@aws-sdk/client-cognito-identity-provider 3.758.0 → 3.768.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/README.md +4 -61
  2. package/dist-cjs/index.js +121 -88
  3. package/dist-es/models/models_0.js +13 -4
  4. package/dist-es/models/models_1.js +4 -0
  5. package/dist-es/protocols/Aws_json1_1.js +13 -1
  6. package/dist-types/CognitoIdentityProvider.d.ts +5 -62
  7. package/dist-types/CognitoIdentityProviderClient.d.ts +5 -62
  8. package/dist-types/commands/AddCustomAttributesCommand.d.ts +0 -3
  9. package/dist-types/commands/AdminConfirmSignUpCommand.d.ts +1 -2
  10. package/dist-types/commands/AdminCreateUserCommand.d.ts +12 -12
  11. package/dist-types/commands/AdminDeleteUserAttributesCommand.d.ts +2 -2
  12. package/dist-types/commands/AdminDisableProviderForUserCommand.d.ts +10 -13
  13. package/dist-types/commands/AdminEnableUserCommand.d.ts +1 -1
  14. package/dist-types/commands/AdminGetDeviceCommand.d.ts +1 -1
  15. package/dist-types/commands/AdminGetUserCommand.d.ts +4 -3
  16. package/dist-types/commands/AdminInitiateAuthCommand.d.ts +3 -0
  17. package/dist-types/commands/AdminLinkProviderForUserCommand.d.ts +11 -12
  18. package/dist-types/commands/AdminRemoveUserFromGroupCommand.d.ts +1 -1
  19. package/dist-types/commands/AdminResetUserPasswordCommand.d.ts +2 -12
  20. package/dist-types/commands/AdminSetUserMFAPreferenceCommand.d.ts +0 -3
  21. package/dist-types/commands/AdminSetUserSettingsCommand.d.ts +1 -1
  22. package/dist-types/commands/AdminUpdateAuthEventFeedbackCommand.d.ts +10 -7
  23. package/dist-types/commands/AdminUpdateUserAttributesCommand.d.ts +20 -20
  24. package/dist-types/commands/AssociateSoftwareTokenCommand.d.ts +0 -12
  25. package/dist-types/commands/ChangePasswordCommand.d.ts +1 -1
  26. package/dist-types/commands/CompleteWebAuthnRegistrationCommand.d.ts +2 -3
  27. package/dist-types/commands/ConfirmDeviceCommand.d.ts +4 -0
  28. package/dist-types/commands/ConfirmSignUpCommand.d.ts +7 -10
  29. package/dist-types/commands/CreateGroupCommand.d.ts +1 -1
  30. package/dist-types/commands/CreateManagedLoginBrandingCommand.d.ts +0 -3
  31. package/dist-types/commands/CreateUserImportJobCommand.d.ts +1 -3
  32. package/dist-types/commands/CreateUserPoolClientCommand.d.ts +4 -5
  33. package/dist-types/commands/CreateUserPoolCommand.d.ts +8 -10
  34. package/dist-types/commands/CreateUserPoolDomainCommand.d.ts +3 -3
  35. package/dist-types/commands/DeleteUserAttributesCommand.d.ts +3 -3
  36. package/dist-types/commands/DeleteUserCommand.d.ts +2 -2
  37. package/dist-types/commands/DeleteUserPoolCommand.d.ts +7 -1
  38. package/dist-types/commands/DeleteWebAuthnCredentialCommand.d.ts +1 -1
  39. package/dist-types/commands/DescribeUserPoolCommand.d.ts +1 -1
  40. package/dist-types/commands/ForgetDeviceCommand.d.ts +2 -2
  41. package/dist-types/commands/ForgotPasswordCommand.d.ts +6 -11
  42. package/dist-types/commands/GetCSVHeaderCommand.d.ts +26 -2
  43. package/dist-types/commands/GetDeviceCommand.d.ts +2 -1
  44. package/dist-types/commands/GetGroupCommand.d.ts +23 -2
  45. package/dist-types/commands/GetIdentityProviderByIdentifierCommand.d.ts +3 -1
  46. package/dist-types/commands/GetLogDeliveryConfigurationCommand.d.ts +22 -1
  47. package/dist-types/commands/GetSigningCertificateCommand.d.ts +26 -5
  48. package/dist-types/commands/GetUICustomizationCommand.d.ts +5 -5
  49. package/dist-types/commands/GetUserAttributeVerificationCodeCommand.d.ts +2 -3
  50. package/dist-types/commands/GetUserAuthFactorsCommand.d.ts +9 -3
  51. package/dist-types/commands/GetUserCommand.d.ts +1 -1
  52. package/dist-types/commands/GetUserPoolMfaConfigCommand.d.ts +39 -1
  53. package/dist-types/commands/InitiateAuthCommand.d.ts +5 -2
  54. package/dist-types/commands/ListDevicesCommand.d.ts +1 -1
  55. package/dist-types/commands/ListGroupsCommand.d.ts +1 -1
  56. package/dist-types/commands/ListIdentityProvidersCommand.d.ts +2 -1
  57. package/dist-types/commands/ListResourceServersCommand.d.ts +2 -1
  58. package/dist-types/commands/ListTagsForResourceCommand.d.ts +3 -4
  59. package/dist-types/commands/ListUserImportJobsCommand.d.ts +3 -1
  60. package/dist-types/commands/ListUserPoolClientsCommand.d.ts +2 -1
  61. package/dist-types/commands/ListUserPoolsCommand.d.ts +2 -2
  62. package/dist-types/commands/ListUsersCommand.d.ts +2 -1
  63. package/dist-types/commands/ListUsersInGroupCommand.d.ts +2 -1
  64. package/dist-types/commands/ListWebAuthnCredentialsCommand.d.ts +9 -2
  65. package/dist-types/commands/ResendConfirmationCodeCommand.d.ts +5 -2
  66. package/dist-types/commands/SetLogDeliveryConfigurationCommand.d.ts +3 -1
  67. package/dist-types/commands/SetRiskConfigurationCommand.d.ts +24 -5
  68. package/dist-types/commands/SetUICustomizationCommand.d.ts +23 -10
  69. package/dist-types/commands/SetUserMFAPreferenceCommand.d.ts +0 -3
  70. package/dist-types/commands/SetUserPoolMfaConfigCommand.d.ts +2 -1
  71. package/dist-types/commands/SetUserSettingsCommand.d.ts +1 -1
  72. package/dist-types/commands/SignUpCommand.d.ts +3 -5
  73. package/dist-types/commands/StartUserImportJobCommand.d.ts +3 -1
  74. package/dist-types/commands/StartWebAuthnRegistrationCommand.d.ts +4 -6
  75. package/dist-types/commands/StopUserImportJobCommand.d.ts +3 -1
  76. package/dist-types/commands/UntagResourceCommand.d.ts +1 -2
  77. package/dist-types/commands/UpdateAuthEventFeedbackCommand.d.ts +13 -3
  78. package/dist-types/commands/UpdateDeviceStatusCommand.d.ts +6 -2
  79. package/dist-types/commands/UpdateGroupCommand.d.ts +2 -1
  80. package/dist-types/commands/UpdateIdentityProviderCommand.d.ts +4 -1
  81. package/dist-types/commands/UpdateManagedLoginBrandingCommand.d.ts +1 -5
  82. package/dist-types/commands/UpdateResourceServerCommand.d.ts +2 -1
  83. package/dist-types/commands/UpdateUserAttributesCommand.d.ts +4 -5
  84. package/dist-types/commands/UpdateUserPoolClientCommand.d.ts +7 -4
  85. package/dist-types/commands/UpdateUserPoolCommand.d.ts +8 -7
  86. package/dist-types/commands/VerifySoftwareTokenCommand.d.ts +4 -3
  87. package/dist-types/commands/VerifyUserAttributeCommand.d.ts +5 -3
  88. package/dist-types/index.d.ts +5 -62
  89. package/dist-types/models/models_0.d.ts +749 -656
  90. package/dist-types/models/models_1.d.ts +837 -560
  91. package/dist-types/ts3.4/models/models_0.d.ts +9 -6
  92. package/dist-types/ts3.4/models/models_1.d.ts +6 -1
  93. package/package.json +1 -1
package/dist-types/models/models_0.d.ts CHANGED
@@ -23,7 +23,6 @@ export type RecoveryOptionNameType = (typeof RecoveryOptionNameType)[keyof typeo
23
23
  * sends account-recovery messages to a verified email address but falls back to an SMS
24
24
  * message if the user has a verified phone number. The <code>admin_only</code> option
25
25
  * prevents self-service account recovery.</p>
26
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
27
26
  * @public
28
27
  */
29
28
  export interface RecoveryOptionType {
@@ -43,7 +42,6 @@ export interface RecoveryOptionType {
43
42
  * <p>The settings for user message delivery in forgot-password operations. Contains
44
43
  * preference for email or SMS message delivery of password reset codes, or for admin-only
45
44
  * password reset.</p>
46
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
47
45
  * @public
48
46
  */
49
47
  export interface AccountRecoverySettingType {
@@ -73,8 +71,7 @@ export type AccountTakeoverEventActionType = (typeof AccountTakeoverEventActionT
73
71
  /**
74
72
  * <p>The automated response to a risk level for adaptive authentication in full-function,
75
73
  * or <code>ENFORCED</code>, mode. You can assign an action to each risk level that
76
- * advanced security features evaluates.</p>
77
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html">SetRiskConfiguration</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html">DescribeRiskConfiguration</a>.</p>
74
+ * threat protection evaluates.</p>
78
75
  * @public
79
76
  */
80
77
  export interface AccountTakeoverActionType {
@@ -118,35 +115,30 @@ export interface AccountTakeoverActionType {
118
115
  }
119
116
  /**
120
117
  * <p>A list of account-takeover actions for each level of risk that Amazon Cognito might assess with
121
- * advanced security features.</p>
122
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html">SetRiskConfiguration</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html">DescribeRiskConfiguration</a>.</p>
118
+ * threat protection features.</p>
123
119
  * @public
124
120
  */
125
121
  export interface AccountTakeoverActionsType {
126
122
  /**
127
- * <p>The action that you assign to a low-risk assessment by advanced security
128
- * features.</p>
123
+ * <p>The action that you assign to a low-risk assessment by threat protection.</p>
129
124
  * @public
130
125
  */
131
126
  LowAction?: AccountTakeoverActionType | undefined;
132
127
  /**
133
- * <p>The action that you assign to a medium-risk assessment by advanced security
134
- * features.</p>
128
+ * <p>The action that you assign to a medium-risk assessment by threat protection.</p>
135
129
  * @public
136
130
  */
137
131
  MediumAction?: AccountTakeoverActionType | undefined;
138
132
  /**
139
- * <p>The action that you assign to a high-risk assessment by advanced security
140
- * features.</p>
133
+ * <p>The action that you assign to a high-risk assessment by threat protection.</p>
141
134
  * @public
142
135
  */
143
136
  HighAction?: AccountTakeoverActionType | undefined;
144
137
  }
145
138
  /**
146
- * <p>The template for email messages that advanced security features sends to a user when
139
+ * <p>The template for email messages that threat protection sends to a user when
147
140
  * your threat protection automated response has a <i>Notify</i>
148
141
  * action.</p>
149
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html">SetRiskConfiguration</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html">DescribeRiskConfiguration</a>.</p>
150
142
  * @public
151
143
  */
152
144
  export interface NotifyEmailType {
@@ -171,10 +163,9 @@ export interface NotifyEmailType {
171
163
  TextBody?: string | undefined;
172
164
  }
173
165
  /**
174
- * <p>The configuration for Amazon SES email messages that advanced security features sends to a
166
+ * <p>The configuration for Amazon SES email messages that threat protection sends to a
175
167
  * user when your adaptive authentication automated response has a
176
168
  * <i>Notify</i> action.</p>
177
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html">SetRiskConfiguration</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html">DescribeRiskConfiguration</a>.</p>
178
169
  * @public
179
170
  */
180
171
  export interface NotifyConfigurationType {
@@ -218,14 +209,12 @@ export interface NotifyConfigurationType {
218
209
  }
219
210
  /**
220
211
  * <p>The settings for automated responses and notification templates for adaptive
221
- * authentication with advanced security features.</p>
222
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html">SetRiskConfiguration</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html">DescribeRiskConfiguration</a>.</p>
212
+ * authentication with threat protection features.</p>
223
213
  * @public
224
214
  */
225
215
  export interface AccountTakeoverRiskConfigurationType {
226
216
  /**
227
- * <p>The settings for composing and sending an email message when advanced security
228
- * features assesses a risk level with adaptive authentication. When you choose to notify
217
+ * <p>The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify
229
218
  * users in <code>AccountTakeoverRiskConfiguration</code>, Amazon Cognito sends an email message
230
219
  * using the method and template that you set with this data type.</p>
231
220
  * @public
@@ -233,7 +222,7 @@ export interface AccountTakeoverRiskConfigurationType {
233
222
  NotifyConfiguration?: NotifyConfigurationType | undefined;
234
223
  /**
235
224
  * <p>A list of account-takeover actions for each level of risk that Amazon Cognito might assess with
236
- * advanced security features.</p>
225
+ * threat protection.</p>
237
226
  * @public
238
227
  */
239
228
  Actions: AccountTakeoverActionsType | undefined;
@@ -255,10 +244,6 @@ export type AttributeDataType = (typeof AttributeDataType)[keyof typeof Attribut
255
244
  /**
256
245
  * <p>The minimum and maximum values of an attribute that is of the number type, for example
257
246
  * <code>custom:age</code>.</p>
258
- * <p>This data type is part of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html">SchemaAttributeType</a>. It defines the length constraints
259
- * on number-type attributes that you configure in <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and displays the length constraints of
260
- * all number-type attributes in the response to <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>
261
- * </p>
262
247
  * @public
263
248
  */
264
249
  export interface NumberAttributeConstraintsType {
@@ -278,10 +263,6 @@ export interface NumberAttributeConstraintsType {
278
263
  /**
279
264
  * <p>The minimum and maximum length values of an attribute that is of the string type, for
280
265
  * example <code>custom:department</code>.</p>
281
- * <p>This data type is part of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html">SchemaAttributeType</a>. It defines the length constraints
282
- * on string-type attributes that you configure in <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and displays the length constraints of
283
- * all string-type attributes in the response to <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>
284
- * </p>
285
266
  * @public
286
267
  */
287
268
  export interface StringAttributeConstraintsType {
@@ -308,7 +289,6 @@ export interface StringAttributeConstraintsType {
308
289
  * are read-only to all app clients. You can create and update developer-only attributes
309
290
  * only with IAM-authenticated API operations. Use app client read/write permissions
310
291
  * instead.</p>
311
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
312
292
  * @public
313
293
  */
314
294
  export interface SchemaAttributeType {
@@ -528,7 +508,7 @@ export interface AdminAddUserToGroupRequest {
528
508
  */
529
509
  UserPoolId: string | undefined;
530
510
  /**
531
- * <p>The username of the user that you want to query or modify. The value of this parameter
511
+ * <p>The name of the user that you want to query or modify. The value of this parameter
532
512
  * is typically your user's username, but it can be any of their alias attributes. If
533
513
  * <code>username</code> isn't an alias attribute in your user pool, this value
534
514
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -566,7 +546,7 @@ export interface AdminConfirmSignUpRequest {
566
546
  */
567
547
  UserPoolId: string | undefined;
568
548
  /**
569
- * <p>The username of the user that you want to query or modify. The value of this parameter
549
+ * <p>The name of the user that you want to query or modify. The value of this parameter
570
550
  * is typically your user's username, but it can be any of their alias attributes. If
571
551
  * <code>username</code> isn't an alias attribute in your user pool, this value
572
552
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -586,7 +566,7 @@ export interface AdminConfirmSignUpRequest {
586
566
  * Lambda, you can process the ClientMetadata value to enhance your workflow for your
587
567
  * specific needs.</p>
588
568
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
589
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
569
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
590
570
  * <note>
591
571
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
592
572
  * following:</p>
@@ -707,7 +687,6 @@ export declare const MessageActionType: {
707
687
  export type MessageActionType = (typeof MessageActionType)[keyof typeof MessageActionType];
708
688
  /**
709
689
  * <p>The name and value of a user attribute.</p>
710
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html">AdminUpdateUserAttributes</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html">UpdateUserAttributes</a>.</p>
711
690
  * @public
712
691
  */
713
692
  export interface AttributeType {
@@ -770,28 +749,27 @@ export interface AdminCreateUserRequest {
770
749
  * passwordless sign-in with an email or SMS OTP. These attributes must be provided when
771
750
  * passwordless options are the only available, or when you don't submit a
772
751
  * <code>TemporaryPassword</code>.</p>
773
- * <p>In your call to <code>AdminCreateUser</code>, you can set the
774
- * <code>email_verified</code> attribute to <code>True</code>, and you can set the
775
- * <code>phone_number_verified</code> attribute to <code>True</code>. You can also do
776
- * this by calling <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html">AdminUpdateUserAttributes</a>.</p>
777
- * <ul>
778
- * <li>
779
- * <p>
780
- * <b>email</b>: The email address of the user to whom
781
- * the message that contains the code and username will be sent. Required if the
782
- * <code>email_verified</code> attribute is set to <code>True</code>, or if
783
- * <code>"EMAIL"</code> is specified in the <code>DesiredDeliveryMediums</code>
784
- * parameter.</p>
785
- * </li>
786
- * <li>
787
- * <p>
788
- * <b>phone_number</b>: The phone number of the user to
789
- * whom the message that contains the code and username will be sent. Required if
790
- * the <code>phone_number_verified</code> attribute is set to <code>True</code>, or
791
- * if <code>"SMS"</code> is specified in the <code>DesiredDeliveryMediums</code>
792
- * parameter.</p>
793
- * </li>
794
- * </ul>
752
+ * <p>In your <code>AdminCreateUser</code> request, you can set the
753
+ * <code>email_verified</code> and <code>phone_number_verified</code> attributes to
754
+ * <code>true</code>. The following conditions apply:</p>
755
+ * <dl>
756
+ * <dt>email</dt>
757
+ * <dd>
758
+ * <p>The email address where you want the user to receive their confirmation
759
+ * code and username. You must provide a value for <code>email</code> when you
760
+ * want to set <code>email_verified</code> to <code>true</code>, or if you set
761
+ * <code>EMAIL</code> in the <code>DesiredDeliveryMediums</code>
762
+ * parameter.</p>
763
+ * </dd>
764
+ * <dt>phone_number</dt>
765
+ * <dd>
766
+ * <p>The phone number where you want the user to receive their confirmation
767
+ * code and username. You must provide a value for <code>phone_number</code>
768
+ * when you want to set <code>phone_number_verified</code> to
769
+ * <code>true</code>, or if you set <code>SMS</code> in the
770
+ * <code>DesiredDeliveryMediums</code> parameter.</p>
771
+ * </dd>
772
+ * </dl>
795
773
  * @public
796
774
  */
797
775
  UserAttributes?: AttributeType[] | undefined;
@@ -800,10 +778,8 @@ export interface AdminCreateUserRequest {
800
778
  * trigger. This set of key-value pairs are for custom validation of information that you
801
779
  * collect from your users but don't need to retain.</p>
802
780
  * <p>Your Lambda function can analyze this additional data and act on it. Your function
803
- * might perform external API operations like logging user attributes and validation data
804
- * to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns
805
- * to Amazon Cognito, like automatically confirming the user if they sign up from within your
806
- * network.</p>
781
+ * can automatically confirm and verify select users or perform external API operations
782
+ * like logging user attributes and validation data to Amazon CloudWatch Logs.</p>
807
783
  * <p>For more information about the pre sign-up Lambda trigger, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html">Pre sign-up Lambda trigger</a>.</p>
808
784
  * @public
809
785
  */
@@ -814,7 +790,7 @@ export interface AdminCreateUserRequest {
814
790
  * <p>The exception to the requirement for a password is when your user pool supports
815
791
  * passwordless sign-in with email or SMS OTPs. To create a user with no password, omit
816
792
  * this parameter or submit a blank value. You can only create a passwordless user when
817
- * passwordless sign-in is available. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignInPolicyType.html">the SignInPolicyType</a> property of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>.</p>
793
+ * passwordless sign-in is available.</p>
818
794
  * <p>The temporary password is valid only once. To complete the Admin Create User flow, the
819
795
  * user must enter the temporary password in the sign-in page, along with a new password to
820
796
  * be used in all future sign-ins.</p>
@@ -869,7 +845,7 @@ export interface AdminCreateUserRequest {
869
845
  * Lambda, you can process the <code>clientMetadata</code> value to enhance your
870
846
  * workflow for your specific needs.</p>
871
847
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
872
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
848
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
873
849
  * <note>
874
850
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
875
851
  * following:</p>
@@ -934,7 +910,6 @@ export declare const UserStatusType: {
934
910
  export type UserStatusType = (typeof UserStatusType)[keyof typeof UserStatusType];
935
911
  /**
936
912
  * <p>A user profile in a Amazon Cognito user pool.</p>
937
- * <p>This data type is a response parameter to <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html">AdminCreateUser</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html">ListUsers</a>. </p>
938
913
  * @public
939
914
  */
940
915
  export interface UserType {
@@ -969,27 +944,31 @@ export interface UserType {
969
944
  * <p>The user status. This can be one of the following:</p>
970
945
  * <ul>
971
946
  * <li>
972
- * <p>UNCONFIRMED - User has been created but not confirmed.</p>
973
- * </li>
974
- * <li>
975
- * <p>CONFIRMED - User has been confirmed.</p>
947
+ * <p>
948
+ * <code>UNCONFIRMED</code>: User has been created but not confirmed.</p>
976
949
  * </li>
977
950
  * <li>
978
- * <p>EXTERNAL_PROVIDER - User signed in with a third-party IdP.</p>
951
+ * <p>
952
+ * <code>CONFIRMED</code>: User has been confirmed.</p>
979
953
  * </li>
980
954
  * <li>
981
- * <p>UNKNOWN - User status isn't known.</p>
955
+ * <p>
956
+ * <code>EXTERNAL_PROVIDER</code>: User signed in with a third-party IdP.</p>
982
957
  * </li>
983
958
  * <li>
984
- * <p>RESET_REQUIRED - User is confirmed, but the user must request a code and reset
985
- * their password before they can sign in.</p>
959
+ * <p>
960
+ * <code>RESET_REQUIRED</code>: User is confirmed, but the user must request a
961
+ * code and reset their password before they can sign in.</p>
986
962
  * </li>
987
963
  * <li>
988
- * <p>FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a
989
- * temporary password, but on first sign-in, the user must change their password to
990
- * a new value before doing anything else. </p>
964
+ * <p>
965
+ * <code>FORCE_CHANGE_PASSWORD</code>: The user is confirmed and the user can
966
+ * sign in using a temporary password, but on first sign-in, the user must change
967
+ * their password to a new value before doing anything else. </p>
991
968
  * </li>
992
969
  * </ul>
970
+ * <p>The statuses <code>ARCHIVED</code>, <code>UNKNOWN</code>, and <code>COMPROMISED</code>
971
+ * are no longer used.</p>
993
972
  * @public
994
973
  */
995
974
  UserStatus?: UserStatusType | undefined;
@@ -1125,22 +1104,18 @@ export interface MessageTemplateType {
1125
1104
  * <p>The settings for administrator creation of users in a user pool. Contains settings for
1126
1105
  * allowing user sign-up, customizing invitation messages to new users, and the amount of
1127
1106
  * time before temporary passwords expire.</p>
1128
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
1129
1107
  * @public
1130
1108
  */
1131
1109
  export interface AdminCreateUserConfigType {
1132
1110
  /**
1133
1111
  * <p>The setting for allowing self-service sign-up. When <code>true</code>, only
1134
1112
  * administrators can create new user profiles. When <code>false</code>, users can register
1135
- * themselves and create a new user profile with the <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html">SignUp</a> operation.</p>
1113
+ * themselves and create a new user profile with the <code>SignUp</code> operation.</p>
1136
1114
  * @public
1137
1115
  */
1138
1116
  AllowAdminCreateUserOnly?: boolean | undefined;
1139
1117
  /**
1140
- * <p>This parameter is no longer in use. Configure the duration of temporary passwords with
1141
- * the <code>TemporaryPasswordValidityDays</code> parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html">PasswordPolicyType</a>. For older user pools that have a
1142
- * <code>UnusedAccountValidityDays</code> configuration, that value is effective until
1143
- * you set a value for <code>TemporaryPasswordValidityDays</code>.</p>
1118
+ * <p>This parameter is no longer in use.</p>
1144
1119
  * <p>The password expiration limit in days for administrator-created users. When this time
1145
1120
  * expires, the user can't sign in with their temporary password. To reset the account
1146
1121
  * after that time limit, you must call <code>AdminCreateUser</code> again, specifying
@@ -1169,7 +1144,7 @@ export interface AdminDeleteUserRequest {
1169
1144
  */
1170
1145
  UserPoolId: string | undefined;
1171
1146
  /**
1172
- * <p>The username of the user that you want to query or modify. The value of this parameter
1147
+ * <p>The name of the user that you want to query or modify. The value of this parameter
1173
1148
  * is typically your user's username, but it can be any of their alias attributes. If
1174
1149
  * <code>username</code> isn't an alias attribute in your user pool, this value
1175
1150
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -1189,7 +1164,7 @@ export interface AdminDeleteUserAttributesRequest {
1189
1164
  */
1190
1165
  UserPoolId: string | undefined;
1191
1166
  /**
1192
- * <p>The username of the user that you want to query or modify. The value of this parameter
1167
+ * <p>The name of the user that you want to query or modify. The value of this parameter
1193
1168
  * is typically your user's username, but it can be any of their alias attributes. If
1194
1169
  * <code>username</code> isn't an alias attribute in your user pool, this value
1195
1170
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -1215,7 +1190,6 @@ export interface AdminDeleteUserAttributesResponse {
1215
1190
  /**
1216
1191
  * <p>The characteristics of a source or destination user for linking a federated user
1217
1192
  * profile to a local user profile.</p>
1218
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html">AdminLinkProviderForUser</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDisableProviderForUser.html">AdminDisableProviderForUser</a>.</p>
1219
1193
  * @public
1220
1194
  */
1221
1195
  export interface ProviderUserIdentifierType {
@@ -1284,7 +1258,7 @@ export interface AdminDisableUserRequest {
1284
1258
  */
1285
1259
  UserPoolId: string | undefined;
1286
1260
  /**
1287
- * <p>The username of the user that you want to query or modify. The value of this parameter
1261
+ * <p>The name of the user that you want to query or modify. The value of this parameter
1288
1262
  * is typically your user's username, but it can be any of their alias attributes. If
1289
1263
  * <code>username</code> isn't an alias attribute in your user pool, this value
1290
1264
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -1311,7 +1285,7 @@ export interface AdminEnableUserRequest {
1311
1285
  */
1312
1286
  UserPoolId: string | undefined;
1313
1287
  /**
1314
- * <p>The username of the user that you want to query or modify. The value of this parameter
1288
+ * <p>The name of the user that you want to query or modify. The value of this parameter
1315
1289
  * is typically your user's username, but it can be any of their alias attributes. If
1316
1290
  * <code>username</code> isn't an alias attribute in your user pool, this value
1317
1291
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -1338,7 +1312,7 @@ export interface AdminForgetDeviceRequest {
1338
1312
  */
1339
1313
  UserPoolId: string | undefined;
1340
1314
  /**
1341
- * <p>The username of the user that you want to query or modify. The value of this parameter
1315
+ * <p>The name of the user that you want to query or modify. The value of this parameter
1342
1316
  * is typically your user's username, but it can be any of their alias attributes. If
1343
1317
  * <code>username</code> isn't an alias attribute in your user pool, this value
1344
1318
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -1347,8 +1321,7 @@ export interface AdminForgetDeviceRequest {
1347
1321
  */
1348
1322
  Username: string | undefined;
1349
1323
  /**
1350
- * <p>The key ID of the device that you want to delete. You can get device keys in the
1351
- * response to an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListDevices.html">AdminListDevices</a> request.</p>
1324
+ * <p>The key ID of the device that you want to delete.</p>
1352
1325
  * @public
1353
1326
  */
1354
1327
  DeviceKey: string | undefined;
@@ -1371,8 +1344,7 @@ export declare class InvalidUserPoolConfigurationException extends __BaseExcepti
1371
1344
  */
1372
1345
  export interface AdminGetDeviceRequest {
1373
1346
  /**
1374
- * <p>The key of the device that you want to delete. You can get device IDs in the response
1375
- * to an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListDevices.html">AdminListDevices</a> request.</p>
1347
+ * <p>The key of the device that you want to delete.</p>
1376
1348
  * @public
1377
1349
  */
1378
1350
  DeviceKey: string | undefined;
@@ -1382,7 +1354,7 @@ export interface AdminGetDeviceRequest {
1382
1354
  */
1383
1355
  UserPoolId: string | undefined;
1384
1356
  /**
1385
- * <p>The username of the user that you want to query or modify. The value of this parameter
1357
+ * <p>The name of the user that you want to query or modify. The value of this parameter
1386
1358
  * is typically your user's username, but it can be any of their alias attributes. If
1387
1359
  * <code>username</code> isn't an alias attribute in your user pool, this value
1388
1360
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -1394,7 +1366,6 @@ export interface AdminGetDeviceRequest {
1394
1366
  /**
1395
1367
  * <p>Information about a user's device that they've registered for device SRP
1396
1368
  * authentication in your application. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">Working with user devices in your user pool</a>.</p>
1397
- * <p>The data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetDevice.html">AdminGetDevice</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListDevices.html">AdminListDevices</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetDevice.html">GetDevice</a>.</p>
1398
1369
  * @public
1399
1370
  */
1400
1371
  export interface DeviceType {
@@ -1450,7 +1421,7 @@ export interface AdminGetUserRequest {
1450
1421
  */
1451
1422
  UserPoolId: string | undefined;
1452
1423
  /**
1453
- * <p>The username of the user that you want to query or modify. The value of this parameter
1424
+ * <p>The name of the user that you want to query or modify. The value of this parameter
1454
1425
  * is typically your user's username, but it can be any of their alias attributes. If
1455
1426
  * <code>username</code> isn't an alias attribute in your user pool, this value
1456
1427
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -1489,8 +1460,7 @@ export interface AdminGetUserResponse {
1489
1460
  */
1490
1461
  UserLastModifiedDate?: Date | undefined;
1491
1462
  /**
1492
- * <p>Indicates whether the user is activated for sign-in. The <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDisableUser.html">AdminDisableUser</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminEnableUser.html">AdminEnableUser</a> API operations deactivate and activate
1493
- * user sign-in, respectively.</p>
1463
+ * <p>Indicates whether the user is activated for sign-in.</p>
1494
1464
  * @public
1495
1465
  */
1496
1466
  Enabled?: boolean | undefined;
@@ -1541,9 +1511,8 @@ export interface AdminGetUserResponse {
1541
1511
  PreferredMfaSetting?: string | undefined;
1542
1512
  /**
1543
1513
  * <p>The MFA options that are activated for the user. The possible values in this list are
1544
- * <code>SMS_MFA</code>, <code>EMAIL_OTP</code>, and <code>SOFTWARE_TOKEN_MFA</code>.
