10698
  #
10591
10699
  # @!attribute [rw] supported_identity_providers
10592
10700
  # A list of provider names for the IdPs that this client supports. The
10593
- # following are supported: `COGNITO`, `Facebook`, `Google`
10594
- # `LoginWithAmazon`, and the names of your own SAML and OIDC
10595
- # providers.
10701
+ # following are supported: `COGNITO`, `Facebook`, `Google`,
10702
+ # `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
10703
+ # and OIDC providers.
10596
10704
  # @return [Array<String>]
10597
10705
  #
10598
10706
  # @!attribute [rw] callback_urls
@@ -10747,6 +10855,13 @@ module Aws::CognitoIdentityProvider
10747
10855
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
10748
10856
  # @return [Boolean]
10749
10857
  #
10858
+ # @!attribute [rw] auth_session_validity
10859
+ # Amazon Cognito creates a session token for each API request in an
10860
+ # authentication flow. `AuthSessionValidity` is the duration, in
10861
+ # minutes, of that session token. Your user pool native user must
10862
+ # respond to each authentication challenge before the session expires.
10863
+ # @return [Integer]
10864
+ #
10750
10865
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolClientType AWS API Documentation
10751
10866
  #
10752
10867
  class UserPoolClientType < Struct.new(
@@ -10773,7 +10888,8 @@ module Aws::CognitoIdentityProvider
10773
10888
  :analytics_configuration,
10774
10889
  :prevent_user_existence_errors,
10775
10890
  :enable_token_revocation,
10776
- :enable_propagate_additional_user_context_data)
10891
+ :enable_propagate_additional_user_context_data,
10892
+ :auth_session_validity)
10777
10893
  SENSITIVE = [:client_id, :client_secret]
10778
10894
  include Aws::Structure
10779
10895
  end
@@ -10907,15 +11023,30 @@ module Aws::CognitoIdentityProvider
10907
11023
  # @return [Array<String>]
10908
11024
  #
10909
11025
  # @!attribute [rw] sms_verification_message
10910
- # The contents of the SMS verification message.
11026
+ # This parameter is no longer used. See
11027
+ # [VerificationMessageTemplateType][1].
11028
+ #
11029
+ #
11030
+ #
11031
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
10911
11032
  # @return [String]
10912
11033
  #
10913
11034
  # @!attribute [rw] email_verification_message
10914
- # The contents of the email verification message.
11035
+ # This parameter is no longer used. See
11036
+ # [VerificationMessageTemplateType][1].
11037
+ #
11038
+ #
11039
+ #
11040
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
10915
11041
  # @return [String]
10916
11042
  #
10917
11043
  # @!attribute [rw] email_verification_subject
10918
- # The subject of the email verification message.
11044
+ # This parameter is no longer used. See
11045
+ # [VerificationMessageTemplateType][1].
11046
+ #
11047
+ #
11048
+ #
11049
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html
10919
11050
  # @return [String]
10920
11051
  #
10921
11052
  # @!attribute [rw] verification_message_template
@@ -10931,8 +11062,8 @@ module Aws::CognitoIdentityProvider
10931
11062
  # the property `AttributesRequireVerificationBeforeUpdate`, a
10932
11063
  # user-pool setting that tells Amazon Cognito how to handle changes to
10933
11064
  # the value of your users' email address and phone number attributes.
10934
- # For more information, see [ Verifying updates to to email addresses
10935
- # and phone numbers][1].
11065
+ # For more information, see [ Verifying updates to email addresses and
11066
+ # phone numbers][1].
10936
11067
  #
10937
11068
  #
10938
11069
  #
@@ -10953,7 +11084,14 @@ module Aws::CognitoIdentityProvider
10953
11084
  # @return [String]
10954
11085
  #
10955
11086
  # @!attribute [rw] device_configuration
10956
- # The device configuration.
11087
+ # The device-remembering configuration for a user pool. A null value
11088
+ # indicates that you have deactivated device remembering in your user
11089
+ # pool.
11090
+ #
11091
+ # <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
11092
+ # activate the Amazon Cognito device-remembering feature.
11093
+ #
11094
+ # </note>
10957
11095
  # @return [Types::DeviceConfigurationType]
10958
11096
  #
10959
11097
  # @!attribute [rw] estimated_number_of_users
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
48
48
  # @!group service
49
49
  module Aws::CognitoIdentityProvider
50
50
 
51
- GEM_VERSION = '1.67.0'
51
+ GEM_VERSION = '1.70.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-cognitoidentityprovider
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.67.0
4
+ version: 1.70.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-31 00:00:00.000000000 Z
11
+ date: 2022-09-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core