cdk-lambda-subminute 2.0.328 → 2.0.330
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +3 -3
- package/lib/cdk-lambda-subminute.js +3 -3
- package/node_modules/aws-sdk/README.md +1 -1
- package/node_modules/aws-sdk/apis/cognito-idp-2016-04-18.min.json +163 -152
- package/node_modules/aws-sdk/apis/eks-2017-11-01.min.json +507 -112
- package/node_modules/aws-sdk/apis/eks-2017-11-01.paginators.json +22 -0
- package/node_modules/aws-sdk/apis/route53resolver-2018-04-01.min.json +86 -73
- package/node_modules/aws-sdk/clients/cognitoidentityserviceprovider.d.ts +96 -81
- package/node_modules/aws-sdk/clients/eks.d.ts +592 -178
- package/node_modules/aws-sdk/clients/quicksight.d.ts +2 -2
- package/node_modules/aws-sdk/clients/route53resolver.d.ts +35 -17
- package/node_modules/aws-sdk/dist/aws-sdk-core-react-native.js +1 -1
- package/node_modules/aws-sdk/dist/aws-sdk-react-native.js +5 -5
- package/node_modules/aws-sdk/dist/aws-sdk.js +166 -155
- package/node_modules/aws-sdk/dist/aws-sdk.min.js +9 -9
- package/node_modules/aws-sdk/lib/core.js +1 -1
- package/node_modules/aws-sdk/package.json +1 -1
- package/package.json +4 -4
|
@@ -20,19 +20,19 @@ declare class CognitoIdentityServiceProvider extends Service {
|
|
|
20
20
|
*/
|
|
21
21
|
addCustomAttributes(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AddCustomAttributesResponse) => void): Request<CognitoIdentityServiceProvider.Types.AddCustomAttributesResponse, AWSError>;
|
|
22
22
|
/**
|
|
23
|
-
* Adds
|
|
23
|
+
* Adds a user to a group. A user who is in a group can present a preferred-role claim to an identity pool, and populates a cognito:groups claim to their access and identity tokens. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
24
24
|
*/
|
|
25
25
|
adminAddUserToGroup(params: CognitoIdentityServiceProvider.Types.AdminAddUserToGroupRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
|
|
26
26
|
/**
|
|
27
|
-
* Adds
|
|
27
|
+
* Adds a user to a group. A user who is in a group can present a preferred-role claim to an identity pool, and populates a cognito:groups claim to their access and identity tokens. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
28
28
|
*/
|
|
29
29
|
adminAddUserToGroup(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
|
|
30
30
|
/**
|
|
31
|
-
*
|
|
31
|
+
* This IAM-authenticated API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message. Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users confirm their accounts when they respond to their invitation email message and choose a password. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
32
32
|
*/
|
|
33
33
|
adminConfirmSignUp(params: CognitoIdentityServiceProvider.Types.AdminConfirmSignUpRequest, callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminConfirmSignUpResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminConfirmSignUpResponse, AWSError>;
|
|
34
34
|
/**
|
|
35
|
-
*
|
|
35
|
+
* This IAM-authenticated API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message. Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users confirm their accounts when they respond to their invitation email message and choose a password. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
36
36
|
*/
|
|
37
37
|
adminConfirmSignUp(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminConfirmSignUpResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminConfirmSignUpResponse, AWSError>;
|
|
38
38
|
/**
|
|
@@ -132,11 +132,11 @@ declare class CognitoIdentityServiceProvider extends Service {
|
|
|
132
132
|
*/
|
|
133
133
|
adminListDevices(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminListDevicesResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminListDevicesResponse, AWSError>;
|
|
134
134
|
/**
|
|
135
|
-
* Lists the groups that
|
|
135
|
+
* Lists the groups that a user belongs to. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
136
136
|
*/
|
|
137
137
|
adminListGroupsForUser(params: CognitoIdentityServiceProvider.Types.AdminListGroupsForUserRequest, callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminListGroupsForUserResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminListGroupsForUserResponse, AWSError>;
|
|
138
138
|
/**
|
|
139
|
-
* Lists the groups that
|
|
139
|
+
* Lists the groups that a user belongs to. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
140
140
|
*/
|
|
141
141
|
adminListGroupsForUser(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminListGroupsForUserResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminListGroupsForUserResponse, AWSError>;
|
|
142
142
|
/**
|
|
@@ -164,11 +164,11 @@ declare class CognitoIdentityServiceProvider extends Service {
|
|
|
164
164
|
*/
|
|
165
165
|
adminResetUserPassword(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminResetUserPasswordResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminResetUserPasswordResponse, AWSError>;
|
|
166
166
|
/**
|
|
167
|
-
*
|
|
167
|
+
* Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge. For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
168
168
|
*/
|
|
169
169
|
adminRespondToAuthChallenge(params: CognitoIdentityServiceProvider.Types.AdminRespondToAuthChallengeRequest, callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminRespondToAuthChallengeResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminRespondToAuthChallengeResponse, AWSError>;
|
|
170
170
|
/**
|
|
171
|
-
*
|
|
171
|
+
* Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge. For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
172
172
|
*/
|
|
173
173
|
adminRespondToAuthChallenge(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminRespondToAuthChallengeResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminRespondToAuthChallengeResponse, AWSError>;
|
|
174
174
|
/**
|
|
@@ -220,11 +220,11 @@ declare class CognitoIdentityServiceProvider extends Service {
|
|
|
220
220
|
*/
|
|
221
221
|
adminUpdateUserAttributes(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminUpdateUserAttributesResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminUpdateUserAttributesResponse, AWSError>;
|
|
222
222
|
/**
|
|
223
|
-
*
|
|
223
|
+
* Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior. Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints. Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin. Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider. Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests. Other requests might be valid until your user's token expires. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
224
224
|
*/
|
|
225
225
|
adminUserGlobalSignOut(params: CognitoIdentityServiceProvider.Types.AdminUserGlobalSignOutRequest, callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminUserGlobalSignOutResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminUserGlobalSignOutResponse, AWSError>;
|
|
226
226
|
/**
|
|
227
|
-
*
|
|
227
|
+
* Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior. Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints. Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin. Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider. Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests. Other requests might be valid until your user's token expires. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more Signing Amazon Web Services API Requests Using the Amazon Cognito user pools API and user pool endpoints
|
|
228
228
|
*/
|
|
229
229
|
adminUserGlobalSignOut(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.AdminUserGlobalSignOutResponse) => void): Request<CognitoIdentityServiceProvider.Types.AdminUserGlobalSignOutResponse, AWSError>;
|
|
230
230
|
/**
|
|
@@ -260,11 +260,11 @@ declare class CognitoIdentityServiceProvider extends Service {
|
|
|
260
260
|
*/
|
|
261
261
|
confirmForgotPassword(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.ConfirmForgotPasswordResponse) => void): Request<CognitoIdentityServiceProvider.Types.ConfirmForgotPasswordResponse, AWSError>;
|
|
262
262
|
/**
|
|
263
|
-
*
|
|
263
|
+
* This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message. Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users, users created with the AdminCreateUser API operation, confirm their accounts when they respond to their invitation email message and choose a password. They do not receive a confirmation code. Instead, they receive a temporary password. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
|
|
264
264
|
*/
|
|
265
265
|
confirmSignUp(params: CognitoIdentityServiceProvider.Types.ConfirmSignUpRequest, callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.ConfirmSignUpResponse) => void): Request<CognitoIdentityServiceProvider.Types.ConfirmSignUpResponse, AWSError>;
|
|
266
266
|
/**
|
|
267
|
-
*
|
|
267
|
+
* This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message. Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users, users created with the AdminCreateUser API operation, confirm their accounts when they respond to their invitation email message and choose a password. They do not receive a confirmation code. Instead, they receive a temporary password. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
|
|
268
268
|
*/
|
|
269
269
|
confirmSignUp(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.ConfirmSignUpResponse) => void): Request<CognitoIdentityServiceProvider.Types.ConfirmSignUpResponse, AWSError>;
|
|
270
270
|
/**
|
|
@@ -540,11 +540,11 @@ declare class CognitoIdentityServiceProvider extends Service {
|
|
|
540
540
|
*/
|
|
541
541
|
getUserPoolMfaConfig(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.GetUserPoolMfaConfigResponse) => void): Request<CognitoIdentityServiceProvider.Types.GetUserPoolMfaConfigResponse, AWSError>;
|
|
542
542
|
/**
|
|
543
|
-
*
|
|
543
|
+
* Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior. Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints. Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin. Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider. Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests. Other requests might be valid until your user's token expires. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
|
|
544
544
|
*/
|
|
545
545
|
globalSignOut(params: CognitoIdentityServiceProvider.Types.GlobalSignOutRequest, callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.GlobalSignOutResponse) => void): Request<CognitoIdentityServiceProvider.Types.GlobalSignOutResponse, AWSError>;
|
|
546
546
|
/**
|
|
547
|
-
*
|
|
547
|
+
* Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior. Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints. Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin. Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider. Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests. Other requests might be valid until your user's token expires. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.
