aws-sdk-cognitoidentityprovider 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fba7de2a7c950a6af5bebdd0cbb5c04a7aff0eaa
-  data.tar.gz: 89111edeef00331099500b2cd7fc9e3f92f747ae
+  metadata.gz: 5f579a85f5d766bcfd202bd81b7ced97576281c8
+  data.tar.gz: 4629c957130d09436555bde1e07a31588a018b4b
 SHA512:
-  metadata.gz: 091d504333b7fcb8f4cc5bafdb38addcb677f98e014a7e749d2b5b0b939d3673ac3dca3ee16ee72694e3f49f92ea2e70a1f362e3513796071246a633c64e9848
-  data.tar.gz: 2324e9f6eee3149b05cc40baa14c32b4a23a345d57e560eb726c2b07d75013b3a45e9ba2e39ae052c91d531270c486660d6270f044cabaf9df832d851d4143b0
+  metadata.gz: 4f1098817c331f5ec5e94b63465612cc03e2d097a0638c96763dd072cf60ff82a2e304f801904b3d2c641a1296594691c6abc1f30bfc9b4b2ecaf51f8cbd9dbe
+  data.tar.gz: 687ae24c147637a9aed5c0182f7bc9f8014c14e8ccc071fc079574a401f9fac3ac91ff3ad24160f6cdee978a3e77369bfa79a2010286dd3828bcd7bd43a29240

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # @service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.2.0'
+  GEM_VERSION = '1.3.0'
 
