aws-sdk-cognitoidentityprovider 1.97.0 → 1.107.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -32,11 +32,10 @@ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
32
32
  require 'aws-sdk-core/plugins/request_compression.rb'
33
33
  require 'aws-sdk-core/plugins/defaults_mode.rb'
34
34
  require 'aws-sdk-core/plugins/recursion_detection.rb'
35
+ require 'aws-sdk-core/plugins/telemetry.rb'
35
36
  require 'aws-sdk-core/plugins/sign.rb'
36
37
  require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
37
38
 
38
- Aws::Plugins::GlobalConfiguration.add_identifier(:cognitoidentityprovider)
39
-
40
39
  module Aws::CognitoIdentityProvider
41
40
  # An API client for CognitoIdentityProvider. To construct a client, you need to configure a `:region` and `:credentials`.
42
41
  #
@@ -83,6 +82,7 @@ module Aws::CognitoIdentityProvider
83
82
  add_plugin(Aws::Plugins::RequestCompression)
84
83
  add_plugin(Aws::Plugins::DefaultsMode)
85
84
  add_plugin(Aws::Plugins::RecursionDetection)
85
+ add_plugin(Aws::Plugins::Telemetry)
86
86
  add_plugin(Aws::Plugins::Sign)
87
87
  add_plugin(Aws::Plugins::Protocols::JsonRpc)
88
88
  add_plugin(Aws::CognitoIdentityProvider::Plugins::Endpoints)
@@ -128,13 +128,15 @@ module Aws::CognitoIdentityProvider
128
128
  # locations will be searched for credentials:
129
129
  #
130
130
  # * `Aws.config[:credentials]`
131
- # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
132
- # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
131
+ # * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
132
+ # `:account_id` options.
133
+ # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
134
+ # ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
133
135
  # * `~/.aws/credentials`
134
136
  # * `~/.aws/config`
135
137
  # * EC2/ECS IMDS instance profile - When used by default, the timeouts
136
138
  # are very aggressive. Construct and pass an instance of
137
- # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
139
+ # `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
138
140
  # enable retries and extended timeouts. Instance profile credential
139
141
  # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
140
142
  # to true.
@@ -153,6 +155,8 @@ module Aws::CognitoIdentityProvider
153
155
  #
154
156
  # @option options [String] :access_key_id
155
157
  #
158
+ # @option options [String] :account_id
159
+ #
156
160
  # @option options [Boolean] :active_endpoint_cache (false)
157
161
  # When set to `true`, a thread polling for endpoints will be running in
158
162
  # the background every 60 secs (default). Defaults to `false`.
@@ -337,6 +341,16 @@ module Aws::CognitoIdentityProvider
337
341
  # ** Please note ** When response stubbing is enabled, no HTTP
338
342
  # requests are made, and retries are disabled.
339
343
  #
344
+ # @option options [Aws::Telemetry::TelemetryProviderBase] :telemetry_provider (Aws::Telemetry::NoOpTelemetryProvider)
345
+ # Allows you to provide a telemetry provider, which is used to
346
+ # emit telemetry data. By default, uses `NoOpTelemetryProvider` which
347
+ # will not record or emit any telemetry data. The SDK supports the
348
+ # following telemetry providers:
349
+ #
350
+ # * OpenTelemetry (OTel) - To use the OTel provider, install and require the
351
+ # `opentelemetry-sdk` gem and then, pass in an instance of a
352
+ # `Aws::Telemetry::OTelProvider` for telemetry provider.
353
+ #
340
354
  # @option options [Aws::TokenProvider] :token_provider
341
355
  # A Bearer Token Provider. This can be an instance of any one of the
342
356
  # following classes:
@@ -364,7 +378,9 @@ module Aws::CognitoIdentityProvider
364
378
  # sending the request.
365
379
  #
366
380
  # @option options [Aws::CognitoIdentityProvider::EndpointProvider] :endpoint_provider
367
- # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::CognitoIdentityProvider::EndpointParameters`
381
+ # The endpoint provider used to resolve endpoints. Any object that responds to
382
+ # `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
383
+ # `Aws::CognitoIdentityProvider::EndpointParameters`.
368
384
  #
369
385
  # @option options [Float] :http_continue_timeout (1)
370
386
  # The number of seconds to wait for a 100-continue response before sending the
@@ -420,6 +436,12 @@ module Aws::CognitoIdentityProvider
420
436
  # @option options [String] :ssl_ca_store
421
437
  # Sets the X509::Store to verify peer certificate.
422
438
  #
439
+ # @option options [OpenSSL::X509::Certificate] :ssl_cert
440
+ # Sets a client certificate when creating http connections.
441
+ #
442
+ # @option options [OpenSSL::PKey] :ssl_key
443
+ # Sets a client key when creating http connections.
444
+ #
423
445
  # @option options [Float] :ssl_timeout
424
446
  # Sets the SSL timeout in seconds
425
447
  #
@@ -547,18 +569,14 @@ module Aws::CognitoIdentityProvider
547
569
  req.send_request(options)
548
570
  end
549
571
 
550
- # This IAM-authenticated API operation provides a code that Amazon
551
- # Cognito sent to your user when they signed up in your user pool. After
552
- # your user enters their code, they confirm ownership of the email
553
- # address or phone number that they provided, and their user account
554
- # becomes active. Depending on your user pool configuration, your users
555
- # will receive their confirmation code in an email or SMS message.