|
|
548
548
|
*/
|
|
549
549
|
globalSignOut(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.GlobalSignOutResponse) => void): Request<CognitoIdentityServiceProvider.Types.GlobalSignOutResponse, AWSError>;
|
|
550
550
|
/**
|
|
@@ -644,11 +644,11 @@ declare class CognitoIdentityServiceProvider extends Service {
|
|
|
644
644
|
*/
|
|
645
645
|
resendConfirmationCode(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.ResendConfirmationCodeResponse) => void): Request<CognitoIdentityServiceProvider.Types.ResendConfirmationCodeResponse, AWSError>;
|
|
646
646
|
/**
|
|
647
|
-
*
|
|
647
|
+
* Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. A RespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge. For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
|
|
648
648
|
*/
|
|
649
649
|
respondToAuthChallenge(params: CognitoIdentityServiceProvider.Types.RespondToAuthChallengeRequest, callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.RespondToAuthChallengeResponse) => void): Request<CognitoIdentityServiceProvider.Types.RespondToAuthChallengeResponse, AWSError>;
|
|
650
650
|
/**
|
|
651
|
-
*
|
|
651
|
+
* Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. A RespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge. For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
|
|
652
652
|
*/
|
|
653
653
|
respondToAuthChallenge(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.RespondToAuthChallengeResponse) => void): Request<CognitoIdentityServiceProvider.Types.RespondToAuthChallengeResponse, AWSError>;
|
|
654
654
|
/**
|
|
@@ -788,11 +788,11 @@ declare class CognitoIdentityServiceProvider extends Service {
|
|
|
788
788
|
*/
|
|
789
789
|
updateResourceServer(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.UpdateResourceServerResponse) => void): Request<CognitoIdentityServiceProvider.Types.UpdateResourceServerResponse, AWSError>;
|
|
790
790
|
/**
|
|
791
|
-
*
|
|
791
|
+
* With this operation, your users can update one or more of their attributes with their own credentials. You authorize this API request with the user's access token. To delete an attribute from your user, submit the attribute in your API request with a blank value. Custom attribute values in this request must include the custom: prefix. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
|
|
792
792
|
*/
|
|
793
793
|
updateUserAttributes(params: CognitoIdentityServiceProvider.Types.UpdateUserAttributesRequest, callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.UpdateUserAttributesResponse) => void): Request<CognitoIdentityServiceProvider.Types.UpdateUserAttributesResponse, AWSError>;
|
|
794
794
|
/**
|
|
795
|
-
*
|
|
795
|
+
* With this operation, your users can update one or more of their attributes with their own credentials. You authorize this API request with the user's access token. To delete an attribute from your user, submit the attribute in your API request with a blank value. Custom attribute values in this request must include the custom: prefix. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
|
|
796
796
|
*/
|
|
797
797
|
updateUserAttributes(callback?: (err: AWSError, data: CognitoIdentityServiceProvider.Types.UpdateUserAttributesResponse) => void): Request<CognitoIdentityServiceProvider.Types.UpdateUserAttributesResponse, AWSError>;
|
|
798
798
|
/**
|
|
@@ -899,11 +899,11 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
899
899
|
*/
|
|
900
900
|
UserPoolId: UserPoolIdType;
|
|
901
901
|
/**
|
|
902
|
-
* The username
|
|
902
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
903
903
|
*/
|
|
904
904
|
Username: UsernameType;
|
|
905
905
|
/**
|
|
906
|
-
* The group
|
|
906
|
+
* The name of the group that you want to add your user to.
