aws-sdk-cognitoidentityprovider 1.79.0 → 1.80.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +1512 -155
- data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +63 -0
- data/lib/aws-sdk-cognitoidentityprovider/endpoints.rb +28 -0
- data/lib/aws-sdk-cognitoidentityprovider/plugins/endpoints.rb +4 -0
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +560 -120
- data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
- metadata +2 -2
@@ -147,7 +147,7 @@ module Aws::CognitoIdentityProvider
|
|
147
147
|
include Aws::Structure
|
148
148
|
end
|
149
149
|
|
150
|
-
#
|
150
|
+
# Confirm a user's registration as a user pool administrator.
|
151
151
|
#
|
152
152
|
# @!attribute [rw] user_pool_id
|
153
153
|
# The user pool ID for which you want to confirm user registration.
|
@@ -332,10 +332,9 @@ module Aws::CognitoIdentityProvider
|
|
332
332
|
# Amazon Cognito generates one for you.
|
333
333
|
#
|
334
334
|
# The temporary password can only be used until the user account
|
335
|
-
# expiration limit that you
|
336
|
-
#
|
337
|
-
#
|
338
|
-
# `MessageAction` parameter.
|
335
|
+
# expiration limit that you set for your user pool. To reset the
|
336
|
+
# account after that time limit, you must call `AdminCreateUser` again
|
337
|
+
# and specify `RESEND` for the `MessageAction` parameter.
|
339
338
|
# @return [String]
|
340
339
|
#
|
341
340
|
# @!attribute [rw] force_alias_creation
|
@@ -654,7 +653,7 @@ module Aws::CognitoIdentityProvider
|
|
654
653
|
# specified user as an administrator.
|
655
654
|
#
|
656
655
|
# @!attribute [rw] username
|
657
|
-
# The
|
656
|
+
# The username of the user that you requested.
|
658
657
|
# @return [String]
|
659
658
|
#
|
660
659
|
# @!attribute [rw] user_attributes
|
@@ -666,7 +665,12 @@ module Aws::CognitoIdentityProvider
|
|
666
665
|
# @return [Time]
|
667
666
|
#
|
668
667
|
# @!attribute [rw] user_last_modified_date
|
669
|
-
# The date the
|
668
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
669
|
+
# modified.
|
670
|
+
#
|
671
|
+
#
|
672
|
+
#
|
673
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
670
674
|
# @return [Time]
|
671
675
|
#
|
672
676
|
# @!attribute [rw] enabled
|
@@ -680,8 +684,6 @@ module Aws::CognitoIdentityProvider
|
|
680
684
|
#
|
681
685
|
# * CONFIRMED - User has been confirmed.
|
682
686
|
#
|
683
|
-
# * ARCHIVED - User is no longer active.
|
684
|
-
#
|
685
687
|
# * UNKNOWN - User status isn't known.
|
686
688
|
#
|
687
689
|
# * RESET\_REQUIRED - User is confirmed, but the user must request a
|
@@ -781,18 +783,27 @@ module Aws::CognitoIdentityProvider
|
|
781
783
|
# `SECRET_HASH` (required if the app client is configured with a
|
782
784
|
# client secret), `DEVICE_KEY`.
|
783
785
|
#
|
784
|
-
# * For `
|
786
|
+
# * For `ADMIN_USER_PASSWORD_AUTH`: `USERNAME` (required), `PASSWORD`
|
785
787
|
# (required), `SECRET_HASH` (required if the app client is
|
786
788
|
# configured with a client secret), `DEVICE_KEY`.
|
787
789
|
#
|
788
|
-
# * For `
|
789
|
-
#
|
790
|
-
#
|
790
|
+
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`: `REFRESH_TOKEN`
|
791
|
+
# (required), `SECRET_HASH` (required if the app client is
|
792
|
+
# configured with a client secret), `DEVICE_KEY`.
|
791
793
|
#
|
792
794
|
# * For `CUSTOM_AUTH`: `USERNAME` (required), `SECRET_HASH` (if app
|
793
795
|
# client is configured with client secret), `DEVICE_KEY`. To start
|
794
796
|
# the authentication flow with password verification, include
|
795
797
|
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
798
|
+
#
|
799
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
800
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
801
|
+
# user devices in your user pool][2].
|
802
|
+
#
|
803
|
+
#
|
804
|
+
#
|
805
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
806
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
796
807
|
# @return [Hash<String,String>]
|
797
808
|
#
|
798
809
|
# @!attribute [rw] client_metadata
|
@@ -995,7 +1006,7 @@ module Aws::CognitoIdentityProvider
|
|
995
1006
|
:session,
|
996
1007
|
:challenge_parameters,
|
997
1008
|
:authentication_result)
|
998
|
-
SENSITIVE = [
|
1009
|
+
SENSITIVE = []
|
999
1010
|
include Aws::Structure
|
1000
1011
|
end
|
1001
1012
|
|
@@ -1005,7 +1016,7 @@ module Aws::CognitoIdentityProvider
|
|
1005
1016
|
#
|
1006
1017
|
# @!attribute [rw] destination_user
|
1007
1018
|
# The existing user in the user pool that you want to assign to the
|
1008
|
-
# external IdP user account. This user can be a
|
1019
|
+
# external IdP user account. This user can be a local (Username +
|
1009
1020
|
# Password) Amazon Cognito user pools user or a federated user (for
|
1010
1021
|
# example, a SAML or Facebook user). If the user doesn't exist,
|
1011
1022
|
# Amazon Cognito generates an exception. Amazon Cognito returns this
|
@@ -1042,13 +1053,22 @@ module Aws::CognitoIdentityProvider
|
|
1042
1053
|
#
|
1043
1054
|
#
|
1044
1055
|
#
|
1056
|
+
# For OIDC, the `ProviderAttributeName` can be any value that matches
|
1057
|
+
# a claim in the ID token, or that your app retrieves from the
|
1058
|
+
# `userInfo` endpoint. You must map the claim to a user pool attribute
|
1059
|
+
# in your IdP configuration, and set the user pool attribute name as
|
1060
|
+
# the value of `ProviderAttributeName` in your
|
1061
|
+
# `AdminLinkProviderForUser` request.
|
1062
|
+
#
|
1045
1063
|
# For SAML, the `ProviderAttributeName` can be any value that matches
|
1046
|
-
# a claim in the SAML assertion.
|
1047
|
-
#
|
1048
|
-
#
|
1049
|
-
# `ProviderAttributeName
|
1050
|
-
#
|
1051
|
-
#
|
1064
|
+
# a claim in the SAML assertion. To link SAML users based on the
|
1065
|
+
# subject of the SAML assertion, map the subject to a claim through
|
1066
|
+
# the SAML IdP and set that claim name as the value of
|
1067
|
+
# `ProviderAttributeName` in your `AdminLinkProviderForUser` request.
|
1068
|
+
#
|
1069
|
+
# For both OIDC and SAML users, when you set `ProviderAttributeName`
|
1070
|
+
# to `Cognito_Subject`, Amazon Cognito will automatically parse the
|
1071
|
+
# default unique identifier found in the subject from the IdP token.
|
1052
1072
|
# @return [Types::ProviderUserIdentifierType]
|
1053
1073
|
#
|
1054
1074
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminLinkProviderForUserRequest AWS API Documentation