572
+ # This IAM-authenticated API operation confirms user sign-up as an
573
+ # administrator. Unlike [ConfirmSignUp][1], your IAM credentials
574
+ # authorize user account confirmation. No confirmation code is required.
556
575
  #
557
- # Local users who signed up in your user pool are the only type of user
558
- # who can confirm sign-up with a code. Users who federate through an
559
- # external identity provider (IdP) have already been confirmed by their
560
- # IdP. Administrator-created users confirm their accounts when they
561
- # respond to their invitation email message and choose a password.
576
+ # This request sets a user account active in a user pool that [requires
577
+ # confirmation of new user accounts][2] before they can sign in. You can
578
+ # configure your user pool to not send confirmation codes to new users
579
+ # and instead confirm them with this API operation on the back end.
562
580
  #
563
581
  # <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
564
582
  # in requests for this API operation. For this operation, you must use
@@ -567,16 +585,18 @@ module Aws::CognitoIdentityProvider
567
585
  #
568
586
  # **Learn more**
569
587
  #
570
- # * [Signing Amazon Web Services API Requests][1]
588
+ # * [Signing Amazon Web Services API Requests][3]
571
589
  #
572
- # * [Using the Amazon Cognito user pools API and user pool endpoints][2]
590
+ # * [Using the Amazon Cognito user pools API and user pool endpoints][4]
573
591
  #
574
592
  # </note>
575
593
  #
576
594
  #
577
595
  #
578
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
579
- # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
596
+ # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html
597
+ # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#signing-up-users-in-your-app-and-confirming-them-as-admin
598
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
599
+ # [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
580
600
  #
581
601
  # @option params [required, String] :user_pool_id
582
602
  # The user pool ID for which you want to confirm user registration.
@@ -660,8 +680,8 @@ module Aws::CognitoIdentityProvider
660
680
  # sign in.
661
681
  #
662
682
  # If you have never used SMS text messages with Amazon Cognito or any
663
- # other Amazon Web Service, Amazon Simple Notification Service might
664
- # place your account in the SMS sandbox. In <i> <a
683
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
684
+ # might place your account in the SMS sandbox. In <i> <a
665
685
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
666
686
  # mode</a> </i>, you can send messages only to verified phone numbers.
667
687
  # After you test your app while in the sandbox environment, you can move
@@ -1458,8 +1478,8 @@ module Aws::CognitoIdentityProvider
1458
1478
  # sign in.
1459
1479
  #
1460
1480
  # If you have never used SMS text messages with Amazon Cognito or any
1461
- # other Amazon Web Service, Amazon Simple Notification Service might
1462
- # place your account in the SMS sandbox. In <i> <a
1481
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
1482
+ # might place your account in the SMS sandbox. In <i> <a
1463
1483
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
1464
1484
  # mode</a> </i>, you can send messages only to verified phone numbers.
1465
1485
  # After you test your app while in the sandbox environment, you can move
@@ -1669,7 +1689,7 @@ module Aws::CognitoIdentityProvider
1669
1689
  #
1670
1690
  # @example Response structure
1671
1691
  #
1672
- # resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
1692
+ # resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
1673
1693
  # resp.session #=> String
1674
1694
  # resp.challenge_parameters #=> Hash
1675
1695
  # resp.challenge_parameters["StringType"] #=> String
@@ -2119,8 +2139,8 @@ module Aws::CognitoIdentityProvider
2119
2139
  # sign in.
2120
2140
  #
2121
2141
  # If you have never used SMS text messages with Amazon Cognito or any
2122
- # other Amazon Web Service, Amazon Simple Notification Service might
2123
- # place your account in the SMS sandbox. In <i> <a
2142
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
2143
+ # might place your account in the SMS sandbox. In <i> <a
2124
2144
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
2125
2145
  # mode</a> </i>, you can send messages only to verified phone numbers.
2126
2146
  # After you test your app while in the sandbox environment, you can move
@@ -2250,8 +2270,8 @@ module Aws::CognitoIdentityProvider
2250
2270
  # sign in.
2251
2271
  #
2252
2272
  # If you have never used SMS text messages with Amazon Cognito or any
2253
- # other Amazon Web Service, Amazon Simple Notification Service might
2254
- # place your account in the SMS sandbox. In <i> <a
2273
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
2274
+ # might place your account in the SMS sandbox. In <i> <a
2255
2275
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
2256
2276
  # mode</a> </i>, you can send messages only to verified phone numbers.
2257
2277
  # After you test your app while in the sandbox environment, you can move
@@ -2307,11 +2327,21 @@ module Aws::CognitoIdentityProvider
2307
2327
  # SMS\_MFA
2308
2328
  #
2309
2329
  # : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
2310
- # "[SMS_code]", "USERNAME": "[username]"\}`
2330
+ # "[code]", "USERNAME": "[username]"\}`
2331
+ #
2332
+ # EMAIL\_OTP
2333
+ #
2334
+ # : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
2335
+ # \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
2311
2336
  #
2312
2337
  # PASSWORD\_VERIFIER
2313
2338
  #
2314
- # : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
2339
+ # : This challenge response is part of the SRP flow. Amazon Cognito
2340
+ # requires that your application respond to this challenge within a
2341
+ # few seconds. When the response time exceeds this period, your user
2342
+ # pool returns a `NotAuthorizedException` error.