1545
- * You can change the MFA preference for users who have more than one available MFA factor
1546
- * with <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html">AdminSetUserMFAPreference</a> or <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html">SetUserMFAPreference</a>.</p>
1514
+ * <code>SMS_MFA</code>, <code>EMAIL_OTP</code>, and
1515
+ * <code>SOFTWARE_TOKEN_MFA</code>.</p>
1547
1516
  * @public
1548
1517
  */
1549
1518
  UserMFASettingList?: string[] | undefined;
@@ -1554,7 +1523,6 @@ export interface AdminGetUserResponse {
1554
1523
  * <p>An endpoint ID uniquely identifies a mobile device, email address or phone number that
1555
1524
  * can receive messages from Amazon Pinpoint analytics. For more information about Amazon Web Services Regions that
1556
1525
  * can contain Amazon Pinpoint resources for use with Amazon Cognito user pools, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html">Using Amazon Pinpoint analytics with Amazon Cognito user pools</a>.</p>
1557
- * <p>This data type is a request parameter of authentication operations like <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html">AdminInitiateAuth</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html">RespondToAuthChallenge</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html">AdminRespondToAuthChallenge</a>.</p>
1558
1526
  * @public
1559
1527
  */
1560
1528
  export interface AnalyticsMetadataType {
@@ -1585,8 +1553,6 @@ export declare const AuthFlowType: {
1585
1553
  export type AuthFlowType = (typeof AuthFlowType)[keyof typeof AuthFlowType];
1586
1554
  /**
1587
1555
  * <p>The HTTP header in the <code>ContextData</code> parameter.</p>
1588
- * <p>This data type is a request parameter of server-side authentication operations like
1589
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html">AdminInitiateAuth</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html">AdminRespondToAuthChallenge</a>.</p>
1590
1556
  * @public
1591
1557
  */
1592
1558
  export interface HttpHeader {
@@ -1604,8 +1570,6 @@ export interface HttpHeader {
1604
1570
  /**
1605
1571
  * <p>Contextual user data used for evaluating the risk of an authentication event by user
1606
1572
  * pool threat protection.</p>
1607
- * <p>This data type is a request parameter of server-side authentication operations like
1608
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html">AdminInitiateAuth</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html">AdminRespondToAuthChallenge</a>.</p>
1609
1573
  * @public
1610
1574
  */
1611
1575
  export interface ContextDataType {
@@ -1654,42 +1618,17 @@ export interface AdminInitiateAuthRequest {
1654
1618
  /**
1655
1619
  * <p>The authentication flow that you want to initiate. Each <code>AuthFlow</code> has
1656
1620
  * linked <code>AuthParameters</code> that you must submit. The following are some example
1657
- * flows and their parameters.</p>
1658
- * <ul>
1659
- * <li>
1660
- * <p>
1661
- * <code>USER_AUTH</code>: Request a preferred authentication type or review
1662
- * available authentication types. From the offered authentication types, select
1663
- * one in a challenge response and then authenticate with that method in an
1664
- * additional challenge response.</p>
1665
- * </li>
1666
- * <li>
1667
- * <p>
1668
- * <code>REFRESH_TOKEN_AUTH</code>: Receive new ID and access tokens when you
1669
- * pass a <code>REFRESH_TOKEN</code> parameter with a valid refresh token as the
1670
- * value.</p>
1671
- * </li>
1672
- * <li>
1673
- * <p>
1674
- * <code>USER_SRP_AUTH</code>: Receive secure remote password (SRP) variables for
1675
- * the next challenge, <code>PASSWORD_VERIFIER</code>, when you pass
1676
- * <code>USERNAME</code> and <code>SRP_A</code> parameters..</p>
1677
- * </li>
1678
- * <li>
1679
- * <p>
1680
- * <code>ADMIN_USER_PASSWORD_AUTH</code>: Receive new tokens or the next
1681
- * challenge, for example <code>SOFTWARE_TOKEN_MFA</code>, when you pass
1682
- * <code>USERNAME</code> and <code>PASSWORD</code> parameters.</p>
1683
- * </li>
1684
- * </ul>
1685
- * <p>
1686
- * <i>All flows</i>
1687
- * </p>
1621
+ * flows.</p>
1688
1622
  * <dl>
1689
1623
  * <dt>USER_AUTH</dt>
1690
1624
  * <dd>
1691
- * <p>The entry point for sign-in with passwords, one-time passwords, and
1692
- * WebAuthN authenticators.</p>
1625
+ * <p>The entry point for <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flows-selection-sdk.html#authentication-flows-selection-choice">choice-based authentication</a> with passwords,
1626
+ * one-time passwords, and WebAuthn authenticators. Request a preferred
1627
+ * authentication type or review available authentication types. From the
1628
+ * offered authentication types, select one in a challenge response and then
1629
+ * authenticate with that method in an additional challenge response.
1630
+ * To activate this setting, your user pool must be in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html">
1631
+ * Essentials tier</a> or higher.</p>
1693
1632
  * </dd>
1694
1633
  * <dt>USER_SRP_AUTH</dt>
1695
1634
  * <dd>
@@ -1699,8 +1638,9 @@ export interface AdminInitiateAuthRequest {
1699
1638
  * </dd>
1700
1639
  * <dt>REFRESH_TOKEN_AUTH and REFRESH_TOKEN</dt>
1701
1640
  * <dd>
1702
- * <p>Provide a valid refresh token and receive new ID and access tokens. For
1703
- * more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html">Using the refresh token</a>.</p>
1641
+ * <p>Receive new ID and access tokens when you pass a
1642
+ * <code>REFRESH_TOKEN</code> parameter with a valid refresh token as the
1643
+ * value. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html">Using the refresh token</a>.</p>
1704
1644
  * </dd>
1705
1645
  * <dt>CUSTOM_AUTH</dt>
1706
1646
  * <dd>
@@ -1710,20 +1650,18 @@ export interface AdminInitiateAuthRequest {
1710
1650
  * </dd>
1711
1651
  * <dt>ADMIN_USER_PASSWORD_AUTH</dt>
1712
1652
  * <dd>
1713
- * <p>Username-password authentication with the password sent directly in the
1714
- * request. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#Built-in-authentication-flow-and-challenges">Admin authentication flow</a>.</p>
1653
+ * <p>Server-side username-password authentication with the password sent
1654
+ * directly in the request. For more information about client-side and
1655
+ * server-side authentication, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flows-public-server-side.html">SDK authorization models</a>.</p>
1715
1656
  * </dd>
1716
1657
  * </dl>
1717
- * <p>
1718
- * <code>USER_PASSWORD_AUTH</code> is a flow type of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a> and isn't valid for
1719
- * AdminInitiateAuth.</p>
1720
1658
  * @public
1721
1659
  */
1722
1660
  AuthFlow: AuthFlowType | undefined;
1723
1661
  /**
1724
1662
  * <p>The authentication parameters. These are inputs corresponding to the
1725
1663
  * <code>AuthFlow</code> that you're invoking. The required values depend on the value
1726
- * of <code>AuthFlow</code>:</p>
1664
+ * of <code>AuthFlow</code> for example:</p>
1727
1665
  * <ul>
1728
1666
  * <li>
1729
1667
  * <p>For <code>USER_AUTH</code>: <code>USERNAME</code> (required),
@@ -1810,7 +1748,7 @@ export interface AdminInitiateAuthRequest {
1810
1748
  * </li>
1811
1749
  * </ul>
1812
1750
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
1813
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
1751
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
1814
1752
  * <note>
1815
1753
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
1816
1754
  * following:</p>
@@ -1834,13 +1772,15 @@ export interface AdminInitiateAuthRequest {
1834
1772
  */
1835
1773
  ClientMetadata?: Record<string, string> | undefined;
1836
1774
  /**
1837
- * <p>The analytics metadata for collecting Amazon Pinpoint metrics.</p>
1775
+ * <p>Information that supports analytics outcomes with Amazon Pinpoint, including the
1776
+ * user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier,
1777
+ * email address, or phone number.</p>
1838
1778
  * @public
1839
1779
  */
1840
1780
  AnalyticsMetadata?: AnalyticsMetadataType | undefined;
1841
1781
  /**
1842
- * <p>Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced
1843
- * security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
1782
+ * <p>Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat
1783
+ * protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
1844
1784
  * when it makes API requests.</p>
1845
1785
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html">Collecting data for threat protection in
1846
1786
  * applications</a>.</p>
@@ -1862,7 +1802,6 @@ export interface AdminInitiateAuthRequest {
1862
1802
  * you configure it to remember devices and a user signs in with an unrecognized device.
1863
1803
  * Amazon Cognito presents a new device key that you can use to set up <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">device authentication</a> in a "Remember me on this device"
1864
1804
  * authentication model.</p>
1865
- * <p>This data type is a response parameter of authentication operations like <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html">AdminInitiateAuth</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html">RespondToAuthChallenge</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html">AdminRespondToAuthChallenge</a>.</p>
1866
1805
  * @public
1867
1806
  */
1868
1807
  export interface NewDeviceMetadataType {
@@ -1882,7 +1821,6 @@ export interface NewDeviceMetadataType {
1882
1821
  /**
1883
1822
  * <p>The object that your application receives after authentication. Contains tokens and
1884
1823
  * information for device authentication.</p>
1885
- * <p>This data type is a response parameter of authentication operations like <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html">AdminInitiateAuth</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html">RespondToAuthChallenge</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html">AdminRespondToAuthChallenge</a>.</p>
1886
1824
  * @public
1887
1825
  */
1888
1826
  export interface AuthenticationResultType {
@@ -1952,12 +1890,17 @@ export interface AdminInitiateAuthResponse {
1952
1890
  * <p>The name of the challenge that you're responding to with this call. This is returned
1953
1891
  * in the <code>AdminInitiateAuth</code> response if you must pass another
1954
1892
  * challenge.</p>
1893
+ * <p>Possible challenges include the following:</p>
1894
+ * <note>
1895
+ * <p>All of the following challenges require <code>USERNAME</code> and, when the app
1896
+ * client has a client secret, <code>SECRET_HASH</code> in the parameters.</p>
1897
+ * </note>
1955
1898
  * <ul>
1956
1899
  * <li>
1957
1900
  * <p>
1958
1901
  * <code>WEB_AUTHN</code>: Respond to the challenge with the results of a
1959
- * successful authentication with a passkey, or webauthN, factor. These are
1960
- * typically biometric devices or security keys.</p>
1902
+ * successful authentication with a WebAuthn authenticator, or passkey. Examples
1903
+ * of WebAuthn authenticators include biometric devices and security keys.</p>
1961
1904
  * </li>
1962
1905
  * <li>
1963
1906
  * <p>
@@ -1982,93 +1925,74 @@ export interface AdminInitiateAuthResponse {
1982
1925
  * </li>
1983
1926
  * <li>
1984
1927
  * <p>
1985
- * <code>MFA_SETUP</code>: If MFA is required, users who don't have at least one
1986
- * of the MFA methods set up are presented with an <code>MFA_SETUP</code>
1987
- * challenge. The user must set up at least one MFA type to continue to
1988
- * authenticate.</p>
1989
- * </li>
1990
- * <li>
1991
- * <p>
1992
- * <code>SELECT_MFA_TYPE</code>: Selects the MFA type. Valid MFA options are
1993
- * <code>SMS_MFA</code> for SMS message MFA, <code>EMAIL_OTP</code> for email
1994
- * message MFA, and <code>SOFTWARE_TOKEN_MFA</code> for time-based one-time
1995
- * password (TOTP) software token MFA.</p>
1928
+ * <code>SMS_MFA</code>: Respond with an
1929
+ * <code>SMS_MFA_CODE</code> that your user pool delivered in an SMS message.</p>
1996
1930
  * </li>
1997
1931
  * <li>
1998
1932
  * <p>
1999
- * <code>SMS_MFA</code>: Next challenge is to supply an
2000
- * <code>SMS_MFA_CODE</code>that your user pool delivered in an SMS message.</p>
2001
- * </li>
2002
- * <li>
2003
- * <p>
2004
- * <code>EMAIL_OTP</code>: Next challenge is to supply an
1933
+ * <code>EMAIL_OTP</code>: Respond with an
2005
1934
  * <code>EMAIL_OTP_CODE</code> that your user pool delivered in an email
2006
1935
  * message.</p>
2007
1936
  * </li>
2008
1937
  * <li>
2009
1938
  * <p>
2010
- * <code>PASSWORD_VERIFIER</code>: Next challenge is to supply
1939
+ * <code>PASSWORD_VERIFIER</code>: Respond with
2011
1940
  * <code>PASSWORD_CLAIM_SIGNATURE</code>,
2012
1941
  * <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after
2013
- * the client-side SRP calculations.</p>
1942
+ * client-side SRP calculations.</p>
2014
1943
  * </li>
2015
1944
  * <li>
2016
1945
  * <p>
2017
1946
  * <code>CUSTOM_CHALLENGE</code>: This is returned if your custom authentication
2018
1947
  * flow determines that the user should pass another challenge before tokens are
2019
- * issued.</p>
1948
+ * issued. The parameters of the challenge are determined by your Lambda function.</p>
2020
1949
  * </li>
2021
1950
  * <li>
2022
1951
  * <p>
2023
- * <code>DEVICE_SRP_AUTH</code>: If device tracking was activated in your user
2024
- * pool and the previous challenges were passed, this challenge is returned so that
2025
- * Amazon Cognito can start tracking this device.</p>
1952
+ * <code>DEVICE_SRP_AUTH</code>: Respond with the initial parameters of device SRP
1953
+ * authentication. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html#user-pools-remembered-devices-signing-in-with-a-device">Signing in with a device</a>.</p>
2026
1954
  * </li>
2027
1955
  * <li>
2028
1956
  * <p>
2029
- * <code>DEVICE_PASSWORD_VERIFIER</code>: Similar to
2030
- * <code>PASSWORD_VERIFIER</code>, but for devices only.</p>
2031
- * </li>
2032
- * <li>
2033
- * <p>
2034
- * <code>ADMIN_NO_SRP_AUTH</code>: This is returned if you must authenticate with
2035
- * <code>USERNAME</code> and <code>PASSWORD</code> directly. An app client must
2036
- * be enabled to use this flow.</p>
1957
+ * <code>DEVICE_PASSWORD_VERIFIER</code>: Respond with
1958
+ * <code>PASSWORD_CLAIM_SIGNATURE</code>,
1959
+ * <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after
1960
+ * client-side SRP calculations. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html#user-pools-remembered-devices-signing-in-with-a-device">Signing in with a device</a>.</p>
2037
1961
  * </li>
2038
1962
  * <li>
2039
1963
  * <p>
2040
1964
  * <code>NEW_PASSWORD_REQUIRED</code>: For users who are required to change their
2041
1965
  * passwords after successful first login. Respond to this challenge with
2042
- * <code>NEW_PASSWORD</code> and any required attributes that Amazon Cognito returned in
1966
+ * <code>NEW_PASSWORD</code> and any required attributes that Amazon Cognito returned in
2043
1967
  * the <code>requiredAttributes</code> parameter. You can also set values for
2044
- * attributes that aren't required by your user pool and that your app client can
2045
- * write. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html">AdminRespondToAuthChallenge</a>.</p>
1968
+ * attributes that aren't required by your user pool and that your app client
1969
+ * can write.</p>
2046
1970
  * <p>Amazon Cognito only returns this challenge for users who have temporary passwords.
2047
- * Because of this, and because in some cases you can create users who don't have
2048
- * values for required attributes, take care to collect and submit
2049
- * required-attribute values for all users who don't have passwords. You can create
2050
- * a user in the Amazon Cognito console without, for example, a required
2051
- * <code>birthdate</code> attribute. The API response from Amazon Cognito won't prompt
2052
- * you to submit a birthdate for the user if they don't have a password.</p>
1971
+ * When you create passwordless users, you must provide values for all required
1972
+ * attributes.</p>
2053
1973
  * <note>
2054
1974
  * <p>In a <code>NEW_PASSWORD_REQUIRED</code> challenge response, you can't modify a required attribute that already has a value.
2055
- * In <code>AdminRespondToAuthChallenge</code>, set a value for any keys that Amazon Cognito returned in the <code>requiredAttributes</code> parameter,
2056
- * then use the <code>AdminUpdateUserAttributes</code> API operation to modify the value of any additional attributes.</p>
1975
+ * In <code>AdminRespondToAuthChallenge</code> or <code>RespondToAuthChallenge</code>, set a value for any keys that Amazon Cognito returned in the
1976
+ * <code>requiredAttributes</code> parameter, then use the <code>AdminUpdateUserAttributes</code> or <code>UpdateUserAttributes</code> API
1977
+ * operation to modify the value of any additional attributes.</p>
2057
1978
  * </note>
2058
1979
  * </li>
2059
1980
  * <li>
2060
1981
  * <p>
2061
- * <code>MFA_SETUP</code>: For users who are required to set up an MFA factor
1982
+ * <code>MFA_SETUP</code>: For users who are required to setup an MFA factor
2062
1983
  * before they can sign in. The MFA types activated for the user pool will be
2063
1984
  * listed in the challenge parameters <code>MFAS_CAN_SETUP</code> value. </p>
2064
- * <p> To set up software token MFA, use the session returned here from
2065
- * <code>InitiateAuth</code> as an input to
2066
- * <code>AssociateSoftwareToken</code>, and use the session returned by
2067
- * <code>VerifySoftwareToken</code> as an input to
2068
- * <code>RespondToAuthChallenge</code> with challenge name
2069
- * <code>MFA_SETUP</code> to complete sign-in. To set up SMS MFA, users will
2070
- * need help from an administrator to add a phone number to their account and then
2071
- * call <code>InitiateAuth</code> again to restart sign-in.</p>
1985
+ * <p>To set up time-based one-time password (TOTP) MFA, use the session returned
1986
+ * in this challenge from <code>InitiateAuth</code> or <code>AdminInitiateAuth</code>
1987
+ * as an input to <code>AssociateSoftwareToken</code>. Then, use the session returned
1988
+ * by <code>VerifySoftwareToken</code> as an input to
1989
+ * <code>RespondToAuthChallenge</code> or <code>AdminRespondToAuthChallenge</code>
1990
+ * with challenge name <code>MFA_SETUP</code> to complete sign-in.
