aws-sdk-cognitoidentityprovider 1.79.0 → 1.81.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +2342 -156
- data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +76 -2
- data/lib/aws-sdk-cognitoidentityprovider/endpoints.rb +28 -0
- data/lib/aws-sdk-cognitoidentityprovider/plugins/endpoints.rb +4 -0
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +553 -104
- data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
- metadata +2 -2
@@ -400,6 +400,24 @@ module Aws::CognitoIdentityProvider
|
|
400
400
|
|
401
401
|
# Adds additional user attributes to the user pool schema.
|
402
402
|
#
|
403
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
404
|
+
# in requests for this API operation. For this operation, you must use
|
405
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
406
|
+
# corresponding IAM permission in a policy.
|
407
|
+
#
|
408
|
+
# **Learn more**
|
409
|
+
#
|
410
|
+
# * [Signing Amazon Web Services API Requests][1]
|
411
|
+
#
|
412
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
413
|
+
#
|
414
|
+
# </note>
|
415
|
+
#
|
416
|
+
#
|
417
|
+
#
|
418
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
419
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
420
|
+
#
|
403
421
|
# @option params [required, String] :user_pool_id
|
404
422
|
# The user pool ID for the user pool where you want to add custom
|
405
423
|
# attributes.
|
@@ -443,7 +461,23 @@ module Aws::CognitoIdentityProvider
|
|
443
461
|
|
444
462
|
# Adds the specified user to the specified group.
|
445
463
|
#
|
446
|
-
#
|
464
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
465
|
+
# in requests for this API operation. For this operation, you must use
|
466
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
467
|
+
# corresponding IAM permission in a policy.
|
468
|
+
#
|
469
|
+
# **Learn more**
|
470
|
+
#
|
471
|
+
# * [Signing Amazon Web Services API Requests][1]
|
472
|
+
#
|
473
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
474
|
+
#
|
475
|
+
# </note>
|
476
|
+
#
|
477
|
+
#
|
478
|
+
#
|
479
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
480
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
447
481
|
#
|
448
482
|
# @option params [required, String] :user_pool_id
|
449
483
|
# The user pool ID for the user pool.
|
@@ -476,7 +510,23 @@ module Aws::CognitoIdentityProvider
|
|
476
510
|
# Confirms user registration as an admin without using a confirmation
|
477
511
|
# code. Works on any user.
|
478
512
|
#
|
479
|
-
#
|
513
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
514
|
+
# in requests for this API operation. For this operation, you must use
|
515
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
516
|
+
# corresponding IAM permission in a policy.
|
517
|
+
#
|
518
|
+
# **Learn more**
|
519
|
+
#
|
520
|
+
# * [Signing Amazon Web Services API Requests][1]
|
521
|
+
#
|
522
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
523
|
+
#
|
524
|
+
# </note>
|
525
|
+
#
|
526
|
+
#
|
527
|
+
#
|
528
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
529
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
480
530
|
#
|
481
531
|
# @option params [required, String] :user_pool_id
|
482
532
|
# The user pool ID for which you want to confirm user registration.
|
@@ -578,12 +628,25 @@ module Aws::CognitoIdentityProvider
|
|
578
628
|
# In either case, the user will be in the `FORCE_CHANGE_PASSWORD` state
|
579
629
|
# until they sign in and change their password.
|
580
630
|
#
|
581
|
-
#
|
631
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
632
|
+
# in requests for this API operation. For this operation, you must use
|
633
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
634
|
+
# corresponding IAM permission in a policy.
|
635
|
+
#
|
636
|
+
# **Learn more**
|
637
|
+
#
|
638
|
+
# * [Signing Amazon Web Services API Requests][3]
|
639
|
+
#
|
640
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][4]
|
641
|
+
#
|
642
|
+
# </note>
|
582
643
|
#
|
583
644
|
#
|
584
645
|
#
|
585
646
|
# [1]: https://console.aws.amazon.com/pinpoint/home/
|
586
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/
|
647
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
648
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
649
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
587
650
|
#
|
588
651
|
# @option params [required, String] :user_pool_id
|
589
652
|
# The user pool ID for the user pool where the user will be created.
|
@@ -656,10 +719,9 @@ module Aws::CognitoIdentityProvider
|
|
656
719
|
# Cognito generates one for you.
|
657
720
|
#
|
658
721
|
# The temporary password can only be used until the user account
|
659
|
-
# expiration limit that you
|
660
|
-
#
|
661
|
-
#
|
662
|
-
# parameter.
|
722
|
+
# expiration limit that you set for your user pool. To reset the account
|
723
|
+
# after that time limit, you must call `AdminCreateUser` again and
|
724
|
+
# specify `RESEND` for the `MessageAction` parameter.
|
663
725
|
#
|
664
726
|
# @option params [Boolean] :force_alias_creation
|
665
727
|
# This parameter is used only if the `phone_number_verified` or
|
@@ -726,6 +788,64 @@ module Aws::CognitoIdentityProvider
|
|
726
788
|
#
|
727
789
|
# * {Types::AdminCreateUserResponse#user #user} => Types::UserType
|
728
790
|
#
|
791
|
+
#
|
792
|
+
# @example Example: An AdminCreateUser request for for a test user named John.
|
793
|
+
#
|
794
|
+
# # This request submits a value for all possible parameters for AdminCreateUser.
|
795
|
+
#
|
796
|
+
# resp = client.admin_create_user({
|
797
|
+
# desired_delivery_mediums: [
|
798
|
+
# "SMS",
|
799
|
+
# ],
|
800
|
+
# message_action: "SUPPRESS",
|
801
|
+
# temporary_password: "This-is-my-test-99!",
|
802
|
+
# user_attributes: [
|
803
|
+
# {
|
804
|
+
# name: "name",
|
805
|
+
# value: "John",
|
806
|
+
# },
|
807
|
+
# {
|
808
|
+
# name: "phone_number",
|
809
|
+
# value: "+12065551212",
|
810
|
+
# },
|
811
|
+
# {
|
812
|
+
# name: "email",
|
813
|
+
# value: "testuser@example.com",
|
814
|
+
# },
|
815
|
+
# ],
|
816
|
+
# user_pool_id: "us-east-1_EXAMPLE",
|
817
|
+
# username: "testuser",
|
818
|
+
# })
|
819
|
+
#
|
820
|
+
# resp.to_h outputs the following:
|
821
|
+
# {
|
822
|
+
# user: {
|
823
|
+
# attributes: [
|
824
|
+
# {
|
825
|
+
# name: "sub",
|
826
|
+
# value: "d16b4aa8-8633-4abd-93b3-5062a8e1b5f8",
|
827
|
+
# },
|
828
|
+
# {
|
829
|
+
# name: "name",
|
830
|
+
# value: "John",
|
831
|
+
# },
|
832
|
+
# {
|
833
|
+
# name: "phone_number",
|
834
|
+
# value: "+12065551212",
|
835
|
+
# },
|
836
|
+
# {
|
837
|
+
# name: "email",
|
838
|
+
# value: "testuser@example.com",
|
839
|
+
# },
|
840
|
+
# ],
|
841
|
+
# enabled: true,
|
842
|
+
# user_create_date: Time.parse(1689980857.949),
|
843
|
+
# user_last_modified_date: Time.parse(1689980857.949),
|
844
|
+
# user_status: "FORCE_CHANGE_PASSWORD",
|
845
|
+
# username: "testuser",
|
846
|
+
# },
|
847
|
+
# }
|
848
|
+
#
|
729
849
|
# @example Request syntax with placeholder values
|
730
850
|
#
|
731
851
|
# resp = client.admin_create_user({
|
@@ -777,7 +897,23 @@ module Aws::CognitoIdentityProvider
|
|
777
897
|
|
778
898
|
# Deletes a user as an administrator. Works on any user.
|
779
899
|
#
|
780
|
-
#
|
900
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
901
|
+
# in requests for this API operation. For this operation, you must use
|
902
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
903
|
+
# corresponding IAM permission in a policy.
|
904
|
+
#
|
905
|
+
# **Learn more**
|
906
|
+
#
|
907
|
+
# * [Signing Amazon Web Services API Requests][1]
|
908
|
+
#
|
909
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
910
|
+
#
|
911
|
+
# </note>
|
912
|
+
#
|
913
|
+
#
|
914
|
+
#
|
915
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
916
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
781
917
|
#
|
782
918
|
# @option params [required, String] :user_pool_id
|
783
919
|
# The user pool ID for the user pool where you want to delete the user.
|
@@ -806,7 +942,23 @@ module Aws::CognitoIdentityProvider
|
|
806
942
|
# Deletes the user attributes in a user pool as an administrator. Works
|
807
943
|
# on any user.
|
808
944
|
#
|
809
|
-
#
|
945
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
946
|
+
# in requests for this API operation. For this operation, you must use
|
947
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
948
|
+
# corresponding IAM permission in a policy.
|
949
|
+
#
|
950
|
+
# **Learn more**
|
951
|
+
#
|
952
|
+
# * [Signing Amazon Web Services API Requests][1]
|
953
|
+
#
|
954
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
955
|
+
#
|
956
|
+
# </note>
|
957
|
+
#
|
958
|
+
#
|
959
|
+
#
|
960
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
961
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
810
962
|
#
|
811
963
|
# @option params [required, String] :user_pool_id
|
812
964
|
# The user pool ID for the user pool where you want to delete user
|
@@ -852,9 +1004,6 @@ module Aws::CognitoIdentityProvider
|
|
852
1004
|
# `DestinationUser`, the user must create a new user account. See
|
853
1005
|
# [AdminLinkProviderForUser][1].
|
854
1006
|
#
|
855
|
-
# This action is enabled only for admin access and requires developer
|
856
|
-
# credentials.
|
857
|
-
#
|
858
1007
|
# The `ProviderName` must match the value specified when creating an IdP
|
859
1008
|
# for the pool.
|
860
1009
|
#
|
@@ -878,9 +1027,24 @@ module Aws::CognitoIdentityProvider
|
|
878
1027
|
# `ProviderAttributeName` must be `Cognito_Subject` and
|
879
1028
|
# `ProviderAttributeValue` must be the subject of the SAML assertion.
|
880
1029
|
#
|
1030
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1031
|
+
# in requests for this API operation. For this operation, you must use
|
1032
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1033
|
+
# corresponding IAM permission in a policy.
|
1034
|
+
#
|
1035
|
+
# **Learn more**
|
1036
|
+
#
|
1037
|
+
# * [Signing Amazon Web Services API Requests][2]
|
1038
|
+
#
|
1039
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][3]
|
1040
|
+
#
|
1041
|
+
# </note>
|
1042
|
+
#
|
881
1043
|
#
|
882
1044
|
#
|
883
1045
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
|
1046
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1047
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
884
1048
|
#
|
885
1049
|
# @option params [required, String] :user_pool_id
|
886
1050
|
# The user pool ID for the user pool.
|
@@ -914,8 +1078,23 @@ module Aws::CognitoIdentityProvider
|
|
914
1078
|
# deactivated user can't sign in, but still appears in the responses to
|
915
1079
|
# `GetUser` and `ListUsers` API requests.
|
916
1080
|
#
|
917
|
-
#
|
918
|
-
#
|
1081
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1082
|
+
# in requests for this API operation. For this operation, you must use
|
1083
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1084
|
+
# corresponding IAM permission in a policy.
|
1085
|
+
#
|
1086
|
+
# **Learn more**
|
1087
|
+
#
|
1088
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1089
|
+
#
|
1090
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1091
|
+
#
|
1092
|
+
# </note>
|
1093
|
+
#
|
1094
|
+
#
|
1095
|
+
#
|
1096
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1097
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
919
1098
|
#
|
920
1099
|
# @option params [required, String] :user_pool_id
|
921
1100
|
# The user pool ID for the user pool where you want to disable the user.
|
@@ -943,7 +1122,23 @@ module Aws::CognitoIdentityProvider
|
|
943
1122
|
|
944
1123
|
# Enables the specified user as an administrator. Works on any user.
|
945
1124
|
#
|
946
|
-
#
|
1125
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1126
|
+
# in requests for this API operation. For this operation, you must use
|
1127
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1128
|
+
# corresponding IAM permission in a policy.
|
1129
|
+
#
|
1130
|
+
# **Learn more**
|
1131
|
+
#
|
1132
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1133
|
+
#
|
1134
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1135
|
+
#
|
1136
|
+
# </note>
|
1137
|
+
#
|
1138
|
+
#
|
1139
|
+
#
|
1140
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1141
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
947
1142
|
#
|
948
1143
|
# @option params [required, String] :user_pool_id
|
949
1144
|
# The user pool ID for the user pool where you want to enable the user.
|
@@ -971,7 +1166,23 @@ module Aws::CognitoIdentityProvider
|
|
971
1166
|
|
972
1167
|
# Forgets the device, as an administrator.
|
973
1168
|
#
|
974
|
-
#
|
1169
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1170
|
+
# in requests for this API operation. For this operation, you must use
|
1171
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1172
|
+
# corresponding IAM permission in a policy.
|
1173
|
+
#
|
1174
|
+
# **Learn more**
|
1175
|
+
#
|
1176
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1177
|
+
#
|
1178
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1179
|
+
#
|
1180
|
+
# </note>
|
1181
|
+
#
|
1182
|
+
#
|
1183
|
+
#
|
1184
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1185
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
975
1186
|
#
|
976
1187
|
# @option params [required, String] :user_pool_id
|
977
1188
|
# The user pool ID.
|
@@ -1003,7 +1214,23 @@ module Aws::CognitoIdentityProvider
|
|
1003
1214
|
|
1004
1215
|
# Gets the device, as an administrator.
|
1005
1216
|
#
|
1006
|
-
#
|
1217
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1218
|
+
# in requests for this API operation. For this operation, you must use
|
1219
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1220
|
+
# corresponding IAM permission in a policy.
|
1221
|
+
#
|
1222
|
+
# **Learn more**
|
1223
|
+
#
|
1224
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1225
|
+
#
|
1226
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1227
|
+
#
|
1228
|
+
# </note>
|
1229
|
+
#
|
1230
|
+
#
|
1231
|
+
#
|
1232
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1233
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1007
1234
|
#
|
1008
1235
|
# @option params [required, String] :device_key
|
1009
1236
|
# The device key.
|
@@ -1048,7 +1275,23 @@ module Aws::CognitoIdentityProvider
|
|
1048
1275
|
# Gets the specified user by user name in a user pool as an
|
1049
1276
|
# administrator. Works on any user.
|
1050
1277
|
#
|
1051
|
-
#
|
1278
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1279
|
+
# in requests for this API operation. For this operation, you must use
|
1280
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1281
|
+
# corresponding IAM permission in a policy.
|
1282
|
+
#
|
1283
|
+
# **Learn more**
|
1284
|
+
#
|
1285
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1286
|
+
#
|
1287
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1288
|
+
#
|
1289
|
+
# </note>
|
1290
|
+
#
|
1291
|
+
#
|
1292
|
+
#
|
1293
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1294
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1052
1295
|
#
|
1053
1296
|
# @option params [required, String] :user_pool_id
|
1054
1297
|
# The user pool ID for the user pool where you want to get information
|
@@ -1125,12 +1368,25 @@ module Aws::CognitoIdentityProvider
|
|
1125
1368
|
#
|
1126
1369
|
# </note>
|
1127
1370
|
#
|
1128
|
-
#
|
1371
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1372
|
+
# in requests for this API operation. For this operation, you must use
|
1373
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1374
|
+
# corresponding IAM permission in a policy.
|
1375
|
+
#
|
1376
|
+
# **Learn more**
|
1377
|
+
#
|
1378
|
+
# * [Signing Amazon Web Services API Requests][3]
|
1379
|
+
#
|
1380
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][4]
|
1381
|
+
#
|
1382
|
+
# </note>
|
1129
1383
|
#
|
1130
1384
|
#
|
1131
1385
|
#
|
1132
1386
|
# [1]: https://console.aws.amazon.com/pinpoint/home/
|
1133
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/
|
1387
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
1388
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1389
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1134
1390
|
#
|
1135
1391
|
# @option params [required, String] :user_pool_id
|
1136
1392
|
# The ID of the Amazon Cognito user pool.
|
@@ -1181,19 +1437,28 @@ module Aws::CognitoIdentityProvider
|
|
1181
1437
|
# `SECRET_HASH` (required if the app client is configured with a
|
1182
1438
|
# client secret), `DEVICE_KEY`.
|
1183
1439
|
#
|
1440
|
+
# * For `ADMIN_USER_PASSWORD_AUTH`: `USERNAME` (required), `PASSWORD`
|
1441
|
+
# (required), `SECRET_HASH` (required if the app client is configured
|
1442
|
+
# with a client secret), `DEVICE_KEY`.
|
1443
|
+
#
|
1184
1444
|
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`: `REFRESH_TOKEN` (required),
