@aws-sdk/client-cognito-identity-provider 3.974.0 → 3.978.0

package/dist-types/models/models_1.d.ts

@@ -1,5 +1,356 @@
-import { VerifySoftwareTokenResponseType } from "./enums";
-import type { CustomDomainConfigType, UserPoolClientType } from "./models_0";
+import { ExplicitAuthFlowsType, OAuthFlowType, PreventUserExistenceErrorTypes, VerifySoftwareTokenResponseType } from "./enums";
+import type { AnalyticsConfigurationType, CustomDomainConfigType, RefreshTokenRotationType, TokenValidityUnitsType, UserPoolClientType } from "./models_0";
+/**
+ * <p>Represents the request to update the user pool client.</p>
+ * @public
+ */
+export interface UpdateUserPoolClientRequest {
+    /**
+     * <p>The ID of the user pool where you want to update the app client.</p>
+     * @public
+     */
+    UserPoolId: string | undefined;
+    /**
+     * <p>The ID of the app client that you want to update.</p>
+     * @public
+     */
+    ClientId: string | undefined;
+    /**
+     * <p>A friendly name for the app client.</p>
+     * @public
+     */
+    ClientName?: string | undefined;
+    /**
+     * <p>The refresh token time limit. After this limit expires, your user can't use
+     * their refresh token. To specify the time unit for <code>RefreshTokenValidity</code> as
+     * <code>seconds</code>, <code>minutes</code>, <code>hours</code>, or <code>days</code>,
+     * set a <code>TokenValidityUnits</code> value in your API request.</p>
+     *          <p>For example, when you set <code>RefreshTokenValidity</code> as <code>10</code> and
+     * <code>TokenValidityUnits</code> as <code>days</code>, your user can refresh their session
+     * and retrieve new access and ID tokens for 10 days.</p>
+     *          <p>The default time unit for <code>RefreshTokenValidity</code> in an API request is days.
+     * You can't set <code>RefreshTokenValidity</code> to 0. If you do, Amazon Cognito overrides the
+     * value with the default value of 30 days. <i>Valid range</i> is displayed below
+     * in seconds.</p>
+     *          <p>If you don't specify otherwise in the configuration of your app client, your refresh
+     * tokens are valid for 30 days.</p>
+     * @public
+     */
+    RefreshTokenValidity?: number | undefined;
+    /**
+     * <p>The access token time limit. After this limit expires, your user can't use
+     * their access token. To specify the time unit for <code>AccessTokenValidity</code> as
+     * <code>seconds</code>, <code>minutes</code>, <code>hours</code>, or <code>days</code>,
+     * set a <code>TokenValidityUnits</code> value in your API request.</p>
+     *          <p>For example, when you set <code>AccessTokenValidity</code> to <code>10</code> and
+     * <code>TokenValidityUnits</code> to <code>hours</code>, your user can authorize access with
+     * their access token for 10 hours.</p>
+     *          <p>The default time unit for <code>AccessTokenValidity</code> in an API request is hours.
+     * <i>Valid range</i> is displayed below in seconds.</p>
+     *          <p>If you don't specify otherwise in the configuration of your app client, your access
+     * tokens are valid for one hour.</p>
+     * @public
+     */
+    AccessTokenValidity?: number | undefined;
+    /**
+     * <p>The ID token time limit. After this limit expires, your user can't use
+     * their ID token. To specify the time unit for <code>IdTokenValidity</code> as
+     * <code>seconds</code>, <code>minutes</code>, <code>hours</code>, or <code>days</code>,
+     * set a <code>TokenValidityUnits</code> value in your API request.</p>
+     *          <p>For example, when you set <code>IdTokenValidity</code> as <code>10</code> and
+     * <code>TokenValidityUnits</code> as <code>hours</code>, your user can authenticate their
+     * session with their ID token for 10 hours.</p>
+     *          <p>The default time unit for <code>IdTokenValidity</code> in an API request is hours.
+     * <i>Valid range</i> is displayed below in seconds.</p>
+     *          <p>If you don't specify otherwise in the configuration of your app client, your ID
+     * tokens are valid for one hour.</p>
+     * @public
+     */
+    IdTokenValidity?: number | undefined;
+    /**
+     * <p>The units that validity times are represented in. The default unit for refresh tokens
+     *             is days, and the default for ID and access tokens are hours.</p>
+     * @public
+     */
+    TokenValidityUnits?: TokenValidityUnitsType | undefined;
+    /**
+     * <p>The list of user attributes that you want your app client to have read access to.
+     *     After your user authenticates in your app, their access token authorizes them to read
+     *     their own attribute value for any attribute in this list.</p>
+     *          <p>When you don't specify the <code>ReadAttributes</code> for your app client, your
+     *     app can read the values of <code>email_verified</code>,
+     *     <code>phone_number_verified</code>, and the standard attributes of your user pool.
+     *     When your user pool app client has read access to these default attributes,
+     *     <code>ReadAttributes</code> doesn't return any information. Amazon Cognito only
+     *     populates <code>ReadAttributes</code> in the API response if you have specified your own