|
@@ -1363,6 +1383,15 @@ module Aws::CognitoIdentityProvider
|
|
1363
1383
|
# actual username value in the `USERNAMEUSER_ID_FOR_SRP` attribute.
|
1364
1384
|
# This happens even if you specified an alias in your call to
|
1365
1385
|
# `AdminInitiateAuth`.
|
1386
|
+
#
|
1387
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
1388
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
1389
|
+
# user devices in your user pool][2].
|
1390
|
+
#
|
1391
|
+
#
|
1392
|
+
#
|
1393
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
1394
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
1366
1395
|
# @return [Hash<String,String>]
|
1367
1396
|
#
|
1368
1397
|
# @!attribute [rw] session
|
@@ -1454,7 +1483,7 @@ module Aws::CognitoIdentityProvider
|
|
1454
1483
|
:analytics_metadata,
|
1455
1484
|
:context_data,
|
1456
1485
|
:client_metadata)
|
1457
|
-
SENSITIVE = [:client_id
|
1486
|
+
SENSITIVE = [:client_id]
|
1458
1487
|
include Aws::Structure
|
1459
1488
|
end
|
1460
1489
|
|
@@ -1498,7 +1527,7 @@ module Aws::CognitoIdentityProvider
|
|
1498
1527
|
:session,
|
1499
1528
|
:challenge_parameters,
|
1500
1529
|
:authentication_result)
|
1501
|
-
SENSITIVE = [
|
1530
|
+
SENSITIVE = []
|
1502
1531
|
include Aws::Structure
|
1503
1532
|
end
|
1504
1533
|
|
@@ -1612,7 +1641,13 @@ module Aws::CognitoIdentityProvider
|
|
1612
1641
|
# @return [String]
|
1613
1642
|
#
|
1614
1643
|
# @!attribute [rw] feedback_value
|
1615
|
-
# The authentication event feedback value.
|
1644
|
+
# The authentication event feedback value. When you provide a
|
1645
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
1646
|
+
# trust a user session where Amazon Cognito has evaluated some level
|
1647
|
+
# of risk. When you provide a `FeedbackValue` value of `invalid`, you
|
1648
|
+
# tell Amazon Cognito that you don't trust a user session, or you
|
1649
|
+
# don't believe that Amazon Cognito evaluated a high-enough risk
|
1650
|
+
# level.
|
1616
1651
|
# @return [String]
|
1617
1652
|
#
|
1618
1653
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedbackRequest AWS API Documentation
|
@@ -1806,7 +1841,7 @@ module Aws::CognitoIdentityProvider
|
|
1806
1841
|
# The Amazon Pinpoint analytics configuration necessary to collect
|
1807
1842
|
# metrics for a user pool.
|
1808
1843
|
#
|
1809
|
-
# <note markdown="1"> In Regions where Amazon
|
1844
|
+
# <note markdown="1"> In Regions where Amazon Pinpoint isn't available, user pools only
|
1810
1845
|
# support sending events to Amazon Pinpoint projects in us-east-1. In
|
1811
1846
|
# Regions where Amazon Pinpoint is available, user pools support sending
|
1812
1847
|
# events to Amazon Pinpoint projects within that same Region.
|
@@ -1891,7 +1926,7 @@ module Aws::CognitoIdentityProvider
|
|
1891
1926
|
class AssociateSoftwareTokenRequest < Struct.new(
|
1892
1927
|
:access_token,
|
1893
1928
|
:session)
|
1894
|
-
SENSITIVE = [:access_token
|
1929
|
+
SENSITIVE = [:access_token]
|
1895
1930
|
include Aws::Structure
|
1896
1931
|
end
|
1897
1932
|
|
@@ -1911,7 +1946,7 @@ module Aws::CognitoIdentityProvider
|
|
1911
1946
|
class AssociateSoftwareTokenResponse < Struct.new(
|
1912
1947
|
:secret_code,
|
1913
1948
|
:session)
|
1914
|
-
SENSITIVE = [:secret_code
|
1949
|
+
SENSITIVE = [:secret_code]
|
1915
1950
|
include Aws::Structure
|
1916
1951
|
end
|
1917
1952
|
|
@@ -1945,7 +1980,12 @@ module Aws::CognitoIdentityProvider
|
|
1945
1980
|
# @return [String]
|
1946
1981
|
#
|
1947
1982
|
# @!attribute [rw] creation_date
|
1948
|
-
# The
|
1983
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
1984
|
+
# created.
|
1985
|
+
#
|
1986
|
+
#
|
1987
|
+
#
|
1988
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
1949
1989
|
# @return [Time]
|
1950
1990
|
#
|
1951
1991
|
# @!attribute [rw] event_response
|
@@ -2076,6 +2116,24 @@ module Aws::CognitoIdentityProvider
|
|
2076
2116
|
#
|
2077
2117
|
class ChangePasswordResponse < Aws::EmptyStructure; end
|
2078
2118
|
|
2119
|
+
# The CloudWatch logging destination of a user pool detailed activity
|
2120
|
+
# logging configuration.
|
2121
|
+
#
|
2122
|
+
# @!attribute [rw] log_group_arn
|
2123
|
+
# The Amazon Resource Name (arn) of a CloudWatch Logs log group where
|
2124
|
+
# your user pool sends logs. The log group must not be encrypted with
|
2125
|
+
# Key Management Service and must be in the same Amazon Web Services
|
2126
|
+
# account as your user pool.
|
2127
|
+
# @return [String]
|
2128
|
+
#
|
2129
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CloudWatchLogsConfigurationType AWS API Documentation
|
2130
|
+
#
|
2131
|
+
class CloudWatchLogsConfigurationType < Struct.new(
|
2132
|
+
:log_group_arn)
|
2133
|
+
SENSITIVE = []
|
2134
|
+
include Aws::Structure
|
2135
|
+
end
|
2136
|
+
|
2079
2137
|
# The delivery details for an email or SMS message that Amazon Cognito
|
2080
2138
|
# sent for authentication or verification.
|
2081
2139
|
#
|
@@ -2237,7 +2295,12 @@ module Aws::CognitoIdentityProvider
|
|
2237
2295
|
# @!attribute [rw] secret_hash
|
2238
2296
|
# A keyed-hash message authentication code (HMAC) calculated using the
|
2239
2297
|
# secret key of a user pool client and username plus the client ID in
|
2240
|
-
# the message.
|
2298
|
+
# the message. For more information about `SecretHash`, see [Computing
|
2299
|
+
# secret hash values][1].
|
2300
|
+
#
|
2301
|
+
#
|
2302
|
+
#
|
2303
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
2241
2304
|
# @return [String]
|
2242
2305
|
#
|
2243
2306
|
# @!attribute [rw] username
|
@@ -2320,7 +2383,7 @@ module Aws::CognitoIdentityProvider
|
|
2320
2383
|
:analytics_metadata,
|
2321
2384
|
:user_context_data,
|
2322
2385
|
:client_metadata)
|
2323
|
-
SENSITIVE = [:client_id, :secret_hash, :username, :password
|
2386
|
+
SENSITIVE = [:client_id, :secret_hash, :username, :password]
|
2324
2387
|
include Aws::Structure
|
2325
2388
|
end
|
2326
2389
|
|
@@ -2424,7 +2487,7 @@ module Aws::CognitoIdentityProvider
|
|
2424
2487
|
:analytics_metadata,
|
2425
2488
|
:user_context_data,
|
2426
2489
|
:client_metadata)
|
2427
|
-
SENSITIVE = [:client_id, :secret_hash, :username
|
2490
|
+
SENSITIVE = [:client_id, :secret_hash, :username]