|
|
907
907
|
*/
|
|
908
908
|
GroupName: GroupNameType;
|
|
909
909
|
}
|
|
@@ -913,7 +913,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
913
913
|
*/
|
|
914
914
|
UserPoolId: UserPoolIdType;
|
|
915
915
|
/**
|
|
916
|
-
* The
|
|
916
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
917
917
|
*/
|
|
918
918
|
Username: UsernameType;
|
|
919
919
|
/**
|
|
@@ -929,7 +929,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
929
929
|
*/
|
|
930
930
|
AllowAdminCreateUserOnly?: BooleanType;
|
|
931
931
|
/**
|
|
932
|
-
* The user account expiration limit, in days, after which a new account that hasn't signed in is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter. The default value for this parameter is 7.
|
|
932
|
+
* The user account expiration limit, in days, after which a new account that hasn't signed in is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter. The default value for this parameter is 7. If you set a value for TemporaryPasswordValidityDays in PasswordPolicy, that value will be used, and UnusedAccountValidityDays will be no longer be an available parameter for that user pool.
|
|
933
933
|
*/
|
|
934
934
|
UnusedAccountValidityDays?: AdminCreateUserUnusedAccountValidityDaysType;
|
|
935
935
|
/**
|
|
@@ -951,7 +951,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
951
951
|
*/
|
|
952
952
|
UserAttributes?: AttributeListType;
|
|
953
953
|
/**
|
|
954
|
-
*
|
|
954
|
+
* Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.
|
|
955
955
|
*/
|
|
956
956
|
ValidationData?: AttributeListType;
|
|
957
957
|
/**
|
|
@@ -988,7 +988,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
988
988
|
*/
|
|
989
989
|
UserPoolId: UserPoolIdType;
|
|
990
990
|
/**
|
|
991
|
-
* The user
|
|
991
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
992
992
|
*/
|
|
993
993
|
Username: UsernameType;
|
|
994
994
|
/**
|
|
@@ -1004,7 +1004,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1004
1004
|
*/
|
|
1005
1005
|
UserPoolId: UserPoolIdType;
|
|
1006
1006
|
/**
|
|
1007
|
-
* The
|
|
1007
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1008
1008
|
*/
|
|
1009
1009
|
Username: UsernameType;
|
|
1010
1010
|
}
|
|
@@ -1026,7 +1026,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1026
1026
|
*/
|
|
1027
1027
|
UserPoolId: UserPoolIdType;
|
|
1028
1028
|
/**
|
|
1029
|
-
* The
|
|
1029
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1030
1030
|
*/
|
|
1031
1031
|
Username: UsernameType;
|
|
1032
1032
|
}
|
|
@@ -1038,7 +1038,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1038
1038
|
*/
|
|
1039
1039
|
UserPoolId: UserPoolIdType;
|
|
1040
1040
|
/**
|
|
1041
|
-
* The
|
|
1041
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1042
1042
|
*/
|
|
1043
1043
|
Username: UsernameType;
|
|
1044
1044
|
}
|
|
@@ -1050,7 +1050,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1050
1050
|
*/
|
|
1051
1051
|
UserPoolId: UserPoolIdType;
|
|
1052
1052
|
/**
|
|
1053
|
-
* The user
|
|
1053
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1054
1054
|
*/
|
|
1055
1055
|
Username: UsernameType;
|
|
1056
1056
|
/**
|
|
@@ -1068,7 +1068,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1068
1068
|
*/
|
|
1069
1069
|
UserPoolId: UserPoolIdType;
|
|
1070
1070
|
/**
|
|
1071
|
-
* The user
|
|
1071
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1072
1072
|
*/
|
|
1073
1073
|
Username: UsernameType;
|
|
1074
1074
|
}
|
|
@@ -1084,7 +1084,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1084
1084
|
*/
|
|
1085
1085
|
UserPoolId: UserPoolIdType;
|
|
1086
1086
|
/**
|
|
1087
|
-
* The
|
|
1087
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1088
1088
|
*/
|
|
1089
1089
|
Username: UsernameType;
|
|
1090
1090
|
}
|
|
@@ -1144,7 +1144,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1144
1144
|
*/
|
|
1145
1145
|
AuthParameters?: AuthParametersType;
|
|
1146
1146
|
/**
|
|
1147
|
-