+     *     custom set of read attributes.</p>
+     * @public
+     */
+    ReadAttributes?: string[] | undefined;
+    /**
+     * <p>The list of user attributes that you want your app client to have write access to.
+     *     After your user authenticates in your app, their access token authorizes them to set or
+     *     modify their own attribute value for any attribute in this list.</p>
+     *          <p>When you don't specify the <code>WriteAttributes</code> for your app client, your
+     *     app can write the values of the Standard attributes of your user pool. When your user
+     *     pool has write access to these default attributes, <code>WriteAttributes</code>
+     *     doesn't return any information. Amazon Cognito only populates
+     *         <code>WriteAttributes</code> in the API response if you have specified your own
+     *     custom set of write attributes.</p>
+     *          <p>If your app client allows users to sign in through an IdP, this array must include all
+     *     attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when
+     *     users sign in to your application through an IdP. If your app client does not have write
+     *     access to a mapped attribute, Amazon Cognito throws an error when it tries to update the
+     *     attribute. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html">Specifying IdP Attribute Mappings for Your user
+     *     pool</a>.</p>
+     * @public
+     */
+    WriteAttributes?: string[] | undefined;
+    /**
+     * <p>The <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html">authentication flows</a> that you want your user pool client to support. For each app
+     * client in your user pool, you can sign in your users with any combination of one or more flows, including with
+     * a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that
+     * you define with Lambda functions.</p>
+     *          <note>
+     *             <p>If you don't specify a value for <code>ExplicitAuthFlows</code>, your app client supports
+     * <code>ALLOW_REFRESH_TOKEN_AUTH</code>, <code>ALLOW_USER_SRP_AUTH</code>, and <code>ALLOW_CUSTOM_AUTH</code>.
+     * </p>
+     *          </note>
+     *          <p>The values for authentication flow options include the following.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>ALLOW_USER_AUTH</code>: Enable selection-based sign-in
+     *             with <code>USER_AUTH</code>. This setting covers username-password,
+     *             secure remote password (SRP), passwordless, and passkey authentication.
+     *             This authentiation flow can do username-password and SRP authentication
+     *             without other <code>ExplicitAuthFlows</code> permitting them. For example
+     *             users can complete an SRP challenge through <code>USER_AUTH</code>
+     *             without the flow <code>USER_SRP_AUTH</code> being active for the app
+     *             client. This flow doesn't include <code>CUSTOM_AUTH</code>.
+     *         </p>
+     *                <p>To activate this setting, your user pool must be in the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html">
+     *                      Essentials tier</a> or higher.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>ALLOW_ADMIN_USER_PASSWORD_AUTH</code>: Enable admin based user password
+     *             authentication flow <code>ADMIN_USER_PASSWORD_AUTH</code>. This setting replaces
+     *             the <code>ADMIN_NO_SRP_AUTH</code> setting. With this authentication flow, your app
+     *             passes a user name and password to Amazon Cognito in the request, instead of using the Secure
+     *             Remote Password (SRP) protocol to securely transmit the password.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>ALLOW_CUSTOM_AUTH</code>: Enable Lambda trigger based
+     *             authentication.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>ALLOW_USER_PASSWORD_AUTH</code>: Enable user password-based
+     *             authentication. In this flow, Amazon Cognito receives the password in the request instead
+     *             of using the SRP protocol to verify passwords.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>ALLOW_USER_SRP_AUTH</code>: Enable SRP-based authentication.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>ALLOW_REFRESH_TOKEN_AUTH</code>: Enable authflow to refresh
+     *             tokens.</p>
+     *             </li>
+     *          </ul>
+     *          <p>In some environments, you will see the values <code>ADMIN_NO_SRP_AUTH</code>, <code>CUSTOM_AUTH_FLOW_ONLY</code>, or <code>USER_PASSWORD_AUTH</code>.
+     * You can't assign these legacy <code>ExplicitAuthFlows</code> values to user pool clients at the same time as values that begin with <code>ALLOW_</code>,
+     * like <code>ALLOW_USER_SRP_AUTH</code>.</p>
+     * @public
+     */
+    ExplicitAuthFlows?: ExplicitAuthFlowsType[] | undefined;
+    /**
+     * <p>A list of provider names for the identity providers (IdPs) that are supported on this
+     *             client. The following are supported: <code>COGNITO</code>, <code>Facebook</code>,
+     *             <code>Google</code>, <code>SignInWithApple</code>, and <code>LoginWithAmazon</code>.