|
2428
2491
|
include Aws::Structure
|
2429
2492
|
end
|
2430
2493
|
|
@@ -2800,7 +2863,7 @@ module Aws::CognitoIdentityProvider
|
|
2800
2863
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
2801
2864
|
# session with their ID token for 10 hours.
|
2802
2865
|
#
|
2803
|
-
# The default time unit for `
|
2866
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
2804
2867
|
# hours. *Valid range* is displayed below in seconds.
|
2805
2868
|
#
|
2806
2869
|
# If you don't specify otherwise in the configuration of your app
|
@@ -2961,8 +3024,27 @@ module Aws::CognitoIdentityProvider
|
|
2961
3024
|
# @return [Array<String>]
|
2962
3025
|
#
|
2963
3026
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
2964
|
-
# Set to true
|
2965
|
-
#
|
3027
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app
|
3028
|
+
# client.
|
3029
|
+
#
|
3030
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
3031
|
+
# configure the following features in your app client.
|
3032
|
+
#
|
3033
|
+
# * `CallBackURLs`: Callback URLs.
|
3034
|
+
#
|
3035
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
3036
|
+
#
|
3037
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
3038
|
+
#
|
3039
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
3040
|
+
# client credentials OAuth 2.0 grants.
|
3041
|
+
#
|
3042
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
3043
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
3044
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
3045
|
+
# request. If you don't set a value for
|
3046
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
3047
|
+
# it defaults to `false`.
|
2966
3048
|
# @return [Boolean]
|
2967
3049
|
#
|
2968
3050
|
# @!attribute [rw] analytics_configuration
|
@@ -3277,15 +3359,32 @@ module Aws::CognitoIdentityProvider
|
|
3277
3359
|
# @return [Array<Types::SchemaAttributeType>]
|
3278
3360
|
#
|
3279
3361
|
# @!attribute [rw] user_pool_add_ons
|
3280
|
-
#
|
3281
|
-
#
|
3362
|
+
# User pool add-ons. Contains settings for activation of advanced
|
3363
|
+
# security features. To log user security information but take no
|
3364
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
3365
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
3366
|
+
#
|
3367
|
+
# For more information, see [Adding advanced security to a user
|
3368
|
+
# pool][1].
|
3369
|
+
#
|
3370
|
+
#
|
3371
|
+
#
|
3372
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
3282
3373
|
# @return [Types::UserPoolAddOnsType]
|
3283
3374
|
#
|
3284
3375
|
# @!attribute [rw] username_configuration
|
3285
3376
|
# Case sensitivity on the username input for the selected sign-in
|
3286
|
-
# option.
|
3287
|
-
# can sign in
|
3288
|
-
#
|
3377
|
+
# option. When case sensitivity is set to `False` (case insensitive),
|
3378
|
+
# users can sign in with any combination of capital and lowercase
|
3379
|
+
# letters. For example, `username`, `USERNAME`, or `UserName`, or for
|
3380
|
+
# email, `email@example.com` or `EMaiL@eXamplE.Com`. For most use
|
3381
|
+
# cases, set case sensitivity to `False` (case insensitive) as a best
|
3382
|
+
# practice. When usernames and email addresses are case insensitive,
|
3383
|
+
# Amazon Cognito treats any variation in case as the same user, and
|
3384
|
+
# prevents a case variation from being assigned to the same attribute
|
3385
|
+
# for a different user.
|
3386
|
+
#
|
3387
|
+
# This configuration is immutable after you set it. For more
|
3289
3388
|
# information, see [UsernameConfigurationType][1].
|
3290
3389
|
#
|
3291
3390
|
#
|
@@ -3880,7 +3979,12 @@ module Aws::CognitoIdentityProvider
|
|
3880
3979
|
# @return [Time]
|
3881
3980
|
#
|
3882
3981
|
# @!attribute [rw] device_last_modified_date
|
3883
|
-
# The
|
3982
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
3983
|
+
# modified.
|
3984
|
+
#
|
3985
|
+
#
|
3986
|
+
#
|
3987
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
3884
3988
|
# @return [Time]
|
3885
3989
|
#
|
3886
3990
|
# @!attribute [rw] device_last_authenticated_date
|
@@ -3921,8 +4025,8 @@ module Aws::CognitoIdentityProvider
|
|
3921
4025
|
# @return [String]
|
3922
4026
|
#
|
3923
4027
|
# @!attribute [rw] cloud_front_distribution
|
3924
|
-
# The Amazon
|
3925
|
-
#
|
4028
|
+
# The Amazon CloudFront endpoint that you use as the target of the
|
4029
|
+
# alias that you set up with your Domain Name Service (DNS) provider.
|
3926
4030
|
# @return [String]
|
3927
4031
|
#
|
3928
4032
|
# @!attribute [rw] version
|
@@ -3984,9 +4088,13 @@ module Aws::CognitoIdentityProvider
|
|
3984
4088
|
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html
|
3985
4089
|
#
|
3986
4090
|
# @!attribute [rw] source_arn
|
3987
|
-
# The ARN of a verified email address
|
3988
|
-
#
|
3989
|
-
#
|
4091
|
+
# The ARN of a verified email address or an address from a verified
|
4092
|
+
# domain in Amazon SES. You can set a `SourceArn` email from a
|
4093
|
+
# verified domain only with an API request. You can set a verified
|
4094
|
+
# email address, but not an address in a verified domain, in the
|
4095
|
+
# Amazon Cognito console. Amazon Cognito uses the email address that
|
4096
|
+
# you provide in one of the following ways, depending on the value
|
4097
|
+
# that you specify for the `EmailSendingAccount` parameter:
|
3990
4098
|
#
|
3991
4099
|
# * If you specify `COGNITO_DEFAULT`, Amazon Cognito uses this address
|
3992
4100
|
# as the custom FROM address when it emails your users using its
|
@@ -4158,7 +4266,13 @@ module Aws::CognitoIdentityProvider
|
|
4158
4266
|
# Specifies the event feedback type.
|
4159
4267
|
#
|
4160
4268
|
# @!attribute [rw] feedback_value
|
4161
|
-
# The event feedback value.
|
4269
|
+
# The authentication event feedback value. When you provide a
|
4270
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
4271
|
+
# trust a user session where Amazon Cognito has evaluated some level
|
4272
|
+
# of risk. When you provide a `FeedbackValue` value of `invalid`, you
|
4273
|
+
# tell Amazon Cognito that you don't trust a user session, or you
|
4274
|
+
# don't believe that Amazon Cognito evaluated a high-enough risk
|
4275
|
+
# level.
|
4162
4276
|
# @return [String]
|
4163
4277
|
#
|
4164
4278
|
# @!attribute [rw] provider
|
@@ -4332,7 +4446,7 @@ module Aws::CognitoIdentityProvider
|
|
4332
4446
|
:username,
|
4333
4447
|
:analytics_metadata,
|
4334
4448
|
:client_metadata)
|
4335
|
-
SENSITIVE = [:client_id, :secret_hash, :
|
4449
|
+
SENSITIVE = [:client_id, :secret_hash, :username]
|
4336
4450
|
include Aws::Structure
|
4337
4451
|
end
|
4338
4452
|
|
@@ -4480,6 +4594,32 @@ module Aws::CognitoIdentityProvider
|
|
4480
4594
|
include Aws::Structure
|
4481
4595
|
end
|
4482
4596
|
|
4597
|
+
# @!attribute [rw] user_pool_id
|
4598
|
+
# The ID of the user pool where you want to view detailed activity
|
4599
|
+
# logging configuration.
|
4600
|
+
# @return [String]
|
4601
|
+
#
|
4602
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfigurationRequest AWS API Documentation
|
4603
|
+
#
|
4604
|
+
class GetLogDeliveryConfigurationRequest < Struct.new(
|
4605
|
+
:user_pool_id)
|
4606
|
+
SENSITIVE = []