1991
+ * </p>
1992
+ * <p>To set up SMS or email MFA, collect a <code>phone_number</code> or
1993
+ * <code>email</code> attribute for the user. Then restart the authentication
1994
+ * flow with an <code>InitiateAuth</code> or <code>AdminInitiateAuth</code> request.
1995
+ * </p>
2072
1996
  * </li>
2073
1997
  * </ul>
2074
1998
  * @public
@@ -2077,24 +2001,25 @@ export interface AdminInitiateAuthResponse {
2077
2001
  /**
2078
2002
  * <p>The session that must be passed to challenge-response requests. If an
2079
2003
  * <code>AdminInitiateAuth</code> or <code>AdminRespondToAuthChallenge</code> API
2080
- * request determines that the caller must pass another challenge, Amazon Cognito returns a session
2081
- * ID and the parameters of the next challenge. Pass this session Id in the
2082
- * <code>Session</code> parameter of <code>AdminRespondToAuthChallenge</code>.</p>
2004
+ * request results in another authentication challenge, Amazon Cognito returns a session ID and the
2005
+ * parameters of the next challenge. Pass this session ID in the <code>Session</code>
2006
+ * parameter of <code>AdminRespondToAuthChallenge</code>.</p>
2083
2007
  * @public
2084
2008
  */
2085
2009
  Session?: string | undefined;
2086
2010
  /**
2087
- * <p>The challenge parameters. These are returned to you in the
2088
- * <code>AdminInitiateAuth</code> response if you must pass another challenge. The
2089
- * responses in this parameter should be used to compute inputs to the next call
2090
- * (<code>AdminRespondToAuthChallenge</code>).</p>
2091
- * <p>All challenges require <code>USERNAME</code> and <code>SECRET_HASH</code> (if
2092
- * applicable).</p>
2093
- * <p>The value of the <code>USER_ID_FOR_SRP</code> attribute is the user's actual username,
2094
- * not an alias (such as email address or phone number), even if you specified an alias in
2095
- * your call to <code>AdminInitiateAuth</code>. This happens because, in the
2096
- * <code>AdminRespondToAuthChallenge</code> API <code>ChallengeResponses</code>, the
2097
- * <code>USERNAME</code> attribute can't be an alias.</p>
2011
+ * <p>The parameters of an authentication challenge. Amazon Cognito returns challenge parameters as a
2012
+ * guide to the responses your user or application must provide for the returned
2013
+ * <code>ChallengeName</code>. Calculate responses to the challenge parameters and pass
2014
+ * them in the <code>ChallengeParameters</code> of
2015
+ * <code>AdminRespondToAuthChallenge</code>.</p>
2016
+ * <p>All challenges require <code>USERNAME</code> and, when the app client has a client
2017
+ * secret, <code>SECRET_HASH</code>.</p>
2018
+ * <p>In SRP challenges, Amazon Cognito returns the <code>username</code> attribute in
2019
+ * <code>USER_ID_FOR_SRP</code> instead of any email address, preferred username, or
2020
+ * phone number alias that you might have specified in your <code>AdminInitiateAuth</code>
2021
+ * request. You must use the username and not an alias in the
2022
+ * <code>ChallengeResponses</code> of your challenge response.</p>
2098
2023
  * @public
2099
2024
  */
2100
2025
  ChallengeParameters?: Record<string, string> | undefined;
@@ -2106,6 +2031,14 @@ export interface AdminInitiateAuthResponse {
2106
2031
  * @public
2107
2032
  */
2108
2033
  AuthenticationResult?: AuthenticationResultType | undefined;
2034
+ /**
2035
+ * <p>This response parameter lists the available authentication challenges that users can
2036
+ * select from in <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flows-selection-sdk.html#authentication-flows-selection-choice">choice-based authentication</a>. For example, they might be
2037
+ * able to choose between passkey authentication, a one-time password from an SMS message,
2038
+ * and a traditional password.</p>
2039
+ * @public
2040
+ */
2041
+ AvailableChallenges?: ChallengeNameType[] | undefined;
2109
2042
  }
2110
2043
  /**
2111
2044
  * <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
@@ -2240,7 +2173,7 @@ export interface AdminListDevicesRequest {
2240
2173
  */
2241
2174
  UserPoolId: string | undefined;
2242
2175
  /**
2243
- * <p>The username of the user that you want to query or modify. The value of this parameter
2176
+ * <p>The name of the user that you want to query or modify. The value of this parameter
2244
2177
  * is typically your user's username, but it can be any of their alias attributes. If
2245
2178
  * <code>username</code> isn't an alias attribute in your user pool, this value
2246
2179
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -2287,7 +2220,7 @@ export interface AdminListDevicesResponse {
2287
2220
  */
2288
2221
  export interface AdminListGroupsForUserRequest {
2289
2222
  /**
2290
- * <p>The username of the user that you want to query or modify. The value of this parameter
2223
+ * <p>The name of the user that you want to query or modify. The value of this parameter
2291
2224
  * is typically your user's username, but it can be any of their alias attributes. If
2292
2225
  * <code>username</code> isn't an alias attribute in your user pool, this value
2293
2226
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -2320,7 +2253,6 @@ export interface AdminListGroupsForUserRequest {
2320
2253
  * IAM role decisions with identity pools. Identity pools can make decisions about the
2321
2254
  * IAM role to assign based on groups: users get credentials for the role associated with
2322
2255
  * their highest-priority group.</p>
2323
- * <p>This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListGroupsForUser.html">AdminListGroupsForUser</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html">CreateGroup</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetGroup.html">GetGroup</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListGroups.html">ListGroups</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateGroup.html">UpdateGroup</a>.</p>
2324
2256
  * @public
2325
2257
  */
2326
2258
  export interface GroupType {
@@ -2404,7 +2336,7 @@ export interface AdminListUserAuthEventsRequest {
2404
2336
  */
2405
2337
  UserPoolId: string | undefined;
2406
2338
  /**
2407
- * <p>The username of the user that you want to query or modify. The value of this parameter
2339
+ * <p>The name of the user that you want to query or modify. The value of this parameter
2408
2340
  * is typically your user's username, but it can be any of their alias attributes. If
2409
2341
  * <code>username</code> isn't an alias attribute in your user pool, this value
2410
2342
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -2482,7 +2414,7 @@ export type ChallengeResponse = (typeof ChallengeResponse)[keyof typeof Challeng
2482
2414
  * "USERNAME": "[username]",
2483
2415
  * "CREDENTIAL": "[AuthenticationResponseJSON]"\}</code>
2484
2416
  * </p>
2485
- * <p>See <a href="https://www.w3.org/TR/webauthn-3/#dictdef-authenticationresponsejson">
2417
+ * <p>See <a href="https://www.w3.org/TR/WebAuthn-3/#dictdef-authenticationresponsejson">
2486
2418
  * AuthenticationResponseJSON</a>.</p>
2487
2419
  * </li>
2488
2420
  * <li>
@@ -2581,8 +2513,9 @@ export type ChallengeResponse = (typeof ChallengeResponse)[keyof typeof Challeng
2581
2513
  * required by your user pool.</p>
2582
2514
  * <note>
2583
2515
  * <p>In a <code>NEW_PASSWORD_REQUIRED</code> challenge response, you can't modify a required attribute that already has a value.
2584
- * In <code>RespondToAuthChallenge</code>, set a value for any keys that Amazon Cognito returned in the <code>requiredAttributes</code> parameter,
2585
- * then use the <code>UpdateUserAttributes</code> API operation to modify the value of any additional attributes.</p>
2516
+ * In <code>AdminRespondToAuthChallenge</code> or <code>RespondToAuthChallenge</code>, set a value for any keys that Amazon Cognito returned in the
2517
+ * <code>requiredAttributes</code> parameter, then use the <code>AdminUpdateUserAttributes</code> or <code>UpdateUserAttributes</code> API
2518
+ * operation to modify the value of any additional attributes.</p>
2586
2519
  * </note>
2587
2520
  * </dd>
2588
2521
  * <dt>SOFTWARE_TOKEN_MFA</dt>
@@ -2628,7 +2561,6 @@ export type ChallengeResponse = (typeof ChallengeResponse)[keyof typeof Challeng
2628
2561
  * </dl>
2629
2562
  * <p>For more information about <code>SECRET_HASH</code>, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash">Computing secret hash values</a>. For information about
2630
2563
  * <code>DEVICE_KEY</code>, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">Working with user devices in your user pool</a>.</p>
2631
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html">RespondToAuthChallenge</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html">AdminRespondToAuthChallenge</a>.</p>
2632
2564
  * @public
2633
2565
  */
2634
2566
  export interface ChallengeResponseType {
@@ -2646,7 +2578,8 @@ export interface ChallengeResponseType {
2646
2578
  }
2647
2579
  /**
2648
2580
  * <p>The context data that your application submitted in an authentication request with
2649
- * advanced security features, as displayed in an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html">AdminListUserAuthEvents</a> response.</p>
2581
+ * threat protection, as displayed in an <code>AdminListUserAuthEvents</code>
2582
+ * response.</p>
2650
2583
  * @public
2651
2584
  */
2652
2585
  export interface EventContextDataType {
@@ -2689,13 +2622,13 @@ export declare const FeedbackValueType: {
2689
2622
  */
2690
2623
  export type FeedbackValueType = (typeof FeedbackValueType)[keyof typeof FeedbackValueType];
2691
2624
  /**
2692
- * <p>The feedback that your application submitted to an advanced security features event
2693
- * log, as displayed in an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html">AdminListUserAuthEvents</a> response.</p>
2625
+ * <p>The feedback that your application submitted to a threat protection event
2626
+ * log, as displayed in an <code>AdminListUserAuthEvents</code> response.</p>
2694
2627
  * @public
2695
2628
  */
2696
2629
  export interface EventFeedbackType {
2697
2630
  /**
2698
- * <p>The authentication event feedback value. When you provide a <code>FeedbackValue</code>
2631
+ * <p>Your feedback to the authentication event. When you provide a <code>FeedbackValue</code>
2699
2632
  * value of <code>valid</code>, you tell Amazon Cognito that you trust a user session where Amazon Cognito
2700
2633
  * has evaluated some level of risk. When you provide a <code>FeedbackValue</code> value of
2701
2634
  * <code>invalid</code>, you tell Amazon Cognito that you don't trust a user session, or you
@@ -2755,9 +2688,10 @@ export declare const RiskLevelType: {
2755
2688
  */
2756
2689
  export type RiskLevelType = (typeof RiskLevelType)[keyof typeof RiskLevelType];
2757
2690
  /**
2758
- * <p>The risk evaluation by adaptive authentication, as displayed in an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html">AdminListUserAuthEvents</a> response. Contains evaluations
2759
- * of compromised-credentials detection and assessed risk level and action taken by
2760
- * adaptive authentication.</p>
2691
+ * <p>The risk evaluation by adaptive authentication, as displayed in an
2692
+ * <code>AdminListUserAuthEvents</code> response. Contains evaluations of
2693
+ * compromised-credentials detection and assessed risk level and action taken by adaptive
2694
+ * authentication.</p>
2761
2695
  * @public
2762
2696
  */
2763
2697
  export interface EventRiskType {
@@ -2798,10 +2732,8 @@ export declare const EventType: {
2798
2732
  */
2799
2733
  export type EventType = (typeof EventType)[keyof typeof EventType];
2800
2734
  /**
2801
- * <p>One authentication event that Amazon Cognito logged in a user pool with advanced security
2802
- * features active. Contains user and device metadata and a risk assessment from your user
2735
+ * <p>One authentication event that Amazon Cognito logged in a user pool with threat protection active. Contains user and device metadata and a risk assessment from your user
2803
2736
  * pool.</p>
2804
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html">AdminListUserAuthEvents</a>.</p>
2805
2737
  * @public
2806
2738
  */
2807
2739
  export interface AuthEventType {
@@ -2846,12 +2778,12 @@ export interface AuthEventType {
2846
2778
  */
2847
2779
  EventContextData?: EventContextDataType | undefined;
2848
2780
  /**
2849
- * <p>The <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateAuthEventFeedback.html">UpdateAuthEventFeedback</a> or <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateAuthEventFeedback.html">AdminUpdateAuthEventFeedback</a> feedback that you or your
2850
- * user provided in response to the event. A value of <code>Valid</code> indicates that you
2851
- * disagreed with the level of risk that your user pool assigned, and evaluated a session
2852
- * to be valid, or likely safe. A value of <code>Invalid</code> indicates that you agreed
2853
- * with the user pool risk level and evaluated a session to be invalid, or likely
2854
- * malicious.</p>
2781
+ * <p>The <code>UpdateAuthEventFeedback</code> or <code>AdminUpdateAuthEventFeedback</code>
2782
+ * feedback that you or your user provided in response to the event. A value of
2783
+ * <code>Valid</code> indicates that you disagreed with the level of risk that your
2784
+ * user pool assigned, and evaluated a session to be valid, or likely safe. A value of
2785
+ * <code>Invalid</code> indicates that you agreed with the user pool risk level and
2786
+ * evaluated a session to be invalid, or likely malicious.</p>
2855
2787
  * @public
2856
2788
  */
2857
2789
  EventFeedback?: EventFeedbackType | undefined;
@@ -2898,7 +2830,7 @@ export interface AdminRemoveUserFromGroupRequest {
2898
2830
  */
2899
2831
  UserPoolId: string | undefined;
2900
2832
  /**
2901
- * <p>The username of the user that you want to query or modify. The value of this parameter
2833
+ * <p>The name of the user that you want to query or modify. The value of this parameter
2902
2834
  * is typically your user's username, but it can be any of their alias attributes. If
2903
2835
  * <code>username</code> isn't an alias attribute in your user pool, this value
2904
2836
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -2924,7 +2856,7 @@ export interface AdminResetUserPasswordRequest {
2924
2856
  */
2925
2857
  UserPoolId: string | undefined;
2926
2858
  /**
2927
- * <p>The username of the user that you want to query or modify. The value of this parameter
2859
+ * <p>The name of the user that you want to query or modify. The value of this parameter
2928
2860
  * is typically your user's username, but it can be any of their alias attributes. If
2929
2861
  * <code>username</code> isn't an alias attribute in your user pool, this value
2930
2862
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -2944,7 +2876,7 @@ export interface AdminResetUserPasswordRequest {
2944
2876
  * your function code in Lambda, you can process the
2945
2877
  * <code>clientMetadata</code> value to enhance your workflow for your specific needs. </p>
2946
2878
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
2947
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
2879
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
2948
2880
  * <note>
2949
2881
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
2950
2882
  * following:</p>
@@ -2992,8 +2924,112 @@ export interface AdminRespondToAuthChallengeRequest {
2992
2924
  */
2993
2925
  ClientId: string | undefined;
2994
2926
  /**
2995
- * <p>The name of the challenge that you are responding to. You can find more information
2996
- * about values for <code>ChallengeName</code> in the response parameters of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html#CognitoUserPools-AdminInitiateAuth-response-ChallengeName">AdminInitiateAuth</a>.</p>
2927
+ * <p>The name of the challenge that you are responding to.</p>
2928
+ * <p>Possible challenges include the following:</p>
2929
+ * <note>
2930
+ * <p>All of the following challenges require <code>USERNAME</code> and, when the app
2931
+ * client has a client secret, <code>SECRET_HASH</code> in the parameters.</p>
2932
+ * </note>
2933
+ * <ul>
2934
+ * <li>
2935
+ * <p>
2936
+ * <code>WEB_AUTHN</code>: Respond to the challenge with the results of a
2937
+ * successful authentication with a WebAuthn authenticator, or passkey. Examples
2938
+ * of WebAuthn authenticators include biometric devices and security keys.</p>
2939
+ * </li>
2940
+ * <li>
2941
+ * <p>
2942
+ * <code>PASSWORD</code>: Respond with <code>USER_PASSWORD_AUTH</code>
2943
+ * parameters: <code>USERNAME</code> (required), <code>PASSWORD</code> (required),
2944
+ * <code>SECRET_HASH</code> (required if the app client is configured with a
2945
+ * client secret), <code>DEVICE_KEY</code>.</p>
2946
+ * </li>
2947
+ * <li>
2948
+ * <p>
2949
+ * <code>PASSWORD_SRP</code>: Respond with <code>USER_SRP_AUTH</code> parameters:
2950
+ * <code>USERNAME</code> (required), <code>SRP_A</code> (required),
2951
+ * <code>SECRET_HASH</code> (required if the app client is configured with a
2952
+ * client secret), <code>DEVICE_KEY</code>.</p>
2953
+ * </li>
2954
+ * <li>
2955
+ * <p>
2956
+ * <code>SELECT_CHALLENGE</code>: Respond to the challenge with
2957
+ * <code>USERNAME</code> and an <code>ANSWER</code> that matches one of the
2958
+ * challenge types in the <code>AvailableChallenges</code> response
2959
+ * parameter.</p>
2960
+ * </li>
2961
+ * <li>
2962
+ * <p>
2963
+ * <code>SMS_MFA</code>: Respond with an
2964
+ * <code>SMS_MFA_CODE</code> that your user pool delivered in an SMS message.</p>
2965
+ * </li>
2966
+ * <li>
2967
+ * <p>
2968
+ * <code>EMAIL_OTP</code>: Respond with an
2969
+ * <code>EMAIL_OTP_CODE</code> that your user pool delivered in an email
2970
+ * message.</p>
2971
+ * </li>
2972
+ * <li>
2973
+ * <p>
2974
+ * <code>PASSWORD_VERIFIER</code>: Respond with
2975
+ * <code>PASSWORD_CLAIM_SIGNATURE</code>,
2976
+ * <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after
2977
+ * client-side SRP calculations.</p>
2978
+ * </li>
2979
+ * <li>
2980
+ * <p>
2981
+ * <code>CUSTOM_CHALLENGE</code>: This is returned if your custom authentication
2982
+ * flow determines that the user should pass another challenge before tokens are
2983
+ * issued. The parameters of the challenge are determined by your Lambda function.</p>
2984
+ * </li>
2985
+ * <li>
2986
+ * <p>
2987
+ * <code>DEVICE_SRP_AUTH</code>: Respond with the initial parameters of device SRP
2988
+ * authentication. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html#user-pools-remembered-devices-signing-in-with-a-device">Signing in with a device</a>.</p>
2989
+ * </li>
2990
+ * <li>
2991
+ * <p>
2992
+ * <code>DEVICE_PASSWORD_VERIFIER</code>: Respond with
2993
+ * <code>PASSWORD_CLAIM_SIGNATURE</code>,
2994
+ * <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after
2995
+ * client-side SRP calculations. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html#user-pools-remembered-devices-signing-in-with-a-device">Signing in with a device</a>.</p>
2996
+ * </li>
2997
+ * <li>
2998
+ * <p>
2999
+ * <code>NEW_PASSWORD_REQUIRED</code>: For users who are required to change their
3000
+ * passwords after successful first login. Respond to this challenge with
3001
+ * <code>NEW_PASSWORD</code> and any required attributes that Amazon Cognito returned in
3002
+ * the <code>requiredAttributes</code> parameter. You can also set values for
3003
+ * attributes that aren't required by your user pool and that your app client
3004
+ * can write.</p>
3005
+ * <p>Amazon Cognito only returns this challenge for users who have temporary passwords.
3006
+ * When you create passwordless users, you must provide values for all required
3007
+ * attributes.</p>
3008
+ * <note>
3009
+ * <p>In a <code>NEW_PASSWORD_REQUIRED</code> challenge response, you can't modify a required attribute that already has a value.
3010
+ * In <code>AdminRespondToAuthChallenge</code> or <code>RespondToAuthChallenge</code>, set a value for any keys that Amazon Cognito returned in the
3011
+ * <code>requiredAttributes</code> parameter, then use the <code>AdminUpdateUserAttributes</code> or <code>UpdateUserAttributes</code> API
3012
+ * operation to modify the value of any additional attributes.</p>
3013
+ * </note>
3014
+ * </li>
3015
+ * <li>
3016
+ * <p>
3017
+ * <code>MFA_SETUP</code>: For users who are required to setup an MFA factor
3018
+ * before they can sign in. The MFA types activated for the user pool will be
3019
+ * listed in the challenge parameters <code>MFAS_CAN_SETUP</code> value. </p>
3020
+ * <p>To set up time-based one-time password (TOTP) MFA, use the session returned
3021
+ * in this challenge from <code>InitiateAuth</code> or <code>AdminInitiateAuth</code>
3022
+ * as an input to <code>AssociateSoftwareToken</code>. Then, use the session returned
3023
+ * by <code>VerifySoftwareToken</code> as an input to
3024
+ * <code>RespondToAuthChallenge</code> or <code>AdminRespondToAuthChallenge</code>
3025
+ * with challenge name <code>MFA_SETUP</code> to complete sign-in.
3026
+ * </p>
3027
+ * <p>To set up SMS or email MFA, collect a <code>phone_number</code> or
3028
+ * <code>email</code> attribute for the user. Then restart the authentication
3029
+ * flow with an <code>InitiateAuth</code> or <code>AdminInitiateAuth</code> request.
3030
+ * </p>
3031
+ * </li>
3032
+ * </ul>
2997
3033
  * @public
2998
3034
  */
2999
3035
  ChallengeName: ChallengeNameType | undefined;
@@ -3026,7 +3062,7 @@ export interface AdminRespondToAuthChallengeRequest {
3026
3062
  * "USERNAME": "[username]",
3027
3063
  * "CREDENTIAL": "[AuthenticationResponseJSON]"\}</code>
3028
3064
  * </p>
3029
- * <p>See <a href="https://www.w3.org/TR/webauthn-3/#dictdef-authenticationresponsejson">
3065
+ * <p>See <a href="https://www.w3.org/TR/WebAuthn-3/#dictdef-authenticationresponsejson">
3030
3066
  * AuthenticationResponseJSON</a>.</p>
3031
3067
  * </li>
3032
3068
  * <li>
@@ -3125,8 +3161,9 @@ export interface AdminRespondToAuthChallengeRequest {
3125
3161
  * required by your user pool.</p>
3126
3162
  * <note>
3127
3163
  * <p>In a <code>NEW_PASSWORD_REQUIRED</code> challenge response, you can't modify a required attribute that already has a value.