 end

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -763,6 +763,9 @@ module Aws::CognitoIdentityProvider
     #   * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
     #     SRP variables to be used for next challenge execution.
     #
+    #   * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
+    #     return the next challenge or tokens.
+    #
     #   Valid values include:
     #
     #   * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
@@ -778,6 +781,11 @@ module Aws::CognitoIdentityProvider
     #     the USERNAME and PASSWORD directly if the flow is enabled for
     #     calling the app client.
     #
+    #   * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
+    #     PASSWORD are passed directly. If a user migration Lambda trigger is
+    #     set, this flow will invoke the user migration Lambda if the USERNAME
+    #     is not found in the user pool.
+    #
     # @option params [Hash<String,String>] :auth_parameters
     #   The authentication parameters. These are inputs corresponding to the
     #   `AuthFlow` that you are invoking. The required values depend on the
@@ -787,9 +795,9 @@ module Aws::CognitoIdentityProvider
     #     `SECRET_HASH` (required if the app client is configured with a
     #     client secret), `DEVICE_KEY`
     #
-    #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
+    #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`
     #
     #   * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
     #     app client is configured with client secret), `PASSWORD` (required),
@@ -824,7 +832,7 @@ module Aws::CognitoIdentityProvider
     #   resp = client.admin_initiate_auth({
     #     user_pool_id: "UserPoolIdType", # required
     #     client_id: "ClientIdType", # required
-    #     auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH
+    #     auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH
     #     auth_parameters: {
     #       "StringType" => "StringType",
     #     },
@@ -1077,7 +1085,7 @@ module Aws::CognitoIdentityProvider
     #   The user pool ID.
     #
     # @option params [required, String] :username
-    #   The user pool username.
+    #   The user pool username or an alias.
     #
     # @option params [Integer] :max_results
     #   The maximum number of authentication events to return.
@@ -1323,7 +1331,7 @@ module Aws::CognitoIdentityProvider
     #   The time-based one-time password software token MFA settings.
     #
     # @option params [required, String] :username
-    #   The user pool username.
+    #   The user pool username or alias.
     #
     # @option params [required, String] :user_pool_id
     #   The user pool ID.
@@ -2024,6 +2032,25 @@ module Aws::CognitoIdentityProvider
     # @option params [Types::LambdaConfigType] :lambda_config
     #   The Lambda trigger configuration information for the new user pool.
     #
+    #   <note markdown="1"> In a push model, event sources (such as Amazon S3 and custom
+    #   applications) need permission to invoke a function. So you will need
+    #   to make an extra call to add permission for these event sources to
+    #   invoke your Lambda function.
+    #
+    #
+    #
+    #    For more information on using the Lambda API to add permission, see [
+    #   AddPermission ][1].
+    #
+    #    For adding permission using the AWS CLI, see [ add-permission ][2].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
+    #   [2]: https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html
+    #
     # @option params [Array<String>] :auto_verified_attributes
     #   The attributes to be auto-verified. Possible values: **email**,
     #   **phone\_number**.
@@ -2110,6 +2137,7 @@ module Aws::CognitoIdentityProvider
     #       create_auth_challenge: "ArnType",
     #       verify_auth_challenge_response: "ArnType",
     #       pre_token_generation: "ArnType",
+    #       user_migration: "ArnType",
     #     },
     #     auto_verified_attributes: ["phone_number"], # accepts phone_number, email
     #     alias_attributes: ["phone_number"], # accepts phone_number, email, preferred_username
@@ -2191,6 +2219,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.lambda_config.create_auth_challenge #=> String
     #   resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
     #   resp.user_pool.lambda_config.pre_token_generation #=> String
+    #   resp.user_pool.lambda_config.user_migration #=> String
     #   resp.user_pool.status #=> String, one of "Enabled", "Disabled"
     #   resp.user_pool.last_modified_date #=> Time
     #   resp.user_pool.creation_date #=> Time
@@ -2321,7 +2350,7 @@ module Aws::CognitoIdentityProvider
     #     refresh_token_validity: 1,
     #     read_attributes: ["ClientPermissionType"],
     #     write_attributes: ["ClientPermissionType"],
-    #     explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
+    #     explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH
     #     supported_identity_providers: ["ProviderNameType"],
     #     callback_urls: ["RedirectUrlType"],
     #     logout_urls: ["RedirectUrlType"],
@@ -2351,7 +2380,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.write_attributes #=> Array
     #   resp.user_pool_client.write_attributes[0] #=> String
     #   resp.user_pool_client.explicit_auth_flows #=> Array
-    #   resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
+    #   resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH"
     #   resp.user_pool_client.supported_identity_providers #=> Array
     #   resp.user_pool_client.supported_identity_providers[0] #=> String
     #   resp.user_pool_client.callback_urls #=> Array
@@ -2828,6 +2857,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.lambda_config.create_auth_challenge #=> String
     #   resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
     #   resp.user_pool.lambda_config.pre_token_generation #=> String
