aws-sdk-cognitoidentityprovider 1.31.0 → 1.32.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 578f7d94326ca7c6330d2fe103763deab0ac2a0e
-  data.tar.gz: 827cb1755e2cacca7d4e20b308b41c3225bf160b
+  metadata.gz: 7361662f5b0bb67d92023891586c6754bcd59a79
+  data.tar.gz: 0ec4d5ed41aa58bb88d9f421ffdc8b76c454e08f
 SHA512:
-  metadata.gz: 6bb8b9eb46d02d64cf7b185c5f4ac8efd88b1ea4fac04f94a66b26c8a6104b50f916828628f04b07196fdb3c26f6911a5d0588736ab459a52079edfb781e9651
-  data.tar.gz: 8a82815bc9182b9267c9c5b8e16208108963990e737ee6b2707dd6052d20ec9f312c3cb7fc96f7ec684e4e0f845d89e7bda62007c2fa91431cf6062ede5f66b6
+  metadata.gz: 3e52d8c2d325203792364482f6d14c3a011857f2185256cae3dd4a59cbc0ae816ba50bb8fa1cedb75dac824af8dc005edca238eb7104f4e52a230dfc394c5bb7
+  data.tar.gz: d826e8ee58e58d4626c3586e48d85b71f23b5edf6ac7f562e4342917d95674699dd3376c50d3b4a328752aa41de6c3184a8e7d5729cacf9212dbcd74107f3e3d

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # @service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.31.0'
+  GEM_VERSION = '1.32.0'
 
