RubyGems - aws-sdk-cognitoidentityprovider - Versions diffs - 1.67.0 → 1.68.0 - Mend

aws-sdk-cognitoidentityprovider 1.67.0 → 1.68.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-cognitoidentityprovider/client.rb +62 -38
data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +29 -0
data/lib/aws-sdk-cognitoidentityprovider/errors.rb +16 -0
data/lib/aws-sdk-cognitoidentityprovider/types.rb +115 -61
data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f1666db16e250b3d677b284f444a20990e8704cbf2e8fa133f1e22b62d5ed8a
-  data.tar.gz: ca2c904117a70903e9700a5aefc5887c5ab8be887256ff33c58edd3d1afc7b48
+  metadata.gz: 9e65c9c00460118c6471adb6cd66ab179cbaf49b66b69fc2185cbee1853ee2b7
+  data.tar.gz: 3c7e855c75a534d70e18121f07309ce2fcdb995210cd66b9c69339964b1513e5
 SHA512:
-  metadata.gz: d6252319b024f9747d7a5e5eac8deec9705fb533adc9b5fc1f2f66fe7a423d29e8250a5c5a88699e1249841738a88ea7975cb5312f63c6f83d8755abbc7ba279
-  data.tar.gz: 9e7772bfb31c59aeffe8c7a7d8c853c5648209b0be155d9c3d510e884269ba5fd351e16a3b4415c42353c2fa09cdec9e7517d7984ae2a1451a0108e5a8414236
+  metadata.gz: 7588756648391c3778fe144d59fa6202042570c6dc75f284de0b9e1d21086f9b86ee2488d20747396c4a9f843762517ddbea550da0fd551f36ce915851efbe08
+  data.tar.gz: 3060bce657baa79a2f5d3f3723cfb8ebba109977e292a79b8e26e51c74945cbc8bf9b64cddaaccc6aa55bd4e5eda0c4ba387e18e98b3acc2ab8ecce29bb5f0af

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.68.0 (2022-08-03)
+------------------
+* Feature - Add a new exception type, ForbiddenException, that is returned when request is not allowed
 1.67.0 (2022-05-31)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.67.0
1	+ 1.68.0

data/lib/aws-sdk-cognitoidentityprovider/client.rb CHANGED Viewed

@@ -2286,12 +2286,12 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
-    # Begins setup of time-based one-time password multi-factor
-    # authentication (TOTP MFA) for a user, with a unique private key that
-    # Amazon Cognito generates and returns in the API response. You can
-    # authorize an `AssociateSoftwareToken` request with either the user's
-    # access token, or a session string from a challenge response that you
-    # received from Amazon Cognito.
+    # Begins setup of time-based one-time password (TOTP) multi-factor
+    # authentication (MFA) for a user, with a unique private key that Amazon
+    # Cognito generates and returns in the API response. You can authorize
+    # an `AssociateSoftwareToken` request with either the user's access
+    # token, or a session string from a challenge response that you received
+    # from Amazon Cognito.
     #
     # <note markdown="1"> Amazon Cognito disassociates an existing software token when you
     # verify the new token in a [ VerifySoftwareToken][1] API request. If
@@ -2439,16 +2439,15 @@ module Aws::CognitoIdentityProvider
     #   retrieve a forgotten password.
     #
     # @option params [required, String] :confirmation_code
-    #   The confirmation code sent by a user's request to retrieve a
-    #   forgotten password. For more information, see [ForgotPassword][1].
+    #   The confirmation code from your user's request to reset their
+    #   password. For more information, see [ForgotPassword][1].
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
     #
     # @option params [required, String] :password
-    #   The password sent by a user's request to retrieve a forgotten
-    #   password.
+    #   The new password that your user wants to set.