* A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers. You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers: Pre signup Pre authentication User migration When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs. When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input: Post authentication Custom message Pre token generation Create auth challenge Define auth challenge
|
|
1147
|
+
* A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers. You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers: Pre signup Pre authentication User migration When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs. When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input: Post authentication Custom message Pre token generation Create auth challenge Define auth challenge For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide. When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose. Validate the ClientMetadata value. Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
|
|
1148
1148
|
*/
|
|
1149
1149
|
ClientMetadata?: ClientMetadataType;
|
|
1150
1150
|
/**
|
|
@@ -1158,7 +1158,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1158
1158
|
}
|
|
1159
1159
|
export interface AdminInitiateAuthResponse {
|
|
1160
1160
|
/**
|
|
1161
|
-
* The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge. MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to authenticate. SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA. SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS. PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations. CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device. DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only. ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and PASSWORD directly. An app client must be enabled to use this flow. NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge. In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API operation to modify the value of any additional attributes. MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters
|
|
1161
|
+
* The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge. MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to authenticate. SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA. SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS. PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations. CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device. DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only. ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and PASSWORD directly. An app client must be enabled to use this flow. NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge. In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API operation to modify the value of any additional attributes. MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value. To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their account and then call InitiateAuth again to restart sign-in.
|
|
1162
1162
|
*/
|
|
1163
1163
|
ChallengeName?: ChallengeNameType;
|
|
1164
1164
|
/**
|
|
@@ -1196,7 +1196,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1196
1196
|
*/
|
|
1197
1197
|
UserPoolId: UserPoolIdType;
|
|
1198
1198
|
/**
|
|
1199
|
-
* The user
|
|
1199
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1200
1200
|
*/
|
|
1201
1201
|
Username: UsernameType;
|
|
1202
1202
|
/**
|
|
@@ -1204,7 +1204,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1204
1204
|
*/
|
|
1205
1205
|
Limit?: QueryLimitType;
|
|
1206
1206
|
/**
|
|
1207
|
-
* The pagination token.
|
|
1207
|
+
* This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
|
|
1208
1208
|
*/
|
|
1209
1209
|
PaginationToken?: SearchPaginationTokenType;
|
|
1210
1210
|
}
|
|
@@ -1214,13 +1214,13 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1214
1214
|
*/
|
|
1215
1215
|
Devices?: DeviceListType;
|
|
1216
1216
|
/**
|
|
1217
|
-
* The pagination token.
