aws-sdk-cognitoidentityprovider 1.79.0 → 1.80.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +1512 -155
- data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +63 -0
- data/lib/aws-sdk-cognitoidentityprovider/endpoints.rb +28 -0
- data/lib/aws-sdk-cognitoidentityprovider/plugins/endpoints.rb +4 -0
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +560 -120
- data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
- metadata +2 -2
@@ -147,7 +147,7 @@ module Aws::CognitoIdentityProvider
|
|
147
147
|
include Aws::Structure
|
148
148
|
end
|
149
149
|
|
150
|
-
#
|
150
|
+
# Confirm a user's registration as a user pool administrator.
|
151
151
|
#
|
152
152
|
# @!attribute [rw] user_pool_id
|
153
153
|
# The user pool ID for which you want to confirm user registration.
|
@@ -332,10 +332,9 @@ module Aws::CognitoIdentityProvider
|
|
332
332
|
# Amazon Cognito generates one for you.
|
333
333
|
#
|
334
334
|
# The temporary password can only be used until the user account
|
335
|
-
# expiration limit that you
|
336
|
-
#
|
337
|
-
#
|
338
|
-
# `MessageAction` parameter.
|
335
|
+
# expiration limit that you set for your user pool. To reset the
|
336
|
+
# account after that time limit, you must call `AdminCreateUser` again
|
337
|
+
# and specify `RESEND` for the `MessageAction` parameter.
|
339
338
|
# @return [String]
|
340
339
|
#
|
341
340
|
# @!attribute [rw] force_alias_creation
|
@@ -654,7 +653,7 @@ module Aws::CognitoIdentityProvider
|
|
654
653
|
# specified user as an administrator.
|
655
654
|
#
|
656
655
|
# @!attribute [rw] username
|
657
|
-
# The
|
656
|
+
# The username of the user that you requested.
|
658
657
|
# @return [String]
|
659
658
|
#
|
660
659
|
# @!attribute [rw] user_attributes
|
@@ -666,7 +665,12 @@ module Aws::CognitoIdentityProvider
|
|
666
665
|
# @return [Time]
|
667
666
|
#
|
668
667
|
# @!attribute [rw] user_last_modified_date
|
669
|
-
# The date the
|
668
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
669
|
+
# modified.
|
670
|
+
#
|
671
|
+
#
|
672
|
+
#
|
673
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
670
674
|
# @return [Time]
|
671
675
|
#
|
672
676
|
# @!attribute [rw] enabled
|
@@ -680,8 +684,6 @@ module Aws::CognitoIdentityProvider
|
|
680
684
|
#
|
681
685
|
# * CONFIRMED - User has been confirmed.
|
682
686
|
#
|
683
|
-
# * ARCHIVED - User is no longer active.
|
684
|
-
#
|
685
687
|
# * UNKNOWN - User status isn't known.
|
686
688
|
#
|
687
689
|
# * RESET\_REQUIRED - User is confirmed, but the user must request a
|
@@ -781,18 +783,27 @@ module Aws::CognitoIdentityProvider
|
|
781
783
|
# `SECRET_HASH` (required if the app client is configured with a
|
782
784
|
# client secret), `DEVICE_KEY`.
|
783
785
|
#
|
784
|
-
# * For `
|
786
|
+
# * For `ADMIN_USER_PASSWORD_AUTH`: `USERNAME` (required), `PASSWORD`
|
785
787
|
# (required), `SECRET_HASH` (required if the app client is
|
786
788
|
# configured with a client secret), `DEVICE_KEY`.
|
787
789
|
#
|
788
|
-
# * For `
|
789
|
-
#
|
790
|
-
#
|
790
|
+
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`: `REFRESH_TOKEN`
|
791
|
+
# (required), `SECRET_HASH` (required if the app client is
|
792
|
+
# configured with a client secret), `DEVICE_KEY`.
|
791
793
|
#
|
792
794
|
# * For `CUSTOM_AUTH`: `USERNAME` (required), `SECRET_HASH` (if app
|
793
795
|
# client is configured with client secret), `DEVICE_KEY`. To start
|
794
796
|
# the authentication flow with password verification, include
|
795
797
|
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
798
|
+
#
|
799
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
800
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
801
|
+
# user devices in your user pool][2].
|
802
|
+
#
|
803
|
+
#
|
804
|
+
#
|
805
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
806
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
796
807
|
# @return [Hash<String,String>]
|
797
808
|
#
|
798
809
|
# @!attribute [rw] client_metadata
|
@@ -995,7 +1006,7 @@ module Aws::CognitoIdentityProvider
|
|
995
1006
|
:session,
|
996
1007
|
:challenge_parameters,
|
997
1008
|
:authentication_result)
|
998
|
-
SENSITIVE = [
|
1009
|
+
SENSITIVE = []
|
999
1010
|
include Aws::Structure
|
1000
1011
|
end
|
1001
1012
|
|
@@ -1005,7 +1016,7 @@ module Aws::CognitoIdentityProvider
|
|
1005
1016
|
#
|
1006
1017
|
# @!attribute [rw] destination_user
|
1007
1018
|
# The existing user in the user pool that you want to assign to the
|
1008
|
-
# external IdP user account. This user can be a
|
1019
|
+
# external IdP user account. This user can be a local (Username +
|
1009
1020
|
# Password) Amazon Cognito user pools user or a federated user (for
|
1010
1021
|
# example, a SAML or Facebook user). If the user doesn't exist,
|
1011
1022
|
# Amazon Cognito generates an exception. Amazon Cognito returns this
|
@@ -1042,13 +1053,22 @@ module Aws::CognitoIdentityProvider
|
|
1042
1053
|
#
|
1043
1054
|
#
|
1044
1055
|
#
|
1056
|
+
# For OIDC, the `ProviderAttributeName` can be any value that matches
|
1057
|
+
# a claim in the ID token, or that your app retrieves from the
|
1058
|
+
# `userInfo` endpoint. You must map the claim to a user pool attribute
|
1059
|
+
# in your IdP configuration, and set the user pool attribute name as
|
1060
|
+
# the value of `ProviderAttributeName` in your
|
1061
|
+
# `AdminLinkProviderForUser` request.
|
1062
|
+
#
|
1045
1063
|
# For SAML, the `ProviderAttributeName` can be any value that matches
|
1046
|
-
# a claim in the SAML assertion.
|
1047
|
-
#
|
1048
|
-
#
|
1049
|
-
# `ProviderAttributeName
|
1050
|
-
#
|
1051
|
-
#
|
1064
|
+
# a claim in the SAML assertion. To link SAML users based on the
|
1065
|
+
# subject of the SAML assertion, map the subject to a claim through
|
1066
|
+
# the SAML IdP and set that claim name as the value of
|
1067
|
+
# `ProviderAttributeName` in your `AdminLinkProviderForUser` request.
|
1068
|
+
#
|
1069
|
+
# For both OIDC and SAML users, when you set `ProviderAttributeName`
|
1070
|
+
# to `Cognito_Subject`, Amazon Cognito will automatically parse the
|
1071
|
+
# default unique identifier found in the subject from the IdP token.
|
1052
1072
|
# @return [Types::ProviderUserIdentifierType]
|
1053
1073
|
#
|
1054
1074
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminLinkProviderForUserRequest AWS API Documentation