|
1185
1445
|
# `SECRET_HASH` (required if the app client is configured with a
|
1186
1446
|
# client secret), `DEVICE_KEY`.
|
1187
1447
|
#
|
1188
|
-
# * For `ADMIN_NO_SRP_AUTH`: `USERNAME` (required), `SECRET_HASH` (if
|
1189
|
-
# app client is configured with client secret), `PASSWORD` (required),
|
1190
|
-
# `DEVICE_KEY`.
|
1191
|
-
#
|
1192
1448
|
# * For `CUSTOM_AUTH`: `USERNAME` (required), `SECRET_HASH` (if app
|
1193
1449
|
# client is configured with client secret), `DEVICE_KEY`. To start the
|
1194
1450
|
# authentication flow with password verification, include
|
1195
1451
|
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
1196
1452
|
#
|
1453
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
1454
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with user
|
1455
|
+
# devices in your user pool][2].
|
1456
|
+
#
|
1457
|
+
#
|
1458
|
+
#
|
1459
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
1460
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
1461
|
+
#
|
1197
1462
|
# @option params [Hash<String,String>] :client_metadata
|
1198
1463
|
# A map of custom key-value pairs that you can provide as input for
|
1199
1464
|
# certain custom workflows that this action triggers.
|
@@ -1347,14 +1612,30 @@ module Aws::CognitoIdentityProvider
|
|
1347
1612
|
# only be used with external IdPs and provider attributes that have been
|
1348
1613
|
# trusted by the application owner.
|
1349
1614
|
#
|
1350
|
-
#
|
1615
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1616
|
+
# in requests for this API operation. For this operation, you must use
|
1617
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1618
|
+
# corresponding IAM permission in a policy.
|
1619
|
+
#
|
1620
|
+
# **Learn more**
|
1621
|
+
#
|
1622
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1623
|
+
#
|
1624
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1625
|
+
#
|
1626
|
+
# </note>
|
1627
|
+
#
|
1628
|
+
#
|
1629
|
+
#
|
1630
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1631
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1351
1632
|
#
|
1352
1633
|
# @option params [required, String] :user_pool_id
|
1353
1634
|
# The user pool ID for the user pool.
|
1354
1635
|
#
|
1355
1636
|
# @option params [required, Types::ProviderUserIdentifierType] :destination_user
|
1356
1637
|
# The existing user in the user pool that you want to assign to the
|
1357
|
-
# external IdP user account. This user can be a
|
1638
|
+
# external IdP user account. This user can be a local (Username +
|
1358
1639
|
# Password) Amazon Cognito user pools user or a federated user (for
|
1359
1640
|
# example, a SAML or Facebook user). If the user doesn't exist, Amazon
|
1360
1641
|
# Cognito generates an exception. Amazon Cognito returns this user when
|
@@ -1389,13 +1670,21 @@ module Aws::CognitoIdentityProvider
|
|
1389
1670
|
#
|
1390
1671
|
#
|
1391
1672
|
#
|
1673
|
+
# For OIDC, the `ProviderAttributeName` can be any value that matches a
|
1674
|
+
# claim in the ID token, or that your app retrieves from the `userInfo`
|
1675
|
+
# endpoint. You must map the claim to a user pool attribute in your IdP
|
1676
|
+
# configuration, and set the user pool attribute name as the value of
|
1677
|
+
# `ProviderAttributeName` in your `AdminLinkProviderForUser` request.
|
1678
|
+
#
|
1392
1679
|
# For SAML, the `ProviderAttributeName` can be any value that matches a
|
1393
|
-
# claim in the SAML assertion.
|
1394
|
-
#
|
1395
|
-
#
|
1396
|
-
#
|
1680
|
+
# claim in the SAML assertion. To link SAML users based on the subject
|
1681
|
+
# of the SAML assertion, map the subject to a claim through the SAML IdP
|
1682
|
+
# and set that claim name as the value of `ProviderAttributeName` in
|
1683
|
+
# your `AdminLinkProviderForUser` request.
|
1684
|
+
#
|
1685
|
+
# For both OIDC and SAML users, when you set `ProviderAttributeName` to
|
1397
1686
|
# `Cognito_Subject`, Amazon Cognito will automatically parse the default
|
1398
|
-
# unique identifier found in the subject from the
|
1687
|
+
# unique identifier found in the subject from the IdP token.
|
1399
1688
|
#
|
1400
1689
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1401
1690
|
#
|
@@ -1426,7 +1715,23 @@ module Aws::CognitoIdentityProvider
|
|
1426
1715
|
|
1427
1716
|
# Lists devices, as an administrator.
|
1428
1717
|
#
|
1429
|
-
#
|
1718
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1719
|
+
# in requests for this API operation. For this operation, you must use
|
1720
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1721
|
+
# corresponding IAM permission in a policy.
|
1722
|
+
#
|
1723
|
+
# **Learn more**
|
1724
|
+
#
|
1725
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1726
|
+
#
|
1727
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1728
|
+
#
|
1729
|
+
# </note>
|
1730
|
+
#
|
1731
|
+
#
|
1732
|
+
#
|
1733
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1734
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1430
1735
|
#
|
1431
1736
|
# @option params [required, String] :user_pool_id
|
1432
1737
|
# The user pool ID.
|
@@ -1477,7 +1782,23 @@ module Aws::CognitoIdentityProvider
|
|
1477
1782
|
|
1478
1783
|
# Lists the groups that the user belongs to.
|
1479
1784
|
#
|
1480
|
-
#
|
1785
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1786
|
+
# in requests for this API operation. For this operation, you must use
|
1787
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1788
|
+
# corresponding IAM permission in a policy.
|
1789
|
+
#
|
1790
|
+
# **Learn more**
|
1791
|
+
#
|
1792
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1793
|
+
#
|
1794
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1795
|
+
#
|
1796
|
+
# </note>
|
1797
|
+
#
|
1798
|
+
#
|
1799
|
+
#
|
1800
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1801
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1481
1802
|
#
|
1482
1803
|
# @option params [required, String] :username
|
1483
1804
|
# The username for the user.
|
@@ -1533,6 +1854,24 @@ module Aws::CognitoIdentityProvider
|
|
1533
1854
|
# A history of user activity and any risks detected as part of Amazon
|
1534
1855
|
# Cognito advanced security.
|
1535
1856
|
#
|
1857
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1858
|
+
# in requests for this API operation. For this operation, you must use
|
1859
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1860
|
+
# corresponding IAM permission in a policy.
|
1861
|
+
#
|
1862
|
+
# **Learn more**
|
1863
|
+
#
|
1864
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1865
|
+
#
|
1866
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1867
|
+
#
|
1868
|
+
# </note>
|
1869
|
+
#
|
1870
|
+
#
|
1871
|
+
#
|
1872
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1873
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1874
|
+
#
|
1536
1875
|
# @option params [required, String] :user_pool_id
|
1537
1876
|
# The user pool ID.
|
1538
1877
|
#
|
@@ -1597,7 +1936,23 @@ module Aws::CognitoIdentityProvider
|
|
1597
1936
|
|
1598
1937
|
# Removes the specified user from the specified group.
|
1599
1938
|
#
|
1600
|
-
#
|
1939
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
1940
|
+
# in requests for this API operation. For this operation, you must use
|
1941
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
1942
|
+
# corresponding IAM permission in a policy.
|
1943
|
+
#
|
1944
|
+
# **Learn more**
|
1945
|
+
#
|
1946
|
+
# * [Signing Amazon Web Services API Requests][1]
|
1947
|
+
#
|
1948
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
1949
|
+
#
|
1950
|
+
# </note>
|
1951
|
+
#
|
1952
|
+
#
|
1953
|
+
#
|
1954
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
1955
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1601
1956
|
#
|
1602
1957
|
# @option params [required, String] :user_pool_id
|
1603
1958
|
# The user pool ID for the user pool.
|
@@ -1630,17 +1985,6 @@ module Aws::CognitoIdentityProvider
|
|
1630
1985
|
# Resets the specified user's password in a user pool as an
|
1631
1986
|
# administrator. Works on any user.
|
1632
1987
|
#
|
1633
|
-
# When a developer calls this API, the current password is invalidated,
|
1634
|
-
# so it must be changed. If a user tries to sign in after the API is
|
1635
|
-
# called, the app will get a PasswordResetRequiredException exception
|
1636
|
-
# back and should direct the user down the flow to reset the password,
|
1637
|
-
# which is the same as the forgot password flow. In addition, if the
|
1638
|
-
# user pool has phone verification selected and a verified phone number
|
1639
|
-
# exists for the user, or if email verification is selected and a
|
1640
|
-
# verified email exists for the user, calling this API will also result
|
1641
|
-
# in sending a message to the end user with the code to change their
|
1642
|
-
# password.
|
1643
|
-
#
|
1644
1988
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
1645
1989
|
# US telecom carriers require you to register an origination phone
|
1646
1990
|
# number before you can send SMS messages to US phone numbers. If you
|
@@ -1662,12 +2006,35 @@ module Aws::CognitoIdentityProvider
|
|
1662
2006
|
#
|
1663
2007
|
# </note>
|
1664
2008
|
#
|
1665
|
-
#
|
2009
|
+
# Deactivates a user's password, requiring them to change it. If a user
|
2010
|
+
# tries to sign in after the API is called, Amazon Cognito responds with
|
2011
|
+
# a `PasswordResetRequiredException` error. Your app must then perform
|
2012
|
+
# the actions that reset your user's password: the forgot-password
|
2013
|
+
# flow. In addition, if the user pool has phone verification selected
|
2014
|
+
# and a verified phone number exists for the user, or if email
|
2015
|
+
# verification is selected and a verified email exists for the user,
|
2016
|
+
# calling this API will also result in sending a message to the end user
|
2017
|
+
# with the code to change their password.
|
2018
|
+
#
|
2019
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2020
|
+
# in requests for this API operation. For this operation, you must use
|
2021
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
2022
|
+
# corresponding IAM permission in a policy.
|
2023
|
+
#
|
2024
|
+
# **Learn more**
|
2025
|
+
#
|
2026
|
+
# * [Signing Amazon Web Services API Requests][3]
|
2027
|
+
#
|
2028
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][4]
|
2029
|
+
#
|
2030
|
+
# </note>
|
1666
2031
|
#
|
1667
2032
|
#
|
1668
2033
|
#
|
1669
2034
|
# [1]: https://console.aws.amazon.com/pinpoint/home/
|
1670
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/
|
2035
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
2036
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2037
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1671
2038
|
#
|
1672
2039
|
# @option params [required, String] :user_pool_id
|
1673
2040
|
# The user pool ID for the user pool where you want to reset the user's
|
@@ -1757,12 +2124,25 @@ module Aws::CognitoIdentityProvider
|
|
1757
2124
|
#
|
1758
2125
|
# </note>
|
1759
2126
|
#
|
1760
|
-
#
|
2127
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2128
|
+
# in requests for this API operation. For this operation, you must use
|
2129
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
2130
|
+
# corresponding IAM permission in a policy.
|
2131
|
+
#
|
2132
|
+
# **Learn more**
|
2133
|
+
#
|
2134
|
+
# * [Signing Amazon Web Services API Requests][3]
|
2135
|
+
#
|
2136
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][4]
|
2137
|
+
#
|
2138
|
+
# </note>
|
1761
2139
|
#
|
1762
2140
|
#
|
1763
2141
|
#
|
1764
2142
|
# [1]: https://console.aws.amazon.com/pinpoint/home/
|
1765
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/
|
2143
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
2144
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2145
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
1766
2146
|
#
|
1767
2147
|
# @option params [required, String] :user_pool_id
|
1768
2148
|
# The ID of the Amazon Cognito user pool.
|
@@ -1823,6 +2203,15 @@ module Aws::CognitoIdentityProvider
|
|
1823
2203
|
# happens even if you specified an alias in your call to
|
1824
2204
|
# `AdminInitiateAuth`.
|
1825
2205
|
#
|
2206
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
2207
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with user
|
2208
|
+
# devices in your user pool][2].
|
2209
|
+
#
|
2210
|
+
#
|
2211
|
+
#
|
2212
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
2213
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
2214
|
+
#
|
1826
2215
|
# @option params [String] :session
|
1827
2216
|
# The session that should be passed both ways in challenge-response
|
1828
2217
|
# calls to the service. If an `InitiateAuth` or `RespondToAuthChallenge`
|
@@ -1963,6 +2352,24 @@ module Aws::CognitoIdentityProvider
|
|
1963
2352
|
# options are activated and no preference is set, a challenge to choose
|
1964
2353
|
# an MFA option will be returned during sign-in.
|
1965
2354
|
#
|
2355
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2356
|
+
# in requests for this API operation. For this operation, you must use
|
2357
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
2358
|
+
# corresponding IAM permission in a policy.
|
2359
|
+
#
|
2360
|
+
# **Learn more**
|
2361
|
+
#
|
2362
|
+
# * [Signing Amazon Web Services API Requests][1]
|
2363
|
+
#
|
2364
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
2365
|
+
#
|
2366
|
+
# </note>
|
2367
|
+
#
|
2368
|
+
#
|
2369
|
+
#
|
2370
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2371
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2372
|
+
#
|
1966
2373
|
# @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
|
1967
2374
|
# The SMS text message MFA settings.
|
1968
2375
|
#
|
@@ -2014,6 +2421,38 @@ module Aws::CognitoIdentityProvider
|
|
2014
2421
|
# Once the user has set a new password, or the password is permanent,
|
2015
2422
|
# the user status is set to `Confirmed`.
|
2016
2423
|
#
|
2424
|
+
# `AdminSetUserPassword` can set a password for the user profile that
|
2425
|
+
# Amazon Cognito creates for third-party federated users. When you set a
|
2426
|
+
# password, the federated user's status changes from
|
2427
|
+
# `EXTERNAL_PROVIDER` to `CONFIRMED`. A user in this state can sign in
|
2428
|
+
# as a federated user, and initiate authentication flows in the API like
|
2429
|
+
# a linked native user. They can also modify their password and
|
2430
|
+
# attributes in token-authenticated API requests like `ChangePassword`
|
2431
|
+
# and `UpdateUserAttributes`. As a best security practice and to keep
|
2432
|
+
# users in sync with your external IdP, don't set passwords on
|
2433
|
+
# federated user profiles. To set up a federated user for native sign-in
|
2434
|
+
# with a linked native user, refer to [Linking federated users to an
|
2435
|
+
# existing user profile][1].
|
2436
|
+
#
|
2437
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2438
|
+
# in requests for this API operation. For this operation, you must use
|
2439
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
2440
|
+
# corresponding IAM permission in a policy.
|
2441
|
+
#
|
2442
|
+
# **Learn more**
|
2443
|
+
#
|
2444
|
+
# * [Signing Amazon Web Services API Requests][2]
|
2445
|
+
#
|
2446
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][3]
|
2447
|
+
#
|
2448
|
+
# </note>
|
2449
|
+
#
|
2450
|
+
#
|
2451
|
+
#
|
2452
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html
|
2453
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2454
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2455
|
+
#
|
2017
2456
|
# @option params [required, String] :user_pool_id
|
2018
2457
|
# The user pool ID for the user pool where you want to set the user's
|
2019
2458
|
# password.
|
@@ -2052,9 +2491,24 @@ module Aws::CognitoIdentityProvider
|
|
2052
2491
|
# (TOTP) software token MFA. To configure either type of MFA, use
|
2053
2492
|
# [AdminSetUserMFAPreference][1] instead.
|
2054
2493
|
#
|
2494
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2495
|
+
# in requests for this API operation. For this operation, you must use
|
2496
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
2497
|
+
# corresponding IAM permission in a policy.
|
2498
|
+
#
|
2499
|
+
# **Learn more**
|
2500
|
+
#
|
2501
|
+
# * [Signing Amazon Web Services API Requests][2]
|
2502
|
+
#
|
2503
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][3]
|
2504
|
+
#
|
2505
|
+
# </note>
|
2506
|
+
#
|
2055
2507
|
#
|
2056
2508
|
#
|
2057
2509
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html
|
2510
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2511
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2058
2512
|
#
|
2059
2513
|
# @option params [required, String] :user_pool_id
|
2060
2514
|
# The ID of the user pool that contains the user whose options you're
|
@@ -2096,6 +2550,24 @@ module Aws::CognitoIdentityProvider
|
|
2096
2550
|
# evaluation decision for the user pool as part of Amazon Cognito
|
2097
2551
|
# advanced security.
|
2098
2552
|
#
|
2553
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2554
|
+
# in requests for this API operation. For this operation, you must use
|
2555
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
2556
|
+
# corresponding IAM permission in a policy.
|
2557
|
+
#
|
2558
|
+
# **Learn more**
|
2559
|
+
#
|
2560
|
+
# * [Signing Amazon Web Services API Requests][1]
|
2561
|
+
#
|
2562
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
2563
|
+
#
|
2564
|
+
# </note>
|
2565
|
+
#
|
2566
|
+
#
|
2567
|
+
#
|
2568
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2569
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2570
|
+
#
|
2099
2571
|
# @option params [required, String] :user_pool_id
|
2100
2572
|
# The user pool ID.
|
2101
2573
|
#
|
@@ -2106,7 +2578,12 @@ module Aws::CognitoIdentityProvider
|
|
2106
2578
|
# The authentication event ID.
|
2107
2579
|
#
|
2108
2580
|
# @option params [required, String] :feedback_value
|
2109
|
-
# The authentication event feedback value.
|
2581
|
+
# The authentication event feedback value. When you provide a
|
2582
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
2583
|
+
# trust a user session where Amazon Cognito has evaluated some level of
|
2584
|
+
# risk. When you provide a `FeedbackValue` value of `invalid`, you tell
|
2585
|
+
# Amazon Cognito that you don't trust a user session, or you don't
|
2586
|
+
# believe that Amazon Cognito evaluated a high-enough risk level.
|
2110
2587
|
#
|
2111
2588
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2112
2589
|
#
|
@@ -2130,7 +2607,23 @@ module Aws::CognitoIdentityProvider
|
|
2130
2607
|
|
2131
2608
|
# Updates the device status as an administrator.
|
2132
2609
|
#
|
2133
|
-
#
|
2610
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2611
|
+
# in requests for this API operation. For this operation, you must use
|
2612
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
2613
|
+
# corresponding IAM permission in a policy.
|
2614
|
+
#
|
2615
|
+
# **Learn more**
|
2616
|
+
#
|
2617
|
+
# * [Signing Amazon Web Services API Requests][1]
|
2618
|
+
#
|
2619
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
2620
|
+
#
|
2621
|
+
# </note>
|
2622
|
+
#
|
2623
|
+
#
|
2624
|
+
#
|
2625
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2626
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2134
2627
|
#
|
2135
2628
|
# @option params [required, String] :user_pool_id
|
2136
2629
|
# The user pool ID.
|
@@ -2164,15 +2657,6 @@ module Aws::CognitoIdentityProvider
|
|
2164
2657
|
req.send_request(options)
|
2165
2658
|
end
|
2166
2659
|
|
2167
|
-
# Updates the specified user's attributes, including developer
|
2168
|
-
# attributes, as an administrator. Works on any user.
|
2169
|
-
#
|
2170
|
-
# For custom attributes, you must prepend the `custom:` prefix to the
|
2171
|
-
# attribute name.
|
2172
|
-
#
|
2173
|
-
# In addition to updating user attributes, this API can also be used to
|
2174
|
-
# mark phone and email as verified.
|
2175
|
-
#
|
2176
2660
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
2177
2661
|
# US telecom carriers require you to register an origination phone
|
2178
2662
|
# number before you can send SMS messages to US phone numbers. If you
|
@@ -2194,12 +2678,36 @@ module Aws::CognitoIdentityProvider
|
|
2194
2678
|
#
|
2195
2679
|
# </note>
|
2196
2680
|
#
|
2197
|
-
#
|
2681
|
+
# Updates the specified user's attributes, including developer
|
2682
|
+
# attributes, as an administrator. Works on any user. To delete an
|
2683
|
+
# attribute from your user, submit the attribute in your API request
|
2684
|
+
# with a blank value.
|
2685
|
+
#
|
2686
|
+
# For custom attributes, you must prepend the `custom:` prefix to the
|
2687
|
+
# attribute name.
|
2688
|
+
#
|
2689
|
+
# In addition to updating user attributes, this API can also be used to
|
2690
|
+
# mark phone and email as verified.
|
2691
|
+
#
|
2692
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2693
|
+
# in requests for this API operation. For this operation, you must use
|
2694
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
2695
|
+
# corresponding IAM permission in a policy.
|
2696
|
+
#
|
2697
|
+
# **Learn more**
|
2698
|
+
#
|
2699
|
+
# * [Signing Amazon Web Services API Requests][3]
|
2700
|
+
#
|
2701
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][4]
|
2702
|
+
#
|
2703
|
+
# </note>
|
2198
2704
|
#
|
2199
2705
|
#
|
2200
2706
|
#
|
2201
2707
|
# [1]: https://console.aws.amazon.com/pinpoint/home/
|
2202
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/
|
2708
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
2709
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2710
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2203
2711
|
#
|
2204
2712
|
# @option params [required, String] :user_pool_id
|
2205
2713
|
# The user pool ID for the user pool where you want to update user
|
@@ -2293,16 +2801,34 @@ module Aws::CognitoIdentityProvider
|
|
2293
2801
|
req.send_request(options)