|
|
1217
|
+
* The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
|
|
1218
1218
|
*/
|
|
1219
1219
|
PaginationToken?: SearchPaginationTokenType;
|
|
1220
1220
|
}
|
|
1221
1221
|
export interface AdminListGroupsForUserRequest {
|
|
1222
1222
|
/**
|
|
1223
|
-
* The username
|
|
1223
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1224
1224
|
*/
|
|
1225
1225
|
Username: UsernameType;
|
|
1226
1226
|
/**
|
|
@@ -1252,7 +1252,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1252
1252
|
*/
|
|
1253
1253
|
UserPoolId: UserPoolIdType;
|
|
1254
1254
|
/**
|
|
1255
|
-
* The user
|
|
1255
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1256
1256
|
*/
|
|
1257
1257
|
Username: UsernameType;
|
|
1258
1258
|
/**
|
|
@@ -1280,7 +1280,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1280
1280
|
*/
|
|
1281
1281
|
UserPoolId: UserPoolIdType;
|
|
1282
1282
|
/**
|
|
1283
|
-
* The username
|
|
1283
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1284
1284
|
*/
|
|
1285
1285
|
Username: UsernameType;
|
|
1286
1286
|
/**
|
|
@@ -1294,7 +1294,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1294
1294
|
*/
|
|
1295
1295
|
UserPoolId: UserPoolIdType;
|
|
1296
1296
|
/**
|
|
1297
|
-
* The
|
|
1297
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1298
1298
|
*/
|
|
1299
1299
|
Username: UsernameType;
|
|
1300
1300
|
/**
|
|
@@ -1318,7 +1318,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1318
1318
|
*/
|
|
1319
1319
|
ChallengeName: ChallengeNameType;
|
|
1320
1320
|
/**
|
|
1321
|
-
* The challenge
|
|
1321
|
+
* The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters. You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. SMS_MFA "ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[SMS_code]", "USERNAME": "[username]"} PASSWORD_VERIFIER "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"} Add "DEVICE_KEY" when you sign in with a remembered device. CUSTOM_CHALLENGE "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[challenge_answer]"} Add "DEVICE_KEY" when you sign in with a remembered device. NEW_PASSWORD_REQUIRED "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD": "[new_password]", "USERNAME": "[username]"} To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add "userAttributes.[attribute_name]": "[attribute_value]". This parameter can also set values for writable attributes that aren't required by your user pool. In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes. SOFTWARE_TOKEN_MFA "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME": "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]} DEVICE_SRP_AUTH "ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"} DEVICE_PASSWORD_VERIFIER "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY": "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"} MFA_SETUP "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"}, "SESSION": "[Session ID from VerifySoftwareToken]" SELECT_MFA_TYPE "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"} For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
|
|
1322
1322
|
*/
|
|
1323
1323
|
ChallengeResponses?: ChallengeResponsesType;
|
|
1324
1324
|
/**
|
|
@@ -1366,7 +1366,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1366
1366
|
*/
|
|
1367
1367
|
SoftwareTokenMfaSettings?: SoftwareTokenMfaSettingsType;
|
|
1368
1368
|
/**
|
|
1369
|
-
* The user
|
|
1369
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1370
1370
|
*/
|
|
1371
1371
|
Username: UsernameType;
|
|
1372
1372
|
/**
|
|
@@ -1382,7 +1382,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1382
1382
|
*/
|
|
1383
1383
|
UserPoolId: UserPoolIdType;
|
|
1384
1384
|
/**
|
|
1385
|
-
* The
|
|
1385
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1386
1386
|
*/
|
|
1387
1387
|
Username: UsernameType;
|
|
1388
1388
|
/**
|
|
@@ -1402,7 +1402,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1402
1402
|
*/
|
|
1403
1403
|
UserPoolId: UserPoolIdType;
|
|
1404
1404
|
/**
|
|
1405
|
-
* The user
|
|
1405
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1406
1406
|
*/
|
|
1407
1407
|
Username: UsernameType;
|
|
1408
1408
|
/**
|
|
@@ -1418,7 +1418,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1418
