aws-sdk-cognitoidentityprovider 1.79.0 → 1.81.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +2342 -156
- data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +76 -2
- data/lib/aws-sdk-cognitoidentityprovider/endpoints.rb +28 -0
- data/lib/aws-sdk-cognitoidentityprovider/plugins/endpoints.rb +4 -0
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +553 -104
- data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
- metadata +2 -2
@@ -147,7 +147,7 @@ module Aws::CognitoIdentityProvider
|
|
147
147
|
include Aws::Structure
|
148
148
|
end
|
149
149
|
|
150
|
-
#
|
150
|
+
# Confirm a user's registration as a user pool administrator.
|
151
151
|
#
|
152
152
|
# @!attribute [rw] user_pool_id
|
153
153
|
# The user pool ID for which you want to confirm user registration.
|
@@ -332,10 +332,9 @@ module Aws::CognitoIdentityProvider
|
|
332
332
|
# Amazon Cognito generates one for you.
|
333
333
|
#
|
334
334
|
# The temporary password can only be used until the user account
|
335
|
-
# expiration limit that you
|
336
|
-
#
|
337
|
-
#
|
338
|
-
# `MessageAction` parameter.
|
335
|
+
# expiration limit that you set for your user pool. To reset the
|
336
|
+
# account after that time limit, you must call `AdminCreateUser` again
|
337
|
+
# and specify `RESEND` for the `MessageAction` parameter.
|
339
338
|
# @return [String]
|
340
339
|
#
|
341
340
|
# @!attribute [rw] force_alias_creation
|
@@ -654,7 +653,7 @@ module Aws::CognitoIdentityProvider
|
|
654
653
|
# specified user as an administrator.
|
655
654
|
#
|
656
655
|
# @!attribute [rw] username
|
657
|
-
# The
|
656
|
+
# The username of the user that you requested.
|
658
657
|
# @return [String]
|
659
658
|
#
|
660
659
|
# @!attribute [rw] user_attributes
|
@@ -666,7 +665,12 @@ module Aws::CognitoIdentityProvider
|
|
666
665
|
# @return [Time]
|
667
666
|
#
|
668
667
|
# @!attribute [rw] user_last_modified_date
|
669
|
-
# The date the
|
668
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
669
|
+
# modified.
|
670
|
+
#
|
671
|
+
#
|
672
|
+
#
|
673
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
670
674
|
# @return [Time]
|
671
675
|
#
|
672
676
|
# @!attribute [rw] enabled
|
@@ -680,8 +684,6 @@ module Aws::CognitoIdentityProvider
|
|
680
684
|
#
|
681
685
|
# * CONFIRMED - User has been confirmed.
|
682
686
|
#
|
683
|
-
# * ARCHIVED - User is no longer active.
|
684
|
-
#
|
685
687
|
# * UNKNOWN - User status isn't known.
|
686
688
|
#
|
687
689
|
# * RESET\_REQUIRED - User is confirmed, but the user must request a
|
@@ -781,18 +783,27 @@ module Aws::CognitoIdentityProvider
|
|
781
783
|
# `SECRET_HASH` (required if the app client is configured with a
|
782
784
|
# client secret), `DEVICE_KEY`.
|
783
785
|
#
|
784
|
-
# * For `
|
786
|
+
# * For `ADMIN_USER_PASSWORD_AUTH`: `USERNAME` (required), `PASSWORD`
|
785
787
|
# (required), `SECRET_HASH` (required if the app client is
|
786
788
|
# configured with a client secret), `DEVICE_KEY`.
|
787
789
|
#
|
788
|
-
# * For `
|
789
|
-
#
|
790
|
-
#
|
790
|
+
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`: `REFRESH_TOKEN`
|
791
|
+
# (required), `SECRET_HASH` (required if the app client is
|
792
|
+
# configured with a client secret), `DEVICE_KEY`.
|
791
793
|
#
|
792
794
|
# * For `CUSTOM_AUTH`: `USERNAME` (required), `SECRET_HASH` (if app
|
793
795
|
# client is configured with client secret), `DEVICE_KEY`. To start
|
794
796
|
# the authentication flow with password verification, include
|
795
797
|
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
798
|
+
#
|
799
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
800
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
801
|
+
# user devices in your user pool][2].
|
802
|
+
#
|
803
|
+
#
|
804
|
+
#
|
805
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
806
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
796
807
|
# @return [Hash<String,String>]
|
797
808
|
#
|
798
809
|
# @!attribute [rw] client_metadata
|
@@ -1005,7 +1016,7 @@ module Aws::CognitoIdentityProvider
|
|
1005
1016
|
#
|
1006
1017
|
# @!attribute [rw] destination_user
|
1007
1018
|
# The existing user in the user pool that you want to assign to the
|
1008
|
-
# external IdP user account. This user can be a
|
1019
|
+
# external IdP user account. This user can be a local (Username +
|
1009
1020
|
# Password) Amazon Cognito user pools user or a federated user (for
|
1010
1021
|
# example, a SAML or Facebook user). If the user doesn't exist,
|
1011
1022
|
# Amazon Cognito generates an exception. Amazon Cognito returns this
|
@@ -1042,13 +1053,22 @@ module Aws::CognitoIdentityProvider
|
|
1042
1053
|
#
|
1043
1054
|
#
|
1044
1055
|
#
|
1056
|
+
# For OIDC, the `ProviderAttributeName` can be any value that matches
|
1057
|
+
# a claim in the ID token, or that your app retrieves from the
|
1058
|
+
# `userInfo` endpoint. You must map the claim to a user pool attribute
|
1059
|
+
# in your IdP configuration, and set the user pool attribute name as
|
1060
|
+
# the value of `ProviderAttributeName` in your
|
1061
|
+
# `AdminLinkProviderForUser` request.
|
1062
|
+
#
|
1045
1063
|
# For SAML, the `ProviderAttributeName` can be any value that matches
|
1046
|
-
# a claim in the SAML assertion.
|
1047
|
-
#
|
1048
|
-
#
|
1049
|
-
# `ProviderAttributeName
|
1050
|
-
#
|
1051
|
-
#
|
1064
|
+
# a claim in the SAML assertion. To link SAML users based on the
|
1065
|
+
# subject of the SAML assertion, map the subject to a claim through
|
1066
|
+
# the SAML IdP and set that claim name as the value of
|
1067
|
+
# `ProviderAttributeName` in your `AdminLinkProviderForUser` request.
|
1068
|
+
#
|
1069
|
+
# For both OIDC and SAML users, when you set `ProviderAttributeName`
|
1070
|
+
# to `Cognito_Subject`, Amazon Cognito will automatically parse the
|
1071
|
+
# default unique identifier found in the subject from the IdP token.
|
1052
1072
|
# @return [Types::ProviderUserIdentifierType]
|
1053
1073
|
#
|
1054
1074
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminLinkProviderForUserRequest AWS API Documentation
