aws-sdk-cognitoidentityprovider 1.97.0 → 1.107.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +50 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +237 -108
- data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +50 -0
- data/lib/aws-sdk-cognitoidentityprovider/endpoints.rb +103 -412
- data/lib/aws-sdk-cognitoidentityprovider/errors.rb +16 -0
- data/lib/aws-sdk-cognitoidentityprovider/plugins/endpoints.rb +18 -6
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +386 -82
- data/lib/aws-sdk-cognitoidentityprovider.rb +15 -11
- data/sig/client.rbs +40 -10
- data/sig/errors.rbs +3 -0
- data/sig/resource.rbs +2 -0
- data/sig/types.rbs +49 -8
- metadata +4 -4
@@ -32,11 +32,10 @@ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
|
32
32
|
require 'aws-sdk-core/plugins/request_compression.rb'
|
33
33
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
34
34
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
35
|
+
require 'aws-sdk-core/plugins/telemetry.rb'
|
35
36
|
require 'aws-sdk-core/plugins/sign.rb'
|
36
37
|
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
37
38
|
|
38
|
-
Aws::Plugins::GlobalConfiguration.add_identifier(:cognitoidentityprovider)
|
39
|
-
|
40
39
|
module Aws::CognitoIdentityProvider
|
41
40
|
# An API client for CognitoIdentityProvider. To construct a client, you need to configure a `:region` and `:credentials`.
|
42
41
|
#
|
@@ -83,6 +82,7 @@ module Aws::CognitoIdentityProvider
|
|
83
82
|
add_plugin(Aws::Plugins::RequestCompression)
|
84
83
|
add_plugin(Aws::Plugins::DefaultsMode)
|
85
84
|
add_plugin(Aws::Plugins::RecursionDetection)
|
85
|
+
add_plugin(Aws::Plugins::Telemetry)
|
86
86
|
add_plugin(Aws::Plugins::Sign)
|
87
87
|
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
88
88
|
add_plugin(Aws::CognitoIdentityProvider::Plugins::Endpoints)