 end

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -1086,7 +1086,7 @@ module Aws::CognitoIdentityProvider
     #     client_id: "ClientIdType", # required
     #     auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
     #     auth_parameters: {
-    #       "StringType" => "StringType",
+    #       "StringType" => "AuthParametersValueType",
     #     },
     #     client_metadata: {
     #       "StringType" => "StringType",
@@ -2380,8 +2380,60 @@ module Aws::CognitoIdentityProvider
     #   The identity provider type.
     #
     # @option params [required, Hash<String,String>] :provider_details
-    #   The identity provider details, such as `MetadataURL` and
-    #   `MetadataFile`.
+    #   The identity provider details. The following list describes the
+    #   provider detail keys for each identity provider type.
+    #
+    #   * For Google, Facebook and Login with Amazon:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * authorize\_scopes
+    #
+    #   * For Sign in with Apple:
+    #
+    #     * client\_id
+    #
+    #     * team\_id
+    #
+    #     * key\_id
+    #
+    #     * private\_key
+    #
+    #     * authorize\_scopes
+    #
+    #   * For OIDC providers:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * attributes\_request\_method
+    #
+    #     * oidc\_issuer
+    #
+    #     * authorize\_scopes
+    #
+    #     * authorize\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * token\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * attributes\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * jwks\_uri *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * authorize\_scopes
+    #
+    #   * For SAML providers:
+    #
+    #     * MetadataFile OR MetadataURL
+    #
+    #     * IDPSignOut *optional*
     #
     # @option params [Hash<String,String>] :attribute_mapping
     #   A mapping of identity provider attributes to standard and custom user
@@ -2623,6 +2675,13 @@ module Aws::CognitoIdentityProvider
     #   Used to enable advanced security risk detection. Set the key
     #   `AdvancedSecurityMode` to the value "AUDIT".
     #
+    # @option params [Types::UsernameConfigurationType] :username_configuration
+    #   You can choose to set case sensitivity on the username input for the
+    #   selected sign-in option. For example, when this is set to `False`,
+    #   users will be able to sign in using either "username" or
+    #   "Username". This configuration is immutable once it has been set.
+    #   For more information, see .
+    #
     # @option params [Types::AccountRecoverySettingType] :account_recovery_setting
     #   Use this setting to define which verified available method a user can
     #   use to recover their password when they call `ForgotPassword`. It
@@ -2731,6 +2790,9 @@ module Aws::CognitoIdentityProvider
     #     user_pool_add_ons: {
     #       advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
     #     },
+    #     username_configuration: {
+    #       case_sensitive: false, # required
+    #     },
     #     account_recovery_setting: {
     #       recovery_mechanisms: [
     #         {
@@ -2813,6 +2875,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
     #   resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
+    #   resp.user_pool.username_configuration.case_sensitive #=> Boolean
     #   resp.user_pool.arn #=> String
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms[0].priority #=> Integer
@@ -2941,22 +3004,28 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://tools.ietf.org/html/rfc6749#section-3.1.2
     #
     # @option params [Array<String>] :allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
     #
-    #   Set to `token` to specify that the client should get the access token
-    #   (and, optionally, ID token, based on scopes) directly.
+    #   Set to `implicit` to specify that the client should get the access
+    #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get the
+    #   access token (and, optionally, ID token, based on scopes) from the
+    #   token endpoint using a combination of client and client\_secret.
     #
     # @option params [Array<String>] :allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided by
+    #   AWS are: `aws.cognito.signin.user.admin`. Custom scopes created in
+    #   Resource Servers are also supported.
     #
     # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
-    #   Set to `True` if the client is allowed to follow the OAuth protocol
-    #   when interacting with Cognito user pools.
+    #   Set to true if the client is allowed to follow the OAuth protocol when
+    #   interacting with Cognito user pools.
     #
     # @option params [Types::AnalyticsConfigurationType] :analytics_configuration
     #   The Amazon Pinpoint analytics configuration for collecting metrics for
@@ -2998,9 +3067,9 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors` will
-    #   default to `ENABLED` for newly created user pool clients if no value
-    #   is provided.
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
+    #   will default to `ENABLED` for newly created user pool clients if no
+    #   value is provided.
     #
     #    </note>
     #
@@ -3604,6 +3673,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
     #   resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
+    #   resp.user_pool.username_configuration.case_sensitive #=> Boolean
     #   resp.user_pool.arn #=> String
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms[0].priority #=> Integer
@@ -4389,7 +4459,7 @@ module Aws::CognitoIdentityProvider
     #   resp = client.initiate_auth({
     #     auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
     #     auth_parameters: {
-    #       "StringType" => "StringType",
+    #       "StringType" => "AuthParametersValueType",
     #     },
     #     client_metadata: {
     #       "StringType" => "StringType",
@@ -6414,18 +6484,27 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://tools.ietf.org/html/rfc6749#section-3.1.2
     #
     # @option params [Array<String>] :allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
     #
+    #   Set to `implicit` to specify that the client should get the access
+    #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get the
+    #   access token (and, optionally, ID token, based on scopes) from the
+    #   token endpoint using a combination of client and client\_secret.
+    #
     # @option params [Array<String>] :allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided by
+    #   AWS are: `aws.cognito.signin.user.admin`. Custom scopes created in
+    #   Resource Servers are also supported.
     #
     # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
-    #   Set to TRUE if the client is allowed to follow the OAuth protocol when
+    #   Set to true if the client is allowed to follow the OAuth protocol when
     #   interacting with Cognito user pools.
     #
     # @option params [Types::AnalyticsConfigurationType] :analytics_configuration
@@ -6468,9 +6547,9 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors` will
-    #   default to `ENABLED` for newly created user pool clients if no value
-    #   is provided.
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
+    #   will default to `ENABLED` for newly created user pool clients if no
+    #   value is provided.
     #
     #    </note>
     #
@@ -6713,7 +6792,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.31.0'
+      context[:gem_version] = '1.32.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb

@@ -91,6 +91,7 @@ module Aws::CognitoIdentityProvider
     AuthEventsType = Shapes::ListShape.new(name: 'AuthEventsType')
     AuthFlowType = Shapes::StringShape.new(name: 'AuthFlowType')
     AuthParametersType = Shapes::MapShape.new(name: 'AuthParametersType')
+    AuthParametersValueType = Shapes::StringShape.new(name: 'AuthParametersValueType')
     AuthenticationResultType = Shapes::StructureShape.new(name: 'AuthenticationResultType')
     BlockedIPRangeListType = Shapes::ListShape.new(name: 'BlockedIPRangeListType')
     BooleanType = Shapes::BooleanShape.new(name: 'BooleanType')
@@ -445,6 +446,7 @@ module Aws::CognitoIdentityProvider
     UserType = Shapes::StructureShape.new(name: 'UserType')
     UsernameAttributeType = Shapes::StringShape.new(name: 'UsernameAttributeType')
     UsernameAttributesListType = Shapes::ListShape.new(name: 'UsernameAttributesListType')
+    UsernameConfigurationType = Shapes::StructureShape.new(name: 'UsernameConfigurationType')
     UsernameExistsException = Shapes::StructureShape.new(name: 'UsernameExistsException')
     UsernameType = Shapes::StringShape.new(name: 'UsernameType')
     UsersListType = Shapes::ListShape.new(name: 'UsersListType')
@@ -456,6 +458,7 @@ module Aws::CognitoIdentityProvider
     VerifySoftwareTokenResponseType = Shapes::StringShape.new(name: 'VerifySoftwareTokenResponseType')
     VerifyUserAttributeRequest = Shapes::StructureShape.new(name: 'VerifyUserAttributeRequest')
     VerifyUserAttributeResponse = Shapes::StructureShape.new(name: 'VerifyUserAttributeResponse')
+    WrappedBooleanType = Shapes::BooleanShape.new(name: 'WrappedBooleanType')
 
     AccountRecoverySettingType.add_member(:recovery_mechanisms, Shapes::ShapeRef.new(shape: RecoveryMechanismsType, location_name: "RecoveryMechanisms"))
     AccountRecoverySettingType.struct_class = Types::AccountRecoverySettingType
@@ -746,7 +749,7 @@ module Aws::CognitoIdentityProvider
     AuthEventsType.member = Shapes::ShapeRef.new(shape: AuthEventType)
 
     AuthParametersType.key = Shapes::ShapeRef.new(shape: StringType)
-    AuthParametersType.value = Shapes::ShapeRef.new(shape: StringType)
+    AuthParametersType.value = Shapes::ShapeRef.new(shape: AuthParametersValueType)
 
     AuthenticationResultType.add_member(:access_token, Shapes::ShapeRef.new(shape: TokenModelType, location_name: "AccessToken"))
     AuthenticationResultType.add_member(:expires_in, Shapes::ShapeRef.new(shape: IntegerType, location_name: "ExpiresIn"))
@@ -933,6 +936,7 @@ module Aws::CognitoIdentityProvider
     CreateUserPoolRequest.add_member(:admin_create_user_config, Shapes::ShapeRef.new(shape: AdminCreateUserConfigType, location_name: "AdminCreateUserConfig"))
     CreateUserPoolRequest.add_member(:schema, Shapes::ShapeRef.new(shape: SchemaAttributesListType, location_name: "Schema"))
     CreateUserPoolRequest.add_member(:user_pool_add_ons, Shapes::ShapeRef.new(shape: UserPoolAddOnsType, location_name: "UserPoolAddOns"))
+    CreateUserPoolRequest.add_member(:username_configuration, Shapes::ShapeRef.new(shape: UsernameConfigurationType, location_name: "UsernameConfiguration"))
     CreateUserPoolRequest.add_member(:account_recovery_setting, Shapes::ShapeRef.new(shape: AccountRecoverySettingType, location_name: "AccountRecoverySetting"))
     CreateUserPoolRequest.struct_class = Types::CreateUserPoolRequest
 