|
@@ -1363,6 +1383,15 @@ module Aws::CognitoIdentityProvider
|
|
1363
1383
|
# actual username value in the `USERNAMEUSER_ID_FOR_SRP` attribute.
|
1364
1384
|
# This happens even if you specified an alias in your call to
|
1365
1385
|
# `AdminInitiateAuth`.
|
1386
|
+
#
|
1387
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
1388
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
1389
|
+
# user devices in your user pool][2].
|
1390
|
+
#
|
1391
|
+
#
|
1392
|
+
#
|
1393
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
1394
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
1366
1395
|
# @return [Hash<String,String>]
|
1367
1396
|
#
|
1368
1397
|
# @!attribute [rw] session
|
@@ -1612,7 +1641,13 @@ module Aws::CognitoIdentityProvider
|
|
1612
1641
|
# @return [String]
|
1613
1642
|
#
|
1614
1643
|
# @!attribute [rw] feedback_value
|
1615
|
-
# The authentication event feedback value.
|
1644
|
+
# The authentication event feedback value. When you provide a
|
1645
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
1646
|
+
# trust a user session where Amazon Cognito has evaluated some level
|
1647
|
+
# of risk. When you provide a `FeedbackValue` value of `invalid`, you
|
1648
|
+
# tell Amazon Cognito that you don't trust a user session, or you
|
1649
|
+
# don't believe that Amazon Cognito evaluated a high-enough risk
|
1650
|
+
# level.
|
1616
1651
|
# @return [String]
|
1617
1652
|
#
|
1618
1653
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedbackRequest AWS API Documentation
|
@@ -1806,7 +1841,7 @@ module Aws::CognitoIdentityProvider
|
|
1806
1841
|
# The Amazon Pinpoint analytics configuration necessary to collect
|
1807
1842
|
# metrics for a user pool.
|
1808
1843
|
#
|
1809
|
-
# <note markdown="1"> In Regions where Amazon
|
1844
|
+
# <note markdown="1"> In Regions where Amazon Pinpoint isn't available, user pools only
|
1810
1845
|
# support sending events to Amazon Pinpoint projects in us-east-1. In
|
1811
1846
|
# Regions where Amazon Pinpoint is available, user pools support sending
|
1812
1847
|
# events to Amazon Pinpoint projects within that same Region.
|
@@ -1945,7 +1980,12 @@ module Aws::CognitoIdentityProvider
|
|
1945
1980
|
# @return [String]
|
1946
1981
|
#
|
1947
1982
|
# @!attribute [rw] creation_date
|
1948
|
-
# The
|
1983
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
1984
|
+
# created.
|
1985
|
+
#
|
1986
|
+
#
|
1987
|
+
#
|
1988
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
1949
1989
|
# @return [Time]
|
1950
1990
|
#
|
1951
1991
|
# @!attribute [rw] event_response
|
@@ -2076,6 +2116,33 @@ module Aws::CognitoIdentityProvider
|
|
2076
2116
|
#
|
2077
2117
|
class ChangePasswordResponse < Aws::EmptyStructure; end
|
2078
2118
|
|
2119
|
+
# The CloudWatch logging destination of a user pool detailed activity
|
2120
|
+
# logging configuration.
|
2121
|
+
#
|
2122
|
+
# @!attribute [rw] log_group_arn
|
2123
|
+
# The Amazon Resource Name (arn) of a CloudWatch Logs log group where
|
2124
|
+
# your user pool sends logs. The log group must not be encrypted with
|
2125
|
+
# Key Management Service and must be in the same Amazon Web Services
|
2126
|
+
# account as your user pool.
|
2127
|
+
#
|
2128
|
+
# To send logs to log groups with a resource policy of a size greater
|
2129
|
+
# than 5120 characters, configure a log group with a path that starts
|
2130
|
+
# with `/aws/vendedlogs`. For more information, see [Enabling logging
|
2131
|
+
# from certain Amazon Web Services services][1].
|
2132
|
+
#
|
2133
|
+
#
|
2134
|
+
#
|
2135
|
+
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
|
2136
|
+
# @return [String]
|
2137
|
+
#
|
2138
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CloudWatchLogsConfigurationType AWS API Documentation
|
2139
|
+
#
|
2140
|
+
class CloudWatchLogsConfigurationType < Struct.new(
|
2141
|
+
:log_group_arn)
|
2142
|
+
SENSITIVE = []
