npm - @aws-sdk/client-cognito-identity-provider - Versions diffs - 3.758.0 → 3.768.0 - Mend

@aws-sdk/client-cognito-identity-provider 3.758.0 → 3.768.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/dist-types/commands/AdminUpdateUserAttributesCommand.d.ts CHANGED Viewed

@@ -27,27 +27,10 @@ declare const AdminUpdateUserAttributesCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <note>
- *             <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers
- *             require you to register an origination phone number before you can send SMS messages
- *             to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a
- *             phone number with <a href="https://console.aws.amazon.com/pinpoint/home/">Amazon Pinpoint</a>.
- *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
- *             receive SMS messages might not be able to sign up, activate their accounts, or sign
- *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
- *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
- *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
- *                     mode</a>
- *                </i>, you can send messages only to verified phone
- *             numbers. After you test your app while in the sandbox environment, you can move out
- *             of the sandbox and into production. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html"> SMS message settings for Amazon Cognito user pools</a> in the <i>Amazon Cognito
- *                 Developer Guide</i>.</p>
- *          </note>
- *          <p>Updates the specified user's attributes. To delete an attribute from your user,
+ * <p>Updates the specified user's attributes. To delete an attribute from your user,
  *             submit the attribute in your API request with a blank value.</p>
- *          <p>For custom attributes, you must prepend the <code>custom:</code> prefix to the
- *             attribute name.</p>
+ *          <p>For custom attributes, you must add a <code>custom:</code> prefix to the attribute
+ *             name, for example <code>custom:department</code>.</p>
  *          <p>This operation can set a user's email address or phone number as verified and
  *             permit immediate sign-in in user pools that require verification of these attributes. To
  *             do this, set the <code>email_verified</code> or <code>phone_number_verified</code>
@@ -72,6 +55,23 @@ declare const AdminUpdateUserAttributesCommand_base: {
  *                </li>
  *             </ul>
  *          </note>
+ *          <note>
+ *             <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers
+ *             require you to register an origination phone number before you can send SMS messages
+ *             to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a
+ *             phone number with <a href="https://console.aws.amazon.com/pinpoint/home/">Amazon Pinpoint</a>.
+ *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
+ *             receive SMS messages might not be able to sign up, activate their accounts, or sign
+ *             in.</p>
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
+ *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+ *                     mode</a>
+ *                </i>, you can send messages only to verified phone
+ *             numbers. After you test your app while in the sandbox environment, you can move out
+ *             of the sandbox and into production. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html"> SMS message settings for Amazon Cognito user pools</a> in the <i>Amazon Cognito
+ *                 Developer Guide</i>.</p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/AssociateSoftwareTokenCommand.d.ts CHANGED Viewed

@@ -33,18 +33,6 @@ declare const AssociateSoftwareTokenCommand_base: {
  *             the user's access token, or a session string from a challenge response that you received
  *             from Amazon Cognito.</p>
  *          <note>
- *             <p>Amazon Cognito disassociates an existing software token when you verify the new token in a
- *                     <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html"> VerifySoftwareToken</a> API request. If you don't verify the software
- *                 token and your user pool doesn't require MFA, the user can then authenticate with
- *                 user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito
- *                 generates an <code>MFA_SETUP</code> or <code>SOFTWARE_TOKEN_SETUP</code> challenge
- *                 each time your user signs in. Complete setup with
- *                     <code>AssociateSoftwareToken</code> and <code>VerifySoftwareToken</code>.</p>
- *             <p>After you set up software token MFA for your user, Amazon Cognito generates a
- *                     <code>SOFTWARE_TOKEN_MFA</code> challenge when they authenticate. Respond to
- *                 this challenge with your user's TOTP.</p>
- *          </note>
- *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you can't use IAM credentials to authorize requests, and you can't
  *     grant IAM permissions in policies. For more information about authorization models in

package/dist-types/commands/ChangePasswordCommand.d.ts CHANGED Viewed

@@ -27,7 +27,7 @@ declare const ChangePasswordCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Changes the password for a specified user in a user pool.</p>
+ * <p>Changes the password for the currently signed-in user.</p>
  *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
  *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For

package/dist-types/commands/CompleteWebAuthnRegistrationCommand.d.ts CHANGED Viewed