2343
+ #
2344
+ # `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
2315
2345
  # \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
2316
2346
  # "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
2317
2347
  # [timestamp], "USERNAME": "[username]"\}`
@@ -2470,7 +2500,7 @@ module Aws::CognitoIdentityProvider
2470
2500
  # resp = client.admin_respond_to_auth_challenge({
2471
2501
  # user_pool_id: "UserPoolIdType", # required
2472
2502
  # client_id: "ClientIdType", # required
2473
- # challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
2503
+ # challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
2474
2504
  # challenge_responses: {
2475
2505
  # "StringType" => "StringType",
2476
2506
  # },
@@ -2497,7 +2527,7 @@ module Aws::CognitoIdentityProvider
2497
2527
  #
2498
2528
  # @example Response structure
2499
2529
  #
2500
- # resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
2530
+ # resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
2501
2531
  # resp.session #=> String
2502
2532
  # resp.challenge_parameters #=> Hash
2503
2533
  # resp.challenge_parameters["StringType"] #=> String
@@ -2518,12 +2548,12 @@ module Aws::CognitoIdentityProvider
2518
2548
  req.send_request(options)
2519
2549
  end
2520
2550
 
2521
- # The user's multi-factor authentication (MFA) preference, including
2522
- # which MFA options are activated, and if any are preferred. Only one
2523
- # factor can be set as preferred. The preferred MFA factor will be used
2524
- # to authenticate a user if multiple factors are activated. If multiple
2525
- # options are activated and no preference is set, a challenge to choose
2526
- # an MFA option will be returned during sign-in.
2551
+ # Sets the user's multi-factor authentication (MFA) preference,
2552
+ # including which MFA options are activated, and if any are preferred.
2553
+ # Only one factor can be set as preferred. The preferred MFA factor will
2554
+ # be used to authenticate a user if multiple factors are activated. If
2555
+ # multiple options are activated and no preference is set, a challenge
2556
+ # to choose an MFA option will be returned during sign-in.
2527
2557
  #
2528
2558
  # <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
2529
2559
  # in requests for this API operation. For this operation, you must use
@@ -2544,10 +2574,24 @@ module Aws::CognitoIdentityProvider
2544
2574
  # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2545
2575
  #
2546
2576
  # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
2547
- # The SMS text message MFA settings.
2577
+ # User preferences for SMS message MFA. Activates or deactivates SMS MFA
2578
+ # and sets it as the preferred MFA method when multiple methods are
2579
+ # available.
2548
2580
  #
2549
2581
  # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
2550
- # The time-based one-time password software token MFA settings.
2582
+ # User preferences for time-based one-time password (TOTP) MFA.
2583
+ # Activates or deactivates TOTP MFA and sets it as the preferred MFA
2584
+ # method when multiple methods are available.
2585
+ #
2586
+ # @option params [Types::EmailMfaSettingsType] :email_mfa_settings
2587
+ # User preferences for email message MFA. Activates or deactivates email
2588
+ # MFA and sets it as the preferred MFA method when multiple methods are
2589
+ # available. To activate this setting, [ advanced security features][1]
2590
+ # must be active in your user pool.
2591
+ #
2592
+ #
2593
+ #
2594
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
2551
2595
  #
2552
2596
  # @option params [required, String] :username
2553
2597
  # The username of the user that you want to query or modify. The value
@@ -2557,7 +2601,8 @@ module Aws::CognitoIdentityProvider
2557
2601
  # username of a user from a third-party IdP.
2558
2602
  #
2559
2603
  # @option params [required, String] :user_pool_id
2560
- # The user pool ID.
2604
+ # The ID of the user pool where you want to set a user's MFA
2605
+ # preferences.