|
2294
2802
|
end
|
2295
2803
|
|
2296
|
-
# Signs out a user from all devices.
|
2297
|
-
#
|
2298
|
-
#
|
2299
|
-
#
|
2300
|
-
#
|
2301
|
-
#
|
2302
|
-
#
|
2303
|
-
#
|
2804
|
+
# Signs out a user from all devices. `AdminUserGlobalSignOut`
|
2805
|
+
# invalidates all identity, access and refresh tokens that Amazon
|
2806
|
+
# Cognito has issued to a user. A user can still use a hosted UI cookie
|
2807
|
+
# to retrieve new tokens for the duration of the 1-hour cookie validity
|
2808
|
+
# period.
|
2809
|
+
#
|
2810
|
+
# Your app isn't aware that a user's access token is revoked unless it
|
2811
|
+
# attempts to authorize a user pools API request with an access token
|
2812
|
+
# that contains the scope `aws.cognito.signin.user.admin`. Your app
|
2813
|
+
# might otherwise accept access tokens until they expire.
|
2814
|
+
#
|
2815
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2816
|
+
# in requests for this API operation. For this operation, you must use
|
2817
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
2818
|
+
# corresponding IAM permission in a policy.
|
2819
|
+
#
|
2820
|
+
# **Learn more**
|
2821
|
+
#
|
2822
|
+
# * [Signing Amazon Web Services API Requests][1]
|
2823
|
+
#
|
2824
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
2825
|
+
#
|
2826
|
+
# </note>
|
2304
2827
|
#
|
2305
|
-
#
|
2828
|
+
#
|
2829
|
+
#
|
2830
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
2831
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2306
2832
|
#
|
2307
2833
|
# @option params [required, String] :user_pool_id
|
2308
2834
|
# The user pool ID.
|
@@ -2350,9 +2876,19 @@ module Aws::CognitoIdentityProvider
|
|
2350
2876
|
#
|
2351
2877
|
# </note>
|
2352
2878
|
#
|
2879
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
2880
|
+
# policies in requests for this API operation. For this operation, you
|
2881
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
2882
|
+
# IAM permissions in policies. For more information about authorization
|
2883
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
2884
|
+
# OIDC APIs][2].
|
2885
|
+
#
|
2886
|
+
# </note>
|
2887
|
+
#
|
2353
2888
|
#
|
2354
2889
|
#
|
2355
2890
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html
|
2891
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2356
2892
|
#
|
2357
2893
|
# @option params [String] :access_token
|
2358
2894
|
# A valid access token that Amazon Cognito issued to the user whose
|
@@ -2391,6 +2927,19 @@ module Aws::CognitoIdentityProvider
|
|
2391
2927
|
|
2392
2928
|
# Changes the password for a specified user in a user pool.
|
2393
2929
|
#
|
2930
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
2931
|
+
# policies in requests for this API operation. For this operation, you
|
2932
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
2933
|
+
# IAM permissions in policies. For more information about authorization
|
2934
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
2935
|
+
# OIDC APIs][1].
|
2936
|
+
#
|
2937
|
+
# </note>
|
2938
|
+
#
|
2939
|
+
#
|
2940
|
+
#
|
2941
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2942
|
+
#
|
2394
2943
|
# @option params [required, String] :previous_password
|
2395
2944
|
# The old password.
|
2396
2945
|
#
|
@@ -2423,6 +2972,19 @@ module Aws::CognitoIdentityProvider
|
|
2423
2972
|
# Confirms tracking of the device. This API call is the call that begins
|
2424
2973
|
# device tracking.
|
2425
2974
|
#
|
2975
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
2976
|
+
# policies in requests for this API operation. For this operation, you
|
2977
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
2978
|
+
# IAM permissions in policies. For more information about authorization
|
2979
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
2980
|
+
# OIDC APIs][1].
|
2981
|
+
#
|
2982
|
+
# </note>
|
2983
|
+
#
|
2984
|
+
#
|
2985
|
+
#
|
2986
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2987
|
+
#
|
2426
2988
|
# @option params [required, String] :access_token
|
2427
2989
|
# A valid access token that Amazon Cognito issued to the user whose
|
2428
2990
|
# device you want to confirm.
|
@@ -2468,13 +3030,31 @@ module Aws::CognitoIdentityProvider
|
|
2468
3030
|
# Allows a user to enter a confirmation code to reset a forgotten
|
2469
3031
|
# password.
|
2470
3032
|
#
|
3033
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
3034
|
+
# policies in requests for this API operation. For this operation, you
|
3035
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
3036
|
+
# IAM permissions in policies. For more information about authorization
|
3037
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
3038
|
+
# OIDC APIs][1].
|
3039
|
+
#
|
3040
|
+
# </note>
|
3041
|
+
#
|
3042
|
+
#
|
3043
|
+
#
|
3044
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
3045
|
+
#
|
2471
3046
|
# @option params [required, String] :client_id
|
2472
3047
|
# The app client ID of the app associated with the user pool.
|
2473
3048
|
#
|
2474
3049
|
# @option params [String] :secret_hash
|
2475
3050
|
# A keyed-hash message authentication code (HMAC) calculated using the
|
2476
3051
|
# secret key of a user pool client and username plus the client ID in
|
2477
|
-
# the message.
|
3052
|
+
# the message. For more information about `SecretHash`, see [Computing
|
3053
|
+
# secret hash values][1].
|
3054
|
+
#
|
3055
|
+
#
|
3056
|
+
#
|
3057
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
2478
3058
|
#
|
2479
3059
|
# @option params [required, String] :username
|
2480
3060
|
# The user name of the user for whom you want to enter a code to
|
@@ -2572,6 +3152,19 @@ module Aws::CognitoIdentityProvider
|
|
2572
3152
|
|
2573
3153
|
# Confirms registration of a new user.
|
2574
3154
|
#
|
3155
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
3156
|
+
# policies in requests for this API operation. For this operation, you
|
3157
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
3158
|
+
# IAM permissions in policies. For more information about authorization
|
3159
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
3160
|
+
# OIDC APIs][1].
|
3161
|
+
#
|
3162
|
+
# </note>
|
3163
|
+
#
|
3164
|
+
#
|
3165
|
+
#
|
3166
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
3167
|
+
#
|
2575
3168
|
# @option params [required, String] :client_id
|
2576
3169
|
# The ID of the app client associated with the user pool.
|
2577
3170
|
#
|
@@ -2676,7 +3269,23 @@ module Aws::CognitoIdentityProvider
|
|
2676
3269
|
|
2677
3270
|
# Creates a new group in the specified user pool.
|
2678
3271
|
#
|
2679
|
-
#
|
3272
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
3273
|
+
# in requests for this API operation. For this operation, you must use
|
3274
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
3275
|
+
# corresponding IAM permission in a policy.
|
3276
|
+
#
|
3277
|
+
# **Learn more**
|
3278
|
+
#
|
3279
|
+
# * [Signing Amazon Web Services API Requests][1]
|
3280
|
+
#
|
3281
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
3282
|
+
#
|
3283
|
+
# </note>
|
3284
|
+
#
|
3285
|
+
#
|
3286
|
+
#
|
3287
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
3288
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2680
3289
|
#
|
2681
3290
|
# @option params [required, String] :group_name
|
2682
3291
|
# The name of the group. Must be unique.
|
@@ -2745,6 +3354,24 @@ module Aws::CognitoIdentityProvider
|
|
2745
3354
|
|
2746
3355
|
# Creates an IdP for a user pool.
|
2747
3356
|
#
|
3357
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
3358
|
+
# in requests for this API operation. For this operation, you must use
|
3359
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
3360
|
+
# corresponding IAM permission in a policy.
|
3361
|
+
#
|
3362
|
+
# **Learn more**
|
3363
|
+
#
|
3364
|
+
# * [Signing Amazon Web Services API Requests][1]
|
3365
|
+
#
|
3366
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
3367
|
+
#
|
3368
|
+
# </note>
|
3369
|
+
#
|
3370
|
+
#
|
3371
|
+
#
|
3372
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
3373
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
3374
|
+
#
|
2748
3375
|
# @option params [required, String] :user_pool_id
|
2749
3376
|
# The user pool ID.
|
2750
3377
|
#
|
@@ -2839,7 +3466,7 @@ module Aws::CognitoIdentityProvider
|
|
2839
3466
|
#
|
2840
3467
|
# resp = client.create_identity_provider({
|
2841
3468
|
# user_pool_id: "UserPoolIdType", # required
|
2842
|
-
# provider_name: "
|
3469
|
+
# provider_name: "ProviderNameTypeV2", # required
|
2843
3470
|
# provider_type: "SAML", # required, accepts SAML, Facebook, Google, LoginWithAmazon, SignInWithApple, OIDC
|
2844
3471
|
# provider_details: { # required
|
2845
3472
|
# "StringType" => "StringType",
|
@@ -2876,6 +3503,24 @@ module Aws::CognitoIdentityProvider
|
|
2876
3503
|
# Creates a new OAuth2.0 resource server and defines custom scopes
|
2877
3504
|
# within it.
|
2878
3505
|
#
|
3506
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
3507
|
+
# in requests for this API operation. For this operation, you must use
|
3508
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
3509
|
+
# corresponding IAM permission in a policy.
|
3510
|
+
#
|
3511
|
+
# **Learn more**
|
3512
|
+
#
|
3513
|
+
# * [Signing Amazon Web Services API Requests][1]
|
3514
|
+
#
|
3515
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
3516
|
+
#
|
3517
|
+
# </note>
|
3518
|
+
#
|
3519
|
+
#
|
3520
|
+
#
|
3521
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
3522
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
3523
|
+
#
|
2879
3524
|
# @option params [required, String] :user_pool_id
|
2880
3525
|
# The user pool ID for the user pool.
|
2881
3526
|
#
|
@@ -2927,7 +3572,25 @@ module Aws::CognitoIdentityProvider
|
|
2927
3572
|
req.send_request(options)
|
2928
3573
|
end
|
2929
3574
|
|
2930
|
-
# Creates
|
3575
|
+
# Creates a user import job.
|
3576
|
+
#
|
3577
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
3578
|
+
# in requests for this API operation. For this operation, you must use
|
3579
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
3580
|
+
# corresponding IAM permission in a policy.
|
3581
|
+
#
|
3582
|
+
# **Learn more**
|
3583
|
+
#
|
3584
|
+
# * [Signing Amazon Web Services API Requests][1]
|
3585
|
+
#
|
3586
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
3587
|
+
#
|
3588
|
+
# </note>
|
3589
|
+
#
|
3590
|
+
#
|
3591
|
+
#
|
3592
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
3593
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2931
3594
|
#
|
2932
3595
|
# @option params [required, String] :job_name
|
2933
3596
|
# The job name for the user import job.
|
@@ -2977,9 +3640,6 @@ module Aws::CognitoIdentityProvider
|
|
2977
3640
|
req.send_request(options)
|
2978
3641
|
end
|
2979
3642
|
|
2980
|
-
# Creates a new Amazon Cognito user pool and sets the password policy
|
2981
|
-
# for the pool.
|
2982
|
-
#
|
2983
3643
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
2984
3644
|
# US telecom carriers require you to register an origination phone
|
2985
3645
|
# number before you can send SMS messages to US phone numbers. If you
|
@@ -3001,10 +3661,31 @@ module Aws::CognitoIdentityProvider
|
|
3001
3661
|
#
|
3002
3662
|
# </note>
|
3003
3663
|
#
|
3664
|
+
# Creates a new Amazon Cognito user pool and sets the password policy
|
3665
|
+
# for the pool.
|
3666
|
+
#
|
3667
|
+
# If you don't provide a value for an attribute, Amazon Cognito sets it
|
3668
|
+
# to its default value.
|
3669
|
+
#
|
3670
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
3671
|
+
# in requests for this API operation. For this operation, you must use
|
3672
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
3673
|
+
# corresponding IAM permission in a policy.
|
3674
|
+
#
|
3675
|
+
# **Learn more**
|
3676
|
+
#
|
3677
|
+
# * [Signing Amazon Web Services API Requests][3]
|
3678
|
+
#
|
3679
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][4]
|
3680
|
+
#
|
3681
|
+
# </note>
|
3682
|
+
#
|
3004
3683
|
#
|
3005
3684
|
#
|
3006
3685
|
# [1]: https://console.aws.amazon.com/pinpoint/home/
|
3007
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/
|
3686
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
3687
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
3688
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
3008
3689
|
#
|
3009
3690
|
# @option params [required, String] :pool_name
|
3010
3691
|
# A string used to name the user pool.
|
@@ -3139,15 +3820,32 @@ module Aws::CognitoIdentityProvider
|
|
3139
3820
|
# can be standard or custom attributes.
|
3140
3821
|
#
|
3141
3822
|
# @option params [Types::UserPoolAddOnsType] :user_pool_add_ons
|
3142
|
-
#
|
3143
|
-
#
|
3823
|
+
# User pool add-ons. Contains settings for activation of advanced
|
3824
|
+
# security features. To log user security information but take no
|
3825
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
3826
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
3827
|
+
#
|
3828
|
+
# For more information, see [Adding advanced security to a user
|
3829
|
+
# pool][1].
|
3830
|
+
#
|
3831
|
+
#
|
3832
|
+
#
|
3833
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
3144
3834
|
#
|
3145
3835
|
# @option params [Types::UsernameConfigurationType] :username_configuration
|
3146
3836
|
# Case sensitivity on the username input for the selected sign-in
|
3147
|
-
# option.
|
3148
|
-
# can sign in
|
3149
|
-
#
|
3150
|
-
#
|
3837
|
+
# option. When case sensitivity is set to `False` (case insensitive),
|
3838
|
+
# users can sign in with any combination of capital and lowercase
|
3839
|
+
# letters. For example, `username`, `USERNAME`, or `UserName`, or for
|
3840
|
+
# email, `email@example.com` or `EMaiL@eXamplE.Com`. For most use cases,
|
3841
|
+
# set case sensitivity to `False` (case insensitive) as a best practice.
|
3842
|
+
# When usernames and email addresses are case insensitive, Amazon
|
3843
|
+
# Cognito treats any variation in case as the same user, and prevents a
|
3844
|
+
# case variation from being assigned to the same attribute for a
|
3845
|
+
# different user.
|
3846
|
+
#
|
3847
|
+
# This configuration is immutable after you set it. For more
|
3848
|
+
# information, see [UsernameConfigurationType][1].
|
3151
3849
|
#
|
3152
3850
|
#
|
3153
3851
|
#
|
@@ -3167,6 +3865,462 @@ module Aws::CognitoIdentityProvider
|
|
3167
3865
|
#
|
3168
3866
|
# * {Types::CreateUserPoolResponse#user_pool #user_pool} => Types::UserPoolType
|
3169
3867
|
#
|
3868
|
+
#
|
3869
|
+
# @example Example: Example user pool with email and username sign-in
|
3870
|
+
#
|
3871
|
+
# # The following example creates a user pool with all configurable properties set to an example value. The resulting user