@@ -27,9 +27,8 @@ declare const CompleteWebAuthnRegistrationCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Completes registration of a passkey authenticator for the current user. Your
- *             application provides data from a successful registration request with the data from the
- *             output of a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_StartWebAuthnRegistration.html"> StartWebAuthnRegistration</a>.</p>
+ * <p>Completes registration of a passkey authenticator for the currently signed-in
+ *             user.</p>
  *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

package/dist-types/commands/ConfirmDeviceCommand.d.ts CHANGED Viewed

@@ -67,6 +67,10 @@ declare const ConfirmDeviceCommand_base: {
  * @see {@link ConfirmDeviceCommandOutput} for command's `response` shape.
  * @see {@link CognitoIdentityProviderClientResolvedConfig | config} for CognitoIdentityProviderClient's `config` shape.
  *
+ * @throws {@link DeviceKeyExistsException} (client fault)
+ *  <p>This exception is thrown when a user attempts to confirm a device with a device key
+ *             that already exists.</p>
+ *
  * @throws {@link ForbiddenException} (client fault)
  *  <p>This exception is thrown when WAF doesn't allow your request based on a web
  *             ACL that's associated with your user pool.</p>

package/dist-types/commands/ConfirmSignUpCommand.d.ts CHANGED Viewed

@@ -27,18 +27,15 @@ declare const ConfirmSignUpCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>This public API operation submits a code that Amazon Cognito sent to your user when they signed
- *             up in your user pool via the <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html">SignUp</a>
- *             API operation. After your user enters their code, they confirm ownership of the email
- *             address or phone number that they provided, and their user account becomes active.
- *             Depending on your user pool configuration, your users will receive their confirmation
- *             code in an email or SMS message.</p>
+ * <p>Confirms the account of a new user. This public API operation submits a code that
+ *             Amazon Cognito sent to your user when they signed up in your user pool. After your user enters
+ *             their code, they confirm ownership of the email address or phone number that they
+ *             provided, and their user account becomes active. Depending on your user pool
+ *             configuration, your users will receive their confirmation code in an email or SMS
+ *             message.</p>
  *          <p>Local users who signed up in your user pool are the only type of user who can confirm
  *             sign-up with a code. Users who federate through an external identity provider (IdP) have
- *             already been confirmed by their IdP. Administrator-created users, users created with the
- *                 <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html">AdminCreateUser</a> API operation, confirm their accounts when they respond to
- *             their invitation email message and choose a password. They do not receive a confirmation
- *             code. Instead, they receive a temporary password.</p>
+ *             already been confirmed by their IdP.</p>
  *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you can't use IAM credentials to authorize requests, and you can't

package/dist-types/commands/CreateGroupCommand.d.ts CHANGED Viewed

@@ -28,7 +28,7 @@ declare const CreateGroupCommand_base: {
 };
 /**
  * <p>Creates a new group in the specified user pool. For more information about user pool
- *             groups see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html">Adding groups to a user pool</a>.</p>
+ *             groups, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html">Adding groups to a user pool</a>.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/CreateManagedLoginBrandingCommand.d.ts CHANGED Viewed

@@ -41,9 +41,6 @@ declare const CreateManagedLoginBrandingCommand_base: {
  *             doesn't require that you pass all parameters in one request and preserves existing
  *             style settings that you don't specify. If your request is larger than 2MB, separate it
  *             into multiple requests, each with a size smaller than the limit. </p>
- *          <p>As a best practice, modify the output of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBrandingByClient.html">DescribeManagedLoginBrandingByClient</a> into the request parameters for this
- *             operation. To get all settings, set <code>ReturnMergedResources</code> to
- *                 <code>true</code>. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/managed-login-brandingdesigner.html#branding-designer-api">API and SDK operations for managed login branding</a>.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/CreateUserImportJobCommand.d.ts CHANGED Viewed