|
@@ -128,13 +128,15 @@ module Aws::CognitoIdentityProvider
|
|
128
128
|
# locations will be searched for credentials:
|
129
129
|
#
|
130
130
|
# * `Aws.config[:credentials]`
|
131
|
-
# * The `:access_key_id`, `:secret_access_key`,
|
132
|
-
#
|
131
|
+
# * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
|
132
|
+
# `:account_id` options.
|
133
|
+
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
|
134
|
+
# ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
|
133
135
|
# * `~/.aws/credentials`
|
134
136
|
# * `~/.aws/config`
|
135
137
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
136
138
|
# are very aggressive. Construct and pass an instance of
|
137
|
-
# `Aws::
|
139
|
+
# `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
|
138
140
|
# enable retries and extended timeouts. Instance profile credential
|
139
141
|
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
140
142
|
# to true.
|
@@ -153,6 +155,8 @@ module Aws::CognitoIdentityProvider
|
|
153
155
|
#
|
154
156
|
# @option options [String] :access_key_id
|
155
157
|
#
|
158
|
+
# @option options [String] :account_id
|
159
|
+
#
|
156
160
|
# @option options [Boolean] :active_endpoint_cache (false)
|
157
161
|
# When set to `true`, a thread polling for endpoints will be running in
|
158
162
|
# the background every 60 secs (default). Defaults to `false`.
|
@@ -337,6 +341,16 @@ module Aws::CognitoIdentityProvider
|
|
337
341
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
338
342
|
# requests are made, and retries are disabled.
|
339
343
|
#
|
344
|
+
# @option options [Aws::Telemetry::TelemetryProviderBase] :telemetry_provider (Aws::Telemetry::NoOpTelemetryProvider)
|
345
|
+
# Allows you to provide a telemetry provider, which is used to
|
346
|
+
# emit telemetry data. By default, uses `NoOpTelemetryProvider` which
|
347
|
+
# will not record or emit any telemetry data. The SDK supports the
|
348
|
+
# following telemetry providers:
|
349
|
+
#
|
350
|
+
# * OpenTelemetry (OTel) - To use the OTel provider, install and require the
|
351
|
+
# `opentelemetry-sdk` gem and then, pass in an instance of a
|
352
|
+
# `Aws::Telemetry::OTelProvider` for telemetry provider.
|
353
|
+
#
|
340
354
|
# @option options [Aws::TokenProvider] :token_provider
|
341
355
|
# A Bearer Token Provider. This can be an instance of any one of the
|
342
356
|
# following classes:
|
@@ -364,7 +378,9 @@ module Aws::CognitoIdentityProvider
|
|
364
378
|
# sending the request.
|
365
379
|
#
|
366
380
|
# @option options [Aws::CognitoIdentityProvider::EndpointProvider] :endpoint_provider
|
367
|
-
# The endpoint provider used to resolve endpoints. Any object that responds to
|
381
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to
|
382
|
+
# `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
|
383
|
+
# `Aws::CognitoIdentityProvider::EndpointParameters`.
|
368
384
|
#
|
369
385
|
# @option options [Float] :http_continue_timeout (1)
|
370
386
|
# The number of seconds to wait for a 100-continue response before sending the
|
@@ -420,6 +436,12 @@ module Aws::CognitoIdentityProvider
|
|
420
436
|
# @option options [String] :ssl_ca_store
|
421
437
|
# Sets the X509::Store to verify peer certificate.
|
422
438
|
#
|
439
|
+
# @option options [OpenSSL::X509::Certificate] :ssl_cert
|
440
|
+
# Sets a client certificate when creating http connections.
|
441
|
+
#
|
442
|
+
# @option options [OpenSSL::PKey] :ssl_key
|
443
|
+
# Sets a client key when creating http connections.
|
444
|
+
#
|
423
445
|
# @option options [Float] :ssl_timeout
|
424
446
|
# Sets the SSL timeout in seconds
|
425
447
|
#
|
@@ -547,18 +569,14 @@ module Aws::CognitoIdentityProvider
|
|
547
569
|
req.send_request(options)
|
548
570
|
end
|
549
571
|
|
550
|
-
# This IAM-authenticated API operation
|
551
|
-
#
|
552
|
-
#
|
553
|
-
# address or phone number that they provided, and their user account
|
554
|
-
# becomes active. Depending on your user pool configuration, your users
|
555
|
-
# will receive their confirmation code in an email or SMS message.
|
572
|
+
# This IAM-authenticated API operation confirms user sign-up as an
|
573
|
+
# administrator. Unlike [ConfirmSignUp][1], your IAM credentials
|
574
|
+
# authorize user account confirmation. No confirmation code is required.
|
556
575
|
#
|
557
|
-
#
|
558
|
-
#
|
559
|
-
#
|
560
|
-
#
|
561
|
-
# respond to their invitation email message and choose a password.
|
576
|
+
# This request sets a user account active in a user pool that [requires
|
577
|
+
# confirmation of new user accounts][2] before they can sign in. You can
|
578
|
+
# configure your user pool to not send confirmation codes to new users
|
579
|
+
# and instead confirm them with this API operation on the back end.
|
562
580
|
#
|
563
581
|
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
564
582
|
# in requests for this API operation. For this operation, you must use
|
@@ -567,16 +585,18 @@ module Aws::CognitoIdentityProvider
|
|
567
585
|
#
|
568
586
|
# **Learn more**
|
569
587
|
#
|
570
|
-
# * [Signing Amazon Web Services API Requests][
|
588
|
+
# * [Signing Amazon Web Services API Requests][3]
|
571
589
|
#
|
572
|
-
# * [Using the Amazon Cognito user pools API and user pool endpoints][
|
590
|
+
# * [Using the Amazon Cognito user pools API and user pool endpoints][4]
|
573
591
|
#
|
574
592
|
# </note>
|
575
593
|
#
|
576
594
|
#
|
577
595
|
#
|
578
|
-
# [1]: https://docs.aws.amazon.com/
|
579
|
-
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/
|
596
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html
|
597
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#signing-up-users-in-your-app-and-confirming-them-as-admin