+     *             You can also specify the names that you configured for the SAML and OIDC IdPs in your
+     *             user pool, for example <code>MySAMLIdP</code> or <code>MyOIDCIdP</code>.</p>
+     *          <p>This parameter sets the IdPs that <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html">managed
+     *             login</a> will display on the login page for your app client. The removal of
+     *             <code>COGNITO</code> from this list doesn't prevent authentication operations
+     *             for local users with the user pools API in an Amazon Web Services SDK. The only way to prevent
+     *             SDK-based authentication is to block access with a <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html">WAF rule</a>.
+     *         </p>
+     * @public
+     */
+    SupportedIdentityProviders?: string[] | undefined;
+    /**
+     * <p>A list of allowed redirect, or callback, URLs for managed login authentication. These
+     *             URLs are the paths where you want to send your users' browsers after they complete
+     *             authentication with managed login or a third-party IdP. Typically, callback URLs are the
+     *             home of an application that uses OAuth or OIDC libraries to process authentication
+     *             outcomes.</p>
+     *          <p>A redirect URI must meet the following requirements:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Be an absolute URI.</p>
+     *             </li>
+     *             <li>
+     *                <p>Be registered with the authorization server. Amazon Cognito doesn't accept
+     *                     authorization requests with <code>redirect_uri</code> values that aren't in
+     *                     the list of <code>CallbackURLs</code> that you provide in this parameter.</p>
+     *             </li>
+     *             <li>
+     *                <p>Not include a fragment component.</p>
+     *             </li>
+     *          </ul>
+     *          <p>See <a href="https://tools.ietf.org/html/rfc6749#section-3.1.2">OAuth 2.0 -
+     *                 Redirection Endpoint</a>.</p>
+     *          <p>Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes
+     *             only.</p>
+     *          <p>App callback URLs such as <code>myapp://example</code> are also supported.</p>
+     * @public
+     */
+    CallbackURLs?: string[] | undefined;
+    /**
+     * <p>A list of allowed logout URLs for managed login authentication. When you pass
+     *                 <code>logout_uri</code> and <code>client_id</code> parameters to
+     *                 <code>/logout</code>, Amazon Cognito signs out your user and redirects them to the logout
+     *             URL. This parameter describes the URLs that you want to be the permitted targets of
+     *                 <code>logout_uri</code>. A typical use of these URLs is when a user selects "Sign
+     *             out" and you redirect them to your public homepage. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html">Logout
+     *                 endpoint</a>.</p>
+     * @public
+     */
+    LogoutURLs?: string[] | undefined;
+    /**
+     * <p>The default redirect URI. In app clients with one assigned IdP, replaces
+     *                 <code>redirect_uri</code> in authentication requests. Must be in the
+     *                 <code>CallbackURLs</code> list.</p>
+     * @public
+     */
+    DefaultRedirectURI?: string | undefined;
+    /**
+     * <p>The OAuth grant types that you want your app client to generate. To create an app
+     *             client that generates client credentials grants, you must add
+     *                 <code>client_credentials</code> as the only allowed OAuth flow.</p>
+     *          <dl>
+     *             <dt>code</dt>
+     *             <dd>
+     *                <p>Use a code grant flow, which provides an authorization code as the
+     *                         response. This code can be exchanged for access tokens with the
+     *                             <code>/oauth2/token</code> endpoint.</p>
+     *             </dd>
+     *             <dt>implicit</dt>
+     *             <dd>
+     *                <p>Issue the access token (and, optionally, ID token, based on scopes)
+     *                         directly to your user.</p>
+     *             </dd>
+     *             <dt>client_credentials</dt>
+     *             <dd>
+     *                <p>Issue the access token from the <code>/oauth2/token</code> endpoint
+     *                         directly to a non-person user using a combination of the client ID and
+     *                         client secret.</p>
+     *             </dd>
+     *          </dl>
+     * @public
+     */
+    AllowedOAuthFlows?: OAuthFlowType[] | undefined;
+    /**
+     * <p>The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app
+     *             client to authorize access with. Scopes govern access control to user pool self-service
+     *             API operations, user data from the <code>userInfo</code> endpoint, and third-party APIs.
+     *             Scope values include <code>phone</code>, <code>email</code>, <code>openid</code>, and
