@aws-sdk/client-cognito-identity-provider 3.650.0 → 3.651.0

package/dist-types/models/models_0.d.ts

@@ -1402,7 +1402,7 @@ export interface AdminGetUserResponse {
     PreferredMfaSetting?: string;
     /**
      * <p>The MFA options that are activated for the user. The possible values in this list are
-     *                 <code>SMS_MFA</code> and <code>SOFTWARE_TOKEN_MFA</code>.</p>
+     *             <code>SMS_MFA</code>, <code>EMAIL_OTP</code>, and <code>SOFTWARE_TOKEN_MFA</code>.</p>
      * @public
      */
     UserMFASettingList?: string[];
@@ -1733,6 +1733,7 @@ export declare const ChallengeNameType: {
     readonly CUSTOM_CHALLENGE: "CUSTOM_CHALLENGE";
     readonly DEVICE_PASSWORD_VERIFIER: "DEVICE_PASSWORD_VERIFIER";
     readonly DEVICE_SRP_AUTH: "DEVICE_SRP_AUTH";
+    readonly EMAIL_OTP: "EMAIL_OTP";
     readonly MFA_SETUP: "MFA_SETUP";
     readonly NEW_PASSWORD_REQUIRED: "NEW_PASSWORD_REQUIRED";
     readonly PASSWORD_VERIFIER: "PASSWORD_VERIFIER";
@@ -1764,13 +1765,21 @@ export interface AdminInitiateAuthResponse {
      *             <li>
      *                <p>
      *                   <code>SELECT_MFA_TYPE</code>: Selects the MFA type. Valid MFA options are
-     *                         <code>SMS_MFA</code> for text SMS MFA, and <code>SOFTWARE_TOKEN_MFA</code>
-     *                     for time-based one-time password (TOTP) software token MFA.</p>
+     *                     <code>SMS_MFA</code> for SMS message MFA, <code>EMAIL_OTP</code> for email
+     *                     message MFA, and <code>SOFTWARE_TOKEN_MFA</code> for time-based one-time
+     *                     password (TOTP) software token MFA.</p>
      *             </li>
      *             <li>
      *                <p>
      *                   <code>SMS_MFA</code>: Next challenge is to supply an
-     *                     <code>SMS_MFA_CODE</code>, delivered via SMS.</p>
+     *                     <code>SMS_MFA_CODE</code>that your user pool delivered
+     *                     in an SMS message.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>EMAIL_OTP</code>: Next challenge is to supply an
+     *                     <code>EMAIL_OTP_CODE</code> that your user pool delivered
+     *                     in an email message.</p>
      *             </li>
      *             <li>
      *                <p>
@@ -1867,6 +1876,19 @@ export interface AdminInitiateAuthResponse {
      */
     AuthenticationResult?: AuthenticationResultType;
 }
+/**
+ * <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
+ *             status code: 400.</p>
+ * @public
+ */
+export declare class InvalidEmailRoleAccessPolicyException extends __BaseException {
+    readonly name: "InvalidEmailRoleAccessPolicyException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InvalidEmailRoleAccessPolicyException, __BaseException>);
+}
 /**
  * <p>This exception is thrown when Amazon Cognito can't find a multi-factor authentication
  *             (MFA) method.</p>
@@ -2503,19 +2525,6 @@ export interface AdminResetUserPasswordRequest {
  */
 export interface AdminResetUserPasswordResponse {
 }
-/**
- * <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
- *             status code: 400.</p>
- * @public
- */
-export declare class InvalidEmailRoleAccessPolicyException extends __BaseException {
-    readonly name: "InvalidEmailRoleAccessPolicyException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InvalidEmailRoleAccessPolicyException, __BaseException>);
-}
 /**
  * <p>The request to respond to the authentication challenge, as an administrator.</p>
  * @public
@@ -2549,11 +2558,22 @@ export interface AdminRespondToAuthChallengeRequest {
      *             <dd>
      *                <p>
      *                   <code>"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
-     *                     "[SMS_code]", "USERNAME": "[username]"\}</code>
+     *                     "[code]", "USERNAME": "[username]"\}</code>
+     *                </p>
+     *             </dd>
+     *             <dt>EMAIL_OTP</dt>
+     *             <dd>
+     *                <p>
+     *                   <code>"ChallengeName": "EMAIL_OTP", "ChallengeResponses": \{"EMAIL_OTP_CODE":
+     *                     "[code]", "USERNAME": "[username]"\}</code>
      *                </p>
