@aws-sdk/client-cognito-identity-provider 3.758.0 → 3.768.0

package/dist-es/models/models_0.js

@@ -612,6 +612,18 @@ export class WebAuthnRelyingPartyMismatchException extends __BaseException {
         Object.setPrototypeOf(this, WebAuthnRelyingPartyMismatchException.prototype);
     }
 }
+export class DeviceKeyExistsException extends __BaseException {
+    name = "DeviceKeyExistsException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "DeviceKeyExistsException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, DeviceKeyExistsException.prototype);
+    }
+}
 export class GroupExistsException extends __BaseException {
     name = "GroupExistsException";
     $fault = "client";
@@ -683,6 +695,7 @@ export const CustomSMSSenderLambdaVersionType = {
 export const PreTokenGenerationLambdaVersionType = {
     V1_0: "V1_0",
     V2_0: "V2_0",
+    V3_0: "V3_0",
 };
 export const UserPoolMfaType = {
     OFF: "OFF",
@@ -828,10 +841,6 @@ export const LogLevel = {
     ERROR: "ERROR",
     INFO: "INFO",
 };
-export const UserVerificationType = {
-    PREFERRED: "preferred",
-    REQUIRED: "required",
-};
 export const AdminAddUserToGroupRequestFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Username && { Username: SENSITIVE_STRING }),

package/dist-es/models/models_1.js

@@ -1,6 +1,10 @@
 import { SENSITIVE_STRING } from "@smithy/smithy-client";
 import { CognitoIdentityProviderServiceException as __BaseException } from "./CognitoIdentityProviderServiceException";
 import { AttributeTypeFilterSensitiveLog, AuthenticationResultTypeFilterSensitiveLog, RiskConfigurationTypeFilterSensitiveLog, UICustomizationTypeFilterSensitiveLog, UserPoolClientTypeFilterSensitiveLog, UserTypeFilterSensitiveLog, } from "./models_0";
+export const UserVerificationType = {
+    PREFERRED: "preferred",
+    REQUIRED: "required",
+};
 export class UnauthorizedException extends __BaseException {
     name = "UnauthorizedException";
     $fault = "client";