3128
- * In <code>RespondToAuthChallenge</code>, set a value for any keys that Amazon Cognito returned in the <code>requiredAttributes</code> parameter,
3129
- * then use the <code>UpdateUserAttributes</code> API operation to modify the value of any additional attributes.</p>
3164
+ * In <code>AdminRespondToAuthChallenge</code> or <code>RespondToAuthChallenge</code>, set a value for any keys that Amazon Cognito returned in the
3165
+ * <code>requiredAttributes</code> parameter, then use the <code>AdminUpdateUserAttributes</code> or <code>UpdateUserAttributes</code> API
3166
+ * operation to modify the value of any additional attributes.</p>
3130
3167
  * </note>
3131
3168
  * </dd>
3132
3169
  * <dt>SOFTWARE_TOKEN_MFA</dt>
@@ -3186,14 +3223,15 @@ export interface AdminRespondToAuthChallengeRequest {
3186
3223
  */
3187
3224
  Session?: string | undefined;
3188
3225
  /**
3189
- * <p>The analytics metadata for collecting Amazon Pinpoint metrics for
3190
- * <code>AdminRespondToAuthChallenge</code> calls.</p>
3226
+ * <p>Information that supports analytics outcomes with Amazon Pinpoint, including the
3227
+ * user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier,
3228
+ * email address, or phone number.</p>
3191
3229
  * @public
3192
3230
  */
3193
3231
  AnalyticsMetadata?: AnalyticsMetadataType | undefined;
3194
3232
  /**
3195
- * <p>Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced
3196
- * security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
3233
+ * <p>Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat
3234
+ * protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
3197
3235
  * when it makes API requests.</p>
3198
3236
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html">Collecting data for threat protection in
3199
3237
  * applications</a>.</p>
@@ -3239,7 +3277,7 @@ export interface AdminRespondToAuthChallengeRequest {
3239
3277
  * process the <code>clientMetadata</code> value to enhance your workflow for your specific
3240
3278
  * needs.</p>
3241
3279
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
3242
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
3280
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
3243
3281
  * <note>
3244
3282
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
3245
3283
  * following:</p>
@@ -3269,8 +3307,112 @@ export interface AdminRespondToAuthChallengeRequest {
3269
3307
  */
3270
3308
  export interface AdminRespondToAuthChallengeResponse {
3271
3309
  /**
3272
- * <p>The name of the challenge that you must next respond to. You can find more information
3273
- * about values for <code>ChallengeName</code> in the response parameters of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html#CognitoUserPools-AdminInitiateAuth-response-ChallengeName">AdminInitiateAuth</a>.</p>
3310
+ * <p>The name of the next challenge that you must respond to.</p>
3311
+ * <p>Possible challenges include the following:</p>
3312
+ * <note>
3313
+ * <p>All of the following challenges require <code>USERNAME</code> and, when the app
3314
+ * client has a client secret, <code>SECRET_HASH</code> in the parameters.</p>
3315
+ * </note>
3316
+ * <ul>
3317
+ * <li>
3318
+ * <p>
3319
+ * <code>WEB_AUTHN</code>: Respond to the challenge with the results of a
3320
+ * successful authentication with a WebAuthn authenticator, or passkey. Examples
3321
+ * of WebAuthn authenticators include biometric devices and security keys.</p>
3322
+ * </li>
3323
+ * <li>
3324
+ * <p>
3325
+ * <code>PASSWORD</code>: Respond with <code>USER_PASSWORD_AUTH</code>
3326
+ * parameters: <code>USERNAME</code> (required), <code>PASSWORD</code> (required),
3327
+ * <code>SECRET_HASH</code> (required if the app client is configured with a
3328
+ * client secret), <code>DEVICE_KEY</code>.</p>
3329
+ * </li>
3330
+ * <li>
3331
+ * <p>
3332
+ * <code>PASSWORD_SRP</code>: Respond with <code>USER_SRP_AUTH</code> parameters:
3333
+ * <code>USERNAME</code> (required), <code>SRP_A</code> (required),
3334
+ * <code>SECRET_HASH</code> (required if the app client is configured with a
3335
+ * client secret), <code>DEVICE_KEY</code>.</p>
3336
+ * </li>
3337
+ * <li>
3338
+ * <p>
3339
+ * <code>SELECT_CHALLENGE</code>: Respond to the challenge with
3340
+ * <code>USERNAME</code> and an <code>ANSWER</code> that matches one of the
3341
+ * challenge types in the <code>AvailableChallenges</code> response
3342
+ * parameter.</p>
3343
+ * </li>
3344
+ * <li>
3345
+ * <p>
3346
+ * <code>SMS_MFA</code>: Respond with an
3347
+ * <code>SMS_MFA_CODE</code> that your user pool delivered in an SMS message.</p>
3348
+ * </li>
3349
+ * <li>
3350
+ * <p>
3351
+ * <code>EMAIL_OTP</code>: Respond with an
3352
+ * <code>EMAIL_OTP_CODE</code> that your user pool delivered in an email
3353
+ * message.</p>
3354
+ * </li>
3355
+ * <li>
3356
+ * <p>
3357
+ * <code>PASSWORD_VERIFIER</code>: Respond with
3358
+ * <code>PASSWORD_CLAIM_SIGNATURE</code>,
3359
+ * <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after
3360
+ * client-side SRP calculations.</p>
3361
+ * </li>
3362
+ * <li>
3363
+ * <p>
3364
+ * <code>CUSTOM_CHALLENGE</code>: This is returned if your custom authentication
3365
+ * flow determines that the user should pass another challenge before tokens are
3366
+ * issued. The parameters of the challenge are determined by your Lambda function.</p>
3367
+ * </li>
3368
+ * <li>
3369
+ * <p>
3370
+ * <code>DEVICE_SRP_AUTH</code>: Respond with the initial parameters of device SRP
3371
+ * authentication. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html#user-pools-remembered-devices-signing-in-with-a-device">Signing in with a device</a>.</p>
3372
+ * </li>
3373
+ * <li>
3374
+ * <p>
3375
+ * <code>DEVICE_PASSWORD_VERIFIER</code>: Respond with
3376
+ * <code>PASSWORD_CLAIM_SIGNATURE</code>,
3377
+ * <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after
3378
+ * client-side SRP calculations. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html#user-pools-remembered-devices-signing-in-with-a-device">Signing in with a device</a>.</p>
3379
+ * </li>
3380
+ * <li>
3381
+ * <p>
3382
+ * <code>NEW_PASSWORD_REQUIRED</code>: For users who are required to change their
3383
+ * passwords after successful first login. Respond to this challenge with
3384
+ * <code>NEW_PASSWORD</code> and any required attributes that Amazon Cognito returned in
3385
+ * the <code>requiredAttributes</code> parameter. You can also set values for
3386
+ * attributes that aren't required by your user pool and that your app client
3387
+ * can write.</p>
3388
+ * <p>Amazon Cognito only returns this challenge for users who have temporary passwords.
3389
+ * When you create passwordless users, you must provide values for all required
3390
+ * attributes.</p>
3391
+ * <note>
3392
+ * <p>In a <code>NEW_PASSWORD_REQUIRED</code> challenge response, you can't modify a required attribute that already has a value.
3393
+ * In <code>AdminRespondToAuthChallenge</code> or <code>RespondToAuthChallenge</code>, set a value for any keys that Amazon Cognito returned in the
3394
+ * <code>requiredAttributes</code> parameter, then use the <code>AdminUpdateUserAttributes</code> or <code>UpdateUserAttributes</code> API
3395
+ * operation to modify the value of any additional attributes.</p>
3396
+ * </note>
3397
+ * </li>
3398
+ * <li>
3399
+ * <p>
3400
+ * <code>MFA_SETUP</code>: For users who are required to setup an MFA factor
3401
+ * before they can sign in. The MFA types activated for the user pool will be
3402
+ * listed in the challenge parameters <code>MFAS_CAN_SETUP</code> value. </p>
3403
+ * <p>To set up time-based one-time password (TOTP) MFA, use the session returned
3404
+ * in this challenge from <code>InitiateAuth</code> or <code>AdminInitiateAuth</code>
3405
+ * as an input to <code>AssociateSoftwareToken</code>. Then, use the session returned
3406
+ * by <code>VerifySoftwareToken</code> as an input to
3407
+ * <code>RespondToAuthChallenge</code> or <code>AdminRespondToAuthChallenge</code>
3408
+ * with challenge name <code>MFA_SETUP</code> to complete sign-in.
3409
+ * </p>
3410
+ * <p>To set up SMS or email MFA, collect a <code>phone_number</code> or
3411
+ * <code>email</code> attribute for the user. Then restart the authentication
3412
+ * flow with an <code>InitiateAuth</code> or <code>AdminInitiateAuth</code> request.
3413
+ * </p>
3414
+ * </li>
3415
+ * </ul>
3274
3416
  * @public
3275
3417
  */
3276
3418
  ChallengeName?: ChallengeNameType | undefined;
@@ -3285,9 +3427,7 @@ export interface AdminRespondToAuthChallengeResponse {
3285
3427
  */
3286
3428
  Session?: string | undefined;
3287
3429
  /**
3288
- * <p>The parameters that define your response to the next challenge. Take the values in
3289
- * <code>ChallengeParameters</code> and provide values for them in the <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html#CognitoUserPools-AdminRespondToAuthChallenge-request-ChallengeResponses">ChallengeResponses</a> of the next <code>AdminRespondToAuthChallenge</code>
3290
- * request.</p>
3430
+ * <p>The parameters that define your response to the next challenge.</p>
3291
3431
  * @public
3292
3432
  */
3293
3433
  ChallengeParameters?: Record<string, string> | undefined;
@@ -3353,9 +3493,8 @@ export declare class SoftwareTokenMFANotFoundException extends __BaseException {
3353
3493
  /**
3354
3494
  * <p>User preferences for multi-factor authentication with email messages. Activates or
3355
3495
  * deactivates email MFA and sets it as the preferred MFA method when multiple methods are
3356
- * available. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
3357
- * advanced security features</a> must be active in your user pool.</p>
3358
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html">SetUserMFAPreference</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html">AdminSetUserMFAPreference</a>. </p>
3496
+ * available. To activate this setting, your user pool must be in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html">
3497
+ * Essentials tier</a> or higher.</p>
3359
3498
  * @public
3360
3499
  */
3361
3500
  export interface EmailMfaSettingsType {
@@ -3377,7 +3516,6 @@ export interface EmailMfaSettingsType {
3377
3516
  * MFA on and off, and can set SMS as preferred when other MFA options are available. You
3378
3517
  * can't turn off SMS MFA for any of your users when MFA is required in your user pool; you
3379
3518
  * can only set the type that your user prefers. </p>
3380
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html">SetUserMFAPreference</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html">AdminSetUserMFAPreference</a>. </p>
3381
3519
  * @public
3382
3520
  */
3383
3521
  export interface SMSMfaSettingsType {
@@ -3401,7 +3539,6 @@ export interface SMSMfaSettingsType {
3401
3539
  * authentication (MFA). Turns TOTP MFA on and off, and can set TOTP as preferred when
3402
3540
  * other MFA options are available. You can't turn off TOTP MFA for any of your users when
3403
3541
  * MFA is required in your user pool; you can only set the type that your user prefers. </p>
3404
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html">SetUserMFAPreference</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html">AdminSetUserMFAPreference</a>. </p>
3405
3542
  * @public
3406
3543
  */
3407
3544
  export interface SoftwareTokenMfaSettingsType {
@@ -3430,20 +3567,22 @@ export interface AdminSetUserMFAPreferenceRequest {
3430
3567
  SMSMfaSettings?: SMSMfaSettingsType | undefined;
3431
3568
  /**
3432
3569
  * <p>User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates
3433
- * TOTP MFA and sets it as the preferred MFA method when multiple methods are
3434
- * available.</p>
3570
+ * TOTP MFA and sets it as the preferred MFA method when multiple methods are available.
3571
+ * This operation can set TOTP as a user's preferred MFA method before they register a
3572
+ * TOTP authenticator.</p>
3435
3573
  * @public
3436
3574
  */
3437
3575
  SoftwareTokenMfaSettings?: SoftwareTokenMfaSettingsType | undefined;
3438
3576
  /**
3439
3577
  * <p>User preferences for email message MFA. Activates or deactivates email MFA and sets it
3440
- * as the preferred MFA method when multiple methods are available. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
3441
- * advanced security features</a> must be active in your user pool.</p>
3578
+ * as the preferred MFA method when multiple methods are available.
3579
+ * To activate this setting, your user pool must be in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html">
3580
+ * Essentials tier</a> or higher.</p>
3442
3581
  * @public
3443
3582
  */
3444
3583
  EmailMfaSettings?: EmailMfaSettingsType | undefined;
3445
3584
  /**
3446
- * <p>The username of the user that you want to query or modify. The value of this parameter
3585
+ * <p>The name of the user that you want to query or modify. The value of this parameter
3447
3586
  * is typically your user's username, but it can be any of their alias attributes. If
3448
3587
  * <code>username</code> isn't an alias attribute in your user pool, this value
3449
3588
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -3472,7 +3611,7 @@ export interface AdminSetUserPasswordRequest {
3472
3611
  */
3473
3612
  UserPoolId: string | undefined;
3474
3613
  /**
3475
- * <p>The username of the user that you want to query or modify. The value of this parameter
3614
+ * <p>The name of the user that you want to query or modify. The value of this parameter
3476
3615
  * is typically your user's username, but it can be any of their alias attributes. If
3477
3616
  * <code>username</code> isn't an alias attribute in your user pool, this value
3478
3617
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -3513,7 +3652,7 @@ export interface AdminSetUserSettingsRequest {
3513
3652
  */
3514
3653
  UserPoolId: string | undefined;
3515
3654
  /**
3516
- * <p>The username of the user that you want to query or modify. The value of this parameter
3655
+ * <p>The name of the user that you want to query or modify. The value of this parameter
3517
3656
  * is typically your user's username, but it can be any of their alias attributes. If
3518
3657
  * <code>username</code> isn't an alias attribute in your user pool, this value
3519
3658
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -3545,7 +3684,7 @@ export interface AdminUpdateAuthEventFeedbackRequest {
3545
3684
  */
3546
3685
  UserPoolId: string | undefined;
3547
3686
  /**
3548
- * <p>The username of the user that you want to query or modify. The value of this parameter
3687
+ * <p>The name of the user that you want to query or modify. The value of this parameter
3549
3688
  * is typically your user's username, but it can be any of their alias attributes. If
3550
3689
  * <code>username</code> isn't an alias attribute in your user pool, this value
3551
3690
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -3554,12 +3693,12 @@ export interface AdminUpdateAuthEventFeedbackRequest {
3554
3693
  */
3555
3694
  Username: string | undefined;
3556
3695
  /**
3557
- * <p>The authentication event ID. To query authentication events for a user, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html">AdminListUserAuthEvents</a>.</p>
3696
+ * <p>The ID of the threat protection authentication event that you want to update.</p>
3558
3697
  * @public
3559
3698
  */
3560
3699
  EventId: string | undefined;
3561
3700
  /**
3562
- * <p>The authentication event feedback value. When you provide a <code>FeedbackValue</code>
3701
+ * <p>Your feedback to the authentication event. When you provide a <code>FeedbackValue</code>
3563
3702
  * value of <code>valid</code>, you tell Amazon Cognito that you trust a user session where Amazon Cognito
3564
3703
  * has evaluated some level of risk. When you provide a <code>FeedbackValue</code> value of
3565
3704
  * <code>invalid</code>, you tell Amazon Cognito that you don't trust a user session, or you
@@ -3596,7 +3735,7 @@ export interface AdminUpdateDeviceStatusRequest {
3596
3735
  */
3597
3736
  UserPoolId: string | undefined;
3598
3737
  /**
3599
- * <p>The username of the user that you want to query or modify. The value of this parameter
3738
+ * <p>The name of the user that you want to query or modify. The value of this parameter
3600
3739
  * is typically your user's username, but it can be any of their alias attributes. If
3601
3740
  * <code>username</code> isn't an alias attribute in your user pool, this value
3602
3741
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -3634,7 +3773,7 @@ export interface AdminUpdateUserAttributesRequest {
3634
3773
  */
3635
3774
  UserPoolId: string | undefined;
3636
3775
  /**
3637
- * <p>The username of the user that you want to query or modify. The value of this parameter
3776
+ * <p>The name of the user that you want to query or modify. The value of this parameter
3638
3777
  * is typically your user's username, but it can be any of their alias attributes. If
3639
3778
  * <code>username</code> isn't an alias attribute in your user pool, this value
3640
3779
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -3673,7 +3812,7 @@ export interface AdminUpdateUserAttributesRequest {
3673
3812
  * <code>clientMetadata</code> value to enhance your workflow for your specific
3674
3813
  * needs.</p>
3675
3814
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
3676
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
3815
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
3677
3816
  * <note>
3678
3817
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
3679
3818
  * following:</p>
@@ -3715,7 +3854,7 @@ export interface AdminUserGlobalSignOutRequest {
3715
3854
  */
3716
3855
  UserPoolId: string | undefined;
3717
3856
  /**
3718
- * <p>The username of the user that you want to query or modify. The value of this parameter
3857
+ * <p>The name of the user that you want to query or modify. The value of this parameter
3719
3858
  * is typically your user's username, but it can be any of their alias attributes. If
3720
3859
  * <code>username</code> isn't an alias attribute in your user pool, this value
3721
3860
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -3743,14 +3882,14 @@ export declare const AdvancedSecurityEnabledModeType: {
3743
3882
  */
3744
3883
  export type AdvancedSecurityEnabledModeType = (typeof AdvancedSecurityEnabledModeType)[keyof typeof AdvancedSecurityEnabledModeType];
3745
3884
  /**
3746
- * <p>Advanced security configuration options for additional authentication types in your
3885
+ * <p>Threat protection configuration options for additional authentication types in your
3747
3886
  * user pool, including custom
3748
3887
  * authentication. </p>
3749
3888
  * @public
3750
3889
  */
3751
3890
  export interface AdvancedSecurityAdditionalFlowsType {
3752
3891
  /**
3753
- * <p>The operating mode of advanced security features in custom authentication with <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html"> Custom
3892
+ * <p>The operating mode of threat protection in custom authentication with <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html"> Custom
3754
3893
  * authentication challenge Lambda triggers</a>. </p>
3755
3894
  * @public
3756
3895
  */
@@ -3802,8 +3941,6 @@ export type AuthFactorType = (typeof AuthFactorType)[keyof typeof AuthFactorType
3802
3941
  * campaign.</p>
3803
3942
  * <p>Amazon Pinpoint isn't available in all Amazon Web Services Regions. For a list of available Regions, see
3804
3943
  * <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html#cognito-user-pools-find-region-mappings">Amazon Cognito and Amazon Pinpoint Region availability</a>.</p>
3805
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html">CreateUserPoolClient</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html">UpdateUserPoolClient</a>, and a response parameter of
3806
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html">DescribeUserPoolClient</a>.</p>
3807
3944
  * @public
3808
3945
  */
3809
3946
  export interface AnalyticsConfigurationType {
@@ -3896,8 +4033,6 @@ export declare const ColorSchemeModeType: {
3896
4033
  export type ColorSchemeModeType = (typeof ColorSchemeModeType)[keyof typeof ColorSchemeModeType];
3897
4034
  /**
3898
4035
  * <p>An image file from a managed login branding style in a user pool.</p>
3899
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateManagedLoginBranding.html">CreateManagedLoginBranding</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateManagedLoginBranding.html">UpdateManagedLoginBranding</a>, and a response parameter of
3900
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBranding.html">DescribeManagedLoginBranding</a>.</p>
3901
4036
  * @public
3902
4037
  */
3903
4038
  export interface AssetType {
@@ -3936,8 +4071,9 @@ export interface AssetType {
3936
4071
  */
3937
4072
  export interface AssociateSoftwareTokenRequest {
3938
4073
  /**
3939
- * <p>A valid access token that Amazon Cognito issued to the user whose software token you want to
3940
- * generate. You can provide either an access token or a session ID in the request.</p>
4074
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
4075
+ * <code>aws.cognito.signin.user.admin</code>.</p>
4076
+ * <p>You can provide either an access token or a session ID in the request.</p>
3941
4077
  * @public
3942
4078
  */
3943
4079
  AccessToken?: string | undefined;
@@ -3962,7 +4098,7 @@ export interface AssociateSoftwareTokenResponse {
3962
4098
  SecretCode?: string | undefined;
3963
4099
  /**
3964
4100
  * <p>The session identifier that maintains the state of authentication requests and
3965
- * challenge responses. This session ID is valid for the next request in this flow, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html">VerifySoftwareToken</a>.</p>
4101
+ * challenge responses.</p>
3966
4102
  * @public
3967
4103
  */
3968
4104
  Session?: string | undefined;
@@ -4040,13 +4176,13 @@ export interface ChangePasswordResponse {
4040
4176
  */
4041
4177
  export interface CompleteWebAuthnRegistrationRequest {
4042
4178
  /**
4043
- * <p>A valid access token that Amazon Cognito issued to the user whose passkey registration you want
4044
- * to complete.</p>
4179
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
4180
+ * <code>aws.cognito.signin.user.admin</code>.</p>
4045
4181
  * @public
4046
4182
  */
4047
4183
  AccessToken: string | undefined;
4048
4184
  /**
4049
- * <p>A <a href="https://www.w3.org/TR/webauthn-3/#dictdef-registrationresponsejson">RegistrationResponseJSON</a> public-key credential response from the
4185
+ * <p>A <a href="https://www.w3.org/TR/WebAuthn-3/#dictdef-registrationresponsejson">RegistrationResponseJSON</a> public-key credential response from the
4050
4186
  * user's passkey provider.</p>
4051
4187
  * @public
4052
4188
  */
@@ -4138,7 +4274,6 @@ export declare class WebAuthnRelyingPartyMismatchException extends __BaseExcepti
4138
4274
  /**
4139
4275
  * <p>A Secure Remote Password (SRP) value that your application generates when you register
4140
4276
  * a user's device. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html#user-pools-remembered-devices-getting-a-device-key">Getting a device key</a>.</p>
4141
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html">ConfirmDevice</a>.</p>
4142
4277
  * @public
4143
4278
  */
4144
4279
  export interface DeviceSecretVerifierConfigType {
@@ -4159,8 +4294,8 @@ export interface DeviceSecretVerifierConfigType {
4159
4294
  */
4160
4295
  export interface ConfirmDeviceRequest {
4161
4296
  /**
4162
- * <p>A valid access token that Amazon Cognito issued to the user whose device you want to
4163
- * confirm.</p>
4297
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
4298
+ * <code>aws.cognito.signin.user.admin</code>.</p>
4164
4299
  * @public
4165
4300
  */
4166
4301
  AccessToken: string | undefined;
@@ -4188,24 +4323,33 @@ export interface ConfirmDeviceRequest {
4188
4323
  export interface ConfirmDeviceResponse {
4189
4324
  /**
4190
4325
  * <p>When <code>true</code>, your user must confirm that they want to remember the device.