|
3872
|
+
# # pool allows sign-in with username or email address, has optional MFA, and has a Lambda function assigned to each
|
3873
|
+
# # possible trigger.
|
3874
|
+
#
|
3875
|
+
# resp = client.create_user_pool({
|
3876
|
+
# account_recovery_setting: {
|
3877
|
+
# recovery_mechanisms: [
|
3878
|
+
# {
|
3879
|
+
# name: "verified_email",
|
3880
|
+
# priority: 1,
|
3881
|
+
# },
|
3882
|
+
# ],
|
3883
|
+
# },
|
3884
|
+
# admin_create_user_config: {
|
3885
|
+
# allow_admin_create_user_only: false,
|
3886
|
+
# invite_message_template: {
|
3887
|
+
# email_message: "Your username is {username} and temporary password is {####}.",
|
3888
|
+
# email_subject: "Your sign-in information",
|
3889
|
+
# sms_message: "Your username is {username} and temporary password is {####}.",
|
3890
|
+
# },
|
3891
|
+
# },
|
3892
|
+
# alias_attributes: [
|
3893
|
+
# "email",
|
3894
|
+
# ],
|
3895
|
+
# auto_verified_attributes: [
|
3896
|
+
# "email",
|
3897
|
+
# ],
|
3898
|
+
# deletion_protection: "ACTIVE",
|
3899
|
+
# device_configuration: {
|
3900
|
+
# challenge_required_on_new_device: true,
|
3901
|
+
# device_only_remembered_on_user_prompt: true,
|
3902
|
+
# },
|
3903
|
+
# email_configuration: {
|
3904
|
+
# configuration_set: "my-test-ses-configuration-set",
|
3905
|
+
# email_sending_account: "DEVELOPER",
|
3906
|
+
# from: "support@example.com",
|
3907
|
+
# reply_to_email_address: "support@example.com",
|
3908
|
+
# source_arn: "arn:aws:ses:us-east-1:123456789012:identity/support@example.com",
|
3909
|
+
# },
|
3910
|
+
# email_verification_message: "Your verification code is {####}.",
|
3911
|
+
# email_verification_subject: "Verify your email address",
|
3912
|
+
# lambda_config: {
|
3913
|
+
# custom_email_sender: {
|
3914
|
+
# lambda_arn: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3915
|
+
# lambda_version: "V1_0",
|
3916
|
+
# },
|
3917
|
+
# custom_message: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3918
|
+
# custom_sms_sender: {
|
3919
|
+
# lambda_arn: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3920
|
+
# lambda_version: "V1_0",
|
3921
|
+
# },
|
3922
|
+
# define_auth_challenge: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3923
|
+
# kms_key_id: "arn:aws:kms:us-east-1:123456789012:key/a6c4f8e2-0c45-47db-925f-87854bc9e357",
|
3924
|
+
# post_authentication: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3925
|
+
# post_confirmation: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3926
|
+
# pre_authentication: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3927
|
+
# pre_sign_up: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3928
|
+
# pre_token_generation: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3929
|
+
# user_migration: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3930
|
+
# verify_auth_challenge_response: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
3931
|
+
# },
|
3932
|
+
# mfa_configuration: "OPTIONAL",
|
3933
|
+
# policies: {
|
3934
|
+
# password_policy: {
|
3935
|
+
# minimum_length: 6,
|
3936
|
+
# require_lowercase: true,
|
3937
|
+
# require_numbers: true,
|
3938
|
+
# require_symbols: true,
|
3939
|
+
# require_uppercase: true,
|
3940
|
+
# temporary_password_validity_days: 7,
|
3941
|
+
# },
|
3942
|
+
# },
|
3943
|
+
# pool_name: "my-test-user-pool",
|
3944
|
+
# schema: [
|
3945
|
+
# {
|
3946
|
+
# attribute_data_type: "Number",
|
3947
|
+
# developer_only_attribute: true,
|
3948
|
+
# mutable: true,
|
3949
|
+
# name: "mydev",
|
3950
|
+
# number_attribute_constraints: {
|
3951
|
+
# max_value: "99",
|
3952
|
+
# min_value: "1",
|
3953
|
+
# },
|
3954
|
+
# required: false,
|
3955
|
+
# string_attribute_constraints: {
|
3956
|
+
# max_length: "99",
|
3957
|
+
# min_length: "1",
|
3958
|
+
# },
|
3959
|
+
# },
|
3960
|
+
# ],
|
3961
|
+
# sms_authentication_message: "Your verification code is {####}.",
|
3962
|
+
# sms_configuration: {
|
3963
|
+
# external_id: "my-role-external-id",
|
3964
|
+
# sns_caller_arn: "arn:aws:iam::123456789012:role/service-role/test-cognito-SMS-Role",
|
3965
|
+
# },
|
3966
|
+
# sms_verification_message: "Your verification code is {####}.",
|
3967
|
+
# user_attribute_update_settings: {
|
3968
|
+
# attributes_require_verification_before_update: [
|
3969
|
+
# "email",
|
3970
|
+
# ],
|
3971
|
+
# },
|
3972
|
+
# user_pool_add_ons: {
|
3973
|
+
# advanced_security_mode: "OFF",
|
3974
|
+
# },
|
3975
|
+
# user_pool_tags: {
|
3976
|
+
# "my-test-tag-key" => "my-test-tag-key",
|
3977
|
+
# },
|
3978
|
+
# username_configuration: {
|
3979
|
+
# case_sensitive: true,
|
3980
|
+
# },
|
3981
|
+
# verification_message_template: {
|
3982
|
+
# default_email_option: "CONFIRM_WITH_CODE",
|
3983
|
+
# email_message: "Your confirmation code is {####}",
|
3984
|
+
# email_message_by_link: "Choose this link to {##verify your email##}",
|
3985
|
+
# email_subject: "Here is your confirmation code",
|
3986
|
+
# email_subject_by_link: "Here is your confirmation link",
|
3987
|
+
# sms_message: "Your confirmation code is {####}",
|
3988
|
+
# },
|
3989
|
+
# })
|
3990
|
+
#
|
3991
|
+
# resp.to_h outputs the following:
|
3992
|
+
# {
|
3993
|
+
# user_pool: {
|
3994
|
+
# account_recovery_setting: {
|
3995
|
+
# recovery_mechanisms: [
|
3996
|
+
# {
|
3997
|
+
# name: "verified_email",
|
3998
|
+
# priority: 1,
|
3999
|
+
# },
|
4000
|
+
# ],
|
4001
|
+
# },
|
4002
|
+
# admin_create_user_config: {
|
4003
|
+
# allow_admin_create_user_only: false,
|
4004
|
+
# invite_message_template: {
|
4005
|
+
# email_message: "Your username is {username} and temporary password is {####}.",
|
4006
|
+
# email_subject: "Your sign-in information",
|
4007
|
+
# sms_message: "Your username is {username} and temporary password is {####}.",
|
4008
|
+
# },
|
4009
|
+
# unused_account_validity_days: 7,
|
4010
|
+
# },
|
4011
|
+
# alias_attributes: [
|
4012
|
+
# "email",
|
4013
|
+
# ],
|
4014
|
+
# arn: "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_EXAMPLE",
|
4015
|
+
# auto_verified_attributes: [
|
4016
|
+
# "email",
|
4017
|
+
# ],
|
4018
|
+
# creation_date: Time.parse(1689721665.239),
|
4019
|
+
# deletion_protection: "ACTIVE",
|
4020
|
+
# device_configuration: {
|
4021
|
+
# challenge_required_on_new_device: true,
|
4022
|
+
# device_only_remembered_on_user_prompt: true,
|
4023
|
+
# },
|
4024
|
+
# email_configuration: {
|
4025
|
+
# configuration_set: "my-test-ses-configuration-set",
|
4026
|
+
# email_sending_account: "DEVELOPER",
|
4027
|
+
# from: "support@example.com",
|
4028
|
+
# reply_to_email_address: "support@example.com",
|
4029
|
+
# source_arn: "arn:aws:ses:us-east-1:123456789012:identity/support@example.com",
|
4030
|
+
# },
|
4031
|
+
# email_verification_message: "Your verification code is {####}.",
|
4032
|
+
# email_verification_subject: "Verify your email address",
|
4033
|
+
# estimated_number_of_users: 0,
|
4034
|
+
# id: "us-east-1_EXAMPLE",
|
4035
|
+
# lambda_config: {
|
4036
|
+
# custom_email_sender: {
|
4037
|
+
# lambda_arn: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4038
|
+
# lambda_version: "V1_0",
|
4039
|
+
# },
|
4040
|
+
# custom_message: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4041
|
+
# custom_sms_sender: {
|
4042
|
+
# lambda_arn: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4043
|
+
# lambda_version: "V1_0",
|
4044
|
+
# },
|
4045
|
+
# define_auth_challenge: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4046
|
+
# kms_key_id: "arn:aws:kms:us-east-1:767671399759:key/4d43904c-8edf-4bb4-9fca-fb1a80e41cbe",
|
4047
|
+
# post_authentication: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4048
|
+
# post_confirmation: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4049
|
+
# pre_authentication: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4050
|
+
# pre_sign_up: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4051
|
+
# pre_token_generation: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4052
|
+
# user_migration: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4053
|
+
# verify_auth_challenge_response: "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
|
4054
|
+
# },
|
4055
|
+
# last_modified_date: Time.parse(1689721665.239),
|
4056
|
+
# mfa_configuration: "OPTIONAL",
|
4057
|
+
# name: "my-test-user-pool",
|
4058
|
+
# policies: {
|
4059
|
+
# password_policy: {
|
4060
|
+
# minimum_length: 6,
|
4061
|
+
# require_lowercase: true,
|
4062
|
+
# require_numbers: true,
|
4063
|
+
# require_symbols: true,
|
4064
|
+
# require_uppercase: true,
|
4065
|
+
# temporary_password_validity_days: 7,
|
4066
|
+
# },
|
4067
|
+
# },
|
4068
|
+
# schema_attributes: [
|
4069
|
+
# {
|
4070
|
+
# attribute_data_type: "String",
|
4071
|
+
# developer_only_attribute: false,
|
4072
|
+
# mutable: false,
|
4073
|
+
# name: "sub",
|
4074
|
+
# required: true,
|
4075
|
+
# string_attribute_constraints: {
|
4076
|
+
# max_length: "2048",
|
4077
|
+
# min_length: "1",
|
4078
|
+
# },
|
4079
|
+
# },
|
4080
|
+
# {
|
4081
|
+
# attribute_data_type: "String",
|
4082
|
+
# developer_only_attribute: false,
|
4083
|
+
# mutable: true,
|
4084
|
+
# name: "name",
|
4085
|
+
# required: false,
|
4086
|
+
# string_attribute_constraints: {
|
4087
|
+
# max_length: "2048",
|
4088
|
+
# min_length: "0",
|
4089
|
+
# },
|
4090
|
+
# },
|
4091
|
+
# {
|
4092
|
+
# attribute_data_type: "String",
|
4093
|
+
# developer_only_attribute: false,
|
4094
|
+
# mutable: true,
|
4095
|
+
# name: "given_name",
|
4096
|
+
# required: false,
|
4097
|
+
# string_attribute_constraints: {
|
4098
|
+
# max_length: "2048",
|
4099
|
+
# min_length: "0",
|
4100
|
+
# },
|
4101
|
+
# },
|
4102
|
+
# {
|
4103
|
+
# attribute_data_type: "String",
|
4104
|
+
# developer_only_attribute: false,
|
4105
|
+
# mutable: true,
|
4106
|
+
# name: "family_name",
|
4107
|
+
# required: false,
|
4108
|
+
# string_attribute_constraints: {
|
4109
|
+
# max_length: "2048",
|
4110
|
+
# min_length: "0",
|
4111
|
+
# },
|
4112
|
+
# },
|
4113
|
+
# {
|
4114
|
+
# attribute_data_type: "String",
|
4115
|
+
# developer_only_attribute: false,
|
4116
|
+
# mutable: true,
|
4117
|
+
# name: "middle_name",
|
4118
|
+
# required: false,
|
4119
|
+
# string_attribute_constraints: {
|
4120
|
+
# max_length: "2048",
|
4121
|
+
# min_length: "0",
|
4122
|
+
# },
|
4123
|
+
# },
|
4124
|
+
# {
|
4125
|
+
# attribute_data_type: "String",
|
4126
|
+
# developer_only_attribute: false,
|
4127
|
+
# mutable: true,
|
4128
|
+
# name: "nickname",
|
4129
|
+
# required: false,
|
4130
|
+
# string_attribute_constraints: {
|
4131
|
+
# max_length: "2048",
|
4132
|
+
# min_length: "0",
|
4133
|
+
# },
|
4134
|
+
# },
|
4135
|
+
# {
|
4136
|
+
# attribute_data_type: "String",
|
4137
|
+
# developer_only_attribute: false,
|
4138
|
+
# mutable: true,
|
4139
|
+
# name: "preferred_username",
|
4140
|
+
# required: false,
|
4141
|
+
# string_attribute_constraints: {
|
4142
|
+
# max_length: "2048",
|
4143
|
+
# min_length: "0",
|
4144
|
+
# },
|
4145
|
+
# },
|
4146
|
+
# {
|
4147
|
+
# attribute_data_type: "String",
|
4148
|
+
# developer_only_attribute: false,
|
4149
|
+
# mutable: true,
|
4150
|
+
# name: "profile",
|
4151
|
+
# required: false,
|
4152
|
+
# string_attribute_constraints: {
|
4153
|
+
# max_length: "2048",
|
4154
|
+
# min_length: "0",
|
4155
|
+
# },
|
4156
|
+
# },
|
4157
|
+
# {
|
4158
|
+
# attribute_data_type: "String",
|
4159
|
+
# developer_only_attribute: false,
|
4160
|
+
# mutable: true,
|
4161
|
+
# name: "picture",
|
4162
|
+
# required: false,
|
4163
|
+
# string_attribute_constraints: {
|
4164
|
+
# max_length: "2048",
|
4165
|
+
# min_length: "0",
|
4166
|
+
# },
|
4167
|
+
# },
|
4168
|
+
# {
|
4169
|
+
# attribute_data_type: "String",
|
4170
|
+
# developer_only_attribute: false,
|
4171
|
+
# mutable: true,
|
4172
|
+
# name: "website",
|
4173
|
+
# required: false,
|
4174
|
+
# string_attribute_constraints: {
|
4175
|
+
# max_length: "2048",
|
4176
|
+
# min_length: "0",
|
4177
|
+
# },
|
4178
|
+
# },
|
4179
|
+
# {
|
4180
|
+
# attribute_data_type: "String",
|
4181
|
+
# developer_only_attribute: false,
|
4182
|
+
# mutable: true,
|
4183
|
+
# name: "email",
|
4184
|
+
# required: false,
|
4185
|
+
# string_attribute_constraints: {
|
4186
|
+
# max_length: "2048",
|
4187
|
+
# min_length: "0",
|
4188
|
+
# },
|
4189
|
+
# },
|
4190
|
+
# {
|
4191
|
+
# attribute_data_type: "Boolean",
|
4192
|
+
# developer_only_attribute: false,
|
4193
|
+
# mutable: true,
|
4194
|
+
# name: "email_verified",
|
4195
|
+
# required: false,
|
4196
|
+
# },
|
4197
|
+
# {
|
4198
|
+
# attribute_data_type: "String",
|
4199
|
+
# developer_only_attribute: false,
|
4200
|
+
# mutable: true,
|
4201
|
+
# name: "gender",
|
4202
|
+
# required: false,
|
4203
|
+
# string_attribute_constraints: {
|
4204
|
+
# max_length: "2048",
|
4205
|
+
# min_length: "0",
|
4206
|
+
# },
|
4207
|
+
# },
|
4208
|
+
# {
|
4209
|
+
# attribute_data_type: "String",
|
4210
|
+
# developer_only_attribute: false,
|
4211
|
+
# mutable: true,
|
4212
|
+
# name: "birthdate",
|
4213
|
+
# required: false,
|
4214
|
+
# string_attribute_constraints: {
|
4215
|
+
# max_length: "10",
|
4216
|
+
# min_length: "10",
|
4217
|
+
# },
|
4218
|
+
# },
|
4219
|
+
# {
|
4220
|
+
# attribute_data_type: "String",
|
4221
|
+
# developer_only_attribute: false,
|
4222
|
+
# mutable: true,
|
4223
|
+
# name: "zoneinfo",
|
4224
|
+
# required: false,
|
4225
|
+
# string_attribute_constraints: {
|
4226
|
+
# max_length: "2048",
|
4227
|
+
# min_length: "0",
|
4228
|
+
# },
|
4229
|
+
# },
|
4230
|
+
# {
|
4231
|
+
# attribute_data_type: "String",
|
4232
|
+
# developer_only_attribute: false,
|
4233
|
+
# mutable: true,
|
4234
|
+
# name: "locale",
|
4235
|
+
# required: false,
|
4236
|
+
# string_attribute_constraints: {
|
4237
|
+
# max_length: "2048",
|
4238
|
+
# min_length: "0",
|
4239
|
+
# },
|
4240
|
+
# },
|
4241
|
+
# {
|
4242
|
+
# attribute_data_type: "String",
|
4243
|
+
# developer_only_attribute: false,
|
4244
|
+
# mutable: true,
|
4245
|
+
# name: "phone_number",
|
4246
|
+
# required: false,
|
4247
|
+
# string_attribute_constraints: {
|
4248
|
+
# max_length: "2048",
|
4249
|
+
# min_length: "0",
|
4250
|
+
# },
|
4251
|
+
# },
|
4252
|
+
# {
|
4253
|
+
# attribute_data_type: "Boolean",
|
4254
|
+
# developer_only_attribute: false,
|
4255
|
+
# mutable: true,
|
4256
|
+
# name: "phone_number_verifie",
|
4257
|
+
# required: false,
|
4258
|
+
# },
|
4259
|
+
# {
|
4260
|
+
# attribute_data_type: "String",
|
4261
|
+
# developer_only_attribute: false,
|
4262
|
+
# mutable: true,
|
4263
|
+
# name: "address",
|
4264
|
+
# required: false,
|
4265
|
+
# string_attribute_constraints: {
|
4266
|
+
# max_length: "2048",
|
4267
|
+
# min_length: "0",
|
4268
|
+
# },
|
4269
|
+
# },
|
4270
|
+
# {
|
4271
|
+
# attribute_data_type: "Number",
|
4272
|
+
# developer_only_attribute: false,
|
4273
|
+
# mutable: true,
|
4274
|
+
# name: "updated_at",
|
4275
|
+
# number_attribute_constraints: {
|
4276
|
+
# min_value: "0",
|
4277
|
+
# },
|
4278
|
+
# required: false,
|
4279
|
+
# },
|
4280
|
+
# {
|
4281
|
+
# attribute_data_type: "Number",
|
4282
|
+
# developer_only_attribute: true,
|
4283
|
+
# mutable: true,
|
4284
|
+
# name: "dev:custom:mydev",
|
4285
|
+
# number_attribute_constraints: {
|
4286
|
+
# max_value: "99",
|
4287
|
+
# min_value: "1",
|
4288
|
+
# },
|
4289
|
+
# required: false,
|
4290
|
+
# },
|
4291
|
+
# ],
|
4292
|
+
# sms_authentication_message: "Your verification code is {####}.",
|
4293
|
+
# sms_configuration: {
|
4294
|
+
# external_id: "my-role-external-id",
|
4295
|
+
# sns_caller_arn: "arn:aws:iam::123456789012:role/service-role/test-cognito-SMS-Role",
|
4296
|
+
# sns_region: "us-east-1",
|
4297
|
+
# },
|
4298
|
+
# sms_verification_message: "Your verification code is {####}.",
|
4299
|
+
# user_attribute_update_settings: {
|
4300
|
+
# attributes_require_verification_before_update: [
|
4301
|
+
# "email",
|
4302
|
+
# ],
|
4303
|
+
# },
|
4304
|
+
# user_pool_add_ons: {
|
4305
|
+
# advanced_security_mode: "OFF",
|
4306
|
+
# },
|
4307
|
+
# user_pool_tags: {
|
4308
|
+
# "my-test-tag-key" => "my-test-tag-value",
|
4309
|
+
# },
|
4310
|
+
# username_configuration: {
|
4311
|
+
# case_sensitive: true,
|
4312
|
+
# },
|
4313
|
+
# verification_message_template: {
|
4314
|
+
# default_email_option: "CONFIRM_WITH_CODE",
|
4315
|
+
# email_message: "Your confirmation code is {####}",
|
4316
|
+
# email_message_by_link: "Choose this link to {##verify your email##}",
|
4317
|
+
# email_subject: "Here is your confirmation code",
|
4318
|
+
# email_subject_by_link: "Here is your confirmation link",
|
4319
|
+
# sms_message: "Your confirmation code is {####}",
|
4320
|
+
# },
|
4321
|
+
# },
|
4322
|
+
# }
|
4323
|
+
#
|
3170
4324
|
# @example Request syntax with placeholder values
|
3171
4325
|
#
|
3172
4326
|
# resp = client.create_user_pool({
|
@@ -3385,9 +4539,27 @@ module Aws::CognitoIdentityProvider
|
|
3385
4539
|
# automatically activated. For more information about revoking tokens,
|
3386
4540
|
# see [RevokeToken][1].
|
3387
4541
|
#
|
4542
|
+
# If you don't provide a value for an attribute, Amazon Cognito sets it
|
4543
|
+
# to its default value.
|
4544
|
+
#
|
4545
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
4546
|
+
# in requests for this API operation. For this operation, you must use
|
4547
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
4548
|
+
# corresponding IAM permission in a policy.
|
4549
|
+
#
|
4550
|
+
# **Learn more**
|
4551
|
+
#
|
4552
|
+
# * [Signing Amazon Web Services API Requests][2]
|
4553
|
+
#
|
4554
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][3]
|
4555
|
+
#
|
4556
|
+
# </note>
|
4557
|
+
#
|
3388
4558
|
#
|
3389
4559
|
#
|
3390
4560
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
|
4561
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
4562
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
3391
4563
|
#
|
3392
4564
|
# @option params [required, String] :user_pool_id
|
3393
4565
|
# The user pool ID for the user pool where you want to create a user
|
@@ -3444,7 +4616,7 @@ module Aws::CognitoIdentityProvider
|
|
3444
4616
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
3445
4617
|
# session with their ID token for 10 hours.
|
3446
4618
|
#
|
3447
|
-
# The default time unit for `
|
4619
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
3448
4620
|
# hours. *Valid range* is displayed below in seconds.
|
3449
4621
|
#
|
3450
4622
|
# If you don't specify otherwise in the configuration of your app
|
@@ -3593,8 +4765,26 @@ module Aws::CognitoIdentityProvider
|
|
3593
4765
|
# created in Resource Servers are also supported.
|
3594
4766
|
#
|
3595
4767
|
# @option params [Boolean] :allowed_o_auth_flows_user_pool_client
|
3596
|
-
# Set to true
|
3597
|
-
#
|
4768
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app client.
