npm - @aws-sdk/client-cognito-identity-provider - Versions diffs - 3.649.0 → 3.651.0 - Mend

@aws-sdk/client-cognito-identity-provider 3.649.0 → 3.651.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (133) hide show

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -1402,7 +1402,7 @@ export interface AdminGetUserResponse {
     PreferredMfaSetting?: string;
     /**
      * <p>The MFA options that are activated for the user. The possible values in this list are
-     *                 <code>SMS_MFA</code> and <code>SOFTWARE_TOKEN_MFA</code>.</p>
+     *             <code>SMS_MFA</code>, <code>EMAIL_OTP</code>, and <code>SOFTWARE_TOKEN_MFA</code>.</p>
      * @public
      */
     UserMFASettingList?: string[];
@@ -1733,6 +1733,7 @@ export declare const ChallengeNameType: {
     readonly CUSTOM_CHALLENGE: "CUSTOM_CHALLENGE";
     readonly DEVICE_PASSWORD_VERIFIER: "DEVICE_PASSWORD_VERIFIER";
     readonly DEVICE_SRP_AUTH: "DEVICE_SRP_AUTH";
+    readonly EMAIL_OTP: "EMAIL_OTP";
     readonly MFA_SETUP: "MFA_SETUP";
     readonly NEW_PASSWORD_REQUIRED: "NEW_PASSWORD_REQUIRED";
     readonly PASSWORD_VERIFIER: "PASSWORD_VERIFIER";
@@ -1764,13 +1765,21 @@ export interface AdminInitiateAuthResponse {
      *             <li>
      *                <p>
      *                   <code>SELECT_MFA_TYPE</code>: Selects the MFA type. Valid MFA options are
-     *                         <code>SMS_MFA</code> for text SMS MFA, and <code>SOFTWARE_TOKEN_MFA</code>
-     *                     for time-based one-time password (TOTP) software token MFA.</p>
+     *                     <code>SMS_MFA</code> for SMS message MFA, <code>EMAIL_OTP</code> for email
+     *                     message MFA, and <code>SOFTWARE_TOKEN_MFA</code> for time-based one-time
+     *                     password (TOTP) software token MFA.</p>
      *             </li>
      *             <li>
      *                <p>
      *                   <code>SMS_MFA</code>: Next challenge is to supply an
-     *                     <code>SMS_MFA_CODE</code>, delivered via SMS.</p>
+     *                     <code>SMS_MFA_CODE</code>that your user pool delivered
+     *                     in an SMS message.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>EMAIL_OTP</code>: Next challenge is to supply an
+     *                     <code>EMAIL_OTP_CODE</code> that your user pool delivered
+     *                     in an email message.</p>
      *             </li>
      *             <li>
      *                <p>
@@ -1867,6 +1876,19 @@ export interface AdminInitiateAuthResponse {
      */
     AuthenticationResult?: AuthenticationResultType;
 }
+/**
+ * <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
+ *             status code: 400.</p>
+ * @public
+ */
+export declare class InvalidEmailRoleAccessPolicyException extends __BaseException {
+    readonly name: "InvalidEmailRoleAccessPolicyException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InvalidEmailRoleAccessPolicyException, __BaseException>);
+}
 /**
  * <p>This exception is thrown when Amazon Cognito can't find a multi-factor authentication
  *             (MFA) method.</p>
@@ -2503,19 +2525,6 @@ export interface AdminResetUserPasswordRequest {
  */
 export interface AdminResetUserPasswordResponse {
 }
-/**
- * <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
- *             status code: 400.</p>
- * @public
- */
-export declare class InvalidEmailRoleAccessPolicyException extends __BaseException {
-    readonly name: "InvalidEmailRoleAccessPolicyException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InvalidEmailRoleAccessPolicyException, __BaseException>);
-}
 /**
  * <p>The request to respond to the authentication challenge, as an administrator.</p>
  * @public
@@ -2549,11 +2558,22 @@ export interface AdminRespondToAuthChallengeRequest {
      *             <dd>
      *                <p>
      *                   <code>"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
-     *                     "[SMS_code]", "USERNAME": "[username]"\}</code>
+     *                     "[code]", "USERNAME": "[username]"\}</code>
+     *                </p>
+     *             </dd>
+     *             <dt>EMAIL_OTP</dt>
+     *             <dd>
+     *                <p>
+     *                   <code>"ChallengeName": "EMAIL_OTP", "ChallengeResponses": \{"EMAIL_OTP_CODE":