     #
     # @option params [Types::AnalyticsMetadataType] :analytics_metadata
     #   The Amazon Pinpoint analytics metadata for collecting metrics for
@@ -3010,7 +3009,7 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [String] :email_verification_message
     #   A string representing the email verification message.
-    #   EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
+    #   `EmailVerificationMessage` is allowed only if [EmailSendingAccount][1]
     #   is DEVELOPER.
     #
     #
@@ -3019,7 +3018,7 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [String] :email_verification_subject
     #   A string representing the email verification subject.
-    #   EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
+    #   `EmailVerificationSubject` is allowed only if [EmailSendingAccount][1]
     #   is DEVELOPER.
     #
     #
@@ -3041,7 +3040,7 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
     #   setting that tells Amazon Cognito how to handle changes to the value
     #   of your users' email address and phone number attributes. For more
-    #   information, see [ Verifying updates to to email addresses and phone
+    #   information, see [ Verifying updates to email addresses and phone
     #   numbers][1].
     #
     #
@@ -3049,7 +3048,14 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
     #
     # @option params [Types::DeviceConfigurationType] :device_configuration
-    #   The device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #
     # @option params [Types::EmailConfigurationType] :email_configuration
     #   The email configuration of your user pool. The email configuration
@@ -3412,31 +3418,41 @@ module Aws::CognitoIdentityProvider
     #
     #   Valid values include:
     #
-    #   * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
-    #     authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
-    #     replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
-    #     flow, Amazon Cognito receives the password in the request instead of
-    #     using the Secure Remote Password (SRP) protocol to verify passwords.
+    #   ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
     #
-    #   * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
+    #   : Enable admin based user password authentication flow
+    #     `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
+    #     `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     Secure Remote Password (SRP) protocol to verify passwords.
     #
-    #   * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
-    #     authentication. In this flow, Amazon Cognito receives the password
-    #     in the request instead of using the SRP protocol to verify
-    #     passwords.
+    #   ALLOW\_CUSTOM\_AUTH
     #
-    #   * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
+    #   : Enable Lambda trigger based authentication.
     #
-    #   * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
+    #   ALLOW\_USER\_PASSWORD\_AUTH
+    #
+    #   : Enable user password-based authentication. In this flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     SRP protocol to verify passwords.
+    #
+    #   ALLOW\_USER\_SRP\_AUTH
+    #
+    #   : Enable SRP-based authentication.
+    #
+    #   ALLOW\_REFRESH\_TOKEN\_AUTH
     #
-    #   If you don't specify a value for `ExplicitAuthFlows`, your app client
-    #   activates the `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`
-    #   authentication flows.
+    #   : Enable the authflow that refreshes tokens.
+    #
+    #   If you don't specify a value for `ExplicitAuthFlows`, your user
+    #   client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
     #
     # @option params [Array<String>] :supported_identity_providers
-    #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC providers.
+    #   A list of provider names for the identity providers (IdPs) that are
+    #   supported on this client. The following are supported: `COGNITO`,
+    #   `Facebook`, `Google`, `SignInWithApple`, and `LoginWithAmazon`. You
+    #   can also specify the names that you configured for the SAML and OIDC
+    #   IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP`.
     #
     # @option params [Array<String>] :callback_urls
     #   A list of allowed redirect (callback) URLs for the IdPs.
@@ -6255,7 +6271,7 @@ module Aws::CognitoIdentityProvider
     #   The SMS text message multi-factor authentication (MFA) settings.
     #
     # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
-    #   The time-based one-time password software token MFA settings.
+    #   The time-based one-time password (TOTP) software token MFA settings.
     #
     # @option params [required, String] :access_token
     #   A valid access token that Amazon Cognito issued to the user whose MFA
@@ -7163,7 +7179,7 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
     #   setting that tells Amazon Cognito how to handle changes to the value
     #   of your users' email address and phone number attributes. For more
-    #   information, see [ Verifying updates to to email addresses and phone
+    #   information, see [ Verifying updates to email addresses and phone
     #   numbers][1].
     #
     #
@@ -7189,7 +7205,14 @@ module Aws::CognitoIdentityProvider
     #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html
     #
     # @option params [Types::DeviceConfigurationType] :device_configuration
-    #   Device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #
     # @option params [Types::EmailConfigurationType] :email_configuration
     #   The email configuration of your user pool. The email configuration
@@ -7437,8 +7460,9 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [Array<String>] :supported_identity_providers
     #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC providers.
+    #   following are supported: `COGNITO`, `Facebook`, `Google`,
+    #   `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
+    #   and OIDC providers.