|
4769
|
+
#
|
4770
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
4771
|
+
# configure the following features in your app client.
|
4772
|
+
#
|
4773
|
+
# * `CallBackURLs`: Callback URLs.
|
4774
|
+
#
|
4775
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
4776
|
+
#
|
4777
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
4778
|
+
#
|
4779
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
4780
|
+
# client credentials OAuth 2.0 grants.
|
4781
|
+
#
|
4782
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
4783
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
4784
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
4785
|
+
# request. If you don't set a value for
|
4786
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
4787
|
+
# it defaults to `false`.
|
3598
4788
|
#
|
3599
4789
|
# @option params [Types::AnalyticsConfigurationType] :analytics_configuration
|
3600
4790
|
# The user pool analytics configuration for collecting metrics and
|
@@ -3660,6 +4850,134 @@ module Aws::CognitoIdentityProvider
|
|
3660
4850
|
#
|
3661
4851
|
# * {Types::CreateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
|
3662
4852
|
#
|
4853
|
+
#
|
4854
|
+
# @example Example: Example user pool app client with email and username sign-in
|
4855
|
+
#
|
4856
|
+
# # The following example creates an app client with all configurable properties set to an example value. The resulting user
|
4857
|
+
# # pool client connects to an analytics client, allows sign-in with username and password, and has two external identity
|
4858
|
+
# # providers associated with it.
|
4859
|
+
#
|
4860
|
+
# resp = client.create_user_pool_client({
|
4861
|
+
# access_token_validity: 6,
|
4862
|
+
# allowed_o_auth_flows: [
|
4863
|
+
# "code",
|
4864
|
+
# ],
|
4865
|
+
# allowed_o_auth_flows_user_pool_client: true,
|
4866
|
+
# allowed_o_auth_scopes: [
|
4867
|
+
# "aws.cognito.signin.user.admin",
|
4868
|
+
# "openid",
|
4869
|
+
# ],
|
4870
|
+
# analytics_configuration: {
|
4871
|
+
# application_id: "d70b2ba36a8c4dc5a04a0451a31a1e12",
|
4872
|
+
# external_id: "my-external-id",
|
4873
|
+
# role_arn: "arn:aws:iam::123456789012:role/test-cognitouserpool-role",
|
4874
|
+
# user_data_shared: true,
|
4875
|
+
# },
|
4876
|
+
# callback_urls: [
|
4877
|
+
# "https://example.com",
|
4878
|
+
# "http://localhost",
|
4879
|
+
# "myapp://example",
|
4880
|
+
# ],
|
4881
|
+
# client_name: "my-test-app-client",
|
4882
|
+
# default_redirect_uri: "https://example.com",
|
4883
|
+
# explicit_auth_flows: [
|
4884
|
+
# "ALLOW_ADMIN_USER_PASSWORD_AUTH",
|
4885
|
+
# "ALLOW_USER_PASSWORD_AUTH",
|
4886
|
+
# "ALLOW_REFRESH_TOKEN_AUTH",
|
4887
|
+
# ],
|
4888
|
+
# generate_secret: true,
|
4889
|
+
# id_token_validity: 6,
|
4890
|
+
# logout_urls: [
|
4891
|
+
# "https://example.com/logout",
|
4892
|
+
# ],
|
4893
|
+
# prevent_user_existence_errors: "ENABLED",
|
4894
|
+
# read_attributes: [
|
4895
|
+
# "email",
|
4896
|
+
# "address",
|
4897
|
+
# "preferred_username",
|
4898
|
+
# ],
|
4899
|
+
# refresh_token_validity: 6,
|
4900
|
+
# supported_identity_providers: [
|
4901
|
+
# "SignInWithApple",
|
4902
|
+
# "MySSO",
|
4903
|
+
# ],
|
4904
|
+
# token_validity_units: {
|
4905
|
+
# access_token: "hours",
|
4906
|
+
# id_token: "minutes",
|
4907
|
+
# refresh_token: "days",
|
4908
|
+
# },
|
4909
|
+
# user_pool_id: "us-east-1_EXAMPLE",
|
4910
|
+
# write_attributes: [
|
4911
|
+
# "family_name",
|
4912
|
+
# "email",
|
4913
|
+
# ],
|
4914
|
+
# })
|
4915
|
+
#
|
4916
|
+
# resp.to_h outputs the following:
|
4917
|
+
# {
|
4918
|
+
# user_pool_client: {
|
4919
|
+
# access_token_validity: 6,
|
4920
|
+
# allowed_o_auth_flows: [
|
4921
|
+
# "code",
|
4922
|
+
# ],
|
4923
|
+
# allowed_o_auth_flows_user_pool_client: true,
|
4924
|
+
# allowed_o_auth_scopes: [
|
4925
|
+
# "aws.cognito.signin.user.admin",
|
4926
|
+
# "openid",
|
4927
|
+
# ],
|
4928
|
+
# analytics_configuration: {
|
4929
|
+
# application_id: "d70b2ba36a8c4dc5a04a0451a31a1e12",
|
4930
|
+
# external_id: "my-external-id",
|
4931
|
+
# role_arn: "arn:aws:iam::123456789012:role/test-cognitouserpool-role",
|
4932
|
+
# user_data_shared: true,
|
4933
|
+
# },
|
4934
|
+
# auth_session_validity: 3,
|
4935
|
+
# callback_urls: [
|
4936
|
+
# "https://example.com",
|
4937
|
+
# "http://localhost",
|
4938
|
+
# "myapp://example",
|
4939
|
+
# ],
|
4940
|
+
# client_id: "26cb2c60kq7nbmas7rbme9b6pp",
|
4941
|
+
# client_name: "my-test-app-client",
|
4942
|
+
# client_secret: "13ka4h7u28d9oo44tqpq9djqsfvhvu8rk4d2ighvpu0k8fj1c2r9",
|
4943
|
+
# creation_date: Time.parse(1689885426.107),
|
4944
|
+
# default_redirect_uri: "https://example.com",
|
4945
|
+
# enable_propagate_additional_user_context_data: false,
|
4946
|
+
# enable_token_revocation: true,
|
4947
|
+
# explicit_auth_flows: [
|
4948
|
+
# "ALLOW_USER_PASSWORD_AUTH",
|
4949
|
+
# "ALLOW_ADMIN_USER_PASSWORD_AUTH",
|
4950
|
+
# "ALLOW_REFRESH_TOKEN_AUTH",
|
4951
|
+
# ],
|
4952
|
+
# id_token_validity: 6,
|
4953
|
+
# last_modified_date: Time.parse(1689885426.107),
|
4954
|
+
# logout_urls: [
|
4955
|
+
# "https://example.com/logout",
|
4956
|
+
# ],
|
4957
|
+
# prevent_user_existence_errors: "ENABLED",
|
4958
|
+
# read_attributes: [
|
4959
|
+
# "address",
|
4960
|
+
# "preferred_username",
|
4961
|
+
# "email",
|
4962
|
+
# ],
|
4963
|
+
# refresh_token_validity: 6,
|
4964
|
+
# supported_identity_providers: [
|
4965
|
+
# "SignInWithApple",
|
4966
|
+
# "MySSO",
|
4967
|
+
# ],
|
4968
|
+
# token_validity_units: {
|
4969
|
+
# access_token: "hours",
|
4970
|
+
# id_token: "minutes",
|
4971
|
+
# refresh_token: "days",
|
4972
|
+
# },
|
4973
|
+
# user_pool_id: "us-east-1_EXAMPLE",
|
4974
|
+
# write_attributes: [
|
4975
|
+
# "family_name",
|
4976
|
+
# "email",
|
4977
|
+
# ],
|
4978
|
+
# },
|
4979
|
+
# }
|
4980
|
+
#
|
3663
4981
|
# @example Request syntax with placeholder values
|
3664
4982
|
#
|
3665
4983
|
# resp = client.create_user_pool_client({
|
@@ -3750,6 +5068,24 @@ module Aws::CognitoIdentityProvider
|
|
3750
5068
|
|
3751
5069
|
# Creates a new domain for a user pool.
|
3752
5070
|
#
|
5071
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
5072
|
+
# in requests for this API operation. For this operation, you must use
|
5073
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
5074
|
+
# corresponding IAM permission in a policy.
|
5075
|
+
#
|
5076
|
+
# **Learn more**
|
5077
|
+
#
|
5078
|
+
# * [Signing Amazon Web Services API Requests][1]
|
5079
|
+
#
|
5080
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
5081
|
+
#
|
5082
|
+
# </note>
|
5083
|
+
#
|
5084
|
+
#
|
5085
|
+
#
|
5086
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
5087
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5088
|
+
#
|
3753
5089
|
# @option params [required, String] :domain
|
3754
5090
|
# The domain string. For custom domains, this is the fully-qualified
|
3755
5091
|
# domain name, such as `auth.example.com`. For Amazon Cognito prefix
|
@@ -3880,7 +5216,20 @@ module Aws::CognitoIdentityProvider
|
|
3880
5216
|
req.send_request(options)
|
3881
5217
|
end
|
3882
5218
|
|
3883
|
-
# Allows a user to delete
|
5219
|
+
# Allows a user to delete their own user profile.
|
5220
|
+
#
|
5221
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
5222
|
+
# policies in requests for this API operation. For this operation, you
|
5223
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
5224
|
+
# IAM permissions in policies. For more information about authorization
|
5225
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
5226
|
+
# OIDC APIs][1].
|
5227
|
+
#
|
5228
|
+
# </note>
|
5229
|
+
#
|
5230
|
+
#
|
5231
|
+
#
|
5232
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
3884
5233
|
#
|
3885
5234
|
# @option params [required, String] :access_token
|
3886
5235
|
# A valid access token that Amazon Cognito issued to the user whose user
|
@@ -3905,6 +5254,19 @@ module Aws::CognitoIdentityProvider
|
|
3905
5254
|
|
3906
5255
|
# Deletes the attributes for a user.
|
3907
5256
|
#
|
5257
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
5258
|
+
# policies in requests for this API operation. For this operation, you
|
5259
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
5260
|
+
# IAM permissions in policies. For more information about authorization
|
5261
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
5262
|
+
# OIDC APIs][1].
|
5263
|
+
#
|
5264
|
+
# </note>
|
5265
|
+
#
|
5266
|
+
#
|
5267
|
+
#
|
5268
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5269
|
+
#
|
3908
5270
|
# @option params [required, Array<String>] :user_attribute_names
|
3909
5271
|
# An array of strings representing the user attribute names you want to
|
3910
5272
|
# delete.
|
@@ -4197,6 +5559,24 @@ module Aws::CognitoIdentityProvider
|
|
4197
5559
|
# Returns the configuration information and metadata of the specified
|
4198
5560
|
# user pool.
|
4199
5561
|
#
|
5562
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
5563
|
+
# in requests for this API operation. For this operation, you must use
|
5564
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
5565
|
+
# corresponding IAM permission in a policy.
|
5566
|
+
#
|
5567
|
+
# **Learn more**
|
5568
|
+
#
|
5569
|
+
# * [Signing Amazon Web Services API Requests][1]
|
5570
|
+
#
|
5571
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
5572
|
+
#
|
5573
|
+
# </note>
|
5574
|
+
#
|
5575
|
+
#
|
5576
|
+
#
|
5577
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
5578
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5579
|
+
#
|
4200
5580
|
# @option params [required, String] :user_pool_id
|
4201
5581
|
# The user pool ID for the user pool you want to describe.
|
4202
5582
|
#
|
@@ -4309,6 +5689,24 @@ module Aws::CognitoIdentityProvider
|
|
4309
5689
|
# Client method for returning the configuration information and metadata
|
4310
5690
|
# of the specified user pool app client.
|
4311
5691
|
#
|
5692
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
5693
|
+
# in requests for this API operation. For this operation, you must use
|
5694
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
5695
|
+
# corresponding IAM permission in a policy.
|
5696
|
+
#
|
5697
|
+
# **Learn more**
|
5698
|
+
#
|
5699
|
+
# * [Signing Amazon Web Services API Requests][1]
|
5700
|
+
#
|
5701
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
5702
|
+
#
|
5703
|
+
# </note>
|
5704
|
+
#
|
5705
|
+
#
|
5706
|
+
#
|
5707
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
5708
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5709
|
+
#
|
4312
5710
|
# @option params [required, String] :user_pool_id
|
4313
5711
|
# The user pool ID for the user pool you want to describe.
|
4314
5712
|
#
|
@@ -4416,6 +5814,19 @@ module Aws::CognitoIdentityProvider
|
|
4416
5814
|
|
4417
5815
|
# Forgets the specified device.
|
4418
5816
|
#
|
5817
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
5818
|
+
# policies in requests for this API operation. For this operation, you
|
5819
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
5820
|
+
# IAM permissions in policies. For more information about authorization
|
5821
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
5822
|
+
# OIDC APIs][1].
|
5823
|
+
#
|
5824
|
+
# </note>
|
5825
|
+
#
|
5826
|
+
#
|
5827
|
+
#
|
5828
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5829
|
+
#
|
4419
5830
|
# @option params [String] :access_token
|
4420
5831
|
# A valid access token that Amazon Cognito issued to the user whose
|
4421
5832
|
# registered device you want to forget.
|
@@ -4447,15 +5858,28 @@ module Aws::CognitoIdentityProvider
|
|
4447
5858
|
# method used to send the confirmation code is sent according to the
|
4448
5859
|
# specified AccountRecoverySetting. For more information, see
|
4449
5860
|
# [Recovering User Accounts][1] in the *Amazon Cognito Developer Guide*.
|
4450
|
-
#
|
4451
|
-
#
|
4452
|
-
#
|
5861
|
+
# To use the confirmation code for resetting the password, call
|
5862
|
+
# [ConfirmForgotPassword][2].
|
5863
|
+
#
|
5864
|
+
# If neither a verified phone number nor a verified email exists, this
|
5865
|
+
# API returns `InvalidParameterException`. If your app client has a
|
5866
|
+
# client secret and you don't provide a `SECRET_HASH` parameter, this
|
5867
|
+
# API returns `NotAuthorizedException`.
|
5868
|
+
#
|
5869
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
5870
|
+
# policies in requests for this API operation. For this operation, you
|
5871
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
5872
|
+
# IAM permissions in policies. For more information about authorization
|
5873
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
5874
|
+
# OIDC APIs][3].
|
5875
|
+
#
|
5876
|
+
# </note>
|
4453
5877
|
#
|
4454
5878
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
4455
5879
|
# US telecom carriers require you to register an origination phone
|
4456
5880
|
# number before you can send SMS messages to US phone numbers. If you
|
4457
5881
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
4458
|
-
# number with [Amazon Pinpoint][
|
5882
|
+
# number with [Amazon Pinpoint][4]. Amazon Cognito uses the registered
|
4459
5883
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
4460
5884
|
# SMS messages might not be able to sign up, activate their accounts, or
|
4461
5885
|
# sign in.
|
@@ -4467,7 +5891,7 @@ module Aws::CognitoIdentityProvider
|
|
4467
5891
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
4468
5892
|
# After you test your app while in the sandbox environment, you can move
|
4469
5893
|
# out of the sandbox and into production. For more information, see [
|
4470
|
-
# SMS message settings for Amazon Cognito user pools][
|
5894
|
+
# SMS message settings for Amazon Cognito user pools][5] in the *Amazon
|
4471
5895
|
# Cognito Developer Guide*.
|
4472
5896
|
#
|
4473
5897
|
# </note>
|
@@ -4476,8 +5900,9 @@ module Aws::CognitoIdentityProvider
|
|
4476
5900
|
#
|
4477
5901
|
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html
|
4478
5902
|
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html
|
4479
|
-
# [3]: https://
|
4480
|
-
# [4]: https://
|
5903
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5904
|
+
# [4]: https://console.aws.amazon.com/pinpoint/home/
|
5905
|
+
# [5]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
4481
5906
|
#
|
4482
5907
|
# @option params [required, String] :client_id
|
4483
5908
|
# The ID of the client associated with the user pool.
|
@@ -4611,6 +6036,19 @@ module Aws::CognitoIdentityProvider
|
|
4611
6036
|
|
4612
6037
|
# Gets the device.
|
4613
6038
|
#
|
6039
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6040
|
+
# policies in requests for this API operation. For this operation, you
|
6041
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
6042
|
+
# IAM permissions in policies. For more information about authorization
|
6043
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
6044
|
+
# OIDC APIs][1].
|
6045
|
+
#
|
6046
|
+
# </note>
|
6047
|
+
#
|
6048
|
+
#
|
6049
|
+
#
|
6050
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6051
|
+
#
|
4614
6052
|
# @option params [required, String] :device_key
|
4615
6053
|
# The device key.
|
4616
6054
|
#
|
@@ -4730,6 +6168,39 @@ module Aws::CognitoIdentityProvider
|
|
4730
6168
|
req.send_request(options)
|
4731
6169
|
end
|
4732
6170
|
|
6171
|
+
# Gets the detailed activity logging configuration for a user pool.
|
6172
|
+
#
|
6173
|
+
# @option params [required, String] :user_pool_id
|
6174
|
+
# The ID of the user pool where you want to view detailed activity
|
6175
|
+
# logging configuration.
|
6176
|
+
#
|
6177
|
+
# @return [Types::GetLogDeliveryConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6178
|
+
#
|
6179
|
+
# * {Types::GetLogDeliveryConfigurationResponse#log_delivery_configuration #log_delivery_configuration} => Types::LogDeliveryConfigurationType
|
6180
|
+
#
|
6181
|
+
# @example Request syntax with placeholder values
|
6182
|
+
#
|
6183
|
+
# resp = client.get_log_delivery_configuration({
|
6184
|
+
# user_pool_id: "UserPoolIdType", # required
|
6185
|
+
# })
|
6186
|
+
#
|
6187
|
+
# @example Response structure
|
6188
|
+
#
|
6189
|
+
# resp.log_delivery_configuration.user_pool_id #=> String
|
6190
|
+
# resp.log_delivery_configuration.log_configurations #=> Array
|
6191
|
+
# resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR"
|
6192
|
+
# resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification"
|
6193
|
+
# resp.log_delivery_configuration.log_configurations[0].cloud_watch_logs_configuration.log_group_arn #=> String
|
6194
|
+
#
|
6195
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfiguration AWS API Documentation
|
6196
|
+
#
|
6197
|
+
# @overload get_log_delivery_configuration(params = {})
|
6198
|
+
# @param [Hash] params ({})
|
6199
|
+
def get_log_delivery_configuration(params = {}, options = {})
|
6200
|
+
req = build_request(:get_log_delivery_configuration, params)
|
6201
|
+
req.send_request(options)