+     *                     "[code]", "USERNAME": "[username]"\}</code>
      *                </p>
      *             </dd>
      *             <dt>PASSWORD_VERIFIER</dt>
      *             <dd>
+     *                <p>This challenge response is part of the SRP flow. Amazon Cognito requires
+     *             that your application respond to this challenge within a few seconds. When
+     *             the response time exceeds this period, your user pool returns a
+     *             <code>NotAuthorizedException</code> error.</p>
      *                <p>
      *                   <code>"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
      *                     \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
@@ -2801,6 +2821,27 @@ export declare class SoftwareTokenMFANotFoundException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<SoftwareTokenMFANotFoundException, __BaseException>);
 }
+/**
+ * <p>User preferences for multi-factor authentication with email messages. Activates or
+ *             deactivates email MFA and sets it as the preferred MFA method when multiple methods are
+ *             available. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+ *                      advanced security features</a> must be active in your user pool.</p>
+ * @public
+ */
+export interface EmailMfaSettingsType {
+    /**
+     * <p>Specifies whether email message MFA is active for a user. When the value of this
+     *             parameter is <code>Enabled</code>, the user will be prompted for MFA during all sign-in
+     *             attempts, unless device tracking is turned on and the device has been trusted.</p>
+     * @public
+     */
+    Enabled?: boolean;
+    /**
+     * <p>Specifies whether email message MFA is the user's preferred method.</p>
+     * @public
+     */
+    PreferredMfa?: boolean;
+}
 /**
  * <p>The type used for enabling SMS multi-factor authentication (MFA) at the user level.
  *             Phone numbers don't need to be verified to be used for SMS MFA. If an MFA type is
@@ -2812,7 +2853,7 @@ export declare class SoftwareTokenMFANotFoundException extends __BaseException {
  */
 export interface SMSMfaSettingsType {
     /**
-     * <p>Specifies whether SMS text message MFA is activated. If an MFA type is activated for a
+     * <p>Specifies whether SMS message MFA is activated. If an MFA type is activated for a
      *             user, the user will be prompted for MFA during all sign-in attempts, unless device
      *             tracking is turned on and the device has been trusted.</p>
      * @public
@@ -2851,15 +2892,25 @@ export interface SoftwareTokenMfaSettingsType {
  */
 export interface AdminSetUserMFAPreferenceRequest {
     /**
-     * <p>The SMS text message MFA settings.</p>
+     * <p>User preferences for SMS message MFA. Activates or deactivates SMS MFA and sets it as
+     *             the preferred MFA method when multiple methods are available.</p>
      * @public
      */
     SMSMfaSettings?: SMSMfaSettingsType;
     /**
-     * <p>The time-based one-time password software token MFA settings.</p>
+     * <p>User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates
+     *             TOTP MFA and sets it as the preferred MFA method when multiple methods are
+     *             available.</p>
      * @public
      */
     SoftwareTokenMfaSettings?: SoftwareTokenMfaSettingsType;
+    /**
+     * <p>User preferences for email message MFA. Activates or deactivates email MFA and sets it
+     *             as the preferred MFA method when multiple methods are available. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaSettings?: EmailMfaSettingsType;
     /**
      * <p>The username of the user that you want to query or modify. The value of this parameter
      *             is typically your user's username, but it can be any of their alias attributes. If
@@ -2870,7 +2921,7 @@ export interface AdminSetUserMFAPreferenceRequest {
      */
     Username: string | undefined;
     /**
-     * <p>The user pool ID.</p>
+     * <p>The ID of the user pool where you want to set a user's MFA preferences.</p>
      * @public
      */
     UserPoolId: string | undefined;
@@ -5547,7 +5598,7 @@ export interface CreateUserPoolClientRequest {
      */
     TokenValidityUnits?: TokenValidityUnitsType;
     /**
-     * <p>The list of user attributes that you want your app client to have read-only access to.