     #
     # @option params [Array<String>] :callback_urls
     #   A list of allowed redirect (callback) URLs for the IdPs.
@@ -7843,7 +7867,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.67.0'
+      context[:gem_version] = '1.68.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb CHANGED Viewed

@@ -217,6 +217,7 @@ module Aws::CognitoIdentityProvider
     ExplicitAuthFlowsListType = Shapes::ListShape.new(name: 'ExplicitAuthFlowsListType')
     ExplicitAuthFlowsType = Shapes::StringShape.new(name: 'ExplicitAuthFlowsType')
     FeedbackValueType = Shapes::StringShape.new(name: 'FeedbackValueType')
+    ForbiddenException = Shapes::StructureShape.new(name: 'ForbiddenException')
     ForceAliasCreation = Shapes::BooleanShape.new(name: 'ForceAliasCreation')
     ForgetDeviceRequest = Shapes::StructureShape.new(name: 'ForgetDeviceRequest')
     ForgotPasswordRequest = Shapes::StructureShape.new(name: 'ForgotPasswordRequest')
@@ -1129,6 +1130,9 @@ module Aws::CognitoIdentityProvider
     ExplicitAuthFlowsListType.member = Shapes::ShapeRef.new(shape: ExplicitAuthFlowsType)
+    ForbiddenException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
+    ForbiddenException.struct_class = Types::ForbiddenException
     ForgetDeviceRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: TokenModelType, location_name: "AccessToken"))
     ForgetDeviceRequest.add_member(:device_key, Shapes::ShapeRef.new(shape: DeviceKeyType, required: true, location_name: "DeviceKey"))
     ForgetDeviceRequest.struct_class = Types::ForgetDeviceRequest
@@ -2477,6 +2481,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:change_password, Seahorse::Model::Operation.new.tap do |o|
@@ -2496,6 +2501,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:confirm_device, Seahorse::Model::Operation.new.tap do |o|
@@ -2516,6 +2522,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:confirm_forgot_password, Seahorse::Model::Operation.new.tap do |o|
@@ -2540,6 +2547,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:confirm_sign_up, Seahorse::Model::Operation.new.tap do |o|
@@ -2563,6 +2571,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:create_group, Seahorse::Model::Operation.new.tap do |o|
@@ -2725,6 +2734,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:delete_user_attributes, Seahorse::Model::Operation.new.tap do |o|
@@ -2742,6 +2752,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:delete_user_pool, Seahorse::Model::Operation.new.tap do |o|
@@ -2890,6 +2901,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:forgot_password, Seahorse::Model::Operation.new.tap do |o|
@@ -2913,6 +2925,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: CodeDeliveryFailureException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:get_csv_header, Seahorse::Model::Operation.new.tap do |o|
@@ -2943,6 +2956,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:get_group, Seahorse::Model::Operation.new.tap do |o|
@@ -3010,6 +3024,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:get_user_attribute_verification_code, Seahorse::Model::Operation.new.tap do |o|
@@ -3035,6 +3050,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:get_user_pool_mfa_config, Seahorse::Model::Operation.new.tap do |o|
@@ -3063,6 +3079,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: PasswordResetRequiredException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:initiate_auth, Seahorse::Model::Operation.new.tap do |o|
@@ -3086,6 +3103,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:list_devices, Seahorse::Model::Operation.new.tap do |o|
@@ -3103,6 +3121,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:list_groups, Seahorse::Model::Operation.new.tap do |o|
@@ -3284,6 +3303,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: CodeDeliveryFailureException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:respond_to_auth_challenge, Seahorse::Model::Operation.new.tap do |o|
@@ -3313,6 +3333,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:revoke_token, Seahorse::Model::Operation.new.tap do |o|
@@ -3327,6 +3348,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedTokenTypeException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:set_risk_configuration, Seahorse::Model::Operation.new.tap do |o|
@@ -3371,6 +3393,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:set_user_pool_mfa_config, Seahorse::Model::Operation.new.tap do |o|
@@ -3402,6 +3425,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:sign_up, Seahorse::Model::Operation.new.tap do |o|
@@ -3425,6 +3449,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: CodeDeliveryFailureException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:start_user_import_job, Seahorse::Model::Operation.new.tap do |o|
@@ -3511,6 +3536,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:update_group, Seahorse::Model::Operation.new.tap do |o|