+     *                 <code>profile</code>. The <code>aws.cognito.signin.user.admin</code> scope
+     *             authorizes user self-service operations. Custom scopes with resource servers authorize
+     *             access to external APIs.</p>
+     * @public
+     */
+    AllowedOAuthScopes?: string[] | undefined;
+    /**
+     * <p>Set to <code>true</code> to use OAuth 2.0 authorization server features in your app client.</p>
+     *          <p>This parameter must have a value of <code>true</code> before you can configure
+     * the following features in your app client.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>CallBackURLs</code>: Callback URLs.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>LogoutURLs</code>: Sign-out redirect URLs.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>AllowedOAuthScopes</code>: OAuth 2.0 scopes.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>AllowedOAuthFlows</code>: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.</p>
+     *             </li>
+     *          </ul>
+     *          <p>To use authorization server features, configure one of these features in the Amazon Cognito console or set
+     * <code>AllowedOAuthFlowsUserPoolClient</code> to <code>true</code> in a <code>CreateUserPoolClient</code> or
+     * <code>UpdateUserPoolClient</code> API request. If you don't set a value for
+     * <code>AllowedOAuthFlowsUserPoolClient</code> in a request with the CLI or SDKs, it defaults
+     * to <code>false</code>. When <code>false</code>, only SDK-based API sign-in is permitted.</p>
+     * @public
+     */
+    AllowedOAuthFlowsUserPoolClient?: boolean | undefined;
+    /**
+     * <p>The user pool analytics configuration for collecting metrics and sending them to your
+     *             Amazon Pinpoint campaign.</p>
+     *          <p>In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools might not have access to
+     *             analytics or might be configurable with campaigns in the US East (N. Virginia) Region.
+     *             For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html">Using Amazon Pinpoint analytics</a>.</p>
+     * @public
+     */
+    AnalyticsConfiguration?: AnalyticsConfigurationType | undefined;
+    /**
+     * <p>When <code>ENABLED</code>, suppresses messages that might indicate a valid user exists
+     *             when someone attempts sign-in. This parameters sets your preference for the errors and
+     *             responses that you want Amazon Cognito APIs to return during authentication, account
+     *             confirmation, and password recovery when the user doesn't exist in the user pool. When
+     *             set to <code>ENABLED</code> and the user doesn't exist, authentication returns an error
+     *             indicating either the username or password was incorrect. Account confirmation and
+     *             password recovery return a response indicating a code was sent to a simulated
+     *             destination. When set to <code>LEGACY</code>, those APIs return a
+     *             <code>UserNotFoundException</code> exception if the user doesn't exist in the user
+     *             pool.</p>
+     *          <p>Defaults to <code>LEGACY</code>.</p>
+     * @public
+     */
+    PreventUserExistenceErrors?: PreventUserExistenceErrorTypes | undefined;
+    /**
+     * <p>Activates or deactivates <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html">token
+     *                 revocation</a> in the target app client.</p>
+     * @public
+     */
+    EnableTokenRevocation?: boolean | undefined;
+    /**
+     * <p>When <code>true</code>, your application can include additional
+     *                 <code>UserContextData</code> in authentication requests. This data includes the IP
+     *             address, and contributes to analysis by threat protection features. For more information
+     *             about propagation of user context data, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint">Adding session data to API requests</a>. If you don’t include this parameter,
+     *             you can't send the source IP address to Amazon Cognito threat protection features. You can only
+     *             activate <code>EnablePropagateAdditionalUserContextData</code> in an app client that has
+     *             a client secret.</p>
+     * @public
+     */
+    EnablePropagateAdditionalUserContextData?: boolean | undefined;
+    /**
+     * <p>Amazon Cognito creates a session token for each API request in an authentication flow. <code>AuthSessionValidity</code> is the duration,
+     * in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires.</p>
+     * @public
+     */
+    AuthSessionValidity?: number | undefined;
+    /**
+     * <p>The configuration of your app client for refresh token rotation. When enabled, your
+     *             app client issues new ID, access, and refresh tokens when users renew their sessions
+     *             with refresh tokens. When disabled, token refresh issues only ID and access
+     *             tokens.</p>
+     * @public
+     */
+    RefreshTokenRotation?: RefreshTokenRotationType | undefined;
+}
 /**
  * <p>Represents the response from the server to the request to update the user pool
  *             client.</p>