package/dist-es/protocols/Aws_json1_1.js

@@ -2,7 +2,7 @@ import { loadRestJsonErrorCode, parseJsonBody as parseBody, parseJsonErrorBody a
 import { HttpRequest as __HttpRequest } from "@smithy/protocol-http";
 import { _json, collectBody, decorateServiceException as __decorateServiceException, expectBoolean as __expectBoolean, expectInt32 as __expectInt32, expectLong as __expectLong, expectNonNull as __expectNonNull, expectNumber as __expectNumber, expectString as __expectString, parseEpochTimestamp as __parseEpochTimestamp, take, withBaseException, } from "@smithy/smithy-client";
 import { CognitoIdentityProviderServiceException as __BaseException } from "../models/CognitoIdentityProviderServiceException";
-import { AliasExistsException, CodeDeliveryFailureException, CodeMismatchException, ConcurrentModificationException, DuplicateProviderException, ExpiredCodeException, FeatureUnavailableInTierException, ForbiddenException, GroupExistsException, InternalErrorException, InvalidEmailRoleAccessPolicyException, InvalidLambdaResponseException, InvalidOAuthFlowException, InvalidParameterException, InvalidPasswordException, InvalidSmsRoleAccessPolicyException, InvalidSmsRoleTrustRelationshipException, InvalidUserPoolConfigurationException, LimitExceededException, ManagedLoginBrandingExistsException, MFAMethodNotFoundException, NotAuthorizedException, PasswordHistoryPolicyViolationException, PasswordResetRequiredException, PreconditionNotMetException, ResourceNotFoundException, ScopeDoesNotExistException, SoftwareTokenMFANotFoundException, TierChangeNotAllowedException, TooManyFailedAttemptsException, TooManyRequestsException, UnexpectedLambdaException, UnsupportedIdentityProviderException, UnsupportedUserStateException, UserImportInProgressException, UserLambdaValidationException, UsernameExistsException, UserNotConfirmedException, UserNotFoundException, UserPoolAddOnNotEnabledException, UserPoolTaggingException, WebAuthnChallengeNotFoundException, WebAuthnClientMismatchException, WebAuthnCredentialNotSupportedException, WebAuthnNotEnabledException, WebAuthnOriginNotAllowedException, WebAuthnRelyingPartyMismatchException, } from "../models/models_0";
+import { AliasExistsException, CodeDeliveryFailureException, CodeMismatchException, ConcurrentModificationException, DeviceKeyExistsException, DuplicateProviderException, ExpiredCodeException, FeatureUnavailableInTierException, ForbiddenException, GroupExistsException, InternalErrorException, InvalidEmailRoleAccessPolicyException, InvalidLambdaResponseException, InvalidOAuthFlowException, InvalidParameterException, InvalidPasswordException, InvalidSmsRoleAccessPolicyException, InvalidSmsRoleTrustRelationshipException, InvalidUserPoolConfigurationException, LimitExceededException, ManagedLoginBrandingExistsException, MFAMethodNotFoundException, NotAuthorizedException, PasswordHistoryPolicyViolationException, PasswordResetRequiredException, PreconditionNotMetException, ResourceNotFoundException, ScopeDoesNotExistException, SoftwareTokenMFANotFoundException, TierChangeNotAllowedException, TooManyFailedAttemptsException, TooManyRequestsException, UnexpectedLambdaException, UnsupportedIdentityProviderException, UnsupportedUserStateException, UserImportInProgressException, UserLambdaValidationException, UsernameExistsException, UserNotConfirmedException, UserNotFoundException, UserPoolAddOnNotEnabledException, UserPoolTaggingException, WebAuthnChallengeNotFoundException, WebAuthnClientMismatchException, WebAuthnCredentialNotSupportedException, WebAuthnNotEnabledException, WebAuthnOriginNotAllowedException, WebAuthnRelyingPartyMismatchException, } from "../models/models_0";
 import { EnableSoftwareTokenMFAException, UnauthorizedException, UnsupportedOperationException, UnsupportedTokenTypeException, WebAuthnConfigurationMissingException, } from "../models/models_1";
 export const se_AddCustomAttributesCommand = async (input, context) => {
     const headers = sharedHeaders("AddCustomAttributes");
@@ -2236,6 +2236,9 @@ const de_CommandError = async (output, context) => {
         case "WebAuthnRelyingPartyMismatchException":
         case "com.amazonaws.cognitoidentityprovider#WebAuthnRelyingPartyMismatchException":
             throw await de_WebAuthnRelyingPartyMismatchExceptionRes(parsedOutput, context);
+        case "DeviceKeyExistsException":
+        case "com.amazonaws.cognitoidentityprovider#DeviceKeyExistsException":
+            throw await de_DeviceKeyExistsExceptionRes(parsedOutput, context);
         case "GroupExistsException":
         case "com.amazonaws.cognitoidentityprovider#GroupExistsException":
             throw await de_GroupExistsExceptionRes(parsedOutput, context);
@@ -2323,6 +2326,15 @@ const de_ConcurrentModificationExceptionRes = async (parsedOutput, context) => {
     });
     return __decorateServiceException(exception, body);
 };
+const de_DeviceKeyExistsExceptionRes = async (parsedOutput, context) => {
+    const body = parsedOutput.body;
+    const deserialized = _json(body);
+    const exception = new DeviceKeyExistsException({
+        $metadata: deserializeMetadata(parsedOutput),
+        ...deserialized,
+    });
+    return __decorateServiceException(exception, body);
+};
 const de_DuplicateProviderExceptionRes = async (parsedOutput, context) => {
     const body = parsedOutput.body;
     const deserialized = _json(body);