      *             </dd>
      *             <dt>PASSWORD_VERIFIER</dt>
      *             <dd>
+     *                <p>This challenge response is part of the SRP flow. Amazon Cognito requires
+     *             that your application respond to this challenge within a few seconds. When
+     *             the response time exceeds this period, your user pool returns a
+     *             <code>NotAuthorizedException</code> error.</p>
      *                <p>
      *                   <code>"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
      *                     \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
@@ -2801,6 +2821,27 @@ export declare class SoftwareTokenMFANotFoundException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<SoftwareTokenMFANotFoundException, __BaseException>);
 }
+/**
+ * <p>User preferences for multi-factor authentication with email messages. Activates or
+ *             deactivates email MFA and sets it as the preferred MFA method when multiple methods are
+ *             available. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+ *                      advanced security features</a> must be active in your user pool.</p>
+ * @public
+ */
+export interface EmailMfaSettingsType {
+    /**
+     * <p>Specifies whether email message MFA is active for a user. When the value of this
+     *             parameter is <code>Enabled</code>, the user will be prompted for MFA during all sign-in
+     *             attempts, unless device tracking is turned on and the device has been trusted.</p>
+     * @public
+     */
+    Enabled?: boolean;
+    /**
+     * <p>Specifies whether email message MFA is the user's preferred method.</p>
+     * @public
+     */
+    PreferredMfa?: boolean;
+}
 /**
  * <p>The type used for enabling SMS multi-factor authentication (MFA) at the user level.
  *             Phone numbers don't need to be verified to be used for SMS MFA. If an MFA type is
@@ -2812,7 +2853,7 @@ export declare class SoftwareTokenMFANotFoundException extends __BaseException {
  */
 export interface SMSMfaSettingsType {
     /**
-     * <p>Specifies whether SMS text message MFA is activated. If an MFA type is activated for a
+     * <p>Specifies whether SMS message MFA is activated. If an MFA type is activated for a
      *             user, the user will be prompted for MFA during all sign-in attempts, unless device
      *             tracking is turned on and the device has been trusted.</p>
      * @public
@@ -2851,15 +2892,25 @@ export interface SoftwareTokenMfaSettingsType {
  */
 export interface AdminSetUserMFAPreferenceRequest {
     /**
-     * <p>The SMS text message MFA settings.</p>
+     * <p>User preferences for SMS message MFA. Activates or deactivates SMS MFA and sets it as
+     *             the preferred MFA method when multiple methods are available.</p>
      * @public
      */
     SMSMfaSettings?: SMSMfaSettingsType;
     /**
-     * <p>The time-based one-time password software token MFA settings.</p>
+     * <p>User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates
+     *             TOTP MFA and sets it as the preferred MFA method when multiple methods are
+     *             available.</p>
      * @public
      */
     SoftwareTokenMfaSettings?: SoftwareTokenMfaSettingsType;
+    /**
+     * <p>User preferences for email message MFA. Activates or deactivates email MFA and sets it
+     *             as the preferred MFA method when multiple methods are available. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaSettings?: EmailMfaSettingsType;
     /**
      * <p>The username of the user that you want to query or modify. The value of this parameter
      *             is typically your user's username, but it can be any of their alias attributes. If
@@ -2870,7 +2921,7 @@ export interface AdminSetUserMFAPreferenceRequest {
      */
     Username: string | undefined;
     /**
-     * <p>The user pool ID.</p>
+     * <p>The ID of the user pool where you want to set a user's MFA preferences.</p>
      * @public
      */
     UserPoolId: string | undefined;
@@ -5547,7 +5598,7 @@ export interface CreateUserPoolClientRequest {
      */
     TokenValidityUnits?: TokenValidityUnitsType;
     /**
-     * <p>The list of user attributes that you want your app client to have read-only access to.
