aws-sdk-cognitoidentityprovider 1.70.0 → 1.72.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1de940aa4198a67bc226ccb78d804e5915412e4b6b106b9dc3b05952c7cdec81
4
- data.tar.gz: eca470406c2e4a4a50859eb8d453c6d1fe69f210fc1df8e5b8902cc5e6af4a80
3
+ metadata.gz: 85370318e5265e024f71d0aa1c5f5f2a7529c936ed82441d5fe2b0c883d93c4b
4
+ data.tar.gz: 8854f639f290948fe54521476702722f6d4ccd38e390dfc8da6f9ae30d9bf07d
5
5
  SHA512:
6
- metadata.gz: 77b66cec3d3b6820f4d6bce2b21f38d18b3f51e1cd3c3c0f23990339b0b7cb28988926de5bc33980a274c989fba643d4028225f3e4433688f506a52f3fa07e5e
7
- data.tar.gz: 7a2e44f6160c961fd17deddb48f12e1b577864c74cfc590b6b10bc02128a8911bf9b9ef9c8c5f71d39d835758f978572119412cdfe71d30dc81e5ef8867c737d
6
+ metadata.gz: abacf68bc1b3de79157f2845cb23b825f1ec0ddae666007cab620ab7edcd4373b118c17ef0278156629a168fda22150c38f7abda17a08dbba7c191b96ecc66b5
7
+ data.tar.gz: fc66122555a3f305733e9403a1b9941f6925a2d98c42dd8945209084e88d6e788e3f47a36b61c5ff66220f496ae0a7f476c2342235c635c94471f8f82dec6716
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.72.0 (2022-10-25)
5
+ ------------------
6
+
7
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
8
+
9
+ 1.71.0 (2022-10-21)
10
+ ------------------
11
+
12
+ * Feature - This release adds a new "DeletionProtection" field to the UserPool in Cognito. Application admins can configure this value with either ACTIVE or INACTIVE value. Setting this field to ACTIVE will prevent a user pool from accidental deletion.
13
+
4
14
  1.70.0 (2022-09-02)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.70.0
1
+ 1.72.0
@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
30
30
  require 'aws-sdk-core/plugins/checksum_algorithm.rb'
31
31
  require 'aws-sdk-core/plugins/defaults_mode.rb'
32
32
  require 'aws-sdk-core/plugins/recursion_detection.rb'
33
- require 'aws-sdk-core/plugins/signature_v4.rb'
33
+ require 'aws-sdk-core/plugins/sign.rb'
34
34
  require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
35
35
 
36
36
  Aws::Plugins::GlobalConfiguration.add_identifier(:cognitoidentityprovider)
@@ -79,8 +79,9 @@ module Aws::CognitoIdentityProvider
79
79
  add_plugin(Aws::Plugins::ChecksumAlgorithm)
80
80
  add_plugin(Aws::Plugins::DefaultsMode)
81
81
  add_plugin(Aws::Plugins::RecursionDetection)
82
- add_plugin(Aws::Plugins::SignatureV4)
82
+ add_plugin(Aws::Plugins::Sign)
83
83
  add_plugin(Aws::Plugins::Protocols::JsonRpc)
84
+ add_plugin(Aws::CognitoIdentityProvider::Plugins::Endpoints)
84
85
 
85
86
  # @overload initialize(options)
86
87
  # @param [Hash] options
@@ -297,6 +298,19 @@ module Aws::CognitoIdentityProvider
297
298
  # ** Please note ** When response stubbing is enabled, no HTTP
298
299
  # requests are made, and retries are disabled.
299
300
  #
301
+ # @option options [Aws::TokenProvider] :token_provider
302
+ # A Bearer Token Provider. This can be an instance of any one of the
303
+ # following classes:
304
+ #
305
+ # * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
306
+ # tokens.
307
+ #
308
+ # * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
309
+ # access token generated from `aws login`.
310
+ #
311
+ # When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
312
+ # will be used to search for tokens configured for your profile in shared configuration files.
313
+ #
300
314
  # @option options [Boolean] :use_dualstack_endpoint
301
315
  # When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
302
316
  # will be used if available.
@@ -310,6 +324,9 @@ module Aws::CognitoIdentityProvider
310
324
  # When `true`, request parameters are validated before
311
325
  # sending the request.
312
326
  #
327
+ # @option options [Aws::CognitoIdentityProvider::EndpointProvider] :endpoint_provider
328
+ # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::CognitoIdentityProvider::EndpointParameters`
329
+ #
313
330
  # @option options [URI::HTTP,String] :http_proxy A proxy to send
314
331
  # requests through. Formatted like 'http://proxy.com:123'.
315
332
  #
@@ -873,9 +890,12 @@ module Aws::CognitoIdentityProvider
873
890
  req.send_request(options)
874
891
  end
875
892
 
876
- # Disables the specified user.
893
+ # Deactivates a user and revokes all access tokens for the user. A
894
+ # deactivated user can't sign in, but still appears in the responses to
895
+ # `GetUser` and `ListUsers` API requests.
877
896
  #
878
- # Calling this action requires developer credentials.