@@ -1866,6 +1870,7 @@ module Aws::CognitoIdentityProvider
     UserPoolType.add_member(:custom_domain, Shapes::ShapeRef.new(shape: DomainType, location_name: "CustomDomain"))
     UserPoolType.add_member(:admin_create_user_config, Shapes::ShapeRef.new(shape: AdminCreateUserConfigType, location_name: "AdminCreateUserConfig"))
     UserPoolType.add_member(:user_pool_add_ons, Shapes::ShapeRef.new(shape: UserPoolAddOnsType, location_name: "UserPoolAddOns"))
+    UserPoolType.add_member(:username_configuration, Shapes::ShapeRef.new(shape: UsernameConfigurationType, location_name: "UsernameConfiguration"))
     UserPoolType.add_member(:arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "Arn"))
     UserPoolType.add_member(:account_recovery_setting, Shapes::ShapeRef.new(shape: AccountRecoverySettingType, location_name: "AccountRecoverySetting"))
     UserPoolType.struct_class = Types::UserPoolType
@@ -1881,6 +1886,9 @@ module Aws::CognitoIdentityProvider
 
     UsernameAttributesListType.member = Shapes::ShapeRef.new(shape: UsernameAttributeType)
 
+    UsernameConfigurationType.add_member(:case_sensitive, Shapes::ShapeRef.new(shape: WrappedBooleanType, required: true, location_name: "CaseSensitive"))
+    UsernameConfigurationType.struct_class = Types::UsernameConfigurationType
+
     UsernameExistsException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
     UsernameExistsException.struct_class = Types::UsernameExistsException
 