4191
- * Prompt the user for an answer. You must then make an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html">UpdateUserDevice</a> request that sets the device to
4192
- * <code>remembered</code> or <code>not_remembered</code>.</p>
4326
+ * Prompt the user for an answer.</p>
4193
4327
  * <p>When <code>false</code>, immediately sets the device as remembered and eligible for
4194
4328
  * device authentication.</p>
4195
4329
  * <p>You can configure your user pool to always remember devices, in which case this
4196
4330
  * response is <code>false</code>, or to allow users to opt in, in which case this response
4197
4331
  * is <code>true</code>. Configure this option under <i>Device tracking</i>
4198
- * in the <i>Sign-in</i> menu of your user pool. You can also configure this
4199
- * option with the <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html#CognitoUserPools-CreateUserPool-request-DeviceConfiguration">DeviceConfiguration</a> parameter of a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> or <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a> request.</p>
4332
+ * in the <i>Sign-in</i> menu of your user pool.</p>
4200
4333
  * @public
4201
4334
  */
4202
4335
  UserConfirmationNecessary?: boolean | undefined;
4203
4336
  }
4337
+ /**
4338
+ * <p>This exception is thrown when a user attempts to confirm a device with a device key
4339
+ * that already exists.</p>
4340
+ * @public
4341
+ */
4342
+ export declare class DeviceKeyExistsException extends __BaseException {
4343
+ readonly name: "DeviceKeyExistsException";
4344
+ readonly $fault: "client";
4345
+ /**
4346
+ * @internal
4347
+ */
4348
+ constructor(opts: __ExceptionOptionType<DeviceKeyExistsException, __BaseException>);
4349
+ }
4204
4350
  /**
4205
4351
  * <p>Contextual data, such as the user's device fingerprint, IP address, or location, used
4206
- * for evaluating the risk of an unexpected event by Amazon Cognito advanced security.</p>
4207
- * <p>This data type is a request parameter of public-client authentication operations like
4208
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html">RespondToAuthChallenge</a>.</p>
4352
+ * for evaluating the risk of an unexpected event by Amazon Cognito threat protection.</p>
4209
4353
  * @public
4210
4354
  */
4211
4355
  export interface UserContextDataType {
@@ -4229,8 +4373,8 @@ export interface ConfirmForgotPasswordRequest {
4229
4373
  /**
4230
4374
  * <p>The ID of the app client where the user wants to reset their password. This parameter
4231
4375
  * is an identifier of the client application that users are resetting their password from,
4232
- * but this operation resets users' passwords for all app clients in the user
4233
- * pool.</p>
4376
+ * but this operation resets users' irrespective of the app clients they sign in
4377
+ * to.</p>
4234
4378
  * @public
4235
4379
  */
4236
4380
  ClientId: string | undefined;
@@ -4242,7 +4386,7 @@ export interface ConfirmForgotPasswordRequest {
4242
4386
  */
4243
4387
  SecretHash?: string | undefined;
4244
4388
  /**
4245
- * <p>The username of the user that you want to query or modify. The value of this parameter
4389
+ * <p>The name of the user that you want to query or modify. The value of this parameter
4246
4390
  * is typically your user's username, but it can be any of their alias attributes. If
4247
4391
  * <code>username</code> isn't an alias attribute in your user pool, this value
4248
4392
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -4251,7 +4395,8 @@ export interface ConfirmForgotPasswordRequest {
4251
4395
  */
4252
4396
  Username: string | undefined;
4253
4397
  /**
4254
- * <p>The confirmation code that your user pool sent in response to an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminResetUserPassword.html">AdminResetUserPassword</a> or a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html">ForgotPassword</a> request.</p>
4398
+ * <p>The confirmation code that your user pool delivered when your user requested to reset
4399
+ * their password.</p>
4255
4400
  * @public
4256
4401
  */
4257
4402
  ConfirmationCode: string | undefined;
@@ -4261,14 +4406,15 @@ export interface ConfirmForgotPasswordRequest {
4261
4406
  */
4262
4407
  Password: string | undefined;
4263
4408
  /**
4264
- * <p>The Amazon Pinpoint analytics metadata for collecting metrics for
4265
- * <code>ConfirmForgotPassword</code> calls.</p>
4409
+ * <p>Information that supports analytics outcomes with Amazon Pinpoint, including the
4410
+ * user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier,
4411
+ * email address, or phone number.</p>
4266
4412
  * @public
4267
4413
  */
4268
4414
  AnalyticsMetadata?: AnalyticsMetadataType | undefined;
4269
4415
  /**
4270
- * <p>Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced
4271
- * security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
4416
+ * <p>Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat
4417
+ * protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
4272
4418
  * when it makes API requests.</p>
4273
4419
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html">Collecting data for threat protection in
4274
4420
  * applications</a>.</p>
@@ -4287,7 +4433,7 @@ export interface ConfirmForgotPasswordRequest {
4287
4433
  * function code in Lambda, you can process the <code>clientMetadata</code> value to
4288
4434
  * enhance your workflow for your specific needs.</p>
4289
4435
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
4290
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
4436
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
4291
4437
  * <note>
4292
4438
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
4293
4439
  * following:</p>
@@ -4336,7 +4482,7 @@ export interface ConfirmSignUpRequest {
4336
4482
  */
4337
4483
  SecretHash?: string | undefined;
4338
4484
  /**
4339
- * <p>The username of the user that you want to query or modify. The value of this parameter
4485
+ * <p>The name of the user that you want to query or modify. The value of this parameter
4340
4486
  * is typically your user's username, but it can be any of their alias attributes. If
4341
4487
  * <code>username</code> isn't an alias attribute in your user pool, this value
4342
4488
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -4368,14 +4514,15 @@ export interface ConfirmSignUpRequest {
4368
4514
  */
4369
4515
  ForceAliasCreation?: boolean | undefined;
4370
4516
  /**
4371
- * <p>The Amazon Pinpoint analytics metadata for collecting metrics for <code>ConfirmSignUp</code>
4372
- * calls.</p>
4517
+ * <p>Information that supports analytics outcomes with Amazon Pinpoint, including the
4518
+ * user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier,
4519
+ * email address, or phone number.</p>
4373
4520
  * @public
4374
4521
  */
4375
4522
  AnalyticsMetadata?: AnalyticsMetadataType | undefined;
4376
4523
  /**
4377
- * <p>Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced
4378
- * security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
4524
+ * <p>Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat
4525
+ * protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
4379
4526
  * when it makes API requests.</p>
4380
4527
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html">Collecting data for threat protection in
4381
4528
  * applications</a>.</p>
@@ -4394,7 +4541,7 @@ export interface ConfirmSignUpRequest {
4394
4541
  * code in Lambda, you can process the <code>clientMetadata</code> value to
4395
4542
  * enhance your workflow for your specific needs.</p>
4396
4543
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
4397
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
4544
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
4398
4545
  * <note>
4399
4546
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
4400
4547
  * following:</p>
@@ -4433,8 +4580,7 @@ export interface ConfirmSignUpResponse {
4433
4580
  /**
4434
4581
  * <p>A session identifier that you can use to immediately sign in the confirmed user. You
4435
4582
  * can automatically sign users in with the one-time password that they provided in a
4436
- * successful <code>ConfirmSignUp</code> request. To do this, pass the <code>Session</code>
4437
- * parameter from this response in the <code>Session</code> parameter of an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">InitiateAuth</a> or <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html">AdminInitiateAuth</a> request.</p>
4583
+ * successful <code>ConfirmSignUp</code> request.</p>
4438
4584
  * @public
4439
4585
  */
4440
4586
  Session?: string | undefined;
@@ -4692,7 +4838,6 @@ export interface CreateIdentityProviderRequest {
4692
4838
  * <p>A user pool identity provider (IdP). Contains information about a third-party IdP to a
4693
4839
  * user pool, the attributes that it populates to user profiles, and the trust relationship
4694
4840
  * between the IdP and your user pool.</p>
4695
- * <p>This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html">CreateIdentityProvider</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeIdentityProvider.html">DescribeIdentityProvider</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetIdentityProviderByIdentifier.html">GetIdentityProviderByIdentifier</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateIdentityProvider.html">UpdateIdentityProvider</a>.</p>
4696
4841
  * @public
4697
4842
  */
4698
4843
  export interface IdentityProviderType {
@@ -4894,9 +5039,8 @@ export interface CreateManagedLoginBrandingRequest {
4894
5039
  */
4895
5040
  UserPoolId: string | undefined;
4896
5041
  /**
4897
- * <p>The app client that you want to create the branding style for. Each style is
4898
- * permanently linked to an app client. To change the style for an app client, delete the
4899
- * existing style with <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteManagedLoginBranding.html">DeleteManagedLoginBranding</a> and create a new one.</p>
5042
+ * <p>The app client that you want to create the branding style for. Each style is linked to
5043
+ * an app client until you delete it.</p>
4900
5044
  * @public
4901
5045
  */
4902
5046
  ClientId: string | undefined;
@@ -4915,8 +5059,8 @@ export interface CreateManagedLoginBrandingRequest {
4915
5059
  */
4916
5060
  Settings?: __DocumentType | undefined;
4917
5061
  /**
4918
- * <p>An array of image files that you want to apply to roles like backgrounds, logos, and
4919
- * icons. Each object must also indicate whether it is for dark mode, light mode, or
5062
+ * <p>An array of image files that you want to apply to functions like backgrounds, logos,
5063
+ * and icons. Each object must also indicate whether it is for dark mode, light mode, or
4920
5064
  * browser-adaptive mode.</p>
4921
5065
  * @public
4922
5066
  */
@@ -4924,7 +5068,6 @@ export interface CreateManagedLoginBrandingRequest {
4924
5068
  }
4925
5069
  /**
4926
5070
  * <p>A managed login branding style that's assigned to a user pool app client.</p>
4927
- * <p>This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateManagedLoginBranding.html">CreateManagedLoginBranding</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateManagedLoginBranding.html">UpdateManagedLoginBranding</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBranding.html">DescribeManagedLoginBranding</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBrandingByClient.html">DescribeManagedLoginBrandingByClient</a>.</p>
4928
5071
  * @public
4929
5072
  */
4930
5073
  export interface ManagedLoginBrandingType {
@@ -5000,7 +5143,6 @@ export declare class ManagedLoginBrandingExistsException extends __BaseException
5000
5143
  * <p>One custom scope associated with a user pool resource server. This data type is a
5001
5144
  * member of <code>ResourceServerScopeType</code>. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html">
5002
5145
  * Scopes, M2M, and API authorization with resource servers</a>. </p>
5003
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html">CreateResourceServer</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeResourceServer.html">DescribeResourceServer</a>. </p>
5004
5146
  * @public
5005
5147
  */
5006
5148
  export interface ResourceServerScopeType {
@@ -5055,7 +5197,6 @@ export interface CreateResourceServerRequest {
5055
5197
  /**
5056
5198
  * <p>The details of a resource server configuration and associated custom scopes in a user
5057
5199
  * pool.</p>
5058
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html">CreateResourceServer</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeResourceServer.html">DescribeResourceServer</a>. </p>
5059
5200
  * @public
5060
5201
  */
5061
5202
  export interface ResourceServerType {
@@ -5138,7 +5279,6 @@ export type UserImportJobStatusType = (typeof UserImportJobStatusType)[keyof typ
5138
5279
  /**
5139
5280
  * <p>A user import job in a user pool. Describes the status of user import with a CSV file.
5140
5281
  * For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html">Importing users into user pools from a CSV file</a>.</p>
5141
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserImportJob.html">CreateUserImportJob</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserImportJob.html">DescribeUserImportJob</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserImportJobs.html">ListUserImportJobs</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_StartUserImportJob.html">StartUserImportJob</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_StopUserImportJob.html">StopUserImportJob</a>.</p>
5142
5282
  * @public
5143
5283
  */
5144
5284
  export interface UserImportJobType {
@@ -5258,7 +5398,8 @@ export interface UserImportJobType {
5258
5398
  */
5259
5399
  export interface CreateUserImportJobResponse {
5260
5400
  /**
5261
- * <p>The details of the user import job.</p>
5401
+ * <p>The details of the user import job. Includes logging destination, status, and the Amazon S3
5402
+ * pre-signed URL for CSV upload.</p>
5262
5403
  * @public
5263
5404
  */
5264
5405
  UserImportJob?: UserImportJobType | undefined;
@@ -5276,23 +5417,10 @@ export declare const DeletionProtectionType: {
5276
5417
  */
5277
5418
  export type DeletionProtectionType = (typeof DeletionProtectionType)[keyof typeof DeletionProtectionType];
5278
5419
  /**
5279
- * <p>The device-remembering configuration for a user pool. A <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">
5280
- * DescribeUserPool</a> request returns a null value for this object when the user
5281
- * pool isn't configured to remember devices. When device remembering is active, you can
5282
- * remember a user's device with a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html">ConfirmDevice</a> API request. Additionally. when the property
5283
- * <code>DeviceOnlyRememberedOnUserPrompt</code> is <code>true</code>, you must follow
5284
- * <code>ConfirmDevice</code> with an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html">UpdateDeviceStatus</a> API request that sets the user's device to
5285
- * <code>remembered</code> or <code>not_remembered</code>.</p>
5286
- * <p>To sign in with a remembered device, include <code>DEVICE_KEY</code> in the
5287
- * authentication parameters in your user's <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html">
5288
- * InitiateAuth</a> request. If your app doesn't include a <code>DEVICE_KEY</code>
5289
- * parameter, the <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_ResponseSyntax">response</a> from Amazon Cognito includes newly-generated <code>DEVICE_KEY</code> and
5290
- * <code>DEVICE_GROUP_KEY</code> values under <code>NewDeviceMetadata</code>. Store
5291
- * these values to use in future device-authentication requests.</p>
5420
+ * <p>The device-remembering configuration for a user pool.</p>
5292
5421
  * <note>
5293
5422
  * <p>When you provide a value for any property of <code>DeviceConfiguration</code>, you
5294
5423
  * activate the device remembering for the user pool.</p>
5295
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5296
5424
  * </note>
5297
5425
  * @public
5298
5426
  */
@@ -5311,10 +5439,9 @@ export interface DeviceConfigurationType {
5311
5439
  ChallengeRequiredOnNewDevice?: boolean | undefined;
5312
5440
  /**
5313
5441
  * <p>When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a
5314
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html">
5315
- * ConfirmDevice</a> API request. In your app, create a prompt for your user to
5316
- * choose whether they want to remember their device. Return the user's choice in an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html">
5317
- * UpdateDeviceStatus</a> API request.</p>
5442
+ * <code>ConfirmDevice</code> API request. In your app, create a prompt for your user
5443
+ * to choose whether they want to remember their device. Return the user's choice in an
5444
+ * <code>UpdateDeviceStatus</code> API request.</p>
5318
5445
  * <p>When <code>DeviceOnlyRememberedOnUserPrompt</code> is <code>false</code>, Amazon
5319
5446
  * Cognito immediately remembers devices that you register in a <code>ConfirmDevice</code>
5320
5447
  * API request.</p>
@@ -5343,8 +5470,6 @@ export type EmailSendingAccountType = (typeof EmailSendingAccountType)[keyof typ
5343
5470
  * you created your user pool, and in alternate Regions in some cases. For more
5344
5471
  * information on the supported Regions, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html">Email settings for Amazon Cognito user pools</a>.</p>
5345
5472
  * </note>
5346
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html">SetUserPoolMfaConfig</a>, and a response parameter of
5347
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html">GetUserPoolMfaConfig</a>.</p>
5348
5473
  * @public
5349
5474
  */
5350
5475
  export interface EmailConfigurationType {
@@ -5465,7 +5590,6 @@ export declare const CustomEmailSenderLambdaVersionType: {
5465
5590
  export type CustomEmailSenderLambdaVersionType = (typeof CustomEmailSenderLambdaVersionType)[keyof typeof CustomEmailSenderLambdaVersionType];
5466
5591
  /**
5467
5592
  * <p>The properties of a custom email sender Lambda trigger.</p>
5468
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5469
5593
  * @public
5470
5594
  */
5471
5595
  export interface CustomEmailLambdaVersionConfigType {
@@ -5495,7 +5619,6 @@ export declare const CustomSMSSenderLambdaVersionType: {
5495
5619
  export type CustomSMSSenderLambdaVersionType = (typeof CustomSMSSenderLambdaVersionType)[keyof typeof CustomSMSSenderLambdaVersionType];
5496
5620
  /**
5497
5621
  * <p>The properties of a custom SMS sender Lambda trigger.</p>
5498
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5499
5622
  * @public
5500
5623
  */
5501
5624
  export interface CustomSMSLambdaVersionConfigType {
@@ -5519,6 +5642,7 @@ export interface CustomSMSLambdaVersionConfigType {
5519
5642
  export declare const PreTokenGenerationLambdaVersionType: {
5520
5643
  readonly V1_0: "V1_0";
5521
5644
  readonly V2_0: "V2_0";
5645
+ readonly V3_0: "V3_0";
5522
5646
  };
5523
5647
  /**
5524
5648
  * @public
@@ -5526,7 +5650,6 @@ export declare const PreTokenGenerationLambdaVersionType: {
5526
5650
  export type PreTokenGenerationLambdaVersionType = (typeof PreTokenGenerationLambdaVersionType)[keyof typeof PreTokenGenerationLambdaVersionType];
5527
5651
  /**
5528
5652
  * <p>The properties of a pre token generation Lambda trigger.</p>
5529
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5530
5653
  * @public
5531
5654
  */
5532
5655
  export interface PreTokenGenerationVersionConfigType {
@@ -5548,7 +5671,6 @@ export interface PreTokenGenerationVersionConfigType {
5548
5671
  * <p>A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible
5549
5672
  * stages of user pool operations. Triggers can modify the outcome of the operations that
5550
5673
  * invoked them.</p>
5551
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5552
5674
  * @public
5553
5675
  */
5554
5676
  export interface LambdaConfigType {
@@ -5665,7 +5787,6 @@ export type UserPoolMfaType = (typeof UserPoolMfaType)[keyof typeof UserPoolMfaT
5665
5787
  /**
5666
5788
  * <p>The password policy settings for a user pool, including complexity, history, and
5667
5789
  * length requirements.</p>
5668
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5669
5790
  * @public
5670
5791
  */
5671
5792
  export interface PasswordPolicyType {
@@ -5703,9 +5824,6 @@ export interface PasswordPolicyType {
5703
5824
  * <p>The number of previous passwords that you want Amazon Cognito to restrict each user from
5704
5825
  * reusing. Users can't set a password that matches any of <code>n</code> previous
5705
5826
  * passwords, where <code>n</code> is the value of <code>PasswordHistorySize</code>.</p>
5706
- * <p>Password history isn't enforced and isn't displayed in <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a> responses when you set this value to
5707
- * <code>0</code> or don't provide it. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
5708
- * advanced security features</a> must be active in your user pool.</p>
5709
5827
  * @public
5710
5828
  */
5711
5829
  PasswordHistorySize?: number | undefined;
@@ -5724,8 +5842,9 @@ export interface PasswordPolicyType {
5724
5842
  TemporaryPasswordValidityDays?: number | undefined;
5725
5843
  }
5726
5844
  /**
5727
- * <p>The policy for allowed types of authentication in a user pool.</p>
5728
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5845
+ * <p>The policy for allowed types of authentication in a user pool.
5846
+ * To activate this setting, your user pool must be in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html">
5847
+ * Essentials tier</a> or higher.</p>
5729
5848
  * @public
5730
5849
  */
5731
5850
  export interface SignInPolicyType {
@@ -5740,7 +5859,6 @@ export interface SignInPolicyType {
5740
5859
  /**
5741
5860
  * <p>A list of user pool policies. Contains the policy that sets password-complexity
5742
5861
  * requirements.</p>
5743
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5744
5862
  * @public
5745
5863
  */
5746
5864
  export interface UserPoolPolicyType {
@@ -5760,8 +5878,6 @@ export interface UserPoolPolicyType {
5760
5878
  * <p>User pool configuration for delivery of SMS messages with Amazon Simple Notification Service. To send SMS
5761
5879
  * messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an
5762
5880
  * Identity and Access Management (IAM) role in your Amazon Web Services account.</p>
5763
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html">SetUserPoolMfaConfig</a>, and a response parameter of
5764
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html">GetUserPoolMfaConfig</a>.</p>
5765
5881
  * @public
5766
5882
  */
5767
5883
  export interface SmsConfigurationType {
@@ -5804,7 +5920,6 @@ export interface SmsConfigurationType {
5804
5920
  * a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For
5805
5921
  * more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates">
5806
5922
  * Verifying updates to email addresses and phone numbers</a>.</p>
5807
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5808
5923
  * @public
5809
5924
  */
5810
5925
  export interface UserAttributeUpdateSettingsType {
@@ -5814,8 +5929,6 @@ export interface UserAttributeUpdateSettingsType {
5814
5929
  * this option activated, Amazon Cognito sends a verification message to the new phone number or
5815
5930
  * email address. Amazon Cognito doesn’t change the value of the attribute until your user responds
5816
5931
  * to the verification message and confirms the new value.</p>
5817
- * <p>You can verify an updated email address or phone number with a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html">VerifyUserAttribute</a> API request. You can also call the <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html">AdminUpdateUserAttributes</a> API and set <code>email_verified</code> or
5818
- * <code>phone_number_verified</code> to true.</p>
5819
5932
  * <p>When <code>AttributesRequireVerificationBeforeUpdate</code> is false, your user pool
5820
5933
  * doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a
5821
5934
  * user pool where <code>AttributesRequireVerificationBeforeUpdate</code> is false, API
@@ -5839,7 +5952,6 @@ export declare const UsernameAttributeType: {
5839
5952
  export type UsernameAttributeType = (typeof UsernameAttributeType)[keyof typeof UsernameAttributeType];
5840
5953
  /**
5841
5954
  * <p>The configuration of a user pool for username case sensitivity.</p>
5842
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5843
5955
  * @public
5844
5956
  */
5845
5957
  export interface UsernameConfigurationType {
@@ -5872,24 +5984,24 @@ export interface UsernameConfigurationType {
5872
5984
  CaseSensitive: boolean | undefined;
5873
5985
  }
5874
5986
  /**
5875
- * <p>User pool add-ons. Contains settings for activation of advanced security features. To
5876
- * log user security information but take no action, set to <code>AUDIT</code>. To
5877
- * configure automatic security responses to risky traffic to your user pool, set to
5878
- * <code>ENFORCED</code>.</p>
5879
- * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">Adding advanced security to a user pool</a>.</p>
5880
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5987
+ * <p>Contains settings for activation of threat protection, including the operating
5988
+ * mode and additional authentication types. To log user security information but take
5989
+ * no action, set to <code>AUDIT</code>. To configure automatic security responses to
5990
+ * potentially unwanted traffic to your user pool, set to <code>ENFORCED</code>.</p>
5991
+ * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">Adding advanced security to a user pool</a>. To activate this setting, your user pool must be on the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html">
5992
+ * Plus tier</a>.</p>
5881
5993
  * @public
5882
5994
  */
5883
5995
  export interface UserPoolAddOnsType {
5884
5996
  /**
5885
- * <p>The operating mode of advanced security features for standard authentication types in
5997
+ * <p>The operating mode of threat protection for standard authentication types in
5886
5998
  * your user pool, including username-password and secure remote password (SRP)
5887
5999
  * authentication. </p>
5888
6000
  * @public
5889
6001
  */
5890
6002
  AdvancedSecurityMode: AdvancedSecurityModeType | undefined;
5891
6003
  /**
5892
- * <p>Advanced security configuration options for additional authentication types in your
6004
+ * <p>Threat protection configuration options for additional authentication types in your
5893
6005
  * user pool, including custom
5894
6006
  * authentication. </p>
5895
6007
  * @public
@@ -5924,7 +6036,6 @@ export type DefaultEmailOptionType = (typeof DefaultEmailOptionType)[keyof typeo
5924
6036
  /**
5925
6037
  * <p>The template for the verification message that your user pool delivers to users who
5926
6038
  * set an email address or phone number attribute.</p>
5927
- * <p>This data type is a request and response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
5928
6039
  * @public
5929
6040
  */
5930
6041
  export interface VerificationMessageTemplateType {
@@ -5978,7 +6089,7 @@ export interface VerificationMessageTemplateType {
5978
6089
  */
5979
6090
  export interface CreateUserPoolRequest {
5980
6091
  /**
5981
- * <p>A friendlhy name for your user pool.</p>
6092
+ * <p>A friendly name for your user pool.</p>
5982
6093
  * @public
5983
6094
  */
5984
6095
  PoolName: string | undefined;
@@ -6008,15 +6119,14 @@ export interface CreateUserPoolRequest {
6008
6119
  */
6009
6120
  LambdaConfig?: LambdaConfigType | undefined;
6010
6121
  /**
6011
- * <p>The attributes that you want your user pool to automatically verify. Possible values:
6012
- * <b>email</b>, <b>phone_number</b>. For more information see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves">Verifying contact information at sign-up</a>.</p>
6122
+ * <p>The attributes that you want your user pool to automatically verify. For more
6123
+ * information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves">Verifying contact information at sign-up</a>.</p>
6013
6124
  * @public
6014
6125
  */
6015
6126
  AutoVerifiedAttributes?: VerifiedAttributeType[] | undefined;
6016
6127
  /**
6017
- * <p>Attributes supported as an alias for this user pool. Possible values: <b>phone_number</b>, <b>email</b>, or
6018
- * <b>preferred_username</b>. For more information about
6019
- * alias attributes, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases">Customizing sign-in attributes</a>.</p>
6128
+ * <p>Attributes supported as an alias for this user pool. For more information about alias
6129
