aws-sdk-cognitoidentityprovider 1.66.0 → 1.67.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 222aac64f4eed68afada8159643dcfcc46ecb036a71fd6babde3aa7fe6fd2265
-  data.tar.gz: fce9b8e9f33f66c1d04d8f42dbf5d3bd7d577ec4ecbb684ec986659f457bf1b6
+  metadata.gz: 7f1666db16e250b3d677b284f444a20990e8704cbf2e8fa133f1e22b62d5ed8a
+  data.tar.gz: ca2c904117a70903e9700a5aefc5887c5ab8be887256ff33c58edd3d1afc7b48
 SHA512:
-  metadata.gz: f2eb8646cdc7dff95a6b45c692ca225fbddfa1a2d75e89406444e9a61c329784bc922b6c8ebb053a92c72b82c1d43b43cc1d246b9b7b5fd75b609d4b08407a3c
-  data.tar.gz: 189cda1a984127d8261e32ceaae7b9e5a07bd368c2ffbc2593d9c271d77407c0e7bf9eee5cbb0494a8936995e543a53f89d9098a787ace324c59bd0648722f67
+  metadata.gz: d6252319b024f9747d7a5e5eac8deec9705fb533adc9b5fc1f2f66fe7a423d29e8250a5c5a88699e1249841738a88ea7975cb5312f63c6f83d8755abbc7ba279
+  data.tar.gz: 9e7772bfb31c59aeffe8c7a7d8c853c5648209b0be155d9c3d510e884269ba5fd351e16a3b4415c42353c2fa09cdec9e7517d7984ae2a1451a0108e5a8414236

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.67.0 (2022-05-31)
+------------------
+
+* Feature - Amazon Cognito now supports IP Address propagation for all unauthenticated APIs (e.g. SignUp, ForgotPassword).
+
 1.66.0 (2022-05-24)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.66.0
+1.67.0