+     * <p>The list of user attributes that you want your app client to have read access to.
      *     After your user authenticates in your app, their access token authorizes them to read
      *     their own attribute value for any attribute in this list. An example of this kind of
      *     activity is when your user selects a link to view their profile information. Your app
@@ -5556,7 +5607,7 @@ export interface CreateUserPoolClientRequest {
      *          <p>When you don't specify the <code>ReadAttributes</code> for your app client, your
      *     app can read the values of <code>email_verified</code>,
      *         <code>phone_number_verified</code>, and the Standard attributes of your user pool.
-     *     When your user pool has read access to these default attributes,
+     *     When your user pool app client has read access to these default attributes,
      *         <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
      *     populates <code>ReadAttributes</code> in the API response if you have specified your own
      *     custom set of read attributes.</p>
@@ -5906,7 +5957,7 @@ export interface UserPoolClientType {
      */
     TokenValidityUnits?: TokenValidityUnitsType;
     /**
-     * <p>The list of user attributes that you want your app client to have read-only access to.
+     * <p>The list of user attributes that you want your app client to have read access to.
      *     After your user authenticates in your app, their access token authorizes them to read
      *     their own attribute value for any attribute in this list. An example of this kind of
      *     activity is when your user selects a link to view their profile information. Your app
@@ -5915,7 +5966,7 @@ export interface UserPoolClientType {
      *          <p>When you don't specify the <code>ReadAttributes</code> for your app client, your
      *     app can read the values of <code>email_verified</code>,
      *         <code>phone_number_verified</code>, and the Standard attributes of your user pool.
-     *     When your user pool has read access to these default attributes,
+     *     When your user pool app client has read access to these default attributes,
      *         <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
      *     populates <code>ReadAttributes</code> in the API response if you have specified your own
      *     custom set of read attributes.</p>
@@ -7287,7 +7338,7 @@ export interface GetUserResponse {
     PreferredMfaSetting?: string;
     /**
      * <p>The MFA options that are activated for the user. The possible values in this list are
-     *                 <code>SMS_MFA</code> and <code>SOFTWARE_TOKEN_MFA</code>.</p>
+     *             <code>SMS_MFA</code>, <code>EMAIL_OTP</code>, and <code>SOFTWARE_TOKEN_MFA</code>.</p>
      * @public
      */
     UserMFASettingList?: string[];
@@ -7369,14 +7420,38 @@ export interface GetUserPoolMfaConfigRequest {
     UserPoolId: string | undefined;
 }
 /**
- * <p>The SMS text message multi-factor authentication (MFA) configuration type.</p>
+ * <p>Sets or shows user pool email message configuration for MFA. Includes the subject and
+ *             body of the email message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+ *                      advanced security features</a> must be active in your user pool.</p>
+ * @public
+ */
+export interface EmailMfaConfigType {
+    /**
+     * <p>The template for the email message that your user pool sends to users with an MFA
+     *             code. The message must contain the <code>\{####\}</code> placeholder. In the message,
+     *             Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter,
+     *             Amazon Cognito sends messages in the default format.</p>
+     * @public
+     */
+    Message?: string;
+    /**
+     * <p>The subject of the email message that your user pool sends to users with an MFA
+     *             code.</p>
+     * @public
+     */
+    Subject?: string;
+}
+/**
+ * <p>Configures user pool SMS messages for multi-factor authentication (MFA). Sets the
+ *             message template and the SMS message sending configuration for Amazon SNS.</p>
  * @public
  */
 export interface SmsMfaConfigType {
     /**
-     * <p>The SMS authentication message that will be sent to users with the code they must sign
-     *             in. The message must contain the ‘\{####\}’ placeholder, which is replaced with the code.