+ * attributes, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases">Customizing sign-in attributes</a>.</p>
6020
6130
  * @public
6021
6131
  */
6022
6132
  AliasAttributes?: AliasAttributeType[] | undefined;
@@ -6027,17 +6137,17 @@ export interface CreateUserPoolRequest {
6027
6137
  */
6028
6138
  UsernameAttributes?: UsernameAttributeType[] | undefined;
6029
6139
  /**
6030
- * <p>This parameter is no longer used. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html">VerificationMessageTemplateType</a>.</p>
6140
+ * <p>This parameter is no longer used.</p>
6031
6141
  * @public
6032
6142
  */
6033
6143
  SmsVerificationMessage?: string | undefined;
6034
6144
  /**
6035
- * <p>This parameter is no longer used. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html">VerificationMessageTemplateType</a>.</p>
6145
+ * <p>This parameter is no longer used.</p>
6036
6146
  * @public
6037
6147
  */
6038
6148
  EmailVerificationMessage?: string | undefined;
6039
6149
  /**
6040
- * <p>This parameter is no longer used. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html">VerificationMessageTemplateType</a>.</p>
6150
+ * <p>This parameter is no longer used.</p>
6041
6151
  * @public
6042
6152
  */
6043
6153
  EmailVerificationSubject?: string | undefined;
@@ -6054,7 +6164,8 @@ export interface CreateUserPoolRequest {
6054
6164
  */
6055
6165
  VerificationMessageTemplate?: VerificationMessageTemplateType | undefined;
6056
6166
  /**
6057
- * <p>A string representing the SMS authentication message.</p>
6167
+ * <p>The contents of the SMS message that your user pool sends to users in SMS OTP and MFA
6168
+ * authentication.</p>
6058
6169
  * @public
6059
6170
  */
6060
6171
  SmsAuthenticationMessage?: string | undefined;
@@ -6064,6 +6175,10 @@ export interface CreateUserPoolRequest {
6064
6175
  * <code>OPTIONAL</code>, your application must make a client-side determination of
6065
6176
  * whether a user wants to register an MFA device. For user pools with adaptive
6066
6177
  * authentication with threat protection, choose <code>OPTIONAL</code>.</p>
6178
+ * <p>When <code>MfaConfiguration</code> is <code>OPTIONAL</code>, managed login
6179
+ * doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in
6180
+ * API responses and in managed login for users who have chosen and configured a preferred
6181
+ * MFA factor.</p>
6067
6182
  * @public
6068
6183
  */
6069
6184
  MfaConfiguration?: UserPoolMfaType | undefined;
@@ -6083,7 +6198,7 @@ export interface CreateUserPoolRequest {
6083
6198
  * you have deactivated device remembering in your user pool.</p>
6084
6199
  * <note>
6085
6200
  * <p>When you provide a value for any <code>DeviceConfiguration</code> field, you
6086
- * activate the Amazon Cognito device-remembering feature. For more infor</p>
6201
+ * activate the Amazon Cognito device-remembering feature. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">Working with devices</a>.</p>
6087
6202
  * </note>
6088
6203
  * @public
6089
6204
  */
@@ -6096,10 +6211,10 @@ export interface CreateUserPoolRequest {
6096
6211
  */
6097
6212
  EmailConfiguration?: EmailConfigurationType | undefined;
6098
6213
  /**
6099
- * <p>The SMS configuration with the settings that your Amazon Cognito user pool must use to send an
6100
- * SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages
6101
- * with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management
6102
- * (IAM) role in your Amazon Web Services account. For more information see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html">SMS message settings</a>.</p>
6214
+ * <p>The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS
6215
+ * messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an
6216
+ * Identity and Access Management (IAM) role in your Amazon Web Services account. For more information see
6217
+ * <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html">SMS message settings</a>.</p>
6103
6218
  * @public
6104
6219
  */
6105
6220
  SmsConfiguration?: SmsConfigurationType | undefined;
@@ -6111,7 +6226,7 @@ export interface CreateUserPoolRequest {
6111
6226
  */
6112
6227
  UserPoolTags?: Record<string, string> | undefined;
6113
6228
  /**
6114
- * <p>The configuration for <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html">AdminCreateUser</a> requests. Includes the template for the
6229
+ * <p>The configuration for administrative creation of users. Includes the template for the
6115
6230
  * invitation message for new users, the duration of temporary passwords, and permitting
6116
6231
  * self-service sign-up.</p>
6117
6232
  * @public
@@ -6125,11 +6240,12 @@ export interface CreateUserPoolRequest {
6125
6240
  */
6126
6241
  Schema?: SchemaAttributeType[] | undefined;
6127
6242
  /**
6128
- * <p>User pool add-ons. Contains settings for activation of advanced security features. To
6129
- * log user security information but take no action, set to <code>AUDIT</code>. To
6130
- * configure automatic security responses to risky traffic to your user pool, set to
6131
- * <code>ENFORCED</code>.</p>
6132
- * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">Adding advanced security to a user pool</a>.</p>
6243
+ * <p>Contains settings for activation of threat protection, including the operating
6244
+ * mode and additional authentication types. To log user security information but take
6245
+ * no action, set to <code>AUDIT</code>. To configure automatic security responses to
6246
+ * potentially unwanted traffic to your user pool, set to <code>ENFORCED</code>.</p>
6247
+ * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">Adding advanced security to a user pool</a>. To activate this setting, your user pool must be on the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html">
6248
+ * Plus tier</a>.</p>
6133
6249
  * @public
6134
6250
  */
6135
6251
  UserPoolAddOns?: UserPoolAddOnsType | undefined;
@@ -6154,8 +6270,12 @@ export interface CreateUserPoolRequest {
6154
6270
  * <code>ForgotPassword</code>. You can use this setting to define a preferred method
6155
6271
  * when a user has more than one method available. With this setting, SMS doesn't qualify
6156
6272
  * for a valid password recovery mechanism if the user also has SMS multi-factor
6157
- * authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy
6158
- * behavior to determine the recovery method where SMS is preferred through email.</p>
6273
+ * authentication (MFA) activated. Email MFA is also disqualifying for account recovery
6274
+ * with email. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine
6275
+ * the recovery method where SMS is preferred over email.</p>
6276
+ * <p>As a best practice, configure both <code>verified_email</code> and
6277
+ * <code>verified_phone_number</code>, with one having a higher priority than the
6278
+ * other.</p>
6159
6279
  * @public
6160
6280
  */
6161
6281
  AccountRecoverySetting?: AccountRecoverySettingType | undefined;
@@ -6181,7 +6301,6 @@ export declare const StatusType: {
6181
6301
  export type StatusType = (typeof StatusType)[keyof typeof StatusType];
6182
6302
  /**
6183
6303
  * <p>The configuration of a user pool.</p>
6184
- * <p>This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html">CreateUserPool</a>, <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html">UpdateUserPool</a>, and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html">DescribeUserPool</a>.</p>
6185
6304
  * @public
6186
6305
  */
6187
6306
  export interface UserPoolType {
@@ -6268,17 +6387,17 @@ export interface UserPoolType {
6268
6387
  */
6269
6388
  UsernameAttributes?: UsernameAttributeType[] | undefined;
6270
6389
  /**
6271
- * <p>This parameter is no longer used. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html">VerificationMessageTemplateType</a>.</p>
6390
+ * <p>This parameter is no longer used.</p>
6272
6391
  * @public
6273
6392
  */
6274
6393
  SmsVerificationMessage?: string | undefined;
6275
6394
  /**
6276
- * <p>This parameter is no longer used. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html">VerificationMessageTemplateType</a>.</p>
6395
+ * <p>This parameter is no longer used.</p>
6277
6396
  * @public
6278
6397
  */
6279
6398
  EmailVerificationMessage?: string | undefined;
6280
6399
  /**
6281
- * <p>This parameter is no longer used. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html">VerificationMessageTemplateType</a>.</p>
6400
+ * <p>This parameter is no longer used.</p>
6282
6401
  * @public
6283
6402
  */
6284
6403
  EmailVerificationSubject?: string | undefined;
@@ -6408,11 +6527,12 @@ export interface UserPoolType {
6408
6527
  */
6409
6528
  AdminCreateUserConfig?: AdminCreateUserConfigType | undefined;
6410
6529
  /**
6411
- * <p>User pool add-ons. Contains settings for activation of advanced security features. To
6412
- * log user security information but take no action, set to <code>AUDIT</code>. To
6413
- * configure automatic security responses to risky traffic to your user pool, set to
6414
- * <code>ENFORCED</code>.</p>
6415
- * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">Adding advanced security to a user pool</a>.</p>
6530
+ * <p>Contains settings for activation of threat protection, including the operating
6531
+ * mode and additional authentication types. To log user security information but take
6532
+ * no action, set to <code>AUDIT</code>. To configure automatic security responses to
6533
+ * potentially unwanted traffic to your user pool, set to <code>ENFORCED</code>.</p>
6534
+ * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">Adding advanced security to a user pool</a>. To activate this setting, your user pool must be on the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html">
6535
+ * Plus tier</a>.</p>
6416
6536
  * @public
6417
6537
  */
6418
6538
  UserPoolAddOns?: UserPoolAddOnsType | undefined;
@@ -6426,7 +6546,6 @@ export interface UserPoolType {
6426
6546
  * When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in
6427
6547
  * case as the same user, and prevents a case variation from being assigned to the same
6428
6548
  * attribute for a different user.</p>
6429
- * <p>This configuration is immutable after you set it. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html">UsernameConfigurationType</a>.</p>
6430
6549
  * @public
6431
6550
  */
6432
6551
  UsernameConfiguration?: UsernameConfigurationType | undefined;
@@ -6565,8 +6684,6 @@ export type TimeUnitsType = (typeof TimeUnitsType)[keyof typeof TimeUnitsType];
6565
6684
  * <code>AccessTokenValidity</code>, and <code>RefreshTokenValidity</code>, set and
6566
6685
  * display the duration of ID, access, and refresh tokens for an app client. You can assign
6567
6686
  * a separate token validity unit to each type of token. </p>
6568
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html">CreateUserPoolClient</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html">UpdateUserPoolClient</a>, and a response parameter of
6569
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html">DescribeUserPoolClient</a>.</p>
6570
6687
  * @public
6571
6688
  */
6572
6689
  export interface TokenValidityUnitsType {
@@ -6611,8 +6728,9 @@ export interface CreateUserPoolClientRequest {
6611
6728
  ClientName: string | undefined;
6612
6729
  /**
6613
6730
  * <p>When <code>true</code>, generates a client secret for the app client. Client secrets
6614
- * are used with server-side and machine-to-machine applications. For more information, see
6615
- * <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types">App client types</a>.</p>
6731
+ * are used with server-side and machine-to-machine applications. Client secrets are
6732
+ * automatically generated; you can't specify a secret value. For more information,
6733
+ * see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types">App client types</a>.</p>
6616
6734
  * @public
6617
6735
  */
6618
6736
  GenerateSecret?: boolean | undefined;
@@ -6672,15 +6790,12 @@ export interface CreateUserPoolClientRequest {
6672
6790
  /**
6673
6791
  * <p>The list of user attributes that you want your app client to have read access to.
6674
6792
  * After your user authenticates in your app, their access token authorizes them to read
6675
- * their own attribute value for any attribute in this list. An example of this kind of
6676
- * activity is when your user selects a link to view their profile information. Your app
6677
- * makes a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html">GetUser</a> API request to retrieve and display your user's profile
6678
- * data.</p>
6793
+ * their own attribute value for any attribute in this list.</p>
6679
6794
  * <p>When you don't specify the <code>ReadAttributes</code> for your app client, your
6680
6795
  * app can read the values of <code>email_verified</code>,
6681
- * <code>phone_number_verified</code>, and the Standard attributes of your user pool.
6796
+ * <code>phone_number_verified</code>, and the standard attributes of your user pool.
6682
6797
  * When your user pool app client has read access to these default attributes,
6683
- * <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
6798
+ * <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
6684
6799
  * populates <code>ReadAttributes</code> in the API response if you have specified your own
6685
6800
  * custom set of read attributes.</p>
6686
6801
  * @public
@@ -6689,10 +6804,7 @@ export interface CreateUserPoolClientRequest {
6689
6804
  /**
6690
6805
  * <p>The list of user attributes that you want your app client to have write access to.
6691
6806
  * After your user authenticates in your app, their access token authorizes them to set or
6692
- * modify their own attribute value for any attribute in this list. An example of this kind
6693
- * of activity is when you present your user with a form to update their profile
6694
- * information and they change their last name. Your app then makes an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html">UpdateUserAttributes</a> API request and sets <code>family_name</code> to the
6695
- * new value. </p>
6807
+ * modify their own attribute value for any attribute in this list.</p>
6696
6808
  * <p>When you don't specify the <code>WriteAttributes</code> for your app client, your
6697
6809
  * app can write the values of the Standard attributes of your user pool. When your user
6698
6810
  * pool has write access to these default attributes, <code>WriteAttributes</code>
@@ -6709,13 +6821,16 @@ export interface CreateUserPoolClientRequest {
6709
6821
  */
6710
6822
  WriteAttributes?: string[] | undefined;
6711
6823
  /**
6712
- * <p>The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in
6713
- * your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and
6714
- * password, or a custom authentication process that you define with Lambda functions.</p>
6824
+ * <p>The <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html">authentication flows</a> that you want your user pool client to support. For each app
6825
+ * client in your user pool, you can sign in your users with any combination of one or more flows, including with
6826
+ * a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that
6827
+ * you define with Lambda functions.</p>
6715
6828
  * <note>
6716
- * <p>If you don't specify a value for <code>ExplicitAuthFlows</code>, your user client supports <code>ALLOW_REFRESH_TOKEN_AUTH</code>, <code>ALLOW_USER_SRP_AUTH</code>, and <code>ALLOW_CUSTOM_AUTH</code>.</p>
6829
+ * <p>If you don't specify a value for <code>ExplicitAuthFlows</code>, your app client supports
6830
+ * <code>ALLOW_REFRESH_TOKEN_AUTH</code>, <code>ALLOW_USER_SRP_AUTH</code>, and <code>ALLOW_CUSTOM_AUTH</code>.
6831
+ * </p>
6717
6832
  * </note>
6718
- * <p>Valid values include:</p>
6833
+ * <p>The values for authentication flow options include the following.</p>
6719
6834
  * <ul>
6720
6835
  * <li>
6721
6836
  * <p>
@@ -6728,6 +6843,8 @@ export interface CreateUserPoolClientRequest {
6728
6843
  * without the flow <code>USER_SRP_AUTH</code> being active for the app
6729
6844
  * client. This flow doesn't include <code>CUSTOM_AUTH</code>.
6730
6845
  * </p>
6846
+ * <p>To activate this setting, your user pool must be in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html">
6847
+ * Essentials tier</a> or higher.</p>
6731
6848
  * </li>
6732
6849
  * <li>
6733
6850
  * <p>
@@ -6767,20 +6884,25 @@ export interface CreateUserPoolClientRequest {
6767
6884
  /**
6768
6885
  * <p>A list of provider names for the identity providers (IdPs) that are supported on this
6769
6886
  * client. The following are supported: <code>COGNITO</code>, <code>Facebook</code>,
6770
- * <code>Google</code>, <code>SignInWithApple</code>, and <code>LoginWithAmazon</code>.
6887
+ * <code>Google</code>, <code>SignInWithApple</code>, and <code>LoginWithAmazon</code>.
6771
6888
  * You can also specify the names that you configured for the SAML and OIDC IdPs in your
6772
6889
  * user pool, for example <code>MySAMLIdP</code> or <code>MyOIDCIdP</code>.</p>
6773
- * <p>This setting applies to providers that you can access with <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html">managed
6774
- * login</a>. The removal of <code>COGNITO</code>
6775
- * from this list doesn't prevent authentication operations for local users with the
6776
- * user pools API in an Amazon Web Services SDK. The only way to prevent API-based authentication is to
6777
- * block access with a <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html">WAF rule</a>.</p>
6890
+ * <p>This parameter sets the IdPs that <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html">managed
6891
+ * login</a> will display on the login page for your app client. The removal of
6892
+ * <code>COGNITO</code> from this list doesn't prevent authentication operations
6893
+ * for local users with the user pools API in an Amazon Web Services SDK. The only way to prevent
6894
+ * SDK-based authentication is to block access with a <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html">WAF rule</a>.
6895
+ * </p>
6778
6896
  * @public
6779
6897
  */
6780
6898
  SupportedIdentityProviders?: string[] | undefined;
6781
6899
  /**
6782
- * <p>A list of allowed redirect (callback) URLs for the IdPs.</p>
6783
- * <p>A redirect URI must:</p>
6900
+ * <p>A list of allowed redirect, or callback, URLs for managed login authentication. These
6901
+ * URLs are the paths where you want to send your users' browsers after they complete
6902
+ * authentication with managed login or a third-party IdP. Typically, callback URLs are the
6903
+ * home of an application that uses OAuth or OIDC libraries to process authentication
6904
+ * outcomes.</p>
6905
+ * <p>A redirect URI must meet the following requirements:</p>
6784
6906
  * <ul>
6785
6907
  * <li>
6786
6908
  * <p>Be an absolute URI.</p>
@@ -6803,8 +6925,13 @@ export interface CreateUserPoolClientRequest {
6803
6925
  */
6804
6926
  CallbackURLs?: string[] | undefined;
6805
6927
  /**
6806
- * <p>A list of allowed logout URLs for managed login authentication. For more information,
6807
- * see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html">Logout endpoint</a>.</p>
6928
+ * <p>A list of allowed logout URLs for managed login authentication. When you pass
6929
+ * <code>logout_uri</code> and <code>client_id</code> parameters to
6930
+ * <code>/logout</code>, Amazon Cognito signs out your user and redirects them to the logout
6931
+ * URL. This parameter describes the URLs that you want to be the permitted targets of
6932
+ * <code>logout_uri</code>. A typical use of these URLs is when a user selects "Sign
6933
+ * out" and you redirect them to your public homepage. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html">Logout
6934
+ * endpoint</a>.</p>
6808
6935
  * @public
6809
6936
  */
6810
6937
  LogoutURLs?: string[] | undefined;
@@ -6816,9 +6943,9 @@ export interface CreateUserPoolClientRequest {
6816
6943
  */
6817
6944
  DefaultRedirectURI?: string | undefined;
6818
6945
  /**
6819
- * <p>The OAuth grant types that you want your app client to generate. To create an app
6820
- * client that generates client credentials grants, you must add
6821
- * <code>client_credentials</code> as the only allowed OAuth flow.</p>
6946
+ * <p>The OAuth grant types that you want your app client to generate for clients in managed
6947
+ * login authentication. To create an app client that generates client credentials grants,
6948
+ * you must add <code>client_credentials</code> as the only allowed OAuth flow.</p>
6822
6949
  * <dl>
6823
6950
  * <dt>code</dt>
6824
6951
  * <dd>
@@ -6828,34 +6955,34 @@ export interface CreateUserPoolClientRequest {
6828
6955
  * </dd>
6829
6956
  * <dt>implicit</dt>
6830
6957
  * <dd>
6831
- * <p>Issue the access token (and, optionally, ID token, based on scopes)
6832
- * directly to your user.</p>
6958
+ * <p>Issue the access token, and the ID token when scopes like
6959
+ * <code>openid</code> and <code>profile</code> are requested, directly to
6960
+ * your user.</p>
6833
6961
  * </dd>
6834
6962
  * <dt>client_credentials</dt>
6835
6963
  * <dd>
6836
6964
  * <p>Issue the access token from the <code>/oauth2/token</code> endpoint
6837
- * directly to a non-person user using a combination of the client ID and
6838
- * client secret.</p>
6965
+ * directly to a non-person user, authorized by a combination of the client ID
6966
+ * and client secret.</p>
6839
6967
  * </dd>
6840
6968
  * </dl>
6841
6969
  * @public
6842
6970
  */
6843
6971
  AllowedOAuthFlows?: OAuthFlowType[] | undefined;
6844
6972
  /**
6845
- * <p>The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes
6846
- * govern access control to user pool self-service API operations, user data from the
6847
- * <code>userInfo</code> endpoint, and third-party APIs. Possible values provided by
6848
- * OAuth are <code>phone</code>, <code>email</code>, <code>openid</code>, and
6849
- * <code>profile</code>. Possible values provided by Amazon Web Services are
6850
- * <code>aws.cognito.signin.user.admin</code>. Custom scopes created in Resource
6851
- * Servers are also supported.</p>
6973
+ * <p>The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app
6974
+ * client to authorize access with. Scopes govern access control to user pool self-service
6975
+ * API operations, user data from the <code>userInfo</code> endpoint, and third-party APIs.
6976
+ * Scope values include <code>phone</code>, <code>email</code>, <code>openid</code>, and
6977
+ * <code>profile</code>. The <code>aws.cognito.signin.user.admin</code> scope
6978
+ * authorizes user self-service operations. Custom scopes with resource servers authorize
6979
+ * access to external APIs.</p>
6852
6980
  * @public
6853
6981
  */
6854
6982
  AllowedOAuthScopes?: string[] | undefined;
6855
6983
  /**
6856
- * <p>Set to <code>true</code> to use OAuth 2.0 features in your user pool app client.</p>
6857
- * <p>
6858
- * <code>AllowedOAuthFlowsUserPoolClient</code> must be <code>true</code> before you can configure
6984
+ * <p>Set to <code>true</code> to use OAuth 2.0 authorization server features in your app client.</p>
6985
+ * <p>This parameter must have a value of <code>true</code> before you can configure
6859
6986
  * the following features in your app client.</p>
6860
6987
  * <ul>
6861
6988
  * <li>
@@ -6875,11 +7002,11 @@ export interface CreateUserPoolClientRequest {
6875
7002
  * <code>AllowedOAuthFlows</code>: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.</p>
6876
7003
  * </li>
6877
7004
  * </ul>
6878
- * <p>To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
7005
+ * <p>To use authorization server features, configure one of these features in the Amazon Cognito console or set
6879
7006
  * <code>AllowedOAuthFlowsUserPoolClient</code> to <code>true</code> in a <code>CreateUserPoolClient</code> or
6880
7007
  * <code>UpdateUserPoolClient</code> API request. If you don't set a value for
6881
7008
  * <code>AllowedOAuthFlowsUserPoolClient</code> in a request with the CLI or SDKs, it defaults
6882
- * to <code>false</code>.</p>
7009
+ * to <code>false</code>. When <code>false</code>, only SDK-based API sign-in is permitted.</p>
6883
7010
  * @public
6884
7011
  */
6885
7012
  AllowedOAuthFlowsUserPoolClient?: boolean | undefined;
@@ -6893,45 +7020,36 @@ export interface CreateUserPoolClientRequest {
6893
7020
  */
6894
7021
  AnalyticsConfiguration?: AnalyticsConfigurationType | undefined;
6895
7022
  /**
6896
- * <p>Errors and responses that you want Amazon Cognito APIs to return during authentication, account
7023
+ * <p>When <code>ENABLED</code>, suppresses messages that might indicate a valid user exists
7024
+ * when someone attempts sign-in. This parameters sets your preference for the errors and
7025
+ * responses that you want Amazon Cognito APIs to return during authentication, account
6897
7026
  * confirmation, and password recovery when the user doesn't exist in the user pool. When
6898
7027
  * set to <code>ENABLED</code> and the user doesn't exist, authentication returns an error
6899
7028
  * indicating either the username or password was incorrect. Account confirmation and
6900
7029
  * password recovery return a response indicating a code was sent to a simulated
6901
7030
  * destination. When set to <code>LEGACY</code>, those APIs return a
6902
- * <code>UserNotFoundException</code> exception if the user doesn't exist in the user
7031
+ * <code>UserNotFoundException</code> exception if the user doesn't exist in the user
6903
7032
  * pool.</p>
6904
- * <p>Valid values include:</p>
6905
- * <ul>
6906
- * <li>
6907
- * <p>
6908
- * <code>ENABLED</code> - This prevents user existence-related errors.</p>
6909
- * </li>
6910
- * <li>
6911
- * <p>
6912
- * <code>LEGACY</code> - This represents the early behavior of Amazon Cognito where user
6913
- * existence related errors aren't prevented.</p>
6914
- * </li>
6915
- * </ul>
6916
- * <p>Defaults to <code>LEGACY</code> when you don't provide a value.</p>
7033
+ * <p>Defaults to <code>LEGACY</code>.</p>
6917
7034
  * @public
6918
7035
  */
6919
7036
  PreventUserExistenceErrors?: PreventUserExistenceErrorTypes | undefined;
6920
7037
  /**
6921
- * <p>Activates or deactivates token revocation. For more information about revoking tokens,
6922
- * see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html">RevokeToken</a>.</p>
7038
+ * <p>Activates or deactivates <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html">token
7039
+ * revocation</a> in the target app client.</p>
6923
7040
  * <p>If you don't include this parameter, token revocation is automatically activated for
6924
7041
  * the new user pool client.</p>
6925
7042
  * @public
6926
7043
  */
6927
7044
  EnableTokenRevocation?: boolean | undefined;
6928
7045
  /**
6929
- * <p>Activates the propagation of additional user context data. For more information about
6930
- * propagation of user context data, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html"> Adding advanced security to a user pool</a>. If you don’t include this
6931
- * parameter, you can't send device fingerprint information, including source IP address,
6932
- * to Amazon Cognito advanced security. You can only activate
6933
- * <code>EnablePropagateAdditionalUserContextData</code> in an app client that has a
6934
- * client secret.</p>
7046
+ * <p>When <code>true</code>, your application can include additional
7047
+ * <code>UserContextData</code> in authentication requests. This data includes the IP
7048
+ * address, and contributes to analysis by threat protection features. For more information
7049
+ * about propagation of user context data, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint">Adding session data to API requests</a>. If you don’t include this parameter,
7050
+ * you can't send the source IP address to Amazon Cognito threat protection features. You can only
7051
+ * activate <code>EnablePropagateAdditionalUserContextData</code> in an app client that has
7052
+ * a client secret.</p>
6935
7053
  * @public
6936
7054
  */
6937
7055
  EnablePropagateAdditionalUserContextData?: boolean | undefined;
@@ -6944,8 +7062,6 @@ export interface CreateUserPoolClientRequest {
6944
7062
  }
6945
7063
  /**
6946
7064
  * <p>The configuration of a user pool client.</p>
6947
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html">CreateUserPoolClient</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html">UpdateUserPoolClient</a>, and a response parameter of
6948
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html">DescribeUserPoolClient</a>.</p>
6949
7065
  * @public
6950
7066
  */
6951
7067
  export interface UserPoolClientType {
@@ -7039,15 +7155,12 @@ export interface UserPoolClientType {
7039
7155
  /**
7040
7156
  * <p>The list of user attributes that you want your app client to have read access to.