|
2143
|
+
include Aws::Structure
|
2144
|
+
end
|
2145
|
+
|
2079
2146
|
# The delivery details for an email or SMS message that Amazon Cognito
|
2080
2147
|
# sent for authentication or verification.
|
2081
2148
|
#
|
@@ -2237,7 +2304,12 @@ module Aws::CognitoIdentityProvider
|
|
2237
2304
|
# @!attribute [rw] secret_hash
|
2238
2305
|
# A keyed-hash message authentication code (HMAC) calculated using the
|
2239
2306
|
# secret key of a user pool client and username plus the client ID in
|
2240
|
-
# the message.
|
2307
|
+
# the message. For more information about `SecretHash`, see [Computing
|
2308
|
+
# secret hash values][1].
|
2309
|
+
#
|
2310
|
+
#
|
2311
|
+
#
|
2312
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
2241
2313
|
# @return [String]
|
2242
2314
|
#
|
2243
2315
|
# @!attribute [rw] username
|
@@ -2800,7 +2872,7 @@ module Aws::CognitoIdentityProvider
|
|
2800
2872
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
2801
2873
|
# session with their ID token for 10 hours.
|
2802
2874
|
#
|
2803
|
-
# The default time unit for `
|
2875
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
2804
2876
|
# hours. *Valid range* is displayed below in seconds.
|
2805
2877
|
#
|
2806
2878
|
# If you don't specify otherwise in the configuration of your app
|
@@ -2961,8 +3033,27 @@ module Aws::CognitoIdentityProvider
|
|
2961
3033
|
# @return [Array<String>]
|
2962
3034
|
#
|
2963
3035
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
2964
|
-
# Set to true
|
2965
|
-
#
|
3036
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app
|
3037
|
+
# client.
|
3038
|
+
#
|
3039
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
3040
|
+
# configure the following features in your app client.
|
3041
|
+
#
|
3042
|
+
# * `CallBackURLs`: Callback URLs.
|
3043
|
+
#
|
3044
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
3045
|
+
#
|
3046
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
3047
|
+
#
|
3048
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
3049
|
+
# client credentials OAuth 2.0 grants.
|
3050
|
+
#
|
3051
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
3052
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
3053
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
3054
|
+
# request. If you don't set a value for
|
3055
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
3056
|
+
# it defaults to `false`.
|
2966
3057
|
# @return [Boolean]
|
2967
3058
|
#
|
2968
3059
|
# @!attribute [rw] analytics_configuration
|
@@ -3277,15 +3368,32 @@ module Aws::CognitoIdentityProvider
|
|
3277
3368
|
# @return [Array<Types::SchemaAttributeType>]
|
3278
3369
|
#
|
3279
3370
|
# @!attribute [rw] user_pool_add_ons
|
3280
|
-
#
|
3281
|
-
#
|
3371
|
+
# User pool add-ons. Contains settings for activation of advanced
|
3372
|
+
# security features. To log user security information but take no
|
3373
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
3374
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
3375
|
+
#
|
3376
|
+
# For more information, see [Adding advanced security to a user
|
3377
|
+
# pool][1].
|
3378
|
+
#
|
3379
|
+
#
|
3380
|
+
#
|
3381
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
3282
3382
|
# @return [Types::UserPoolAddOnsType]
|
3283
3383
|
#
|
3284
3384
|
# @!attribute [rw] username_configuration
|
3285
3385
|
# Case sensitivity on the username input for the selected sign-in
|
3286
|
-
# option.
|
3287
|
-
# can sign in
|
3288
|
-
#
|
3386
|
+
# option. When case sensitivity is set to `False` (case insensitive),
|
3387
|
+
# users can sign in with any combination of capital and lowercase
|
3388
|
+
# letters. For example, `username`, `USERNAME`, or `UserName`, or for
|
3389
|
+
# email, `email@example.com` or `EMaiL@eXamplE.Com`. For most use
|
3390
|
+
# cases, set case sensitivity to `False` (case insensitive) as a best
|
3391
|
+
# practice. When usernames and email addresses are case insensitive,
|
3392
|
+
# Amazon Cognito treats any variation in case as the same user, and
|
3393
|
+
# prevents a case variation from being assigned to the same attribute
|
3394
|
+
# for a different user.
|
3395
|
+
#
|
3396
|
+
# This configuration is immutable after you set it. For more
|
3289
3397
|
# information, see [UsernameConfigurationType][1].
|
3290
3398
|
#
|
3291
3399
|
#
|
@@ -3880,7 +3988,12 @@ module Aws::CognitoIdentityProvider
|
|
3880
3988
|
# @return [Time]
|
3881
3989
|
#
|
3882
3990
|
# @!attribute [rw] device_last_modified_date
|
3883
|
-
# The
|
3991
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
3992
|
+
# modified.
|
3993
|
+
#
|
3994
|
+
#
|
3995
|
+
#
|
3996
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
3884
3997
|
# @return [Time]
|
3885
3998
|
#
|
3886
3999
|
# @!attribute [rw] device_last_authenticated_date
|
@@ -3921,8 +4034,8 @@ module Aws::CognitoIdentityProvider
|
|
3921
4034
|
# @return [String]
|
3922
4035
|
#
|
3923
4036
|
# @!attribute [rw] cloud_front_distribution
|
3924
|
-
# The Amazon
|
3925
|
-
#
|
4037
|
+
# The Amazon CloudFront endpoint that you use as the target of the
|
4038
|
+
# alias that you set up with your Domain Name Service (DNS) provider.
|
3926
4039
|
# @return [String]
|
3927
4040
|
#
|
3928
4041
|
# @!attribute [rw] version
|
@@ -3984,9 +4097,13 @@ module Aws::CognitoIdentityProvider
|
|
3984
4097
|
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html
|
3985
4098
|
#
|
3986
4099
|
# @!attribute [rw] source_arn
|
3987
|
-
# The ARN of a verified email address
|
3988
|
-
#
|
3989
|
-
#
|
4100
|
+
# The ARN of a verified email address or an address from a verified
|
4101
|
+
# domain in Amazon SES. You can set a `SourceArn` email from a
|
4102
|
+
# verified domain only with an API request. You can set a verified
|
4103
|
+
# email address, but not an address in a verified domain, in the
|
4104
|
+
# Amazon Cognito console. Amazon Cognito uses the email address that
|
4105
|
+
# you provide in one of the following ways, depending on the value
|
4106
|
+
# that you specify for the `EmailSendingAccount` parameter:
|
3990
4107
|
#
|
3991
4108
|
# * If you specify `COGNITO_DEFAULT`, Amazon Cognito uses this address
|
3992
4109
|
# as the custom FROM address when it emails your users using its
|
@@ -4158,7 +4275,13 @@ module Aws::CognitoIdentityProvider
|
|
4158
4275
|
# Specifies the event feedback type.
|
4159
4276
|
#
|
4160
4277
|
# @!attribute [rw] feedback_value
|
4161
|
-
# The event feedback value.
|
4278
|
+
# The authentication event feedback value. When you provide a
|
4279
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
4280
|
+
# trust a user session where Amazon Cognito has evaluated some level
|
4281
|
+
# of risk. When you provide a `FeedbackValue` value of `invalid`, you
|
4282
|
+
# tell Amazon Cognito that you don't trust a user session, or you
|
4283
|
+
# don't believe that Amazon Cognito evaluated a high-enough risk
|
4284
|
+
# level.
|
4162
4285
|
# @return [String]
|
4163
4286
|
#
|
4164
4287
|
# @!attribute [rw] provider
|
@@ -4480,6 +4603,32 @@ module Aws::CognitoIdentityProvider
|
|
4480
4603
|
include Aws::Structure
|
4481
4604
|
end
|
4482
4605
|
|
4606
|
+
# @!attribute [rw] user_pool_id
|
4607
|
+
# The ID of the user pool where you want to view detailed activity
|
4608
|
+
# logging configuration.
|
4609
|
+
# @return [String]
|
4610
|
+
#
|
4611
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfigurationRequest AWS API Documentation
|
4612
|
+
#
|
4613
|
+
class GetLogDeliveryConfigurationRequest < Struct.new(
|
4614
|
+
:user_pool_id)
|
4615
|
+
SENSITIVE = []
|
4616
|
+
include Aws::Structure
|
4617
|
+
end
|
4618
|
+
|
4619
|
+
# @!attribute [rw] log_delivery_configuration
|
4620
|
+
# The detailed activity logging configuration of the requested user
|
4621
|
+
# pool.
|
4622
|
+
# @return [Types::LogDeliveryConfigurationType]
|
4623
|
+
#
|
4624
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfigurationResponse AWS API Documentation
|
4625
|
+
#
|
4626
|
+
class GetLogDeliveryConfigurationResponse < Struct.new(
|
4627
|
+
:log_delivery_configuration)
|
4628
|
+
SENSITIVE = []