+     * <p>The list of user attributes that you want your app client to have read access to.
      *     After your user authenticates in your app, their access token authorizes them to read
      *     their own attribute value for any attribute in this list. An example of this kind of
      *     activity is when your user selects a link to view their profile information. Your app
@@ -5556,7 +5607,7 @@ export interface CreateUserPoolClientRequest {
      *          <p>When you don't specify the <code>ReadAttributes</code> for your app client, your
      *     app can read the values of <code>email_verified</code>,
      *         <code>phone_number_verified</code>, and the Standard attributes of your user pool.
-     *     When your user pool has read access to these default attributes,
+     *     When your user pool app client has read access to these default attributes,
      *         <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
      *     populates <code>ReadAttributes</code> in the API response if you have specified your own
      *     custom set of read attributes.</p>
@@ -5906,7 +5957,7 @@ export interface UserPoolClientType {
      */
     TokenValidityUnits?: TokenValidityUnitsType;
     /**
-     * <p>The list of user attributes that you want your app client to have read-only access to.
+     * <p>The list of user attributes that you want your app client to have read access to.
      *     After your user authenticates in your app, their access token authorizes them to read
      *     their own attribute value for any attribute in this list. An example of this kind of
      *     activity is when your user selects a link to view their profile information. Your app
@@ -5915,7 +5966,7 @@ export interface UserPoolClientType {
      *          <p>When you don't specify the <code>ReadAttributes</code> for your app client, your
      *     app can read the values of <code>email_verified</code>,
      *         <code>phone_number_verified</code>, and the Standard attributes of your user pool.
-     *     When your user pool has read access to these default attributes,
+     *     When your user pool app client has read access to these default attributes,
      *         <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
      *     populates <code>ReadAttributes</code> in the API response if you have specified your own
      *     custom set of read attributes.</p>
@@ -7287,7 +7338,7 @@ export interface GetUserResponse {
     PreferredMfaSetting?: string;
     /**
      * <p>The MFA options that are activated for the user. The possible values in this list are
-     *                 <code>SMS_MFA</code> and <code>SOFTWARE_TOKEN_MFA</code>.</p>
+     *             <code>SMS_MFA</code>, <code>EMAIL_OTP</code>, and <code>SOFTWARE_TOKEN_MFA</code>.</p>
      * @public
      */
     UserMFASettingList?: string[];
@@ -7369,14 +7420,38 @@ export interface GetUserPoolMfaConfigRequest {
     UserPoolId: string | undefined;
 }
 /**
- * <p>The SMS text message multi-factor authentication (MFA) configuration type.</p>
+ * <p>Sets or shows user pool email message configuration for MFA. Includes the subject and
+ *             body of the email message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+ *                      advanced security features</a> must be active in your user pool.</p>
+ * @public
+ */
+export interface EmailMfaConfigType {
+    /**
+     * <p>The template for the email message that your user pool sends to users with an MFA
+     *             code. The message must contain the <code>\{####\}</code> placeholder. In the message,
+     *             Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter,
+     *             Amazon Cognito sends messages in the default format.</p>
+     * @public
+     */
+    Message?: string;
+    /**
+     * <p>The subject of the email message that your user pool sends to users with an MFA
+     *             code.</p>
+     * @public
+     */
+    Subject?: string;
+}
+/**
+ * <p>Configures user pool SMS messages for multi-factor authentication (MFA). Sets the
+ *             message template and the SMS message sending configuration for Amazon SNS.</p>
  * @public
  */
 export interface SmsMfaConfigType {
     /**
-     * <p>The SMS authentication message that will be sent to users with the code they must sign
-     *             in. The message must contain the ‘\{####\}’ placeholder, which is replaced with the code.