7041
7157
  * After your user authenticates in your app, their access token authorizes them to read
7042
- * their own attribute value for any attribute in this list. An example of this kind of
7043
- * activity is when your user selects a link to view their profile information. Your app
7044
- * makes a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html">GetUser</a> API request to retrieve and display your user's profile
7045
- * data.</p>
7158
+ * their own attribute value for any attribute in this list.</p>
7046
7159
  * <p>When you don't specify the <code>ReadAttributes</code> for your app client, your
7047
7160
  * app can read the values of <code>email_verified</code>,
7048
- * <code>phone_number_verified</code>, and the Standard attributes of your user pool.
7161
+ * <code>phone_number_verified</code>, and the standard attributes of your user pool.
7049
7162
  * When your user pool app client has read access to these default attributes,
7050
- * <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
7163
+ * <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
7051
7164
  * populates <code>ReadAttributes</code> in the API response if you have specified your own
7052
7165
  * custom set of read attributes.</p>
7053
7166
  * @public
@@ -7056,10 +7169,7 @@ export interface UserPoolClientType {
7056
7169
  /**
7057
7170
  * <p>The list of user attributes that you want your app client to have write access to.
7058
7171
  * After your user authenticates in your app, their access token authorizes them to set or
7059
- * modify their own attribute value for any attribute in this list. An example of this kind
7060
- * of activity is when you present your user with a form to update their profile
7061
- * information and they change their last name. Your app then makes an <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html">UpdateUserAttributes</a> API request and sets <code>family_name</code> to the
7062
- * new value. </p>
7172
+ * modify their own attribute value for any attribute in this list.</p>
7063
7173
  * <p>When you don't specify the <code>WriteAttributes</code> for your app client, your
7064
7174
  * app can write the values of the Standard attributes of your user pool. When your user
7065
7175
  * pool has write access to these default attributes, <code>WriteAttributes</code>
@@ -7076,13 +7186,16 @@ export interface UserPoolClientType {
7076
7186
  */
7077
7187
  WriteAttributes?: string[] | undefined;
7078
7188
  /**
7079
- * <p>The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in
7080
- * your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and
7081
- * password, or a custom authentication process that you define with Lambda functions.</p>
7189
+ * <p>The <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html">authentication flows</a> that you want your user pool client to support. For each app
7190
+ * client in your user pool, you can sign in your users with any combination of one or more flows, including with
7191
+ * a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that
7192
+ * you define with Lambda functions.</p>
7082
7193
  * <note>
7083
- * <p>If you don't specify a value for <code>ExplicitAuthFlows</code>, your user client supports <code>ALLOW_REFRESH_TOKEN_AUTH</code>, <code>ALLOW_USER_SRP_AUTH</code>, and <code>ALLOW_CUSTOM_AUTH</code>.</p>
7194
+ * <p>If you don't specify a value for <code>ExplicitAuthFlows</code>, your app client supports
7195
+ * <code>ALLOW_REFRESH_TOKEN_AUTH</code>, <code>ALLOW_USER_SRP_AUTH</code>, and <code>ALLOW_CUSTOM_AUTH</code>.
7196
+ * </p>
7084
7197
  * </note>
7085
- * <p>Valid values include:</p>
7198
+ * <p>The values for authentication flow options include the following.</p>
7086
7199
  * <ul>
7087
7200
  * <li>
7088
7201
  * <p>
@@ -7095,6 +7208,8 @@ export interface UserPoolClientType {
7095
7208
  * without the flow <code>USER_SRP_AUTH</code> being active for the app
7096
7209
  * client. This flow doesn't include <code>CUSTOM_AUTH</code>.
7097
7210
  * </p>
7211
+ * <p>To activate this setting, your user pool must be in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html">
7212
+ * Essentials tier</a> or higher.</p>
7098
7213
  * </li>
7099
7214
  * <li>
7100
7215
  * <p>
@@ -7134,14 +7249,15 @@ export interface UserPoolClientType {
7134
7249
  /**
7135
7250
  * <p>A list of provider names for the identity providers (IdPs) that are supported on this
7136
7251
  * client. The following are supported: <code>COGNITO</code>, <code>Facebook</code>,
7137
- * <code>Google</code>, <code>SignInWithApple</code>, and <code>LoginWithAmazon</code>.
7252
+ * <code>Google</code>, <code>SignInWithApple</code>, and <code>LoginWithAmazon</code>.
7138
7253
  * You can also specify the names that you configured for the SAML and OIDC IdPs in your
7139
7254
  * user pool, for example <code>MySAMLIdP</code> or <code>MyOIDCIdP</code>.</p>
7140
- * <p>This setting applies to providers that you can access with <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html">managed
7141
- * login</a>. The removal of <code>COGNITO</code>
7142
- * from this list doesn't prevent authentication operations for local users with the
7143
- * user pools API in an Amazon Web Services SDK. The only way to prevent API-based authentication is to
7144
- * block access with a <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html">WAF rule</a>.</p>
7255
+ * <p>This parameter sets the IdPs that <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html">managed
7256
+ * login</a> will display on the login page for your app client. The removal of
7257
+ * <code>COGNITO</code> from this list doesn't prevent authentication operations
7258
+ * for local users with the user pools API in an Amazon Web Services SDK. The only way to prevent
7259
+ * SDK-based authentication is to block access with a <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html">WAF rule</a>.
7260
+ * </p>
7145
7261
  * @public
7146
7262
  */
7147
7263
  SupportedIdentityProviders?: string[] | undefined;
@@ -7230,9 +7346,8 @@ export interface UserPoolClientType {
7230
7346
  */
7231
7347
  AllowedOAuthScopes?: string[] | undefined;
7232
7348
  /**
7233
- * <p>Set to <code>true</code> to use OAuth 2.0 features in your user pool app client.</p>
7234
- * <p>
7235
- * <code>AllowedOAuthFlowsUserPoolClient</code> must be <code>true</code> before you can configure
7349
+ * <p>Set to <code>true</code> to use OAuth 2.0 authorization server features in your app client.</p>
7350
+ * <p>This parameter must have a value of <code>true</code> before you can configure
7236
7351
  * the following features in your app client.</p>
7237
7352
  * <ul>
7238
7353
  * <li>
@@ -7252,11 +7367,11 @@ export interface UserPoolClientType {
7252
7367
  * <code>AllowedOAuthFlows</code>: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.</p>
7253
7368
  * </li>
7254
7369
  * </ul>
7255
- * <p>To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
7370
+ * <p>To use authorization server features, configure one of these features in the Amazon Cognito console or set
7256
7371
  * <code>AllowedOAuthFlowsUserPoolClient</code> to <code>true</code> in a <code>CreateUserPoolClient</code> or
7257
7372
  * <code>UpdateUserPoolClient</code> API request. If you don't set a value for
7258
7373
  * <code>AllowedOAuthFlowsUserPoolClient</code> in a request with the CLI or SDKs, it defaults
7259
- * to <code>false</code>.</p>
7374
+ * to <code>false</code>. When <code>false</code>, only SDK-based API sign-in is permitted.</p>
7260
7375
  * @public
7261
7376
  */
7262
7377
  AllowedOAuthFlowsUserPoolClient?: boolean | undefined;
@@ -7273,34 +7388,23 @@ export interface UserPoolClientType {
7273
7388
  */
7274
7389
  AnalyticsConfiguration?: AnalyticsConfigurationType | undefined;
7275
7390
  /**
7276
- * <p>Errors and responses that you want Amazon Cognito APIs to return during authentication, account
7391
+ * <p>When <code>ENABLED</code>, suppresses messages that might indicate a valid user exists
7392
+ * when someone attempts sign-in. This parameters sets your preference for the errors and
7393
+ * responses that you want Amazon Cognito APIs to return during authentication, account
7277
7394
  * confirmation, and password recovery when the user doesn't exist in the user pool. When
7278
7395
  * set to <code>ENABLED</code> and the user doesn't exist, authentication returns an error
7279
7396
  * indicating either the username or password was incorrect. Account confirmation and
7280
7397
  * password recovery return a response indicating a code was sent to a simulated
7281
7398
  * destination. When set to <code>LEGACY</code>, those APIs return a
7282
- * <code>UserNotFoundException</code> exception if the user doesn't exist in the user
7399
+ * <code>UserNotFoundException</code> exception if the user doesn't exist in the user
7283
7400
  * pool.</p>
7284
- * <p>Valid values include:</p>
7285
- * <ul>
7286
- * <li>
7287
- * <p>
7288
- * <code>ENABLED</code> - This prevents user existence-related errors.</p>
7289
- * </li>
7290
- * <li>
7291
- * <p>
7292
- * <code>LEGACY</code> - This represents the early behavior of Amazon Cognito where user
7293
- * existence related errors aren't prevented.</p>
7294
- * </li>
7295
- * </ul>
7296
- * <p>Defaults to <code>LEGACY</code> when you don't provide a value.</p>
7401
+ * <p>Defaults to <code>LEGACY</code>.</p>
7297
7402
  * @public
7298
7403
  */
7299
7404
  PreventUserExistenceErrors?: PreventUserExistenceErrorTypes | undefined;
7300
7405
  /**
7301
7406
  * <p>Indicates whether token revocation is activated for the user pool client. When you
7302
- * create a new user pool client, token revocation is activated by default. For more
7303
- * information about revoking tokens, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html">RevokeToken</a>.</p>
7407
+ * create a new user pool client, token revocation is activated by default.</p>
7304
7408
  * @public
7305
7409
  */
7306
7410
  EnableTokenRevocation?: boolean | undefined;
@@ -7308,11 +7412,11 @@ export interface UserPoolClientType {
7308
7412
  * <p>When <code>EnablePropagateAdditionalUserContextData</code> is true, Amazon Cognito accepts an
7309
7413
  * <code>IpAddress</code> value that you send in the <code>UserContextData</code>
7310
7414
  * parameter. The <code>UserContextData</code> parameter sends information to Amazon Cognito
7311
- * advanced security for risk analysis. You can send <code>UserContextData</code> when you
7415
+ * threat protection for risk analysis. You can send <code>UserContextData</code> when you
7312
7416
  * sign in Amazon Cognito native users with the <code>InitiateAuth</code> and
7313
7417
  * <code>RespondToAuthChallenge</code> API operations.</p>
7314
7418
  * <p>When <code>EnablePropagateAdditionalUserContextData</code> is false, you can't send
7315
- * your user's source IP address to Amazon Cognito advanced security with unauthenticated API
7419
+ * your user's source IP address to Amazon Cognito threat protection with unauthenticated API
7316
7420
  * operations. <code>EnablePropagateAdditionalUserContextData</code> doesn't affect whether
7317
7421
  * you can send a source IP address in a <code>ContextData</code> parameter with the
7318
7422
  * authenticated API operations <code>AdminInitiateAuth</code> and
@@ -7367,7 +7471,6 @@ export declare class ScopeDoesNotExistException extends __BaseException {
7367
7471
  }
7368
7472
  /**
7369
7473
  * <p>The configuration for a hosted UI custom domain.</p>
7370
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolDomain.html">CreateUserPoolDomain</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolDomain.html">UpdateUserPoolDomain</a>.</p>
7371
7474
  * @public
7372
7475
  */
7373
7476
  export interface CustomDomainConfigType {
@@ -7386,7 +7489,7 @@ export interface CreateUserPoolDomainRequest {
7386
7489
  * <p>The domain string. For custom domains, this is the fully-qualified domain name, such
7387
7490
  * as <code>auth.example.com</code>. For prefix domains, this is the prefix alone, such as
7388
7491
  * <code>myprefix</code>. A prefix value of <code>myprefix</code> for a user pool in
7389
- * the us-east-1 Region results in a domain of
7492
+ * the <code>us-east-1</code> Region results in a domain of
7390
7493
  * <code>myprefix.auth.us-east-1.amazoncognito.com</code>.</p>
7391
7494
  * @public
7392
7495
  */
@@ -7407,9 +7510,12 @@ export interface CreateUserPoolDomainRequest {
7407
7510
  /**
7408
7511
  * <p>The configuration for a custom domain. Configures your domain with an Certificate Manager
7409
7512
  * certificate in the <code>us-east-1</code> Region.</p>
7410
- * <p>Provide this parameter only if you want to use a custom domain for your user pool.
7411
- * Otherwise, you can exclude this parameter and use a prefix domain instead.</p>
7412
- * <p>For more information about the hosted domain and custom domains, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html">Configuring a User Pool Domain</a>.</p>
7513
+ * <p>Provide this parameter only if you want to use a <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html">custom domain</a> for your user pool. Otherwise, you can
7514
+ * omit this parameter and use a <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain-prefix.html">prefix domain</a> instead.</p>
7515
+ * <p>When you create a custom domain, the passkey RP ID defaults to the custom domain. If
7516
+ * you had a prefix domain active, this will cause passkey integration for your prefix
7517
+ * domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey
7518
+ * integration working, you can explicitly set RP ID to the prefix domain.</p>
7413
7519
  * @public
7414
7520
  */
7415
7521
  CustomDomainConfig?: CustomDomainConfigType | undefined;
@@ -7426,10 +7532,11 @@ export interface CreateUserPoolDomainResponse {
7426
7532
  */
7427
7533
  ManagedLoginVersion?: number | undefined;
7428
7534
  /**
7429
- * <p>The Amazon CloudFront endpoint that you use as the target of the alias that you set up with
7430
- * your Domain Name Service (DNS) provider. Amazon Cognito returns this value if you set a custom
7431
- * domain with <code>CustomDomainConfig</code>. If you set an Amazon Cognito prefix domain, this
7432
- * operation returns a blank response.</p>
7535
+ * <p>The fully-qualified domain name (FQDN) of the Amazon CloudFront distribution that hosts your
7536
+ * managed login or classic hosted UI pages. Your domain-name authority must have an alias
7537
+ * record that points requests for your custom domain to this FQDN. Amazon Cognito returns this
7538
+ * value if you set a custom domain with <code>CustomDomainConfig</code>. If you set an
7539
+ * Amazon Cognito prefix domain, this parameter returns null.</p>
7433
7540
  * @public
7434
7541
  */
7435
7542
  CloudFrontDomain?: string | undefined;
@@ -7513,8 +7620,8 @@ export interface DeleteResourceServerRequest {
7513
7620
  */
7514
7621
  export interface DeleteUserRequest {
7515
7622
  /**
7516
- * <p>A valid access token that Amazon Cognito issued to the user whose user profile you want to
7517
- * delete.</p>
7623
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
7624
+ * <code>aws.cognito.signin.user.admin</code>.</p>
7518
7625
  * @public
7519
7626
  */
7520
7627
  AccessToken: string | undefined;
@@ -7532,8 +7639,8 @@ export interface DeleteUserAttributesRequest {
7532
7639
  */
7533
7640
  UserAttributeNames: string[] | undefined;
7534
7641
  /**
7535
- * <p>A valid access token that Amazon Cognito issued to the user whose attributes you want to
7536
- * delete.</p>
7642
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
7643
+ * <code>aws.cognito.signin.user.admin</code>.</p>
7537
7644
  * @public
7538
7645
  */
7539
7646
  AccessToken: string | undefined;
@@ -7577,8 +7684,8 @@ export interface DeleteUserPoolClientRequest {
7577
7684
  export interface DeleteUserPoolDomainRequest {
7578
7685
  /**
7579
7686
  * <p>The domain that you want to delete. For custom domains, this is the fully-qualified
7580
- * domain name, such as <code>auth.example.com</code>. For Amazon Cognito prefix domains, this is
7581
- * the prefix alone, such as <code>auth</code>.</p>
7687
+ * domain name like <code>auth.example.com</code>. For Amazon Cognito prefix domains, this is the
7688
+ * prefix alone, like <code>myprefix</code>.</p>
7582
7689
  * @public
7583
7690
  */
7584
7691
  Domain: string | undefined;
@@ -7598,14 +7705,13 @@ export interface DeleteUserPoolDomainResponse {
7598
7705
  */
7599
7706
  export interface DeleteWebAuthnCredentialRequest {
7600
7707
  /**
7601
- * <p>A valid access token that Amazon Cognito issued to the user whose passkey credential you want
7602
- * to delete.</p>
7708
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
7709
+ * <code>aws.cognito.signin.user.admin</code>.</p>
7603
7710
  * @public
7604
7711
  */
7605
7712
  AccessToken: string | undefined;
7606
7713
  /**
7607
- * <p>The unique identifier of the passkey that you want to delete. Look up registered
7608
- * devices with <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListWebAuthnCredentials.html">ListWebAuthnCredentials</a>.</p>
7714
+ * <p>The unique identifier of the passkey that you want to delete.</p>
7609
7715
  * @public
7610
7716
  */
7611
7717
  CredentialId: string | undefined;
@@ -7775,8 +7881,7 @@ export declare const CompromisedCredentialsEventActionType: {
7775
7881
  export type CompromisedCredentialsEventActionType = (typeof CompromisedCredentialsEventActionType)[keyof typeof CompromisedCredentialsEventActionType];
7776
7882
  /**
7777
7883
  * <p>Settings for user pool actions when Amazon Cognito detects compromised credentials with
7778
- * advanced security features in full-function <code>ENFORCED</code> mode.</p>
7779
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html">SetRiskConfiguration</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html">DescribeRiskConfiguration</a>.</p>
7884
+ * threat protection in full-function <code>ENFORCED</code> mode.</p>
7780
7885
  * @public
7781
7886
  */
7782
7887
  export interface CompromisedCredentialsActionsType {
@@ -7801,8 +7906,7 @@ export declare const EventFilterType: {
7801
7906
  export type EventFilterType = (typeof EventFilterType)[keyof typeof EventFilterType];
7802
7907
  /**
7803
7908
  * <p>Settings for compromised-credentials actions and authentication-event sources with
7804
- * advanced security features in full-function <code>ENFORCED</code> mode.</p>
7805
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html">SetRiskConfiguration</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html">DescribeRiskConfiguration</a>.</p>
7909
+ * threat protection in full-function <code>ENFORCED</code> mode.</p>
7806
7910
  * @public
7807
7911
  */
7808
7912
  export interface CompromisedCredentialsRiskConfigurationType {
@@ -7822,7 +7926,6 @@ export interface CompromisedCredentialsRiskConfigurationType {
7822
7926
  /**
7823
7927
  * <p>Exceptions to the risk evaluation configuration, including always-allow and
7824
7928
  * always-block IP address ranges. </p>
7825
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html">SetRiskConfiguration</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html">DescribeRiskConfiguration</a>.</p>
7826
7929
  * @public
7827
7930
  */
7828
7931
  export interface RiskExceptionConfigurationType {
@@ -7840,9 +7943,7 @@ export interface RiskExceptionConfigurationType {
7840
7943
  SkippedIPRangeList?: string[] | undefined;
7841
7944
  }
7842
7945
  /**
7843
- * <p>The settings of risk configuration for threat protection with advanced security
7844
- * features in a user pool.</p>
7845
- * <p>This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html">DescribeRiskConfiguration</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html">SetRiskConfiguration</a>.</p>
7946
+ * <p>The settings of risk configuration for threat protection with threat protection in a user pool.</p>
7846
7947
  * @public
7847
7948
  */
7848
7949
  export interface RiskConfigurationType {
@@ -7859,14 +7960,13 @@ export interface RiskConfigurationType {
7859
7960
  */
7860
7961
  ClientId?: string | undefined;
7861
7962
  /**
7862
- * <p>Settings for compromised-credentials actions and authentication types with advanced
7863
- * security features in full-function <code>ENFORCED</code> mode.</p>
7963
+ * <p>Settings for compromised-credentials actions and authentication types with threat protection in full-function <code>ENFORCED</code> mode.</p>
7864
7964
  * @public
7865
7965
  */
7866
7966
  CompromisedCredentialsRiskConfiguration?: CompromisedCredentialsRiskConfigurationType | undefined;
7867
7967
  /**
7868
7968
  * <p>The settings for automated responses and notification templates for adaptive
7869
- * authentication with advanced security features.</p>
7969
+ * authentication with threat protection.</p>
7870
7970
  * @public
7871
7971
  */
7872
7972
  AccountTakeoverRiskConfiguration?: AccountTakeoverRiskConfigurationType | undefined;
@@ -7916,7 +8016,8 @@ export interface DescribeUserImportJobRequest {
7916
8016
  */
7917
8017
  export interface DescribeUserImportJobResponse {
7918
8018
  /**
7919
- * <p>The details of the user import job.</p>
8019
+ * <p>The details of the user import job. Includes logging destination, status, and the Amazon S3
8020
+ * pre-signed URL for CSV upload.</p>
7920
8021
  * @public
7921
8022
  */
7922
8023
  UserImportJob?: UserImportJobType | undefined;
@@ -8001,7 +8102,6 @@ export type DomainStatusType = (typeof DomainStatusType)[keyof typeof DomainStat
8001
8102
  /**
8002
8103
  * <p>A container for information about the user pool domain associated with the hosted UI
8003
8104
  * and OAuth endpoints.</p>
8004
- * <p>This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolDomain.html">DescribeUserPoolDomain</a>.</p>
8005
8105
  * @public
8006
8106
  */
8007
8107
  export interface DomainDescriptionType {
@@ -8073,13 +8173,14 @@ export interface DescribeUserPoolDomainResponse {
8073
8173
  */
8074
8174
  export interface ForgetDeviceRequest {
8075
8175
  /**
8076
- * <p>A valid access token that Amazon Cognito issued to the user whose registered device you want to
8077
- * forget.</p>
8176
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
8177
+ * <code>aws.cognito.signin.user.admin</code>.</p>
8078
8178
  * @public
8079
8179
  */
8080
8180
  AccessToken?: string | undefined;
8081
8181
  /**
8082
- * <p>The device key.</p>
8182
+ * <p>The unique identifier, or device key, of the device that the user wants to
8183
+ * forget.</p>
8083
8184
  * @public
8084
8185
  */
8085
8186
  DeviceKey: string | undefined;
@@ -8090,7 +8191,7 @@ export interface ForgetDeviceRequest {
8090
8191
  */
8091
8192
  export interface ForgotPasswordRequest {
8092
8193
  /**
8093
- * <p>The ID of the client associated with the user pool.</p>
8194
+ * <p>The ID of the user pool app client associated with the current signed-in user.</p>
8094
8195
  * @public
8095
8196
  */
8096
8197
  ClientId: string | undefined;
@@ -8102,8 +8203,8 @@ export interface ForgotPasswordRequest {
8102
8203
  */
8103
8204
  SecretHash?: string | undefined;
8104
8205
  /**
8105
- * <p>Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced
8106
- * security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
8206
+ * <p>Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat
8207
+ * protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito
8107
8208
  * when it makes API requests.</p>
8108
8209
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html">Collecting data for threat protection in
8109
8210
  * applications</a>.</p>
@@ -8111,7 +8212,7 @@ export interface ForgotPasswordRequest {
8111
8212
  */
8112
8213
  UserContextData?: UserContextDataType | undefined;
8113
8214
  /**
8114
- * <p>The username of the user that you want to query or modify. The value of this parameter
8215
+ * <p>The name of the user that you want to query or modify. The value of this parameter
8115
8216
  * is typically your user's username, but it can be any of their alias attributes. If
8116
8217
  * <code>username</code> isn't an alias attribute in your user pool, this value
8117
8218
  * must be the <code>sub</code> of a local user or the username of a user from a
@@ -8120,8 +8221,9 @@ export interface ForgotPasswordRequest {
8120
8221
  */
8121
8222
  Username: string | undefined;
8122
8223
  /**
8123
- * <p>The Amazon Pinpoint analytics metadata that contributes to your metrics for
8124
- * <code>ForgotPassword</code> calls.</p>
8224
+ * <p>Information that supports analytics outcomes with Amazon Pinpoint, including the
8225
+ * user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier,
8226
+ * email address, or phone number.</p>
8125
8227
  * @public
8126
8228
  */
8127
8229
  AnalyticsMetadata?: AnalyticsMetadataType | undefined;
@@ -8139,7 +8241,7 @@ export interface ForgotPasswordRequest {