package/dist-types/schemas/schemas_0.d.ts

@@ -188,6 +188,7 @@ export declare var GroupExistsException$: StaticErrorSchema;
 export declare var GroupType$: StaticStructureSchema;
 export declare var HttpHeader$: StaticStructureSchema;
 export declare var IdentityProviderType$: StaticStructureSchema;
+export declare var InboundFederationLambdaType$: StaticStructureSchema;
 export declare var InitiateAuthRequest$: StaticStructureSchema;
 export declare var InitiateAuthResponse$: StaticStructureSchema;
 export declare var InternalErrorException$: StaticErrorSchema;

package/dist-types/ts3.4/CognitoIdentityProvider.d.ts

@@ -1,4 +1,8 @@
-import { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types";
+import {
+  HttpHandlerOptions as __HttpHandlerOptions,
+  PaginationConfiguration,
+  Paginator,
+} from "@smithy/types";
 import { CognitoIdentityProviderClient } from "./CognitoIdentityProviderClient";
 import {
   AddCustomAttributesCommandInput,
@@ -2032,6 +2036,69 @@ export interface CognitoIdentityProvider {
     options: __HttpHandlerOptions,
     cb: (err: any, data?: VerifyUserAttributeCommandOutput) => void
   ): void;
+  paginateAdminListGroupsForUser(
+    args: AdminListGroupsForUserCommandInput,
+    paginationConfig?: Pick<
+      PaginationConfiguration,
+      Exclude<keyof PaginationConfiguration, "client">
+    >
+  ): Paginator<AdminListGroupsForUserCommandOutput>;
+  paginateAdminListUserAuthEvents(
+    args: AdminListUserAuthEventsCommandInput,
+    paginationConfig?: Pick<
+      PaginationConfiguration,
+      Exclude<keyof PaginationConfiguration, "client">
+    >
+  ): Paginator<AdminListUserAuthEventsCommandOutput>;
+  paginateListGroups(
+    args: ListGroupsCommandInput,
+    paginationConfig?: Pick<
+      PaginationConfiguration,
+      Exclude<keyof PaginationConfiguration, "client">
+    >
+  ): Paginator<ListGroupsCommandOutput>;
+  paginateListIdentityProviders(
+    args: ListIdentityProvidersCommandInput,
+    paginationConfig?: Pick<
+      PaginationConfiguration,
+      Exclude<keyof PaginationConfiguration, "client">
+    >
+  ): Paginator<ListIdentityProvidersCommandOutput>;
+  paginateListResourceServers(
+    args: ListResourceServersCommandInput,
+    paginationConfig?: Pick<
+      PaginationConfiguration,
+      Exclude<keyof PaginationConfiguration, "client">
+    >
+  ): Paginator<ListResourceServersCommandOutput>;
+  paginateListUserPoolClients(
+    args: ListUserPoolClientsCommandInput,
+    paginationConfig?: Pick<
+      PaginationConfiguration,
+      Exclude<keyof PaginationConfiguration, "client">
+    >
+  ): Paginator<ListUserPoolClientsCommandOutput>;
+  paginateListUserPools(
+    args: ListUserPoolsCommandInput,
+    paginationConfig?: Pick<
+      PaginationConfiguration,
+      Exclude<keyof PaginationConfiguration, "client">
+    >
+  ): Paginator<ListUserPoolsCommandOutput>;
+  paginateListUsers(
+    args: ListUsersCommandInput,
+    paginationConfig?: Pick<
+      PaginationConfiguration,
+      Exclude<keyof PaginationConfiguration, "client">
+    >
+  ): Paginator<ListUsersCommandOutput>;
+  paginateListUsersInGroup(
+    args: ListUsersInGroupCommandInput,
+    paginationConfig?: Pick<
+      PaginationConfiguration,
+      Exclude<keyof PaginationConfiguration, "client">
+    >
+  ): Paginator<ListUsersInGroupCommandOutput>;
 }
 export declare class CognitoIdentityProvider
   extends CognitoIdentityProviderClient