|
4607
|
+
include Aws::Structure
|
4608
|
+
end
|
4609
|
+
|
4610
|
+
# @!attribute [rw] log_delivery_configuration
|
4611
|
+
# The detailed activity logging configuration of the requested user
|
4612
|
+
# pool.
|
4613
|
+
# @return [Types::LogDeliveryConfigurationType]
|
4614
|
+
#
|
4615
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfigurationResponse AWS API Documentation
|
4616
|
+
#
|
4617
|
+
class GetLogDeliveryConfigurationResponse < Struct.new(
|
4618
|
+
:log_delivery_configuration)
|
4619
|
+
SENSITIVE = []
|
4620
|
+
include Aws::Structure
|
4621
|
+
end
|
4622
|
+
|
4483
4623
|
# Request to get a signing certificate from Amazon Cognito.
|
4484
4624
|
#
|
4485
4625
|
# @!attribute [rw] user_pool_id
|
@@ -4675,8 +4815,7 @@ module Aws::CognitoIdentityProvider
|
|
4675
4815
|
# information about the user.
|
4676
4816
|
#
|
4677
4817
|
# @!attribute [rw] username
|
4678
|
-
# The
|
4679
|
-
# request.
|
4818
|
+
# The username of the user that you requested.
|
4680
4819
|
# @return [String]
|
4681
4820
|
#
|
4682
4821
|
# @!attribute [rw] user_attributes
|
@@ -4789,11 +4928,21 @@ module Aws::CognitoIdentityProvider
|
|
4789
4928
|
# @return [Integer]
|
4790
4929
|
#
|
4791
4930
|
# @!attribute [rw] last_modified_date
|
4792
|
-
# The date the
|
4931
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
4932
|
+
# modified.
|
4933
|
+
#
|
4934
|
+
#
|
4935
|
+
#
|
4936
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4793
4937
|
# @return [Time]
|
4794
4938
|
#
|
4795
4939
|
# @!attribute [rw] creation_date
|
4796
|
-
# The date the
|
4940
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
4941
|
+
# created.
|
4942
|
+
#
|
4943
|
+
#
|
4944
|
+
#
|
4945
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4797
4946
|
# @return [Time]
|
4798
4947
|
#
|
4799
4948
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GroupType AWS API Documentation
|
@@ -4927,11 +5076,21 @@ module Aws::CognitoIdentityProvider
|
|
4927
5076
|
# @return [Array<String>]
|
4928
5077
|
#
|
4929
5078
|
# @!attribute [rw] last_modified_date
|
4930
|
-
# The date the
|
5079
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
5080
|
+
# modified.
|
5081
|
+
#
|
5082
|
+
#
|
5083
|
+
#
|
5084
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4931
5085
|
# @return [Time]
|
4932
5086
|
#
|
4933
5087
|
# @!attribute [rw] creation_date
|
4934
|
-
# The date the
|
5088
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
5089
|
+
# created.
|
5090
|
+
#
|
5091
|
+
#
|
5092
|
+
#
|
5093
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4935
5094
|
# @return [Time]
|
4936
5095
|
#
|
4937
5096
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/IdentityProviderType AWS API Documentation
|
@@ -4992,6 +5151,10 @@ module Aws::CognitoIdentityProvider
|
|
4992
5151
|
# `SECRET_HASH` (required if the app client is configured with a
|
4993
5152
|
# client secret), `DEVICE_KEY`.
|
4994
5153
|
#
|
5154
|
+
# * For `USER_PASSWORD_AUTH`: `USERNAME` (required), `PASSWORD`
|
5155
|
+
# (required), `SECRET_HASH` (required if the app client is
|
5156
|
+
# configured with a client secret), `DEVICE_KEY`.
|
5157
|
+
#
|
4995
5158
|
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`: `REFRESH_TOKEN`
|
4996
5159
|
# (required), `SECRET_HASH` (required if the app client is
|
4997
5160
|
# configured with a client secret), `DEVICE_KEY`.
|
@@ -5000,6 +5163,15 @@ module Aws::CognitoIdentityProvider
|
|
5000
5163
|
# client is configured with client secret), `DEVICE_KEY`. To start
|
5001
5164
|
# the authentication flow with password verification, include
|
5002
5165
|
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
5166
|
+
#
|
5167
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
5168
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
5169
|
+
# user devices in your user pool][2].
|
5170
|
+
#
|
5171
|
+
#
|
5172
|
+
#
|
5173
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
5174
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
5003
5175
|
# @return [Hash<String,String>]
|
5004
5176
|
#
|
5005
5177
|
# @!attribute [rw] client_metadata
|
@@ -5091,7 +5263,7 @@ module Aws::CognitoIdentityProvider
|
|
5091
5263
|
:client_id,
|
5092
5264
|
:analytics_metadata,
|
5093
5265
|
:user_context_data)
|
5094
|
-
SENSITIVE = [:auth_parameters, :client_id
|
5266
|
+
SENSITIVE = [:auth_parameters, :client_id]
|
5095
5267
|
include Aws::Structure
|
5096
5268
|
end
|
5097
5269
|
|
@@ -5195,7 +5367,7 @@ module Aws::CognitoIdentityProvider
|
|
5195
5367
|
:session,
|
5196
5368
|
:challenge_parameters,
|
5197
5369
|
:authentication_result)
|
5198
|
-
SENSITIVE = [
|
5370
|
+
SENSITIVE = []