|
@@ -1363,6 +1383,15 @@ module Aws::CognitoIdentityProvider
|
|
1363
1383
|
# actual username value in the `USERNAMEUSER_ID_FOR_SRP` attribute.
|
1364
1384
|
# This happens even if you specified an alias in your call to
|
1365
1385
|
# `AdminInitiateAuth`.
|
1386
|
+
#
|
1387
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
1388
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
1389
|
+
# user devices in your user pool][2].
|
1390
|
+
#
|
1391
|
+
#
|
1392
|
+
#
|
1393
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
1394
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
1366
1395
|
# @return [Hash<String,String>]
|
1367
1396
|
#
|
1368
1397
|
# @!attribute [rw] session
|
@@ -1454,7 +1483,7 @@ module Aws::CognitoIdentityProvider
|
|
1454
1483
|
:analytics_metadata,
|
1455
1484
|
:context_data,
|
1456
1485
|
:client_metadata)
|
1457
|
-
SENSITIVE = [:client_id
|
1486
|
+
SENSITIVE = [:client_id]
|
1458
1487
|
include Aws::Structure
|
1459
1488
|
end
|
1460
1489
|
|
@@ -1498,7 +1527,7 @@ module Aws::CognitoIdentityProvider
|
|
1498
1527
|
:session,
|
1499
1528
|
:challenge_parameters,
|
1500
1529
|
:authentication_result)
|
1501
|
-
SENSITIVE = [
|
1530
|
+
SENSITIVE = []
|
1502
1531
|
include Aws::Structure
|
1503
1532
|
end
|
1504
1533
|
|
@@ -1612,7 +1641,13 @@ module Aws::CognitoIdentityProvider
|
|
1612
1641
|
# @return [String]
|
1613
1642
|
#
|
1614
1643
|
# @!attribute [rw] feedback_value
|
1615
|
-
# The authentication event feedback value.
|
1644
|
+
# The authentication event feedback value. When you provide a
|
1645
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
1646
|
+
# trust a user session where Amazon Cognito has evaluated some level
|
1647
|
+
# of risk. When you provide a `FeedbackValue` value of `invalid`, you
|
1648
|
+
# tell Amazon Cognito that you don't trust a user session, or you
|
1649
|
+
# don't believe that Amazon Cognito evaluated a high-enough risk
|
1650
|
+
# level.
|
1616
1651
|
# @return [String]
|
1617
1652
|
#
|
1618
1653
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedbackRequest AWS API Documentation
|
@@ -1806,7 +1841,7 @@ module Aws::CognitoIdentityProvider
|
|
1806
1841
|
# The Amazon Pinpoint analytics configuration necessary to collect
|
1807
1842
|
# metrics for a user pool.
|
1808
1843
|
#
|
1809
|
-
# <note markdown="1"> In Regions where Amazon
|
1844
|
+
# <note markdown="1"> In Regions where Amazon Pinpoint isn't available, user pools only
|
1810
1845
|
# support sending events to Amazon Pinpoint projects in us-east-1. In
|
1811
1846
|
# Regions where Amazon Pinpoint is available, user pools support sending
|
1812
1847
|
# events to Amazon Pinpoint projects within that same Region.
|
@@ -1891,7 +1926,7 @@ module Aws::CognitoIdentityProvider
|
|
1891
1926
|
class AssociateSoftwareTokenRequest < Struct.new(
|
1892
1927
|
:access_token,
|
1893
1928
|
:session)
|
1894
|
-
SENSITIVE = [:access_token
|
1929
|
+
SENSITIVE = [:access_token]
|
1895
1930
|
include Aws::Structure
|
1896
1931
|
end
|
1897
1932
|
|
@@ -1911,7 +1946,7 @@ module Aws::CognitoIdentityProvider
|
|
1911
1946
|
class AssociateSoftwareTokenResponse < Struct.new(
|
1912
1947
|
:secret_code,
|
1913
1948
|
:session)
|
1914
|
-
SENSITIVE = [:secret_code
|
1949
|
+
SENSITIVE = [:secret_code]
|
1915
1950
|
include Aws::Structure
|
1916
1951
|
end
|
1917
1952
|
|
@@ -1945,7 +1980,12 @@ module Aws::CognitoIdentityProvider
|
|
1945
1980
|
# @return [String]
|
1946
1981
|
#
|
1947
1982
|
# @!attribute [rw] creation_date
|
1948
|
-
# The
|
1983
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
1984
|
+
# created.
|
1985
|
+
#
|
1986
|
+
#
|
1987
|
+
#
|
1988
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
1949
1989
|
# @return [Time]
|
1950
1990
|
#
|
1951
1991
|
# @!attribute [rw] event_response
|
@@ -2076,6 +2116,24 @@ module Aws::CognitoIdentityProvider
|
|
2076
2116
|
#
|
2077
2117
|
class ChangePasswordResponse < Aws::EmptyStructure; end
|
2078
2118
|
|
2119
|
+
# The CloudWatch logging destination of a user pool detailed activity
|
2120
|
+
# logging configuration.
|
2121
|
+
#
|
2122
|
+
# @!attribute [rw] log_group_arn
|
2123
|
+
# The Amazon Resource Name (arn) of a CloudWatch Logs log group where
|
2124
|
+
# your user pool sends logs. The log group must not be encrypted with
|
2125
|
+
# Key Management Service and must be in the same Amazon Web Services
|
2126
|
+
# account as your user pool.
|
2127
|
+
# @return [String]
|
2128
|
+
#
|
2129
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CloudWatchLogsConfigurationType AWS API Documentation
|
2130
|
+
#
|
2131
|
+
class CloudWatchLogsConfigurationType < Struct.new(
|
2132
|
+
:log_group_arn)
|
2133
|
+
SENSITIVE = []
|
2134
|
+
include Aws::Structure
|
2135
|
+
end
|
2136
|
+
|
2079
2137
|
# The delivery details for an email or SMS message that Amazon Cognito
|
2080
2138
|
# sent for authentication or verification.
|
2081
2139
|
#
|
@@ -2237,7 +2295,12 @@ module Aws::CognitoIdentityProvider
|
|
2237
2295
|
# @!attribute [rw] secret_hash
|
2238
2296
|
# A keyed-hash message authentication code (HMAC) calculated using the
|
2239
2297
|
# secret key of a user pool client and username plus the client ID in
|
2240
|
-
# the message.
|
2298
|
+
# the message. For more information about `SecretHash`, see [Computing
|
2299
|
+
# secret hash values][1].
|
2300
|
+
#
|
2301
|
+
#
|
2302
|
+
#
|
2303
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
2241
2304
|
# @return [String]
|
2242
2305
|
#
|
2243
2306
|
# @!attribute [rw] username
|
@@ -2320,7 +2383,7 @@ module Aws::CognitoIdentityProvider
|
|
2320
2383
|
:analytics_metadata,
|
2321
2384
|
:user_context_data,
|
2322
2385
|
:client_metadata)
|
2323
|
-
SENSITIVE = [:client_id, :secret_hash, :username, :password
|
2386
|
+
SENSITIVE = [:client_id, :secret_hash, :username, :password]
|
2324
2387
|
include Aws::Structure
|
2325
2388
|
end
|
2326
2389
|
|
@@ -2424,7 +2487,7 @@ module Aws::CognitoIdentityProvider
|
|
2424
2487
|
:analytics_metadata,
|
2425
2488
|
:user_context_data,
|
2426
2489
|
:client_metadata)
|
2427
|
-
SENSITIVE = [:client_id, :secret_hash, :username
|
2490
|
+
SENSITIVE = [:client_id, :secret_hash, :username]