|
4629
|
+
include Aws::Structure
|
4630
|
+
end
|
4631
|
+
|
4483
4632
|
# Request to get a signing certificate from Amazon Cognito.
|
4484
4633
|
#
|
4485
4634
|
# @!attribute [rw] user_pool_id
|
@@ -4675,8 +4824,7 @@ module Aws::CognitoIdentityProvider
|
|
4675
4824
|
# information about the user.
|
4676
4825
|
#
|
4677
4826
|
# @!attribute [rw] username
|
4678
|
-
# The
|
4679
|
-
# request.
|
4827
|
+
# The username of the user that you requested.
|
4680
4828
|
# @return [String]
|
4681
4829
|
#
|
4682
4830
|
# @!attribute [rw] user_attributes
|
@@ -4789,11 +4937,21 @@ module Aws::CognitoIdentityProvider
|
|
4789
4937
|
# @return [Integer]
|
4790
4938
|
#
|
4791
4939
|
# @!attribute [rw] last_modified_date
|
4792
|
-
# The date the
|
4940
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
4941
|
+
# modified.
|
4942
|
+
#
|
4943
|
+
#
|
4944
|
+
#
|
4945
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4793
4946
|
# @return [Time]
|
4794
4947
|
#
|
4795
4948
|
# @!attribute [rw] creation_date
|
4796
|
-
# The date the
|
4949
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
4950
|
+
# created.
|
4951
|
+
#
|
4952
|
+
#
|
4953
|
+
#
|
4954
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4797
4955
|
# @return [Time]
|
4798
4956
|
#
|
4799
4957
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GroupType AWS API Documentation
|
@@ -4927,11 +5085,21 @@ module Aws::CognitoIdentityProvider
|
|
4927
5085
|
# @return [Array<String>]
|
4928
5086
|
#
|
4929
5087
|
# @!attribute [rw] last_modified_date
|
4930
|
-
# The date the
|
5088
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
5089
|
+
# modified.
|
5090
|
+
#
|
5091
|
+
#
|
5092
|
+
#
|
5093
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4931
5094
|
# @return [Time]
|
4932
5095
|
#
|
4933
5096
|
# @!attribute [rw] creation_date
|
4934
|
-
# The date the
|
5097
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
5098
|
+
# created.
|
5099
|
+
#
|
5100
|
+
#
|
5101
|
+
#
|
5102
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
4935
5103
|
# @return [Time]
|
4936
5104
|
#
|
4937
5105
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/IdentityProviderType AWS API Documentation
|
@@ -4992,6 +5160,10 @@ module Aws::CognitoIdentityProvider
|
|
4992
5160
|
# `SECRET_HASH` (required if the app client is configured with a
|
4993
5161
|
# client secret), `DEVICE_KEY`.
|
4994
5162
|
#
|
5163
|
+
# * For `USER_PASSWORD_AUTH`: `USERNAME` (required), `PASSWORD`
|
5164
|
+
# (required), `SECRET_HASH` (required if the app client is
|
5165
|
+
# configured with a client secret), `DEVICE_KEY`.
|
5166
|
+
#
|
4995
5167
|
# * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`: `REFRESH_TOKEN`
|
4996
5168
|
# (required), `SECRET_HASH` (required if the app client is
|
4997
5169
|
# configured with a client secret), `DEVICE_KEY`.
|
@@ -5000,6 +5172,15 @@ module Aws::CognitoIdentityProvider
|
|
5000
5172
|
# client is configured with client secret), `DEVICE_KEY`. To start
|
5001
5173
|
# the authentication flow with password verification, include
|
5002
5174
|
# `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.
|
5175
|
+
#
|
5176
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
5177
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
5178
|
+
# user devices in your user pool][2].
|
5179
|
+
#
|
5180
|
+
#
|
5181
|
+
#
|
5182
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
5183
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
5003
5184
|
# @return [Hash<String,String>]
|
5004
5185
|
#
|
5005
5186
|
# @!attribute [rw] client_metadata
|
@@ -5821,9 +6002,10 @@ module Aws::CognitoIdentityProvider
|
|
5821
6002
|
# @return [String]
|
5822
6003
|
#
|
5823
6004
|
# @!attribute [rw] attributes_to_get
|
5824
|
-
#
|
5825
|
-
#
|
5826
|
-
#
|
6005
|
+
# A JSON array of user attribute names, for example `given_name`, that
|
6006
|
+
# you want Amazon Cognito to include in the response for each user.
|
6007
|
+
# When you don't provide an `AttributesToGet` parameter, Amazon
|
6008
|
+
# Cognito returns all attributes for each user.
|
5827
6009
|
# @return [Array<String>]
|
5828
6010
|
#
|
5829
6011
|
# @!attribute [rw] limit
|
@@ -5921,7 +6103,23 @@ module Aws::CognitoIdentityProvider
|
|
5921
6103
|
# The response from the request to list users.
|
5922
6104
|
#
|
5923
6105
|
# @!attribute [rw] users
|
5924
|
-
#
|
6106
|
+
# A list of the user pool users, and their attributes, that match your
|
6107
|
+
# query.
|
6108
|
+
#
|
6109
|
+
# <note markdown="1"> Amazon Cognito creates a profile in your user pool for each native
|
6110
|
+
# user in your user pool, and each unique user ID from your
|
6111
|
+
# third-party identity providers (IdPs). When you link users with the
|
6112
|
+
# [AdminLinkProviderForUser][1] API operation, the output of
|
6113
|
+
# `ListUsers` displays both the IdP user and the native user that you
|
6114
|
+
# linked. You can identify IdP users in the `Users` object of this API
|
6115
|
+
# response by the IdP prefix that Amazon Cognito appends to
|
6116
|
+
# `Username`.
|
6117
|
+
#
|
6118
|
+
# </note>
|
6119
|
+
#
|
6120
|
+
#
|
6121
|
+
#
|
6122
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
|
5925
6123
|
# @return [Array<Types::UserType>]
|
5926
6124
|
#
|
5927
6125
|
# @!attribute [rw] pagination_token
|
@@ -5939,6 +6137,52 @@ module Aws::CognitoIdentityProvider
|
|
5939
6137
|
include Aws::Structure
|
5940
6138
|
end
|
5941
6139
|
|
6140
|
+
# The logging parameters of a user pool.
|
6141
|
+
#
|
6142
|
+
# @!attribute [rw] log_level
|
6143
|
+
# The `errorlevel` selection of logs that a user pool sends for
|
6144
|
+
# detailed activity logging.
|
6145
|
+
# @return [String]
|
6146
|
+
#
|
6147
|
+
# @!attribute [rw] event_source
|
6148
|
+
# The source of events that your user pool sends for detailed activity
|
6149
|
+
# logging.
|
6150
|
+
# @return [String]
|
6151
|
+
#
|
6152
|
+
# @!attribute [rw] cloud_watch_logs_configuration
|
6153
|
+
# The CloudWatch logging destination of a user pool.
|
6154
|
+
# @return [Types::CloudWatchLogsConfigurationType]
|
6155
|
+
#
|
6156
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/LogConfigurationType AWS API Documentation
|
6157
|
+
#
|
6158
|
+
class LogConfigurationType < Struct.new(
|
6159
|
+
:log_level,
|
6160
|
+
:event_source,
|
6161
|
+
:cloud_watch_logs_configuration)
|
6162
|
+
SENSITIVE = []