8139
8241
  * process the <code>clientMetadata</code> value to enhance your workflow for your specific
8140
8242
  * needs.</p>
8141
8243
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
8142
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
8244
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
8143
8245
  * <note>
8144
8246
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
8145
8247
  * following:</p>
@@ -8166,8 +8268,6 @@ export interface ForgotPasswordRequest {
8166
8268
  /**
8167
8269
  * <p>The delivery details for an email or SMS message that Amazon Cognito sent for authentication or
8168
8270
  * verification.</p>
8169
- * <p>This data type is a response parameter of operations that send a code for user profile
8170
- * confirmation, verification, or management, for example <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html">ForgotPassword</a> and <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html">SignUp</a>.</p>
8171
8271
  * @public
8172
8272
  */
8173
8273
  export interface CodeDeliveryDetailsType {
@@ -8193,8 +8293,8 @@ export interface CodeDeliveryDetailsType {
8193
8293
  */
8194
8294
  export interface ForgotPasswordResponse {
8195
8295
  /**
8196
- * <p>The code delivery details returned by the server in response to the request to reset a
8197
- * password.</p>
8296
+ * <p>Information about the phone number or email address that Amazon Cognito sent the
8297
+ * password-recovery code to.</p>
8198
8298
  * @public
8199
8299
  */
8200
8300
  CodeDeliveryDetails?: CodeDeliveryDetailsType | undefined;
@@ -8206,7 +8306,7 @@ export interface ForgotPasswordResponse {
8206
8306
  */
8207
8307
  export interface GetCSVHeaderRequest {
8208
8308
  /**
8209
- * <p>The ID of the user pool that the users are to be imported into.</p>
8309
+ * <p>The ID of the user pool that you want to import users into.</p>
8210
8310
  * @public
8211
8311
  */
8212
8312
  UserPoolId: string | undefined;
@@ -8218,12 +8318,14 @@ export interface GetCSVHeaderRequest {
8218
8318
  */
8219
8319
  export interface GetCSVHeaderResponse {
8220
8320
  /**
8221
- * <p>The ID of the user pool that the users are to be imported into.</p>
8321
+ * <p>The ID of the requested user pool.</p>
8222
8322
  * @public
8223
8323
  */
8224
8324
  UserPoolId?: string | undefined;
8225
8325
  /**
8226
- * <p>The header information of the CSV file for the user import job.</p>
8326
+ * <p>A comma-separated list of attributes from your user pool. Save this output to a
8327
+ * <code>.csv</code> file and populate it with the attributes of the users that you
8328
+ * want to import.</p>
8227
8329
  * @public
8228
8330
  */
8229
8331
  CSVHeader?: string[] | undefined;
@@ -8234,13 +8336,13 @@ export interface GetCSVHeaderResponse {
8234
8336
  */
8235
8337
  export interface GetDeviceRequest {
8236
8338
  /**
8237
- * <p>The device key.</p>
8339
+ * <p>The key of the device that you want to get information about.</p>
8238
8340
  * @public
8239
8341
  */
8240
8342
  DeviceKey: string | undefined;
8241
8343
  /**
8242
- * <p>A valid access token that Amazon Cognito issued to the user whose device information you want
8243
- * to request.</p>
8344
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
8345
+ * <code>aws.cognito.signin.user.admin</code>.</p>
8244
8346
  * @public
8245
8347
  */
8246
8348
  AccessToken?: string | undefined;
@@ -8251,7 +8353,8 @@ export interface GetDeviceRequest {
8251
8353
  */
8252
8354
  export interface GetDeviceResponse {
8253
8355
  /**
8254
- * <p>The device.</p>
8356
+ * <p>Details of the requested device. Includes device information, last-accessed and
8357
+ * created dates, and the device key.</p>
8255
8358
  * @public
8256
8359
  */
8257
8360
  Device: DeviceType | undefined;
@@ -8261,12 +8364,12 @@ export interface GetDeviceResponse {
8261
8364
  */
8262
8365
  export interface GetGroupRequest {
8263
8366
  /**
8264
- * <p>The name of the group.</p>
8367
+ * <p>The name of the group that you want to get information about.</p>
8265
8368
  * @public
8266
8369
  */
8267
8370
  GroupName: string | undefined;
8268
8371
  /**
8269
- * <p>The ID of the user pool.</p>
8372
+ * <p>The ID of the user pool that contains the group that you want to query.</p>
8270
8373
  * @public
8271
8374
  */
8272
8375
  UserPoolId: string | undefined;
@@ -8276,7 +8379,8 @@ export interface GetGroupRequest {
8276
8379
  */
8277
8380
  export interface GetGroupResponse {
8278
8381
  /**
8279
- * <p>The group object for the group.</p>
8382
+ * <p>A container for the requested group. Includes description, precedence, and IAM role
8383
+ * values.</p>
8280
8384
  * @public
8281
8385
  */
8282
8386
  Group?: GroupType | undefined;
@@ -8286,12 +8390,15 @@ export interface GetGroupResponse {
8286
8390
  */
8287
8391
  export interface GetIdentityProviderByIdentifierRequest {
8288
8392
  /**
8289
- * <p>The user pool ID.</p>
8393
+ * <p>The ID of the user pool where you want to get information about the IdP.</p>
8290
8394
  * @public
8291
8395
  */
8292
8396
  UserPoolId: string | undefined;
8293
8397
  /**
8294
- * <p>The IdP identifier.</p>
8398
+ * <p>The identifier that you assigned to your user pool. The identifier is an alternative
8399
+ * name for an IdP that is distinct from the IdP name. For example, an IdP with a name of
8400
+ * <code>MyIdP</code> might have an identifier of the email domain
8401
+ * <code>example.com</code>.</p>
8295
8402
  * @public
8296
8403
  */
8297
8404
  IdpIdentifier: string | undefined;
@@ -8301,7 +8408,8 @@ export interface GetIdentityProviderByIdentifierRequest {
8301
8408
  */
8302
8409
  export interface GetIdentityProviderByIdentifierResponse {
8303
8410
  /**
8304
- * <p>The identity provider details.</p>
8411
+ * <p>The configuration of the IdP in your user pool. Includes additional identifiers, the
8412
+ * IdP name and type, and trust-relationship details like the issuer URL.</p>
8305
8413
  * @public
8306
8414
  */
8307
8415
  IdentityProvider: IdentityProviderType | undefined;
@@ -8319,9 +8427,7 @@ export interface GetLogDeliveryConfigurationRequest {
8319
8427
  }
8320
8428
  /**
8321
8429
  * <p>Configuration for the CloudWatch log group destination of user pool detailed activity
8322
- * logging, or of user activity log export with advanced security features.</p>
8323
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html">SetLogDeliveryConfiguration</a> and a response parameter of
8324
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html">GetLogDeliveryConfiguration</a>.</p>
8430
+ * logging, or of user activity log export with threat protection.</p>
8325
8431
  * @public
8326
8432
  */
8327
8433
  export interface CloudWatchLogsConfigurationType {
@@ -8351,13 +8457,12 @@ export declare const EventSourceName: {
8351
8457
  export type EventSourceName = (typeof EventSourceName)[keyof typeof EventSourceName];
8352
8458
  /**
8353
8459
  * <p>Configuration for the Amazon Data Firehose stream destination of user activity log export with
8354
- * advanced security features.</p>
8460
+ * threat protection.</p>
8355
8461
  * @public
8356
8462
  */
8357
8463
  export interface FirehoseConfigurationType {
8358
8464
  /**
8359
- * <p>The ARN of an Amazon Data Firehose stream that's the destination for advanced security
8360
- * features log export.</p>
8465
+ * <p>The ARN of an Amazon Data Firehose stream that's the destination for threat protection log export.</p>
8361
8466
  * @public
8362
8467
  */
8363
8468
  StreamArn?: string | undefined;
@@ -8376,12 +8481,12 @@ export declare const LogLevel: {
8376
8481
  export type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];
8377
8482
  /**
8378
8483
  * <p>Configuration for the Amazon S3 bucket destination of user activity log export with
8379
- * advanced security features.</p>
8484
+ * threat protection.</p>
8380
8485
  * @public
8381
8486
  */
8382
8487
  export interface S3ConfigurationType {
8383
8488
  /**
8384
- * <p>The ARN of an Amazon S3 bucket that's the destination for advanced security features
8489
+ * <p>The ARN of an Amazon S3 bucket that's the destination for threat protection
8385
8490
  * log export.</p>
8386
8491
  * @public
8387
8492
  */
@@ -8390,52 +8495,50 @@ export interface S3ConfigurationType {
8390
8495
  /**
8391
8496
  * <p>The configuration of user event logs to an external Amazon Web Services service like
8392
8497
  * Amazon Data Firehose, Amazon S3, or Amazon CloudWatch Logs.</p>
8393
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html">SetLogDeliveryConfiguration</a> and a response parameter of
8394
- * <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html">GetLogDeliveryConfiguration</a>.</p>
8395
8498
  * @public
8396
8499
  */
8397
8500
  export interface LogConfigurationType {
8398
8501
  /**
8399
8502
  * <p>The <code>errorlevel</code> selection of logs that a user pool sends for detailed
8400
- * activity logging. To send <code>userNotification</code> activity with <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/tracking-quotas-and-usage-in-cloud-watch-logs.html">information about message delivery</a>, choose <code>ERROR</code> with
8503
+ * activity logging. To send <code>userNotification</code> activity with <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/exporting-quotas-and-usage.html">information
8504
+ * about message delivery</a>, choose <code>ERROR</code> with
8401
8505
  * <code>CloudWatchLogsConfiguration</code>. To send <code>userAuthEvents</code>
8402
- * activity with user logs from advanced security features, choose <code>INFO</code> with
8403
- * one of <code>CloudWatchLogsConfiguration</code>, <code>FirehoseConfiguration</code>, or
8404
- * <code>S3Configuration</code>.</p>
8506
+ * activity with user logs from threat protection with the Plus feature plan, choose
8507
+ * <code>INFO</code> with one of <code>CloudWatchLogsConfiguration</code>,
8508
+ * <code>FirehoseConfiguration</code>, or <code>S3Configuration</code>.</p>
8405
8509
  * @public
8406
8510
  */
8407
8511
  LogLevel: LogLevel | undefined;
8408
8512
  /**
8409
8513
  * <p>The source of events that your user pool sends for logging. To send error-level logs
8410
8514
  * about user notification activity, set to <code>userNotification</code>. To send
8411
- * info-level logs about advanced security features user activity, set to
8412
- * <code>userAuthEvents</code>.</p>
8515
+ * info-level logs about threat-protection user activity in user pools with the Plus
8516
+ * feature plan, set to <code>userAuthEvents</code>.</p>
8413
8517
  * @public
8414
8518
  */
8415
8519
  EventSource: EventSourceName | undefined;
8416
8520
  /**
8417
8521
  * <p>The CloudWatch log group destination of user pool detailed activity logs, or of user
8418
- * activity log export with advanced security features.</p>
8522
+ * activity log export with threat protection.</p>
8419
8523
  * @public
8420
8524
  */
8421
8525
  CloudWatchLogsConfiguration?: CloudWatchLogsConfigurationType | undefined;
8422
8526
  /**
8423
- * <p>The Amazon S3 bucket destination of user activity log export with advanced security
8424
- * features. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
8425
- * advanced security features</a> must be active in your user pool.</p>
8527
+ * <p>The Amazon S3 bucket destination of user activity log export with threat protection. To activate this setting, your user pool must be on the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html">
8528
+ * Plus tier</a>.</p>
8426
8529
  * @public
8427
8530
  */
8428
8531
  S3Configuration?: S3ConfigurationType | undefined;
8429
8532
  /**
8430
- * <p>The Amazon Data Firehose stream destination of user activity log export with advanced security
8431
- * features. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
8432
- * advanced security features</a> must be active in your user pool.</p>
8533
+ * <p>The Amazon Data Firehose stream destination of user activity log export with threat protection. To activate this setting, your user pool must be on the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html">
8534
+ * Plus tier</a>.</p>
8433
8535
  * @public
8434
8536
  */
8435
8537
  FirehoseConfiguration?: FirehoseConfigurationType | undefined;
8436
8538
  }
8437
8539
  /**
8438
- * <p>The logging parameters of a user pool, as returned in the response to a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html">GetLogDeliveryConfiguration</a> request.</p>
8540
+ * <p>The logging parameters of a user pool, as returned in the response to a
8541
+ * <code>GetLogDeliveryConfiguration</code> request.</p>
8439
8542
  * @public
8440
8543
  */
8441
8544
  export interface LogDeliveryConfigurationType {
@@ -8456,7 +8559,8 @@ export interface LogDeliveryConfigurationType {
8456
8559
  */
8457
8560
  export interface GetLogDeliveryConfigurationResponse {
8458
8561
  /**
8459
- * <p>The logging configuration of the requested user pool.</p>
8562
+ * <p>The logging configuration of the requested user pool. Includes types of logs
8563
+ * configured and their destinations.</p>
8460
8564
  * @public
8461
8565
  */
8462
8566
  LogDeliveryConfiguration?: LogDeliveryConfigurationType | undefined;
@@ -8467,7 +8571,7 @@ export interface GetLogDeliveryConfigurationResponse {
8467
8571
  */
8468
8572
  export interface GetSigningCertificateRequest {
8469
8573
  /**
8470
- * <p>The user pool ID.</p>
8574
+ * <p>The ID of the user pool where you want to view the signing certificate.</p>
8471
8575
  * @public
8472
8576
  */
8473
8577
  UserPoolId: string | undefined;
@@ -8478,7 +8582,8 @@ export interface GetSigningCertificateRequest {
8478
8582
  */
8479
8583
  export interface GetSigningCertificateResponse {
8480
8584
  /**
8481
- * <p>The signing certificate.</p>
8585
+ * <p>The x.509 certificate that signs SAML 2.0 authentication requests for your user
8586
+ * pool.</p>
8482
8587
  * @public
8483
8588
  */
8484
8589
  Certificate?: string | undefined;
@@ -8488,12 +8593,12 @@ export interface GetSigningCertificateResponse {
8488
8593
  */
8489
8594
  export interface GetUICustomizationRequest {
8490
8595
  /**
8491
- * <p>The ID of the user pool.</p>
8596
+ * <p>The ID of the user pool that you want to query for branding settings.</p>
8492
8597
  * @public
8493
8598
  */
8494
8599
  UserPoolId: string | undefined;
8495
8600
  /**
8496
- * <p>The client ID for the client app.</p>
8601
+ * <p>The ID of the app client that you want to query for branding settings.</p>
8497
8602
  * @public
8498
8603
  */
8499
8604
  ClientId?: string | undefined;
@@ -8501,7 +8606,6 @@ export interface GetUICustomizationRequest {
8501
8606
  /**
8502
8607
  * <p>A container for the UI customization information for the hosted UI in a user
8503
8608
  * pool.</p>
8504
- * <p>This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html">GetUICustomization</a>.</p>
8505
8609
  * @public
8506
8610
  */
8507
8611
  export interface UICustomizationType {
@@ -8523,8 +8627,7 @@ export interface UICustomizationType {
8523
8627
  */
8524
8628
  ImageUrl?: string | undefined;
8525
8629
  /**
8526
- * <p>The CSS values in the UI customization. To get a template with your UI customization
8527
- * options, make a <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUiCustomization.html">GetUiCustomization</a> request.</p>
8630
+ * <p>The CSS values in the UI customization.</p>
8528
8631
  * @public
8529
8632
  */
8530
8633
  CSS?: string | undefined;
@@ -8551,7 +8654,8 @@ export interface UICustomizationType {
8551
8654
  */
8552
8655
  export interface GetUICustomizationResponse {
8553
8656
  /**
8554
- * <p>The UI customization information.</p>
8657
+ * <p>Information about the classic hosted UI custom CSS and logo-image branding that you
8658
+ * applied to the user pool or app client.</p>
8555
8659
  * @public
8556
8660
  */
8557
8661
  UICustomization: UICustomizationType | undefined;
@@ -8562,7 +8666,8 @@ export interface GetUICustomizationResponse {
8562
8666
  */
8563
8667
  export interface GetUserRequest {
8564
8668
  /**
8565
- * <p>A non-expired access token for the user whose information you want to query.</p>
8669
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
8670
+ * <code>aws.cognito.signin.user.admin</code>.</p>
8566
8671
  * @public
8567
8672
  */
8568
8673
  AccessToken: string | undefined;
@@ -8574,14 +8679,13 @@ export interface GetUserRequest {
8574
8679
  */
8575
8680
  export interface GetUserResponse {
8576
8681
  /**
8577
- * <p>The username of the user that you requested.</p>
8682
+ * <p>The name of the user that you requested.</p>
8578
8683
  * @public
8579
8684
  */
8580
8685
  Username: string | undefined;
8581
8686
  /**
8582
8687
  * <p>An array of name-value pairs representing user attributes.</p>
8583
- * <p>For custom attributes, you must prepend the <code>custom:</code> prefix to the
8584
- * attribute name.</p>
8688
+ * <p>Custom attributes are prepended with the <code>custom:</code> prefix.</p>
8585
8689
  * @public
8586
8690
  */
8587
8691
  UserAttributes: AttributeType[] | undefined;
@@ -8596,7 +8700,8 @@ export interface GetUserResponse {
8596
8700
  */
8597
8701
  MFAOptions?: MFAOptionType[] | undefined;
8598
8702
  /**
8599
- * <p>The user's preferred MFA setting.</p>
8703
+ * <p>The user's preferred MFA. Users can prefer SMS message, email message, or TOTP
8704
+ * MFA.</p>
8600
8705
  * @public
8601
8706
  */
8602
8707
  PreferredMfaSetting?: string | undefined;
@@ -8614,14 +8719,14 @@ export interface GetUserResponse {
8614
8719
  */
8615
8720
  export interface GetUserAttributeVerificationCodeRequest {
8616
8721
  /**
8617
- * <p>A non-expired access token for the user whose attribute verification code you want to
8618
- * generate.</p>
8722
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
8723
+ * <code>aws.cognito.signin.user.admin</code>.</p>
8619
8724
  * @public
8620
8725
  */
8621
8726
  AccessToken: string | undefined;
8622
8727
  /**
8623
- * <p>The attribute name returned by the server response to get the user attribute
8624
- * verification code.</p>
8728
+ * <p>The name of the attribute that the user wants to verify, for example
8729
+ * <code>email</code>.</p>
8625
8730
  * @public
8626
8731
  */
8627
8732
  AttributeName: string | undefined;
@@ -8637,7 +8742,7 @@ export interface GetUserAttributeVerificationCodeRequest {
8637
8742
  * GetUserAttributeVerificationCode request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for
8638
8743
  * your specific needs.</p>
8639
8744
  * <p>For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html">
8640
- * Customizing user pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
8745
+ * Using Lambda triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p>
8641
8746
  * <note>
8642
8747
  * <p>When you use the <code>ClientMetadata</code> parameter, note that Amazon Cognito won't do the
8643
8748
  * following:</p>
@@ -8668,8 +8773,8 @@ export interface GetUserAttributeVerificationCodeRequest {
8668
8773
  */
8669
8774
  export interface GetUserAttributeVerificationCodeResponse {
8670
8775
  /**
8671
- * <p>The code delivery details returned by the server in response to the request to get the
8672
- * user attribute verification code.</p>
8776
+ * <p>Information about the delivery destination of the user attribute verification
8777
+ * code.</p>
8673
8778
  * @public
8674
8779
  */
8675
8780
  CodeDeliveryDetails?: CodeDeliveryDetailsType | undefined;
@@ -8679,8 +8784,8 @@ export interface GetUserAttributeVerificationCodeResponse {
8679
8784
  */
8680
8785
  export interface GetUserAuthFactorsRequest {
8681
8786
  /**
8682
- * <p>A valid access token that Amazon Cognito issued to the user whose authentication factors you
8683
- * want to view.</p>
8787
+ * <p>A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for
8788
+ * <code>aws.cognito.signin.user.admin</code>.</p>
8684
8789
  * @public
8685
8790
  */
8686
8791
  AccessToken: string | undefined;
@@ -8690,12 +8795,14 @@ export interface GetUserAuthFactorsRequest {
8690
8795
  */
8691
8796
  export interface GetUserAuthFactorsResponse {
8692
8797
  /**
8693
- * <p>The username of the currently sign-in user.</p>
8798
+ * <p>The name of the user who is eligible for the authentication factors in the
8799
+ * response.</p>
8694
8800
  * @public
8695
8801
  */
8696
8802
  Username: string | undefined;
8697
8803
  /**
8698
- * <p>The user's preferred MFA setting.</p>
8804
+ * <p>The challenge method that Amazon Cognito returns to the user in response to sign-in requests.
8805
+ * Users can prefer SMS message, email message, or TOTP MFA.</p>
8699
8806
  * @public
8700
8807
  */
8701
8808
  PreferredMfaSetting?: string | undefined;
@@ -8708,7 +8815,7 @@ export interface GetUserAuthFactorsResponse {
8708
8815
  UserMFASettingList?: string[] | undefined;
8709
8816
  /**
8710
8817
  * <p>The authentication types that are available to the user with <code>USER_AUTH</code>
8711
- * sign-in. </p>
8818
+ * sign-in, for example <code>["PASSWORD", "WEB_AUTHN"]</code>.</p>
8712
8819
  * @public
8713
8820
  */
8714
8821
  ConfiguredUserAuthFactors?: AuthFactorType[] | undefined;
@@ -8718,29 +8825,29 @@ export interface GetUserAuthFactorsResponse {
8718
8825
  */
8719
8826
  export interface GetUserPoolMfaConfigRequest {
8720
8827
  /**
8721
- * <p>The user pool ID.</p>
8828
+ * <p>The ID of the user pool where you want to query WebAuthn and MFA configuration.</p>
8722
8829
  * @public
8723
8830
  */
8724
8831
  UserPoolId: string | undefined;
8725
8832
  }
8726
8833
  /**
8727
- * <p>Sets or shows user pool email message configuration for MFA. Includes the subject and
8728
- * body of the email message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html">
8729
- * advanced security features</a> must be active in your user pool.</p>
8730
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html">SetUserPoolMfaConfig</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html">GetUserPoolMfaConfig</a>.</p>
8834
+ * <p>Sets or shows configuration for user pool email message MFA and sign-in with one-time
8835
+ * passwords (OTPs). Includes the subject and body of the email message template for
8836
+ * sign-in and MFA messages. To activate this setting, your user pool must be in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html">
8837
+ * Essentials tier</a> or higher.</p>
8731
8838
  * @public
8732
8839
  */
8733
8840
  export interface EmailMfaConfigType {
8734
8841
  /**
8735
- * <p>The template for the email message that your user pool sends to users with a code for
8736
- * MFA and sign-in with an email OTP. The message must contain the <code>\{####\}</code>
8842
+ * <p>The template for the email messages that your user pool sends to users with codes for
8843
+ * MFA and sign-in with email OTPs. The message must contain the <code>\{####\}</code>
8737
8844
  * placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you
8738
8845
  * don't provide this parameter, Amazon Cognito sends messages in the default format.</p>
8739
8846
  * @public
8740
8847
  */
8741
8848
  Message?: string | undefined;
8742
8849
  /**
8743
- * <p>The subject of the email message that your user pool sends to users with a code for
8850
+ * <p>The subject of the email messages that your user pool sends to users with codes for
8744
8851
  * MFA and email OTP sign-in.</p>
8745
8852
  * @public
8746
8853
  */
@@ -8749,7 +8856,6 @@ export interface EmailMfaConfigType {
8749
8856
  /**
8750
8857
  * <p>The configuration of multi-factor authentication (MFA) with SMS messages in a user
8751
8858
  * pool.</p>
8752
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html">SetUserPoolMfaConfig</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html">GetUserPoolMfaConfig</a>.</p>
8753
8859
  * @public
8754
8860
  */
8755
8861
  export interface SmsMfaConfigType {
@@ -8774,7 +8880,6 @@ export interface SmsMfaConfigType {
8774
8880
  /**
8775
8881
  * <p>Settings for time-based one-time password (TOTP) multi-factor authentication (MFA) in
8776
8882
  * a user pool. Enables and disables availability of this feature.</p>
8777
- * <p>This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html">SetUserPoolMfaConfig</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html">GetUserPoolMfaConfig</a>. </p>
8778
8883
  * @public
8779
8884
  */
8780
8885
  export interface SoftwareTokenMfaConfigType {
@@ -8784,18 +8889,6 @@ export interface SoftwareTokenMfaConfigType {
8784
8889
  */
8785
8890
  Enabled?: boolean | undefined;
8786
8891
  }
8787
- /**
8788
- * @public
8789
- * @enum
8790
- */
8791
- export declare const UserVerificationType: {
8792
- readonly PREFERRED: "preferred";
8793
- readonly REQUIRED: "required";
8794
- };
8795
- /**
8796
- * @public
8797
- */
8798
- export type UserVerificationType = (typeof UserVerificationType)[keyof typeof UserVerificationType];
8799
8892
  /**
8800
8893
  * @internal
8801
8894
  */