package/dist-types/ts3.4/commands/UpdateUserPoolClientCommand.d.ts

@@ -5,8 +5,10 @@ import {
   ServiceInputTypes,
   ServiceOutputTypes,
 } from "../CognitoIdentityProviderClient";
-import { UpdateUserPoolClientRequest } from "../models/models_0";
-import { UpdateUserPoolClientResponse } from "../models/models_1";
+import {
+  UpdateUserPoolClientRequest,
+  UpdateUserPoolClientResponse,
+} from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface UpdateUserPoolClientCommandInput

package/dist-types/ts3.4/models/enums.d.ts

@@ -250,6 +250,11 @@ export declare const CustomSMSSenderLambdaVersionType: {
 };
 export type CustomSMSSenderLambdaVersionType =
   (typeof CustomSMSSenderLambdaVersionType)[keyof typeof CustomSMSSenderLambdaVersionType];
+export declare const InboundFederationLambdaVersionType: {
+  readonly V1_0: "V1_0";
+};
+export type InboundFederationLambdaVersionType =
+  (typeof InboundFederationLambdaVersionType)[keyof typeof InboundFederationLambdaVersionType];
 export declare const PreTokenGenerationLambdaVersionType: {
   readonly V1_0: "V1_0";
   readonly V2_0: "V2_0";