|
598
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
599
|
+
# [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
580
600
|
#
|
581
601
|
# @option params [required, String] :user_pool_id
|
582
602
|
# The user pool ID for which you want to confirm user registration.
|
@@ -660,8 +680,8 @@ module Aws::CognitoIdentityProvider
|
|
660
680
|
# sign in.
|
661
681
|
#
|
662
682
|
# If you have never used SMS text messages with Amazon Cognito or any
|
663
|
-
# other Amazon Web
|
664
|
-
# place your account in the SMS sandbox. In <i> <a
|
683
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
684
|
+
# might place your account in the SMS sandbox. In <i> <a
|
665
685
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
666
686
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
667
687
|
# After you test your app while in the sandbox environment, you can move
|
@@ -1458,8 +1478,8 @@ module Aws::CognitoIdentityProvider
|
|
1458
1478
|
# sign in.
|
1459
1479
|
#
|
1460
1480
|
# If you have never used SMS text messages with Amazon Cognito or any
|
1461
|
-
# other Amazon Web
|
1462
|
-
# place your account in the SMS sandbox. In <i> <a
|
1481
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
1482
|
+
# might place your account in the SMS sandbox. In <i> <a
|
1463
1483
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
1464
1484
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
1465
1485
|
# After you test your app while in the sandbox environment, you can move
|
@@ -1669,7 +1689,7 @@ module Aws::CognitoIdentityProvider
|
|
1669
1689
|
#
|
1670
1690
|
# @example Response structure
|
1671
1691
|
#
|
1672
|
-
# resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
|
1692
|
+
# resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
|
1673
1693
|
# resp.session #=> String
|
1674
1694
|
# resp.challenge_parameters #=> Hash
|
1675
1695
|
# resp.challenge_parameters["StringType"] #=> String
|
@@ -2119,8 +2139,8 @@ module Aws::CognitoIdentityProvider
|
|
2119
2139
|
# sign in.
|
2120
2140
|
#
|
2121
2141
|
# If you have never used SMS text messages with Amazon Cognito or any
|
2122
|
-
# other Amazon Web
|
2123
|
-
# place your account in the SMS sandbox. In <i> <a
|
2142
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
2143
|
+
# might place your account in the SMS sandbox. In <i> <a
|
2124
2144
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
2125
2145
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
2126
2146
|
# After you test your app while in the sandbox environment, you can move
|
@@ -2250,8 +2270,8 @@ module Aws::CognitoIdentityProvider
|
|
2250
2270
|
# sign in.
|
2251
2271
|
#
|
2252
2272
|
# If you have never used SMS text messages with Amazon Cognito or any
|
2253
|
-
# other Amazon Web
|
2254
|
-
# place your account in the SMS sandbox. In <i> <a
|
2273
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
2274
|
+
# might place your account in the SMS sandbox. In <i> <a
|
2255
2275
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
2256
2276
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
2257
2277
|
# After you test your app while in the sandbox environment, you can move
|
@@ -2307,11 +2327,21 @@ module Aws::CognitoIdentityProvider
|
|
2307
2327
|
# SMS\_MFA
|
2308
2328
|
#
|
2309
2329
|
# : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
|
2310
|
-
# "[
|
2330
|
+
# "[code]", "USERNAME": "[username]"\}`
|
2331
|
+
#
|
2332
|
+
# EMAIL\_OTP
|
2333
|
+
#
|
2334
|
+
# : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
|
2335
|
+
# \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
|
2311
2336
|
#
|
2312
2337
|
# PASSWORD\_VERIFIER
|
2313
2338
|
#
|
2314
|
-
# :
|
2339
|
+
# : This challenge response is part of the SRP flow. Amazon Cognito
|
2340
|
+
# requires that your application respond to this challenge within a
|
2341
|
+
# few seconds. When the response time exceeds this period, your user
|
2342
|
+
# pool returns a `NotAuthorizedException` error.
|
2343
|
+
#
|
2344
|
+
# `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
|
2315
2345
|
# \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
|
2316
2346
|
# "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
|
2317
2347
|
# [timestamp], "USERNAME": "[username]"\}`
|
@@ -2470,7 +2500,7 @@ module Aws::CognitoIdentityProvider
|
|
2470
2500
|
# resp = client.admin_respond_to_auth_challenge({
|
2471
2501
|
# user_pool_id: "UserPoolIdType", # required
|
2472
2502
|
# client_id: "ClientIdType", # required
|
2473
|
-
# challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
|
2503
|
+
# challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
|
2474
2504
|
# challenge_responses: {
|
2475
2505
|
# "StringType" => "StringType",
|
2476
2506
|
# },
|
@@ -2497,7 +2527,7 @@ module Aws::CognitoIdentityProvider
|
|
2497
2527
|
#
|
2498
2528
|
# @example Response structure
|
2499
2529
|
#
|
2500
|
-
# resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
|
2530
|
+
# resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
|
2501
2531
|
# resp.session #=> String
|
2502
2532
|
# resp.challenge_parameters #=> Hash
|
2503
2533
|
# resp.challenge_parameters["StringType"] #=> String
|
@@ -2518,12 +2548,12 @@ module Aws::CognitoIdentityProvider
|
|
2518
2548
|
req.send_request(options)