-     *             If the message isn't included, and default message will be used.</p>
+     * <p>The SMS message that your user pool sends to users with an MFA code. The message must
+     *             contain the <code>\{####\}</code> placeholder. In the message, Amazon Cognito replaces this
+     *             placeholder with the code. If you don't provide this parameter, Amazon Cognito sends
+     *             messages in the default format.</p>
      * @public
      */
     SmsAuthenticationMessage?: string;
@@ -7390,7 +7465,8 @@ export interface SmsMfaConfigType {
     SmsConfiguration?: SmsConfigurationType;
 }
 /**
- * <p>The type used for enabling software token MFA at the user pool level.</p>
+ * <p>Configures a user pool for time-based one-time password (TOTP) multi-factor
+ *             authentication (MFA). Enables or disables TOTP.</p>
  * @public
  */
 export interface SoftwareTokenMfaConfigType {
@@ -7405,15 +7481,24 @@ export interface SoftwareTokenMfaConfigType {
  */
 export interface GetUserPoolMfaConfigResponse {
     /**
-     * <p>The SMS text message multi-factor authentication (MFA) configuration.</p>
+     * <p>Shows user pool SMS message configuration for MFA. Includes the message template and
+     *             the SMS message sending configuration for Amazon SNS.</p>
      * @public
      */
     SmsMfaConfiguration?: SmsMfaConfigType;
     /**
-     * <p>The software token multi-factor authentication (MFA) configuration.</p>
+     * <p>Shows user pool configuration for time-based one-time password (TOTP) MFA. Includes
+     *             TOTP enabled or disabled state.</p>
      * @public
      */
     SoftwareTokenMfaConfiguration?: SoftwareTokenMfaConfigType;
+    /**
+     * <p>Shows user pool email message configuration for MFA. Includes the subject and body of
+     *             the email message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaConfiguration?: EmailMfaConfigType;
     /**
      * <p>The multi-factor authentication (MFA) configuration. Valid values include:</p>
      *          <ul>
@@ -7645,7 +7730,14 @@ export interface InitiateAuthResponse {
      *             <li>
      *                <p>
      *                   <code>SMS_MFA</code>: Next challenge is to supply an
-     *                     <code>SMS_MFA_CODE</code>, delivered via SMS.</p>
+     *                     <code>SMS_MFA_CODE</code>that your user pool delivered
+     *                     in an SMS message.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>EMAIL_OTP</code>: Next challenge is to supply an
+     *                     <code>EMAIL_OTP_CODE</code> that your user pool delivered
+     *                     in an email message.</p>
      *             </li>
      *             <li>
      *                <p>
@@ -8436,11 +8528,22 @@ export interface RespondToAuthChallengeRequest {
      *             <dd>
      *                <p>
      *                   <code>"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
-     *                     "[SMS_code]", "USERNAME": "[username]"\}</code>
+     *                     "[code]", "USERNAME": "[username]"\}</code>
+     *                </p>
+     *             </dd>
+     *             <dt>EMAIL_OTP</dt>
+     *             <dd>
+     *                <p>
+     *                   <code>"ChallengeName": "EMAIL_OTP", "ChallengeResponses": \{"EMAIL_OTP_CODE":
+     *                     "[code]", "USERNAME": "[username]"\}</code>
      *                </p>
      *             </dd>
      *             <dt>PASSWORD_VERIFIER</dt>
      *             <dd>
+     *                <p>This challenge response is part of the SRP flow. Amazon Cognito requires
+     *             that your application respond to this challenge within a few seconds. When
+     *             the response time exceeds this period, your user pool returns a
+     *             <code>NotAuthorizedException</code> error.</p>
      *                <p>
      *                   <code>"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
      *                     \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
@@ -8576,57 +8679,6 @@ export interface RespondToAuthChallengeRequest {