|
5199
5371
|
include Aws::Structure
|
5200
5372
|
end
|
5201
5373
|
|
@@ -5821,9 +5993,10 @@ module Aws::CognitoIdentityProvider
|
|
5821
5993
|
# @return [String]
|
5822
5994
|
#
|
5823
5995
|
# @!attribute [rw] attributes_to_get
|
5824
|
-
#
|
5825
|
-
#
|
5826
|
-
#
|
5996
|
+
# A JSON array of user attribute names, for example `given_name`, that
|
5997
|
+
# you want Amazon Cognito to include in the response for each user.
|
5998
|
+
# When you don't provide an `AttributesToGet` parameter, Amazon
|
5999
|
+
# Cognito returns all attributes for each user.
|
5827
6000
|
# @return [Array<String>]
|
5828
6001
|
#
|
5829
6002
|
# @!attribute [rw] limit
|
@@ -5921,7 +6094,23 @@ module Aws::CognitoIdentityProvider
|
|
5921
6094
|
# The response from the request to list users.
|
5922
6095
|
#
|
5923
6096
|
# @!attribute [rw] users
|
5924
|
-
#
|
6097
|
+
# A list of the user pool users, and their attributes, that match your
|
6098
|
+
# query.
|
6099
|
+
#
|
6100
|
+
# <note markdown="1"> Amazon Cognito creates a profile in your user pool for each native
|
6101
|
+
# user in your user pool, and each unique user ID from your
|
6102
|
+
# third-party identity providers (IdPs). When you link users with the
|
6103
|
+
# [AdminLinkProviderForUser][1] API operation, the output of
|
6104
|
+
# `ListUsers` displays both the IdP user and the native user that you
|
6105
|
+
# linked. You can identify IdP users in the `Users` object of this API
|
6106
|
+
# response by the IdP prefix that Amazon Cognito appends to
|
6107
|
+
# `Username`.
|
6108
|
+
#
|
6109
|
+
# </note>
|
6110
|
+
#
|
6111
|
+
#
|
6112
|
+
#
|
6113
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
|
5925
6114
|
# @return [Array<Types::UserType>]
|
5926
6115
|
#
|
5927
6116
|
# @!attribute [rw] pagination_token
|
@@ -5939,6 +6128,52 @@ module Aws::CognitoIdentityProvider
|
|
5939
6128
|
include Aws::Structure
|
5940
6129
|
end
|
5941
6130
|
|
6131
|
+
# The logging parameters of a user pool.
|
6132
|
+
#
|
6133
|
+
# @!attribute [rw] log_level
|
6134
|
+
# The `errorlevel` selection of logs that a user pool sends for
|
6135
|
+
# detailed activity logging.
|
6136
|
+
# @return [String]
|
6137
|
+
#
|
6138
|
+
# @!attribute [rw] event_source
|
6139
|
+
# The source of events that your user pool sends for detailed activity
|
6140
|
+
# logging.
|
6141
|
+
# @return [String]
|
6142
|
+
#
|
6143
|
+
# @!attribute [rw] cloud_watch_logs_configuration
|
6144
|
+
# The CloudWatch logging destination of a user pool.
|
6145
|
+
# @return [Types::CloudWatchLogsConfigurationType]
|
6146
|
+
#
|
6147
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/LogConfigurationType AWS API Documentation
|
6148
|
+
#
|
6149
|
+
class LogConfigurationType < Struct.new(
|
6150
|
+
:log_level,
|
6151
|
+
:event_source,
|
6152
|
+
:cloud_watch_logs_configuration)
|
6153
|
+
SENSITIVE = []
|
6154
|
+
include Aws::Structure
|
6155
|
+
end
|
6156
|
+
|
6157
|
+
# The logging parameters of a user pool.
|
6158
|
+
#
|
6159
|
+
# @!attribute [rw] user_pool_id
|
6160
|
+
# The ID of the user pool where you configured detailed activity
|
6161
|
+
# logging.
|
6162
|
+
# @return [String]
|
6163
|
+
#
|
6164
|
+
# @!attribute [rw] log_configurations
|
6165
|
+
# The detailed activity logging destination of a user pool.
|
6166
|
+
# @return [Array<Types::LogConfigurationType>]
|
6167
|
+
#
|
6168
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/LogDeliveryConfigurationType AWS API Documentation
|
6169
|
+
#
|
6170
|
+
class LogDeliveryConfigurationType < Struct.new(
|
6171
|
+
:user_pool_id,
|
6172
|
+
:log_configurations)
|
6173
|
+
SENSITIVE = []
|
6174
|
+
include Aws::Structure
|
6175
|
+
end
|
6176
|
+
|
5942
6177
|
# This exception is thrown when Amazon Cognito can't find a
|
5943
6178
|
# multi-factor authentication (MFA) method.
|
5944
6179
|
#
|
@@ -6232,7 +6467,12 @@ module Aws::CognitoIdentityProvider
|
|
6232
6467
|
# @return [Time]
|
6233
6468
|
#
|
6234
6469
|
# @!attribute [rw] creation_date
|
6235
|
-
# The date
|
6470
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
6471
|
+
# created.
|
6472
|
+
#
|
6473
|
+
#
|
6474
|
+
#
|
6475
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
6236
6476
|
# @return [Time]
|
6237
6477
|
#
|
6238
6478
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ProviderDescription AWS API Documentation
|
@@ -6370,7 +6610,7 @@ module Aws::CognitoIdentityProvider
|
|
6370
6610
|
:username,
|
6371
6611
|
:analytics_metadata,
|
6372
6612
|
:client_metadata)
|
6373
|
-
SENSITIVE = [:client_id, :secret_hash, :
|
6613
|
+
SENSITIVE = [:client_id, :secret_hash, :username]
|
6374
6614
|
include Aws::Structure
|
6375
6615
|
end
|
6376
6616
|
|
@@ -6528,6 +6768,15 @@ module Aws::CognitoIdentityProvider
|
|
6528
6768
|
# * `MFA_SETUP` requires `USERNAME`, plus you must use the session
|
6529
6769
|
# value returned by `VerifySoftwareToken` in the `Session`
|
6530
6770
|
# parameter.
|
6771
|
+
#
|
6772
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
6773
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
6774
|
+
# user devices in your user pool][2].
|
6775
|
+
#
|
6776
|
+
#
|
6777
|
+
#
|
6778
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
6779
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
6531
6780
|
# @return [Hash<String,String>]
|
6532
6781
|
#
|
6533
6782
|
# @!attribute [rw] analytics_metadata
|
@@ -6593,7 +6842,7 @@ module Aws::CognitoIdentityProvider
|
|
6593
6842
|
:analytics_metadata,
|
6594
6843
|
:user_context_data,
|
6595
6844
|
:client_metadata)
|
6596
|
-
SENSITIVE = [:client_id
|
6845
|
+
SENSITIVE = [:client_id]
|
6597
6846
|
include Aws::Structure
|
6598
6847
|
end
|
6599
6848
|
|
@@ -6636,7 +6885,7 @@ module Aws::CognitoIdentityProvider
|
|
6636
6885
|
:session,
|
6637
6886
|
:challenge_parameters,
|
6638
6887
|
:authentication_result)
|
6639
|
-
SENSITIVE = [
|
6888
|
+
SENSITIVE = []
|
6640
6889
|
include Aws::Structure
|
6641
6890
|
end
|
6642
6891
|
|
@@ -6693,7 +6942,12 @@ module Aws::CognitoIdentityProvider
|
|
6693
6942
|
# @return [Types::RiskExceptionConfigurationType]
|
6694
6943
|
#
|
6695
6944
|
# @!attribute [rw] last_modified_date
|
6696
|
-
# The
|
6945
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
6946
|
+
# modified.
|
6947
|
+
#
|
6948
|
+
#
|
6949
|
+
#
|
6950
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
6697
6951
|
# @return [Time]
|
6698
6952
|
#
|
6699
6953
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RiskConfigurationType AWS API Documentation