+    #   resp.user_pool.lambda_config.user_migration #=> String
     #   resp.user_pool.status #=> String, one of "Enabled", "Disabled"
     #   resp.user_pool.last_modified_date #=> Time
     #   resp.user_pool.creation_date #=> Time
@@ -2920,7 +2950,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.write_attributes #=> Array
     #   resp.user_pool_client.write_attributes[0] #=> String
     #   resp.user_pool_client.explicit_auth_flows #=> Array
-    #   resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
+    #   resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH"
     #   resp.user_pool_client.supported_identity_providers #=> Array
     #   resp.user_pool_client.supported_identity_providers[0] #=> String
     #   resp.user_pool_client.callback_urls #=> Array
@@ -3224,6 +3254,34 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
+    # This method takes a user pool ID, and returns the signing certificate.
+    #
+    # @option params [required, String] :user_pool_id
+    #   The user pool ID.
+    #
+    # @return [Types::GetSigningCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetSigningCertificateResponse#certificate #certificate} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_signing_certificate({
+    #     user_pool_id: "UserPoolIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.certificate #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetSigningCertificate AWS API Documentation
+    #
+    # @overload get_signing_certificate(params = {})
+    # @param [Hash] params ({})
+    def get_signing_certificate(params = {}, options = {})
+      req = build_request(:get_signing_certificate, params)
+      req.send_request(options)
+    end
+
     # Gets the UI Customization information for a particular app client's
     # app UI, if there is something set. If nothing is set for the
     # particular client, but there is an existing pool level customization
@@ -3413,6 +3471,9 @@ module Aws::CognitoIdentityProvider
     #   * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
     #     SRP variables to be used for next challenge execution.
     #
+    #   * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
+    #     return the next challenge or tokens.
+    #
     #   Valid values include:
     #
     #   * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
@@ -3424,6 +3485,11 @@ module Aws::CognitoIdentityProvider
     #
     #   * `CUSTOM_AUTH`\: Custom authentication flow.
     #
+    #   * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
+    #     PASSWORD are passed directly. If a user migration Lambda trigger is
+    #     set, this flow will invoke the user migration Lambda if the USERNAME
+    #     is not found in the user pool.
+    #
     #   `ADMIN_NO_SRP_AUTH` is not a valid value.
     #
     # @option params [Hash<String,String>] :auth_parameters
@@ -3435,9 +3501,9 @@ module Aws::CognitoIdentityProvider
     #     `SECRET_HASH` (required if the app client is configured with a
     #     client secret), `DEVICE_KEY`
     #
-    #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
+    #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
     #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
+    #     client secret), `DEVICE_KEY`
     #
     #   * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
     #     client is configured with client secret), `DEVICE_KEY`
@@ -3469,7 +3535,7 @@ module Aws::CognitoIdentityProvider
     # @example Request syntax with placeholder values
     #
     #   resp = client.initiate_auth({
-    #     auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH
+    #     auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH
     #     auth_parameters: {
     #       "StringType" => "StringType",
     #     },
@@ -3824,6 +3890,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pools[0].lambda_config.create_auth_challenge #=> String
     #   resp.user_pools[0].lambda_config.verify_auth_challenge_response #=> String
     #   resp.user_pools[0].lambda_config.pre_token_generation #=> String
+    #   resp.user_pools[0].lambda_config.user_migration #=> String
     #   resp.user_pools[0].status #=> String, one of "Enabled", "Disabled"
     #   resp.user_pools[0].last_modified_date #=> Time
     #   resp.user_pools[0].creation_date #=> Time
@@ -5009,6 +5076,7 @@ module Aws::CognitoIdentityProvider
     #       create_auth_challenge: "ArnType",
     #       verify_auth_challenge_response: "ArnType",
     #       pre_token_generation: "ArnType",
+    #       user_migration: "ArnType",
     #     },
     #     auto_verified_attributes: ["phone_number"], # accepts phone_number, email
     #     sms_verification_message: "SmsVerificationMessageType",
@@ -5134,7 +5202,7 @@ module Aws::CognitoIdentityProvider
     #     refresh_token_validity: 1,
     #     read_attributes: ["ClientPermissionType"],
     #     write_attributes: ["ClientPermissionType"],
-    #     explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
+    #     explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH
     #     supported_identity_providers: ["ProviderNameType"],
     #     callback_urls: ["RedirectUrlType"],
     #     logout_urls: ["RedirectUrlType"],
@@ -5164,7 +5232,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.write_attributes #=> Array
     #   resp.user_pool_client.write_attributes[0] #=> String
     #   resp.user_pool_client.explicit_auth_flows #=> Array
-    #   resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY"
+    #   resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH"
     #   resp.user_pool_client.supported_identity_providers #=> Array
     #   resp.user_pool_client.supported_identity_providers[0] #=> String
     #   resp.user_pool_client.callback_urls #=> Array
@@ -5278,7 +5346,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.2.0'
+      context[:gem_version] = '1.3.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb

@@ -217,6 +217,8 @@ module Aws::CognitoIdentityProvider
     GetGroupResponse = Shapes::StructureShape.new(name: 'GetGroupResponse')
     GetIdentityProviderByIdentifierRequest = Shapes::StructureShape.new(name: 'GetIdentityProviderByIdentifierRequest')
     GetIdentityProviderByIdentifierResponse = Shapes::StructureShape.new(name: 'GetIdentityProviderByIdentifierResponse')
+    GetSigningCertificateRequest = Shapes::StructureShape.new(name: 'GetSigningCertificateRequest')
+    GetSigningCertificateResponse = Shapes::StructureShape.new(name: 'GetSigningCertificateResponse')
     GetUICustomizationRequest = Shapes::StructureShape.new(name: 'GetUICustomizationRequest')
     GetUICustomizationResponse = Shapes::StructureShape.new(name: 'GetUICustomizationResponse')
     GetUserAttributeVerificationCodeRequest = Shapes::StructureShape.new(name: 'GetUserAttributeVerificationCodeRequest')
@@ -1057,6 +1059,12 @@ module Aws::CognitoIdentityProvider
     GetIdentityProviderByIdentifierResponse.add_member(:identity_provider, Shapes::ShapeRef.new(shape: IdentityProviderType, required: true, location_name: "IdentityProvider"))
     GetIdentityProviderByIdentifierResponse.struct_class = Types::GetIdentityProviderByIdentifierResponse
 