package/dist-types/ts3.4/models/models_0.d.ts

@@ -30,6 +30,7 @@ import {
   FeatureType,
   FeedbackValueType,
   IdentityProviderTypeType,
+  InboundFederationLambdaVersionType,
   LogLevel,
   MessageActionType,
   OAuthFlowType,
@@ -638,6 +639,10 @@ export interface CustomSMSLambdaVersionConfigType {
   LambdaVersion: CustomSMSSenderLambdaVersionType | undefined;
   LambdaArn: string | undefined;
 }
+export interface InboundFederationLambdaType {
+  LambdaVersion: InboundFederationLambdaVersionType | undefined;
+  LambdaArn: string | undefined;
+}
 export interface PreTokenGenerationVersionConfigType {
   LambdaVersion: PreTokenGenerationLambdaVersionType | undefined;
   LambdaArn: string | undefined;
@@ -657,6 +662,7 @@ export interface LambdaConfigType {
   CustomSMSSender?: CustomSMSLambdaVersionConfigType | undefined;
   CustomEmailSender?: CustomEmailLambdaVersionConfigType | undefined;
   KMSKeyID?: string | undefined;
+  InboundFederation?: InboundFederationLambdaType | undefined;
 }
 export interface PasswordPolicyType {
   MinimumLength?: number | undefined;
@@ -1544,28 +1550,3 @@ export interface UpdateUserPoolRequest {
   UserPoolTier?: UserPoolTierType | undefined;
 }
 export interface UpdateUserPoolResponse {}
-export interface UpdateUserPoolClientRequest {
-  UserPoolId: string | undefined;
-  ClientId: string | undefined;
-  ClientName?: string | undefined;
-  RefreshTokenValidity?: number | undefined;
-  AccessTokenValidity?: number | undefined;
-  IdTokenValidity?: number | undefined;
-  TokenValidityUnits?: TokenValidityUnitsType | undefined;
-  ReadAttributes?: string[] | undefined;
-  WriteAttributes?: string[] | undefined;
-  ExplicitAuthFlows?: ExplicitAuthFlowsType[] | undefined;
-  SupportedIdentityProviders?: string[] | undefined;
-  CallbackURLs?: string[] | undefined;
-  LogoutURLs?: string[] | undefined;
-  DefaultRedirectURI?: string | undefined;
-  AllowedOAuthFlows?: OAuthFlowType[] | undefined;
-  AllowedOAuthScopes?: string[] | undefined;
-  AllowedOAuthFlowsUserPoolClient?: boolean | undefined;
-  AnalyticsConfiguration?: AnalyticsConfigurationType | undefined;
-  PreventUserExistenceErrors?: PreventUserExistenceErrorTypes | undefined;
-  EnableTokenRevocation?: boolean | undefined;
-  EnablePropagateAdditionalUserContextData?: boolean | undefined;
-  AuthSessionValidity?: number | undefined;
-  RefreshTokenRotation?: RefreshTokenRotationType | undefined;
-}

package/dist-types/ts3.4/models/models_1.d.ts

@@ -1,5 +1,41 @@
-import { VerifySoftwareTokenResponseType } from "./enums";
-import { CustomDomainConfigType, UserPoolClientType } from "./models_0";
+import {
+  ExplicitAuthFlowsType,
+  OAuthFlowType,
+  PreventUserExistenceErrorTypes,
+  VerifySoftwareTokenResponseType,
+} from "./enums";
+import {
+  AnalyticsConfigurationType,
+  CustomDomainConfigType,
+  RefreshTokenRotationType,
+  TokenValidityUnitsType,
+  UserPoolClientType,
+} from "./models_0";
+export interface UpdateUserPoolClientRequest {
+  UserPoolId: string | undefined;
+  ClientId: string | undefined;
+  ClientName?: string | undefined;
+  RefreshTokenValidity?: number | undefined;
+  AccessTokenValidity?: number | undefined;
+  IdTokenValidity?: number | undefined;
+  TokenValidityUnits?: TokenValidityUnitsType | undefined;
+  ReadAttributes?: string[] | undefined;
+  WriteAttributes?: string[] | undefined;
+  ExplicitAuthFlows?: ExplicitAuthFlowsType[] | undefined;
+  SupportedIdentityProviders?: string[] | undefined;
+  CallbackURLs?: string[] | undefined;
+  LogoutURLs?: string[] | undefined;
+  DefaultRedirectURI?: string | undefined;
+  AllowedOAuthFlows?: OAuthFlowType[] | undefined;
+  AllowedOAuthScopes?: string[] | undefined;
+  AllowedOAuthFlowsUserPoolClient?: boolean | undefined;
+  AnalyticsConfiguration?: AnalyticsConfigurationType | undefined;
+  PreventUserExistenceErrors?: PreventUserExistenceErrorTypes | undefined;
+  EnableTokenRevocation?: boolean | undefined;
+  EnablePropagateAdditionalUserContextData?: boolean | undefined;
+  AuthSessionValidity?: number | undefined;
+  RefreshTokenRotation?: RefreshTokenRotationType | undefined;
+}
 export interface UpdateUserPoolClientResponse {
   UserPoolClient?: UserPoolClientType | undefined;
 }