@@ -28,9 +28,7 @@ declare const CreateUserImportJobCommand_base: {
 };
 /**
  * <p>Creates a user import job. You can import users into user pools from a comma-separated
- *             values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services bill. To generate a
- *             template for your import, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetCSVHeader.html">GetCSVHeader</a>. To learn more about CSV import, see
- *                 <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html">Importing users from a CSV file</a>.</p>
+ *             values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services bill.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must

package/dist-types/commands/CreateUserPoolClientCommand.d.ts CHANGED Viewed

@@ -28,11 +28,10 @@ declare const CreateUserPoolClientCommand_base: {
 };
 /**
  * <p>Creates an app client in a user pool. This operation sets basic and advanced
- *             configuration options. You can create an app client in the Amazon Cognito console to your
- *             preferences and use the output of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html">DescribeUserPoolClient</a> to generate requests from that
- *             baseline.</p>
- *          <p>New app clients activate token revocation by default. For more information about
- *             revoking tokens, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html">RevokeToken</a>.</p>
+ *             configuration options.</p>
+ *          <p>Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a
+ * branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't
+ * available for your client until after you apply a branding style.</p>
  *          <important>
  *             <p>If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.</p>
  *          </important>

package/dist-types/commands/CreateUserPoolCommand.d.ts CHANGED Viewed

@@ -27,7 +27,12 @@ declare const CreateUserPoolCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <note>
+ * <p>Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration
+ *             options.</p>
+ *          <important>
+ *             <p>If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.</p>
+ *          </important>
+ *          <note>
  *             <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers
  *             require you to register an origination phone number before you can send SMS messages
  *             to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a
@@ -44,13 +49,6 @@ declare const CreateUserPoolCommand_base: {
  *             of the sandbox and into production. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html"> SMS message settings for Amazon Cognito user pools</a> in the <i>Amazon Cognito
  *                 Developer Guide</i>.</p>
  *          </note>
- *          <p>Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration
- *             options. You can create a user pool in the Amazon Cognito console to your preferences and use the
- *             output of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a> to generate requests from that
- *             baseline.</p>
- *          <important>
- *             <p>If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.</p>
- *          </important>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must
@@ -108,7 +106,7 @@ declare const CreateUserPoolCommand_base: {
  *     PreTokenGeneration: "STRING_VALUE",
  *     UserMigration: "STRING_VALUE",
  *     PreTokenGenerationConfig: { // PreTokenGenerationVersionConfigType
- *       LambdaVersion: "V1_0" || "V2_0", // required
+ *       LambdaVersion: "V1_0" || "V2_0" || "V3_0", // required
  *       LambdaArn: "STRING_VALUE", // required
  *     },
  *     CustomSMSSender: { // CustomSMSLambdaVersionConfigType
@@ -247,7 +245,7 @@ declare const CreateUserPoolCommand_base: {
  * //       PreTokenGeneration: "STRING_VALUE",
  * //       UserMigration: "STRING_VALUE",
  * //       PreTokenGenerationConfig: { // PreTokenGenerationVersionConfigType
- * //         LambdaVersion: "V1_0" || "V2_0", // required
+ * //         LambdaVersion: "V1_0" || "V2_0" || "V3_0", // required
  * //         LambdaArn: "STRING_VALUE", // required
  * //       },
  * //       CustomSMSSender: { // CustomSMSLambdaVersionConfigType

package/dist-types/commands/CreateUserPoolDomainCommand.d.ts CHANGED Viewed

@@ -28,9 +28,9 @@ declare const CreateUserPoolDomainCommand_base: {
 };
 /**
  * <p>A user pool domain hosts managed login, an authorization server and web server for
- *             authentication in your application. This operation creates a new user pool prefix or
- *             custom domain and sets the managed login branding version. Set the branding version to
- *                 <code>1</code> for hosted UI (classic) or <code>2</code> for managed login. When you
+ *             authentication in your application. This operation creates a new user pool prefix domain
+ *             or custom domain and sets the managed login branding version. Set the branding version
+ *             to <code>1</code> for hosted UI (classic) or <code>2</code> for managed login. When you
  *             choose a custom domain, you must provide an SSL certificate in the US East (N. Virginia)
  *             Amazon Web Services Region in your request.</p>
  *          <p>Your prefix domain might take up to one minute to take effect. Your custom domain is

package/dist-types/commands/DeleteUserAttributesCommand.d.ts CHANGED Viewed

@@ -27,9 +27,9 @@ declare const DeleteUserAttributesCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Self-deletes attributes for a user. For example, your application can submit a request
- *             to this operation when a user wants to remove their <code>birthdate</code> attribute
- *             value.</p>
+ * <p>Deletes attributes from the currently signed-in user. For example, your application
+ *             can submit a request to this operation when a user wants to remove their
+ *                 <code>birthdate</code> attribute value.</p>
  *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
  *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For