|
@@ -6760,14 +7014,27 @@ module Aws::CognitoIdentityProvider
|
|
6760
7014
|
include Aws::Structure
|
6761
7015
|
end
|
6762
7016
|
|
6763
|
-
#
|
7017
|
+
# A list of the user attributes and their properties in your user pool.
|
7018
|
+
# The attribute schema contains standard attributes, custom attributes
|
7019
|
+
# with a `custom:` prefix, and developer attributes with a `dev:`
|
7020
|
+
# prefix. For more information, see [User pool attributes][1].
|
7021
|
+
#
|
7022
|
+
# Developer-only attributes are a legacy feature of user pools, are
|
7023
|
+
# read-only to all app clients. You can create and update developer-only
|
7024
|
+
# attributes only with IAM-authenticated API operations. Use app client
|
7025
|
+
# read/write permissions instead.
|
7026
|
+
#
|
7027
|
+
#
|
7028
|
+
#
|
7029
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
|
6764
7030
|
#
|
6765
7031
|
# @!attribute [rw] name
|
6766
|
-
#
|
7032
|
+
# The name of your user pool attribute, for example `username` or
|
7033
|
+
# `custom:costcenter`.
|
6767
7034
|
# @return [String]
|
6768
7035
|
#
|
6769
7036
|
# @!attribute [rw] attribute_data_type
|
6770
|
-
# The
|
7037
|
+
# The data format of the values for your attribute.
|
6771
7038
|
# @return [String]
|
6772
7039
|
#
|
6773
7040
|
# @!attribute [rw] developer_only_attribute
|
@@ -6792,13 +7059,13 @@ module Aws::CognitoIdentityProvider
|
|
6792
7059
|
# @!attribute [rw] mutable
|
6793
7060
|
# Specifies whether the value of the attribute can be changed.
|
6794
7061
|
#
|
6795
|
-
#
|
6796
|
-
# must
|
6797
|
-
# attributes when users sign in to your application
|
6798
|
-
# an attribute is immutable, Amazon Cognito throws
|
6799
|
-
# attempts to update the attribute. For more
|
6800
|
-
# [Specifying Identity Provider Attribute Mappings
|
6801
|
-
# Pool][1].
|
7062
|
+
# Any user pool attribute whose value you map from an IdP attribute
|
7063
|
+
# must be mutable, with a parameter value of `true`. Amazon Cognito
|
7064
|
+
# updates mapped attributes when users sign in to your application
|
7065
|
+
# through an IdP. If an attribute is immutable, Amazon Cognito throws
|
7066
|
+
# an error when it attempts to update the attribute. For more
|
7067
|
+
# information, see [Specifying Identity Provider Attribute Mappings
|
7068
|
+
# for Your User Pool][1].
|
6802
7069
|
#
|
6803
7070
|
#
|
6804
7071
|
#
|
@@ -6846,6 +7113,38 @@ module Aws::CognitoIdentityProvider
|
|
6846
7113
|
include Aws::Structure
|
6847
7114
|
end
|
6848
7115
|
|
7116
|
+
# @!attribute [rw] user_pool_id
|
7117
|
+
# The ID of the user pool where you want to configure detailed
|
7118
|
+
# activity logging .
|
7119
|
+
# @return [String]
|
7120
|
+
#
|
7121
|
+
# @!attribute [rw] log_configurations
|
7122
|
+
# A collection of all of the detailed activity logging configurations
|
7123
|
+
# for a user pool.
|
7124
|
+
# @return [Array<Types::LogConfigurationType>]
|
7125
|
+
#
|
7126
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfigurationRequest AWS API Documentation
|
7127
|
+
#
|
7128
|
+
class SetLogDeliveryConfigurationRequest < Struct.new(
|
7129
|
+
:user_pool_id,
|
7130
|
+
:log_configurations)
|
7131
|
+
SENSITIVE = []
|
7132
|
+
include Aws::Structure
|
7133
|
+
end
|
7134
|
+
|
7135
|
+
# @!attribute [rw] log_delivery_configuration
|
7136
|
+
# The detailed activity logging configuration that you applied to the
|
7137
|
+
# requested user pool.
|
7138
|
+
# @return [Types::LogDeliveryConfigurationType]
|
7139
|
+
#
|
7140
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfigurationResponse AWS API Documentation
|
7141
|
+
#
|
7142
|
+
class SetLogDeliveryConfigurationResponse < Struct.new(
|
7143
|
+
:log_delivery_configuration)
|
7144
|
+
SENSITIVE = []
|
7145
|
+
include Aws::Structure
|
7146
|
+
end
|
7147
|
+
|
6849
7148
|
# @!attribute [rw] user_pool_id
|
6850
7149
|
# The user pool ID.
|
6851
7150
|
# @return [String]
|
@@ -7154,7 +7453,7 @@ module Aws::CognitoIdentityProvider
|
|
7154
7453
|
:analytics_metadata,
|
7155
7454
|
:user_context_data,
|
7156
7455
|
:client_metadata)
|
7157
|
-
SENSITIVE = [:client_id, :secret_hash, :username, :password
|
7456
|
+
SENSITIVE = [:client_id, :secret_hash, :username, :password]
|
7158
7457
|
include Aws::Structure
|
7159
7458
|
end
|
7160
7459
|
|
@@ -7451,18 +7750,23 @@ module Aws::CognitoIdentityProvider
|
|
7451
7750
|
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
7452
7751
|
# value that you set in the `AccessTokenValidity` parameter. The
|
7453
7752
|
# default `AccessTokenValidity` time unit is hours.
|
7753
|
+
# `AccessTokenValidity` duration can range from five minutes to one
|
7754
|
+
# day.
|
7454
7755
|
# @return [String]
|
7455
7756
|
#
|
7456
7757
|
# @!attribute [rw] id_token
|
7457
7758
|
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
7458
7759
|
# value that you set in the `IdTokenValidity` parameter. The default
|
7459
|
-
# `IdTokenValidity` time unit is hours.
|
7760
|
+
# `IdTokenValidity` time unit is hours. `IdTokenValidity` duration can
|
7761
|
+
# range from five minutes to one day.
|
7460
7762
|
# @return [String]
|
7461
7763
|
#
|
7462
7764
|
# @!attribute [rw] refresh_token
|
7463
7765
|
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
7464
7766
|
# value that you set in the `RefreshTokenValidity` parameter. The
|
7465
7767
|
# default `RefreshTokenValidity` time unit is days.
|
7768
|
+
# `RefreshTokenValidity` duration can range from 60 minutes to 10
|
7769
|
+
# years.
|
7466
7770
|
# @return [String]
|
7467
7771
|
#
|
7468
7772
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TokenValidityUnitsType AWS API Documentation
|
@@ -7531,11 +7835,21 @@ module Aws::CognitoIdentityProvider
|
|
7531
7835
|
# @return [String]
|
7532
7836
|
#
|
7533
7837
|
# @!attribute [rw] last_modified_date
|
7534
|
-
# The
|
7838
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
7839
|
+
# modified.
|
7840
|
+
#
|
7841
|
+
#
|
7842
|
+
#
|
7843
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
7535
7844
|
# @return [Time]
|
7536
7845
|
#
|
7537
7846
|
# @!attribute [rw] creation_date
|
7538
|
-
# The
|
7847
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
7848
|
+
# created.
|
7849
|
+
#
|
7850
|
+
#
|
7851
|
+
#
|
7852
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
7539
7853
|
# @return [Time]
|
7540
7854
|
#
|
7541
7855
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UICustomizationType AWS API Documentation
|
@@ -7677,7 +7991,13 @@ module Aws::CognitoIdentityProvider
|
|
7677
7991
|
# @return [String]
|
7678
7992
|
#
|
7679
7993
|
# @!attribute [rw] feedback_value
|
7680
|
-
# The authentication event feedback value.
|
7994
|
+
# The authentication event feedback value. When you provide a
|
7995
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
7996
|
+
# trust a user session where Amazon Cognito has evaluated some level
|
7997
|
+
# of risk. When you provide a `FeedbackValue` value of `invalid`, you
|
7998
|
+
# tell Amazon Cognito that you don't trust a user session, or you
|
7999
|
+
# don't believe that Amazon Cognito evaluated a high-enough risk
|
8000
|
+
# level.
|
7681
8001
|
# @return [String]
|
7682
8002
|
#
|
7683
8003
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateAuthEventFeedbackRequest AWS API Documentation