package/dist-types/ts3.4/schemas/schemas_0.d.ts

@@ -192,6 +192,7 @@ export declare var GroupExistsException$: StaticErrorSchema;
 export declare var GroupType$: StaticStructureSchema;
 export declare var HttpHeader$: StaticStructureSchema;
 export declare var IdentityProviderType$: StaticStructureSchema;
+export declare var InboundFederationLambdaType$: StaticStructureSchema;
 export declare var InitiateAuthRequest$: StaticStructureSchema;
 export declare var InitiateAuthResponse$: StaticStructureSchema;
 export declare var InternalErrorException$: StaticErrorSchema;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-cognito-identity-provider",
   "description": "AWS SDK for JavaScript Cognito Identity Provider Client for Node.js, Browser and React Native",
-  "version": "3.974.0",
+  "version": "3.978.0",
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
     "build:cjs": "node ../../scripts/compilation/inline client-cognito-identity-provider",
@@ -21,38 +21,38 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "^3.973.0",
-    "@aws-sdk/credential-provider-node": "^3.972.1",
-    "@aws-sdk/middleware-host-header": "^3.972.1",
-    "@aws-sdk/middleware-logger": "^3.972.1",
-    "@aws-sdk/middleware-recursion-detection": "^3.972.1",
-    "@aws-sdk/middleware-user-agent": "^3.972.1",
-    "@aws-sdk/region-config-resolver": "^3.972.1",
-    "@aws-sdk/types": "^3.973.0",
+    "@aws-sdk/core": "^3.973.4",
+    "@aws-sdk/credential-provider-node": "^3.972.2",
+    "@aws-sdk/middleware-host-header": "^3.972.2",
+    "@aws-sdk/middleware-logger": "^3.972.2",
+    "@aws-sdk/middleware-recursion-detection": "^3.972.2",
+    "@aws-sdk/middleware-user-agent": "^3.972.4",
+    "@aws-sdk/region-config-resolver": "^3.972.2",
+    "@aws-sdk/types": "^3.973.1",
     "@aws-sdk/util-endpoints": "3.972.0",
-    "@aws-sdk/util-user-agent-browser": "^3.972.1",
-    "@aws-sdk/util-user-agent-node": "^3.972.1",
+    "@aws-sdk/util-user-agent-browser": "^3.972.2",
+    "@aws-sdk/util-user-agent-node": "^3.972.2",
     "@smithy/config-resolver": "^4.4.6",
-    "@smithy/core": "^3.21.0",
+    "@smithy/core": "^3.22.0",
     "@smithy/fetch-http-handler": "^5.3.9",
     "@smithy/hash-node": "^4.2.8",
     "@smithy/invalid-dependency": "^4.2.8",
     "@smithy/middleware-content-length": "^4.2.8",
-    "@smithy/middleware-endpoint": "^4.4.10",
-    "@smithy/middleware-retry": "^4.4.26",
+    "@smithy/middleware-endpoint": "^4.4.12",
+    "@smithy/middleware-retry": "^4.4.29",
     "@smithy/middleware-serde": "^4.2.9",
     "@smithy/middleware-stack": "^4.2.8",
     "@smithy/node-config-provider": "^4.3.8",
     "@smithy/node-http-handler": "^4.4.8",
     "@smithy/protocol-http": "^5.3.8",
-    "@smithy/smithy-client": "^4.10.11",
+    "@smithy/smithy-client": "^4.11.1",
     "@smithy/types": "^4.12.0",
     "@smithy/url-parser": "^4.2.8",
     "@smithy/util-base64": "^4.3.0",
     "@smithy/util-body-length-browser": "^4.2.0",
     "@smithy/util-body-length-node": "^4.2.1",
-    "@smithy/util-defaults-mode-browser": "^4.3.25",
-    "@smithy/util-defaults-mode-node": "^4.2.28",
+    "@smithy/util-defaults-mode-browser": "^4.3.28",
+    "@smithy/util-defaults-mode-node": "^4.2.31",
     "@smithy/util-endpoints": "^3.2.8",
     "@smithy/util-middleware": "^4.2.8",
     "@smithy/util-retry": "^4.2.8",