+    GetSigningCertificateRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
+    GetSigningCertificateRequest.struct_class = Types::GetSigningCertificateRequest
+
+    GetSigningCertificateResponse.add_member(:certificate, Shapes::ShapeRef.new(shape: StringType, location_name: "Certificate"))
+    GetSigningCertificateResponse.struct_class = Types::GetSigningCertificateResponse
+
     GetUICustomizationRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
     GetUICustomizationRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: ClientIdType, location_name: "ClientId"))
     GetUICustomizationRequest.struct_class = Types::GetUICustomizationRequest
@@ -1146,6 +1154,7 @@ module Aws::CognitoIdentityProvider
     LambdaConfigType.add_member(:create_auth_challenge, Shapes::ShapeRef.new(shape: ArnType, location_name: "CreateAuthChallenge"))
     LambdaConfigType.add_member(:verify_auth_challenge_response, Shapes::ShapeRef.new(shape: ArnType, location_name: "VerifyAuthChallengeResponse"))
     LambdaConfigType.add_member(:pre_token_generation, Shapes::ShapeRef.new(shape: ArnType, location_name: "PreTokenGeneration"))
+    LambdaConfigType.add_member(:user_migration, Shapes::ShapeRef.new(shape: ArnType, location_name: "UserMigration"))
     LambdaConfigType.struct_class = Types::LambdaConfigType
 
     ListDevicesRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: TokenModelType, required: true, location_name: "AccessToken"))
@@ -2633,6 +2642,16 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
       end)
 
+      api.add_operation(:get_signing_certificate, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetSigningCertificate"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetSigningCertificateRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetSigningCertificateResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
       api.add_operation(:get_ui_customization, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetUICustomization"
         o.http_method = "POST"