|
6202
|
+
end
|
6203
|
+
|
4733
6204
|
# This method takes a user pool ID, and returns the signing certificate.
|
4734
6205
|
# The issued certificate is valid for 10 years from the date of issue.
|
4735
6206
|
#
|
@@ -4809,6 +6280,19 @@ module Aws::CognitoIdentityProvider
|
|
4809
6280
|
|
4810
6281
|
# Gets the user attributes and metadata for a user.
|
4811
6282
|
#
|
6283
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6284
|
+
# policies in requests for this API operation. For this operation, you
|
6285
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
6286
|
+
# IAM permissions in policies. For more information about authorization
|
6287
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
6288
|
+
# OIDC APIs][1].
|
6289
|
+
#
|
6290
|
+
# </note>
|
6291
|
+
#
|
6292
|
+
#
|
6293
|
+
#
|
6294
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6295
|
+
#
|
4812
6296
|
# @option params [required, String] :access_token
|
4813
6297
|
# A non-expired access token for the user whose information you want to
|
4814
6298
|
# query.
|
@@ -4853,11 +6337,20 @@ module Aws::CognitoIdentityProvider
|
|
4853
6337
|
# attribute name. Sends a message to a user with a code that they must
|
4854
6338
|
# return in a VerifyUserAttribute request.
|
4855
6339
|
#
|
6340
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6341
|
+
# policies in requests for this API operation. For this operation, you
|
6342
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
6343
|
+
# IAM permissions in policies. For more information about authorization
|
6344
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
6345
|
+
# OIDC APIs][1].
|
6346
|
+
#
|
6347
|
+
# </note>
|
6348
|
+
#
|
4856
6349
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
4857
6350
|
# US telecom carriers require you to register an origination phone
|
4858
6351
|
# number before you can send SMS messages to US phone numbers. If you
|
4859
6352
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
4860
|
-
# number with [Amazon Pinpoint][
|
6353
|
+
# number with [Amazon Pinpoint][2]. Amazon Cognito uses the registered
|
4861
6354
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
4862
6355
|
# SMS messages might not be able to sign up, activate their accounts, or
|
4863
6356
|
# sign in.
|
@@ -4869,15 +6362,16 @@ module Aws::CognitoIdentityProvider
|
|
4869
6362
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
4870
6363
|
# After you test your app while in the sandbox environment, you can move
|
4871
6364
|
# out of the sandbox and into production. For more information, see [
|
4872
|
-
# SMS message settings for Amazon Cognito user pools][
|
6365
|
+
# SMS message settings for Amazon Cognito user pools][3] in the *Amazon
|
4873
6366
|
# Cognito Developer Guide*.
|
4874
6367
|
#
|
4875
6368
|
# </note>
|
4876
6369
|
#
|
4877
6370
|
#
|
4878
6371
|
#
|
4879
|
-
# [1]: https://
|
4880
|
-
# [2]: https://
|
6372
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6373
|
+
# [2]: https://console.aws.amazon.com/pinpoint/home/
|
6374
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
4881
6375
|
#
|
4882
6376
|
# @option params [required, String] :access_token
|
4883
6377
|
# A non-expired access token for the user whose attribute verification
|
@@ -4988,10 +6482,28 @@ module Aws::CognitoIdentityProvider
|
|
4988
6482
|
req.send_request(options)
|
4989
6483
|
end
|
4990
6484
|
|
4991
|
-
# Signs out
|
4992
|
-
# tokens that Amazon Cognito has issued to
|
4993
|
-
# a hosted UI cookie to retrieve new tokens
|
4994
|
-
# 1-hour cookie validity period.
|
6485
|
+
# Signs out a user from all devices. `GlobalSignOut` invalidates all
|
6486
|
+
# identity, access and refresh tokens that Amazon Cognito has issued to
|
6487
|
+
# a user. A user can still use a hosted UI cookie to retrieve new tokens
|
6488
|
+
# for the duration of the 1-hour cookie validity period.
|
6489
|
+
#
|
6490
|
+
# Your app isn't aware that a user's access token is revoked unless it
|
6491
|
+
# attempts to authorize a user pools API request with an access token
|
6492
|
+
# that contains the scope `aws.cognito.signin.user.admin`. Your app
|
6493
|
+
# might otherwise accept access tokens until they expire.
|
6494
|
+
#
|
6495
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6496
|
+
# policies in requests for this API operation. For this operation, you
|
6497
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
6498
|
+
# IAM permissions in policies. For more information about authorization
|
6499
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
6500
|
+
# OIDC APIs][1].
|
6501
|
+
#
|
6502
|
+
# </note>
|
6503
|
+
#
|
6504
|
+
#
|
6505
|
+
#
|
6506
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
4995
6507
|
#
|
4996
6508
|
# @option params [required, String] :access_token
|
4997
6509
|
# A valid access token that Amazon Cognito issued to the user who you
|
@@ -5019,11 +6531,20 @@ module Aws::CognitoIdentityProvider
|
|
5019
6531
|
# more information, see [ Adding user pool sign-in through a third
|
5020
6532
|
# party][1].
|
5021
6533
|
#
|
6534
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6535
|
+
# policies in requests for this API operation. For this operation, you
|
6536
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
6537
|
+
# IAM permissions in policies. For more information about authorization
|
6538
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
6539
|
+
# OIDC APIs][2].
|
6540
|
+
#
|
6541
|
+
# </note>
|
6542
|
+
#
|
5022
6543
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
5023
6544
|
# US telecom carriers require you to register an origination phone
|
5024
6545
|
# number before you can send SMS messages to US phone numbers. If you
|
5025
6546
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
5026
|
-
# number with [Amazon Pinpoint][
|
6547
|
+
# number with [Amazon Pinpoint][3]. Amazon Cognito uses the registered
|
5027
6548
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
5028
6549
|
# SMS messages might not be able to sign up, activate their accounts, or
|
5029
6550
|
# sign in.
|
@@ -5035,7 +6556,7 @@ module Aws::CognitoIdentityProvider
|
|
5035
6556
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
5036
6557
|
# After you test your app while in the sandbox environment, you can move
|
5037
6558
|
# out of the sandbox and into production. For more information, see [
|
5038
|
-
# SMS message settings for Amazon Cognito user pools][
|
6559
|
+
# SMS message settings for Amazon Cognito user pools][4] in the *Amazon
|
5039
6560
|
# Cognito Developer Guide*.
|
5040
6561
|
#
|
5041
6562
|
# </note>
|
@@ -5043,8 +6564,9 @@ module Aws::CognitoIdentityProvider
|
|
5043
6564
|
#
|
5044
6565
|
#
|
5045
6566
|
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html
|
5046
|
-
# [2]: https://
|
5047
|
-
# [3]: https://
|
6567
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6568
|
+
# [3]: https://console.aws.amazon.com/pinpoint/home/
|
6569
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
5048
6570
|
#
|
5049
6571
|
# @option params [required, String] :auth_flow
|
5050
6572
|
# The authentication flow for this call to run. The API action will
|
@@ -5086,6 +6608,10 @@ module Aws::CognitoIdentityProvider
|
|
5086
6608
|
# `SECRET_HASH` (required if the app client is configured with a
|
5087
6609
|
# client secret), `DEVICE_KEY`.
|
5088
6610
|
#
|
6611
|
+
# * For `USER_PASSWORD_AUTH`: `USERNAME` (required), `PASSWORD`
|
6612
|
+
# (required), `SECRET_HASH` (required if the app client is configured
|
6613
|
+
# with a client secret), `DEVICE_KEY`.
|
6614
|
+
#
|
5089
6615
|
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`: `REFRESH_TOKEN` (required),
|
5090
6616
|
# `SECRET_HASH` (required if the app client is configured with a
|
5091
6617
|
# client secret), `DEVICE_KEY`.
|
@@ -5095,6 +6621,15 @@ module Aws::CognitoIdentityProvider
|
|
5095
6621
|
# authentication flow with password verification, include
|
5096
6622
|
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
5097
6623
|
#
|
6624
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
6625
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with user
|
6626
|
+
# devices in your user pool][2].
|
6627
|
+
#
|
6628
|
+
#
|
6629
|
+
#
|
6630
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
6631
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
6632
|
+
#
|
5098
6633
|
# @option params [Hash<String,String>] :client_metadata
|
5099
6634
|
# A map of custom key-value pairs that you can provide as input for
|
5100
6635
|
# certain custom workflows that this action triggers.
|
@@ -5178,6 +6713,42 @@ module Aws::CognitoIdentityProvider
|
|
5178
6713
|
# * {Types::InitiateAuthResponse#challenge_parameters #challenge_parameters} => Hash<String,String>
|
5179
6714
|
# * {Types::InitiateAuthResponse#authentication_result #authentication_result} => Types::AuthenticationResultType
|
5180
6715
|
#
|
6716
|
+
#
|
6717
|
+
# @example Example: Example username and password sign-in for a user who has TOTP MFA
|
6718
|
+
#
|
6719
|
+
# # The following example signs in the user mytestuser with analytics data, client metadata, and user context data for
|
6720
|
+
# # advanced security.
|
6721
|
+
#
|
6722
|
+
# resp = client.initiate_auth({
|
6723
|
+
# analytics_metadata: {
|
6724
|
+
# analytics_endpoint_id: "d70b2ba36a8c4dc5a04a0451a31a1e12",
|
6725
|
+
# },
|
6726
|
+
# auth_flow: "USER_PASSWORD_AUTH",
|
6727
|
+
# auth_parameters: {
|
6728
|
+
# "PASSWORD" => "This-is-my-test-99!",
|
6729
|
+
# "SECRET_HASH" => "oT5ZkS8ctnrhYeeGsGTvOzPhoc/Jd1cO5fueBWFVmp8=",
|
6730
|
+
# "USERNAME" => "mytestuser",
|
6731
|
+
# },
|
6732
|
+
# client_id: "1example23456789",
|
6733
|
+
# client_metadata: {
|
6734
|
+
# "MyTestKey" => "MyTestValue",
|
6735
|
+
# },
|
6736
|
+
# user_context_data: {
|
6737
|
+
# encoded_data: "AmazonCognitoAdvancedSecurityData_object",
|
6738
|
+
# ip_address: "192.0.2.1",
|
6739
|
+
# },
|
6740
|
+
# })
|
6741
|
+
#
|
6742
|
+
# resp.to_h outputs the following:
|
6743
|
+
# {
|
6744
|
+
# challenge_name: "SOFTWARE_TOKEN_MFA",
|
6745
|
+
# challenge_parameters: {
|
6746
|
+
# "FRIENDLY_DEVICE_NAME" => "mytestauthenticator",
|
6747
|
+
# "USER_ID_FOR_SRP" => "mytestuser",
|
6748
|
+
# },
|
6749
|
+
# session: "AYABeC1-y8qooiuysEv0uM4wAqQAHQABAAdTZXJ2aWNlABBDb2duaXRvVXNlclBvb2xzAAEAB2F3cy1rbXMAS2Fybjphd3M6a21zOnVzLXdlc3QtMjowMTU3MzY3MjcxOTg6a2V5LzI5OTFhNGE5LTM5YTAtNDQ0Mi04MWU4LWRkYjY4NTllMTg2MQC4AQIBAHhjxv5lVLhE2_WNrC1zuomqn08qDUUp3z9v4EGAjazZ-wGP3HuBF5Izvxf-9WkCT5uyAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMeQoT5e6Dpfh52caqAgEQgDvuL8uLMhPt0WmQpZnkNED1gob6xbqt5LaQo_H4L5CuT4Kj499dGCoZ1q1trmlZSRgRm0wwGGG8lFU37QIAAAAADAAAEAAAAAAAAAAAAAAAAADuLe9_UJ4oZAMsQYr0ntiT_____wAAAAEAAAAAAAAAAAAAAAEAAADnLDGmKBQtsCafNokRmPLgl2itBKuKR2dfZBQb5ucCYkzThM5HOfQUSEL-A3dZzfYDC0IODsrcMkrbeeVyMJk-FCzsxS9Og8BEBVnvi9WjZkPJ4mF0YS6FUXnoPSBV5oUqGzRaT-tJ169SUFZAUfFM1fGeJ8T57-QdCxjyISRCWV1VG5_7TiCioyRGfWwzNVWh7exJortF3ccfOyiEyxeqJ2VJvJq3m_w8NP24_PMDpktpRMKftObIMlD5ewRTNCdrUXQ1BW5KIxhJLGjYfRzJDZuKzmEgS-VHsKz0z76w-AlAgdfvdAjflLnsgduU5kUX4YP6jqnetg",
|
6750
|
+
# }
|
6751
|
+
#
|
5181
6752
|
# @example Request syntax with placeholder values
|
5182
6753
|
#
|
5183
6754
|
# resp = client.initiate_auth({
|
@@ -5224,6 +6795,19 @@ module Aws::CognitoIdentityProvider
|
|
5224
6795
|
# Lists the sign-in devices that Amazon Cognito has registered to the
|
5225
6796
|
# current user.
|
5226
6797
|
#
|
6798
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
6799
|
+
# policies in requests for this API operation. For this operation, you
|
6800
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
6801
|
+
# IAM permissions in policies. For more information about authorization
|
6802
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
6803
|
+
# OIDC APIs][1].
|
6804
|
+
#
|
6805
|
+
# </note>
|
6806
|
+
#
|
6807
|
+
#
|
6808
|
+
#
|
6809
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6810
|
+
#
|
5227
6811
|
# @option params [required, String] :access_token
|
5228
6812
|
# A valid access token that Amazon Cognito issued to the user whose list
|
5229
6813
|
# of devices you want to view.
|
@@ -5270,7 +6854,23 @@ module Aws::CognitoIdentityProvider
|
|
5270
6854
|
|
5271
6855
|
# Lists the groups associated with a user pool.
|
5272
6856
|
#
|
5273
|
-
#
|
6857
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
6858
|
+
# in requests for this API operation. For this operation, you must use
|
6859
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
6860
|
+
# corresponding IAM permission in a policy.
|
6861
|
+
#
|
6862
|
+
# **Learn more**
|
6863
|
+
#
|
6864
|
+
# * [Signing Amazon Web Services API Requests][1]
|
6865
|
+
#
|
6866
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
6867
|
+
#
|
6868
|
+
# </note>
|
6869
|
+
#
|
6870
|
+
#
|
6871
|
+
#
|
6872
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
6873
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5274
6874
|
#
|
5275
6875
|
# @option params [required, String] :user_pool_id
|
5276
6876
|
# The user pool ID for the user pool.
|
@@ -5321,6 +6921,24 @@ module Aws::CognitoIdentityProvider
|
|
5321
6921
|
|
5322
6922
|
# Lists information about all IdPs for a user pool.
|
5323
6923
|
#
|
6924
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
6925
|
+
# in requests for this API operation. For this operation, you must use
|
6926
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
6927
|
+
# corresponding IAM permission in a policy.
|
6928
|
+
#
|
6929
|
+
# **Learn more**
|
6930
|
+
#
|
6931
|
+
# * [Signing Amazon Web Services API Requests][1]
|
6932
|
+
#
|
6933
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
6934
|
+
#
|
6935
|
+
# </note>
|
6936
|
+
#
|
6937
|
+
#
|
6938
|
+
#
|
6939
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
6940
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6941
|
+
#
|
5324
6942
|
# @option params [required, String] :user_pool_id
|
5325
6943
|
# The user pool ID.
|
5326
6944
|
#
|
@@ -5365,6 +6983,24 @@ module Aws::CognitoIdentityProvider
|
|
5365
6983
|
|
5366
6984
|
# Lists the resource servers for a user pool.
|
5367
6985
|
#
|
6986
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
6987
|
+
# in requests for this API operation. For this operation, you must use
|
6988
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
6989
|
+
# corresponding IAM permission in a policy.
|
6990
|
+
#
|
6991
|
+
# **Learn more**
|
6992
|
+
#
|
6993
|
+
# * [Signing Amazon Web Services API Requests][1]
|
6994
|
+
#
|
6995
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
6996
|
+
#
|
6997
|
+
# </note>
|
6998
|
+
#
|
6999
|
+
#
|
7000
|
+
#
|
7001
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
7002
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7003
|
+
#
|
5368
7004
|
# @option params [required, String] :user_pool_id
|
5369
7005
|
# The user pool ID for the user pool.
|
5370
7006
|
#
|
@@ -5445,7 +7081,25 @@ module Aws::CognitoIdentityProvider
|
|
5445
7081
|
req.send_request(options)
|
5446
7082
|
end
|
5447
7083
|
|
5448
|
-
# Lists
|
7084
|
+
# Lists user import jobs for a user pool.
|
7085
|
+
#
|
7086
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
7087
|
+
# in requests for this API operation. For this operation, you must use
|
7088
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
7089
|
+
# corresponding IAM permission in a policy.
|
7090
|
+
#
|
7091
|
+
# **Learn more**
|
7092
|
+
#
|
7093
|
+
# * [Signing Amazon Web Services API Requests][1]
|
7094
|
+
#
|
7095
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
7096
|
+
#
|
7097
|
+
# </note>
|
7098
|
+
#
|
7099
|
+
#
|
7100
|
+
#
|
7101
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
7102
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5449
7103
|
#
|
5450
7104
|
# @option params [required, String] :user_pool_id
|
5451
7105
|
# The user pool ID for the user pool that the users are being imported
|
@@ -5501,6 +7155,24 @@ module Aws::CognitoIdentityProvider
|
|
5501
7155
|
|
5502
7156
|
# Lists the clients that have been created for the specified user pool.
|
5503
7157
|
#
|
7158
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
7159
|
+
# in requests for this API operation. For this operation, you must use
|
7160
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
7161
|
+
# corresponding IAM permission in a policy.
|
7162
|
+
#
|
7163
|
+
# **Learn more**
|
7164
|
+
#
|
7165
|
+
# * [Signing Amazon Web Services API Requests][1]
|
7166
|
+
#
|
7167
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
7168
|
+
#
|
7169
|
+
# </note>
|
7170
|
+
#
|
7171
|
+
#
|
7172
|
+
#
|
7173
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
7174
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7175
|
+
#
|
5504
7176
|
# @option params [required, String] :user_pool_id
|
5505
7177
|
# The user pool ID for the user pool where you want to list user pool
|
5506
7178
|
# clients.
|
@@ -5548,6 +7220,24 @@ module Aws::CognitoIdentityProvider
|
|
5548
7220
|
|
5549
7221
|
# Lists the user pools associated with an Amazon Web Services account.
|
5550
7222
|
#
|
7223
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
7224
|
+
# in requests for this API operation. For this operation, you must use
|
7225
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
7226
|
+
# corresponding IAM permission in a policy.
|
7227
|
+
#
|
7228
|
+
# **Learn more**
|
7229
|
+
#
|
7230
|
+
# * [Signing Amazon Web Services API Requests][1]
|
7231
|
+
#
|
7232
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
7233
|
+
#
|
7234
|
+
# </note>
|
7235
|
+
#
|
7236
|
+
#
|
7237
|
+
#
|
7238
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
7239
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7240
|
+
#
|
5551
7241
|
# @option params [String] :next_token
|
5552
7242
|
# An identifier that was returned from the previous call to this
|
5553
7243
|
# operation, which can be used to return the next set of items in the
|
@@ -5605,16 +7295,35 @@ module Aws::CognitoIdentityProvider
|
|
5605
7295
|
req.send_request(options)
|
5606
7296
|
end
|
5607
7297
|
|
5608
|
-
# Lists
|
7298
|
+
# Lists users and their basic details in a user pool.
|
7299
|
+
#
|
7300
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
7301
|
+
# in requests for this API operation. For this operation, you must use
|
7302
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
7303
|
+
# corresponding IAM permission in a policy.
|
7304
|
+
#
|
7305
|
+
# **Learn more**
|
7306
|
+
#
|
7307
|
+
# * [Signing Amazon Web Services API Requests][1]
|
7308
|
+
#
|
7309
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
7310
|
+
#
|
7311
|
+
# </note>
|
7312
|
+
#
|
7313
|
+
#
|
7314
|
+
#
|
7315
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
7316
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5609
7317
|
#
|
5610
7318
|
# @option params [required, String] :user_pool_id
|
5611
7319
|
# The user pool ID for the user pool on which the search should be
|
5612
7320
|
# performed.
|
5613
7321
|
#
|
5614
7322
|
# @option params [Array<String>] :attributes_to_get
|
5615
|
-
#
|
5616
|
-
#
|
5617
|
-
#
|
7323
|
+
# A JSON array of user attribute names, for example `given_name`, that
|
7324
|
+
# you want Amazon Cognito to include in the response for each user. When
|
7325
|
+
# you don't provide an `AttributesToGet` parameter, Amazon Cognito
|
7326
|
+
# returns all attributes for each user.
|
5618
7327
|
#
|
5619
7328
|
# @option params [Integer] :limit
|
5620
7329
|
# Maximum number of users to be returned.
|
@@ -5700,6 +7409,155 @@ module Aws::CognitoIdentityProvider
|
|
5700
7409
|
#
|
5701
7410
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
5702
7411
|
#
|
7412
|
+
#
|
7413
|
+
# @example Example: A ListUsers request for the next 3 users whose email address starts with "testuser."
|
7414
|
+
#
|
7415
|
+
# # This request submits a value for all possible parameters for ListUsers. By iterating the PaginationToken, you can page