|
2519
2549
|
end
|
2520
2550
|
|
2521
|
-
#
|
2522
|
-
# which MFA options are activated, and if any are preferred.
|
2523
|
-
# factor can be set as preferred. The preferred MFA factor will
|
2524
|
-
# to authenticate a user if multiple factors are activated. If
|
2525
|
-
# options are activated and no preference is set, a challenge
|
2526
|
-
# an MFA option will be returned during sign-in.
|
2551
|
+
# Sets the user's multi-factor authentication (MFA) preference,
|
2552
|
+
# including which MFA options are activated, and if any are preferred.
|
2553
|
+
# Only one factor can be set as preferred. The preferred MFA factor will
|
2554
|
+
# be used to authenticate a user if multiple factors are activated. If
|
2555
|
+
# multiple options are activated and no preference is set, a challenge
|
2556
|
+
# to choose an MFA option will be returned during sign-in.
|
2527
2557
|
#
|
2528
2558
|
# <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
|
2529
2559
|
# in requests for this API operation. For this operation, you must use
|
@@ -2544,10 +2574,24 @@ module Aws::CognitoIdentityProvider
|
|
2544
2574
|
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
2545
2575
|
#
|
2546
2576
|
# @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
|
2547
|
-
#
|
2577
|
+
# User preferences for SMS message MFA. Activates or deactivates SMS MFA
|
2578
|
+
# and sets it as the preferred MFA method when multiple methods are
|
2579
|
+
# available.
|
2548
2580
|
#
|
2549
2581
|
# @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
|
2550
|
-
#
|
2582
|
+
# User preferences for time-based one-time password (TOTP) MFA.
|
2583
|
+
# Activates or deactivates TOTP MFA and sets it as the preferred MFA
|
2584
|
+
# method when multiple methods are available.
|
2585
|
+
#
|
2586
|
+
# @option params [Types::EmailMfaSettingsType] :email_mfa_settings
|
2587
|
+
# User preferences for email message MFA. Activates or deactivates email
|
2588
|
+
# MFA and sets it as the preferred MFA method when multiple methods are
|
2589
|
+
# available. To activate this setting, [ advanced security features][1]
|
2590
|
+
# must be active in your user pool.
|
2591
|
+
#
|
2592
|
+
#
|
2593
|
+
#
|
2594
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
2551
2595
|
#
|
2552
2596
|
# @option params [required, String] :username
|
2553
2597
|
# The username of the user that you want to query or modify. The value
|
@@ -2557,7 +2601,8 @@ module Aws::CognitoIdentityProvider
|
|
2557
2601
|
# username of a user from a third-party IdP.
|
2558
2602
|
#
|
2559
2603
|
# @option params [required, String] :user_pool_id
|
2560
|
-
# The user pool
|
2604
|
+
# The ID of the user pool where you want to set a user's MFA
|
2605
|
+
# preferences.
|
2561
2606
|
#
|
2562
2607
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2563
2608
|
#
|
@@ -2572,6 +2617,10 @@ module Aws::CognitoIdentityProvider
|
|
2572
2617
|
# enabled: false,
|
2573
2618
|
# preferred_mfa: false,
|
2574
2619
|
# },
|
2620
|
+
# email_mfa_settings: {
|
2621
|
+
# enabled: false,
|
2622
|
+
# preferred_mfa: false,
|
2623
|
+
# },
|
2575
2624
|
# username: "UsernameType", # required
|
2576
2625
|
# user_pool_id: "UserPoolIdType", # required
|
2577
2626
|
# })
|
@@ -2860,8 +2909,8 @@ module Aws::CognitoIdentityProvider
|
|
2860
2909
|
# sign in.
|
2861
2910
|
#
|
2862
2911
|
# If you have never used SMS text messages with Amazon Cognito or any
|
2863
|
-
# other Amazon Web
|
2864
|
-
# place your account in the SMS sandbox. In <i> <a
|
2912
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
2913
|
+
# might place your account in the SMS sandbox. In <i> <a
|
2865
2914
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
2866
2915
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
2867
2916
|
# After you test your app while in the sandbox environment, you can move
|
@@ -3084,7 +3133,7 @@ module Aws::CognitoIdentityProvider
|
|
3084
3133
|
# require MFA, the user can then authenticate with user name and
|
3085
3134
|
# password credentials alone. If your user pool requires TOTP MFA,
|
3086
3135
|
# Amazon Cognito generates an `MFA_SETUP` or `SOFTWARE_TOKEN_SETUP`
|
3087
|
-
# challenge each time your user signs. Complete setup with
|
3136
|
+
# challenge each time your user signs in. Complete setup with
|
3088
3137
|
# `AssociateSoftwareToken` and `VerifySoftwareToken`.
|
3089
3138
|
#
|
3090
3139
|
# After you set up software token MFA for your user, Amazon Cognito
|
@@ -3954,8 +4003,8 @@ module Aws::CognitoIdentityProvider
|
|
3954
4003
|
# sign in.
|
3955
4004
|
#
|
3956
4005
|
# If you have never used SMS text messages with Amazon Cognito or any
|
3957
|
-
# other Amazon Web
|
3958
|
-
# place your account in the SMS sandbox. In <i> <a
|
4006
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
4007
|
+
# might place your account in the SMS sandbox. In <i> <a
|
3959
4008
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
3960
4009
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
3961
4010
|
# After you test your app while in the sandbox environment, you can move
|
@@ -4636,6 +4685,7 @@ module Aws::CognitoIdentityProvider
|
|
4636
4685
|
# require_lowercase: false,
|
4637
4686
|
# require_numbers: false,
|
4638
4687
|
# require_symbols: false,
|
4688
|
+
# password_history_size: 1,
|
4639
4689
|
# temporary_password_validity_days: 1,
|
4640
4690
|
# },
|
4641
4691
|
# },
|
@@ -4731,6 +4781,9 @@ module Aws::CognitoIdentityProvider
|
|
4731
4781
|
# ],
|
4732
4782
|
# user_pool_add_ons: {
|
4733
4783
|
# advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
|
4784
|
+
# advanced_security_additional_flows: {
|
4785
|
+
# custom_auth_mode: "AUDIT", # accepts AUDIT, ENFORCED
|
4786
|
+
# },
|
4734
4787
|
# },
|
4735
4788
|
# username_configuration: {
|
4736
4789
|
# case_sensitive: false, # required
|
@@ -4754,6 +4807,7 @@ module Aws::CognitoIdentityProvider
|
|
4754
4807
|
# resp.user_pool.policies.password_policy.require_lowercase #=> Boolean
|
4755
4808
|
# resp.user_pool.policies.password_policy.require_numbers #=> Boolean
|
4756
4809
|
# resp.user_pool.policies.password_policy.require_symbols #=> Boolean
|
4810
|
+
# resp.user_pool.policies.password_policy.password_history_size #=> Integer
|
4757
4811
|
# resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
|
4758
4812
|
# resp.user_pool.deletion_protection #=> String, one of "ACTIVE", "INACTIVE"
|
4759
4813
|
# resp.user_pool.lambda_config.pre_sign_up #=> String
|
@@ -4828,6 +4882,7 @@ module Aws::CognitoIdentityProvider
|
|
4828
4882
|
# resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
|
4829
4883
|
# resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
|
4830
4884
|
# resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
|
4885
|
+
# resp.user_pool.user_pool_add_ons.advanced_security_additional_flows.custom_auth_mode #=> String, one of "AUDIT", "ENFORCED"