897
+ # You must make this API request with Amazon Web Services credentials
898
+ # that have `cognito-idp:AdminDisableUser` permissions.
879
899
  #
880
900
  # @option params [required, String] :user_pool_id
881
901
  # The user pool ID for the user pool where you want to disable the user.
@@ -1500,7 +1520,9 @@ module Aws::CognitoIdentityProvider
1500
1520
  # The user pool username or an alias.
1501
1521
  #
1502
1522
  # @option params [Integer] :max_results
1503
- # The maximum number of authentication events to return.
1523
+ # The maximum number of authentication events to return. Returns 60
1524
+ # events if you set `MaxResults` to 0, or if you don't include a
1525
+ # `MaxResults` parameter.
1504
1526
  #
1505
1527
  # @option params [String] :next_token
1506
1528
  # A pagination token.
@@ -2970,6 +2992,17 @@ module Aws::CognitoIdentityProvider
2970
2992
  # @option params [Types::UserPoolPolicyType] :policies
2971
2993
  # The policies associated with the new user pool.
2972
2994
  #
2995
+ # @option params [String] :deletion_protection
2996
+ # When active, `DeletionProtection` prevents accidental deletion of your
2997
+ # user pool. Before you can delete a user pool that you have protected
2998
+ # against deletion, you must deactivate this feature.
2999
+ #
3000
+ # When you try to delete a protected user pool in a `DeleteUserPool` API
3001
+ # request, Amazon Cognito returns an `InvalidParameterException` error.
3002
+ # To delete a protected user pool, send a new `DeleteUserPool` request
3003
+ # after you deactivate deletion protection in an `UpdateUserPool` API
3004
+ # request.
3005
+ #
2973
3006
  # @option params [Types::LambdaConfigType] :lambda_config
2974
3007
  # The Lambda trigger configuration information for the new user pool.
2975
3008
  #
@@ -3128,6 +3161,7 @@ module Aws::CognitoIdentityProvider
3128
3161
  # temporary_password_validity_days: 1,
3129
3162
  # },
3130
3163
  # },
3164
+ # deletion_protection: "ACTIVE", # accepts ACTIVE, INACTIVE
3131
3165
  # lambda_config: {
3132
3166
  # pre_sign_up: "ArnType",
3133
3167
  # custom_message: "ArnType",
@@ -3239,6 +3273,7 @@ module Aws::CognitoIdentityProvider
3239
3273
  # resp.user_pool.policies.password_policy.require_numbers #=> Boolean
3240
3274
  # resp.user_pool.policies.password_policy.require_symbols #=> Boolean
3241
3275
  # resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
3276
+ # resp.user_pool.deletion_protection #=> String, one of "ACTIVE", "INACTIVE"
3242
3277
  # resp.user_pool.lambda_config.pre_sign_up #=> String
3243
3278
  # resp.user_pool.lambda_config.custom_message #=> String
3244
3279
  # resp.user_pool.lambda_config.post_confirmation #=> String
@@ -3360,6 +3395,9 @@ module Aws::CognitoIdentityProvider
3360
3395
  # Cognito overrides the value with the default value of 30 days. *Valid
3361
3396
  # range* is displayed below in seconds.
3362
3397
  #
3398
+ # If you don't specify otherwise in the configuration of your app
3399
+ # client, your refresh tokens are valid for 30 days.
3400
+ #
3363
3401
  # @option params [Integer] :access_token_validity
3364
3402
  # The access token time limit. After this limit expires, your user
3365
3403
  # can't use their access token. To specify the time unit for
@@ -3373,6 +3411,9 @@ module Aws::CognitoIdentityProvider
3373
3411
  # The default time unit for `AccessTokenValidity` in an API request is
3374
3412
  # hours. *Valid range* is displayed below in seconds.
3375
3413
  #
3414
+ # If you don't specify otherwise in the configuration of your app
3415
+ # client, your access tokens are valid for one hour.
3416
+ #
3376
3417
  # @option params [Integer] :id_token_validity
3377
3418
  # The ID token time limit. After this limit expires, your user can't
3378
3419
  # use their ID token. To specify the time unit for `IdTokenValidity` as
@@ -3386,6 +3427,9 @@ module Aws::CognitoIdentityProvider
3386
3427
  # The default time unit for `AccessTokenValidity` in an API request is
3387
3428
  # hours. *Valid range* is displayed below in seconds.
3388
3429
  #
3430
+ # If you don't specify otherwise in the configuration of your app
3431
+ # client, your ID tokens are valid for one hour.
3432
+ #
3389
3433
  # @option params [Types::TokenValidityUnitsType] :token_validity_units
3390
3434
  # The units in which the validity times are represented. The default
3391
3435
  # unit for RefreshToken is days, and default for ID and access tokens
@@ -3410,45 +3454,43 @@ module Aws::CognitoIdentityProvider
3410
3454
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html
3411
3455
  #
3412
3456
  # @option params [Array<String>] :explicit_auth_flows
3413
- # The authentication flows that are supported by the user pool clients.
3414
- # Flow names without the `ALLOW_` prefix are no longer supported, in
3415
- # favor of new names with the `ALLOW_` prefix.