package/dist-types/commands/DeleteUserCommand.d.ts CHANGED Viewed

@@ -27,8 +27,8 @@ declare const DeleteUserCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Self-deletes a user profile. A deleted user profile can no longer be used to sign in
- *             and can't be restored.</p>
+ * <p>Deletes the profile of the currently signed-in user. A deleted user profile can no
+ *             longer be used to sign in and can't be restored.</p>
  *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
  *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For

package/dist-types/commands/DeleteUserPoolCommand.d.ts CHANGED Viewed

@@ -29,7 +29,13 @@ declare const DeleteUserPoolCommand_base: {
 /**
  * <p>Deletes a user pool. After you delete a user pool, users can no longer sign in to any
  *             associated applications. </p>
- *          <p></p>
+ *          <p>When you delete a user pool, it's no longer visible or operational in your Amazon Web Services account. Amazon Cognito retains deleted user pools in an inactive state for 14
+ *             days, then begins a cleanup process that fully removes them from Amazon Web Services systems. In case
+ *             of accidental deletion, contact Amazon Web ServicesSupport within 14 days for restoration
+ *             assistance.</p>
+ *          <p>Amazon Cognito begins full deletion of all resources from deleted user pools after 14 days. In
+ *             the case of large user pools, the cleanup process might take significant additional time
+ *             before all user data is permanently deleted.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DeleteWebAuthnCredentialCommand.d.ts CHANGED Viewed

@@ -27,7 +27,7 @@ declare const DeleteWebAuthnCredentialCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Deletes a registered passkey, or webauthN, authenticator for the currently signed-in
+ * <p>Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in
  *             user.</p>
  *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
  *          <note>

package/dist-types/commands/DescribeUserPoolCommand.d.ts CHANGED Viewed

@@ -94,7 +94,7 @@ declare const DescribeUserPoolCommand_base: {
  * //       PreTokenGeneration: "STRING_VALUE",
  * //       UserMigration: "STRING_VALUE",
  * //       PreTokenGenerationConfig: { // PreTokenGenerationVersionConfigType
- * //         LambdaVersion: "V1_0" || "V2_0", // required
+ * //         LambdaVersion: "V1_0" || "V2_0" || "V3_0", // required
  * //         LambdaArn: "STRING_VALUE", // required
  * //       },
  * //       CustomSMSSender: { // CustomSMSLambdaVersionConfigType

package/dist-types/commands/ForgetDeviceCommand.d.ts CHANGED Viewed

@@ -27,8 +27,8 @@ declare const ForgetDeviceCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Forgets the specified device. For more information about device authentication, see
- *                 <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">Working with user devices in your user pool</a>.</p>
+ * <p>Given a device key, deletes a remembered device as the currently signed-in user. For
+ *             more information about device authentication, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">Working with user devices in your user pool</a>.</p>
  *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
  *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For

package/dist-types/commands/ForgotPasswordCommand.d.ts CHANGED Viewed

@@ -27,18 +27,13 @@ declare const ForgotPasswordCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Calling this API causes a message to be sent to the end user with a confirmation code
- *             that is required to change the user's password. For the <code>Username</code> parameter,
- *             you can use the username or user alias. The method used to send the confirmation code is
- *             sent according to the specified AccountRecoverySetting. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html">Recovering
- *                 User Accounts</a> in the <i>Amazon Cognito Developer Guide</i>. To
- *             use the confirmation code for resetting the password, call <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html">ConfirmForgotPassword</a>. </p>
- *          <p>If neither a verified phone number nor a verified email exists, this API returns
- *                 <code>InvalidParameterException</code>. If your app client has a client secret and
- *             you don't provide a <code>SECRET_HASH</code> parameter, this API returns
+ * <p>Sends a password-reset confirmation code for the currently signed-in user.</p>
+ *          <p>For the <code>Username</code> parameter, you can use the username or user
+ *             alias.</p>
+ *          <p>If neither a verified phone number nor a verified email exists, Amazon Cognito responds with an
+ *                 <code>InvalidParameterException</code> error . If your app client has a client
+ *             secret and you don't provide a <code>SECRET_HASH</code> parameter, this API returns
  *                 <code>NotAuthorizedException</code>.</p>
- *          <p>To use this API operation, your user pool must have self-service account recovery
- *             configured. Use <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html">AdminSetUserPassword</a> if you manage passwords as an administrator.</p>
  *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you can't use IAM credentials to authorize requests, and you can't