data/lib/aws-sdk-cognitoidentityprovider/types.rb

@@ -943,7 +943,7 @@ module Aws::CognitoIdentityProvider
     #         client_id: "ClientIdType", # required
     #         auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
     #         auth_parameters: {
-    #           "StringType" => "StringType",
+    #           "StringType" => "AuthParametersValueType",
     #         },
     #         client_metadata: {
     #           "StringType" => "StringType",
@@ -2940,8 +2940,60 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] provider_details
-    #   The identity provider details, such as `MetadataURL` and
-    #   `MetadataFile`.
+    #   The identity provider details. The following list describes the
+    #   provider detail keys for each identity provider type.
+    #
+    #   * For Google, Facebook and Login with Amazon:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * authorize\_scopes
+    #
+    #   * For Sign in with Apple:
+    #
+    #     * client\_id
+    #
+    #     * team\_id
+    #
+    #     * key\_id
+    #
+    #     * private\_key
+    #
+    #     * authorize\_scopes
+    #
+    #   * For OIDC providers:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * attributes\_request\_method
+    #
+    #     * oidc\_issuer
+    #
+    #     * authorize\_scopes
+    #
+    #     * authorize\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * token\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * attributes\_url *if not available from discovery URL specified
+    #       by oidc\_issuer key*
+    #
+    #     * jwks\_uri *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * authorize\_scopes
+    #
+    #   * For SAML providers:
+    #
+    #     * MetadataFile OR MetadataURL
+    #
+    #     * IDPSignOut *optional*
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] attribute_mapping
@@ -3233,23 +3285,29 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
     #
-    #   Set to `token` to specify that the client should get the access
+    #   Set to `implicit` to specify that the client should get the access
     #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get
+    #   the access token (and, optionally, ID token, based on scopes) from
+    #   the token endpoint using a combination of client and client\_secret.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided
+    #   by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
+    #   in Resource Servers are also supported.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_flows_user_pool_client
-    #   Set to `True` if the client is allowed to follow the OAuth protocol
+    #   Set to true if the client is allowed to follow the OAuth protocol
     #   when interacting with Cognito user pools.
     #   @return [Boolean]
     #
@@ -3294,7 +3352,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors`
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
     #
@@ -3484,6 +3542,9 @@ module Aws::CognitoIdentityProvider
     #         user_pool_add_ons: {
     #           advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
     #         },
+    #         username_configuration: {
+    #           case_sensitive: false, # required
+    #         },
     #         account_recovery_setting: {
     #           recovery_mechanisms: [
     #             {
@@ -3597,6 +3658,14 @@ module Aws::CognitoIdentityProvider
     #   `AdvancedSecurityMode` to the value "AUDIT".
     #   @return [Types::UserPoolAddOnsType]
     #
+    # @!attribute [rw] username_configuration
+    #   You can choose to set case sensitivity on the username input for the
+    #   selected sign-in option. For example, when this is set to `False`,
+    #   users will be able to sign in using either "username" or
+    #   "Username". This configuration is immutable once it has been set.
+    #   For more information, see .
+    #   @return [Types::UsernameConfigurationType]
+    #
     # @!attribute [rw] account_recovery_setting
     #   Use this setting to define which verified available method a user
     #   can use to recover their password when they call `ForgotPassword`.
@@ -3637,6 +3706,7 @@ module Aws::CognitoIdentityProvider
       :admin_create_user_config,
       :schema,
       :user_pool_add_ons,
+      :username_configuration,
       :account_recovery_setting)
       include Aws::Structure
     end
@@ -5193,8 +5263,60 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] provider_details
-    #   The identity provider details, such as `MetadataURL` and
-    #   `MetadataFile`.
+    #   The identity provider details. The following list describes the
+    #   provider detail keys for each identity provider type.
+    #
+    #   * For Google, Facebook and Login with Amazon:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * authorize\_scopes
+    #
+    #   * For Sign in with Apple:
+    #
+    #     * client\_id
+    #
+    #     * team\_id
+    #
+    #     * key\_id
+    #
+    #     * private\_key
+    #
+    #     * authorize\_scopes
+    #
+    #   * For OIDC providers:
+    #
+    #     * client\_id
+    #
+    #     * client\_secret
+    #
+    #     * attributes\_request\_method
+    #
+    #     * oidc\_issuer
+    #
+    #     * authorize\_scopes
+    #
+    #     * authorize\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * token\_url *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * attributes\_url *if not available from discovery URL specified
+    #       by oidc\_issuer key*
+    #
+    #     * jwks\_uri *if not available from discovery URL specified by
+    #       oidc\_issuer key*
+    #
+    #     * authorize\_scopes
+    #
+    #   * For SAML providers:
+    #
+    #     * MetadataFile OR MetadataURL
+    #
+    #     * IDPSignOut *optional*
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] attribute_mapping
@@ -5236,7 +5358,7 @@ module Aws::CognitoIdentityProvider
     #       {
     #         auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
     #         auth_parameters: {
-    #           "StringType" => "StringType",
+    #           "StringType" => "AuthParametersValueType",
     #         },
     #         client_metadata: {
     #           "StringType" => "StringType",
@@ -7144,7 +7266,21 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] developer_only_attribute
-    #   Specifies whether the attribute type is developer only.
+    #   <note markdown="1"> We recommend that you use [WriteAttributes][1] in the user pool