data/lib/aws-sdk-cognitoidentityprovider/types.rb

@@ -812,7 +812,7 @@ module Aws::CognitoIdentityProvider
     #       {
     #         user_pool_id: "UserPoolIdType", # required
     #         client_id: "ClientIdType", # required
-    #         auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH
+    #         auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH
     #         auth_parameters: {
     #           "StringType" => "StringType",
     #         },
@@ -854,6 +854,9 @@ module Aws::CognitoIdentityProvider
     #   * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
     #     SRP variables to be used for next challenge execution.
     #
+    #   * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
+    #     return the next challenge or tokens.
+    #
     #   Valid values include:
     #
     #   * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote
@@ -868,6 +871,11 @@ module Aws::CognitoIdentityProvider
     #   * `ADMIN_NO_SRP_AUTH`\: Non-SRP authentication flow; you can pass in
     #     the USERNAME and PASSWORD directly if the flow is enabled for
     #     calling the app client.
+    #
+    #   * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
+    #     PASSWORD are passed directly. If a user migration Lambda trigger
+    #     is set, this flow will invoke the user migration Lambda if the
+    #     USERNAME is not found in the user pool.
     #   @return [String]
     #
     # @!attribute [rw] auth_parameters
@@ -879,9 +887,9 @@ module Aws::CognitoIdentityProvider
     #     `SECRET_HASH` (required if the app client is configured with a
     #     client secret), `DEVICE_KEY`
     #
-    #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
-    #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
+    #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN`
+    #     (required), `SECRET_HASH` (required if the app client is
+    #     configured with a client secret), `DEVICE_KEY`
     #
     #   * For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
     #     app client is configured with client secret), `PASSWORD`
@@ -974,7 +982,7 @@ module Aws::CognitoIdentityProvider
     #
     #   All challenges require `USERNAME` and `SECRET_HASH` (if applicable).
     #
-    #   The value of the `USER_IF_FOR_SRP` attribute will be the user's
+    #   The value of the `USER_ID_FOR_SRP` attribute will be the user's
     #   actual username, not an alias (such as email address or phone
     #   number), even if you specified an alias in your call to
     #   `AdminInitiateAuth`. This is because, in the
@@ -1206,7 +1214,7 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] username
-    #   The user pool username.
+    #   The user pool username or an alias.
     #   @return [String]
     #
     # @!attribute [rw] max_results
@@ -1468,7 +1476,7 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::SoftwareTokenMfaSettingsType]
     #
     # @!attribute [rw] username
-    #   The user pool username.
+    #   The user pool username or alias.
     #   @return [String]
     #
     # @!attribute [rw] user_pool_id
@@ -2562,7 +2570,7 @@ module Aws::CognitoIdentityProvider
     #         refresh_token_validity: 1,
     #         read_attributes: ["ClientPermissionType"],
     #         write_attributes: ["ClientPermissionType"],
-    #         explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
+    #         explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH
     #         supported_identity_providers: ["ProviderNameType"],
     #         callback_urls: ["RedirectUrlType"],
     #         logout_urls: ["RedirectUrlType"],
@@ -2738,6 +2746,7 @@ module Aws::CognitoIdentityProvider
     #           create_auth_challenge: "ArnType",
     #           verify_auth_challenge_response: "ArnType",
     #           pre_token_generation: "ArnType",
+    #           user_migration: "ArnType",
     #         },
     #         auto_verified_attributes: ["phone_number"], # accepts phone_number, email
     #         alias_attributes: ["phone_number"], # accepts phone_number, email, preferred_username
@@ -2811,6 +2820,25 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] lambda_config
     #   The Lambda trigger configuration information for the new user pool.
+    #
+    #   <note markdown="1"> In a push model, event sources (such as Amazon S3 and custom
+    #   applications) need permission to invoke a function. So you will need
+    #   to make an extra call to add permission for these event sources to
+    #   invoke your Lambda function.
+    #
+    #
+    #
+    #    For more information on using the Lambda API to add permission, see
+    #   [ AddPermission ][1].
+    #
+    #    For adding permission using the AWS CLI, see [ add-permission ][2].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
+    #   [2]: https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html
     #   @return [Types::LambdaConfigType]
     #
     # @!attribute [rw] auto_verified_attributes
@@ -3856,6 +3884,39 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # Request to get a signing certificate from Cognito.
+    #
+    # @note When making an API call, you may pass GetSigningCertificateRequest
+    #   data as a hash:
+    #
+    #       {
+    #         user_pool_id: "UserPoolIdType", # required
+    #       }
+    #
+    # @!attribute [rw] user_pool_id
+    #   The user pool ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetSigningCertificateRequest AWS API Documentation
+    #
+    class GetSigningCertificateRequest < Struct.new(
+      :user_pool_id)
+      include Aws::Structure
+    end
+
+    # Response from Cognito for a signing certificate request.
+    #
+    # @!attribute [rw] certificate
+    #   The signing certificate.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetSigningCertificateResponse AWS API Documentation
+    #
+    class GetSigningCertificateResponse < Struct.new(
+      :certificate)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetUICustomizationRequest
     #   data as a hash:
     #
@@ -4199,7 +4260,7 @@ module Aws::CognitoIdentityProvider
     #   data as a hash:
     #
     #       {
-    #         auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH
+    #         auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH
     #         auth_parameters: {
     #           "StringType" => "StringType",
     #         },
@@ -4225,6 +4286,9 @@ module Aws::CognitoIdentityProvider
     #   * `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
     #     SRP variables to be used for next challenge execution.
     #
+    #   * `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
+    #     return the next challenge or tokens.
+    #
     #   Valid values include:
     #
     #   * `USER_SRP_AUTH`\: Authentication flow for the Secure Remote
@@ -4236,6 +4300,11 @@ module Aws::CognitoIdentityProvider
     #
     #   * `CUSTOM_AUTH`\: Custom authentication flow.
     #
+    #   * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
+    #     PASSWORD are passed directly. If a user migration Lambda trigger
+    #     is set, this flow will invoke the user migration Lambda if the
+    #     USERNAME is not found in the user pool.
+    #
     #   `ADMIN_NO_SRP_AUTH` is not a valid value.
     #   @return [String]
     #
@@ -4248,9 +4317,9 @@ module Aws::CognitoIdentityProvider
     #     `SECRET_HASH` (required if the app client is configured with a
     #     client secret), `DEVICE_KEY`
     #
-    #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `USERNAME` (required),
-    #     `SECRET_HASH` (required if the app client is configured with a
-    #     client secret), `REFRESH_TOKEN` (required), `DEVICE_KEY`
+    #   * For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN`
+    #     (required), `SECRET_HASH` (required if the app client is
+    #     configured with a client secret), `DEVICE_KEY`
     #
     #   * For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
     #     client is configured with client secret), `DEVICE_KEY`
@@ -4374,6 +4443,7 @@ module Aws::CognitoIdentityProvider
     #         create_auth_challenge: "ArnType",
     #         verify_auth_challenge_response: "ArnType",
     #         pre_token_generation: "ArnType",
+    #         user_migration: "ArnType",
     #       }
     #
     # @!attribute [rw] pre_sign_up
@@ -4412,6 +4482,10 @@ module Aws::CognitoIdentityProvider
     #   A Lambda trigger that is invoked before token generation.
     #   @return [String]
     #
+    # @!attribute [rw] user_migration
+    #   The user migration Lambda config type.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/LambdaConfigType AWS API Documentation
     #
     class LambdaConfigType < Struct.new(
@@ -4423,7 +4497,8 @@ module Aws::CognitoIdentityProvider
       :define_auth_challenge,
       :create_auth_challenge,
       :verify_auth_challenge_response,
-      :pre_token_generation)
+      :pre_token_generation,
+      :user_migration)
       include Aws::Structure
     end
 
@@ -6635,7 +6710,7 @@ module Aws::CognitoIdentityProvider
     #         refresh_token_validity: 1,
     #         read_attributes: ["ClientPermissionType"],
     #         write_attributes: ["ClientPermissionType"],
-    #         explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY
+    #         explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH
     #         supported_identity_providers: ["ProviderNameType"],
     #         callback_urls: ["RedirectUrlType"],
     #         logout_urls: ["RedirectUrlType"],
@@ -6784,6 +6859,7 @@ module Aws::CognitoIdentityProvider
     #           create_auth_challenge: "ArnType",
     #           verify_auth_challenge_response: "ArnType",
     #           pre_token_generation: "ArnType",
+    #           user_migration: "ArnType",
     #         },
     #         auto_verified_attributes: ["phone_number"], # accepts phone_number, email
     #         sms_verification_message: "SmsVerificationMessageType",

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentityprovider
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-12-11 00:00:00.000000000 Z
+date: 2018-02-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core