|
2428
2491
|
include Aws::Structure
|
2429
2492
|
end
|
2430
2493
|
|
@@ -2800,7 +2863,7 @@ module Aws::CognitoIdentityProvider
|
|
2800
2863
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
2801
2864
|
# session with their ID token for 10 hours.
|
2802
2865
|
#
|
2803
|
-
# The default time unit for `
|
2866
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
2804
2867
|
# hours. *Valid range* is displayed below in seconds.
|
2805
2868
|
#
|
2806
2869
|
# If you don't specify otherwise in the configuration of your app
|
@@ -2961,8 +3024,27 @@ module Aws::CognitoIdentityProvider
|
|
2961
3024
|
# @return [Array<String>]
|
2962
3025
|
#
|
2963
3026
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
2964
|
-
# Set to true
|
2965
|
-
#
|
3027
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app
|
3028
|
+
# client.
|
3029
|
+
#
|
3030
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
3031
|
+
# configure the following features in your app client.
|
3032
|
+
#
|
3033
|
+
# * `CallBackURLs`: Callback URLs.
|
3034
|
+
#
|
3035
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
3036
|
+
#
|
3037
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
3038
|
+
#
|
3039
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
3040
|
+
# client credentials OAuth 2.0 grants.
|
3041
|
+
#
|
3042
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
3043
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
3044
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
3045
|
+
# request. If you don't set a value for
|
3046
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
3047
|
+
# it defaults to `false`.
|
2966
3048
|
# @return [Boolean]
|
2967
3049
|
#
|
2968
3050
|
# @!attribute [rw] analytics_configuration
|
@@ -3277,15 +3359,32 @@ module Aws::CognitoIdentityProvider
|
|
3277
3359
|
# @return [Array<Types::SchemaAttributeType>]
|
3278
3360
|
#
|
3279
3361
|
# @!attribute [rw] user_pool_add_ons
|
3280
|
-
#
|
3281
|
-
#
|
3362
|
+
# User pool add-ons. Contains settings for activation of advanced
|
3363
|
+
# security features. To log user security information but take no
|
3364
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
3365
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
3366
|
+
#
|
3367
|
+
# For more information, see [Adding advanced security to a user
|
3368
|
+
# pool][1].
|
3369
|
+
#
|
3370
|
+
#
|
3371
|
+
#
|
3372
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
3282
3373
|
# @return [Types::UserPoolAddOnsType]
|
3283
3374
|
#
|
3284
3375
|
# @!attribute [rw] username_configuration
|
3285
3376
|
# Case sensitivity on the username input for the selected sign-in
|
3286
|
-
# option.
|
3287
|
-
# can sign in
|
3288
|
-
#
|
3377
|
+
# option. When case sensitivity is set to `False` (case insensitive),
|
3378
|
+
# users can sign in with any combination of capital and lowercase
|
3379
|
+
# letters. For example, `username`, `USERNAME`, or `UserName`, or for
|
3380
|
+
# email, `email@example.com` or `EMaiL@eXamplE.Com`. For most use
|
3381
|
+
# cases, set case sensitivity to `False` (case insensitive) as a best
|
3382
|
+
# practice. When usernames and email addresses are case insensitive,
|
3383
|
+
# Amazon Cognito treats any variation in case as the same user, and
|
3384
|
+
# prevents a case variation from being assigned to the same attribute
|
3385
|
+
# for a different user.
|
3386
|
+
#
|
3387
|
+
# This configuration is immutable after you set it. For more
|
3289
3388
|
# information, see [UsernameConfigurationType][1].
|
3290
3389
|
#
|
3291
3390
|
#
|
@@ -3880,7 +3979,12 @@ module Aws::CognitoIdentityProvider
|
|
3880
3979
|
# @return [Time]
|
3881
3980
|
#
|
3882
3981
|
# @!attribute [rw] device_last_modified_date
|
3883
|
-
# The
|
3982
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
3983
|
+
# modified.
|
3984
|
+
#
|
3985
|
+
#
|
3986
|
+
#
|
3987
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
3884
3988
|
# @return [Time]
|
3885
3989
|
#
|
3886
3990
|
# @!attribute [rw] device_last_authenticated_date
|
@@ -3921,8 +4025,8 @@ module Aws::CognitoIdentityProvider
|
|
3921
4025
|
# @return [String]
|
3922
4026
|
#
|
3923
4027
|
# @!attribute [rw] cloud_front_distribution
|
3924
|
-
# The Amazon
|
3925
|
-
#
|
4028
|
+
# The Amazon CloudFront endpoint that you use as the target of the
|
4029
|
+
# alias that you set up with your Domain Name Service (DNS) provider.
|
3926
4030
|
# @return [String]
|
3927
4031
|
#
|
3928
4032
|
# @!attribute [rw] version
|
@@ -3984,9 +4088,13 @@ module Aws::CognitoIdentityProvider
|
|
3984
4088
|
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html
|
3985
4089
|
#
|
3986
4090
|
# @!attribute [rw] source_arn
|
3987
|
-
# The ARN of a verified email address
|
3988
|
-
#
|
3989
|
-
#
|
4091
|
+
# The ARN of a verified email address or an address from a verified
|
4092
|
+
# domain in Amazon SES. You can set a `SourceArn` email from a
|
4093
|
+
# verified domain only with an API request. You can set a verified
|
4094
|
+
# email address, but not an address in a verified domain, in the
|
4095
|
+
# Amazon Cognito console. Amazon Cognito uses the email address that
|
4096
|
+
# you provide in one of the following ways, depending on the value
|
4097
|
+
# that you specify for the `EmailSendingAccount` parameter:
|
3990
4098
|
#
|
3991
4099
|
# * If you specify `COGNITO_DEFAULT`, Amazon Cognito uses this address
|
3992
4100
|
# as the custom FROM address when it emails your users using its
|
@@ -4158,7 +4266,13 @@ module Aws::CognitoIdentityProvider
|
|
4158
4266
|
# Specifies the event feedback type.
|
4159
4267
|
#
|
4160
4268
|
# @!attribute [rw] feedback_value
|
4161
|
-
# The event feedback value.
|
4269
|
+
# The authentication event feedback value. When you provide a
|
4270
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
4271
|
+
# trust a user session where Amazon Cognito has evaluated some level
|
4272
|
+
# of risk. When you provide a `FeedbackValue` value of `invalid`, you
|
4273
|
+
# tell Amazon Cognito that you don't trust a user session, or you
|
4274
|
+
# don't believe that Amazon Cognito evaluated a high-enough risk
|
4275
|
+
# level.
|
4162
4276
|
# @return [String]
|
4163
4277
|
#
|
4164
4278
|
# @!attribute [rw] provider
|
@@ -4332,7 +4446,7 @@ module Aws::CognitoIdentityProvider
|
|
4332
4446
|
:username,
|
4333
4447
|
:analytics_metadata,
|
4334
4448
|
:client_metadata)
|
4335
|
-
SENSITIVE = [:client_id, :secret_hash, :
|
4449
|
+
SENSITIVE = [:client_id, :secret_hash, :username]
|
4336
4450
|
include Aws::Structure
|
4337
4451
|
end
|
4338
4452
|
|
@@ -4480,6 +4594,32 @@ module Aws::CognitoIdentityProvider
|
|
4480
4594
|
include Aws::Structure
|
4481
4595
|
end
|
4482
4596
|
|
4597
|
+
# @!attribute [rw] user_pool_id
|
4598
|
+
# The ID of the user pool where you want to view detailed activity
|
4599
|
+
# logging configuration.
|
4600
|
+
# @return [String]
|
4601
|
+
#
|
4602
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfigurationRequest AWS API Documentation
|
4603
|
+
#
|
4604
|
+
class GetLogDeliveryConfigurationRequest < Struct.new(
|
4605
|
+
:user_pool_id)
|
4606
|
+
SENSITIVE = []