package/dist-types/commands/GetCSVHeaderCommand.d.ts CHANGED Viewed

@@ -27,8 +27,32 @@ declare const GetCSVHeaderCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Gets the header information for the comma-separated value (CSV) file to be used as
- *             input for the user import job.</p>
+ * <p>Given a user pool ID, generates a comma-separated value (CSV) list populated with
+ *             available user attributes in the user pool. This list is the header for the CSV file
+ *             that determines the users in a user import job. Save the content of
+ *                 <code>CSVHeader</code> in the response as a <code>.csv</code> file and populate it
+ *             with the usernames and attributes of users that you want to import. For more information
+ *             about CSV user import, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html">Importing users from a CSV file</a>.</p>
+ *          <note>
+ *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
+ *     this operation, you must use IAM credentials to authorize requests, and you must
+ *     grant yourself the corresponding IAM permission in a policy.</p>
+ *             <p class="title">
+ *                <b>Learn more</b>
+ *             </p>
+ *             <ul>
+ *                <li>
+ *                   <p>
+ *                      <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html">Signing Amazon Web Services API Requests</a>
+ *                   </p>
+ *                </li>
+ *                <li>
+ *                   <p>
+ *                      <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html">Using the Amazon Cognito user pools API and user pool endpoints</a>
+ *                   </p>
+ *                </li>
+ *             </ul>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetDeviceCommand.d.ts CHANGED Viewed

@@ -27,7 +27,8 @@ declare const GetDeviceCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Gets the device. For more information about device authentication, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">Working with user devices in your user pool</a>.</p>
+ * <p>Given a device key, returns information about a remembered device for the current
+ *             user. For more information about device authentication, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">Working with user devices in your user pool</a>.</p>
  *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
  *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For

package/dist-types/commands/GetGroupCommand.d.ts CHANGED Viewed

@@ -27,8 +27,29 @@ declare const GetGroupCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Gets a group.</p>
- *          <p>Calling this action requires developer credentials.</p>
+ * <p>Given a user pool ID and a group name, returns information about the user
+ *             group.</p>
+ *          <p> For more information about user pool groups, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html">Adding groups to a user pool</a>.</p>
+ *          <note>
+ *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
+ *     this operation, you must use IAM credentials to authorize requests, and you must
+ *     grant yourself the corresponding IAM permission in a policy.</p>
+ *             <p class="title">
+ *                <b>Learn more</b>
+ *             </p>
+ *             <ul>
+ *                <li>
+ *                   <p>
+ *                      <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html">Signing Amazon Web Services API Requests</a>
+ *                   </p>
+ *                </li>
+ *                <li>
+ *                   <p>
+ *                      <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html">Using the Amazon Cognito user pools API and user pool endpoints</a>
+ *                   </p>
+ *                </li>
+ *             </ul>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetIdentityProviderByIdentifierCommand.d.ts CHANGED Viewed

@@ -27,7 +27,9 @@ declare const GetIdentityProviderByIdentifierCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Gets the specified IdP.</p>
+ * <p>Given the identifier of an identity provider (IdP), for example
+ *                 <code>examplecorp</code>, returns information about the user pool configuration for
+ *             that IdP. For more information about IdPs, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html">Third-party IdP sign-in</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetLogDeliveryConfigurationCommand.d.ts CHANGED Viewed

@@ -27,7 +27,28 @@ declare const GetLogDeliveryConfigurationCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Gets the logging configuration of a user pool.</p>
+ * <p>Given a user pool ID, returns the logging configuration. User pools can export
+ *             message-delivery error and threat-protection activity logs to external Amazon Web Services services. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/exporting-quotas-and-usage.html">Exporting user pool logs</a>.</p>
+ *          <note>
+ *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
+ *     this operation, you must use IAM credentials to authorize requests, and you must
+ *     grant yourself the corresponding IAM permission in a policy.</p>
+ *             <p class="title">
+ *                <b>Learn more</b>
+ *             </p>
+ *             <ul>
+ *                <li>
+ *                   <p>
+ *                      <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html">Signing Amazon Web Services API Requests</a>
+ *                   </p>
+ *                </li>
+ *                <li>
+ *                   <p>
+ *                      <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html">Using the Amazon Cognito user pools API and user pool endpoints</a>
+ *                   </p>
+ *                </li>
+ *             </ul>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetSigningCertificateCommand.d.ts CHANGED Viewed