3457
+ # The authentication flows that you want your user pool client to
3458
+ # support. For each app client in your user pool, you can sign in your
3459
+ # users with any combination of one or more flows, including with a user
3460
+ # name and Secure Remote Password (SRP), a user name and password, or a
3461
+ # custom authentication process that you define with Lambda functions.
3416
3462
  #
3417
- # <note markdown="1"> Values with `ALLOW_` prefix must be used only along with the `ALLOW_`
3418
- # prefix.
3463
+ # <note markdown="1"> If you don't specify a value for `ExplicitAuthFlows`, your user
3464
+ # client supports `ALLOW_REFRESH_TOKEN_AUTH`, `ALLOW_USER_SRP_AUTH`, and
3465
+ # `ALLOW_CUSTOM_AUTH`.
3419
3466
  #
3420
3467
  # </note>
3421
3468
  #
3422
3469
  # Valid values include:
3423
3470
  #
3424
- # ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
3425
- #
3426
- # : Enable admin based user password authentication flow
3427
- # `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
3428
- # `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
3429
- # Cognito receives the password in the request instead of using the
3430
- # Secure Remote Password (SRP) protocol to verify passwords.
3431
- #
3432
- # ALLOW\_CUSTOM\_AUTH
3433
- #
3434
- # : Enable Lambda trigger based authentication.
3435
- #
3436
- # ALLOW\_USER\_PASSWORD\_AUTH
3437
- #
3438
- # : Enable user password-based authentication. In this flow, Amazon
3439
- # Cognito receives the password in the request instead of using the
3440
- # SRP protocol to verify passwords.
3471
+ # * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
3472
+ # authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
3473
+ # replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
3474
+ # flow, your app passes a user name and password to Amazon Cognito in
3475
+ # the request, instead of using the Secure Remote Password (SRP)
3476
+ # protocol to securely transmit the password.
3441
3477
  #
3442
- # ALLOW\_USER\_SRP\_AUTH
3478
+ # * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
3443
3479
  #
3444
- # : Enable SRP-based authentication.
3480
+ # * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
3481
+ # authentication. In this flow, Amazon Cognito receives the password
3482
+ # in the request instead of using the SRP protocol to verify
3483
+ # passwords.
3445
3484
  #
3446
- # ALLOW\_REFRESH\_TOKEN\_AUTH
3485
+ # * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
3447
3486
  #
3448
- # : Enable the authflow that refreshes tokens.
3487
+ # * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
3449
3488
  #
3450
- # If you don't specify a value for `ExplicitAuthFlows`, your user
3451
- # client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
3489
+ # In some environments, you will see the values `ADMIN_NO_SRP_AUTH`,
3490
+ # `CUSTOM_AUTH_FLOW_ONLY`, or `USER_PASSWORD_AUTH`. You can't assign
3491
+ # these legacy `ExplicitAuthFlows` values to user pool clients at the
3492
+ # same time as values that begin with `ALLOW_`, like
3493
+ # `ALLOW_USER_SRP_AUTH`.
3452
3494
  #
3453
3495
  # @option params [Array<String>] :supported_identity_providers
3454
3496
  # A list of provider names for the identity providers (IdPs) that are
@@ -4158,6 +4200,7 @@ module Aws::CognitoIdentityProvider
4158
4200
  # resp.user_pool.policies.password_policy.require_numbers #=> Boolean
4159
4201
  # resp.user_pool.policies.password_policy.require_symbols #=> Boolean
4160
4202
  # resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
4203
+ # resp.user_pool.deletion_protection #=> String, one of "ACTIVE", "INACTIVE"
4161
4204
  # resp.user_pool.lambda_config.pre_sign_up #=> String
4162
4205
  # resp.user_pool.lambda_config.custom_message #=> String
4163
4206
  # resp.user_pool.lambda_config.post_confirmation #=> String
@@ -4668,6 +4711,12 @@ module Aws::CognitoIdentityProvider
4668
4711
  end
4669
4712
 
4670
4713
  # This method takes a user pool ID, and returns the signing certificate.
4714
+ # The issued certificate is valid for 10 years from the date of issue.
4715
+ #
4716
+ # Amazon Cognito issues and assigns a new signing certificate annually.
4717
+ # This process returns a new value in the response to
4718
+ # `GetSigningCertificate`, but doesn't invalidate the original
4719
+ # certificate.
4671
4720
  #
4672
4721
  # @option params [required, String] :user_pool_id
4673
4722
  # The user pool ID.
@@ -4920,11 +4969,9 @@ module Aws::CognitoIdentityProvider
4920
4969
  end
4921
4970
 
4922
4971
  # Signs out users from all devices. It also invalidates all refresh
4923
- # tokens that Amazon Cognito has issued to a user. The user's current
4924
- # access and ID tokens remain valid until their expiry. By default,
4925
- # access and ID tokens expire one hour after Amazon Cognito issues them.
4926
- # A user can still use a hosted UI cookie to retrieve new tokens for the
4927
- # duration of the cookie validity period of 1 hour.
4972
+ # tokens that Amazon Cognito has issued to a user. A user can still use
4973
+ # a hosted UI cookie to retrieve new tokens for the duration of the
4974
+ # 1-hour cookie validity period.