|
4607
|
+
include Aws::Structure
|
4608
|
+
end
|
4609
|
+
|
4610
|
+
# @!attribute [rw] log_delivery_configuration
|
4611
|
+
# The detailed activity logging configuration of the requested user
|
4612
|
+
# pool.
|
4613
|
+
# @return [Types::LogDeliveryConfigurationType]
|
4614
|
+
#
|
4615
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfigurationResponse AWS API Documentation
|
4616
|
+
#
|
4617
|
+
class GetLogDeliveryConfigurationResponse < Struct.new(
|
4618
|
+
:log_delivery_configuration)
|
4619
|
+
SENSITIVE = []
|
4620
|
+
include Aws::Structure
|
4621
|
+
end
|
4622
|
+
|
4483
4623
|
# Request to get a signing certificate from Amazon Cognito.
|
4484
4624
|
#
|
4485
4625
|
# @!attribute [rw] user_pool_id
|
@@ -4675,8 +4815,7 @@ module Aws::CognitoIdentityProvider
|
|
4675
4815
|
# information about the user.
|
4676
4816
|
#
|
4677
4817
|
# @!attribute [rw] username
|
4678
|
-
# The
|
4679
|
-
# request.
|
4818
|
+
# The username of the user that you requested.
|
4680
4819
|
# @return [String]
|
4681
4820
|
#
|
4682
4821
|
# @!attribute [rw] user_attributes
|
@@ -4789,11 +4928,21 @@ module Aws::CognitoIdentityProvider
|
|
4789
4928
|
# @return [Integer]
|
4790
4929
|
#
|
4791
4930
|
# @!attribute [rw] last_modified_date
|
4792
|
-
# The date the
|
4931
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
4932
|
+
# modified.
|
4933
|
+
#
|
4934
|
+
#
|
4935
|
+
#
|
4936
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4793
4937
|
# @return [Time]
|
4794
4938
|
#
|
4795
4939
|
# @!attribute [rw] creation_date
|
4796
|
-
# The date the
|
4940
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
4941
|
+
# created.
|
4942
|
+
#
|
4943
|
+
#
|
4944
|
+
#
|
4945
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4797
4946
|
# @return [Time]
|
4798
4947
|
#
|
4799
4948
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GroupType AWS API Documentation
|
@@ -4927,11 +5076,21 @@ module Aws::CognitoIdentityProvider
|
|
4927
5076
|
# @return [Array<String>]
|
4928
5077
|
#
|
4929
5078
|
# @!attribute [rw] last_modified_date
|
4930
|
-
# The date the
|
5079
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
5080
|
+
# modified.
|
5081
|
+
#
|
5082
|
+
#
|
5083
|
+
#
|
5084
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4931
5085
|
# @return [Time]
|
4932
5086
|
#
|
4933
5087
|
# @!attribute [rw] creation_date
|
4934
|
-
# The date the
|
5088
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
5089
|
+
# created.
|
5090
|
+
#
|
5091
|
+
#
|
5092
|
+
#
|
5093
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4935
5094
|
# @return [Time]
|
4936
5095
|
#
|
4937
5096
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/IdentityProviderType AWS API Documentation
|
@@ -4992,6 +5151,10 @@ module Aws::CognitoIdentityProvider
|
|
4992
5151
|
# `SECRET_HASH` (required if the app client is configured with a
|
4993
5152
|
# client secret), `DEVICE_KEY`.
|
4994
5153
|
#
|
5154
|
+
# * For `USER_PASSWORD_AUTH`: `USERNAME` (required), `PASSWORD`
|
5155
|
+
# (required), `SECRET_HASH` (required if the app client is
|
5156
|
+
# configured with a client secret), `DEVICE_KEY`.
|
5157
|
+
#
|
4995
5158
|
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`: `REFRESH_TOKEN`
|
4996
5159
|
# (required), `SECRET_HASH` (required if the app client is
|
4997
5160
|
# configured with a client secret), `DEVICE_KEY`.
|
@@ -5000,6 +5163,15 @@ module Aws::CognitoIdentityProvider
|
|
5000
5163
|
# client is configured with client secret), `DEVICE_KEY`. To start
|
5001
5164
|
# the authentication flow with password verification, include
|
5002
5165
|
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
5166
|
+
#
|
5167
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
5168
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
5169
|
+
# user devices in your user pool][2].
|
5170
|
+
#
|
5171
|
+
#
|
5172
|
+
#
|
5173
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
5174
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
5003
5175
|
# @return [Hash<String,String>]
|
5004
5176
|
#
|
5005
5177
|
# @!attribute [rw] client_metadata
|
@@ -5091,7 +5263,7 @@ module Aws::CognitoIdentityProvider
|
|
5091
5263
|
:client_id,
|
5092
5264
|
:analytics_metadata,
|
5093
5265
|
:user_context_data)
|
5094
|
-
SENSITIVE = [:auth_parameters, :client_id
|
5266
|
+
SENSITIVE = [:auth_parameters, :client_id]
|
5095
5267
|
include Aws::Structure
|
5096
5268
|
end
|
5097
5269
|
|
@@ -5195,7 +5367,7 @@ module Aws::CognitoIdentityProvider
|
|
5195
5367
|
:session,
|
5196
5368
|
:challenge_parameters,
|
5197
5369
|
:authentication_result)
|
5198
|
-
SENSITIVE = [
|
5370
|
+
SENSITIVE = []