|
6163
|
+
include Aws::Structure
|
6164
|
+
end
|
6165
|
+
|
6166
|
+
# The logging parameters of a user pool.
|
6167
|
+
#
|
6168
|
+
# @!attribute [rw] user_pool_id
|
6169
|
+
# The ID of the user pool where you configured detailed activity
|
6170
|
+
# logging.
|
6171
|
+
# @return [String]
|
6172
|
+
#
|
6173
|
+
# @!attribute [rw] log_configurations
|
6174
|
+
# The detailed activity logging destination of a user pool.
|
6175
|
+
# @return [Array<Types::LogConfigurationType>]
|
6176
|
+
#
|
6177
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/LogDeliveryConfigurationType AWS API Documentation
|
6178
|
+
#
|
6179
|
+
class LogDeliveryConfigurationType < Struct.new(
|
6180
|
+
:user_pool_id,
|
6181
|
+
:log_configurations)
|
6182
|
+
SENSITIVE = []
|
6183
|
+
include Aws::Structure
|
6184
|
+
end
|
6185
|
+
|
5942
6186
|
# This exception is thrown when Amazon Cognito can't find a
|
5943
6187
|
# multi-factor authentication (MFA) method.
|
5944
6188
|
#
|
@@ -6232,7 +6476,12 @@ module Aws::CognitoIdentityProvider
|
|
6232
6476
|
# @return [Time]
|
6233
6477
|
#
|
6234
6478
|
# @!attribute [rw] creation_date
|
6235
|
-
# The date
|
6479
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
6480
|
+
# created.
|
6481
|
+
#
|
6482
|
+
#
|
6483
|
+
#
|
6484
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
6236
6485
|
# @return [Time]
|
6237
6486
|
#
|
6238
6487
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ProviderDescription AWS API Documentation
|
@@ -6528,6 +6777,15 @@ module Aws::CognitoIdentityProvider
|
|
6528
6777
|
# * `MFA_SETUP` requires `USERNAME`, plus you must use the session
|
6529
6778
|
# value returned by `VerifySoftwareToken` in the `Session`
|
6530
6779
|
# parameter.
|
6780
|
+
#
|
6781
|
+
# For more information about `SECRET_HASH`, see [Computing secret hash
|
6782
|
+
# values][1]. For information about `DEVICE_KEY`, see [Working with
|
6783
|
+
# user devices in your user pool][2].
|
6784
|
+
#
|
6785
|
+
#
|
6786
|
+
#
|
6787
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash
|
6788
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
|
6531
6789
|
# @return [Hash<String,String>]
|
6532
6790
|
#
|
6533
6791
|
# @!attribute [rw] analytics_metadata
|
@@ -6693,7 +6951,12 @@ module Aws::CognitoIdentityProvider
|
|
6693
6951
|
# @return [Types::RiskExceptionConfigurationType]
|
6694
6952
|
#
|
6695
6953
|
# @!attribute [rw] last_modified_date
|
6696
|
-
# The
|
6954
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
6955
|
+
# modified.
|
6956
|
+
#
|
6957
|
+
#
|
6958
|
+
#
|
6959
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
6697
6960
|
# @return [Time]
|
6698
6961
|
#
|
6699
6962
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RiskConfigurationType AWS API Documentation
|
@@ -6760,14 +7023,27 @@ module Aws::CognitoIdentityProvider
|
|
6760
7023
|
include Aws::Structure
|
6761
7024
|
end
|
6762
7025
|
|
6763
|
-
#
|
7026
|
+
# A list of the user attributes and their properties in your user pool.
|
7027
|
+
# The attribute schema contains standard attributes, custom attributes
|
7028
|
+
# with a `custom:` prefix, and developer attributes with a `dev:`
|
7029
|
+
# prefix. For more information, see [User pool attributes][1].
|
7030
|
+
#
|
7031
|
+
# Developer-only attributes are a legacy feature of user pools, are
|
7032
|
+
# read-only to all app clients. You can create and update developer-only
|
7033
|
+
# attributes only with IAM-authenticated API operations. Use app client
|
7034
|
+
# read/write permissions instead.
|
7035
|
+
#
|
7036
|
+
#
|
7037
|
+
#
|
7038
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
|
6764
7039
|
#
|
6765
7040
|
# @!attribute [rw] name
|
6766
|
-
#
|
7041
|
+
# The name of your user pool attribute, for example `username` or
|
7042
|
+
# `custom:costcenter`.
|
6767
7043
|
# @return [String]
|
6768
7044
|
#
|
6769
7045
|
# @!attribute [rw] attribute_data_type
|
6770
|
-
# The
|
7046
|
+
# The data format of the values for your attribute.
|
6771
7047
|
# @return [String]
|
6772
7048
|
#
|
6773
7049
|
# @!attribute [rw] developer_only_attribute
|
@@ -6792,13 +7068,13 @@ module Aws::CognitoIdentityProvider
|
|
6792
7068
|
# @!attribute [rw] mutable
|
6793
7069
|
# Specifies whether the value of the attribute can be changed.
|
6794
7070
|
#
|
6795
|
-
#
|
6796
|
-
# must
|
6797
|
-
# attributes when users sign in to your application
|
6798
|
-
# an attribute is immutable, Amazon Cognito throws
|
6799
|
-
# attempts to update the attribute. For more
|
6800
|
-
# [Specifying Identity Provider Attribute Mappings
|
6801
|
-
# Pool][1].
|
7071
|
+
# Any user pool attribute whose value you map from an IdP attribute
|
7072
|
+
# must be mutable, with a parameter value of `true`. Amazon Cognito
|
7073
|
+
# updates mapped attributes when users sign in to your application
|
7074
|
+
# through an IdP. If an attribute is immutable, Amazon Cognito throws
|
7075
|
+
# an error when it attempts to update the attribute. For more
|
7076
|
+
# information, see [Specifying Identity Provider Attribute Mappings
|
7077
|
+
# for Your User Pool][1].
|
6802
7078
|
#
|
6803
7079
|
#
|
6804
7080
|
#
|
@@ -6846,6 +7122,38 @@ module Aws::CognitoIdentityProvider
|
|
6846
7122
|
include Aws::Structure
|
6847
7123
|
end
|
6848
7124
|
|
7125
|
+
# @!attribute [rw] user_pool_id
|
7126
|
+
# The ID of the user pool where you want to configure detailed
|
7127
|
+
# activity logging .
|
7128
|
+
# @return [String]
|
7129
|
+
#
|
7130
|
+
# @!attribute [rw] log_configurations
|
7131
|
+
# A collection of all of the detailed activity logging configurations
|
7132
|
+
# for a user pool.
|
7133
|
+
# @return [Array<Types::LogConfigurationType>]
|
7134
|
+
#
|
7135
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfigurationRequest AWS API Documentation
|
7136
|
+
#
|
7137
|
+
class SetLogDeliveryConfigurationRequest < Struct.new(
|
7138
|
+
:user_pool_id,
|
7139
|
+
:log_configurations)
|
7140
|
+
SENSITIVE = []