4928
4975
  #
4929
4976
  # @option params [required, String] :access_token
4930
4977
  # A valid access token that Amazon Cognito issued to the user who you
@@ -6049,9 +6096,10 @@ module Aws::CognitoIdentityProvider
6049
6096
  req.send_request(options)
6050
6097
  end
6051
6098
 
6052
- # Revokes all of the access tokens generated by the specified refresh
6053
- # token. After the token is revoked, you can't use the revoked token to
6054
- # access Amazon Cognito authenticated APIs.
6099
+ # Revokes all of the access tokens generated by, and at the same time
6100
+ # as, the specified refresh token. After a token is revoked, you can't
6101
+ # use the revoked token to access Amazon Cognito user APIs, or to
6102
+ # authorize access to your resource server.
6055
6103
  #
6056
6104
  # @option params [required, String] :token
6057
6105
  # The refresh token that you want to revoke.
@@ -6354,8 +6402,7 @@ module Aws::CognitoIdentityProvider
6354
6402
  # @option params [String] :mfa_configuration
6355
6403
  # The MFA configuration. If you set the MfaConfiguration value to ‘ON’,
6356
6404
  # only users who have set up an MFA factor can sign in. To learn more,
6357
- # see [Adding Multi-Factor Authentication (MFA) to a user
6358
- # pool](cognito/latest/developerguide/user-pool-settings-mfa.html).
6405
+ # see [Adding Multi-Factor Authentication (MFA) to a user pool][1].
6359
6406
  # Valid values include:
6360
6407
  #
6361
6408
  # * `OFF` MFA won't be used for any users.
@@ -6365,6 +6412,10 @@ module Aws::CognitoIdentityProvider
6365
6412
  # * `OPTIONAL` MFA will be required only for individual users who have
6366
6413
  # an MFA factor activated.
6367
6414
  #
6415
+ #
6416
+ #
6417
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html
6418
+ #
6368
6419
  # @return [Types::SetUserPoolMfaConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6369
6420
  #
6370
6421
  # * {Types::SetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
@@ -7163,6 +7214,17 @@ module Aws::CognitoIdentityProvider
7163
7214
  # @option params [Types::UserPoolPolicyType] :policies
7164
7215
  # A container with the policies you want to update in a user pool.
7165
7216
  #
7217
+ # @option params [String] :deletion_protection
7218
+ # When active, `DeletionProtection` prevents accidental deletion of your
7219
+ # user pool. Before you can delete a user pool that you have protected
7220
+ # against deletion, you must deactivate this feature.
7221
+ #
7222
+ # When you try to delete a protected user pool in a `DeleteUserPool` API
7223
+ # request, Amazon Cognito returns an `InvalidParameterException` error.
7224
+ # To delete a protected user pool, send a new `DeleteUserPool` request
7225
+ # after you deactivate deletion protection in an `UpdateUserPool` API
7226
+ # request.
7227
+ #
7166
7228
  # @option params [Types::LambdaConfigType] :lambda_config
7167
7229
  # The Lambda configuration information from the request to update the
7168
7230
  # user pool.
@@ -7293,6 +7355,7 @@ module Aws::CognitoIdentityProvider
7293
7355
  # temporary_password_validity_days: 1,
7294
7356
  # },
7295
7357
  # },
7358
+ # deletion_protection: "ACTIVE", # accepts ACTIVE, INACTIVE
7296
7359
  # lambda_config: {
7297
7360
  # pre_sign_up: "ArnType",
7298
7361
  # custom_message: "ArnType",
@@ -7422,6 +7485,9 @@ module Aws::CognitoIdentityProvider
7422
7485
  # Cognito overrides the value with the default value of 30 days. *Valid
7423
7486
  # range* is displayed below in seconds.
7424
7487
  #
7488
+ # If you don't specify otherwise in the configuration of your app
7489
+ # client, your refresh tokens are valid for 30 days.
7490
+ #
7425
7491
  # @option params [Integer] :access_token_validity
7426
7492
  # The access token time limit. After this limit expires, your user
7427
7493
  # can't use their access token. To specify the time unit for
@@ -7435,6 +7501,9 @@ module Aws::CognitoIdentityProvider
7435
7501
  # The default time unit for `AccessTokenValidity` in an API request is
7436
7502
  # hours. *Valid range* is displayed below in seconds.
7437
7503
  #
7504
+ # If you don't specify otherwise in the configuration of your app
7505
+ # client, your access tokens are valid for one hour.
7506
+ #
7438
7507
  # @option params [Integer] :id_token_validity
7439
7508
  # The ID token time limit. After this limit expires, your user can't
7440
7509
  # use their ID token. To specify the time unit for `IdTokenValidity` as
@@ -7448,6 +7517,9 @@ module Aws::CognitoIdentityProvider
7448
7517
  # The default time unit for `AccessTokenValidity` in an API request is
7449
7518
  # hours. *Valid range* is displayed below in seconds.
7450
7519
  #
7520
+ # If you don't specify otherwise in the configuration of your app
7521
+ # client, your ID tokens are valid for one hour.