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -1221,9 +1221,11 @@ module Aws::CognitoIdentityProvider
     #   `AdminInitiateAuth` calls.
     #
     # @option params [Types::ContextDataType] :context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @return [Types::AdminInitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1791,9 +1793,11 @@ module Aws::CognitoIdentityProvider
     #   `AdminRespondToAuthChallenge` calls.
     #
     # @option params [Types::ContextDataType] :context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -2282,20 +2286,32 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # Returns a unique generated shared secret key code for the user
-    # account. The request takes an access token or a session string, but
-    # not both.
-    #
-    # <note markdown="1"> Calling AssociateSoftwareToken immediately disassociates the existing
-    # software token from the user account. If the user doesn't
-    # subsequently verify the software token, their account is set up to
-    # authenticate without MFA. If MFA config is set to Optional at the user
-    # pool level, the user can then log in without MFA. However, if MFA is
-    # set to Required for the user pool, the user is asked to set up a new
-    # software token MFA during sign-in.
+    # Begins setup of time-based one-time password multi-factor
+    # authentication (TOTP MFA) for a user, with a unique private key that
+    # Amazon Cognito generates and returns in the API response. You can
+    # authorize an `AssociateSoftwareToken` request with either the user's
+    # access token, or a session string from a challenge response that you
+    # received from Amazon Cognito.
+    #
+    # <note markdown="1"> Amazon Cognito disassociates an existing software token when you
+    # verify the new token in a [ VerifySoftwareToken][1] API request. If
+    # you don't verify the software token and your user pool doesn't
+    # require MFA, the user can then authenticate with user name and
+    # password credentials alone. If your user pool requires TOTP MFA,
+    # Amazon Cognito generates an `MFA_SETUP` or `SOFTWARE_TOKEN_SETUP`
+    # challenge each time your user signs. Complete setup with
+    # `AssociateSoftwareToken` and `VerifySoftwareToken`.
+    #
+    #  After you set up software token MFA for your user, Amazon Cognito
+    # generates a `SOFTWARE_TOKEN_MFA` challenge when they authenticate.
+    # Respond to this challenge with your user's TOTP.
     #
     #  </note>
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html
+    #
     # @option params [String] :access_token
     #   A valid access token that Amazon Cognito issued to the user whose
     #   software token you want to generate.
@@ -2439,9 +2455,11 @@ module Aws::CognitoIdentityProvider
     #   `ConfirmForgotPassword` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -2494,6 +2512,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     client_metadata: {
@@ -2541,9 +2560,11 @@ module Aws::CognitoIdentityProvider
     #   `ConfirmSignUp` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -2595,6 +2616,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     client_metadata: {
@@ -3015,6 +3037,16 @@ module Aws::CognitoIdentityProvider
     #   Specifies MFA configuration details.
     #
     # @option params [Types::UserAttributeUpdateSettingsType] :user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
+    #   setting that tells Amazon Cognito how to handle changes to the value
+    #   of your users' email address and phone number attributes. For more
+    #   information, see [ Verifying updates to to email addresses and phone
+    #   numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #
     # @option params [Types::DeviceConfigurationType] :device_configuration
     #   The device configuration.
@@ -3524,6 +3556,19 @@ module Aws::CognitoIdentityProvider
     #
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #
+    # @option params [Boolean] :enable_propagate_additional_user_context_data
+    #   Activates the propagation of additional user context data. For more
+    #   information about propagation of user context data, see [ Adding
+    #   advanced security to a user pool][1]. If you don’t include this
+    #   parameter, you can't send device fingerprint information, including
+    #   source IP address, to Amazon Cognito advanced security. You can only
+    #   activate `EnablePropagateAdditionalUserContextData` in an app client
+    #   that has a client secret.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+    #
     # @return [Types::CreateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -3561,6 +3606,7 @@ module Aws::CognitoIdentityProvider
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
     #     enable_token_revocation: false,
+    #     enable_propagate_additional_user_context_data: false,
     #   })
     #
     # @example Response structure
@@ -3602,6 +3648,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
     #   resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
     #   resp.user_pool_client.enable_token_revocation #=> Boolean
+    #   resp.user_pool_client.enable_propagate_additional_user_context_data #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClient AWS API Documentation
     #
@@ -4228,6 +4275,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
     #   resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
     #   resp.user_pool_client.enable_token_revocation #=> Boolean
+    #   resp.user_pool_client.enable_propagate_additional_user_context_data #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolClient AWS API Documentation
     #
@@ -4349,9 +4397,11 @@ module Aws::CognitoIdentityProvider
     #   the message.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [required, String] :username
     #   The user name of the user for whom you want to enter a code to reset a
@@ -4408,6 +4458,7 @@ module Aws::CognitoIdentityProvider
     #     client_id: "ClientIdType", # required
     #     secret_hash: "SecretHashType",
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     username: "UsernameType", # required
@@ -5019,9 +5070,11 @@ module Aws::CognitoIdentityProvider
     #   metrics for `InitiateAuth` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @return [Types::InitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -5045,6 +5098,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #   })
@@ -5683,9 +5737,11 @@ module Aws::CognitoIdentityProvider
     #   the message.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [required, String] :username
     #   The `username` attribute of the user to whom you want to resend a
@@ -5742,6 +5798,7 @@ module Aws::CognitoIdentityProvider
     #     client_id: "ClientIdType", # required
     #     secret_hash: "SecretHashType",
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     username: "UsernameType", # required
@@ -5868,9 +5925,11 @@ module Aws::CognitoIdentityProvider
     #   metrics for `RespondToAuthChallenge` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -5931,6 +5990,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     client_metadata: {
@@ -6416,9 +6476,11 @@ module Aws::CognitoIdentityProvider
     #   metrics for `SignUp` calls.
     #
     # @option params [Types::UserContextDataType] :user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address, or
-    #   location used for evaluating the risk of an unexpected event by Amazon
-    #   Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced security
+    #   evaluates the risk of an authentication event based on the context
+    #   that your app generates and passes to Amazon Cognito when it makes API
+    #   requests.
     #
     # @option params [Hash<String,String>] :client_metadata
     #   A map of custom key-value pairs that you can provide as input for any
@@ -6486,6 +6548,7 @@ module Aws::CognitoIdentityProvider
     #       analytics_endpoint_id: "StringType",
     #     },
     #     user_context_data: {
+    #       ip_address: "StringType",
     #       encoded_data: "StringType",
     #     },
     #     client_metadata: {
@@ -7096,6 +7159,16 @@ module Aws::CognitoIdentityProvider
     #   The contents of the SMS authentication message.
     #
     # @option params [Types::UserAttributeUpdateSettingsType] :user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
+    #   setting that tells Amazon Cognito how to handle changes to the value
+    #   of your users' email address and phone number attributes. For more
+    #   information, see [ Verifying updates to to email addresses and phone
+    #   numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #
     # @option params [String] :mfa_configuration
     #   Possible values include:
@@ -7482,6 +7555,19 @@ module Aws::CognitoIdentityProvider
     #
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #
+    # @option params [Boolean] :enable_propagate_additional_user_context_data
+    #   Activates the propagation of additional user context data. For more
+    #   information about propagation of user context data, see [ Adding
+    #   advanced security to a user pool][1]. If you don’t include this
+    #   parameter, you can't send device fingerprint information, including
+    #   source IP address, to Amazon Cognito advanced security. You can only
+    #   activate `EnablePropagateAdditionalUserContextData` in an app client
+    #   that has a client secret.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+    #
     # @return [Types::UpdateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -7519,6 +7605,7 @@ module Aws::CognitoIdentityProvider
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
     #     enable_token_revocation: false,
+    #     enable_propagate_additional_user_context_data: false,
     #   })
     #
     # @example Response structure
@@ -7560,6 +7647,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
     #   resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
     #   resp.user_pool_client.enable_token_revocation #=> Boolean
+    #   resp.user_pool_client.enable_propagate_additional_user_context_data #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClient AWS API Documentation
     #
@@ -7755,7 +7843,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.66.0'
+      context[:gem_version] = '1.67.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb

@@ -928,6 +928,7 @@ module Aws::CognitoIdentityProvider
     CreateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
     CreateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
     CreateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
+    CreateUserPoolClientRequest.add_member(:enable_propagate_additional_user_context_data, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnablePropagateAdditionalUserContextData"))
     CreateUserPoolClientRequest.struct_class = Types::CreateUserPoolClientRequest
 
     CreateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1782,6 +1783,7 @@ module Aws::CognitoIdentityProvider
     UpdateUserPoolClientRequest.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
     UpdateUserPoolClientRequest.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
     UpdateUserPoolClientRequest.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
+    UpdateUserPoolClientRequest.add_member(:enable_propagate_additional_user_context_data, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnablePropagateAdditionalUserContextData"))
     UpdateUserPoolClientRequest.struct_class = Types::UpdateUserPoolClientRequest
 
     UpdateUserPoolClientResponse.add_member(:user_pool_client, Shapes::ShapeRef.new(shape: UserPoolClientType, location_name: "UserPoolClient"))
@@ -1820,6 +1822,7 @@ module Aws::CognitoIdentityProvider
     UserAttributeUpdateSettingsType.add_member(:attributes_require_verification_before_update, Shapes::ShapeRef.new(shape: AttributesRequireVerificationBeforeUpdateType, location_name: "AttributesRequireVerificationBeforeUpdate"))
     UserAttributeUpdateSettingsType.struct_class = Types::UserAttributeUpdateSettingsType
 
+    UserContextDataType.add_member(:ip_address, Shapes::ShapeRef.new(shape: StringType, location_name: "IpAddress"))
     UserContextDataType.add_member(:encoded_data, Shapes::ShapeRef.new(shape: StringType, location_name: "EncodedData"))
     UserContextDataType.struct_class = Types::UserContextDataType
 
@@ -1890,6 +1893,7 @@ module Aws::CognitoIdentityProvider
     UserPoolClientType.add_member(:analytics_configuration, Shapes::ShapeRef.new(shape: AnalyticsConfigurationType, location_name: "AnalyticsConfiguration"))
     UserPoolClientType.add_member(:prevent_user_existence_errors, Shapes::ShapeRef.new(shape: PreventUserExistenceErrorTypes, location_name: "PreventUserExistenceErrors"))
     UserPoolClientType.add_member(:enable_token_revocation, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnableTokenRevocation"))
+    UserPoolClientType.add_member(:enable_propagate_additional_user_context_data, Shapes::ShapeRef.new(shape: WrappedBooleanType, location_name: "EnablePropagateAdditionalUserContextData"))
     UserPoolClientType.struct_class = Types::UserPoolClientType
 