|
7416
|
+
# # through and collect all users in a user pool.
|
7417
|
+
#
|
7418
|
+
# resp = client.list_users({
|
7419
|
+
# attributes_to_get: [
|
7420
|
+
# "email",
|
7421
|
+
# "sub",
|
7422
|
+
# ],
|
7423
|
+
# filter: "\"email\"^=\"testuser\"",
|
7424
|
+
# limit: 3,
|
7425
|
+
# pagination_token: "abcd1234EXAMPLE",
|
7426
|
+
# user_pool_id: "us-east-1_EXAMPLE",
|
7427
|
+
# })
|
7428
|
+
#
|
7429
|
+
# resp.to_h outputs the following:
|
7430
|
+
# {
|
7431
|
+
# pagination_token: "efgh5678EXAMPLE",
|
7432
|
+
# users: [
|
7433
|
+
# {
|
7434
|
+
# attributes: [
|
7435
|
+
# {
|
7436
|
+
# name: "sub",
|
7437
|
+
# value: "eaad0219-2117-439f-8d46-4db20e59268f",
|
7438
|
+
# },
|
7439
|
+
# {
|
7440
|
+
# name: "email",
|
7441
|
+
# value: "testuser@example.com",
|
7442
|
+
# },
|
7443
|
+
# ],
|
7444
|
+
# enabled: true,
|
7445
|
+
# user_create_date: Time.parse(1682955829.578),
|
7446
|
+
# user_last_modified_date: Time.parse(1689030181.63),
|
7447
|
+
# user_status: "CONFIRMED",
|
7448
|
+
# username: "testuser",
|
7449
|
+
# },
|
7450
|
+
# {
|
7451
|
+
# attributes: [
|
7452
|
+
# {
|
7453
|
+
# name: "sub",
|
7454
|
+
# value: "3b994cfd-0b07-4581-be46-3c82f9a70c90",
|
7455
|
+
# },
|
7456
|
+
# {
|
7457
|
+
# name: "email",
|
7458
|
+
# value: "testuser2@example.com",
|
7459
|
+
# },
|
7460
|
+
# ],
|
7461
|
+
# enabled: true,
|
7462
|
+
# user_create_date: Time.parse(1684427979.201),
|
7463
|
+
# user_last_modified_date: Time.parse(1684427979.201),
|
7464
|
+
# user_status: "UNCONFIRMED",
|
7465
|
+
# username: "testuser2",
|
7466
|
+
# },
|
7467
|
+
# {
|
7468
|
+
# attributes: [
|
7469
|
+
# {
|
7470
|
+
# name: "sub",
|
7471
|
+
# value: "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7",
|
7472
|
+
# },
|
7473
|
+
# {
|
7474
|
+
# name: "email",
|
7475
|
+
# value: "testuser3@example.com",
|
7476
|
+
# },
|
7477
|
+
# ],
|
7478
|
+
# enabled: true,
|
7479
|
+
# user_create_date: Time.parse(1684427823.641),
|
7480
|
+
# user_last_modified_date: Time.parse(1684427823.641),
|
7481
|
+
# user_status: "UNCONFIRMED",
|
7482
|
+
# username: "testuser3@example.com",
|
7483
|
+
# },
|
7484
|
+
# ],
|
7485
|
+
# }
|
7486
|
+
#
|
7487
|
+
# @example Example: A ListUsers request for the next 3 users whose email address starts with "testuser."
|
7488
|
+
#
|
7489
|
+
# # This request submits a value for all possible parameters for ListUsers. By iterating the PaginationToken, you can page
|
7490
|
+
# # through and collect all users in a user pool.
|
7491
|
+
#
|
7492
|
+
# resp = client.list_users({
|
7493
|
+
# attributes_to_get: [
|
7494
|
+
# "email",
|
7495
|
+
# "sub",
|
7496
|
+
# ],
|
7497
|
+
# filter: "\"email\"^=\"testuser\"",
|
7498
|
+
# limit: 3,
|
7499
|
+
# pagination_token: "abcd1234EXAMPLE",
|
7500
|
+
# user_pool_id: "us-east-1_EXAMPLE",
|
7501
|
+
# })
|
7502
|
+
#
|
7503
|
+
# resp.to_h outputs the following:
|
7504
|
+
# {
|
7505
|
+
# pagination_token: "efgh5678EXAMPLE",
|
7506
|
+
# users: [
|
7507
|
+
# {
|
7508
|
+
# attributes: [
|
7509
|
+
# {
|
7510
|
+
# name: "sub",
|
7511
|
+
# value: "eaad0219-2117-439f-8d46-4db20e59268f",
|
7512
|
+
# },
|
7513
|
+
# {
|
7514
|
+
# name: "email",
|
7515
|
+
# value: "testuser@example.com",
|
7516
|
+
# },
|
7517
|
+
# ],
|
7518
|
+
# enabled: true,
|
7519
|
+
# user_create_date: Time.parse(1682955829.578),
|
7520
|
+
# user_last_modified_date: Time.parse(1689030181.63),
|
7521
|
+
# user_status: "CONFIRMED",
|
7522
|
+
# username: "testuser",
|
7523
|
+
# },
|
7524
|
+
# {
|
7525
|
+
# attributes: [
|
7526
|
+
# {
|
7527
|
+
# name: "sub",
|
7528
|
+
# value: "3b994cfd-0b07-4581-be46-3c82f9a70c90",
|
7529
|
+
# },
|
7530
|
+
# {
|
7531
|
+
# name: "email",
|
7532
|
+
# value: "testuser2@example.com",
|
7533
|
+
# },
|
7534
|
+
# ],
|
7535
|
+
# enabled: true,
|
7536
|
+
# user_create_date: Time.parse(1684427979.201),
|
7537
|
+
# user_last_modified_date: Time.parse(1684427979.201),
|
7538
|
+
# user_status: "UNCONFIRMED",
|
7539
|
+
# username: "testuser2",
|
7540
|
+
# },
|
7541
|
+
# {
|
7542
|
+
# attributes: [
|
7543
|
+
# {
|
7544
|
+
# name: "sub",
|
7545
|
+
# value: "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7",
|
7546
|
+
# },
|
7547
|
+
# {
|
7548
|
+
# name: "email",
|
7549
|
+
# value: "testuser3@example.com",
|
7550
|
+
# },
|
7551
|
+
# ],
|
7552
|
+
# enabled: true,
|
7553
|
+
# user_create_date: Time.parse(1684427823.641),
|
7554
|
+
# user_last_modified_date: Time.parse(1684427823.641),
|
7555
|
+
# user_status: "UNCONFIRMED",
|
7556
|
+
# username: "testuser3@example.com",
|
7557
|
+
# },
|
7558
|
+
# ],
|
7559
|
+
# }
|
7560
|
+
#
|
5703
7561
|
# @example Request syntax with placeholder values
|
5704
7562
|
#
|
5705
7563
|
# resp = client.list_users({
|
@@ -5737,7 +7595,23 @@ module Aws::CognitoIdentityProvider
|
|
5737
7595
|
|
5738
7596
|
# Lists the users in the specified group.
|
5739
7597
|
#
|
5740
|
-
#
|
7598
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
7599
|
+
# in requests for this API operation. For this operation, you must use
|
7600
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
7601
|
+
# corresponding IAM permission in a policy.
|
7602
|
+
#
|
7603
|
+
# **Learn more**
|
7604
|
+
#
|
7605
|
+
# * [Signing Amazon Web Services API Requests][1]
|
7606
|
+
#
|
7607
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
7608
|
+
#
|
7609
|
+
# </note>
|
7610
|
+
#
|
7611
|
+
#
|
7612
|
+
#
|
7613
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
7614
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
5741
7615
|
#
|
5742
7616
|
# @option params [required, String] :user_pool_id
|
5743
7617
|
# The user pool ID for the user pool.
|
@@ -5797,11 +7671,20 @@ module Aws::CognitoIdentityProvider
|
|
5797
7671
|
# Resends the confirmation (for confirmation of registration) to a
|
5798
7672
|
# specific user in the user pool.
|
5799
7673
|
#
|
7674
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
7675
|
+
# policies in requests for this API operation. For this operation, you
|
7676
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
7677
|
+
# IAM permissions in policies. For more information about authorization
|
7678
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
7679
|
+
# OIDC APIs][1].
|
7680
|
+
#
|
7681
|
+
# </note>
|
7682
|
+
#
|
5800
7683
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
5801
7684
|
# US telecom carriers require you to register an origination phone
|
5802
7685
|
# number before you can send SMS messages to US phone numbers. If you
|
5803
7686
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
5804
|
-
# number with [Amazon Pinpoint][
|
7687
|
+
# number with [Amazon Pinpoint][2]. Amazon Cognito uses the registered
|
5805
7688
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
5806
7689
|
# SMS messages might not be able to sign up, activate their accounts, or
|
5807
7690
|
# sign in.
|
@@ -5813,15 +7696,16 @@ module Aws::CognitoIdentityProvider
|
|
5813
7696
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
5814
7697
|
# After you test your app while in the sandbox environment, you can move
|
5815
7698
|
# out of the sandbox and into production. For more information, see [
|
5816
|
-
# SMS message settings for Amazon Cognito user pools][
|
7699
|
+
# SMS message settings for Amazon Cognito user pools][3] in the *Amazon
|
5817
7700
|
# Cognito Developer Guide*.
|
5818
7701
|
#
|
5819
7702
|
# </note>
|
5820
7703
|
#
|
5821
7704
|
#
|
5822
7705
|
#
|
5823
|
-
# [1]: https://
|
5824
|
-
# [2]: https://
|
7706
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7707
|
+
# [2]: https://console.aws.amazon.com/pinpoint/home/
|
7708
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
5825
7709
|
#
|
5826
7710
|
# @option params [required, String] :client_id
|
5827
7711
|
# The ID of the client associated with the user pool.
|
@@ -5922,11 +7806,20 @@ module Aws::CognitoIdentityProvider
|
|
5922
7806
|
|
5923
7807
|
# Responds to the authentication challenge.
|
5924
7808
|
#
|
7809
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
7810
|
+
# policies in requests for this API operation. For this operation, you
|
7811
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
7812
|
+
# IAM permissions in policies. For more information about authorization
|
7813
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
7814
|
+
# OIDC APIs][1].
|
7815
|
+
#
|
7816
|
+
# </note>
|
7817
|
+
#
|
5925
7818
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
5926
7819
|
# US telecom carriers require you to register an origination phone
|
5927
7820
|
# number before you can send SMS messages to US phone numbers. If you
|
5928
7821
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
5929
|
-
# number with [Amazon Pinpoint][
|
7822
|
+
# number with [Amazon Pinpoint][2]. Amazon Cognito uses the registered
|
5930
7823
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
5931
7824
|
# SMS messages might not be able to sign up, activate their accounts, or
|
5932
7825
|
# sign in.
|
@@ -5938,15 +7831,16 @@ module Aws::CognitoIdentityProvider
|
|
5938
7831
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
5939
7832
|
# After you test your app while in the sandbox environment, you can move
|
5940
7833
|
# out of the sandbox and into production. For more information, see [
|
5941
|
-
# SMS message settings for Amazon Cognito user pools][
|
7834
|
+
# SMS message settings for Amazon Cognito user pools][3] in the *Amazon
|
5942
7835
|
# Cognito Developer Guide*.
|
5943
7836
|
#
|
5944
7837
|
# </note>
|
5945
7838
|
#
|
5946
7839
|
#
|
5947
7840
|
#
|
5948
|
-
# [1]: https://
|
5949
|
-
# [2]: https://
|
7841
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7842
|
+
# [2]: https://console.aws.amazon.com/pinpoint/home/
|
7843
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
5950
7844
|
#
|
5951
7845
|
# @option params [required, String] :client_id
|
5952
7846
|
# The app client ID.
|
@@ -6015,6 +7909,15 @@ module Aws::CognitoIdentityProvider
|
|
6015
7909
|
# * `MFA_SETUP` requires `USERNAME`, plus you must use the session value
|
6016
7910
|
# returned by `VerifySoftwareToken` in the `Session` parameter.
|
6017
7911
|
#
|
7912
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
7913
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with user
|
7914
|
+
# devices in your user pool][2].
|
7915
|
+
#
|
7916
|
+
#
|
7917
|
+
#
|
7918
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
7919
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
7920
|
+
#
|
6018
7921
|
# @option params [Types::AnalyticsMetadataType] :analytics_metadata
|
6019
7922
|
# The Amazon Pinpoint analytics metadata that contributes to your
|
6020
7923
|
# metrics for `RespondToAuthChallenge` calls.
|
@@ -6121,6 +8024,19 @@ module Aws::CognitoIdentityProvider
|
|
6121
8024
|
# use the revoked token to access Amazon Cognito user APIs, or to
|
6122
8025
|
# authorize access to your resource server.
|
6123
8026
|
#
|
8027
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
8028
|
+
# policies in requests for this API operation. For this operation, you
|
8029
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
8030
|
+
# IAM permissions in policies. For more information about authorization
|
8031
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
8032
|
+
# OIDC APIs][1].
|
8033
|
+
#
|
8034
|
+
# </note>
|
8035
|
+
#
|
8036
|
+
#
|
8037
|
+
#
|
8038
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
8039
|
+
#
|
6124
8040
|
# @option params [required, String] :token
|
6125
8041
|
# The refresh token that you want to revoke.
|
6126
8042
|
#
|
@@ -6150,6 +8066,53 @@ module Aws::CognitoIdentityProvider
|
|
6150
8066
|
req.send_request(options)
|
6151
8067
|
end
|
6152
8068
|
|
8069
|
+
# Sets up or modifies the detailed activity logging configuration of a
|
8070
|
+
# user pool.
|
8071
|
+
#
|
8072
|
+
# @option params [required, String] :user_pool_id
|
8073
|
+
# The ID of the user pool where you want to configure detailed activity
|
8074
|
+
# logging .
|
8075
|
+
#
|
8076
|
+
# @option params [required, Array<Types::LogConfigurationType>] :log_configurations
|
8077
|
+
# A collection of all of the detailed activity logging configurations
|
8078
|
+
# for a user pool.
|
8079
|
+
#
|
8080
|
+
# @return [Types::SetLogDeliveryConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8081
|
+
#
|
8082
|
+
# * {Types::SetLogDeliveryConfigurationResponse#log_delivery_configuration #log_delivery_configuration} => Types::LogDeliveryConfigurationType
|
8083
|
+
#
|
8084
|
+
# @example Request syntax with placeholder values
|
8085
|
+
#
|
8086
|
+
# resp = client.set_log_delivery_configuration({
|
8087
|
+
# user_pool_id: "UserPoolIdType", # required
|
8088
|
+
# log_configurations: [ # required
|
8089
|
+
# {
|
8090
|
+
# log_level: "ERROR", # required, accepts ERROR
|
8091
|
+
# event_source: "userNotification", # required, accepts userNotification
|
8092
|
+
# cloud_watch_logs_configuration: {
|
8093
|
+
# log_group_arn: "ArnType",
|
8094
|
+
# },
|
8095
|
+
# },
|
8096
|
+
# ],
|
8097
|
+
# })
|
8098
|
+
#
|
8099
|
+
# @example Response structure
|
8100
|
+
#
|
8101
|
+
# resp.log_delivery_configuration.user_pool_id #=> String
|
8102
|
+
# resp.log_delivery_configuration.log_configurations #=> Array
|
8103
|
+
# resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR"
|
8104
|
+
# resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification"
|
8105
|
+
# resp.log_delivery_configuration.log_configurations[0].cloud_watch_logs_configuration.log_group_arn #=> String
|
8106
|
+
#
|
8107
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfiguration AWS API Documentation
|
8108
|
+
#
|
8109
|
+
# @overload set_log_delivery_configuration(params = {})
|
8110
|
+
# @param [Hash] params ({})
|
8111
|
+
def set_log_delivery_configuration(params = {}, options = {})
|
8112
|
+
req = build_request(:set_log_delivery_configuration, params)
|
8113
|
+
req.send_request(options)