|
4831
4886
|
# resp.user_pool.username_configuration.case_sensitive #=> Boolean
|
4832
4887
|
# resp.user_pool.arn #=> String
|
4833
4888
|
# resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
|
@@ -4938,9 +4993,9 @@ module Aws::CognitoIdentityProvider
|
|
4938
4993
|
# are hours.
|
4939
4994
|
#
|
4940
4995
|
# @option params [Array<String>] :read_attributes
|
4941
|
-
# The list of user attributes that you want your app client to have
|
4942
|
-
#
|
4943
|
-
#
|
4996
|
+
# The list of user attributes that you want your app client to have read
|
4997
|
+
# access to. After your user authenticates in your app, their access
|
4998
|
+
# token authorizes them to read their own attribute value for any
|
4944
4999
|
# attribute in this list. An example of this kind of activity is when
|
4945
5000
|
# your user selects a link to view their profile information. Your app
|
4946
5001
|
# makes a [GetUser][1] API request to retrieve and display your user's
|
@@ -4948,11 +5003,11 @@ module Aws::CognitoIdentityProvider
|
|
4948
5003
|
#
|
4949
5004
|
# When you don't specify the `ReadAttributes` for your app client, your
|
4950
5005
|
# app can read the values of `email_verified`, `phone_number_verified`,
|
4951
|
-
# and the Standard attributes of your user pool. When your user pool
|
4952
|
-
# read access to these default attributes, `ReadAttributes`
|
4953
|
-
# return any information. Amazon Cognito only populates
|
4954
|
-
# in the API response if you have specified your own
|
4955
|
-
# attributes.
|
5006
|
+
# and the Standard attributes of your user pool. When your user pool app
|
5007
|
+
# client has read access to these default attributes, `ReadAttributes`
|
5008
|
+
# doesn't return any information. Amazon Cognito only populates
|
5009
|
+
# `ReadAttributes` in the API response if you have specified your own
|
5010
|
+
# custom set of read attributes.
|
4956
5011
|
#
|
4957
5012
|
#
|
4958
5013
|
#
|
@@ -5163,6 +5218,8 @@ module Aws::CognitoIdentityProvider
|
|
5163
5218
|
# * `LEGACY` - This represents the early behavior of Amazon Cognito
|
5164
5219
|
# where user existence related errors aren't prevented.
|
5165
5220
|
#
|
5221
|
+
# Defaults to `LEGACY` when you don't provide a value.
|
5222
|
+
#
|
5166
5223
|
# @option params [Boolean] :enable_token_revocation
|
5167
5224
|
# Activates or deactivates token revocation. For more information about
|
5168
5225
|
# revoking tokens, see [RevokeToken][1].
|
@@ -5959,6 +6016,7 @@ module Aws::CognitoIdentityProvider
|
|
5959
6016
|
# resp.user_pool.policies.password_policy.require_lowercase #=> Boolean
|
5960
6017
|
# resp.user_pool.policies.password_policy.require_numbers #=> Boolean
|
5961
6018
|
# resp.user_pool.policies.password_policy.require_symbols #=> Boolean
|
6019
|
+
# resp.user_pool.policies.password_policy.password_history_size #=> Integer
|
5962
6020
|
# resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
|
5963
6021
|
# resp.user_pool.deletion_protection #=> String, one of "ACTIVE", "INACTIVE"
|
5964
6022
|
# resp.user_pool.lambda_config.pre_sign_up #=> String
|
@@ -6033,6 +6091,7 @@ module Aws::CognitoIdentityProvider
|
|
6033
6091
|
# resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
|
6034
6092
|
# resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
|
6035
6093
|
# resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
|
6094
|
+
# resp.user_pool.user_pool_add_ons.advanced_security_additional_flows.custom_auth_mode #=> String, one of "AUDIT", "ENFORCED"
|
6036
6095
|
# resp.user_pool.username_configuration.case_sensitive #=> Boolean
|
6037
6096
|
# resp.user_pool.arn #=> String
|
6038
6097
|
# resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
|
@@ -6256,8 +6315,8 @@ module Aws::CognitoIdentityProvider
|
|
6256
6315
|
# sign in.
|
6257
6316
|
#
|
6258
6317
|
# If you have never used SMS text messages with Amazon Cognito or any
|
6259
|
-
# other Amazon Web
|
6260
|
-
# place your account in the SMS sandbox. In <i> <a
|
6318
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
6319
|
+
# might place your account in the SMS sandbox. In <i> <a
|
6261
6320
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
6262
6321
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
6263
6322
|
# After you test your app while in the sandbox environment, you can move
|
@@ -6548,11 +6607,11 @@ module Aws::CognitoIdentityProvider
|
|
6548
6607
|
req.send_request(options)
|
6549
6608
|
end
|
6550
6609
|
|
6551
|
-
# Gets the
|
6610
|
+
# Gets the logging configuration of a user pool.
|
6552
6611
|
#
|
6553
6612
|
# @option params [required, String] :user_pool_id
|
6554
|
-
# The ID of the user pool
|
6555
|
-
#
|
6613
|
+
# The ID of the user pool that has the logging configuration that you
|
6614
|
+
# want to view.
|
6556
6615
|
#
|
6557
6616
|
# @return [Types::GetLogDeliveryConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6558
6617
|
#
|
@@ -6568,9 +6627,11 @@ module Aws::CognitoIdentityProvider
|
|
6568
6627
|
#
|
6569
6628
|
# resp.log_delivery_configuration.user_pool_id #=> String
|
6570
6629
|
# resp.log_delivery_configuration.log_configurations #=> Array
|
6571
|
-
# resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR"
|
6572
|
-
# resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification"
|
6630
|
+
# resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR", "INFO"
|
6631
|
+
# resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification", "userAuthEvents"
|
6573
6632
|
# resp.log_delivery_configuration.log_configurations[0].cloud_watch_logs_configuration.log_group_arn #=> String
|
6633
|
+
# resp.log_delivery_configuration.log_configurations[0].s3_configuration.bucket_arn #=> String
|
6634
|
+
# resp.log_delivery_configuration.log_configurations[0].firehose_configuration.stream_arn #=> String
|
6574
6635
|
#
|
6575
6636
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfiguration AWS API Documentation
|
6576
6637
|
#
|
@@ -6742,8 +6803,8 @@ module Aws::CognitoIdentityProvider
|
|
6742
6803
|
# sign in.
|
6743
6804
|
#
|
6744
6805
|
# If you have never used SMS text messages with Amazon Cognito or any
|
6745
|
-
# other Amazon Web
|
6746
|
-
# place your account in the SMS sandbox. In <i> <a
|
6806
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
6807
|
+
# might place your account in the SMS sandbox. In <i> <a
|
6747
6808
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
6748
6809
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
6749
6810
|
# After you test your app while in the sandbox environment, you can move
|
@@ -6842,6 +6903,7 @@ module Aws::CognitoIdentityProvider
|
|
6842
6903
|
#
|
6843
6904
|
# * {Types::GetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
|
6844
6905
|
# * {Types::GetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
|
6906
|
+
# * {Types::GetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
|
6845
6907
|
# * {Types::GetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
|
6846
6908
|
#
|
6847
6909
|
# @example Request syntax with placeholder values
|
@@ -6857,6 +6919,8 @@ module Aws::CognitoIdentityProvider
|
|
6857
6919
|
# resp.sms_mfa_configuration.sms_configuration.external_id #=> String
|
6858
6920
|
# resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
|
6859
6921
|
# resp.software_token_mfa_configuration.enabled #=> Boolean
|
6922
|
+
# resp.email_mfa_configuration.message #=> String
|
6923
|
+
# resp.email_mfa_configuration.subject #=> String
|
6860
6924
|
# resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
|
6861
6925
|
#
|
6862
6926
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserPoolMfaConfig AWS API Documentation