package/dist-types/CognitoIdentityProvider.d.ts

@@ -798,8 +798,8 @@ export interface CognitoIdentityProvider {
 /**
  * <p>With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To
  *             authenticate users from third-party identity providers (IdPs) in this API, you can
- *             <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html">link IdP users to native user profiles</a>. Learn more
- *             about the authentication and authorization of federated users at <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html">Adding user pool sign-in through a third party</a> and in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html">User pool federation endpoints and hosted UI reference</a>.</p>
+ *                 <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html">link IdP users to native user profiles</a>. Learn more
+ *             about the authentication and authorization of federated users at <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html">Adding user pool sign-in through a third party</a> and in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html">User pool federation endpoints and managed login reference</a>.</p>
  *          <p>This API reference provides detailed information about API operations and object types
  *             in Amazon Cognito.</p>
  *          <p>Along with resource management operations, the Amazon Cognito user pools API includes classes
@@ -820,68 +820,11 @@ export interface CognitoIdentityProvider {
  *                     requests to manage, authenticate, or authorize a user.</p>
  *             </li>
  *          </ol>
- *          <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html">Using the Amazon Cognito user pools API and user pool endpoints</a>
- *             in the <i>Amazon Cognito Developer Guide</i>.</p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flows-public-server-side.html#user-pools-API-operations">Understanding API, OIDC, and managed login pages
+ *                 authentication</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
  *          <p>With your Amazon Web Services SDK, you can build the logic to support operational flows in every use
  *             case for this API. You can also make direct REST API requests to <a href="https://docs.aws.amazon.com/general/latest/gr/cognito_identity.html#cognito_identity_your_user_pools_region">Amazon Cognito user pools service endpoints</a>. The following links can get you started
- *             with the <code>CognitoIdentityProvider</code> client in other supported Amazon Web Services
- *             SDKs.</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/index.html#cli-aws-cognito-idp">Amazon Web Services
- *                     Command Line Interface</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/CognitoIdentityProvider/TCognitoIdentityProviderClient.html">Amazon Web Services SDK for .NET</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://sdk.amazonaws.com/cpp/api/LATEST/aws-cpp-sdk-cognito-idp/html/class_aws_1_1_cognito_identity_provider_1_1_cognito_identity_provider_client.html">Amazon Web Services SDK for C++</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/sdk-for-go/api/service/cognitoidentityprovider/#CognitoIdentityProvider">Amazon Web Services SDK for Go</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cognitoidentityprovider/CognitoIdentityProviderClient.html">Amazon Web Services SDK for Java V2</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html">Amazon Web Services
- *                     SDK for JavaScript</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html">Amazon Web Services SDK for PHP
- *                     V3</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html">Amazon Web Services SDK for Python</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html">Amazon Web Services SDK
- *                     for Ruby V3</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://sdk.amazonaws.com/kotlin/api/latest/cognitoidentityprovider/aws.sdk.kotlin.services.cognitoidentityprovider/-cognito-identity-provider-client/index.html">Amazon Web Services SDK for Kotlin</a>
- *                </p>
- *             </li>
- *          </ul>
+ *             with the <code>CognitoIdentityProvider</code> client in supported Amazon Web Services SDKs.</p>
  *          <p>To get started with an Amazon Web Services SDK, see <a href="http://aws.amazon.com/developer/tools/">Tools to Build on Amazon Web Services</a>. For example actions and scenarios, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/service_code_examples_cognito-identity-provider.html">Code examples for Amazon Cognito Identity Provider using Amazon Web Services
  *                 SDKs</a>.</p>
  * @public