-     *             If the message isn't included, and default message will be used.</p>
+     * <p>The SMS message that your user pool sends to users with an MFA code. The message must
+     *             contain the <code>\{####\}</code> placeholder. In the message, Amazon Cognito replaces this
+     *             placeholder with the code. If you don't provide this parameter, Amazon Cognito sends
+     *             messages in the default format.</p>
      * @public
      */
     SmsAuthenticationMessage?: string;
@@ -7390,7 +7465,8 @@ export interface SmsMfaConfigType {
     SmsConfiguration?: SmsConfigurationType;
 }
 /**
- * <p>The type used for enabling software token MFA at the user pool level.</p>
+ * <p>Configures a user pool for time-based one-time password (TOTP) multi-factor
+ *             authentication (MFA). Enables or disables TOTP.</p>
  * @public
  */
 export interface SoftwareTokenMfaConfigType {
@@ -7405,15 +7481,24 @@ export interface SoftwareTokenMfaConfigType {
  */
 export interface GetUserPoolMfaConfigResponse {
     /**
-     * <p>The SMS text message multi-factor authentication (MFA) configuration.</p>
+     * <p>Shows user pool SMS message configuration for MFA. Includes the message template and
+     *             the SMS message sending configuration for Amazon SNS.</p>
      * @public
      */
     SmsMfaConfiguration?: SmsMfaConfigType;
     /**
-     * <p>The software token multi-factor authentication (MFA) configuration.</p>
+     * <p>Shows user pool configuration for time-based one-time password (TOTP) MFA. Includes
+     *             TOTP enabled or disabled state.</p>
      * @public
      */
     SoftwareTokenMfaConfiguration?: SoftwareTokenMfaConfigType;
+    /**
+     * <p>Shows user pool email message configuration for MFA. Includes the subject and body of
+     *             the email message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaConfiguration?: EmailMfaConfigType;
     /**
      * <p>The multi-factor authentication (MFA) configuration. Valid values include:</p>
      *          <ul>
@@ -7645,7 +7730,14 @@ export interface InitiateAuthResponse {
      *             <li>
      *                <p>
      *                   <code>SMS_MFA</code>: Next challenge is to supply an
-     *                     <code>SMS_MFA_CODE</code>, delivered via SMS.</p>
+     *                     <code>SMS_MFA_CODE</code>that your user pool delivered
+     *                     in an SMS message.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>EMAIL_OTP</code>: Next challenge is to supply an
+     *                     <code>EMAIL_OTP_CODE</code> that your user pool delivered
+     *                     in an email message.</p>
      *             </li>
      *             <li>
      *                <p>
@@ -8436,11 +8528,22 @@ export interface RespondToAuthChallengeRequest {
      *             <dd>
      *                <p>
      *                   <code>"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
-     *                     "[SMS_code]", "USERNAME": "[username]"\}</code>
+     *                     "[code]", "USERNAME": "[username]"\}</code>
+     *                </p>
+     *             </dd>
+     *             <dt>EMAIL_OTP</dt>
+     *             <dd>
+     *                <p>
+     *                   <code>"ChallengeName": "EMAIL_OTP", "ChallengeResponses": \{"EMAIL_OTP_CODE":
+     *                     "[code]", "USERNAME": "[username]"\}</code>
      *                </p>
      *             </dd>
      *             <dt>PASSWORD_VERIFIER</dt>
      *             <dd>
+     *                <p>This challenge response is part of the SRP flow. Amazon Cognito requires
+     *             that your application respond to this challenge within a few seconds. When
+     *             the response time exceeds this period, your user pool returns a
+     *             <code>NotAuthorizedException</code> error.</p>
      *                <p>
      *                   <code>"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
      *                     \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
@@ -8576,57 +8679,6 @@ export interface RespondToAuthChallengeRequest {