2561
2606
  #
2562
2607
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2563
2608
  #
@@ -2572,6 +2617,10 @@ module Aws::CognitoIdentityProvider
2572
2617
  # enabled: false,
2573
2618
  # preferred_mfa: false,
2574
2619
  # },
2620
+ # email_mfa_settings: {
2621
+ # enabled: false,
2622
+ # preferred_mfa: false,
2623
+ # },
2575
2624
  # username: "UsernameType", # required
2576
2625
  # user_pool_id: "UserPoolIdType", # required
2577
2626
  # })
@@ -2860,8 +2909,8 @@ module Aws::CognitoIdentityProvider
2860
2909
  # sign in.
2861
2910
  #
2862
2911
  # If you have never used SMS text messages with Amazon Cognito or any
2863
- # other Amazon Web Service, Amazon Simple Notification Service might
2864
- # place your account in the SMS sandbox. In <i> <a
2912
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
2913
+ # might place your account in the SMS sandbox. In <i> <a
2865
2914
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
2866
2915
  # mode</a> </i>, you can send messages only to verified phone numbers.
2867
2916
  # After you test your app while in the sandbox environment, you can move
@@ -3084,7 +3133,7 @@ module Aws::CognitoIdentityProvider
3084
3133
  # require MFA, the user can then authenticate with user name and
3085
3134
  # password credentials alone. If your user pool requires TOTP MFA,
3086
3135
  # Amazon Cognito generates an `MFA_SETUP` or `SOFTWARE_TOKEN_SETUP`
3087
- # challenge each time your user signs. Complete setup with
3136
+ # challenge each time your user signs in. Complete setup with
3088
3137
  # `AssociateSoftwareToken` and `VerifySoftwareToken`.
3089
3138
  #
3090
3139
  # After you set up software token MFA for your user, Amazon Cognito
@@ -3954,8 +4003,8 @@ module Aws::CognitoIdentityProvider
3954
4003
  # sign in.
3955
4004
  #
3956
4005
  # If you have never used SMS text messages with Amazon Cognito or any
3957
- # other Amazon Web Service, Amazon Simple Notification Service might
3958
- # place your account in the SMS sandbox. In <i> <a
4006
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
4007
+ # might place your account in the SMS sandbox. In <i> <a
3959
4008
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
3960
4009
  # mode</a> </i>, you can send messages only to verified phone numbers.
3961
4010
  # After you test your app while in the sandbox environment, you can move
@@ -4636,6 +4685,7 @@ module Aws::CognitoIdentityProvider
4636
4685
  # require_lowercase: false,
4637
4686
  # require_numbers: false,
4638
4687
  # require_symbols: false,
4688
+ # password_history_size: 1,
4639
4689
  # temporary_password_validity_days: 1,
4640
4690
  # },
4641
4691
  # },
@@ -4731,6 +4781,9 @@ module Aws::CognitoIdentityProvider
4731
4781
  # ],
4732
4782
  # user_pool_add_ons: {
4733
4783
  # advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
4784
+ # advanced_security_additional_flows: {
4785
+ # custom_auth_mode: "AUDIT", # accepts AUDIT, ENFORCED
4786
+ # },
4734
4787
  # },
4735
4788
  # username_configuration: {
4736
4789
  # case_sensitive: false, # required
@@ -4754,6 +4807,7 @@ module Aws::CognitoIdentityProvider
4754
4807
  # resp.user_pool.policies.password_policy.require_lowercase #=> Boolean
4755
4808
  # resp.user_pool.policies.password_policy.require_numbers #=> Boolean
4756
4809
  # resp.user_pool.policies.password_policy.require_symbols #=> Boolean
4810
+ # resp.user_pool.policies.password_policy.password_history_size #=> Integer
4757
4811
  # resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
4758
4812
  # resp.user_pool.deletion_protection #=> String, one of "ACTIVE", "INACTIVE"
4759
4813
  # resp.user_pool.lambda_config.pre_sign_up #=> String
@@ -4828,6 +4882,7 @@ module Aws::CognitoIdentityProvider
4828
4882
  # resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
4829
4883
  # resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
4830
4884
  # resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
4885
+ # resp.user_pool.user_pool_add_ons.advanced_security_additional_flows.custom_auth_mode #=> String, one of "AUDIT", "ENFORCED"
4831
4886
  # resp.user_pool.username_configuration.case_sensitive #=> Boolean
4832
4887
  # resp.user_pool.arn #=> String
4833
4888
  # resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
@@ -4938,9 +4993,9 @@ module Aws::CognitoIdentityProvider
4938
4993
  # are hours.
4939
4994
  #
4940
4995
  # @option params [Array<String>] :read_attributes
4941
- # The list of user attributes that you want your app client to have
4942
- # read-only access to. After your user authenticates in your app, their
4943
- # access token authorizes them to read their own attribute value for any
4996
+ # The list of user attributes that you want your app client to have read
4997
+ # access to. After your user authenticates in your app, their access
4998
+ # token authorizes them to read their own attribute value for any
4944
4999
  # attribute in this list. An example of this kind of activity is when
4945
5000
  # your user selects a link to view their profile information. Your app
4946
5001
  # makes a [GetUser][1] API request to retrieve and display your user's
@@ -4948,11 +5003,11 @@ module Aws::CognitoIdentityProvider
4948
5003
  #
4949
5004
  # When you don't specify the `ReadAttributes` for your app client, your
4950
5005
  # app can read the values of `email_verified`, `phone_number_verified`,
4951
- # and the Standard attributes of your user pool. When your user pool has
4952
- # read access to these default attributes, `ReadAttributes` doesn't
4953
- # return any information. Amazon Cognito only populates `ReadAttributes`
4954
- # in the API response if you have specified your own custom set of read
4955
- # attributes.
5006
+ # and the Standard attributes of your user pool. When your user pool app
5007
+ # client has read access to these default attributes, `ReadAttributes`
5008
+ # doesn't return any information. Amazon Cognito only populates
5009
+ # `ReadAttributes` in the API response if you have specified your own
5010
+ # custom set of read attributes.
4956
5011
  #
4957
5012
  #
4958
5013
  #
@@ -5163,6 +5218,8 @@ module Aws::CognitoIdentityProvider
5163
5218
  # * `LEGACY` - This represents the early behavior of Amazon Cognito
5164
5219
  # where user existence related errors aren't prevented.
5165
5220
  #
5221
+ # Defaults to `LEGACY` when you don't provide a value.
5222
+ #
5166
5223
  # @option params [Boolean] :enable_token_revocation
5167
5224
  # Activates or deactivates token revocation. For more information about
5168
5225
  # revoking tokens, see [RevokeToken][1].
@@ -5959,6 +6016,7 @@ module Aws::CognitoIdentityProvider
5959
6016
  # resp.user_pool.policies.password_policy.require_lowercase #=> Boolean
5960
6017
  # resp.user_pool.policies.password_policy.require_numbers #=> Boolean
5961
6018
  # resp.user_pool.policies.password_policy.require_symbols #=> Boolean
6019
+ # resp.user_pool.policies.password_policy.password_history_size #=> Integer
5962
6020
  # resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
5963
6021
  # resp.user_pool.deletion_protection #=> String, one of "ACTIVE", "INACTIVE"
5964
6022
  # resp.user_pool.lambda_config.pre_sign_up #=> String
@@ -6033,6 +6091,7 @@ module Aws::CognitoIdentityProvider
6033
6091
  # resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
6034
6092
  # resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
6035
6093
  # resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
6094
+ # resp.user_pool.user_pool_add_ons.advanced_security_additional_flows.custom_auth_mode #=> String, one of "AUDIT", "ENFORCED"