|
5199
5371
|
include Aws::Structure
|
5200
5372
|
end
|
5201
5373
|
|
@@ -5821,9 +5993,10 @@ module Aws::CognitoIdentityProvider
|
|
5821
5993
|
# @return [String]
|
5822
5994
|
#
|
5823
5995
|
# @!attribute [rw] attributes_to_get
|
5824
|
-
#
|
5825
|
-
#
|
5826
|
-
#
|
5996
|
+
# A JSON array of user attribute names, for example `given_name`, that
|
5997
|
+
# you want Amazon Cognito to include in the response for each user.
|
5998
|
+
# When you don't provide an `AttributesToGet` parameter, Amazon
|
5999
|
+
# Cognito returns all attributes for each user.
|
5827
6000
|
# @return [Array<String>]
|
5828
6001
|
#
|
5829
6002
|
# @!attribute [rw] limit
|
@@ -5921,7 +6094,23 @@ module Aws::CognitoIdentityProvider
|
|
5921
6094
|
# The response from the request to list users.
|
5922
6095
|
#
|
5923
6096
|
# @!attribute [rw] users
|
5924
|
-
#
|
6097
|
+
# A list of the user pool users, and their attributes, that match your
|
6098
|
+
# query.
|
6099
|
+
#
|
6100
|
+
# <note markdown="1"> Amazon Cognito creates a profile in your user pool for each native
|
6101
|
+
# user in your user pool, and each unique user ID from your
|
6102
|
+
# third-party identity providers (IdPs). When you link users with the
|
6103
|
+
# [AdminLinkProviderForUser][1] API operation, the output of
|
6104
|
+
# `ListUsers` displays both the IdP user and the native user that you
|
6105
|
+
# linked. You can identify IdP users in the `Users` object of this API
|
6106
|
+
# response by the IdP prefix that Amazon Cognito appends to
|
6107
|
+
# `Username`.
|
6108
|
+
#
|
6109
|
+
# </note>
|
6110
|
+
#
|
6111
|
+
#
|
6112
|
+
#
|
6113
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
|
5925
6114
|
# @return [Array<Types::UserType>]
|
5926
6115
|
#
|
5927
6116
|
# @!attribute [rw] pagination_token
|
@@ -5939,6 +6128,52 @@ module Aws::CognitoIdentityProvider
|
|
5939
6128
|
include Aws::Structure
|
5940
6129
|
end
|
5941
6130
|
|
6131
|
+
# The logging parameters of a user pool.
|
6132
|
+
#
|
6133
|
+
# @!attribute [rw] log_level
|
6134
|
+
# The `errorlevel` selection of logs that a user pool sends for
|
6135
|
+
# detailed activity logging.
|
6136
|
+
# @return [String]
|
6137
|
+
#
|
6138
|
+
# @!attribute [rw] event_source
|
6139
|
+
# The source of events that your user pool sends for detailed activity
|
6140
|
+
# logging.
|
6141
|
+
# @return [String]
|
6142
|
+
#
|
6143
|
+
# @!attribute [rw] cloud_watch_logs_configuration
|
6144
|
+
# The CloudWatch logging destination of a user pool.
|
6145
|
+
# @return [Types::CloudWatchLogsConfigurationType]
|
6146
|
+
#
|
6147
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/LogConfigurationType AWS API Documentation
|
6148
|
+
#
|
6149
|
+
class LogConfigurationType < Struct.new(
|
6150
|
+
:log_level,
|
6151
|
+
:event_source,
|
6152
|
+
:cloud_watch_logs_configuration)
|
6153
|
+
SENSITIVE = []
|
6154
|
+
include Aws::Structure
|
6155
|
+
end
|
6156
|
+
|
6157
|
+
# The logging parameters of a user pool.
|
6158
|
+
#
|
6159
|
+
# @!attribute [rw] user_pool_id
|
6160
|
+
# The ID of the user pool where you configured detailed activity
|
6161
|
+
# logging.
|
6162
|
+
# @return [String]
|
6163
|
+
#
|
6164
|
+
# @!attribute [rw] log_configurations
|
6165
|
+
# The detailed activity logging destination of a user pool.
|
6166
|
+
# @return [Array<Types::LogConfigurationType>]
|
6167
|
+
#
|
6168
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/LogDeliveryConfigurationType AWS API Documentation
|
6169
|
+
#
|
6170
|
+
class LogDeliveryConfigurationType < Struct.new(
|
6171
|
+
:user_pool_id,
|
6172
|
+
:log_configurations)
|
6173
|
+
SENSITIVE = []
|
6174
|
+
include Aws::Structure
|
6175
|
+
end
|
6176
|
+
|
5942
6177
|
# This exception is thrown when Amazon Cognito can't find a
|
5943
6178
|
# multi-factor authentication (MFA) method.
|
5944
6179
|
#
|
@@ -6232,7 +6467,12 @@ module Aws::CognitoIdentityProvider
|
|
6232
6467
|
# @return [Time]
|
6233
6468
|
#
|
6234
6469
|
# @!attribute [rw] creation_date
|
6235
|
-
# The date
|
6470
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
6471
|
+
# created.
|
6472
|
+
#
|
6473
|
+
#
|
6474
|
+
#
|
6475
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
6236
6476
|
# @return [Time]
|
6237
6477
|
#
|
6238
6478
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ProviderDescription AWS API Documentation
|
@@ -6370,7 +6610,7 @@ module Aws::CognitoIdentityProvider
|
|
6370
6610
|
:username,
|
6371
6611
|
:analytics_metadata,
|
6372
6612
|
:client_metadata)
|
6373
|
-
SENSITIVE = [:client_id, :secret_hash, :
|
6613
|
+
SENSITIVE = [:client_id, :secret_hash, :username]
|
6374
6614
|
include Aws::Structure
|
6375
6615
|
end
|
6376
6616
|
|
@@ -6528,6 +6768,15 @@ module Aws::CognitoIdentityProvider
|
|
6528
6768
|
# * `MFA_SETUP` requires `USERNAME`, plus you must use the session
|
6529
6769
|
# value returned by `VerifySoftwareToken` in the `Session`
|
6530
6770
|
# parameter.
|
6771
|
+
#
|
6772
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
6773
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
6774
|
+
# user devices in your user pool][2].
|
6775
|
+
#
|
6776
|
+
#
|
6777
|
+
#
|
6778
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
6779
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
6531
6780
|
# @return [Hash<String,String>]
|
6532
6781
|
#
|
6533
6782
|
# @!attribute [rw] analytics_metadata
|
@@ -6593,7 +6842,7 @@ module Aws::CognitoIdentityProvider
|
|
6593
6842
|
:analytics_metadata,
|
6594
6843
|
:user_context_data,
|
6595
6844
|
:client_metadata)
|
6596
|
-
SENSITIVE = [:client_id
|
6845
|
+
SENSITIVE = [:client_id]
|
6597
6846
|
include Aws::Structure
|
6598
6847
|
end
|
6599
6848
|
|
@@ -6636,7 +6885,7 @@ module Aws::CognitoIdentityProvider
|
|
6636
6885
|
:session,
|
6637
6886
|
:challenge_parameters,
|
6638
6887
|
:authentication_result)
|
6639
|
-
SENSITIVE = [
|
6888
|
+
SENSITIVE = []
|
6640
6889
|
include Aws::Structure
|
6641
6890
|
end
|
6642
6891
|
|
@@ -6693,7 +6942,12 @@ module Aws::CognitoIdentityProvider
|
|
6693
6942
|
# @return [Types::RiskExceptionConfigurationType]
|
6694
6943
|
#
|
6695
6944
|
# @!attribute [rw] last_modified_date
|
6696
|
-
# The
|
6945
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
6946
|
+
# modified.
|
6947
|
+
#
|
6948
|
+
#
|
6949
|
+
#
|
6950
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
6697
6951
|
# @return [Time]
|
6698
6952
|
#
|
6699
6953
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RiskConfigurationType AWS API Documentation