      */
     ClientMetadata?: Record<string, string>;
 }
-/**
- * <p>The response to respond to the authentication challenge.</p>
- * @public
- */
-export interface RespondToAuthChallengeResponse {
-    /**
-     * <p>The challenge name. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>.</p>
-     * @public
-     */
-    ChallengeName?: ChallengeNameType;
-    /**
-     * <p>The session that should be passed both ways in challenge-response calls to the
-     *             service. If the caller must pass another challenge, they return a session with other
-     *             challenge parameters. This session should be passed as it is to the next
-     *                 <code>RespondToAuthChallenge</code> API call.</p>
-     * @public
-     */
-    Session?: string;
-    /**
-     * <p>The challenge parameters. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>.</p>
-     * @public
-     */
-    ChallengeParameters?: Record<string, string>;
-    /**
-     * <p>The result returned by the server in response to the request to respond to the
-     *             authentication challenge.</p>
-     * @public
-     */
-    AuthenticationResult?: AuthenticationResultType;
-}
-/**
- * @public
- */
-export interface RevokeTokenRequest {
-    /**
-     * <p>The refresh token that you want to revoke.</p>
-     * @public
-     */
-    Token: string | undefined;
-    /**
-     * <p>The client ID for the token that you want to revoke.</p>
-     * @public
-     */
-    ClientId: string | undefined;
-    /**
-     * <p>The secret for the client ID. This is required only if the client ID has a
-     *             secret.</p>
-     * @public
-     */
-    ClientSecret?: string;
-}
 /**
  * @internal
  */
@@ -8915,11 +8967,3 @@ export declare const ResendConfirmationCodeRequestFilterSensitiveLog: (obj: Rese
  * @internal
  */
 export declare const RespondToAuthChallengeRequestFilterSensitiveLog: (obj: RespondToAuthChallengeRequest) => any;
-/**
- * @internal
- */
-export declare const RespondToAuthChallengeResponseFilterSensitiveLog: (obj: RespondToAuthChallengeResponse) => any;
-/**
- * @internal
- */
-export declare const RevokeTokenRequestFilterSensitiveLog: (obj: RevokeTokenRequest) => any;

package/dist-types/models/models_1.d.ts

@@ -1,6 +1,57 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { CognitoIdentityProviderServiceException as __BaseException } from "./CognitoIdentityProviderServiceException";
-import { AccountRecoverySettingType, AccountTakeoverRiskConfigurationType, AdminCreateUserConfigType, AnalyticsConfigurationType, AnalyticsMetadataType, AttributeType, CodeDeliveryDetailsType, CompromisedCredentialsRiskConfigurationType, CustomDomainConfigType, DeletionProtectionType, DeviceConfigurationType, DeviceRememberedStatusType, EmailConfigurationType, ExplicitAuthFlowsType, FeedbackValueType, GroupType, IdentityProviderType, LambdaConfigType, LogConfigurationType, LogDeliveryConfigurationType, MFAOptionType, OAuthFlowType, PreventUserExistenceErrorTypes, ResourceServerScopeType, ResourceServerType, RiskConfigurationType, RiskExceptionConfigurationType, SmsConfigurationType, SmsMfaConfigType, SMSMfaSettingsType, SoftwareTokenMfaConfigType, SoftwareTokenMfaSettingsType, TokenValidityUnitsType, UICustomizationType, UserAttributeUpdateSettingsType, UserContextDataType, UserImportJobType, UserPoolAddOnsType, UserPoolClientType, UserPoolMfaType, UserPoolPolicyType, VerificationMessageTemplateType, VerifiedAttributeType } from "./models_0";
+import { AccountRecoverySettingType, AccountTakeoverRiskConfigurationType, AdminCreateUserConfigType, AnalyticsConfigurationType, AnalyticsMetadataType, AttributeType, AuthenticationResultType, ChallengeNameType, CodeDeliveryDetailsType, CompromisedCredentialsRiskConfigurationType, CustomDomainConfigType, DeletionProtectionType, DeviceConfigurationType, DeviceRememberedStatusType, EmailConfigurationType, EmailMfaConfigType, EmailMfaSettingsType, ExplicitAuthFlowsType, FeedbackValueType, GroupType, IdentityProviderType, LambdaConfigType, LogConfigurationType, LogDeliveryConfigurationType, MFAOptionType, OAuthFlowType, PreventUserExistenceErrorTypes, ResourceServerScopeType, ResourceServerType, RiskConfigurationType, RiskExceptionConfigurationType, SmsConfigurationType, SmsMfaConfigType, SMSMfaSettingsType, SoftwareTokenMfaConfigType, SoftwareTokenMfaSettingsType, TokenValidityUnitsType, UICustomizationType, UserAttributeUpdateSettingsType, UserContextDataType, UserImportJobType, UserPoolAddOnsType, UserPoolClientType, UserPoolMfaType, UserPoolPolicyType, VerificationMessageTemplateType, VerifiedAttributeType } from "./models_0";