6036
6095
  # resp.user_pool.username_configuration.case_sensitive #=> Boolean
6037
6096
  # resp.user_pool.arn #=> String
6038
6097
  # resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
@@ -6256,8 +6315,8 @@ module Aws::CognitoIdentityProvider
6256
6315
  # sign in.
6257
6316
  #
6258
6317
  # If you have never used SMS text messages with Amazon Cognito or any
6259
- # other Amazon Web Service, Amazon Simple Notification Service might
6260
- # place your account in the SMS sandbox. In <i> <a
6318
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
6319
+ # might place your account in the SMS sandbox. In <i> <a
6261
6320
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6262
6321
  # mode</a> </i>, you can send messages only to verified phone numbers.
6263
6322
  # After you test your app while in the sandbox environment, you can move
@@ -6548,11 +6607,11 @@ module Aws::CognitoIdentityProvider
6548
6607
  req.send_request(options)
6549
6608
  end
6550
6609
 
6551
- # Gets the detailed activity logging configuration for a user pool.
6610
+ # Gets the logging configuration of a user pool.
6552
6611
  #
6553
6612
  # @option params [required, String] :user_pool_id
6554
- # The ID of the user pool where you want to view detailed activity
6555
- # logging configuration.
6613
+ # The ID of the user pool that has the logging configuration that you
6614
+ # want to view.
6556
6615
  #
6557
6616
  # @return [Types::GetLogDeliveryConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6558
6617
  #
@@ -6568,9 +6627,11 @@ module Aws::CognitoIdentityProvider
6568
6627
  #
6569
6628
  # resp.log_delivery_configuration.user_pool_id #=> String
6570
6629
  # resp.log_delivery_configuration.log_configurations #=> Array
6571
- # resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR"
6572
- # resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification"
6630
+ # resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR", "INFO"
6631
+ # resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification", "userAuthEvents"
6573
6632
  # resp.log_delivery_configuration.log_configurations[0].cloud_watch_logs_configuration.log_group_arn #=> String
6633
+ # resp.log_delivery_configuration.log_configurations[0].s3_configuration.bucket_arn #=> String
6634
+ # resp.log_delivery_configuration.log_configurations[0].firehose_configuration.stream_arn #=> String
6574
6635
  #
6575
6636
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfiguration AWS API Documentation
6576
6637
  #
@@ -6742,8 +6803,8 @@ module Aws::CognitoIdentityProvider
6742
6803
  # sign in.
6743
6804
  #
6744
6805
  # If you have never used SMS text messages with Amazon Cognito or any
6745
- # other Amazon Web Service, Amazon Simple Notification Service might
6746
- # place your account in the SMS sandbox. In <i> <a
6806
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
6807
+ # might place your account in the SMS sandbox. In <i> <a
6747
6808
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6748
6809
  # mode</a> </i>, you can send messages only to verified phone numbers.
6749
6810
  # After you test your app while in the sandbox environment, you can move
@@ -6842,6 +6903,7 @@ module Aws::CognitoIdentityProvider
6842
6903
  #
6843
6904
  # * {Types::GetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
6844
6905
  # * {Types::GetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
6906
+ # * {Types::GetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
6845
6907
  # * {Types::GetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
6846
6908
  #
6847
6909
  # @example Request syntax with placeholder values
@@ -6857,6 +6919,8 @@ module Aws::CognitoIdentityProvider
6857
6919
  # resp.sms_mfa_configuration.sms_configuration.external_id #=> String
6858
6920
  # resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
6859
6921
  # resp.software_token_mfa_configuration.enabled #=> Boolean
6922
+ # resp.email_mfa_configuration.message #=> String
6923
+ # resp.email_mfa_configuration.subject #=> String
6860
6924
  # resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
6861
6925
  #
6862
6926
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserPoolMfaConfig AWS API Documentation