package/dist-types/CognitoIdentityProviderClient.d.ts

@@ -284,8 +284,8 @@ export interface CognitoIdentityProviderClientResolvedConfig extends CognitoIden
 /**
  * <p>With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To
  *             authenticate users from third-party identity providers (IdPs) in this API, you can
- *             <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html">link IdP users to native user profiles</a>. Learn more
- *             about the authentication and authorization of federated users at <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html">Adding user pool sign-in through a third party</a> and in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html">User pool federation endpoints and hosted UI reference</a>.</p>
+ *                 <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html">link IdP users to native user profiles</a>. Learn more
+ *             about the authentication and authorization of federated users at <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html">Adding user pool sign-in through a third party</a> and in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html">User pool federation endpoints and managed login reference</a>.</p>
  *          <p>This API reference provides detailed information about API operations and object types
  *             in Amazon Cognito.</p>
  *          <p>Along with resource management operations, the Amazon Cognito user pools API includes classes
@@ -306,68 +306,11 @@ export interface CognitoIdentityProviderClientResolvedConfig extends CognitoIden
  *                     requests to manage, authenticate, or authorize a user.</p>
  *             </li>
  *          </ol>
- *          <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html">Using the Amazon Cognito user pools API and user pool endpoints</a>
- *             in the <i>Amazon Cognito Developer Guide</i>.</p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flows-public-server-side.html#user-pools-API-operations">Understanding API, OIDC, and managed login pages
+ *                 authentication</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
  *          <p>With your Amazon Web Services SDK, you can build the logic to support operational flows in every use
  *             case for this API. You can also make direct REST API requests to <a href="https://docs.aws.amazon.com/general/latest/gr/cognito_identity.html#cognito_identity_your_user_pools_region">Amazon Cognito user pools service endpoints</a>. The following links can get you started
- *             with the <code>CognitoIdentityProvider</code> client in other supported Amazon Web Services
- *             SDKs.</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/index.html#cli-aws-cognito-idp">Amazon Web Services
- *                     Command Line Interface</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/CognitoIdentityProvider/TCognitoIdentityProviderClient.html">Amazon Web Services SDK for .NET</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://sdk.amazonaws.com/cpp/api/LATEST/aws-cpp-sdk-cognito-idp/html/class_aws_1_1_cognito_identity_provider_1_1_cognito_identity_provider_client.html">Amazon Web Services SDK for C++</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/sdk-for-go/api/service/cognitoidentityprovider/#CognitoIdentityProvider">Amazon Web Services SDK for Go</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cognitoidentityprovider/CognitoIdentityProviderClient.html">Amazon Web Services SDK for Java V2</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html">Amazon Web Services
- *                     SDK for JavaScript</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html">Amazon Web Services SDK for PHP
- *                     V3</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html">Amazon Web Services SDK for Python</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html">Amazon Web Services SDK
- *                     for Ruby V3</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://sdk.amazonaws.com/kotlin/api/latest/cognitoidentityprovider/aws.sdk.kotlin.services.cognitoidentityprovider/-cognito-identity-provider-client/index.html">Amazon Web Services SDK for Kotlin</a>
- *                </p>
- *             </li>
- *          </ul>
+ *             with the <code>CognitoIdentityProvider</code> client in supported Amazon Web Services SDKs.</p>
  *          <p>To get started with an Amazon Web Services SDK, see <a href="http://aws.amazon.com/developer/tools/">Tools to Build on Amazon Web Services</a>. For example actions and scenarios, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/service_code_examples_cognito-identity-provider.html">Code examples for Amazon Cognito Identity Provider using Amazon Web Services
  *                 SDKs</a>.</p>
  * @public

package/dist-types/commands/AddCustomAttributesCommand.d.ts

@@ -30,9 +30,6 @@ declare const AddCustomAttributesCommand_base: {
  * <p>Adds additional user attributes to the user pool schema. Custom attributes can be
  *             mutable or immutable and have a <code>custom:</code> or <code>dev:</code> prefix. For
  *             more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-custom-attributes">Custom attributes</a>.</p>
- *          <p>You can also create custom attributes in the <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html#CognitoUserPools-CreateUserPool-request-Schema">Schema parameter</a> of <code>CreateUserPool</code> and
- *                 <code>UpdateUserPool</code>. You can't delete custom attributes after you
- *             create them.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/AdminConfirmSignUpCommand.d.ts

@@ -27,8 +27,7 @@ declare const AdminConfirmSignUpCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Confirms user sign-up as an administrator. Unlike <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html">ConfirmSignUp</a>, your IAM credentials authorize user account confirmation.
- *             No confirmation code is required.</p>
+ * <p>Confirms user sign-up as an administrator. </p>
  *          <p>This request sets a user account active in a user pool that <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#signing-up-users-in-your-app-and-confirming-them-as-admin">requires confirmation of new user accounts</a> before they can sign in. You can
  *             configure your user pool to not send confirmation codes to new users and instead confirm
  *             them with this API operation on the back end.</p>