+/**
+ * <p>The response to respond to the authentication challenge.</p>
+ * @public
+ */
+export interface RespondToAuthChallengeResponse {
+    /**
+     * <p>The challenge name. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>.</p>
+     * @public
+     */
+    ChallengeName?: ChallengeNameType;
+    /**
+     * <p>The session that should be passed both ways in challenge-response calls to the
+     *             service. If the caller must pass another challenge, they return a session with other
+     *             challenge parameters. This session should be passed as it is to the next
+     *                 <code>RespondToAuthChallenge</code> API call.</p>
+     * @public
+     */
+    Session?: string;
+    /**
+     * <p>The challenge parameters. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>.</p>
+     * @public
+     */
+    ChallengeParameters?: Record<string, string>;
+    /**
+     * <p>The result returned by the server in response to the request to respond to the
+     *             authentication challenge.</p>
+     * @public
+     */
+    AuthenticationResult?: AuthenticationResultType;
+}
+/**
+ * @public
+ */
+export interface RevokeTokenRequest {
+    /**
+     * <p>The refresh token that you want to revoke.</p>
+     * @public
+     */
+    Token: string | undefined;
+    /**
+     * <p>The client ID for the token that you want to revoke.</p>
+     * @public
+     */
+    ClientId: string | undefined;
+    /**
+     * <p>The secret for the client ID. This is required only if the client ID has a
+     *             secret.</p>
+     * @public
+     */
+    ClientSecret?: string;
+}
 /**
  * @public
  */
@@ -155,15 +206,25 @@ export interface SetUICustomizationResponse {
  */
 export interface SetUserMFAPreferenceRequest {
     /**
-     * <p>The SMS text message multi-factor authentication (MFA) settings.</p>
+     * <p>User preferences for SMS message MFA. Activates or deactivates SMS MFA and sets it as
+     *             the preferred MFA method when multiple methods are available.</p>
      * @public
      */
     SMSMfaSettings?: SMSMfaSettingsType;
     /**
-     * <p>The time-based one-time password (TOTP) software token MFA settings.</p>
+     * <p>User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates
+     *             TOTP MFA and sets it as the preferred MFA method when multiple methods are
+     *             available.</p>
      * @public
      */
     SoftwareTokenMfaSettings?: SoftwareTokenMfaSettingsType;
+    /**
+     * <p>User preferences for email message MFA. Activates or deactivates email MFA and sets it
+     *             as the preferred MFA method when multiple methods are available. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaSettings?: EmailMfaSettingsType;
     /**
      * <p>A valid access token that Amazon Cognito issued to the user whose MFA preference you want to
      *             set.</p>
@@ -186,15 +247,24 @@ export interface SetUserPoolMfaConfigRequest {
      */
     UserPoolId: string | undefined;
     /**
-     * <p>The SMS text message MFA configuration.</p>
+     * <p>Configures user pool SMS messages for MFA. Sets the message template and the SMS
+     *             message sending configuration for Amazon SNS.</p>
      * @public
      */
     SmsMfaConfiguration?: SmsMfaConfigType;
     /**
-     * <p>The software token MFA configuration.</p>
+     * <p>Configures a user pool for time-based one-time password (TOTP) MFA. Enables or
+     *             disables TOTP.</p>
      * @public
      */
     SoftwareTokenMfaConfiguration?: SoftwareTokenMfaConfigType;
+    /**
+     * <p>Configures user pool email messages for MFA. Sets the subject and body of the email
+     *             message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaConfiguration?: EmailMfaConfigType;