      */
     ClientMetadata?: Record<string, string>;
 }
-/**
- * <p>The response to respond to the authentication challenge.</p>
- * @public
- */
-export interface RespondToAuthChallengeResponse {
-    /**
-     * <p>The challenge name. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>.</p>
-     * @public
-     */
-    ChallengeName?: ChallengeNameType;
-    /**
-     * <p>The session that should be passed both ways in challenge-response calls to the
-     *             service. If the caller must pass another challenge, they return a session with other
-     *             challenge parameters. This session should be passed as it is to the next
-     *                 <code>RespondToAuthChallenge</code> API call.</p>
-     * @public
-     */
-    Session?: string;
-    /**
-     * <p>The challenge parameters. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>.</p>
-     * @public
-     */
-    ChallengeParameters?: Record<string, string>;
-    /**
-     * <p>The result returned by the server in response to the request to respond to the
-     *             authentication challenge.</p>
-     * @public
-     */
-    AuthenticationResult?: AuthenticationResultType;
-}
-/**
- * @public
- */
-export interface RevokeTokenRequest {
-    /**
-     * <p>The refresh token that you want to revoke.</p>
-     * @public
-     */
-    Token: string | undefined;
-    /**
-     * <p>The client ID for the token that you want to revoke.</p>
-     * @public
-     */
-    ClientId: string | undefined;
-    /**
-     * <p>The secret for the client ID. This is required only if the client ID has a
-     *             secret.</p>
-     * @public
-     */
-    ClientSecret?: string;
-}
 /**
  * @internal
  */
@@ -8915,11 +8967,3 @@ export declare const ResendConfirmationCodeRequestFilterSensitiveLog: (obj: Rese
  * @internal
  */
 export declare const RespondToAuthChallengeRequestFilterSensitiveLog: (obj: RespondToAuthChallengeRequest) => any;
-/**
- * @internal
- */
-export declare const RespondToAuthChallengeResponseFilterSensitiveLog: (obj: RespondToAuthChallengeResponse) => any;
-/**
- * @internal
- */
-export declare const RevokeTokenRequestFilterSensitiveLog: (obj: RevokeTokenRequest) => any;

package/dist-types/models/models_1.d.ts CHANGED Viewed

@@ -1,6 +1,57 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { CognitoIdentityProviderServiceException as __BaseException } from "./CognitoIdentityProviderServiceException";
-import { AccountRecoverySettingType, AccountTakeoverRiskConfigurationType, AdminCreateUserConfigType, AnalyticsConfigurationType, AnalyticsMetadataType, AttributeType, CodeDeliveryDetailsType, CompromisedCredentialsRiskConfigurationType, CustomDomainConfigType, DeletionProtectionType, DeviceConfigurationType, DeviceRememberedStatusType, EmailConfigurationType, ExplicitAuthFlowsType, FeedbackValueType, GroupType, IdentityProviderType, LambdaConfigType, LogConfigurationType, LogDeliveryConfigurationType, MFAOptionType, OAuthFlowType, PreventUserExistenceErrorTypes, ResourceServerScopeType, ResourceServerType, RiskConfigurationType, RiskExceptionConfigurationType, SmsConfigurationType, SmsMfaConfigType, SMSMfaSettingsType, SoftwareTokenMfaConfigType, SoftwareTokenMfaSettingsType, TokenValidityUnitsType, UICustomizationType, UserAttributeUpdateSettingsType, UserContextDataType, UserImportJobType, UserPoolAddOnsType, UserPoolClientType, UserPoolMfaType, UserPoolPolicyType, VerificationMessageTemplateType, VerifiedAttributeType } from "./models_0";
+import { AccountRecoverySettingType, AccountTakeoverRiskConfigurationType, AdminCreateUserConfigType, AnalyticsConfigurationType, AnalyticsMetadataType, AttributeType, AuthenticationResultType, ChallengeNameType, CodeDeliveryDetailsType, CompromisedCredentialsRiskConfigurationType, CustomDomainConfigType, DeletionProtectionType, DeviceConfigurationType, DeviceRememberedStatusType, EmailConfigurationType, EmailMfaConfigType, EmailMfaSettingsType, ExplicitAuthFlowsType, FeedbackValueType, GroupType, IdentityProviderType, LambdaConfigType, LogConfigurationType, LogDeliveryConfigurationType, MFAOptionType, OAuthFlowType, PreventUserExistenceErrorTypes, ResourceServerScopeType, ResourceServerType, RiskConfigurationType, RiskExceptionConfigurationType, SmsConfigurationType, SmsMfaConfigType, SMSMfaSettingsType, SoftwareTokenMfaConfigType, SoftwareTokenMfaSettingsType, TokenValidityUnitsType, UICustomizationType, UserAttributeUpdateSettingsType, UserContextDataType, UserImportJobType, UserPoolAddOnsType, UserPoolClientType, UserPoolMfaType, UserPoolPolicyType, VerificationMessageTemplateType, VerifiedAttributeType } from "./models_0";