@@ -3578,6 +3604,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:update_user_pool, Seahorse::Model::Operation.new.tap do |o|
@@ -3647,6 +3674,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
         o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: CodeMismatchException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
       api.add_operation(:verify_user_attribute, Seahorse::Model::Operation.new.tap do |o|
@@ -3668,6 +3696,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
+        o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
     end

data/lib/aws-sdk-cognitoidentityprovider/errors.rb CHANGED Viewed

@@ -34,6 +34,7 @@ module Aws::CognitoIdentityProvider
   # * {DuplicateProviderException}
   # * {EnableSoftwareTokenMFAException}
   # * {ExpiredCodeException}
+  # * {ForbiddenException}
   # * {GroupExistsException}
   # * {InternalErrorException}
   # * {InvalidEmailRoleAccessPolicyException}
@@ -179,6 +180,21 @@ module Aws::CognitoIdentityProvider
       end
     end
+    class ForbiddenException < ServiceError
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CognitoIdentityProvider::Types::ForbiddenException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
     class GroupExistsException < ServiceError
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-cognitoidentityprovider/types.rb CHANGED Viewed

@@ -2235,7 +2235,8 @@ module Aws::CognitoIdentityProvider
     # sign-in alias.
     #
     # @!attribute [rw] message
-    #   The message sent to the user when an alias exists.
+    #   The message that Amazon Cognito sends to the user when the value of
+    #   an alias attribute is already linked to another user profile.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AliasExistsException AWS API Documentation
@@ -2365,8 +2366,8 @@ module Aws::CognitoIdentityProvider
     end
     # @!attribute [rw] secret_code
-    #   A unique generated shared secret code that is used in the time-based
-    #   one-time password (TOTP) algorithm to generate a one-time code.
+    #   A unique generated shared secret code that is used in the TOTP
+    #   algorithm to generate a one-time code.
     #   @return [String]
     #
     # @!attribute [rw] session
@@ -2783,8 +2784,8 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] confirmation_code
-    #   The confirmation code sent by a user's request to retrieve a
-    #   forgotten password. For more information, see [ForgotPassword][1].
+    #   The confirmation code from your user's request to reset their
+    #   password. For more information, see [ForgotPassword][1].
     #
     #
     #
@@ -2792,8 +2793,7 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] password
-    #   The password sent by a user's request to retrieve a forgotten
-    #   password.
+    #   The new password that your user wants to set.
     #   @return [String]
     #
     # @!attribute [rw] analytics_metadata
@@ -3499,34 +3499,42 @@ module Aws::CognitoIdentityProvider
     #
     #   Valid values include:
     #
-    #   * `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user
-    #     password authentication flow `ADMIN_USER_PASSWORD_AUTH`. This
-    #     setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this
-    #     authentication flow, Amazon Cognito receives the password in the
-    #     request instead of using the Secure Remote Password (SRP) protocol
-    #     to verify passwords.
+    #   ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
     #
-    #   * `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.
+    #   : Enable admin based user password authentication flow
+    #     `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
+    #     `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     Secure Remote Password (SRP) protocol to verify passwords.
     #
-    #   * `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
-    #     authentication. In this flow, Amazon Cognito receives the password
-    #     in the request instead of using the SRP protocol to verify
-    #     passwords.
+    #   ALLOW\_CUSTOM\_AUTH
     #
-    #   * `ALLOW_USER_SRP_AUTH`\: Enable SRP-based authentication.
+    #   : Enable Lambda trigger based authentication.
     #
-    #   * `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.
+    #   ALLOW\_USER\_PASSWORD\_AUTH
+    #
+    #   : Enable user password-based authentication. In this flow, Amazon
+    #     Cognito receives the password in the request instead of using the
+    #     SRP protocol to verify passwords.
+    #
+    #   ALLOW\_USER\_SRP\_AUTH
+    #
+    #   : Enable SRP-based authentication.
+    #
+    #   ALLOW\_REFRESH\_TOKEN\_AUTH
+    #
+    #   : Enable the authflow that refreshes tokens.