@@ -6955,8 +7019,8 @@ module Aws::CognitoIdentityProvider
6955
7019
  # sign in.
6956
7020
  #
6957
7021
  # If you have never used SMS text messages with Amazon Cognito or any
6958
- # other Amazon Web Service, Amazon Simple Notification Service might
6959
- # place your account in the SMS sandbox. In <i> <a
7022
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
7023
+ # might place your account in the SMS sandbox. In <i> <a
6960
7024
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
6961
7025
  # mode</a> </i>, you can send messages only to verified phone numbers.
6962
7026
  # After you test your app while in the sandbox environment, you can move
@@ -7174,7 +7238,7 @@ module Aws::CognitoIdentityProvider
7174
7238
  #
7175
7239
  # @example Response structure
7176
7240
  #
7177
- # resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
7241
+ # resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
7178
7242
  # resp.session #=> String
7179
7243
  # resp.challenge_parameters #=> Hash
7180
7244
  # resp.challenge_parameters["StringType"] #=> String
@@ -8045,8 +8109,8 @@ module Aws::CognitoIdentityProvider
8045
8109
  # sign in.
8046
8110
  #
8047
8111
  # If you have never used SMS text messages with Amazon Cognito or any
8048
- # other Amazon Web Service, Amazon Simple Notification Service might
8049
- # place your account in the SMS sandbox. In <i> <a
8112
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
8113
+ # might place your account in the SMS sandbox. In <i> <a
8050
8114
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
8051
8115
  # mode</a> </i>, you can send messages only to verified phone numbers.
8052
8116
  # After you test your app while in the sandbox environment, you can move
@@ -8191,8 +8255,8 @@ module Aws::CognitoIdentityProvider
8191
8255
  # sign in.
8192
8256
  #
8193
8257
  # If you have never used SMS text messages with Amazon Cognito or any
8194
- # other Amazon Web Service, Amazon Simple Notification Service might
8195
- # place your account in the SMS sandbox. In <i> <a
8258
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
8259
+ # might place your account in the SMS sandbox. In <i> <a
8196
8260
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
8197
8261
  # mode</a> </i>, you can send messages only to verified phone numbers.
8198
8262
  # After you test your app while in the sandbox environment, you can move
@@ -8240,11 +8304,21 @@ module Aws::CognitoIdentityProvider
8240
8304
  # SMS\_MFA
8241
8305
  #
8242
8306
  # : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
8243
- # "[SMS_code]", "USERNAME": "[username]"\}`
8307
+ # "[code]", "USERNAME": "[username]"\}`
8308
+ #
8309
+ # EMAIL\_OTP
8310
+ #
8311
+ # : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
8312
+ # \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
8244
8313
  #
8245
8314
  # PASSWORD\_VERIFIER
8246
8315
  #
8247
- # : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
8316
+ # : This challenge response is part of the SRP flow. Amazon Cognito
8317
+ # requires that your application respond to this challenge within a
8318
+ # few seconds. When the response time exceeds this period, your user
8319
+ # pool returns a `NotAuthorizedException` error.
8320
+ #
8321
+ # `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
8248
8322
  # \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
8249
8323
  # "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
8250
8324
  # [timestamp], "USERNAME": "[username]"\}`
@@ -8379,7 +8453,7 @@ module Aws::CognitoIdentityProvider
8379
8453
  #
8380
8454
  # resp = client.respond_to_auth_challenge({
8381
8455
  # client_id: "ClientIdType", # required
8382
- # challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
8456
+ # challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
8383
8457
  # session: "SessionType",
8384
8458
  # challenge_responses: {
8385
8459
  # "StringType" => "StringType",
@@ -8398,7 +8472,7 @@ module Aws::CognitoIdentityProvider
8398
8472
  #
8399
8473
  # @example Response structure
8400
8474
  #
8401
- # resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
8475
+ # resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
8402
8476
  # resp.session #=> String
8403
8477
  # resp.challenge_parameters #=> Hash
8404
8478
  # resp.challenge_parameters["StringType"] #=> String
@@ -8466,16 +8540,15 @@ module Aws::CognitoIdentityProvider
8466
8540
  req.send_request(options)
8467
8541
  end
8468
8542
 
8469
- # Sets up or modifies the detailed activity logging configuration of a
8470
- # user pool.
8543
+ # Sets up or modifies the logging configuration of a user pool. User
8544
+ # pools can export user notification logs and advanced security features
8545
+ # user activity logs.
8471
8546
  #
8472
8547
  # @option params [required, String] :user_pool_id
8473
- # The ID of the user pool where you want to configure detailed activity
8474
- # logging .
8548
+ # The ID of the user pool where you want to configure logging.
8475
8549
  #
8476
8550
  # @option params [required, Array<Types::LogConfigurationType>] :log_configurations
8477
- # A collection of all of the detailed activity logging configurations
8478
- # for a user pool.
8551
+ # A collection of the logging configurations for a user pool.
8479
8552
  #
8480
8553
  # @return [Types::SetLogDeliveryConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8481
8554
  #
@@ -8487,11 +8560,17 @@ module Aws::CognitoIdentityProvider
8487
8560
  # user_pool_id: "UserPoolIdType", # required
8488
8561
  # log_configurations: [ # required
8489
8562
  # {
8490
- # log_level: "ERROR", # required, accepts ERROR
8491
- # event_source: "userNotification", # required, accepts userNotification
8563
+ # log_level: "ERROR", # required, accepts ERROR, INFO
8564
+ # event_source: "userNotification", # required, accepts userNotification, userAuthEvents
8492
8565
  # cloud_watch_logs_configuration: {
8493
8566
  # log_group_arn: "ArnType",
8494
8567
  # },
8568
+ # s3_configuration: {
8569
+ # bucket_arn: "S3ArnType",
8570
+ # },
8571
+ # firehose_configuration: {
8572
+ # stream_arn: "ArnType",
8573
+ # },
8495
8574
  # },
8496
8575
  # ],
8497
8576
  # })
@@ -8500,9 +8579,11 @@ module Aws::CognitoIdentityProvider
8500
8579
  #
8501
8580
  # resp.log_delivery_configuration.user_pool_id #=> String
8502
8581
  # resp.log_delivery_configuration.log_configurations #=> Array
8503
- # resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR"
8504
- # resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification"
8582
+ # resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR", "INFO"
8583
+ # resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification", "userAuthEvents"
8505
8584
  # resp.log_delivery_configuration.log_configurations[0].cloud_watch_logs_configuration.log_group_arn #=> String
8585
+ # resp.log_delivery_configuration.log_configurations[0].s3_configuration.bucket_arn #=> String
8586
+ # resp.log_delivery_configuration.log_configurations[0].firehose_configuration.stream_arn #=> String
8506
8587
  #
8507
8588
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfiguration AWS API Documentation
8508
8589
  #
@@ -8727,10 +8808,24 @@ module Aws::CognitoIdentityProvider
8727
8808
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
8728
8809
  #
8729
8810
  # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
8730
- # The SMS text message multi-factor authentication (MFA) settings.