package/dist-types/commands/AdminCreateUserCommand.d.ts

@@ -30,6 +30,18 @@ declare const AdminCreateUserCommand_base: {
  * <p>Creates a new user in the specified user pool.</p>
  *          <p>If <code>MessageAction</code> isn't set, the default is to send a welcome message via
  *             email or phone (SMS).</p>
+ *          <p>This message is based on a template that you configured in your call to create or
+ *             update a user pool. This template includes your custom sign-up instructions and
+ *             placeholders for user name and temporary password.</p>
+ *          <p>Alternatively, you can call <code>AdminCreateUser</code> with <code>SUPPRESS</code>
+ *             for the <code>MessageAction</code> parameter, and Amazon Cognito won't send any email. </p>
+ *          <p>In either case, if the user has a password, they will be in the
+ *                 <code>FORCE_CHANGE_PASSWORD</code> state until they sign in and set their password.
+ *             Your invitation message template must have the <code>\{####\}</code> password placeholder
+ *             if your users have passwords. If your template doesn't have this placeholder, Amazon Cognito
+ *             doesn't deliver the invitation message. In this case, you must update your message
+ *             template and resend the password with a new <code>AdminCreateUser</code> request with a
+ *                 <code>MessageAction</code> value of <code>RESEND</code>.</p>
  *          <note>
  *             <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers
  *             require you to register an origination phone number before you can send SMS messages
@@ -47,18 +59,6 @@ declare const AdminCreateUserCommand_base: {
  *             of the sandbox and into production. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html"> SMS message settings for Amazon Cognito user pools</a> in the <i>Amazon Cognito
  *                 Developer Guide</i>.</p>
  *          </note>
- *          <p>This message is based on a template that you configured in your call to create or
- *             update a user pool. This template includes your custom sign-up instructions and
- *             placeholders for user name and temporary password.</p>
- *          <p>Alternatively, you can call <code>AdminCreateUser</code> with <code>SUPPRESS</code>
- *             for the <code>MessageAction</code> parameter, and Amazon Cognito won't send any email. </p>
- *          <p>In either case, if the user has a password, they will be in the
- *                 <code>FORCE_CHANGE_PASSWORD</code> state until they sign in and set their password.
- *             Your invitation message template must have the <code>\{####\}</code> password placeholder
- *             if your users have passwords. If your template doesn't have this placeholder, Amazon Cognito
- *             doesn't deliver the invitation message. In this case, you must update your message
- *             template and resend the password with a new <code>AdminCreateUser</code> request with a
- *                 <code>MessageAction</code> value of <code>RESEND</code>.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/AdminDeleteUserAttributesCommand.d.ts

@@ -28,8 +28,8 @@ declare const AdminDeleteUserAttributesCommand_base: {
 };
 /**
  * <p>Deletes attribute values from a user. This operation doesn't affect tokens for
- *             existing user sessions. The next ID token that the user receives will no longer have
- *             this attribute.</p>
+ *             existing user sessions. The next ID token that the user receives will no longer have the
+ *             deleted attributes.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/AdminDisableProviderForUserCommand.d.ts

@@ -33,13 +33,11 @@ declare const AdminDisableProviderForUserCommand_base: {
  *             to deactivate is a linked external IdP user, any link between that user and an existing
  *             user is removed. When the external user signs in again, and the user is no longer
  *             attached to the previously linked <code>DestinationUser</code>, the user must create a
- *             new user account. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html">AdminLinkProviderForUser</a>.</p>
- *          <p>The <code>ProviderName</code> must match the value specified when creating an IdP for
- *             the pool. </p>
- *          <p>To deactivate a native username + password user, the <code>ProviderName</code> value
- *             must be <code>Cognito</code> and the <code>ProviderAttributeName</code> must be
- *                 <code>Cognito_Subject</code>. The <code>ProviderAttributeValue</code> must be the
- *             name that is used in the user pool for the user.</p>
+ *             new user account.</p>
+ *          <p>The value of <code>ProviderName</code> must match the name of a user pool IdP.</p>
+ *          <p>To deactivate a local user, set <code>ProviderName</code> to <code>Cognito</code> and
+ *             the <code>ProviderAttributeName</code> to <code>Cognito_Subject</code>. The
+ *                 <code>ProviderAttributeValue</code> must be user's local username.</p>
  *          <p>The <code>ProviderAttributeName</code> must always be <code>Cognito_Subject</code> for
  *             social IdPs. The <code>ProviderAttributeValue</code> must always be the exact subject
  *             that was used when the user was originally linked as a source user.</p>
@@ -47,12 +45,11 @@ declare const AdminDisableProviderForUserCommand_base: {
  *             not yet been used to sign in, the <code>ProviderAttributeName</code> and
  *                 <code>ProviderAttributeValue</code> must be the same values that were used for the
  *                 <code>SourceUser</code> when the identities were originally linked using <code>
- *                 AdminLinkProviderForUser</code> call. (If the linking was done with
- *                 <code>ProviderAttributeName</code> set to <code>Cognito_Subject</code>, the same
- *             applies here). However, if the user has already signed in, the
- *                 <code>ProviderAttributeName</code> must be <code>Cognito_Subject</code> and
- *                 <code>ProviderAttributeValue</code> must be the subject of the SAML
- *             assertion.</p>
+ *                 AdminLinkProviderForUser</code> call. This is also true if the linking was done with
+ *                 <code>ProviderAttributeName</code> set to <code>Cognito_Subject</code>. If the user
+ *             has already signed in, the <code>ProviderAttributeName</code> must be
+ *                 <code>Cognito_Subject</code> and <code>ProviderAttributeValue</code> must be the
+ *                 <code>NameID</code> from their SAML assertion.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/AdminEnableUserCommand.d.ts