+    #   client to control how attributes can be mutated for new use cases
+    #   instead of using `DeveloperOnlyAttribute`.
+    #
+    #    </note>
+    #
+    #   Specifies whether the attribute type is developer only. This
+    #   attribute can only be modified by an administrator. Users will not
+    #   be able to modify this attribute using their access token. For
+    #   example, `DeveloperOnlyAttribute` can be modified using the API but
+    #   cannot be updated using the API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserPoolClientType.html#CognitoUserPools-Type-UserPoolClientType-WriteAttributes
     #   @return [Boolean]
     #
     # @!attribute [rw] mutable
@@ -8558,20 +8694,29 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
+    #
+    #   Set to `implicit` to specify that the client should get the access
+    #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get
+    #   the access token (and, optionally, ID token, based on scopes) from
+    #   the token endpoint using a combination of client and client\_secret.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided
+    #   by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
+    #   in Resource Servers are also supported.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_flows_user_pool_client
-    #   Set to TRUE if the client is allowed to follow the OAuth protocol
+    #   Set to true if the client is allowed to follow the OAuth protocol
     #   when interacting with Cognito user pools.
     #   @return [Boolean]
     #
@@ -8616,7 +8761,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors`
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
     #
@@ -9273,23 +9418,29 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] allowed_o_auth_flows
+    #   The allowed OAuth flows.
+    #
     #   Set to `code` to initiate a code grant flow, which provides an
     #   authorization code as the response. This code can be exchanged for
     #   access tokens with the token endpoint.
     #
-    #   Set to `token` to specify that the client should get the access
+    #   Set to `implicit` to specify that the client should get the access
     #   token (and, optionally, ID token, based on scopes) directly.
+    #
+    #   Set to `client_credentials` to specify that the client should get
+    #   the access token (and, optionally, ID token, based on scopes) from
+    #   the token endpoint using a combination of client and client\_secret.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_scopes
-    #   A list of allowed `OAuth` scopes. Currently supported values are
-    #   `"phone"`, `"email"`, `"openid"`, and `"Cognito"`. In addition to
-    #   these values, custom scopes created in Resource Servers are also
-    #   supported.
+    #   The allowed OAuth scopes. Possible values provided by OAuth are:
+    #   `phone`, `email`, `openid`, and `profile`. Possible values provided
+    #   by AWS are: `aws.cognito.signin.user.admin`. Custom scopes created
+    #   in Resource Servers are also supported.
     #   @return [Array<String>]
     #
     # @!attribute [rw] allowed_o_auth_flows_user_pool_client
-    #   Set to TRUE if the client is allowed to follow the OAuth protocol
+    #   Set to true if the client is allowed to follow the OAuth protocol
     #   when interacting with Cognito user pools.
     #   @return [Boolean]
     #
@@ -9334,7 +9485,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * ResendConfirmationCode
     #
-    #   <note markdown="1"> After January 1st 2020, the value of `PreventUserExistenceErrors`
+    #   <note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
     #   will default to `ENABLED` for newly created user pool clients if no
     #   value is provided.
     #
@@ -9584,6 +9735,14 @@ module Aws::CognitoIdentityProvider
     #   The user pool add-ons.
     #   @return [Types::UserPoolAddOnsType]
     #
+    # @!attribute [rw] username_configuration
+    #   You can choose to enable case sensitivity on the username input for
+    #   the selected sign-in option. For example, when this is set to
+    #   `False`, users will be able to sign in using either "username" or
+    #   "Username". This configuration is immutable once it has been set.
+    #   For more information, see .
+    #   @return [Types::UsernameConfigurationType]
+    #
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) for the user pool.
     #   @return [String]
@@ -9630,6 +9789,7 @@ module Aws::CognitoIdentityProvider
       :custom_domain,
       :admin_create_user_config,
       :user_pool_add_ons,
+      :username_configuration,
       :arn,
       :account_recovery_setting)
       include Aws::Structure
@@ -9696,6 +9856,41 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # The username configuration type.
+    #
+    # @note When making an API call, you may pass UsernameConfigurationType
+    #   data as a hash:
+    #
+    #       {
+    #         case_sensitive: false, # required
+    #       }
+    #
+    # @!attribute [rw] case_sensitive
+    #   Specifies whether username case sensitivity will be applied for all
+    #   users in the user pool through Cognito APIs.
+    #
+    #   Valid values include:
+    #
+    #   * <b> <code>True</code> </b>\: Enables case sensitivity for all
+    #     username input. When this option is set to `True`, users must sign
+    #     in using the exact capitalization of their given username. For
+    #     example, “UserName”. This is the default value.
+    #
+    #   * <b> <code>False</code> </b>\: Enables case insensitivity for all
+    #     username input. For example, when this option is set to `False`,
+    #     users will be able to sign in using either "username" or
+    #     "Username". This option also enables both `preferred_username`
+    #     and `email` alias to be case insensitive, in addition to the
+    #     `username` attribute.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UsernameConfigurationType AWS API Documentation
+    #
+    class UsernameConfigurationType < Struct.new(
+      :case_sensitive)
+      include Aws::Structure
+    end
+
     # This exception is thrown when Amazon Cognito encounters a user name
     # that already exists in the user pool.
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentityprovider
 version: !ruby/object:Gem::Version
-  version: 1.31.0
+  version: 1.32.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-26 00:00:00.000000000 Z
+date: 2020-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core