7522
+ #
7451
7523
  # @option params [Types::TokenValidityUnitsType] :token_validity_units
7452
7524
  # The units in which the validity times are represented. The default
7453
7525
  # unit for RefreshToken is days, and the default for ID and access
@@ -7460,19 +7532,26 @@ module Aws::CognitoIdentityProvider
7460
7532
  # The writeable attributes of the user pool.
7461
7533
  #
7462
7534
  # @option params [Array<String>] :explicit_auth_flows
7463
- # The authentication flows that are supported by the user pool clients.
7464
- # Flow names without the `ALLOW_` prefix are no longer supported in
7465
- # favor of new names with the `ALLOW_` prefix. Note that values with
7466
- # `ALLOW_` prefix must be used only along with values with the `ALLOW_`
7467
- # prefix.
7535
+ # The authentication flows that you want your user pool client to
7536
+ # support. For each app client in your user pool, you can sign in your
7537
+ # users with any combination of one or more flows, including with a user
7538
+ # name and Secure Remote Password (SRP), a user name and password, or a
7539
+ # custom authentication process that you define with Lambda functions.
7540
+ #
7541
+ # <note markdown="1"> If you don't specify a value for `ExplicitAuthFlows`, your user
7542
+ # client supports `ALLOW_REFRESH_TOKEN_AUTH`, `ALLOW_USER_SRP_AUTH`, and
7543
+ # `ALLOW_CUSTOM_AUTH`.
7544
+ #
7545
+ # </note>
7468
7546
  #
7469
7547
  # Valid values include:
7470
7548
  #
7471
7549
  # * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
7472
7550
  # authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
7473
7551
  # replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
7474
- # flow, Amazon Cognito receives the password in the request instead of
7475
- # using the Secure Remote Password (SRP) protocol to verify passwords.
7552
+ # flow, your app passes a user name and password to Amazon Cognito in
7553
+ # the request, instead of using the Secure Remote Password (SRP)
7554
+ # protocol to securely transmit the password.
7476
7555
  #
7477
7556
  # * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
7478
7557
  #
@@ -7485,6 +7564,12 @@ module Aws::CognitoIdentityProvider
7485
7564
  #
7486
7565
  # * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
7487
7566
  #
7567
+ # In some environments, you will see the values `ADMIN_NO_SRP_AUTH`,
7568
+ # `CUSTOM_AUTH_FLOW_ONLY`, or `USER_PASSWORD_AUTH`. You can't assign
7569
+ # these legacy `ExplicitAuthFlows` values to user pool clients at the
7570
+ # same time as values that begin with `ALLOW_`, like
7571
+ # `ALLOW_USER_SRP_AUTH`.
7572
+ #
7488
7573
  # @option params [Array<String>] :supported_identity_providers
7489
7574
  # A list of provider names for the IdPs that this client supports. The
7490
7575
  # following are supported: `COGNITO`, `Facebook`, `Google`,
@@ -7902,7 +7987,7 @@ module Aws::CognitoIdentityProvider
7902
7987
  params: params,
7903
7988
  config: config)
7904
7989
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
7905
- context[:gem_version] = '1.70.0'
7990
+ context[:gem_version] = '1.72.0'
7906
7991
  Seahorse::Client::Request.new(handlers, context)
7907
7992
  end
7908
7993
 
@@ -167,6 +167,7 @@ module Aws::CognitoIdentityProvider
167
167
  DeleteUserPoolDomainResponse = Shapes::StructureShape.new(name: 'DeleteUserPoolDomainResponse')
168
168
  DeleteUserPoolRequest = Shapes::StructureShape.new(name: 'DeleteUserPoolRequest')
169
169
  DeleteUserRequest = Shapes::StructureShape.new(name: 'DeleteUserRequest')
170
+ DeletionProtectionType = Shapes::StringShape.new(name: 'DeletionProtectionType')
170
171
  DeliveryMediumListType = Shapes::ListShape.new(name: 'DeliveryMediumListType')
171
172
  DeliveryMediumType = Shapes::StringShape.new(name: 'DeliveryMediumType')
172
173
  DescribeIdentityProviderRequest = Shapes::StructureShape.new(name: 'DescribeIdentityProviderRequest')
@@ -947,6 +948,7 @@ module Aws::CognitoIdentityProvider
947
948
 
948
949
  CreateUserPoolRequest.add_member(:pool_name, Shapes::ShapeRef.new(shape: UserPoolNameType, required: true, location_name: "PoolName"))
949
950
  CreateUserPoolRequest.add_member(:policies, Shapes::ShapeRef.new(shape: UserPoolPolicyType, location_name: "Policies"))
951
+ CreateUserPoolRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtectionType, location_name: "DeletionProtection"))
950
952
  CreateUserPoolRequest.add_member(:lambda_config, Shapes::ShapeRef.new(shape: LambdaConfigType, location_name: "LambdaConfig"))
951
953
  CreateUserPoolRequest.add_member(:auto_verified_attributes, Shapes::ShapeRef.new(shape: VerifiedAttributesListType, location_name: "AutoVerifiedAttributes"))
952
954
  CreateUserPoolRequest.add_member(:alias_attributes, Shapes::ShapeRef.new(shape: AliasAttributesListType, location_name: "AliasAttributes"))
@@ -1806,6 +1808,7 @@ module Aws::CognitoIdentityProvider
1806