|
@@ -6955,8 +7019,8 @@ module Aws::CognitoIdentityProvider
|
|
6955
7019
|
# sign in.
|
6956
7020
|
#
|
6957
7021
|
# If you have never used SMS text messages with Amazon Cognito or any
|
6958
|
-
# other Amazon Web
|
6959
|
-
# place your account in the SMS sandbox. In <i> <a
|
7022
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
7023
|
+
# might place your account in the SMS sandbox. In <i> <a
|
6960
7024
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
6961
7025
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
6962
7026
|
# After you test your app while in the sandbox environment, you can move
|
@@ -7174,7 +7238,7 @@ module Aws::CognitoIdentityProvider
|
|
7174
7238
|
#
|
7175
7239
|
# @example Response structure
|
7176
7240
|
#
|
7177
|
-
# resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
|
7241
|
+
# resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
|
7178
7242
|
# resp.session #=> String
|
7179
7243
|
# resp.challenge_parameters #=> Hash
|
7180
7244
|
# resp.challenge_parameters["StringType"] #=> String
|
@@ -8045,8 +8109,8 @@ module Aws::CognitoIdentityProvider
|
|
8045
8109
|
# sign in.
|
8046
8110
|
#
|
8047
8111
|
# If you have never used SMS text messages with Amazon Cognito or any
|
8048
|
-
# other Amazon Web
|
8049
|
-
# place your account in the SMS sandbox. In <i> <a
|
8112
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
8113
|
+
# might place your account in the SMS sandbox. In <i> <a
|
8050
8114
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
8051
8115
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
8052
8116
|
# After you test your app while in the sandbox environment, you can move
|
@@ -8191,8 +8255,8 @@ module Aws::CognitoIdentityProvider
|
|
8191
8255
|
# sign in.
|
8192
8256
|
#
|
8193
8257
|
# If you have never used SMS text messages with Amazon Cognito or any
|
8194
|
-
# other Amazon Web
|
8195
|
-
# place your account in the SMS sandbox. In <i> <a
|
8258
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
8259
|
+
# might place your account in the SMS sandbox. In <i> <a
|
8196
8260
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
8197
8261
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
8198
8262
|
# After you test your app while in the sandbox environment, you can move
|
@@ -8240,11 +8304,21 @@ module Aws::CognitoIdentityProvider
|
|
8240
8304
|
# SMS\_MFA
|
8241
8305
|
#
|
8242
8306
|
# : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
|
8243
|
-
# "[
|
8307
|
+
# "[code]", "USERNAME": "[username]"\}`
|
8308
|
+
#
|
8309
|
+
# EMAIL\_OTP
|
8310
|
+
#
|
8311
|
+
# : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
|
8312
|
+
# \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
|
8244
8313
|
#
|
8245
8314
|
# PASSWORD\_VERIFIER
|
8246
8315
|
#
|
8247
|
-
# :
|
8316
|
+
# : This challenge response is part of the SRP flow. Amazon Cognito
|
8317
|
+
# requires that your application respond to this challenge within a
|
8318
|
+
# few seconds. When the response time exceeds this period, your user
|
8319
|
+
# pool returns a `NotAuthorizedException` error.
|
8320
|
+
#
|
8321
|
+
# `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
|
8248
8322
|
# \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
|
8249
8323
|
# "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
|
8250
8324
|
# [timestamp], "USERNAME": "[username]"\}`
|
@@ -8379,7 +8453,7 @@ module Aws::CognitoIdentityProvider
|
|
8379
8453
|
#
|
8380
8454
|
# resp = client.respond_to_auth_challenge({
|
8381
8455
|
# client_id: "ClientIdType", # required
|
8382
|
-
# challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
|
8456
|
+
# challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
|
8383
8457
|
# session: "SessionType",
|
8384
8458
|
# challenge_responses: {
|
8385
8459
|
# "StringType" => "StringType",
|
@@ -8398,7 +8472,7 @@ module Aws::CognitoIdentityProvider
|
|
8398
8472
|
#
|
8399
8473
|
# @example Response structure
|
8400
8474
|
#
|
8401
|
-
# resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
|
8475
|
+
# resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
|
8402
8476
|
# resp.session #=> String
|
8403
8477
|
# resp.challenge_parameters #=> Hash
|
8404
8478
|
# resp.challenge_parameters["StringType"] #=> String
|
@@ -8466,16 +8540,15 @@ module Aws::CognitoIdentityProvider
|
|
8466
8540
|
req.send_request(options)
|
8467
8541
|
end
|
8468
8542
|
|
8469
|
-
# Sets up or modifies the
|
8470
|
-
# user
|
8543
|
+
# Sets up or modifies the logging configuration of a user pool. User
|
8544
|
+
# pools can export user notification logs and advanced security features
|
8545
|
+
# user activity logs.
|
8471
8546
|
#
|
8472
8547
|
# @option params [required, String] :user_pool_id
|
8473
|
-
# The ID of the user pool where you want to configure
|
8474
|
-
# logging .
|
8548
|
+
# The ID of the user pool where you want to configure logging.
|
8475
8549
|
#
|
8476
8550
|
# @option params [required, Array<Types::LogConfigurationType>] :log_configurations
|
8477
|
-
# A collection of
|
8478
|
-
# for a user pool.
|
8551
|
+
# A collection of the logging configurations for a user pool.
|
8479
8552
|
#
|
8480
8553
|
# @return [Types::SetLogDeliveryConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8481
8554
|
#
|
@@ -8487,11 +8560,17 @@ module Aws::CognitoIdentityProvider
|
|
8487
8560
|
# user_pool_id: "UserPoolIdType", # required
|
8488
8561
|
# log_configurations: [ # required
|
8489
8562
|
# {
|
8490
|
-
# log_level: "ERROR", # required, accepts ERROR
|
8491
|
-
# event_source: "userNotification", # required, accepts userNotification
|
8563
|
+
# log_level: "ERROR", # required, accepts ERROR, INFO
|
8564
|
+
# event_source: "userNotification", # required, accepts userNotification, userAuthEvents
|
8492
8565
|
# cloud_watch_logs_configuration: {
|
8493
8566
|
# log_group_arn: "ArnType",
|
8494
8567
|
# },
|
8568
|
+
# s3_configuration: {
|
8569
|
+
# bucket_arn: "S3ArnType",
|
8570
|
+
# },
|
8571
|
+
# firehose_configuration: {
|
8572
|
+
# stream_arn: "ArnType",
|
8573
|
+
# },
|
8495
8574
|
# },
|
8496
8575
|
# ],
|
8497
8576
|
# })
|
@@ -8500,9 +8579,11 @@ module Aws::CognitoIdentityProvider
|
|
8500
8579
|
#
|
8501
8580
|
# resp.log_delivery_configuration.user_pool_id #=> String
|
8502
8581
|
# resp.log_delivery_configuration.log_configurations #=> Array
|
8503
|
-
# resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR"
|
8504
|
-
# resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification"
|
8582
|
+
# resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR", "INFO"
|
8583
|
+
# resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification", "userAuthEvents"
|
8505
8584
|
# resp.log_delivery_configuration.log_configurations[0].cloud_watch_logs_configuration.log_group_arn #=> String
|
8585
|
+
# resp.log_delivery_configuration.log_configurations[0].s3_configuration.bucket_arn #=> String
|
8586
|
+
# resp.log_delivery_configuration.log_configurations[0].firehose_configuration.stream_arn #=> String
|
8506
8587
|
#
|
8507
8588
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfiguration AWS API Documentation