     /**
      * <p>The MFA configuration. If you set the MfaConfiguration value to ‘ON’, only users who
      *             have set up an MFA factor can sign in. To learn more, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html">Adding Multi-Factor
@@ -223,15 +293,24 @@ export interface SetUserPoolMfaConfigRequest {
  */
 export interface SetUserPoolMfaConfigResponse {
     /**
-     * <p>The SMS text message MFA configuration.</p>
+     * <p>Shows user pool SMS message configuration for MFA. Includes the message template and
+     *             the SMS message sending configuration for Amazon SNS.</p>
      * @public
      */
     SmsMfaConfiguration?: SmsMfaConfigType;
     /**
-     * <p>The software token MFA configuration.</p>
+     * <p>Shows user pool configuration for time-based one-time password (TOTP) MFA. Includes
+     *             TOTP enabled or disabled state.</p>
      * @public
      */
     SoftwareTokenMfaConfiguration?: SoftwareTokenMfaConfigType;
+    /**
+     * <p>Shows user pool email message configuration for MFA. Includes the subject and body of
+     *             the email message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
+     *                      advanced security features</a> must be active in your user pool.</p>
+     * @public
+     */
+    EmailMfaConfiguration?: EmailMfaConfigType;
     /**
      * <p>The MFA configuration. Valid values include:</p>
      *          <ul>
@@ -1112,7 +1191,7 @@ export interface UpdateUserPoolClientRequest {
      */
     TokenValidityUnits?: TokenValidityUnitsType;
     /**
-     * <p>The list of user attributes that you want your app client to have read-only access to.
+     * <p>The list of user attributes that you want your app client to have read access to.
      *     After your user authenticates in your app, their access token authorizes them to read
      *     their own attribute value for any attribute in this list. An example of this kind of
      *     activity is when your user selects a link to view their profile information. Your app
@@ -1121,7 +1200,7 @@ export interface UpdateUserPoolClientRequest {
      *          <p>When you don't specify the <code>ReadAttributes</code> for your app client, your
      *     app can read the values of <code>email_verified</code>,
      *         <code>phone_number_verified</code>, and the Standard attributes of your user pool.
-     *     When your user pool has read access to these default attributes,
+     *     When your user pool app client has read access to these default attributes,
      *         <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
      *     populates <code>ReadAttributes</code> in the API response if you have specified your own
      *     custom set of read attributes.</p>
@@ -1522,6 +1601,14 @@ export interface VerifyUserAttributeRequest {
  */
 export interface VerifyUserAttributeResponse {
 }
+/**
+ * @internal
+ */
+export declare const RespondToAuthChallengeResponseFilterSensitiveLog: (obj: RespondToAuthChallengeResponse) => any;
+/**
+ * @internal
+ */
+export declare const RevokeTokenRequestFilterSensitiveLog: (obj: RevokeTokenRequest) => any;
 /**
  * @internal
  */

package/dist-types/ts3.4/commands/RespondToAuthChallengeCommand.d.ts

@@ -5,10 +5,8 @@ import {
   ServiceInputTypes,
   ServiceOutputTypes,
 } from "../CognitoIdentityProviderClient";
-import {
-  RespondToAuthChallengeRequest,
-  RespondToAuthChallengeResponse,
-} from "../models/models_0";
+import { RespondToAuthChallengeRequest } from "../models/models_0";
+import { RespondToAuthChallengeResponse } from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface RespondToAuthChallengeCommandInput

package/dist-types/ts3.4/commands/RevokeTokenCommand.d.ts

@@ -5,8 +5,7 @@ import {
   ServiceInputTypes,
   ServiceOutputTypes,
 } from "../CognitoIdentityProviderClient";
-import { RevokeTokenRequest } from "../models/models_0";
-import { RevokeTokenResponse } from "../models/models_1";
+import { RevokeTokenRequest, RevokeTokenResponse } from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface RevokeTokenCommandInput extends RevokeTokenRequest {}