|
7141
|
+
include Aws::Structure
|
7142
|
+
end
|
7143
|
+
|
7144
|
+
# @!attribute [rw] log_delivery_configuration
|
7145
|
+
# The detailed activity logging configuration that you applied to the
|
7146
|
+
# requested user pool.
|
7147
|
+
# @return [Types::LogDeliveryConfigurationType]
|
7148
|
+
#
|
7149
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfigurationResponse AWS API Documentation
|
7150
|
+
#
|
7151
|
+
class SetLogDeliveryConfigurationResponse < Struct.new(
|
7152
|
+
:log_delivery_configuration)
|
7153
|
+
SENSITIVE = []
|
7154
|
+
include Aws::Structure
|
7155
|
+
end
|
7156
|
+
|
6849
7157
|
# @!attribute [rw] user_pool_id
|
6850
7158
|
# The user pool ID.
|
6851
7159
|
# @return [String]
|
@@ -7451,18 +7759,23 @@ module Aws::CognitoIdentityProvider
|
|
7451
7759
|
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
7452
7760
|
# value that you set in the `AccessTokenValidity` parameter. The
|
7453
7761
|
# default `AccessTokenValidity` time unit is hours.
|
7762
|
+
# `AccessTokenValidity` duration can range from five minutes to one
|
7763
|
+
# day.
|
7454
7764
|
# @return [String]
|
7455
7765
|
#
|
7456
7766
|
# @!attribute [rw] id_token
|
7457
7767
|
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
7458
7768
|
# value that you set in the `IdTokenValidity` parameter. The default
|
7459
|
-
# `IdTokenValidity` time unit is hours.
|
7769
|
+
# `IdTokenValidity` time unit is hours. `IdTokenValidity` duration can
|
7770
|
+
# range from five minutes to one day.
|
7460
7771
|
# @return [String]
|
7461
7772
|
#
|
7462
7773
|
# @!attribute [rw] refresh_token
|
7463
7774
|
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
7464
7775
|
# value that you set in the `RefreshTokenValidity` parameter. The
|
7465
7776
|
# default `RefreshTokenValidity` time unit is days.
|
7777
|
+
# `RefreshTokenValidity` duration can range from 60 minutes to 10
|
7778
|
+
# years.
|
7466
7779
|
# @return [String]
|
7467
7780
|
#
|
7468
7781
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TokenValidityUnitsType AWS API Documentation
|
@@ -7531,11 +7844,21 @@ module Aws::CognitoIdentityProvider
|
|
7531
7844
|
# @return [String]
|
7532
7845
|
#
|
7533
7846
|
# @!attribute [rw] last_modified_date
|
7534
|
-
# The
|
7847
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
7848
|
+
# modified.
|
7849
|
+
#
|
7850
|
+
#
|
7851
|
+
#
|
7852
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
7535
7853
|
# @return [Time]
|
7536
7854
|
#
|
7537
7855
|
# @!attribute [rw] creation_date
|
7538
|
-
# The
|
7856
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
7857
|
+
# created.
|
7858
|
+
#
|
7859
|
+
#
|
7860
|
+
#
|
7861
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
7539
7862
|
# @return [Time]
|
7540
7863
|
#
|
7541
7864
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UICustomizationType AWS API Documentation
|
@@ -7677,7 +8000,13 @@ module Aws::CognitoIdentityProvider
|
|
7677
8000
|
# @return [String]
|
7678
8001
|
#
|
7679
8002
|
# @!attribute [rw] feedback_value
|
7680
|
-
# The authentication event feedback value.
|
8003
|
+
# The authentication event feedback value. When you provide a
|
8004
|
+
# `FeedbackValue` value of `valid`, you tell Amazon Cognito that you
|
8005
|
+
# trust a user session where Amazon Cognito has evaluated some level
|
8006
|
+
# of risk. When you provide a `FeedbackValue` value of `invalid`, you
|
8007
|
+
# tell Amazon Cognito that you don't trust a user session, or you
|
8008
|
+
# don't believe that Amazon Cognito evaluated a high-enough risk
|
8009
|
+
# level.
|
7681
8010
|
# @return [String]
|
7682
8011
|
#
|
7683
8012
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateAuthEventFeedbackRequest AWS API Documentation