|
8508
8589
|
#
|
@@ -8727,10 +8808,24 @@ module Aws::CognitoIdentityProvider
|
|
8727
8808
|
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
|
8728
8809
|
#
|
8729
8810
|
# @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
|
8730
|
-
#
|
8811
|
+
# User preferences for SMS message MFA. Activates or deactivates SMS MFA
|
8812
|
+
# and sets it as the preferred MFA method when multiple methods are
|
8813
|
+
# available.
|
8731
8814
|
#
|
8732
8815
|
# @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
|
8733
|
-
#
|
8816
|
+
# User preferences for time-based one-time password (TOTP) MFA.
|
8817
|
+
# Activates or deactivates TOTP MFA and sets it as the preferred MFA
|
8818
|
+
# method when multiple methods are available.
|
8819
|
+
#
|
8820
|
+
# @option params [Types::EmailMfaSettingsType] :email_mfa_settings
|
8821
|
+
# User preferences for email message MFA. Activates or deactivates email
|
8822
|
+
# MFA and sets it as the preferred MFA method when multiple methods are
|
8823
|
+
# available. To activate this setting, [ advanced security features][1]
|
8824
|
+
# must be active in your user pool.
|
8825
|
+
#
|
8826
|
+
#
|
8827
|
+
#
|
8828
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
8734
8829
|
#
|
8735
8830
|
# @option params [required, String] :access_token
|
8736
8831
|
# A valid access token that Amazon Cognito issued to the user whose MFA
|
@@ -8749,6 +8844,10 @@ module Aws::CognitoIdentityProvider
|
|
8749
8844
|
# enabled: false,
|
8750
8845
|
# preferred_mfa: false,
|
8751
8846
|
# },
|
8847
|
+
# email_mfa_settings: {
|
8848
|
+
# enabled: false,
|
8849
|
+
# preferred_mfa: false,
|
8850
|
+
# },
|
8752
8851
|
# access_token: "TokenModelType", # required
|
8753
8852
|
# })
|
8754
8853
|
#
|
@@ -8773,8 +8872,8 @@ module Aws::CognitoIdentityProvider
|
|
8773
8872
|
# sign in.
|
8774
8873
|
#
|
8775
8874
|
# If you have never used SMS text messages with Amazon Cognito or any
|
8776
|
-
# other Amazon Web
|
8777
|
-
# place your account in the SMS sandbox. In <i> <a
|
8875
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
8876
|
+
# might place your account in the SMS sandbox. In <i> <a
|
8778
8877
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
8779
8878
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
8780
8879
|
# After you test your app while in the sandbox environment, you can move
|
@@ -8793,10 +8892,22 @@ module Aws::CognitoIdentityProvider
|
|
8793
8892
|
# The user pool ID.
|
8794
8893
|
#
|
8795
8894
|
# @option params [Types::SmsMfaConfigType] :sms_mfa_configuration
|
8796
|
-
#
|
8895
|
+
# Configures user pool SMS messages for MFA. Sets the message template
|
8896
|
+
# and the SMS message sending configuration for Amazon SNS.
|
8797
8897
|
#
|
8798
8898
|
# @option params [Types::SoftwareTokenMfaConfigType] :software_token_mfa_configuration
|
8799
|
-
#
|
8899
|
+
# Configures a user pool for time-based one-time password (TOTP) MFA.
|
8900
|
+
# Enables or disables TOTP.
|
8901
|
+
#
|
8902
|
+
# @option params [Types::EmailMfaConfigType] :email_mfa_configuration
|
8903
|
+
# Configures user pool email messages for MFA. Sets the subject and body
|
8904
|
+
# of the email message template for MFA messages. To activate this
|
8905
|
+
# setting, [ advanced security features][1] must be active in your user
|
8906
|
+
# pool.
|
8907
|
+
#
|
8908
|
+
#
|
8909
|
+
#
|
8910
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
8800
8911
|
#
|
8801
8912
|
# @option params [String] :mfa_configuration
|
8802
8913
|
# The MFA configuration. If you set the MfaConfiguration value to ‘ON’,
|
@@ -8819,6 +8930,7 @@ module Aws::CognitoIdentityProvider
|
|
8819
8930
|
#
|
8820
8931
|
# * {Types::SetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
|
8821
8932
|
# * {Types::SetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
|
8933
|
+
# * {Types::SetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
|
8822
8934
|
# * {Types::SetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
|
8823
8935
|
#
|
8824
8936
|
# @example Request syntax with placeholder values
|
@@ -8836,6 +8948,10 @@ module Aws::CognitoIdentityProvider
|
|
8836
8948
|
# software_token_mfa_configuration: {
|
8837
8949
|
# enabled: false,
|
8838
8950
|
# },
|
8951
|
+
# email_mfa_configuration: {
|
8952
|
+
# message: "EmailMfaMessageType",
|
8953
|
+
# subject: "EmailMfaSubjectType",
|
8954
|
+
# },
|
8839
8955
|
# mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
|
8840
8956
|
# })
|
8841
8957
|
#
|
@@ -8846,6 +8962,8 @@ module Aws::CognitoIdentityProvider
|
|
8846
8962
|
# resp.sms_mfa_configuration.sms_configuration.external_id #=> String
|
8847
8963
|
# resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
|
8848
8964
|
# resp.software_token_mfa_configuration.enabled #=> Boolean
|
8965
|
+
# resp.email_mfa_configuration.message #=> String
|
8966
|
+
# resp.email_mfa_configuration.subject #=> String
|
8849
8967
|
# resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
|
8850
8968
|
#
|
8851
8969
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserPoolMfaConfig AWS API Documentation