@@ -27,7 +27,7 @@ declare const AdminEnableUserCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Activate sign-in for a user profile that previously had sign-in access
+ * <p>Activates sign-in for a user profile that previously had sign-in access
  *             disabled.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For

package/dist-types/commands/AdminGetDeviceCommand.d.ts

@@ -27,7 +27,7 @@ declare const AdminGetDeviceCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Given the device key, returns details for a user' device. For more information,
+ * <p>Given the device key, returns details for a user's device. For more information,
  *             see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">Working with devices</a>.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For

package/dist-types/commands/AdminGetUserCommand.d.ts

@@ -27,9 +27,10 @@ declare const AdminGetUserCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Given the username, returns details about a user profile in a user pool. This
- *             operation contributes to your monthly active user (MAU) count for the purpose of
- *             billing. You can specify alias attributes in the <code>Username</code> parameter.</p>
+ * <p>Given a username, returns details about a user profile in a user pool. You can specify
+ *             alias attributes in the <code>Username</code> request parameter.</p>
+ *          <p>This operation contributes to your monthly active user (MAU) count for the purpose of
+ *             billing.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/AdminInitiateAuthCommand.d.ts

@@ -121,6 +121,9 @@ declare const AdminInitiateAuthCommand_base: {
  * //       DeviceGroupKey: "STRING_VALUE",
  * //     },
  * //   },
+ * //   AvailableChallenges: [ // AvailableChallengeListType
+ * //     "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "SELECT_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED" || "SMS_OTP" || "PASSWORD" || "WEB_AUTHN" || "PASSWORD_SRP",
+ * //   ],
  * // };
  *
  * ```

package/dist-types/commands/AdminLinkProviderForUserCommand.d.ts

@@ -27,22 +27,21 @@ declare const AdminLinkProviderForUserCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Links an existing user account in a user pool (<code>DestinationUser</code>) to an
- *             identity from an external IdP (<code>SourceUser</code>) based on a specified attribute
- *             name and value from the external IdP. This allows you to create a link from the existing
- *             user account to an external federated user identity that has not yet been used to sign
- *             in. You can then use the federated user identity to sign in as the existing user
- *             account. </p>
- *          <p> For example, if there is an existing user with a username and password, this API
- *             links that user to a federated user identity. When the user signs in with a federated
- *             user identity, they sign in as the existing user account.</p>
+ * <p>Links an existing user account in a user pool, or <code>DestinationUser</code>, to an
+ *             identity from an external IdP, or <code>SourceUser</code>, based on a specified
+ *             attribute name and value from the external IdP.</p>
+ *          <p>This operation connects a local user profile with a user identity who hasn't yet
+ *             signed in from their third-party IdP. When the user signs in with their IdP, they get
+ *             access-control configuration from the local user profile. Linked local users can also
+ *             sign in with SDK-based API operations like <code>InitiateAuth</code> after they sign in
+ *             at least once through their IdP. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html">Linking federated users</a>.</p>
  *          <note>
  *             <p>The maximum number of federated identities linked to a user is five.</p>
  *          </note>
  *          <important>
- *             <p>Because this API allows a user with an external federated identity to sign in as
- *                 an existing user in the user pool, it is critical that it only be used with external
- *                 IdPs and provider attributes that have been trusted by the application owner.</p>
+ *             <p>Because this API allows a user with an external federated identity to sign in as a
+ *                 local user, it is critical that it only be used with external IdPs and linked
+ *                 attributes that you trust.</p>
  *          </important>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For

package/dist-types/commands/AdminRemoveUserFromGroupCommand.d.ts

@@ -27,7 +27,7 @@ declare const AdminRemoveUserFromGroupCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Given a username and a group name. removes them from the group. User pool groups are
+ * <p>Given a username and a group name, removes them from the group. User pool groups are
  *             identifiers that you can reference from the contents of ID and access tokens, and set