|
@@ -8009,7 +8329,7 @@ module Aws::CognitoIdentityProvider
|
|
8009
8329
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
8010
8330
|
# session with their ID token for 10 hours.
|
8011
8331
|
#
|
8012
|
-
# The default time unit for `
|
8332
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
8013
8333
|
# hours. *Valid range* is displayed below in seconds.
|
8014
8334
|
#
|
8015
8335
|
# If you don't specify otherwise in the configuration of your app
|
@@ -8017,9 +8337,9 @@ module Aws::CognitoIdentityProvider
|
|
8017
8337
|
# @return [Integer]
|
8018
8338
|
#
|
8019
8339
|
# @!attribute [rw] token_validity_units
|
8020
|
-
# The units
|
8021
|
-
# unit for RefreshToken is days, and the
|
8022
|
-
# tokens is hours.
|
8340
|
+
# The time units you use when you set the duration of ID, access, and
|
8341
|
+
# refresh tokens. The default unit for RefreshToken is days, and the
|
8342
|
+
# default for ID and access tokens is hours.
|
8023
8343
|
# @return [Types::TokenValidityUnitsType]
|
8024
8344
|
#
|
8025
8345
|
# @!attribute [rw] read_attributes
|
@@ -8157,8 +8477,27 @@ module Aws::CognitoIdentityProvider
|
|
8157
8477
|
# @return [Array<String>]
|
8158
8478
|
#
|
8159
8479
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
8160
|
-
# Set to true
|
8161
|
-
#
|
8480
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app
|
8481
|
+
# client.
|
8482
|
+
#
|
8483
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
8484
|
+
# configure the following features in your app client.
|
8485
|
+
#
|
8486
|
+
# * `CallBackURLs`: Callback URLs.
|
8487
|
+
#
|
8488
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
8489
|
+
#
|
8490
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
8491
|
+
#
|
8492
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
8493
|
+
# client credentials OAuth 2.0 grants.
|
8494
|
+
#
|
8495
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
8496
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
8497
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
8498
|
+
# request. If you don't set a value for
|
8499
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
8500
|
+
# it defaults to `false`.
|
8162
8501
|
# @return [Boolean]
|
8163
8502
|
#
|
8164
8503
|
# @!attribute [rw] analytics_configuration
|
@@ -8453,8 +8792,17 @@ module Aws::CognitoIdentityProvider
|
|
8453
8792
|
# @return [Types::AdminCreateUserConfigType]
|
8454
8793
|
#
|
8455
8794
|
# @!attribute [rw] user_pool_add_ons
|
8456
|
-
#
|
8457
|
-
#
|
8795
|
+
# User pool add-ons. Contains settings for activation of advanced
|
8796
|
+
# security features. To log user security information but take no
|
8797
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
8798
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
8799
|
+
#
|
8800
|
+
# For more information, see [Adding advanced security to a user
|
8801
|
+
# pool][1].
|
8802
|
+
#
|
8803
|
+
#
|
8804
|
+
#
|
8805
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
8458
8806
|
# @return [Types::UserPoolAddOnsType]
|
8459
8807
|
#
|
8460
8808
|
# @!attribute [rw] account_recovery_setting
|
@@ -8523,8 +8871,8 @@ module Aws::CognitoIdentityProvider
|
|
8523
8871
|
#
|
8524
8872
|
# You can verify an updated email address or phone number with a
|
8525
8873
|
# [VerifyUserAttribute][1] API request. You can also call the
|
8526
|
-
# [
|
8527
|
-
#
|
8874
|
+
# [AdminUpdateUserAttributes][2] API and set `email_verified` or
|
8875
|
+
# `phone_number_verified` to true.
|
8528
8876
|
#
|
8529
8877
|
# When `AttributesRequireVerificationBeforeUpdate` is false, your user
|
8530
8878
|
# pool doesn't require that your users verify attribute changes
|
@@ -8536,8 +8884,7 @@ module Aws::CognitoIdentityProvider
|
|
8536
8884
|
#
|
8537
8885
|
#
|
8538
8886
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html
|
8539
|
-
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/
|
8540
|
-
# [3]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
|
8887
|
+
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
|
8541
8888
|
# @return [Array<String>]
|
8542
8889
|
#
|
8543
8890
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserAttributeUpdateSettingsType AWS API Documentation
|
@@ -8611,7 +8958,12 @@ module Aws::CognitoIdentityProvider
|
|
8611
8958
|
# @return [String]
|
8612
8959
|
#
|
8613
8960
|
# @!attribute [rw] creation_date
|
8614
|
-
# The date
|
8961
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
8962
|
+
# created.
|
8963
|
+
#
|
8964
|
+
#
|
8965
|
+
#
|
8966
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
8615
8967
|
# @return [Time]
|
8616
8968
|
#
|
8617
8969
|
# @!attribute [rw] start_date
|
@@ -8747,10 +9099,20 @@ module Aws::CognitoIdentityProvider
|
|
8747
9099
|
include Aws::Structure
|
8748
9100
|
end
|
8749
9101
|
|
8750
|
-
#
|
9102
|
+
# User pool add-ons. Contains settings for activation of advanced
|
9103
|
+
# security features. To log user security information but take no
|
9104
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
9105
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
9106
|
+
#
|
9107
|
+
# For more information, see [Adding advanced security to a user
|
9108
|
+
# pool][1].
|
9109
|
+
#
|
9110
|
+
#
|
9111
|
+
#
|
9112
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
8751
9113
|
#
|
8752
9114
|
# @!attribute [rw] advanced_security_mode
|
8753
|
-
# The advanced security
|
9115
|
+
# The operating mode of advanced security features in your user pool.
|
8754
9116
|
# @return [String]
|
8755
9117
|
#
|
8756
9118
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolAddOnsType AWS API Documentation
|
@@ -8805,11 +9167,21 @@ module Aws::CognitoIdentityProvider
|
|
8805
9167
|
# @return [String]
|
8806
9168
|
#
|
8807
9169
|
# @!attribute [rw] last_modified_date
|
8808
|
-
# The date
|
9170
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9171
|
+
# modified.
|
9172
|
+
#
|
9173
|
+
#
|
9174
|
+
#
|
9175
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
8809
9176
|
# @return [Time]
|
8810
9177
|
#
|
8811
9178
|
# @!attribute [rw] creation_date
|
8812
|
-
# The date
|
9179
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9180
|
+
# created.
|
9181
|
+
#
|
9182
|
+
#
|
9183
|
+
#
|
9184
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
8813
9185
|
# @return [Time]
|
8814
9186
|
#
|
8815
9187
|
# @!attribute [rw] refresh_token_validity
|
@@ -8858,7 +9230,7 @@ module Aws::CognitoIdentityProvider
|
|
8858
9230
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
8859
9231
|
# session with their ID token for 10 hours.
|
8860
9232
|
#
|
8861
|
-
# The default time unit for `
|
9233
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
8862
9234
|
# hours. *Valid range* is displayed below in seconds.
|
8863
9235
|
#
|
8864
9236
|
# If you don't specify otherwise in the configuration of your app
|
@@ -9006,8 +9378,27 @@ module Aws::CognitoIdentityProvider
|
|
9006
9378
|
# @return [Array<String>]
|
9007
9379
|
#
|
9008
9380
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
9009
|
-
# Set to true
|
9010
|
-
#
|
9381
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app
|
9382
|
+
# client.
|
9383
|
+
#
|
9384
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
9385
|
+
# configure the following features in your app client.
|
9386
|
+
#
|
9387
|
+
# * `CallBackURLs`: Callback URLs.
|
9388
|
+
#
|
9389
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
9390
|
+
#
|
9391
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
9392
|
+
#
|
9393
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
9394
|
+
# client credentials OAuth 2.0 grants.
|
9395
|
+
#
|
9396
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
9397
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
9398
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
9399
|
+
# request. If you don't set a value for
|
9400
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
9401
|
+
# it defaults to `false`.
|
9011
9402
|
# @return [Boolean]
|
9012
9403
|
#
|
9013
9404
|
# @!attribute [rw] analytics_configuration
|
@@ -9136,11 +9527,21 @@ module Aws::CognitoIdentityProvider
|
|
9136
9527
|
# @return [String]
|
9137
9528
|
#
|
9138
9529
|
# @!attribute [rw] last_modified_date
|
9139
|
-
# The date
|
9530
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9531
|
+
# modified.
|
9532
|
+
#
|
9533
|
+
#
|
9534
|
+
#
|
9535
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9140
9536
|
# @return [Time]
|
9141
9537
|
#
|
9142
9538
|
# @!attribute [rw] creation_date
|
9143
|
-
# The date
|
9539
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9540
|
+
# created.
|
9541
|
+
#
|
9542
|
+
#
|
9543
|
+
#
|
9544
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9144
9545
|
# @return [Time]
|
9145
9546
|
#
|
9146
9547
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolDescriptionType AWS API Documentation