     #
-    #   If you don't specify a value for `ExplicitAuthFlows`, your app
-    #   client activates the `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`
-    #   authentication flows.
+    #   If you don't specify a value for `ExplicitAuthFlows`, your user
+    #   client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] supported_identity_providers
-    #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC
-    #   providers.
+    #   A list of provider names for the identity providers (IdPs) that are
+    #   supported on this client. The following are supported: `COGNITO`,
+    #   `Facebook`, `Google`, `SignInWithApple`, and `LoginWithAmazon`. You
+    #   can also specify the names that you configured for the SAML and OIDC
+    #   IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] callback_urls
@@ -3942,8 +3950,8 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] email_verification_message
     #   A string representing the email verification message.
-    #   EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
-    #   is DEVELOPER.
+    #   `EmailVerificationMessage` is allowed only if
+    #   [EmailSendingAccount][1] is DEVELOPER.
     #
     #
     #
@@ -3952,8 +3960,8 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] email_verification_subject
     #   A string representing the email verification subject.
-    #   EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
-    #   is DEVELOPER.
+    #   `EmailVerificationSubject` is allowed only if
+    #   [EmailSendingAccount][1] is DEVELOPER.
     #
     #
     #
@@ -3978,8 +3986,8 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a
     #   user-pool setting that tells Amazon Cognito how to handle changes to
     #   the value of your users' email address and phone number attributes.
-    #   For more information, see [ Verifying updates to to email addresses
-    #   and phone numbers][1].
+    #   For more information, see [ Verifying updates to email addresses and
+    #   phone numbers][1].
     #
     #
     #
@@ -3987,7 +3995,14 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::UserAttributeUpdateSettingsType]
     #
     # @!attribute [rw] device_configuration
-    #   The device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #   @return [Types::DeviceConfigurationType]
     #
     # @!attribute [rw] email_configuration
@@ -4657,11 +4672,12 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
-    # The device tracking configuration for a user pool. A user pool with
-    # device tracking deactivated returns a null value.
+    # The device-remembering configuration for a user pool. A null value
+    # indicates that you have deactivated device remembering in your user
+    # pool.
     #
-    # <note markdown="1"> When you provide values for any DeviceConfiguration field, you
-    # activate device tracking.
+    # <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    # activate the Amazon Cognito device-remembering feature.
     #
     #  </note>
     #
@@ -4678,17 +4694,23 @@ module Aws::CognitoIdentityProvider
     #   one-time password (TOTP) factors for multi-factor authentication
     #   (MFA).
     #
-    #   <note markdown="1"> Users that sign in with devices that have not been confirmed or
-    #   remembered will still have to provide a second factor, whether or
-    #   not ChallengeRequiredOnNewDevice is true, when your user pool
-    #   requires MFA.
+    #   <note markdown="1"> Regardless of the value of this field, users that sign in with new
+    #   devices that have not been confirmed or remembered must provide a
+    #   second factor if your user pool requires MFA.
     #
     #    </note>
     #   @return [Boolean]
     #
     # @!attribute [rw] device_only_remembered_on_user_prompt
-    #   When true, users can opt in to remembering their device. Your app
-    #   code must use callback functions to return the user's choice.
+    #   When true, Amazon Cognito doesn't remember newly-confirmed devices.
+    #   Users who want to authenticate with their device can instead opt in
+    #   to remembering their device. To collect a choice from your user,
+    #   create an input prompt in your app and return the value that the
+    #   user chooses in an [UpdateDeviceStatus][1] API request.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeviceConfigurationType AWS API Documentation
@@ -5095,6 +5117,22 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
+    # This exception is thrown when WAF doesn't allow your request based on
+    # a web ACL that's associated with your user pool.
+    #
+    # @!attribute [rw] message
+    #   The message returned when WAF doesn't allow your request based on a
+    #   web ACL that's associated with your user pool.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ForbiddenException AWS API Documentation
+    #
+    class ForbiddenException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Represents the request to forget the device.
     #
     # @note When making an API call, you may pass ForgetDeviceRequest
@@ -5578,15 +5616,17 @@ module Aws::CognitoIdentityProvider
     end
     # @!attribute [rw] sms_mfa_configuration
-    #   The SMS text message multi-factor (MFA) configuration.