|
@@ -8009,7 +8338,7 @@ module Aws::CognitoIdentityProvider
|
|
8009
8338
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
8010
8339
|
# session with their ID token for 10 hours.
|
8011
8340
|
#
|
8012
|
-
# The default time unit for `
|
8341
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
8013
8342
|
# hours. *Valid range* is displayed below in seconds.
|
8014
8343
|
#
|
8015
8344
|
# If you don't specify otherwise in the configuration of your app
|
@@ -8017,9 +8346,9 @@ module Aws::CognitoIdentityProvider
|
|
8017
8346
|
# @return [Integer]
|
8018
8347
|
#
|
8019
8348
|
# @!attribute [rw] token_validity_units
|
8020
|
-
# The units
|
8021
|
-
# unit for RefreshToken is days, and the
|
8022
|
-
# tokens is hours.
|
8349
|
+
# The time units you use when you set the duration of ID, access, and
|
8350
|
+
# refresh tokens. The default unit for RefreshToken is days, and the
|
8351
|
+
# default for ID and access tokens is hours.
|
8023
8352
|
# @return [Types::TokenValidityUnitsType]
|
8024
8353
|
#
|
8025
8354
|
# @!attribute [rw] read_attributes
|
@@ -8157,8 +8486,27 @@ module Aws::CognitoIdentityProvider
|
|
8157
8486
|
# @return [Array<String>]
|
8158
8487
|
#
|
8159
8488
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
8160
|
-
# Set to true
|
8161
|
-
#
|
8489
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app
|
8490
|
+
# client.
|
8491
|
+
#
|
8492
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
8493
|
+
# configure the following features in your app client.
|
8494
|
+
#
|
8495
|
+
# * `CallBackURLs`: Callback URLs.
|
8496
|
+
#
|
8497
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
8498
|
+
#
|
8499
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
8500
|
+
#
|
8501
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
8502
|
+
# client credentials OAuth 2.0 grants.
|
8503
|
+
#
|
8504
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
8505
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
8506
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
8507
|
+
# request. If you don't set a value for
|
8508
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
8509
|
+
# it defaults to `false`.
|
8162
8510
|
# @return [Boolean]
|
8163
8511
|
#
|
8164
8512
|
# @!attribute [rw] analytics_configuration
|
@@ -8453,8 +8801,17 @@ module Aws::CognitoIdentityProvider
|
|
8453
8801
|
# @return [Types::AdminCreateUserConfigType]
|
8454
8802
|
#
|
8455
8803
|
# @!attribute [rw] user_pool_add_ons
|
8456
|
-
#
|
8457
|
-
#
|
8804
|
+
# User pool add-ons. Contains settings for activation of advanced
|
8805
|
+
# security features. To log user security information but take no
|
8806
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
8807
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
8808
|
+
#
|
8809
|
+
# For more information, see [Adding advanced security to a user
|
8810
|
+
# pool][1].
|
8811
|
+
#
|
8812
|
+
#
|
8813
|
+
#
|
8814
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
8458
8815
|
# @return [Types::UserPoolAddOnsType]
|
8459
8816
|
#
|
8460
8817
|
# @!attribute [rw] account_recovery_setting
|
@@ -8523,8 +8880,8 @@ module Aws::CognitoIdentityProvider
|
|
8523
8880
|
#
|
8524
8881
|
# You can verify an updated email address or phone number with a
|
8525
8882
|
# [VerifyUserAttribute][1] API request. You can also call the
|
8526
|
-
# [
|
8527
|
-
#
|
8883
|
+
# [AdminUpdateUserAttributes][2] API and set `email_verified` or
|
8884
|
+
# `phone_number_verified` to true.
|
8528
8885
|
#
|
8529
8886
|
# When `AttributesRequireVerificationBeforeUpdate` is false, your user
|
8530
8887
|
# pool doesn't require that your users verify attribute changes
|
@@ -8536,8 +8893,7 @@ module Aws::CognitoIdentityProvider
|
|
8536
8893
|
#
|
8537
8894
|
#
|
8538
8895
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html
|
8539
|
-
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/
|
8540
|
-
# [3]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
|
8896
|
+
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
|
8541
8897
|
# @return [Array<String>]
|
8542
8898
|
#
|
8543
8899
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserAttributeUpdateSettingsType AWS API Documentation
|
@@ -8611,7 +8967,12 @@ module Aws::CognitoIdentityProvider
|
|
8611
8967
|
# @return [String]
|
8612
8968
|
#
|
8613
8969
|
# @!attribute [rw] creation_date
|
8614
|
-
# The date
|
8970
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
8971
|
+
# created.
|
8972
|
+
#
|
8973
|
+
#
|
8974
|
+
#
|
8975
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
8615
8976
|
# @return [Time]
|
8616
8977
|
#
|
8617
8978
|
# @!attribute [rw] start_date
|
@@ -8747,10 +9108,20 @@ module Aws::CognitoIdentityProvider
|
|
8747
9108
|
include Aws::Structure
|
8748
9109
|
end
|
8749
9110
|
|
8750
|
-
#
|
9111
|
+
# User pool add-ons. Contains settings for activation of advanced
|
9112
|
+
# security features. To log user security information but take no
|
9113
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
9114
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
9115
|
+
#
|
9116
|
+
# For more information, see [Adding advanced security to a user
|
9117
|
+
# pool][1].
|
9118
|
+
#
|
9119
|
+
#
|
9120
|
+
#
|
9121
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
8751
9122
|
#
|
8752
9123
|
# @!attribute [rw] advanced_security_mode
|
8753
|
-
# The advanced security
|
9124
|
+
# The operating mode of advanced security features in your user pool.
|
8754
9125
|
# @return [String]
|
8755
9126
|
#
|
8756
9127
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolAddOnsType AWS API Documentation
|
@@ -8805,11 +9176,21 @@ module Aws::CognitoIdentityProvider
|
|
8805
9176
|
# @return [String]
|
8806
9177
|
#
|
8807
9178
|
# @!attribute [rw] last_modified_date
|
8808
|
-
# The date
|
9179
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9180
|
+
# modified.
|
9181
|
+
#
|
9182
|
+
#
|
9183
|
+
#
|
9184
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
8809
9185
|
# @return [Time]
|
8810
9186
|
#
|
8811
9187
|
# @!attribute [rw] creation_date
|
8812
|
-
# The date
|
9188
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9189
|
+
# created.
|
9190
|
+
#
|
9191
|
+
#
|
9192
|
+
#
|
9193
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
8813
9194
|
# @return [Time]
|
8814
9195
|
#
|
8815
9196
|
# @!attribute [rw] refresh_token_validity
|
@@ -8858,7 +9239,7 @@ module Aws::CognitoIdentityProvider
|
|
8858
9239
|
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
8859
9240
|
# session with their ID token for 10 hours.
|
8860
9241
|
#
|
8861
|
-
# The default time unit for `
|
9242
|
+
# The default time unit for `IdTokenValidity` in an API request is
|
8862
9243
|
# hours. *Valid range* is displayed below in seconds.
|
8863
9244
|
#
|
8864
9245
|
# If you don't specify otherwise in the configuration of your app
|
@@ -9006,8 +9387,27 @@ module Aws::CognitoIdentityProvider
|
|
9006
9387
|
# @return [Array<String>]
|
9007
9388
|
#
|
9008
9389
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
9009
|
-
# Set to true
|
9010
|
-
#
|
9390
|
+
# Set to `true` to use OAuth 2.0 features in your user pool app
|
9391
|
+
# client.
|
9392
|
+
#
|
9393
|
+
# `AllowedOAuthFlowsUserPoolClient` must be `true` before you can
|
9394
|
+
# configure the following features in your app client.
|
9395
|
+
#
|
9396
|
+
# * `CallBackURLs`: Callback URLs.
|
9397
|
+
#
|
9398
|
+
# * `LogoutURLs`: Sign-out redirect URLs.
|
9399
|
+
#
|
9400
|
+
# * `AllowedOAuthScopes`: OAuth 2.0 scopes.
|
9401
|
+
#
|
9402
|
+
# * `AllowedOAuthFlows`: Support for authorization code, implicit, and
|
9403
|
+
# client credentials OAuth 2.0 grants.
|
9404
|
+
#
|
9405
|
+
# To use OAuth 2.0 features, configure one of these features in the
|
9406
|
+
# Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to
|
9407
|
+
# `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API
|
9408
|
+
# request. If you don't set a value for
|
9409
|
+
# `AllowedOAuthFlowsUserPoolClient` in a request with the CLI or SDKs,
|
9410
|
+
# it defaults to `false`.
|
9011
9411
|
# @return [Boolean]
|
9012
9412
|
#
|
9013
9413
|
# @!attribute [rw] analytics_configuration
|
@@ -9136,11 +9536,21 @@ module Aws::CognitoIdentityProvider
|
|
9136
9536
|
# @return [String]
|
9137
9537
|
#
|
9138
9538
|
# @!attribute [rw] last_modified_date
|
9139
|
-
# The date
|
9539
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9540
|
+
# modified.
|
9541
|
+
#
|
9542
|
+
#
|
9543
|
+
#
|
9544
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9140
9545
|
# @return [Time]
|
9141
9546
|
#
|
9142
9547
|
# @!attribute [rw] creation_date
|
9143
|
-
# The date
|
9548
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9549
|
+
# created.
|
9550
|
+
#
|
9551
|
+
#
|
9552
|
+
#
|
9553
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9144
9554
|
# @return [Time]
|
9145
9555
|
#
|
9146
9556
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolDescriptionType AWS API Documentation