1808
 
1807
1809
  UpdateUserPoolRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
1808
1810
  UpdateUserPoolRequest.add_member(:policies, Shapes::ShapeRef.new(shape: UserPoolPolicyType, location_name: "Policies"))
1811
+ UpdateUserPoolRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtectionType, location_name: "DeletionProtection"))
1809
1812
  UpdateUserPoolRequest.add_member(:lambda_config, Shapes::ShapeRef.new(shape: LambdaConfigType, location_name: "LambdaConfig"))
1810
1813
  UpdateUserPoolRequest.add_member(:auto_verified_attributes, Shapes::ShapeRef.new(shape: VerifiedAttributesListType, location_name: "AutoVerifiedAttributes"))
1811
1814
  UpdateUserPoolRequest.add_member(:sms_verification_message, Shapes::ShapeRef.new(shape: SmsVerificationMessageType, location_name: "SmsVerificationMessage"))
@@ -1928,6 +1931,7 @@ module Aws::CognitoIdentityProvider
1928
1931
  UserPoolType.add_member(:id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "Id"))
1929
1932
  UserPoolType.add_member(:name, Shapes::ShapeRef.new(shape: UserPoolNameType, location_name: "Name"))
1930
1933
  UserPoolType.add_member(:policies, Shapes::ShapeRef.new(shape: UserPoolPolicyType, location_name: "Policies"))
1934
+ UserPoolType.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtectionType, location_name: "DeletionProtection"))
1931
1935
  UserPoolType.add_member(:lambda_config, Shapes::ShapeRef.new(shape: LambdaConfigType, location_name: "LambdaConfig"))
1932
1936
  UserPoolType.add_member(:status, Shapes::ShapeRef.new(shape: StatusType, location_name: "Status"))
1933
1937
  UserPoolType.add_member(:last_modified_date, Shapes::ShapeRef.new(shape: DateType, location_name: "LastModifiedDate"))
@@ -2704,6 +2708,7 @@ module Aws::CognitoIdentityProvider
2704
2708
  o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
2705
2709
  o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
2706
2710
  o.errors << Shapes::ShapeRef.new(shape: UnsupportedIdentityProviderException)
2711
+ o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
2707
2712
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
2708
2713
  o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
2709
2714
  o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
@@ -2783,6 +2788,7 @@ module Aws::CognitoIdentityProvider
2783
2788
  o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
2784
2789
  o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
2785
2790
  o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
2791
+ o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
2786
2792
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
2787
2793
  end)
2788
2794
 
@@ -3565,6 +3571,7 @@ module Aws::CognitoIdentityProvider
3565
3571
  o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
3566
3572
  o.errors << Shapes::ShapeRef.new(shape: UnsupportedIdentityProviderException)
3567
3573
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
3574
+ o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
3568
3575
  o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
3569
3576
  o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
3570
3577
  o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
@@ -0,0 +1,66 @@
1
+ # frozen_string_literal: true
2
+
3
+ # WARNING ABOUT GENERATED CODE
4
+ #
5
+ # This file is generated. See the contributing guide for more information:
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
+ #
8
+ # WARNING ABOUT GENERATED CODE
9
+
10
+ module Aws::CognitoIdentityProvider
11
+ # Endpoint parameters used to influence endpoints per request.
12
+ #
13
+ # @!attribute region
14
+ # The AWS region used to dispatch the request.
15
+ #
16
+ # @return [String]
17
+ #
18
+ # @!attribute use_dual_stack
19
+ # When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
20
+ #
21
+ # @return [Boolean]
22
+ #
23
+ # @!attribute use_fips
24
+ # When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
25
+ #
26
+ # @return [Boolean]
27
+ #
28
+ # @!attribute endpoint
29
+ # Override the endpoint used to send this request
30
+ #
31
+ # @return [String]
32
+ #
33
+ EndpointParameters = Struct.new(
34
+ :region,
35
+ :use_dual_stack,
36
+ :use_fips,
37
+ :endpoint,
38
+ ) do
39
+ include Aws::Structure
40
+
41
+ # @api private
42
+ class << self
43
+ PARAM_MAP = {
44
+ 'Region' => :region,
45
+ 'UseDualStack' => :use_dual_stack,
46
+ 'UseFIPS' => :use_fips,
47
+ 'Endpoint' => :endpoint,
48
+ }.freeze
49
+ end
50
+
51
+ def initialize(options = {})
52
+ self[:region] = options[:region]
53
+ self[:use_dual_stack] = options[:use_dual_stack]
54
+ self[:use_dual_stack] = false if self[:use_dual_stack].nil?
55
+ if self[:use_dual_stack].nil?
56
+ raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
57
+ end
58
+ self[:use_fips] = options[:use_fips]
59
+ self[:use_fips] = false if self[:use_fips].nil?
60
+ if self[:use_fips].nil?