|
@@ -6760,14 +7014,27 @@ module Aws::CognitoIdentityProvider
|
|
6760
7014
|
include Aws::Structure
|
6761
7015
|
end
|
6762
7016
|
|
6763
|
-
#
|
7017
|
+
# A list of the user attributes and their properties in your user pool.
|
7018
|
+
# The attribute schema contains standard attributes, custom attributes
|
7019
|
+
# with a `custom:` prefix, and developer attributes with a `dev:`
|
7020
|
+
# prefix. For more information, see [User pool attributes][1].
|
7021
|
+
#
|
7022
|
+
# Developer-only attributes are a legacy feature of user pools, are
|
7023
|
+
# read-only to all app clients. You can create and update developer-only
|
7024
|
+
# attributes only with IAM-authenticated API operations. Use app client
|
7025
|
+
# read/write permissions instead.
|
7026
|
+
#
|
7027
|
+
#
|
7028
|
+
#
|
7029
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
|
6764
7030
|
#
|
6765
7031
|
# @!attribute [rw] name
|
6766
|
-
#
|
7032
|
+
# The name of your user pool attribute, for example `username` or
|
7033
|
+
# `custom:costcenter`.
|
6767
7034
|
# @return [String]
|
6768
7035
|
#
|
6769
7036
|
# @!attribute [rw] attribute_data_type
|
6770
|
-
# The
|
7037
|
+
# The data format of the values for your attribute.
|
6771
7038
|
# @return [String]
|
6772
7039
|
#
|
6773
7040
|
# @!attribute [rw] developer_only_attribute
|
@@ -6792,13 +7059,13 @@ module Aws::CognitoIdentityProvider
|
|
6792
7059
|
# @!attribute [rw] mutable
|
6793
7060
|
# Specifies whether the value of the attribute can be changed.
|
6794
7061
|
#
|
6795
|
-
#
|
6796
|
-
# must
|
6797
|
-
# attributes when users sign in to your application
|
6798
|
-
# an attribute is immutable, Amazon Cognito throws
|
6799
|
-
# attempts to update the attribute. For more
|
6800
|
-
# [Specifying Identity Provider Attribute Mappings
|
6801
|
-
# Pool][1].
|
7062
|
+
# Any user pool attribute whose value you map from an IdP attribute
|
7063
|
+
# must be mutable, with a parameter value of `true`. Amazon Cognito
|
7064
|
+
# updates mapped attributes when users sign in to your application
|
7065
|
+
# through an IdP. If an attribute is immutable, Amazon Cognito throws
|
7066
|
+
# an error when it attempts to update the attribute. For more
|
7067
|
+
# information, see [Specifying Identity Provider Attribute Mappings
|
7068
|
+
# for Your User Pool][1].
|
6802
7069
|
#
|
6803
7070
|
#
|
6804
7071
|
#
|
@@ -6846,6 +7113,38 @@ module Aws::CognitoIdentityProvider
|
|
6846
7113
|
include Aws::Structure
|
6847
7114
|
end
|
6848
7115
|
|
7116
|
+
# @!attribute [rw] user_pool_id
|
7117
|
+
# The ID of the user pool where you want to configure detailed
|
7118
|
+
# activity logging .
|
7119
|
+
# @return [String]
|
7120
|
+
#
|
7121
|
+
# @!attribute [rw] log_configurations
|
7122
|
+
# A collection of all of the detailed activity logging configurations
|
7123
|
+
# for a user pool.
|
7124
|
+
# @return [Array<Types::LogConfigurationType>]
|
7125
|
+
#
|
7126
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfigurationRequest AWS API Documentation
|
7127
|
+
#
|
7128
|
+
class SetLogDeliveryConfigurationRequest < Struct.new(
|
7129
|
+
:user_pool_id,
|
7130
|
+
:log_configurations)
|
7131
|
+
SENSITIVE = []
|
7132
|
+
include Aws::Structure
|
7133
|
+
end
|
7134
|
+
|
7135
|
+
# @!attribute [rw] log_delivery_configuration
|
7136
|
+
# The detailed activity logging configuration that you applied to the
|
7137
|
+
# requested user pool.
|
7138
|
+
# @return [Types::LogDeliveryConfigurationType]
|
7139
|
+
#
|
7140
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfigurationResponse AWS API Documentation
|
7141
|
+
#
|
7142
|
+
class SetLogDeliveryConfigurationResponse < Struct.new(
|
7143
|
+
:log_delivery_configuration)
|
7144
|
+
SENSITIVE = []
|
7145
|
+
include Aws::Structure
|
7146
|
+
end
|
7147
|
+
|
6849
7148
|
# @!attribute [rw] user_pool_id
|
6850
7149
|
# The user pool ID.
|
6851
7150
|
# @return [String]
|
@@ -7154,7 +7453,7 @@ module Aws::CognitoIdentityProvider
|
|
7154
7453
|
:analytics_metadata,
|
7155
7454
|
:user_context_data,
|
7156
7455
|
:client_metadata)
|
7157
|
-
SENSITIVE = [:client_id, :secret_hash, :username, :password
|
7456
|
+
SENSITIVE = [:client_id, :secret_hash, :username, :password]
|
7158
7457
|
include Aws::Structure
|
7159
7458
|
end
|
7160
7459
|
|
@@ -7451,18 +7750,23 @@ module Aws::CognitoIdentityProvider
|
|
7451
7750
|
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
7452
7751
|
# value that you set in the `AccessTokenValidity` parameter. The
|
7453
7752
|
# default `AccessTokenValidity` time unit is hours.
|
7753
|
+
# `AccessTokenValidity` duration can range from five minutes to one
|
7754
|
+
# day.
|
7454
7755
|
# @return [String]
|
7455
7756
|
#
|
7456
7757
|
# @!attribute [rw] id_token
|
7457
7758
|
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
7458
7759
|
# value that you set in the `IdTokenValidity` parameter. The default
|
7459
|
-
# `IdTokenValidity` time unit is hours.
|
7760
|
+
# `IdTokenValidity` time unit is hours. `IdTokenValidity` duration can
|
7761
|
+
# range from five minutes to one day.
|
7460
7762
|
# @return [String]
|
7461
7763
|
#
|
7462
7764
|
# @!attribute [rw] refresh_token
|
7463
7765
|
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
7464
7766
|
# value that you set in the `RefreshTokenValidity` parameter. The
|
7465
7767
|
# default `RefreshTokenValidity` time unit is days.
|
7768
|
+
# `RefreshTokenValidity` duration can range from 60 minutes to 10
|
7769
|
+
# years.
|
7466
7770
|
# @return [String]
|
7467
7771
|
#
|
7468
7772
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TokenValidityUnitsType AWS API Documentation
|
@@ -7531,11 +7835,21 @@ module Aws::CognitoIdentityProvider
|
|
7531
7835
|
# @return [String]
|
7532
7836
|
#
|
7533
7837
|
# @!attribute [rw] last_modified_date
|
7534
|
-
# The
|
7838
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
7839
|
+
# modified.
|
7840
|
+
#
|
7841
|
+
#
|
7842
|
+
#
|
7843
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
7535
7844
|
# @return [Time]
|
7536
7845
|
#
|
7537
7846
|
# @!attribute [rw] creation_date
|
7538
|
-
# The
|
7847
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
7848
|
+
# created.
|
7849
|
+
#
|
7850
|
+
#
|
7851
|
+
#
|
7852
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
7539
7853
|
# @return [Time]
|
7540
7854
|
#
|
7541
7855
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UICustomizationType AWS API Documentation
|
@@ -7677,7 +7991,13 @@ module Aws::CognitoIdentityProvider
|
|
7677
7991
|
# @return [String]
|
7678
7992
|
#
|
7679
7993
|
# @!attribute [rw] feedback_value
|
7680
|
-
# The authentication event feedback value.
|
7994
|
+
# The authentication event feedback value. When you provide a
|
7995
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
7996
|
+
# trust a user session where Amazon Cognito has evaluated some level
|
7997
|
+
# of risk. When you provide a `FeedbackValue` value of `invalid`, you
|
7998
|
+
# tell Amazon Cognito that you don't trust a user session, or you
|
7999
|
+
# don't believe that Amazon Cognito evaluated a high-enough risk
|
8000
|
+
# level.
|
7681
8001
|
# @return [String]
|
7682
8002
|
#
|
7683
8003
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateAuthEventFeedbackRequest AWS API Documentation