|
@@ -9219,15 +9629,37 @@ module Aws::CognitoIdentityProvider
|
|
9219
9629
|
# @return [String]
|
9220
9630
|
#
|
9221
9631
|
# @!attribute [rw] last_modified_date
|
9222
|
-
# The date
|
9632
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9633
|
+
# modified.
|
9634
|
+
#
|
9635
|
+
#
|
9636
|
+
#
|
9637
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9223
9638
|
# @return [Time]
|
9224
9639
|
#
|
9225
9640
|
# @!attribute [rw] creation_date
|
9226
|
-
# The date the
|
9641
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9642
|
+
# created.
|
9643
|
+
#
|
9644
|
+
#
|
9645
|
+
#
|
9646
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9227
9647
|
# @return [Time]
|
9228
9648
|
#
|
9229
9649
|
# @!attribute [rw] schema_attributes
|
9230
|
-
# A
|
9650
|
+
# A list of the user attributes and their properties in your user
|
9651
|
+
# pool. The attribute schema contains standard attributes, custom
|
9652
|
+
# attributes with a `custom:` prefix, and developer attributes with a
|
9653
|
+
# `dev:` prefix. For more information, see [User pool attributes][1].
|
9654
|
+
#
|
9655
|
+
# Developer-only attributes are a legacy feature of user pools, are
|
9656
|
+
# read-only to all app clients. You can create and update
|
9657
|
+
# developer-only attributes only with IAM-authenticated API
|
9658
|
+
# operations. Use app client read/write permissions instead.
|
9659
|
+
#
|
9660
|
+
#
|
9661
|
+
#
|
9662
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
|
9231
9663
|
# @return [Array<Types::SchemaAttributeType>]
|
9232
9664
|
#
|
9233
9665
|
# @!attribute [rw] auto_verified_attributes
|
@@ -9322,7 +9754,7 @@ module Aws::CognitoIdentityProvider
|
|
9322
9754
|
# @!attribute [rw] email_configuration
|
9323
9755
|
# The email configuration of your user pool. The email configuration
|
9324
9756
|
# type sets your preferred sending method, Amazon Web Services Region,
|
9325
|
-
# and sender for messages
|
9757
|
+
# and sender for messages from your user pool.
|
9326
9758
|
# @return [Types::EmailConfigurationType]
|
9327
9759
|
#
|
9328
9760
|
# @!attribute [rw] sms_configuration
|
@@ -9358,10 +9790,10 @@ module Aws::CognitoIdentityProvider
|
|
9358
9790
|
#
|
9359
9791
|
# : The Amazon Web Services account is in the SNS SMS Sandbox and
|
9360
9792
|
# messages will only reach verified end users. This parameter won’t
|
9361
|
-
# get populated with SNSSandbox if the
|
9362
|
-
#
|
9363
|
-
#
|
9364
|
-
#
|
9793
|
+
# get populated with SNSSandbox if the user creating the user pool
|
9794
|
+
# doesn’t have SNS permissions. To learn how to move your Amazon Web
|
9795
|
+
# Services account out of the sandbox, see [Moving out of the SMS
|
9796
|
+
# sandbox][2].
|
9365
9797
|
#
|
9366
9798
|
#
|
9367
9799
|
#
|
@@ -9398,7 +9830,17 @@ module Aws::CognitoIdentityProvider
|
|
9398
9830
|
# @return [Types::AdminCreateUserConfigType]
|
9399
9831
|
#
|
9400
9832
|
# @!attribute [rw] user_pool_add_ons
|
9401
|
-
#
|
9833
|
+
# User pool add-ons. Contains settings for activation of advanced
|
9834
|
+
# security features. To log user security information but take no
|
9835
|
+
# action, set to `AUDIT`. To configure automatic security responses to
|
9836
|
+
# risky traffic to your user pool, set to `ENFORCED`.
|
9837
|
+
#
|
9838
|
+
# For more information, see [Adding advanced security to a user
|
9839
|
+
# pool][1].
|
9840
|
+
#
|
9841
|
+
#
|
9842
|
+
#
|
9843
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
9402
9844
|
# @return [Types::UserPoolAddOnsType]
|
9403
9845
|
#
|
9404
9846
|
# @!attribute [rw] username_configuration
|
@@ -9483,7 +9925,12 @@ module Aws::CognitoIdentityProvider
|
|
9483
9925
|
# @return [Time]
|
9484
9926
|
#
|
9485
9927
|
# @!attribute [rw] user_last_modified_date
|
9486
|
-
# The
|
9928
|
+
# The date and time, in [ISO 8601][1] format, when the item was
|
9929
|
+
# modified.
|
9930
|
+
#
|
9931
|
+
#
|
9932
|
+
#
|
9933
|
+
# [1]: https://www.iso.org/iso-8601-date-and-time-format.html
|
9487
9934
|
# @return [Time]
|
9488
9935
|
#
|
9489
9936
|
# @!attribute [rw] enabled
|
@@ -9499,8 +9946,6 @@ module Aws::CognitoIdentityProvider
|
|
9499
9946
|
#
|
9500
9947
|
# * EXTERNAL\_PROVIDER - User signed in with a third-party IdP.
|
9501
9948
|
#
|
9502
|
-
# * ARCHIVED - User is no longer active.
|
9503
|
-
#
|
9504
9949
|
# * UNKNOWN - User status isn't known.
|
9505
9950
|
#
|
9506
9951
|
# * RESET\_REQUIRED - User is confirmed, but the user must request a
|
@@ -9534,7 +9979,11 @@ module Aws::CognitoIdentityProvider
|
|
9534
9979
|
#
|
9535
9980
|
# @!attribute [rw] case_sensitive
|
9536
9981
|
# Specifies whether user name case sensitivity will be applied for all
|
9537
|
-
# users in the user pool through Amazon Cognito APIs.
|
9982
|
+
# users in the user pool through Amazon Cognito APIs. For most use
|
9983
|
+
# cases, set case sensitivity to `False` (case insensitive) as a best
|
9984
|
+
# practice. When usernames and email addresses are case insensitive,
|
9985
|
+
# users can sign in as the same user when they enter a different
|
9986
|
+
# capitalization of their user name.
|
9538
9987
|
#
|
9539
9988
|
# Valid values include:
|
9540
9989
|
#
|
@@ -9548,10 +9997,10 @@ module Aws::CognitoIdentityProvider
|
|
9548
9997
|
# False
|
9549
9998
|
#
|
9550
9999
|
# : Enables case insensitivity for all username input. For example,
|
9551
|
-
# when this option is set to `False`, users can sign in using
|
9552
|
-
#
|
9553
|
-
# `preferred_username` and `email` alias to be case
|
9554
|
-
# addition to the `username` attribute.
|
10000
|
+
# when this option is set to `False`, users can sign in using
|
10001
|
+
# `username`, `USERNAME`, or `UserName`. This option also enables
|
10002
|
+
# both `preferred_username` and `email` alias to be case
|
10003
|
+
# insensitive, in addition to the `username` attribute.
|
9555
10004
|
# @return [Boolean]
|
9556
10005
|
#
|
9557
10006
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UsernameConfigurationType AWS API Documentation
|