8811
+ # User preferences for SMS message MFA. Activates or deactivates SMS MFA
8812
+ # and sets it as the preferred MFA method when multiple methods are
8813
+ # available.
8731
8814
  #
8732
8815
  # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
8733
- # The time-based one-time password (TOTP) software token MFA settings.
8816
+ # User preferences for time-based one-time password (TOTP) MFA.
8817
+ # Activates or deactivates TOTP MFA and sets it as the preferred MFA
8818
+ # method when multiple methods are available.
8819
+ #
8820
+ # @option params [Types::EmailMfaSettingsType] :email_mfa_settings
8821
+ # User preferences for email message MFA. Activates or deactivates email
8822
+ # MFA and sets it as the preferred MFA method when multiple methods are
8823
+ # available. To activate this setting, [ advanced security features][1]
8824
+ # must be active in your user pool.
8825
+ #
8826
+ #
8827
+ #
8828
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
8734
8829
  #
8735
8830
  # @option params [required, String] :access_token
8736
8831
  # A valid access token that Amazon Cognito issued to the user whose MFA
@@ -8749,6 +8844,10 @@ module Aws::CognitoIdentityProvider
8749
8844
  # enabled: false,
8750
8845
  # preferred_mfa: false,
8751
8846
  # },
8847
+ # email_mfa_settings: {
8848
+ # enabled: false,
8849
+ # preferred_mfa: false,
8850
+ # },
8752
8851
  # access_token: "TokenModelType", # required
8753
8852
  # })
8754
8853
  #
@@ -8773,8 +8872,8 @@ module Aws::CognitoIdentityProvider
8773
8872
  # sign in.
8774
8873
  #
8775
8874
  # If you have never used SMS text messages with Amazon Cognito or any
8776
- # other Amazon Web Service, Amazon Simple Notification Service might
8777
- # place your account in the SMS sandbox. In <i> <a
8875
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
8876
+ # might place your account in the SMS sandbox. In <i> <a
8778
8877
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
8779
8878
  # mode</a> </i>, you can send messages only to verified phone numbers.
8780
8879
  # After you test your app while in the sandbox environment, you can move
@@ -8793,10 +8892,22 @@ module Aws::CognitoIdentityProvider
8793
8892
  # The user pool ID.
8794
8893
  #
8795
8894
  # @option params [Types::SmsMfaConfigType] :sms_mfa_configuration
8796
- # The SMS text message MFA configuration.
8895
+ # Configures user pool SMS messages for MFA. Sets the message template
8896
+ # and the SMS message sending configuration for Amazon SNS.
8797
8897
  #
8798
8898
  # @option params [Types::SoftwareTokenMfaConfigType] :software_token_mfa_configuration
8799
- # The software token MFA configuration.
8899
+ # Configures a user pool for time-based one-time password (TOTP) MFA.
8900
+ # Enables or disables TOTP.
8901
+ #
8902
+ # @option params [Types::EmailMfaConfigType] :email_mfa_configuration
8903
+ # Configures user pool email messages for MFA. Sets the subject and body
8904
+ # of the email message template for MFA messages. To activate this
8905
+ # setting, [ advanced security features][1] must be active in your user
8906
+ # pool.
8907
+ #
8908
+ #
8909
+ #
8910
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
8800
8911
  #
8801
8912
  # @option params [String] :mfa_configuration
8802
8913
  # The MFA configuration. If you set the MfaConfiguration value to ‘ON’,
@@ -8819,6 +8930,7 @@ module Aws::CognitoIdentityProvider
8819
8930
  #
8820
8931
  # * {Types::SetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
8821
8932
  # * {Types::SetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
8933
+ # * {Types::SetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
8822
8934
  # * {Types::SetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
8823
8935
  #
8824
8936
  # @example Request syntax with placeholder values
@@ -8836,6 +8948,10 @@ module Aws::CognitoIdentityProvider
8836
8948
  # software_token_mfa_configuration: {
8837
8949
  # enabled: false,
8838
8950
  # },
8951
+ # email_mfa_configuration: {
8952
+ # message: "EmailMfaMessageType",
8953
+ # subject: "EmailMfaSubjectType",
8954
+ # },
8839
8955
  # mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
8840
8956
  # })
8841
8957
  #
@@ -8846,6 +8962,8 @@ module Aws::CognitoIdentityProvider
8846
8962
  # resp.sms_mfa_configuration.sms_configuration.external_id #=> String
8847
8963
  # resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
8848
8964
  # resp.software_token_mfa_configuration.enabled #=> Boolean
8965
+ # resp.email_mfa_configuration.message #=> String
8966
+ # resp.email_mfa_configuration.subject #=> String
8849
8967
  # resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
8850
8968
  #
8851
8969
  # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserPoolMfaConfig AWS API Documentation