     UserPoolDescriptionType.add_member(:id, Shapes::ShapeRef.new(shape: UserPoolIdType, location_name: "Id"))

data/lib/aws-sdk-cognitoidentityprovider/types.rb

@@ -1127,9 +1127,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::ContextDataType]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminInitiateAuthRequest AWS API Documentation
@@ -1737,9 +1739,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::ContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -2225,7 +2229,7 @@ module Aws::CognitoIdentityProvider
 
     # This exception is thrown when a user tries to confirm the account with
     # an email address or phone number that has already been supplied as an
-    # alias from a different account. This exception indicates that an
+    # alias for a different user profile. This exception indicates that an
     # account with this email address or phone already exists in a user pool
     # that you've configured to use email address or phone number as a
     # sign-in alias.
@@ -2755,6 +2759,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         client_metadata: {
@@ -2797,9 +2802,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -2877,6 +2884,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         client_metadata: {
@@ -2919,9 +2927,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -3004,7 +3014,7 @@ module Aws::CognitoIdentityProvider
     #       }
     #
     # @!attribute [rw] ip_address
-    #   Source IP address of your user.
+    #   The source IP address of your user's device.
     #   @return [String]
     #
     # @!attribute [rw] server_name
@@ -3020,8 +3030,14 @@ module Aws::CognitoIdentityProvider
     #   @return [Array<Types::HttpHeader>]
     #
     # @!attribute [rw] encoded_data
-    #   Encoded data containing device fingerprinting details collected
-    #   using the Amazon Cognito context data collection library.
+    #   Encoded device-fingerprint details that your app collected with the
+    #   Amazon Cognito context data collection library. For more
+    #   information, see [Adding user device and session data to API
+    #   requests][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ContextDataType AWS API Documentation
@@ -3384,6 +3400,7 @@ module Aws::CognitoIdentityProvider
     #         },
     #         prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
     #         enable_token_revocation: false,
+    #         enable_propagate_additional_user_context_data: false,
     #       }
     #
     # @!attribute [rw] user_pool_id
@@ -3639,6 +3656,20 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #   @return [Boolean]
     #
+    # @!attribute [rw] enable_propagate_additional_user_context_data
+    #   Activates the propagation of additional user context data. For more
+    #   information about propagation of user context data, see [ Adding
+    #   advanced security to a user pool][1]. If you don’t include this
+    #   parameter, you can't send device fingerprint information, including
+    #   source IP address, to Amazon Cognito advanced security. You can only
+    #   activate `EnablePropagateAdditionalUserContextData` in an app client
+    #   that has a client secret.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClientRequest AWS API Documentation
     #
     class CreateUserPoolClientRequest < Struct.new(
@@ -3661,7 +3692,8 @@ module Aws::CognitoIdentityProvider
       :allowed_o_auth_flows_user_pool_client,
       :analytics_configuration,
       :prevent_user_existence_errors,
-      :enable_token_revocation)
+      :enable_token_revocation,
+      :enable_propagate_additional_user_context_data)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3942,6 +3974,16 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a
+    #   user-pool setting that tells Amazon Cognito how to handle changes to
+    #   the value of your users' email address and phone number attributes.
+    #   For more information, see [ Verifying updates to to email addresses
+    #   and phone numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #   @return [Types::UserAttributeUpdateSettingsType]
     #
     # @!attribute [rw] device_configuration
@@ -4959,7 +5001,7 @@ module Aws::CognitoIdentityProvider
     # request.
     #
     # @!attribute [rw] ip_address
-    #   The user's IP address.
+    #   The source IP address of your user's device.
     #   @return [String]
     #
     # @!attribute [rw] device_name
@@ -5090,6 +5132,7 @@ module Aws::CognitoIdentityProvider
     #         client_id: "ClientIdType", # required
     #         secret_hash: "SecretHashType",
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         username: "UsernameType", # required
@@ -5112,9 +5155,11 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] username
@@ -5179,8 +5224,7 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
-    # Represents the response from the server regarding the request to reset
-    # a password.
+    # The response from Amazon Cognito to a request to reset a password.
     #
     # @!attribute [rw] code_delivery_details
     #   The code delivery details returned by the server in response to the