|
@@ -8932,8 +9050,8 @@ module Aws::CognitoIdentityProvider
|
|
8932
9050
|
# sign in.
|
8933
9051
|
#
|
8934
9052
|
# If you have never used SMS text messages with Amazon Cognito or any
|
8935
|
-
# other Amazon Web
|
8936
|
-
# place your account in the SMS sandbox. In <i> <a
|
9053
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
9054
|
+
# might place your account in the SMS sandbox. In <i> <a
|
8937
9055
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
8938
9056
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
8939
9057
|
# After you test your app while in the sandbox environment, you can move
|
@@ -9743,8 +9861,8 @@ module Aws::CognitoIdentityProvider
|
|
9743
9861
|
# sign in.
|
9744
9862
|
#
|
9745
9863
|
# If you have never used SMS text messages with Amazon Cognito or any
|
9746
|
-
# other Amazon Web
|
9747
|
-
# place your account in the SMS sandbox. In <i> <a
|
9864
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
9865
|
+
# might place your account in the SMS sandbox. In <i> <a
|
9748
9866
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
9749
9867
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
9750
9868
|
# After you test your app while in the sandbox environment, you can move
|
@@ -9858,8 +9976,8 @@ module Aws::CognitoIdentityProvider
|
|
9858
9976
|
# sign in.
|
9859
9977
|
#
|
9860
9978
|
# If you have never used SMS text messages with Amazon Cognito or any
|
9861
|
-
# other Amazon Web
|
9862
|
-
# place your account in the SMS sandbox. In <i> <a
|
9979
|
+
# other Amazon Web Servicesservice, Amazon Simple Notification Service
|
9980
|
+
# might place your account in the SMS sandbox. In <i> <a
|
9863
9981
|
# href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
|
9864
9982
|
# mode</a> </i>, you can send messages only to verified phone numbers.
|
9865
9983
|
# After you test your app while in the sandbox environment, you can move
|
@@ -10050,6 +10168,7 @@ module Aws::CognitoIdentityProvider
|
|
10050
10168
|
# require_lowercase: false,
|
10051
10169
|
# require_numbers: false,
|
10052
10170
|
# require_symbols: false,
|
10171
|
+
# password_history_size: 1,
|
10053
10172
|
# temporary_password_validity_days: 1,
|
10054
10173
|
# },
|
10055
10174
|
# },
|
@@ -10126,6 +10245,9 @@ module Aws::CognitoIdentityProvider
|
|
10126
10245
|
# },
|
10127
10246
|
# user_pool_add_ons: {
|
10128
10247
|
# advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
|
10248
|
+
# advanced_security_additional_flows: {
|
10249
|
+
# custom_auth_mode: "AUDIT", # accepts AUDIT, ENFORCED
|
10250
|
+
# },
|
10129
10251
|
# },
|
10130
10252
|
# account_recovery_setting: {
|
10131
10253
|
# recovery_mechanisms: [
|
@@ -10243,9 +10365,9 @@ module Aws::CognitoIdentityProvider
|
|
10243
10365
|
# default for ID and access tokens is hours.
|
10244
10366
|
#
|
10245
10367
|
# @option params [Array<String>] :read_attributes
|
10246
|
-
# The list of user attributes that you want your app client to have
|
10247
|
-
#
|
10248
|
-
#
|
10368
|
+
# The list of user attributes that you want your app client to have read
|
10369
|
+
# access to. After your user authenticates in your app, their access
|
10370
|
+
# token authorizes them to read their own attribute value for any
|
10249
10371
|
# attribute in this list. An example of this kind of activity is when
|
10250
10372
|
# your user selects a link to view their profile information. Your app
|
10251
10373
|
# makes a [GetUser][1] API request to retrieve and display your user's
|
@@ -10253,11 +10375,11 @@ module Aws::CognitoIdentityProvider
|
|
10253
10375
|
#
|
10254
10376
|
# When you don't specify the `ReadAttributes` for your app client, your
|
10255
10377
|
# app can read the values of `email_verified`, `phone_number_verified`,
|
10256
|
-
# and the Standard attributes of your user pool. When your user pool
|
10257
|
-
# read access to these default attributes, `ReadAttributes`
|
10258
|
-
# return any information. Amazon Cognito only populates
|
10259
|
-
# in the API response if you have specified your own
|
10260
|
-
# attributes.
|
10378
|
+
# and the Standard attributes of your user pool. When your user pool app
|
10379
|
+
# client has read access to these default attributes, `ReadAttributes`
|
10380
|
+
# doesn't return any information. Amazon Cognito only populates
|
10381
|
+
# `ReadAttributes` in the API response if you have specified your own
|
10382
|
+
# custom set of read attributes.
|
10261
10383
|
#
|
10262
10384
|
#
|
10263
10385
|
#
|
@@ -10463,6 +10585,8 @@ module Aws::CognitoIdentityProvider
|
|
10463
10585
|
# * `LEGACY` - This represents the early behavior of Amazon Cognito
|
10464
10586
|
# where user existence related errors aren't prevented.
|
10465
10587
|
#
|
10588
|
+
# Defaults to `LEGACY` when you don't provide a value.
|
10589
|
+
#
|
10466
10590
|
# @option params [Boolean] :enable_token_revocation
|
10467
10591
|
# Activates or deactivates token revocation. For more information about
|
10468
10592
|
# revoking tokens, see [RevokeToken][1].
|
@@ -10801,14 +10925,19 @@ module Aws::CognitoIdentityProvider
|
|
10801
10925
|
# @api private
|
10802
10926
|
def build_request(operation_name, params = {})
|
10803
10927
|
handlers = @handlers.for(operation_name)
|
10928
|
+
tracer = config.telemetry_provider.tracer_provider.tracer(
|
10929
|
+
Aws::Telemetry.module_to_tracer_name('Aws::CognitoIdentityProvider')
|
10930
|
+
)
|
10804
10931
|
context = Seahorse::Client::RequestContext.new(
|
10805
10932
|
operation_name: operation_name,
|
10806
10933
|
operation: config.api.operation(operation_name),
|
10807
10934
|
client: self,
|
10808
10935
|
params: params,
|
10809
|
-
config: config
|
10936
|
+
config: config,
|
10937
|
+
tracer: tracer
|
10938
|
+
)
|
10810
10939
|
context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
|
10811
|
-
context[:gem_version] = '1.
|
10940
|
+
context[:gem_version] = '1.107.0'
|
10812
10941
|
Seahorse::Client::Request.new(handlers, context)
|
10813
10942
|
end
|
10814
10943
|
|