61
+ raise ArgumentError, "Missing required EndpointParameter: :use_fips"
62
+ end
63
+ self[:endpoint] = options[:endpoint]
64
+ end
65
+ end
66
+ end
@@ -0,0 +1,112 @@
1
+ # frozen_string_literal: true
2
+
3
+ # WARNING ABOUT GENERATED CODE
4
+ #
5
+ # This file is generated. See the contributing guide for more information:
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
+ #
8
+ # WARNING ABOUT GENERATED CODE
9
+
10
+ module Aws::CognitoIdentityProvider
11
+ class EndpointProvider
12
+ def initialize(rule_set = nil)
13
+ @@rule_set ||= begin
14
+ endpoint_rules = Aws::Json.load(Base64.decode64(RULES))
15
+ Aws::Endpoints::RuleSet.new(
16
+ version: endpoint_rules['version'],
17
+ service_id: endpoint_rules['serviceId'],
18
+ parameters: endpoint_rules['parameters'],
19
+ rules: endpoint_rules['rules']
20
+ )
21
+ end
22
+ @provider = Aws::Endpoints::RulesProvider.new(rule_set || @@rule_set)
23
+ end
24
+
25
+ def resolve_endpoint(parameters)
26
+ @provider.resolve_endpoint(parameters)
27
+ end
28
+
29
+ # @api private
30
+ RULES = <<-JSON
31
+ eyJ2ZXJzaW9uIjoiMS4wIiwicGFyYW1ldGVycyI6eyJSZWdpb24iOnsiYnVp
32
+ bHRJbiI6IkFXUzo6UmVnaW9uIiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1bWVu
33
+ dGF0aW9uIjoiVGhlIEFXUyByZWdpb24gdXNlZCB0byBkaXNwYXRjaCB0aGUg
34
+ cmVxdWVzdC4iLCJ0eXBlIjoiU3RyaW5nIn0sIlVzZUR1YWxTdGFjayI6eyJi
35
+ dWlsdEluIjoiQVdTOjpVc2VEdWFsU3RhY2siLCJyZXF1aXJlZCI6dHJ1ZSwi
36
+ ZGVmYXVsdCI6ZmFsc2UsImRvY3VtZW50YXRpb24iOiJXaGVuIHRydWUsIHVz
37
+ ZSB0aGUgZHVhbC1zdGFjayBlbmRwb2ludC4gSWYgdGhlIGNvbmZpZ3VyZWQg
38
+ ZW5kcG9pbnQgZG9lcyBub3Qgc3VwcG9ydCBkdWFsLXN0YWNrLCBkaXNwYXRj
39
+ aGluZyB0aGUgcmVxdWVzdCBNQVkgcmV0dXJuIGFuIGVycm9yLiIsInR5cGUi
40
+ OiJCb29sZWFuIn0sIlVzZUZJUFMiOnsiYnVpbHRJbiI6IkFXUzo6VXNlRklQ
41
+ UyIsInJlcXVpcmVkIjp0cnVlLCJkZWZhdWx0IjpmYWxzZSwiZG9jdW1lbnRh
42
+ dGlvbiI6IldoZW4gdHJ1ZSwgc2VuZCB0aGlzIHJlcXVlc3QgdG8gdGhlIEZJ
43
+ UFMtY29tcGxpYW50IHJlZ2lvbmFsIGVuZHBvaW50LiBJZiB0aGUgY29uZmln
44
+ dXJlZCBlbmRwb2ludCBkb2VzIG5vdCBoYXZlIGEgRklQUyBjb21wbGlhbnQg
45
+ ZW5kcG9pbnQsIGRpc3BhdGNoaW5nIHRoZSByZXF1ZXN0IHdpbGwgcmV0dXJu
46
+ IGFuIGVycm9yLiIsInR5cGUiOiJCb29sZWFuIn0sIkVuZHBvaW50Ijp7ImJ1
47
+ aWx0SW4iOiJTREs6OkVuZHBvaW50IiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1
48
+ bWVudGF0aW9uIjoiT3ZlcnJpZGUgdGhlIGVuZHBvaW50IHVzZWQgdG8gc2Vu
49
+ ZCB0aGlzIHJlcXVlc3QiLCJ0eXBlIjoiU3RyaW5nIn19LCJydWxlcyI6W3si
50
+ Y29uZGl0aW9ucyI6W3siZm4iOiJhd3MucGFydGl0aW9uIiwiYXJndiI6W3si
51
+ cmVmIjoiUmVnaW9uIn1dLCJhc3NpZ24iOiJQYXJ0aXRpb25SZXN1bHQifV0s
52
+ InR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
53
+ aXNTZXQiLCJhcmd2IjpbeyJyZWYiOiJFbmRwb2ludCJ9XX0seyJmbiI6InBh
54
+ cnNlVVJMIiwiYXJndiI6W3sicmVmIjoiRW5kcG9pbnQifV0sImFzc2lnbiI6
55
+ InVybCJ9XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9ucyI6
56
+ W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQ
57
+ UyJ9LHRydWVdfV0sImVycm9yIjoiSW52YWxpZCBDb25maWd1cmF0aW9uOiBG
58
+ SVBTIGFuZCBjdXN0b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0
59
+ eXBlIjoiZXJyb3IifSx7ImNvbmRpdGlvbnMiOltdLCJ0eXBlIjoidHJlZSIs
60
+ InJ1bGVzIjpbeyJjb25kaXRpb25zIjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMi
61
+ LCJhcmd2IjpbeyJyZWYiOiJVc2VEdWFsU3RhY2sifSx0cnVlXX1dLCJlcnJv
62
+ ciI6IkludmFsaWQgQ29uZmlndXJhdGlvbjogRHVhbHN0YWNrIGFuZCBjdXN0
63