+/**
+ * <p>The response to respond to the authentication challenge.</p>
+ * @public
+ */
+export interface RespondToAuthChallengeResponse {
+    /**
+     * <p>The challenge name. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>.</p>
+     * @public
+     */
+    ChallengeName?: ChallengeNameType;
+    /**
+     * <p>The session that should be passed both ways in challenge-response calls to the
+     *             service. If the caller must pass another challenge, they return a session with other
+     *             challenge parameters. This session should be passed as it is to the next
+     *                 <code>RespondToAuthChallenge</code> API call.</p>
+     * @public
+     */
+    Session?: string;
+    /**
+     * <p>The challenge parameters. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>.</p>
+     * @public
+     */
+    ChallengeParameters?: Record<string, string>;
+    /**
+     * <p>The result returned by the server in response to the request to respond to the
+     *             authentication challenge.</p>
+     * @public
+     */
+    AuthenticationResult?: AuthenticationResultType;
+}
+/**
+ * @public
+ */
+export interface RevokeTokenRequest {
+    /**
+     * <p>The refresh token that you want to revoke.</p>
+     * @public
+     */
+    Token: string | undefined;
+    /**
+     * <p>The client ID for the token that you want to revoke.</p>
+     * @public
+     */
+    ClientId: string | undefined;
+    /**
+     * <p>The secret for the client ID. This is required only if the client ID has a
+     *             secret.</p>
+     * @public
+     */
+    ClientSecret?: string;
+}
 /**
  * @public
  */
@@ -155,15 +206,25 @@ export interface SetUICustomizationResponse {
  */
 export interface SetUserMFAPreferenceRequest {
     /**
-     * <p>The SMS text message multi-factor authentication (MFA) settings.</p>
+     * <p>User preferences for SMS message MFA. Activates or deactivates SMS MFA and sets it as
+     *             the preferred MFA method when multiple methods are available.</p>
      * @public
      */
     SMSMfaSettings?: SMSMfaSettingsType;
     /**
-     * <p>The time-based one-time password (TOTP) software token MFA settings.</p>
+     * <p>User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates
+     *             TOTP MFA and sets it as the preferred MFA method when multiple methods are
+     *             available.</p>
      * @public
      */
     SoftwareTokenMfaSettings?: SoftwareTokenMfaSettingsType;
+    /**
+     * <p>User preferences for email message MFA. Activates or deactivates email MFA and sets it
+     *             as the preferred MFA method when multiple methods are available. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaSettings?: EmailMfaSettingsType;
     /**
      * <p>A valid access token that Amazon Cognito issued to the user whose MFA preference you want to
      *             set.</p>
@@ -186,15 +247,24 @@ export interface SetUserPoolMfaConfigRequest {
      */
     UserPoolId: string | undefined;
     /**
-     * <p>The SMS text message MFA configuration.</p>
+     * <p>Configures user pool SMS messages for MFA. Sets the message template and the SMS
+     *             message sending configuration for Amazon SNS.</p>
      * @public
      */
     SmsMfaConfiguration?: SmsMfaConfigType;
     /**
-     * <p>The software token MFA configuration.</p>
+     * <p>Configures a user pool for time-based one-time password (TOTP) MFA. Enables or
+     *             disables TOTP.</p>
      * @public
      */
     SoftwareTokenMfaConfiguration?: SoftwareTokenMfaConfigType;
+    /**
+     * <p>Configures user pool email messages for MFA. Sets the subject and body of the email