|
8114
|
+
end
|
8115
|
+
|
6153
8116
|
# Configures actions on detected risks. To delete the risk configuration
|
6154
8117
|
# for `UserPoolId` or `ClientId`, pass null values for all four
|
6155
8118
|
# configuration types.
|
@@ -6347,6 +8310,19 @@ module Aws::CognitoIdentityProvider
|
|
6347
8310
|
# based on the assessed risk level of sign-in attempts, deactivate MFA
|
6348
8311
|
# for users and turn on Adaptive Authentication for the user pool.
|
6349
8312
|
#
|
8313
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
8314
|
+
# policies in requests for this API operation. For this operation, you
|
8315
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
8316
|
+
# IAM permissions in policies. For more information about authorization
|
8317
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
8318
|
+
# OIDC APIs][1].
|
8319
|
+
#
|
8320
|
+
# </note>
|
8321
|
+
#
|
8322
|
+
#
|
8323
|
+
#
|
8324
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
8325
|
+
#
|
6350
8326
|
# @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
|
6351
8327
|
# The SMS text message multi-factor authentication (MFA) settings.
|
6352
8328
|
#
|
@@ -6408,7 +8384,7 @@ module Aws::CognitoIdentityProvider
|
|
6408
8384
|
#
|
6409
8385
|
#
|
6410
8386
|
# [1]: https://console.aws.amazon.com/pinpoint/home/
|
6411
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/
|
8387
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
6412
8388
|
#
|
6413
8389
|
# @option params [required, String] :user_pool_id
|
6414
8390
|
# The user pool ID.
|
@@ -6483,9 +8459,19 @@ module Aws::CognitoIdentityProvider
|
|
6483
8459
|
# (TOTP) software token MFA. To configure either type of MFA, use
|
6484
8460
|
# [SetUserMFAPreference][1] instead.
|
6485
8461
|
#
|
8462
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
8463
|
+
# policies in requests for this API operation. For this operation, you
|
8464
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
8465
|
+
# IAM permissions in policies. For more information about authorization
|
8466
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
8467
|
+
# OIDC APIs][2].
|
8468
|
+
#
|
8469
|
+
# </note>
|
8470
|
+
#
|
6486
8471
|
#
|
6487
8472
|
#
|
6488
8473
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html
|
8474
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6489
8475
|
#
|
6490
8476
|
# @option params [required, String] :access_token
|
6491
8477
|
# A valid access token that Amazon Cognito issued to the user whose user
|
@@ -6521,11 +8507,20 @@ module Aws::CognitoIdentityProvider
|
|
6521
8507
|
# Registers the user in the specified user pool and creates a user name,
|
6522
8508
|
# password, and user attributes.
|
6523
8509
|
#
|
8510
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
8511
|
+
# policies in requests for this API operation. For this operation, you
|
8512
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
8513
|
+
# IAM permissions in policies. For more information about authorization
|
8514
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
8515
|
+
# OIDC APIs][1].
|
8516
|
+
#
|
8517
|
+
# </note>
|
8518
|
+
#
|
6524
8519
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
6525
8520
|
# US telecom carriers require you to register an origination phone
|
6526
8521
|
# number before you can send SMS messages to US phone numbers. If you
|
6527
8522
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
6528
|
-
# number with [Amazon Pinpoint][
|
8523
|
+
# number with [Amazon Pinpoint][2]. Amazon Cognito uses the registered
|
6529
8524
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
6530
8525
|
# SMS messages might not be able to sign up, activate their accounts, or
|
6531
8526
|
# sign in.
|
@@ -6537,15 +8532,16 @@ module Aws::CognitoIdentityProvider
|
|
6537
8532
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
6538
8533
|
# After you test your app while in the sandbox environment, you can move
|
6539
8534
|
# out of the sandbox and into production. For more information, see [
|
6540
|
-
# SMS message settings for Amazon Cognito user pools][
|
8535
|
+
# SMS message settings for Amazon Cognito user pools][3] in the *Amazon
|
6541
8536
|
# Cognito Developer Guide*.
|
6542
8537
|
#
|
6543
8538
|
# </note>
|
6544
8539
|
#
|
6545
8540
|
#
|
6546
8541
|
#
|
6547
|
-
# [1]: https://
|
6548
|
-
# [2]: https://
|
8542
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
8543
|
+
# [2]: https://console.aws.amazon.com/pinpoint/home/
|
8544
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
6549
8545
|
#
|
6550
8546
|
# @option params [required, String] :client_id
|
6551
8547
|
# The ID of the client associated with the user pool.
|
@@ -6841,6 +8837,19 @@ module Aws::CognitoIdentityProvider
|
|
6841
8837
|
# evaluation decision for the user pool as part of Amazon Cognito
|
6842
8838
|
# advanced security.
|
6843
8839
|
#
|
8840
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
8841
|
+
# policies in requests for this API operation. For this operation, you
|
8842
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
8843
|
+
# IAM permissions in policies. For more information about authorization
|
8844
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
8845
|
+
# OIDC APIs][1].
|
8846
|
+
#
|
8847
|
+
# </note>
|
8848
|
+
#
|
8849
|
+
#
|
8850
|
+
#
|
8851
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
8852
|
+
#
|
6844
8853
|
# @option params [required, String] :user_pool_id
|
6845
8854
|
# The user pool ID.
|
6846
8855
|
#
|
@@ -6854,7 +8863,12 @@ module Aws::CognitoIdentityProvider
|
|
6854
8863
|
# The feedback token.
|
6855
8864
|
#
|
6856
8865
|
# @option params [required, String] :feedback_value
|
6857
|
-
# The authentication event feedback value.
|
8866
|
+
# The authentication event feedback value. When you provide a
|
8867
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
8868
|
+
# trust a user session where Amazon Cognito has evaluated some level of
|
8869
|
+
# risk. When you provide a `FeedbackValue` value of `invalid`, you tell
|
8870
|
+
# Amazon Cognito that you don't trust a user session, or you don't
|
8871
|
+
# believe that Amazon Cognito evaluated a high-enough risk level.
|
6858
8872
|
#
|
6859
8873
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
6860
8874
|
#
|
@@ -6879,6 +8893,19 @@ module Aws::CognitoIdentityProvider
|
|
6879
8893
|
|
6880
8894
|
# Updates the device status.
|
6881
8895
|
#
|
8896
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
8897
|
+
# policies in requests for this API operation. For this operation, you
|
8898
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
8899
|
+
# IAM permissions in policies. For more information about authorization
|
8900
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
8901
|
+
# OIDC APIs][1].
|
8902
|
+
#
|
8903
|
+
# </note>
|
8904
|
+
#
|
8905
|
+
#
|
8906
|
+
#
|
8907
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
8908
|
+
#
|
6882
8909
|
# @option params [required, String] :access_token
|
6883
8910
|
# A valid access token that Amazon Cognito issued to the user whose
|
6884
8911
|
# device status you want to update.
|
@@ -6910,7 +8937,23 @@ module Aws::CognitoIdentityProvider
|
|
6910
8937
|
|
6911
8938
|
# Updates the specified group with the specified attributes.
|
6912
8939
|
#
|
6913
|
-
#
|
8940
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
8941
|
+
# in requests for this API operation. For this operation, you must use
|
8942
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
8943
|
+
# corresponding IAM permission in a policy.
|
8944
|
+
#
|
8945
|
+
# **Learn more**
|
8946
|
+
#
|
8947
|
+
# * [Signing Amazon Web Services API Requests][1]
|
8948
|
+
#
|
8949
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
8950
|
+
#
|
8951
|
+
# </note>
|
8952
|
+
#
|
8953
|
+
#
|
8954
|
+
#
|
8955
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
8956
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
6914
8957
|
#
|
6915
8958
|
# @option params [required, String] :group_name
|
6916
8959
|
# The name of the group.
|
@@ -6969,6 +9012,24 @@ module Aws::CognitoIdentityProvider
|
|
6969
9012
|
|
6970
9013
|
# Updates IdP information for a user pool.
|
6971
9014
|
#
|
9015
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
9016
|
+
# in requests for this API operation. For this operation, you must use
|
9017
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
9018
|
+
# corresponding IAM permission in a policy.
|
9019
|
+
#
|
9020
|
+
# **Learn more**
|
9021
|
+
#
|
9022
|
+
# * [Signing Amazon Web Services API Requests][1]
|
9023
|
+
#
|
9024
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
9025
|
+
#
|
9026
|
+
# </note>
|
9027
|
+
#
|
9028
|
+
#
|
9029
|
+
#
|
9030
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
9031
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
9032
|
+
#
|
6972
9033
|
# @option params [required, String] :user_pool_id
|
6973
9034
|
# The user pool ID.
|
6974
9035
|
#
|
@@ -7032,6 +9093,24 @@ module Aws::CognitoIdentityProvider
|
|
7032
9093
|
# If you don't provide a value for an attribute, it is set to the
|
7033
9094
|
# default value.
|
7034
9095
|
#
|
9096
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
9097
|
+
# in requests for this API operation. For this operation, you must use
|
9098
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
9099
|
+
# corresponding IAM permission in a policy.
|
9100
|
+
#
|
9101
|
+
# **Learn more**
|
9102
|
+
#
|
9103
|
+
# * [Signing Amazon Web Services API Requests][1]
|
9104
|
+
#
|
9105
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][2]
|
9106
|
+
#
|
9107
|
+
# </note>
|
9108
|
+
#
|
9109
|
+
#
|
9110
|
+
#
|
9111
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
9112
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
9113
|
+
#
|
7035
9114
|
# @option params [required, String] :user_pool_id
|
7036
9115
|
# The user pool ID for the user pool.
|
7037
9116
|
#
|
@@ -7082,11 +9161,20 @@ module Aws::CognitoIdentityProvider
|
|
7082
9161
|
|
7083
9162
|
# Allows a user to update a specific attribute (one at a time).
|
7084
9163
|
#
|
9164
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
9165
|
+
# policies in requests for this API operation. For this operation, you
|
9166
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
9167
|
+
# IAM permissions in policies. For more information about authorization
|
9168
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
9169
|
+
# OIDC APIs][1].
|
9170
|
+
#
|
9171
|
+
# </note>
|
9172
|
+
#
|
7085
9173
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
7086
9174
|
# US telecom carriers require you to register an origination phone
|
7087
9175
|
# number before you can send SMS messages to US phone numbers. If you
|
7088
9176
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
7089
|
-
# number with [Amazon Pinpoint][
|
9177
|
+
# number with [Amazon Pinpoint][2]. Amazon Cognito uses the registered
|
7090
9178
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
7091
9179
|
# SMS messages might not be able to sign up, activate their accounts, or
|
7092
9180
|
# sign in.
|
@@ -7098,15 +9186,16 @@ module Aws::CognitoIdentityProvider
|
|
7098
9186
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
7099
9187
|
# After you test your app while in the sandbox environment, you can move
|
7100
9188
|
# out of the sandbox and into production. For more information, see [
|
7101
|
-
# SMS message settings for Amazon Cognito user pools][
|
9189
|
+
# SMS message settings for Amazon Cognito user pools][3] in the *Amazon
|
7102
9190
|
# Cognito Developer Guide*.
|
7103
9191
|
#
|
7104
9192
|
# </note>
|
7105
9193
|
#
|
7106
9194
|
#
|
7107
9195
|
#
|
7108
|
-
# [1]: https://
|
7109
|
-
# [2]: https://
|
9196
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
9197
|
+
# [2]: https://console.aws.amazon.com/pinpoint/home/
|
9198
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
7110
9199
|
#
|
7111
9200
|
# @option params [required, Array<Types::AttributeType>] :user_attributes
|
7112
9201
|
# An array of name-value pairs representing user attributes.
|
@@ -7196,16 +9285,11 @@ module Aws::CognitoIdentityProvider
|
|
7196
9285
|
req.send_request(options)
|
7197
9286
|
end
|
7198
9287
|
|
7199
|
-
# Updates the specified user pool with the specified attributes. You can
|
7200
|
-
# get a list of the current user pool settings using
|
7201
|
-
# [DescribeUserPool][1]. If you don't provide a value for an attribute,
|
7202
|
-
# it will be set to the default value.
|
7203
|
-
#
|
7204
9288
|
# <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
|
7205
9289
|
# US telecom carriers require you to register an origination phone
|
7206
9290
|
# number before you can send SMS messages to US phone numbers. If you
|
7207
9291
|
# use SMS text messages in Amazon Cognito, you must register a phone
|
7208
|
-
# number with [Amazon Pinpoint][
|
9292
|
+
# number with [Amazon Pinpoint][1]. Amazon Cognito uses the registered
|
7209
9293
|
# number automatically. Otherwise, Amazon Cognito users who must receive
|
7210
9294
|
# SMS messages might not be able to sign up, activate their accounts, or
|
7211
9295
|
# sign in.
|
@@ -7217,16 +9301,38 @@ module Aws::CognitoIdentityProvider
|
|
7217
9301
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
7218
9302
|
# After you test your app while in the sandbox environment, you can move
|
7219
9303
|
# out of the sandbox and into production. For more information, see [
|
7220
|
-
# SMS message settings for Amazon Cognito user pools][
|
9304
|
+
# SMS message settings for Amazon Cognito user pools][2] in the *Amazon
|
7221
9305
|
# Cognito Developer Guide*.
|
7222
9306
|
#
|
7223
9307
|
# </note>
|
7224
9308
|
#
|
9309
|
+
# Updates the specified user pool with the specified attributes. You can
|
9310
|
+
# get a list of the current user pool settings using
|
9311
|
+
# [DescribeUserPool][3].
|
7225
9312
|
#
|
9313
|
+
# If you don't provide a value for an attribute, Amazon Cognito sets it
|
9314
|
+
# to its default value.
|
7226
9315
|
#
|
7227
|
-
#
|
7228
|
-
#
|
7229
|
-
#
|
9316
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
9317
|
+
# in requests for this API operation. For this operation, you must use
|
9318
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
9319
|
+
# corresponding IAM permission in a policy.
|
9320
|
+
#
|
9321
|
+
# **Learn more**
|
9322
|
+
#
|
9323
|
+
# * [Signing Amazon Web Services API Requests][4]
|
9324
|
+
#
|
9325
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][5]
|
9326
|
+
#
|
9327
|
+
# </note>
|
9328
|
+
#
|
9329
|
+
#
|
9330
|
+
#
|
9331
|
+
# [1]: https://console.aws.amazon.com/pinpoint/home/
|
9332
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
|
9333
|
+
# [3]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html
|
9334
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
9335
|
+
# [5]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7230
9336
|
#
|
7231
9337
|
# @option params [required, String] :user_pool_id
|
7232
9338
|
# The user pool ID for the user pool you want to update.
|
@@ -7346,8 +9452,17 @@ module Aws::CognitoIdentityProvider
|
|
7346
9452
|
# The configuration for `AdminCreateUser` requests.
|
7347
9453
|
#
|
7348
9454
|
# @option params [Types::UserPoolAddOnsType] :user_pool_add_ons
|
7349
|
-
#
|
7350
|
-
#
|
9455
|
+
# User pool add-ons. Contains settings for activation of advanced
|
9456
|
+
# security features. To log user security information but take no
|
9457
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
9458
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
9459
|
+
#
|
9460
|
+
# For more information, see [Adding advanced security to a user
|
9461
|
+
# pool][1].
|
9462
|
+
#
|
9463
|
+
#
|
9464
|
+
#
|
9465
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
7351
9466
|
#
|
7352
9467
|
# @option params [Types::AccountRecoverySettingType] :account_recovery_setting
|
7353
9468
|
# The available verified method a user can use to recover their password
|
@@ -7468,17 +9583,32 @@ module Aws::CognitoIdentityProvider
|
|
7468
9583
|
# attributes. You can get a list of the current user pool app client
|
7469
9584
|
# settings using [DescribeUserPoolClient][1].
|
7470
9585
|
#
|
7471
|
-
# If you don't provide a value for an attribute,
|
7472
|
-
# default value.
|
9586
|
+
# If you don't provide a value for an attribute, Amazon Cognito sets it
|
9587
|
+
# to its default value.
|
7473
9588
|
#
|
7474
9589
|
# You can also use this operation to enable token revocation for user
|
7475
9590
|
# pool clients. For more information about revoking tokens, see
|
7476
9591
|
# [RevokeToken][2].
|
7477
9592
|
#
|
9593
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
9594
|
+
# in requests for this API operation. For this operation, you must use
|
9595
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
9596
|
+
# corresponding IAM permission in a policy.
|
9597
|
+
#
|
9598
|
+
# **Learn more**
|
9599
|
+
#
|
9600
|
+
# * [Signing Amazon Web Services API Requests][3]
|
9601
|
+
#
|
9602
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][4]
|
9603
|
+
#
|
9604
|
+
# </note>
|
9605
|
+
#
|
7478
9606
|
#
|
7479
9607
|
#
|
7480
9608
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html
|
7481
9609
|
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
|
9610
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
9611
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7482
9612
|
#
|
7483
9613
|
# @option params [required, String] :user_pool_id
|
7484
9614
|
# The user pool ID for the user pool where you want to update the user
|
@@ -7534,16 +9664,16 @@ module Aws::CognitoIdentityProvider
|
|
7534
9664
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
7535
9665
|
# session with their ID token for 10 hours.
|
7536
9666
|
#
|
7537
|
-
# The default time unit for `
|
9667
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
7538
9668
|
# hours. *Valid range* is displayed below in seconds.
|
7539
9669
|
#
|
7540
9670
|
# If you don't specify otherwise in the configuration of your app
|
7541
9671
|
# client, your ID tokens are valid for one hour.
|
7542
9672
|
#
|
7543
9673
|
# @option params [Types::TokenValidityUnitsType] :token_validity_units
|
7544
|
-
# The units
|
7545
|
-
# unit for RefreshToken is days, and the
|
7546
|
-
# tokens is hours.
|
9674
|
+
# The time units you use when you set the duration of ID, access, and
|
9675
|
+
# refresh tokens. The default unit for RefreshToken is days, and the
|
9676
|
+
# default for ID and access tokens is hours.
|
7547
9677
|
#
|
7548
9678
|
# @option params [Array<String>] :read_attributes
|
7549
9679
|
# The read-only attributes of the user pool.
|
@@ -7670,8 +9800,26 @@ module Aws::CognitoIdentityProvider
|
|
7670
9800
|
# created in Resource Servers are also supported.
|
7671
9801
|
#
|
7672
9802
|
# @option params [Boolean] :allowed_o_auth_flows_user_pool_client
|
7673
|
-
# Set to true
|
7674
|
-
#
|
9803
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app client.
|
9804
|
+
#
|
9805
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
9806
|
+
# configure the following features in your app client.
|
9807
|
+
#
|
9808
|
+
# * `CallBackURLs`: Callback URLs.
|
9809
|
+
#
|
9810
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
9811
|
+
#
|
9812
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
9813
|
+
#
|
9814
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
9815
|
+
# client credentials OAuth 2.0 grants.
|
9816
|
+
#
|
9817
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
9818
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
9819
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
9820
|
+
# request. If you don't set a value for
|
9821
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
9822
|
+
# it defaults to `false`.
|
7675
9823
|
#
|
7676
9824
|
# @option params [Types::AnalyticsConfigurationType] :analytics_configuration
|
7677
9825
|
# The Amazon Pinpoint analytics configuration necessary to collect
|
@@ -7853,9 +10001,24 @@ module Aws::CognitoIdentityProvider
|
|
7853
10001
|
# For more information about adding a custom domain to your user pool,
|
7854
10002
|
# see [Using Your Own Domain for the Hosted UI][1].
|
7855
10003
|
#
|
10004
|
+
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
10005
|
+
# in requests for this API operation. For this operation, you must use
|
10006
|
+
# IAM credentials to authorize requests, and you must grant yourself the
|
10007
|
+
# corresponding IAM permission in a policy.
|
10008
|
+
#
|
10009
|
+
# **Learn more**
|
10010
|
+
#
|
10011
|
+
# * [Signing Amazon Web Services API Requests][2]
|
10012
|
+
#
|
10013
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][3]
|
10014
|
+
#
|
10015
|
+
# </note>
|
10016
|
+
#
|
7856
10017
|
#
|
7857
10018
|
#
|
7858
10019
|
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html
|
10020
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
10021
|
+
# [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7859
10022
|
#
|
7860
10023
|
# @option params [required, String] :domain
|
7861
10024
|
# The domain name for the custom domain that hosts the sign-up and
|
@@ -7907,6 +10070,19 @@ module Aws::CognitoIdentityProvider
|
|
7907
10070
|
# "verified" if successful. The request takes an access token or a
|
7908
10071
|
# session string, but not both.
|
7909
10072
|
#
|
10073
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
10074
|
+
# policies in requests for this API operation. For this operation, you
|
10075
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
10076
|
+
# IAM permissions in policies. For more information about authorization
|
10077
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
10078
|
+
# OIDC APIs][1].
|
10079
|
+
#
|
10080
|
+
# </note>
|
10081
|
+
#
|
10082
|
+
#
|
10083
|
+
#
|
10084
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
10085
|
+
#
|
7910
10086
|
# @option params [String] :access_token
|
7911
10087
|
# A valid access token that Amazon Cognito issued to the user whose
|
7912
10088
|
# software token you want to verify.
|
@@ -7961,9 +10137,19 @@ module Aws::CognitoIdentityProvider
|
|
7961
10137
|
# attribute to its pending value. For more information, see [
|
7962
10138
|
# UserAttributeUpdateSettingsType][1].
|
7963
10139
|
#
|
10140
|
+
# <note markdown="1"> Amazon Cognito doesn't evaluate Identity and Access Management (IAM)
|
10141
|
+
# policies in requests for this API operation. For this operation, you
|
10142
|
+
# can't use IAM credentials to authorize requests, and you can't grant
|
10143
|
+
# IAM permissions in policies. For more information about authorization
|
10144
|
+
# models in Amazon Cognito, see [Using the Amazon Cognito native and
|
10145
|
+
# OIDC APIs][2].
|
10146
|
+
#
|
10147
|
+
# </note>
|
10148
|
+
#
|
7964
10149
|
#
|
7965
10150
|
#
|
7966
10151
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserAttributeUpdateSettingsType.html
|
10152
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
7967
10153
|
#
|
7968
10154
|
# @option params [required, String] :access_token
|
7969
10155
|
# A valid access token that Amazon Cognito issued to the user whose user
|
@@ -8007,7 +10193,7 @@ module Aws::CognitoIdentityProvider
|
|
8007
10193
|
params: params,
|
8008
10194
|
config: config)
|
8009
10195
|
context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
|
8010
|
-
context[:gem_version] = '1.
|
10196
|
+
context[:gem_version] = '1.81.0'
|
8011
10197
|
Seahorse::Client::Request.new(handlers, context)
|
8012
10198
|
end
|
8013
10199
|
|