+ b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0eXBlIjoiZXJyb3Ii
64
+ fSx7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2ludCI6eyJ1cmwiOnsicmVmIjoi
65
+ RW5kcG9pbnQifSwicHJvcGVydGllcyI6e30sImhlYWRlcnMiOnt9fSwidHlw
66
+ ZSI6ImVuZHBvaW50In1dfV19LHsiY29uZGl0aW9ucyI6W3siZm4iOiJib29s
67
+ ZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQUyJ9LHRydWVdfSx7
68
+ ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxT
69
+ dGFjayJ9LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRp
70
+ dGlvbnMiOlt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsi
71
+ Zm4iOiJnZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0
72
+ In0sInN1cHBvcnRzRklQUyJdfV19LHsiZm4iOiJib29sZWFuRXF1YWxzIiwi
73
+ YXJndiI6W3RydWUseyJmbiI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQ
74
+ YXJ0aXRpb25SZXN1bHQifSwic3VwcG9ydHNEdWFsU3RhY2siXX1dfV0sInR5
75
+ cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2lu
76
+ dCI6eyJ1cmwiOiJodHRwczovL2NvZ25pdG8taWRwLWZpcHMue1JlZ2lvbn0u
77
+ e1BhcnRpdGlvblJlc3VsdCNkdWFsU3RhY2tEbnNTdWZmaXh9IiwicHJvcGVy
78
+ dGllcyI6e30sImhlYWRlcnMiOnt9fSwidHlwZSI6ImVuZHBvaW50In1dfSx7
79
+ ImNvbmRpdGlvbnMiOltdLCJlcnJvciI6IkZJUFMgYW5kIER1YWxTdGFjayBh
80
+ cmUgZW5hYmxlZCwgYnV0IHRoaXMgcGFydGl0aW9uIGRvZXMgbm90IHN1cHBv
81
+ cnQgb25lIG9yIGJvdGgiLCJ0eXBlIjoiZXJyb3IifV19LHsiY29uZGl0aW9u
82
+ cyI6W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNl
83
+ RklQUyJ9LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRp
84
+ dGlvbnMiOlt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsi
85
+ Zm4iOiJnZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0
86
+ In0sInN1cHBvcnRzRklQUyJdfV19XSwidHlwZSI6InRyZWUiLCJydWxlcyI6
87
+ W3siY29uZGl0aW9ucyI6W10sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNv
88
+ bmRpdGlvbnMiOltdLCJlbmRwb2ludCI6eyJ1cmwiOiJodHRwczovL2NvZ25p
89
+ dG8taWRwLWZpcHMue1JlZ2lvbn0ue1BhcnRpdGlvblJlc3VsdCNkbnNTdWZm
90
+ aXh9IiwicHJvcGVydGllcyI6e30sImhlYWRlcnMiOnt9fSwidHlwZSI6ImVu
91
+ ZHBvaW50In1dfV19LHsiY29uZGl0aW9ucyI6W10sImVycm9yIjoiRklQUyBp
92
+ cyBlbmFibGVkIGJ1dCB0aGlzIHBhcnRpdGlvbiBkb2VzIG5vdCBzdXBwb3J0
93
+ IEZJUFMiLCJ0eXBlIjoiZXJyb3IifV19LHsiY29uZGl0aW9ucyI6W3siZm4i
94
+ OiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRHVhbFN0YWNr
95
+ In0sdHJ1ZV19XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9u
96
+ cyI6W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3RydWUseyJmbiI6
97
+ ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQYXJ0aXRpb25SZXN1bHQifSwi
98
+ c3VwcG9ydHNEdWFsU3RhY2siXX1dfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMi
99
+ Olt7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2ludCI6eyJ1cmwiOiJodHRwczov
100
+ L2NvZ25pdG8taWRwLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZHVhbFN0
101
+ YWNrRG5zU3VmZml4fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0s
102
+ InR5cGUiOiJlbmRwb2ludCJ9XX0seyJjb25kaXRpb25zIjpbXSwiZXJyb3Ii
103
+ OiJEdWFsU3RhY2sgaXMgZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9l
104
+ cyBub3Qgc3VwcG9ydCBEdWFsU3RhY2siLCJ0eXBlIjoiZXJyb3IifV19LHsi
105
+ Y29uZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vY29n
106
+ bml0by1pZHAue1JlZ2lvbn0ue1BhcnRpdGlvblJlc3VsdCNkbnNTdWZmaXh9
107
+ IiwicHJvcGVydGllcyI6e30sImhlYWRlcnMiOnt9fSwidHlwZSI6ImVuZHBv
108
+ aW50In1dfV19
109
+
110
+ JSON
111
+ end
112
+ end