+    #   The SMS text message multi-factor authentication (MFA)
+    #   configuration.
     #   @return [Types::SmsMfaConfigType]
     #
     # @!attribute [rw] software_token_mfa_configuration
-    #   The software token multi-factor (MFA) configuration.
+    #   The software token multi-factor authentication (MFA) configuration.
     #   @return [Types::SoftwareTokenMfaConfigType]
     #
     # @!attribute [rw] mfa_configuration
-    #   The multi-factor (MFA) configuration. Valid values include:
+    #   The multi-factor authentication (MFA) configuration. Valid values
+    #   include:
     #
     #   * `OFF` MFA won't be used for any users.
     #
@@ -8308,7 +8348,7 @@ module Aws::CognitoIdentityProvider
     #   @return [Types::SMSMfaSettingsType]
     #
     # @!attribute [rw] software_token_mfa_settings
-    #   The time-based one-time password software token MFA settings.
+    #   The time-based one-time password (TOTP) software token MFA settings.
     #   @return [Types::SoftwareTokenMfaSettingsType]
     #
     # @!attribute [rw] access_token
@@ -9680,9 +9720,9 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] supported_identity_providers
     #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC
-    #   providers.
+    #   following are supported: `COGNITO`, `Facebook`, `Google`,
+    #   `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
+    #   and OIDC providers.
     #   @return [Array<String>]
     #
     # @!attribute [rw] callback_urls
@@ -10065,8 +10105,8 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a
     #   user-pool setting that tells Amazon Cognito how to handle changes to
     #   the value of your users' email address and phone number attributes.
-    #   For more information, see [ Verifying updates to to email addresses
-    #   and phone numbers][1].
+    #   For more information, see [ Verifying updates to email addresses and
+    #   phone numbers][1].
     #
     #
     #
@@ -10093,7 +10133,14 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] device_configuration
-    #   Device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #   @return [Types::DeviceConfigurationType]
     #
     # @!attribute [rw] email_configuration
@@ -10174,7 +10221,7 @@ module Aws::CognitoIdentityProvider
     # the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
     # setting that tells Amazon Cognito how to handle changes to the value
     # of your users' email address and phone number attributes. For more
-    # information, see [ Verifying updates to to email addresses and phone
+    # information, see [ Verifying updates to email addresses and phone
     # numbers][1].
     #
     #
@@ -10590,9 +10637,9 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] supported_identity_providers
     #   A list of provider names for the IdPs that this client supports. The
-    #   following are supported: `COGNITO`, `Facebook`, `Google`
-    #   `LoginWithAmazon`, and the names of your own SAML and OIDC
-    #   providers.
+    #   following are supported: `COGNITO`, `Facebook`, `Google`,
+    #   `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
+    #   and OIDC providers.
     #   @return [Array<String>]
     #
     # @!attribute [rw] callback_urls
@@ -10931,8 +10978,8 @@ module Aws::CognitoIdentityProvider
     #   the property `AttributesRequireVerificationBeforeUpdate`, a
     #   user-pool setting that tells Amazon Cognito how to handle changes to
     #   the value of your users' email address and phone number attributes.
-    #   For more information, see [ Verifying updates to to email addresses
-    #   and phone numbers][1].
+    #   For more information, see [ Verifying updates to email addresses and
+    #   phone numbers][1].
     #
     #
     #
@@ -10953,7 +11000,14 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] device_configuration
-    #   The device configuration.
+    #   The device-remembering configuration for a user pool. A null value
+    #   indicates that you have deactivated device remembering in your user
+    #   pool.
+    #
+    #   <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
+    #   activate the Amazon Cognito device-remembering feature.
+    #
+    #    </note>
     #   @return [Types::DeviceConfigurationType]
     #
     # @!attribute [rw] estimated_number_of_users

data/lib/aws-sdk-cognitoidentityprovider.rb CHANGED Viewed

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # @!group service
 module Aws::CognitoIdentityProvider
-  GEM_VERSION = '1.67.0'
+  GEM_VERSION = '1.68.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentityprovider
 version: !ruby/object:Gem::Version
-  version: 1.67.0
+  version: 1.68.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-31 00:00:00.000000000 Z
+date: 2022-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core