@@ -5895,6 +5939,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #       }
@@ -6023,9 +6068,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InitiateAuthRequest AWS API Documentation
@@ -7450,6 +7497,7 @@ module Aws::CognitoIdentityProvider
     #         client_id: "ClientIdType", # required
     #         secret_hash: "SecretHashType",
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         username: "UsernameType", # required
@@ -7472,9 +7520,11 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] username
@@ -7642,6 +7692,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         client_metadata: {
@@ -7729,9 +7780,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -8429,6 +8482,7 @@ module Aws::CognitoIdentityProvider
     #           analytics_endpoint_id: "StringType",
     #         },
     #         user_context_data: {
+    #           ip_address: "StringType",
     #           encoded_data: "StringType",
     #         },
     #         client_metadata: {
@@ -8471,9 +8525,11 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::AnalyticsMetadataType]
     #
     # @!attribute [rw] user_context_data
-    #   Contextual data such as the user's device fingerprint, IP address,
-    #   or location used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Contextual data about your user session, such as the device
+    #   fingerprint, IP address, or location. Amazon Cognito advanced
+    #   security evaluates the risk of an authentication event based on the
+    #   context that your app generates and passes to Amazon Cognito when it
+    #   makes API requests.
     #   @return [Types::UserContextDataType]
     #
     # @!attribute [rw] client_metadata
@@ -8899,18 +8955,21 @@ module Aws::CognitoIdentityProvider
     #       }
     #
     # @!attribute [rw] access_token
-    #   A time unit in “seconds”, “minutes”, “hours”, or “days” for the
-    #   value in AccessTokenValidity, defaulting to hours.
+    #   A time unit of `seconds`, `minutes`, `hours`, or `days` for the
+    #   value that you set in the `AccessTokenValidity` parameter. The
+    #   default `AccessTokenValidity` time unit is hours.
     #   @return [String]
     #
     # @!attribute [rw] id_token
-    #   A time unit in “seconds”, “minutes”, “hours”, or “days” for the
-    #   value in IdTokenValidity, defaulting to hours.
+    #   A time unit of `seconds`, `minutes`, `hours`, or `days` for the
+    #   value that you set in the `IdTokenValidity` parameter. The default
+    #   `IdTokenValidity` time unit is hours.
     #   @return [String]
     #
     # @!attribute [rw] refresh_token
-    #   A time unit in “seconds”, “minutes”, “hours”, or “days” for the
-    #   value in RefreshTokenValidity, defaulting to days.
+    #   A time unit of `seconds`, `minutes`, `hours`, or `days` for the
+    #   value that you set in the `RefreshTokenValidity` parameter. The
+    #   default `RefreshTokenValidity` time unit is days.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TokenValidityUnitsType AWS API Documentation
@@ -9517,6 +9576,7 @@ module Aws::CognitoIdentityProvider
     #         },
     #         prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
     #         enable_token_revocation: false,
+    #         enable_propagate_additional_user_context_data: false,
     #       }
     #
     # @!attribute [rw] user_pool_id
@@ -9749,6 +9809,20 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #   @return [Boolean]
     #
+    # @!attribute [rw] enable_propagate_additional_user_context_data
+    #   Activates the propagation of additional user context data. For more
+    #   information about propagation of user context data, see [ Adding
+    #   advanced security to a user pool][1]. If you don’t include this
+    #   parameter, you can't send device fingerprint information, including
+    #   source IP address, to Amazon Cognito advanced security. You can only
+    #   activate `EnablePropagateAdditionalUserContextData` in an app client
+    #   that has a client secret.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClientRequest AWS API Documentation
     #
     class UpdateUserPoolClientRequest < Struct.new(
@@ -9771,7 +9845,8 @@ module Aws::CognitoIdentityProvider
       :allowed_o_auth_flows_user_pool_client,
       :analytics_configuration,
       :prevent_user_existence_errors,
-      :enable_token_revocation)
+      :enable_token_revocation,
+      :enable_propagate_additional_user_context_data)
       SENSITIVE = [:client_id]
       include Aws::Structure
     end
@@ -9986,6 +10061,16 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a
+    #   user-pool setting that tells Amazon Cognito how to handle changes to
+    #   the value of your users' email address and phone number attributes.
+    #   For more information, see [ Verifying updates to to email addresses
+    #   and phone numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #   @return [Types::UserAttributeUpdateSettingsType]
     #
     # @!attribute [rw] mfa_configuration
@@ -10085,7 +10170,16 @@ module Aws::CognitoIdentityProvider
     #
     class UpdateUserPoolResponse < Aws::EmptyStructure; end
 