@@ -8932,8 +9050,8 @@ module Aws::CognitoIdentityProvider
8932
9050
  # sign in.
8933
9051
  #
8934
9052
  # If you have never used SMS text messages with Amazon Cognito or any
8935
- # other Amazon Web Service, Amazon Simple Notification Service might
8936
- # place your account in the SMS sandbox. In <i> <a
9053
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
9054
+ # might place your account in the SMS sandbox. In <i> <a
8937
9055
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
8938
9056
  # mode</a> </i>, you can send messages only to verified phone numbers.
8939
9057
  # After you test your app while in the sandbox environment, you can move
@@ -9743,8 +9861,8 @@ module Aws::CognitoIdentityProvider
9743
9861
  # sign in.
9744
9862
  #
9745
9863
  # If you have never used SMS text messages with Amazon Cognito or any
9746
- # other Amazon Web Service, Amazon Simple Notification Service might
9747
- # place your account in the SMS sandbox. In <i> <a
9864
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
9865
+ # might place your account in the SMS sandbox. In <i> <a
9748
9866
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
9749
9867
  # mode</a> </i>, you can send messages only to verified phone numbers.
9750
9868
  # After you test your app while in the sandbox environment, you can move
@@ -9858,8 +9976,8 @@ module Aws::CognitoIdentityProvider
9858
9976
  # sign in.
9859
9977
  #
9860
9978
  # If you have never used SMS text messages with Amazon Cognito or any
9861
- # other Amazon Web Service, Amazon Simple Notification Service might
9862
- # place your account in the SMS sandbox. In <i> <a
9979
+ # other Amazon Web Servicesservice, Amazon Simple Notification Service
9980
+ # might place your account in the SMS sandbox. In <i> <a
9863
9981
  # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
9864
9982
  # mode</a> </i>, you can send messages only to verified phone numbers.
9865
9983
  # After you test your app while in the sandbox environment, you can move
@@ -10050,6 +10168,7 @@ module Aws::CognitoIdentityProvider
10050
10168
  # require_lowercase: false,
10051
10169
  # require_numbers: false,
10052
10170
  # require_symbols: false,
10171
+ # password_history_size: 1,
10053
10172
  # temporary_password_validity_days: 1,
10054
10173
  # },
10055
10174
  # },
@@ -10126,6 +10245,9 @@ module Aws::CognitoIdentityProvider
10126
10245
  # },
10127
10246
  # user_pool_add_ons: {
10128
10247
  # advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
10248
+ # advanced_security_additional_flows: {
10249
+ # custom_auth_mode: "AUDIT", # accepts AUDIT, ENFORCED
10250
+ # },
10129
10251
  # },
10130
10252
  # account_recovery_setting: {
10131
10253
  # recovery_mechanisms: [
@@ -10243,9 +10365,9 @@ module Aws::CognitoIdentityProvider
10243
10365
  # default for ID and access tokens is hours.
10244
10366
  #
10245
10367
  # @option params [Array<String>] :read_attributes
10246
- # The list of user attributes that you want your app client to have
10247
- # read-only access to. After your user authenticates in your app, their
10248
- # access token authorizes them to read their own attribute value for any
10368
+ # The list of user attributes that you want your app client to have read
10369
+ # access to. After your user authenticates in your app, their access
10370
+ # token authorizes them to read their own attribute value for any
10249
10371
  # attribute in this list. An example of this kind of activity is when
10250
10372
  # your user selects a link to view their profile information. Your app
10251
10373
  # makes a [GetUser][1] API request to retrieve and display your user's
@@ -10253,11 +10375,11 @@ module Aws::CognitoIdentityProvider
10253
10375
  #
10254
10376
  # When you don't specify the `ReadAttributes` for your app client, your
10255
10377
  # app can read the values of `email_verified`, `phone_number_verified`,
10256
- # and the Standard attributes of your user pool. When your user pool has
10257
- # read access to these default attributes, `ReadAttributes` doesn't
10258
- # return any information. Amazon Cognito only populates `ReadAttributes`
10259
- # in the API response if you have specified your own custom set of read
10260
- # attributes.
10378
+ # and the Standard attributes of your user pool. When your user pool app
10379
+ # client has read access to these default attributes, `ReadAttributes`
10380
+ # doesn't return any information. Amazon Cognito only populates
10381
+ # `ReadAttributes` in the API response if you have specified your own
10382
+ # custom set of read attributes.
10261
10383
  #
10262
10384
  #
10263
10385
  #
@@ -10463,6 +10585,8 @@ module Aws::CognitoIdentityProvider
10463
10585
  # * `LEGACY` - This represents the early behavior of Amazon Cognito
10464
10586
  # where user existence related errors aren't prevented.
10465
10587
  #
10588
+ # Defaults to `LEGACY` when you don't provide a value.
10589
+ #
10466
10590
  # @option params [Boolean] :enable_token_revocation
10467
10591
  # Activates or deactivates token revocation. For more information about
10468
10592
  # revoking tokens, see [RevokeToken][1].
@@ -10801,14 +10925,19 @@ module Aws::CognitoIdentityProvider
10801
10925
  # @api private
10802
10926
  def build_request(operation_name, params = {})
10803
10927
  handlers = @handlers.for(operation_name)
10928
+ tracer = config.telemetry_provider.tracer_provider.tracer(
10929
+ Aws::Telemetry.module_to_tracer_name('Aws::CognitoIdentityProvider')
10930
+ )
10804
10931
  context = Seahorse::Client::RequestContext.new(
10805
10932
  operation_name: operation_name,
10806
10933
  operation: config.api.operation(operation_name),
10807
10934
  client: self,
10808
10935
  params: params,
10809
- config: config)
10936
+ config: config,
10937
+ tracer: tracer
10938
+ )
10810
10939
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
10811
- context[:gem_version] = '1.97.0'
10940
+ context[:gem_version] = '1.107.0'
10812
10941
  Seahorse::Client::Request.new(handlers, context)
10813
10942
  end
10814
10943