|
@@ -9219,15 +9620,37 @@ module Aws::CognitoIdentityProvider
|
|
9219
9620
|
# @return [String]
|
9220
9621
|
#
|
9221
9622
|
# @!attribute [rw] last_modified_date
|
9222
|
-
# The date
|
9623
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9624
|
+
# modified.
|
9625
|
+
#
|
9626
|
+
#
|
9627
|
+
#
|
9628
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9223
9629
|
# @return [Time]
|
9224
9630
|
#
|
9225
9631
|
# @!attribute [rw] creation_date
|
9226
|
-
# The date the
|
9632
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9633
|
+
# created.
|
9634
|
+
#
|
9635
|
+
#
|
9636
|
+
#
|
9637
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9227
9638
|
# @return [Time]
|
9228
9639
|
#
|
9229
9640
|
# @!attribute [rw] schema_attributes
|
9230
|
-
# A
|
9641
|
+
# A list of the user attributes and their properties in your user
|
9642
|
+
# pool. The attribute schema contains standard attributes, custom
|
9643
|
+
# attributes with a `custom:` prefix, and developer attributes with a
|
9644
|
+
# `dev:` prefix. For more information, see [User pool attributes][1].
|
9645
|
+
#
|
9646
|
+
# Developer-only attributes are a legacy feature of user pools, are
|
9647
|
+
# read-only to all app clients. You can create and update
|
9648
|
+
# developer-only attributes only with IAM-authenticated API
|
9649
|
+
# operations. Use app client read/write permissions instead.
|
9650
|
+
#
|
9651
|
+
#
|
9652
|
+
#
|
9653
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
|
9231
9654
|
# @return [Array<Types::SchemaAttributeType>]
|
9232
9655
|
#
|
9233
9656
|
# @!attribute [rw] auto_verified_attributes
|
@@ -9322,7 +9745,7 @@ module Aws::CognitoIdentityProvider
|
|
9322
9745
|
# @!attribute [rw] email_configuration
|
9323
9746
|
# The email configuration of your user pool. The email configuration
|
9324
9747
|
# type sets your preferred sending method, Amazon Web Services Region,
|
9325
|
-
# and sender for messages
|
9748
|
+
# and sender for messages from your user pool.
|
9326
9749
|
# @return [Types::EmailConfigurationType]
|
9327
9750
|
#
|
9328
9751
|
# @!attribute [rw] sms_configuration
|
@@ -9358,10 +9781,10 @@ module Aws::CognitoIdentityProvider
|
|
9358
9781
|
#
|
9359
9782
|
# : The Amazon Web Services account is in the SNS SMS Sandbox and
|
9360
9783
|
# messages will only reach verified end users. This parameter won’t
|
9361
|
-
# get populated with SNSSandbox if the
|
9362
|
-
#
|
9363
|
-
#
|
9364
|
-
#
|
9784
|
+
# get populated with SNSSandbox if the user creating the user pool
|
9785
|
+
# doesn’t have SNS permissions. To learn how to move your Amazon Web
|
9786
|
+
# Services account out of the sandbox, see [Moving out of the SMS
|
9787
|
+
# sandbox][2].
|
9365
9788
|
#
|
9366
9789
|
#
|
9367
9790
|
#
|
@@ -9398,7 +9821,17 @@ module Aws::CognitoIdentityProvider
|
|
9398
9821
|
# @return [Types::AdminCreateUserConfigType]
|
9399
9822
|
#
|
9400
9823
|
# @!attribute [rw] user_pool_add_ons
|
9401
|
-
#
|
9824
|
+
# User pool add-ons. Contains settings for activation of advanced
|
9825
|
+
# security features. To log user security information but take no
|
9826
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
9827
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
9828
|
+
#
|
9829
|
+
# For more information, see [Adding advanced security to a user
|
9830
|
+
# pool][1].
|
9831
|
+
#
|
9832
|
+
#
|
9833
|
+
#
|
9834
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
9402
9835
|
# @return [Types::UserPoolAddOnsType]
|
9403
9836
|
#
|
9404
9837
|
# @!attribute [rw] username_configuration
|
@@ -9483,7 +9916,12 @@ module Aws::CognitoIdentityProvider
|
|
9483
9916
|
# @return [Time]
|
9484
9917
|
#
|
9485
9918
|
# @!attribute [rw] user_last_modified_date
|
9486
|
-
# The
|
9919
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9920
|
+
# modified.
|
9921
|
+
#
|
9922
|
+
#
|
9923
|
+
#
|
9924
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9487
9925
|
# @return [Time]
|
9488
9926
|
#
|
9489
9927
|
# @!attribute [rw] enabled
|
@@ -9499,8 +9937,6 @@ module Aws::CognitoIdentityProvider
|
|
9499
9937
|
#
|
9500
9938
|
# * EXTERNAL\_PROVIDER - User signed in with a third-party IdP.
|
9501
9939
|
#
|
9502
|
-
# * ARCHIVED - User is no longer active.
|
9503
|
-
#
|
9504
9940
|
# * UNKNOWN - User status isn't known.
|
9505
9941
|
#
|
9506
9942
|
# * RESET\_REQUIRED - User is confirmed, but the user must request a
|
@@ -9534,7 +9970,11 @@ module Aws::CognitoIdentityProvider
|
|
9534
9970
|
#
|
9535
9971
|
# @!attribute [rw] case_sensitive
|
9536
9972
|
# Specifies whether user name case sensitivity will be applied for all
|
9537
|
-
# users in the user pool through Amazon Cognito APIs.
|
9973
|
+
# users in the user pool through Amazon Cognito APIs. For most use
|
9974
|
+
# cases, set case sensitivity to `False` (case insensitive) as a best
|
9975
|
+
# practice. When usernames and email addresses are case insensitive,
|
9976
|
+
# users can sign in as the same user when they enter a different
|
9977
|
+
# capitalization of their user name.
|
9538
9978
|
#
|
9539
9979
|
# Valid values include:
|
9540
9980
|
#
|
@@ -9548,10 +9988,10 @@ module Aws::CognitoIdentityProvider
|
|
9548
9988
|
# False
|
9549
9989
|
#
|
9550
9990
|
# : Enables case insensitivity for all username input. For example,
|
9551
|
-
# when this option is set to `False`, users can sign in using
|
9552
|
-
#
|
9553
|
-
# `preferred_username` and `email` alias to be case
|
9554
|
-
# addition to the `username` attribute.
|
9991
|
+
# when this option is set to `False`, users can sign in using
|
9992
|
+
# `username`, `USERNAME`, or `UserName`. This option also enables
|
9993
|
+
# both `preferred_username` and `email` alias to be case
|
9994
|
+
# insensitive, in addition to the `username` attribute.
|
9555
9995
|
# @return [Boolean]
|
9556
9996
|
#
|
9557
9997
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UsernameConfigurationType AWS API Documentation
|
@@ -9681,7 +10121,7 @@ module Aws::CognitoIdentityProvider
|
|
9681
10121
|
:session,
|
9682
10122
|
:user_code,
|
9683
10123
|
:friendly_device_name)
|
9684
|
-
SENSITIVE = [:access_token
|
10124
|
+
SENSITIVE = [:access_token]
|
9685
10125
|
include Aws::Structure
|
9686
10126
|
end
|
9687
10127
|
|
@@ -9699,7 +10139,7 @@ module Aws::CognitoIdentityProvider
|
|
9699
10139
|
class VerifySoftwareTokenResponse < Struct.new(
|
9700
10140
|
:status,
|
9701
10141
|
:session)
|
9702
|
-
SENSITIVE = [
|
10142
|
+
SENSITIVE = []
|
9703
10143
|
include Aws::Structure
|
9704
10144
|
end
|
9705
10145
|
|