-    # The settings for updates to user attributes.
+    # The settings for updates to user attributes. These settings include
+    # the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
+    # setting that tells Amazon Cognito how to handle changes to the value
+    # of your users' email address and phone number attributes. For more
+    # information, see [ Verifying updates to to email addresses and phone
+    # numbers][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #
     # @note When making an API call, you may pass UserAttributeUpdateSettingsType
     #   data as a hash:
@@ -10130,27 +10224,37 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
-    # Information that your app generates about a user's
-    # `AdminInitiateAuth` or `AdminRespondToAuthChallenge` session. Amazon
-    # Cognito advanced security features calculate risk levels for user
-    # sessions based on this context data.
+    # Contextual data, such as the user's device fingerprint, IP address,
+    # or location, used for evaluating the risk of an unexpected event by
+    # Amazon Cognito advanced security.
     #
     # @note When making an API call, you may pass UserContextDataType
     #   data as a hash:
     #
     #       {
+    #         ip_address: "StringType",
     #         encoded_data: "StringType",
     #       }
     #
+    # @!attribute [rw] ip_address
+    #   The source IP address of your user's device.
+    #   @return [String]
+    #
     # @!attribute [rw] encoded_data
-    #   Contextual data, such as the user's device fingerprint, IP address,
-    #   or location, used for evaluating the risk of an unexpected event by
-    #   Amazon Cognito advanced security.
+    #   Encoded device-fingerprint details that your app collected with the
+    #   Amazon Cognito context data collection library. For more
+    #   information, see [Adding user device and session data to API
+    #   requests][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserContextDataType AWS API Documentation
     #
     class UserContextDataType < Struct.new(
+      :ip_address,
       :encoded_data)
       SENSITIVE = []
       include Aws::Structure
@@ -10616,6 +10720,33 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #   @return [Boolean]
     #
+    # @!attribute [rw] enable_propagate_additional_user_context_data
+    #   When `EnablePropagateAdditionalUserContextData` is true, Amazon
+    #   Cognito accepts an `IpAddress` value that you send in the
+    #   `UserContextData` parameter. The `UserContextData` parameter sends
+    #   information to Amazon Cognito advanced security for risk analysis.
+    #   You can send `UserContextData` when you sign in Amazon Cognito
+    #   native users with the `InitiateAuth` and `RespondToAuthChallenge`
+    #   API operations.
+    #
+    #   When `EnablePropagateAdditionalUserContextData` is false, you can't
+    #   send your user's source IP address to Amazon Cognito advanced
+    #   security with unauthenticated API operations.
+    #   `EnablePropagateAdditionalUserContextData` doesn't affect whether
+    #   you can send a source IP address in a `ContextData` parameter with
+    #   the authenticated API operations `AdminInitiateAuth` and
+    #   `AdminRespondToAuthChallenge`.
+    #
+    #   You can only activate `EnablePropagateAdditionalUserContextData` in
+    #   an app client that has a client secret. For more information about
+    #   propagation of user context data, see [Adding user device and
+    #   session data to API requests][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolClientType AWS API Documentation
     #
     class UserPoolClientType < Struct.new(
@@ -10641,7 +10772,8 @@ module Aws::CognitoIdentityProvider
       :allowed_o_auth_flows_user_pool_client,
       :analytics_configuration,
       :prevent_user_existence_errors,
-      :enable_token_revocation)
+      :enable_token_revocation,
+      :enable_propagate_additional_user_context_data)
       SENSITIVE = [:client_id, :client_secret]
       include Aws::Structure
     end
@@ -10795,6 +10927,16 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] user_attribute_update_settings
+    #   The settings for updates to user attributes. These settings include
+    #   the property `AttributesRequireVerificationBeforeUpdate`, a
+    #   user-pool setting that tells Amazon Cognito how to handle changes to
+    #   the value of your users' email address and phone number attributes.
+    #   For more information, see [ Verifying updates to to email addresses
+    #   and phone numbers][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #   @return [Types::UserAttributeUpdateSettingsType]
     #
     # @!attribute [rw] mfa_configuration

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # @!group service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.66.0'
+  GEM_VERSION = '1.67.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentityprovider
 version: !ruby/object:Gem::Version
-  version: 1.66.0
+  version: 1.67.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-05-24 00:00:00.000000000 Z
+date: 2022-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core