|
@@ -8009,7 +8329,7 @@ module Aws::CognitoIdentityProvider
|
|
8009
8329
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
8010
8330
|
# session with their ID token for 10 hours.
|
8011
8331
|
#
|
8012
|
-
# The default time unit for `
|
8332
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
8013
8333
|
# hours. *Valid range* is displayed below in seconds.
|
8014
8334
|
#
|
8015
8335
|
# If you don't specify otherwise in the configuration of your app
|
@@ -8017,9 +8337,9 @@ module Aws::CognitoIdentityProvider
|
|
8017
8337
|
# @return [Integer]
|
8018
8338
|
#
|
8019
8339
|
# @!attribute [rw] token_validity_units
|
8020
|
-
# The units
|
8021
|
-
# unit for RefreshToken is days, and the
|
8022
|
-
# tokens is hours.
|
8340
|
+
# The time units you use when you set the duration of ID, access, and
|
8341
|
+
# refresh tokens. The default unit for RefreshToken is days, and the
|
8342
|
+
# default for ID and access tokens is hours.
|
8023
8343
|
# @return [Types::TokenValidityUnitsType]
|
8024
8344
|
#
|
8025
8345
|
# @!attribute [rw] read_attributes
|
@@ -8157,8 +8477,27 @@ module Aws::CognitoIdentityProvider
|
|
8157
8477
|
# @return [Array<String>]
|
8158
8478
|
#
|
8159
8479
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
8160
|
-
# Set to true
|
8161
|
-
#
|
8480
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app
|
8481
|
+
# client.
|
8482
|
+
#
|
8483
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
8484
|
+
# configure the following features in your app client.
|
8485
|
+
#
|
8486
|
+
# * `CallBackURLs`: Callback URLs.
|
8487
|
+
#
|
8488
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
8489
|
+
#
|
8490
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
8491
|
+
#
|
8492
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
8493
|
+
# client credentials OAuth 2.0 grants.
|
8494
|
+
#
|
8495
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
8496
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
8497
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
8498
|
+
# request. If you don't set a value for
|
8499
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
8500
|
+
# it defaults to `false`.
|
8162
8501
|
# @return [Boolean]
|
8163
8502
|
#
|
8164
8503
|
# @!attribute [rw] analytics_configuration
|
@@ -8453,8 +8792,17 @@ module Aws::CognitoIdentityProvider
|
|
8453
8792
|
# @return [Types::AdminCreateUserConfigType]
|
8454
8793
|
#
|
8455
8794
|
# @!attribute [rw] user_pool_add_ons
|
8456
|
-
#
|
8457
|
-
#
|
8795
|
+
# User pool add-ons. Contains settings for activation of advanced
|
8796
|
+
# security features. To log user security information but take no
|
8797
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
8798
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
8799
|
+
#
|
8800
|
+
# For more information, see [Adding advanced security to a user
|
8801
|
+
# pool][1].
|
8802
|
+
#
|
8803
|
+
#
|
8804
|
+
#
|
8805
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
8458
8806
|
# @return [Types::UserPoolAddOnsType]
|
8459
8807
|
#
|
8460
8808
|
# @!attribute [rw] account_recovery_setting
|
@@ -8523,8 +8871,8 @@ module Aws::CognitoIdentityProvider
|
|
8523
8871
|
#
|
8524
8872
|
# You can verify an updated email address or phone number with a
|
8525
8873
|
# [VerifyUserAttribute][1] API request. You can also call the
|
8526
|
-
# [
|
8527
|
-
#
|
8874
|
+
# [AdminUpdateUserAttributes][2] API and set `email_verified` or
|
8875
|
+
# `phone_number_verified` to true.
|
8528
8876
|
#
|
8529
8877
|
# When `AttributesRequireVerificationBeforeUpdate` is false, your user
|
8530
8878
|
# pool doesn't require that your users verify attribute changes
|
@@ -8536,8 +8884,7 @@ module Aws::CognitoIdentityProvider
|
|
8536
8884
|
#
|
8537
8885
|
#
|
8538
8886
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html
|
8539
|
-
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/
|
8540
|
-
# [3]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
|
8887
|
+
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
|
8541
8888
|
# @return [Array<String>]
|
8542
8889
|
#
|
8543
8890
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserAttributeUpdateSettingsType AWS API Documentation
|
@@ -8611,7 +8958,12 @@ module Aws::CognitoIdentityProvider
|
|
8611
8958
|
# @return [String]
|
8612
8959
|
#
|
8613
8960
|
# @!attribute [rw] creation_date
|
8614
|
-
# The date
|
8961
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
8962
|
+
# created.
|
8963
|
+
#
|
8964
|
+
#
|
8965
|
+
#
|
8966
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
8615
8967
|
# @return [Time]
|
8616
8968
|
#
|
8617
8969
|
# @!attribute [rw] start_date
|
@@ -8747,10 +9099,20 @@ module Aws::CognitoIdentityProvider
|
|
8747
9099
|
include Aws::Structure
|
8748
9100
|
end
|
8749
9101
|
|
8750
|
-
#
|
9102
|
+
# User pool add-ons. Contains settings for activation of advanced
|
9103
|
+
# security features. To log user security information but take no
|
9104
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
9105
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
9106
|
+
#
|
9107
|
+
# For more information, see [Adding advanced security to a user
|
9108
|
+
# pool][1].
|
9109
|
+
#
|
9110
|
+
#
|
9111
|
+
#
|
9112
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
8751
9113
|
#
|
8752
9114
|
# @!attribute [rw] advanced_security_mode
|
8753
|
-
# The advanced security
|
9115
|
+
# The operating mode of advanced security features in your user pool.
|
8754
9116
|
# @return [String]
|
8755
9117
|
#
|
8756
9118
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolAddOnsType AWS API Documentation
|
@@ -8805,11 +9167,21 @@ module Aws::CognitoIdentityProvider
|
|
8805
9167
|
# @return [String]
|
8806
9168
|
#
|
8807
9169
|
# @!attribute [rw] last_modified_date
|
8808
|
-
# The date
|
9170
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9171
|
+
# modified.
|
9172
|
+
#
|
9173
|
+
#
|
9174
|
+
#
|
9175
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
8809
9176
|
# @return [Time]
|
8810
9177
|
#
|
8811
9178
|
# @!attribute [rw] creation_date
|
8812
|
-
# The date
|
9179
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9180
|
+
# created.
|
9181
|
+
#
|
9182
|
+
#
|
9183
|
+
#
|
9184
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
8813
9185
|
# @return [Time]
|
8814
9186
|
#
|
8815
9187
|
# @!attribute [rw] refresh_token_validity
|
@@ -8858,7 +9230,7 @@ module Aws::CognitoIdentityProvider
|
|
8858
9230
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
8859
9231
|
# session with their ID token for 10 hours.
|
8860
9232
|
#
|
8861
|
-
# The default time unit for `
|
9233
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
8862
9234
|
# hours. *Valid range* is displayed below in seconds.
|
8863
9235
|
#
|
8864
9236
|
# If you don't specify otherwise in the configuration of your app
|
@@ -9006,8 +9378,27 @@ module Aws::CognitoIdentityProvider
|
|
9006
9378
|
# @return [Array<String>]
|
9007
9379
|
#
|
9008
9380
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
9009
|
-
# Set to true
|
9010
|
-
#
|
9381
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app
|
9382
|
+
# client.
|
9383
|
+
#
|
9384
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
9385
|
+
# configure the following features in your app client.
|
9386
|
+
#
|
9387
|
+
# * `CallBackURLs`: Callback URLs.
|
9388
|
+
#
|
9389
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
9390
|
+
#
|
9391
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
9392
|
+
#
|
9393
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
9394
|
+
# client credentials OAuth 2.0 grants.
|
9395
|
+
#
|
9396
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
9397
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
9398
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
9399
|
+
# request. If you don't set a value for
|
9400
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
9401
|
+
# it defaults to `false`.
|
9011
9402
|
# @return [Boolean]
|
9012
9403
|
#
|
9013
9404
|
# @!attribute [rw] analytics_configuration
|
@@ -9136,11 +9527,21 @@ module Aws::CognitoIdentityProvider
|
|
9136
9527
|
# @return [String]
|
9137
9528
|
#
|
9138
9529
|
# @!attribute [rw] last_modified_date
|
9139
|
-
# The date
|
9530
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9531
|
+
# modified.
|
9532
|
+
#
|
9533
|
+
#
|
9534
|
+
#
|
9535
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9140
9536
|
# @return [Time]
|
9141
9537
|
#
|
9142
9538
|
# @!attribute [rw] creation_date
|
9143
|
-
# The date
|
9539
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9540
|
+
# created.
|
9541
|
+
#
|
9542
|
+
#
|
9543
|
+
#
|
9544
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9144
9545
|
# @return [Time]
|
9145
9546
|
#
|
9146
9547
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolDescriptionType AWS API Documentation