+     *             message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaConfiguration?: EmailMfaConfigType;
     /**
      * <p>The MFA configuration. If you set the MfaConfiguration value to ‘ON’, only users who
      *             have set up an MFA factor can sign in. To learn more, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html">Adding Multi-Factor
@@ -223,15 +293,24 @@ export interface SetUserPoolMfaConfigRequest {
  */
 export interface SetUserPoolMfaConfigResponse {
     /**
-     * <p>The SMS text message MFA configuration.</p>
+     * <p>Shows user pool SMS message configuration for MFA. Includes the message template and
+     *             the SMS message sending configuration for Amazon SNS.</p>
      * @public
      */
     SmsMfaConfiguration?: SmsMfaConfigType;
     /**
-     * <p>The software token MFA configuration.</p>
+     * <p>Shows user pool configuration for time-based one-time password (TOTP) MFA. Includes
+     *             TOTP enabled or disabled state.</p>
      * @public
      */
     SoftwareTokenMfaConfiguration?: SoftwareTokenMfaConfigType;
+    /**
+     * <p>Shows user pool email message configuration for MFA. Includes the subject and body of
+     *             the email message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaConfiguration?: EmailMfaConfigType;
     /**
      * <p>The MFA configuration. Valid values include:</p>
      *          <ul>
@@ -1112,7 +1191,7 @@ export interface UpdateUserPoolClientRequest {
      */
     TokenValidityUnits?: TokenValidityUnitsType;
     /**
-     * <p>The list of user attributes that you want your app client to have read-only access to.
+     * <p>The list of user attributes that you want your app client to have read access to.
      *     After your user authenticates in your app, their access token authorizes them to read
      *     their own attribute value for any attribute in this list. An example of this kind of
      *     activity is when your user selects a link to view their profile information. Your app
@@ -1121,7 +1200,7 @@ export interface UpdateUserPoolClientRequest {
      *          <p>When you don't specify the <code>ReadAttributes</code> for your app client, your
      *     app can read the values of <code>email_verified</code>,
      *         <code>phone_number_verified</code>, and the Standard attributes of your user pool.
-     *     When your user pool has read access to these default attributes,
+     *     When your user pool app client has read access to these default attributes,
      *         <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
      *     populates <code>ReadAttributes</code> in the API response if you have specified your own
      *     custom set of read attributes.</p>
@@ -1522,6 +1601,14 @@ export interface VerifyUserAttributeRequest {
  */
 export interface VerifyUserAttributeResponse {
 }
+/**
+ * @internal
+ */
+export declare const RespondToAuthChallengeResponseFilterSensitiveLog: (obj: RespondToAuthChallengeResponse) => any;
+/**
+ * @internal
+ */
+export declare const RevokeTokenRequestFilterSensitiveLog: (obj: RevokeTokenRequest) => any;
 /**
  * @internal
  */

package/dist-types/ts3.4/commands/RespondToAuthChallengeCommand.d.ts CHANGED Viewed

@@ -5,10 +5,8 @@ import {
   ServiceInputTypes,
   ServiceOutputTypes,
 } from "../CognitoIdentityProviderClient";
-import {
-  RespondToAuthChallengeRequest,
-  RespondToAuthChallengeResponse,
-} from "../models/models_0";
+import { RespondToAuthChallengeRequest } from "../models/models_0";
+import { RespondToAuthChallengeResponse } from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface RespondToAuthChallengeCommandInput

package/dist-types/ts3.4/commands/RevokeTokenCommand.d.ts CHANGED Viewed

@@ -5,8 +5,7 @@ import {
   ServiceInputTypes,
   ServiceOutputTypes,
 } from "../CognitoIdentityProviderClient";
-import { RevokeTokenRequest } from "../models/models_0";
-import { RevokeTokenResponse } from "../models/models_1";
+import { RevokeTokenRequest, RevokeTokenResponse } from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface RevokeTokenCommandInput extends RevokeTokenRequest {}