@@ -27,11 +27,32 @@ declare const GetSigningCertificateCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>This method takes a user pool ID, and returns the signing certificate. The issued
- *             certificate is valid for 10 years from the date of issue.</p>
- *          <p>Amazon Cognito issues and assigns a new signing certificate annually. This process returns a
- *             new value in the response to <code>GetSigningCertificate</code>, but doesn't invalidate
- *             the original certificate.</p>
+ * <p>Given a user pool ID, returns the signing certificate for SAML 2.0 federation.</p>
+ *          <p>Issued certificates are valid for 10 years from the date of issue. Amazon Cognito issues and
+ *             assigns a new signing certificate annually. This renewal process returns a new value in
+ *             the response to <code>GetSigningCertificate</code>, but doesn't invalidate the original
+ *             certificate.</p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html#cognito-user-pools-SAML-signing">Signing SAML requests</a>.</p>
+ *          <note>
+ *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
+ *     this operation, you must use IAM credentials to authorize requests, and you must
+ *     grant yourself the corresponding IAM permission in a policy.</p>
+ *             <p class="title">
+ *                <b>Learn more</b>
+ *             </p>
+ *             <ul>
+ *                <li>
+ *                   <p>
+ *                      <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html">Signing Amazon Web Services API Requests</a>
+ *                   </p>
+ *                </li>
+ *                <li>
+ *                   <p>
+ *                      <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html">Using the Amazon Cognito user pools API and user pool endpoints</a>
+ *                   </p>
+ *                </li>
+ *             </ul>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetUICustomizationCommand.d.ts CHANGED Viewed

@@ -27,11 +27,11 @@ declare const GetUICustomizationCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Gets the user interface (UI) Customization information for a particular app client's
- *             app UI, if any such information exists for the client. If nothing is set for the
- *             particular client, but there is an existing pool level customization (the app
- *                 <code>clientId</code> is <code>ALL</code>), then that information is returned. If
- *             nothing is present, then an empty shape is returned.</p>
+ * <p>Given a user pool ID or app client, returns information about classic hosted UI
+ *             branding that you applied, if any. Returns user-pool level branding information if no
+ *             app client branding is applied, or if you don't specify an app client ID. Returns
+ *             an empty object if you haven't applied hosted UI branding to either the client or
+ *             the user pool. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/hosted-ui-classic-branding.html">Hosted UI (classic) branding</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetUserAttributeVerificationCodeCommand.d.ts CHANGED Viewed

@@ -27,9 +27,8 @@ declare const GetUserAttributeVerificationCodeCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Generates a user attribute verification code for the specified attribute name. Sends a
- *             message to a user with a code that they must return in a VerifyUserAttribute
- *             request.</p>
+ * <p>Given an attribute name, sends a user attribute verification code for the specified
+ *             attribute name to the currently signed-in user.</p>
  *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
  *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For

package/dist-types/commands/GetUserAuthFactorsCommand.d.ts CHANGED Viewed

@@ -34,11 +34,17 @@ declare const GetUserAuthFactorsCommand_base: {
  *                <p>The user's multi-factor authentication (MFA) preferences.</p>
  *             </li>
  *             <li>
- *                <p>The user's options in the <code>USER_AUTH</code> flow that they can
- *                     select in a <code>SELECT_CHALLENGE</code> response or request in a
- *                         <code>PREFERRED_CHALLENGE</code>request.</p>
+ *                <p>The user's options for choice-based authentication with the
+ *                         <code>USER_AUTH</code> flow.</p>
  *             </li>
  *          </ol>
+ *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
+ *          <note>
+ *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For
+ *     this operation, you can't use IAM credentials to authorize requests, and you can't
+ *     grant IAM permissions in policies. For more information about authorization models in
+ *     Amazon Cognito, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html">Using the Amazon Cognito user pools API and user pool endpoints</a>.</p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetUserCommand.d.ts CHANGED Viewed

@@ -27,7 +27,7 @@ declare const GetUserCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Gets the user attributes and metadata for a user.</p>
+ * <p>Gets user attributes and and MFA settings for the currently signed-in user.</p>
  *          <p>Authorize this action with a signed-in user's access token. It must include the scope <code>aws.cognito.signin.user.admin</code>.</p>
  *          <note>
  *             <p>Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For