|
@@ -9219,15 +9620,37 @@ module Aws::CognitoIdentityProvider
|
|
9219
9620
|
# @return [String]
|
9220
9621
|
#
|
9221
9622
|
# @!attribute [rw] last_modified_date
|
9222
|
-
# The date
|
9623
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9624
|
+
# modified.
|
9625
|
+
#
|
9626
|
+
#
|
9627
|
+
#
|
9628
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9223
9629
|
# @return [Time]
|
9224
9630
|
#
|
9225
9631
|
# @!attribute [rw] creation_date
|
9226
|
-
# The date the
|
9632
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9633
|
+
# created.
|
9634
|
+
#
|
9635
|
+
#
|
9636
|
+
#
|
9637
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9227
9638
|
# @return [Time]
|
9228
9639
|
#
|
9229
9640
|
# @!attribute [rw] schema_attributes
|
9230
|
-
# A
|
9641
|
+
# A list of the user attributes and their properties in your user
|
9642
|
+
# pool. The attribute schema contains standard attributes, custom
|
9643
|
+
# attributes with a `custom:` prefix, and developer attributes with a
|
9644
|
+
# `dev:` prefix. For more information, see [User pool attributes][1].
|
9645
|
+
#
|
9646
|
+
# Developer-only attributes are a legacy feature of user pools, are
|
9647
|
+
# read-only to all app clients. You can create and update
|
9648
|
+
# developer-only attributes only with IAM-authenticated API
|
9649
|
+
# operations. Use app client read/write permissions instead.
|
9650
|
+
#
|
9651
|
+
#
|
9652
|
+
#
|
9653
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
|
9231
9654
|
# @return [Array<Types::SchemaAttributeType>]
|
9232
9655
|
#
|
9233
9656
|
# @!attribute [rw] auto_verified_attributes
|
@@ -9322,7 +9745,7 @@ module Aws::CognitoIdentityProvider
|
|
9322
9745
|
# @!attribute [rw] email_configuration
|
9323
9746
|
# The email configuration of your user pool. The email configuration
|
9324
9747
|
# type sets your preferred sending method, Amazon Web Services Region,
|
9325
|
-
# and sender for messages
|
9748
|
+
# and sender for messages from your user pool.
|
9326
9749
|
# @return [Types::EmailConfigurationType]
|
9327
9750
|
#
|
9328
9751
|
# @!attribute [rw] sms_configuration
|
@@ -9358,10 +9781,10 @@ module Aws::CognitoIdentityProvider
|
|
9358
9781
|
#
|
9359
9782
|
# : The Amazon Web Services account is in the SNS SMS Sandbox and
|
9360
9783
|
# messages will only reach verified end users. This parameter won’t
|
9361
|
-
# get populated with SNSSandbox if the
|
9362
|
-
#
|
9363
|
-
#
|
9364
|
-
#
|
9784
|
+
# get populated with SNSSandbox if the user creating the user pool
|
9785
|
+
# doesn’t have SNS permissions. To learn how to move your Amazon Web
|
9786
|
+
# Services account out of the sandbox, see [Moving out of the SMS
|
9787
|
+
# sandbox][2].
|
9365
9788
|
#
|
9366
9789
|
#
|
9367
9790
|
#
|
@@ -9398,7 +9821,17 @@ module Aws::CognitoIdentityProvider
|
|
9398
9821
|
# @return [Types::AdminCreateUserConfigType]
|
9399
9822
|
#
|
9400
9823
|
# @!attribute [rw] user_pool_add_ons
|
9401
|
-
#
|
9824
|
+
# User pool add-ons. Contains settings for activation of advanced
|
9825
|
+
# security features. To log user security information but take no
|
9826
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
9827
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
9828
|
+
#
|
9829
|
+
# For more information, see [Adding advanced security to a user
|
9830
|
+
# pool][1].
|
9831
|
+
#
|
9832
|
+
#
|
9833
|
+
#
|
9834
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
9402
9835
|
# @return [Types::UserPoolAddOnsType]
|
9403
9836
|
#
|
9404
9837
|
# @!attribute [rw] username_configuration
|
@@ -9483,7 +9916,12 @@ module Aws::CognitoIdentityProvider
|
|
9483
9916
|
# @return [Time]
|
9484
9917
|
#
|
9485
9918
|
# @!attribute [rw] user_last_modified_date
|
9486
|
-
# The
|
9919
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9920
|
+
# modified.
|
9921
|
+
#
|
9922
|
+
#
|
9923
|
+
#
|
9924
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9487
9925
|
# @return [Time]
|
9488
9926
|
#
|
9489
9927
|
# @!attribute [rw] enabled
|
@@ -9499,8 +9937,6 @@ module Aws::CognitoIdentityProvider
|
|
9499
9937
|
#
|
9500
9938
|
# * EXTERNAL\_PROVIDER - User signed in with a third-party IdP.
|
9501
9939
|
#
|
9502
|
-
# * ARCHIVED - User is no longer active.
|
9503
|
-
#
|
9504
9940
|
# * UNKNOWN - User status isn't known.
|
9505
9941
|
#
|
9506
9942
|
# * RESET\_REQUIRED - User is confirmed, but the user must request a
|
@@ -9534,7 +9970,11 @@ module Aws::CognitoIdentityProvider
|
|
9534
9970
|
#
|
9535
9971
|
# @!attribute [rw] case_sensitive
|
9536
9972
|
# Specifies whether user name case sensitivity will be applied for all
|
9537
|
-
# users in the user pool through Amazon Cognito APIs.
|
9973
|
+
# users in the user pool through Amazon Cognito APIs. For most use
|
9974
|
+
# cases, set case sensitivity to `False` (case insensitive) as a best
|
9975
|
+
# practice. When usernames and email addresses are case insensitive,
|
9976
|
+
# users can sign in as the same user when they enter a different
|
9977
|
+
# capitalization of their user name.
|
9538
9978
|
#
|
9539
9979
|
# Valid values include:
|
9540
9980
|
#
|
@@ -9548,10 +9988,10 @@ module Aws::CognitoIdentityProvider
|
|
9548
9988
|
# False
|
9549
9989
|
#
|
9550
9990
|
# : Enables case insensitivity for all username input. For example,
|
9551
|
-
# when this option is set to `False`, users can sign in using
|
9552
|
-
#
|
9553
|
-
# `preferred_username` and `email` alias to be case
|
9554
|
-
# addition to the `username` attribute.
|
9991
|
+
# when this option is set to `False`, users can sign in using
|
9992
|
+
# `username`, `USERNAME`, or `UserName`. This option also enables
|
9993
|
+
# both `preferred_username` and `email` alias to be case
|
9994
|
+
# insensitive, in addition to the `username` attribute.
|
9555
9995
|
# @return [Boolean]
|
9556
9996
|
#
|
9557
9997
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UsernameConfigurationType AWS API Documentation
|
@@ -9681,7 +10121,7 @@ module Aws::CognitoIdentityProvider
|
|
9681
10121
|
:session,
|
9682
10122
|
:user_code,
|
9683
10123
|
:friendly_device_name)
|
9684
|
-
SENSITIVE = [:access_token
|
10124
|
+
SENSITIVE = [:access_token]
|
9685
10125
|
include Aws::Structure
|
9686
10126
|
end
|
9687
10127
|
|
@@ -9699,7 +10139,7 @@ module Aws::CognitoIdentityProvider
|
|
9699
10139
|
class VerifySoftwareTokenResponse < Struct.new(
|
9700
10140
|
:status,
|
9701
10141
|
:session)
|
9702
|
-
SENSITIVE = [
|
10142
|
+
SENSITIVE = []
|
9703
10143
|
include Aws::Structure
|
9704
10144
|
end
|
9705
10145
|
|