  *             preferred IAM roles for identity-pool authentication. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html">Adding groups to a user pool</a>.</p>
  *          <note>

package/dist-types/commands/AdminResetUserPasswordCommand.d.ts

@@ -28,19 +28,9 @@ declare const AdminResetUserPasswordCommand_base: {
 };
 /**
  * <p>Resets the specified user's password in a user pool. This operation doesn't
- *             change the user's password, but sends a password-reset code. This operation is the
- *             administrative authentication API equivalent to <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html">ForgotPassword</a>.</p>
- *          <p>This operation deactivates a user's password, requiring them to change it. If a user
- *             tries to sign in after the API request, Amazon Cognito responds with a
- *                 <code>PasswordResetRequiredException</code> error. Your app must then complete the
- *             forgot-password flow by prompting the user for their code and a new password, then
- *             submitting those values in a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html">ConfirmForgotPassword</a> request. In addition, if the user
- *             pool has phone verification selected and a verified phone number exists for the user, or
- *             if email verification is selected and a verified email exists for the user, calling this
- *             API will also result in sending a message to the end user with the code to change their
- *             password.</p>
+ *             change the user's password, but sends a password-reset code.</p>
  *          <p>To use this API operation, your user pool must have self-service account recovery
- *             configured. Use <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html">AdminSetUserPassword</a> if you manage passwords as an administrator.</p>
+ *             configured.</p>
  *          <note>
  *             <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers
  *             require you to register an origination phone number before you can send SMS messages

package/dist-types/commands/AdminSetUserMFAPreferenceCommand.d.ts

@@ -32,9 +32,6 @@ declare const AdminSetUserMFAPreferenceCommand_base: {
  *             preferred. The preferred MFA factor will be used to authenticate a user if multiple
  *             factors are activated. If multiple options are activated and no preference is set, a
  *             challenge to choose an MFA option will be returned during sign-in.</p>
- *          <p>This operation doesn't reset an existing TOTP MFA for a user. To register a new
- *             TOTP factor for a user, make an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html">AssociateSoftwareToken</a> request. For more information,
- *             see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html">TOTP software token MFA</a>.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/AdminSetUserSettingsCommand.d.ts

@@ -30,7 +30,7 @@ declare const AdminSetUserSettingsCommand_base: {
  * <p>
  *             <i>This action is no longer supported.</i> You can use it to configure
  *             only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software
- *             token MFA. To configure either type of MFA, use <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html">AdminSetUserMFAPreference</a> instead.</p>
+ *             token MFA.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/AdminUpdateAuthEventFeedbackCommand.d.ts

@@ -27,13 +27,16 @@ declare const AdminUpdateAuthEventFeedbackCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Provides feedback for an authentication event indicating if it was from a valid user.
- *             This feedback is used for improving the risk evaluation decision for the user pool as
- *             part of Amazon Cognito threat protection. To train the threat-protection model to recognize
- *             trusted and untrusted sign-in characteristics, configure threat protection in audit-only
- *             mode and provide a mechanism for users or administrators to submit feedback. Your
- *             feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree
- *             with.</p>
+ * <p>Provides the feedback for an authentication event generated by threat protection
+ *             features. Your response indicates that you think that the event either was from a valid
+ *             user or was an unwanted authentication attempt. This feedback improves the risk
+ *             evaluation decision for the user pool as part of Amazon Cognito threat protection.
+ *             To activate this setting, your user pool must be on the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html">
+ *                      Plus tier</a>.</p>
+ *          <p>To train the threat-protection model to recognize trusted and untrusted sign-in
+ *             characteristics, configure threat protection in audit-only mode and provide a mechanism
+ *             for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk
+ *             rating was assigned at a level you don't agree with.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must