1418
|
*/
|
|
1419
1419
|
UserPoolId: UserPoolIdType;
|
|
1420
1420
|
/**
|
|
1421
|
-
* The user
|
|
1421
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1422
1422
|
*/
|
|
1423
1423
|
Username: UsernameType;
|
|
1424
1424
|
/**
|
|
@@ -1438,7 +1438,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1438
1438
|
*/
|
|
1439
1439
|
UserPoolId: UserPoolIdType;
|
|
1440
1440
|
/**
|
|
1441
|
-
* The user
|
|
1441
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1442
1442
|
*/
|
|
1443
1443
|
Username: UsernameType;
|
|
1444
1444
|
/**
|
|
@@ -1458,7 +1458,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1458
1458
|
*/
|
|
1459
1459
|
UserPoolId: UserPoolIdType;
|
|
1460
1460
|
/**
|
|
1461
|
-
* The
|
|
1461
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1462
1462
|
*/
|
|
1463
1463
|
Username: UsernameType;
|
|
1464
1464
|
/**
|
|
@@ -1478,7 +1478,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1478
1478
|
*/
|
|
1479
1479
|
UserPoolId: UserPoolIdType;
|
|
1480
1480
|
/**
|
|
1481
|
-
* The user
|
|
1481
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1482
1482
|
*/
|
|
1483
1483
|
Username: UsernameType;
|
|
1484
1484
|
}
|
|
@@ -1734,7 +1734,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1734
1734
|
*/
|
|
1735
1735
|
SecretHash?: SecretHashType;
|
|
1736
1736
|
/**
|
|
1737
|
-
* The
|
|
1737
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1738
1738
|
*/
|
|
1739
1739
|
Username: UsernameType;
|
|
1740
1740
|
/**
|
|
@@ -1770,7 +1770,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1770
1770
|
*/
|
|
1771
1771
|
SecretHash?: SecretHashType;
|
|
1772
1772
|
/**
|
|
1773
|
-
* The
|
|
1773
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
1774
1774
|
*/
|
|
1775
1775
|
Username: UsernameType;
|
|
1776
1776
|
/**
|
|
@@ -1953,11 +1953,11 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
1953
1953
|
*/
|
|
1954
1954
|
TokenValidityUnits?: TokenValidityUnitsType;
|
|
1955
1955
|
/**
|
|
1956
|
-
* The read attributes.
|
|
1956
|
+
* The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data. When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
|
|
1957
1957
|
*/
|
|
1958
1958
|
ReadAttributes?: ClientPermissionListType;
|
|
1959
1959
|
/**
|
|
1960
|
-
* The user
|
|
1960
|
+
* The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value. When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes. If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
|
|
1961
1961
|
*/
|
|
1962
1962
|
WriteAttributes?: ClientPermissionListType;
|
|
1963
1963
|
/**
|
|
@@ -2149,22 +2149,22 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
2149
2149
|
}
|
|
2150
2150
|
export interface CustomEmailLambdaVersionConfigType {
|
|
2151
2151
|
/**
|
|
2152
|
-
*
|
|
2152
|
+
* The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features. You must use a LambdaVersion of V1_0 with a custom sender function.
|
|
2153
2153
|
*/
|
|
2154
2154
|
LambdaVersion: CustomEmailSenderLambdaVersionType;
|
|
2155
2155
|
/**
|
|
2156
|
-
* The Amazon Resource Name (ARN) of the
|
|
2156
|
+
* The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
|
|
2157
2157
|
*/
|
|
2158
2158
|
LambdaArn: ArnType;
|
|
2159
2159
|
}
|
|
2160
2160
|
export type CustomEmailSenderLambdaVersionType = "V1_0"|string;
|
|
2161
2161
|
export interface CustomSMSLambdaVersionConfigType {
|
|
2162
2162
|
/**
|
|
2163
|
-
*
|
|
2163
|
+
* The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features. You must use a LambdaVersion of V1_0 with a custom sender function.
|
|
2164
2164
|
*/
|
|
2165
2165
|
LambdaVersion: CustomSMSSenderLambdaVersionType;
|
|
2166
2166
|
/**
|
|
2167
|
-
* The Amazon Resource Name (ARN) of the
|
|
2167
|
+
* The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
|
|
2168
2168
|
*/
|
|
2169
2169
|
LambdaArn: ArnType;
|
|
2170
2170
|
}
|
|
@@ -2552,7 +2552,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
2552
2552
|
*/
|
|
2553
2553
|
UserContextData?: UserContextDataType;
|
|
2554
2554
|
/**
|
|
2555
|
-
* The
|
|
2555
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
2556
2556
|
*/
|
|
2557
2557
|
Username: UsernameType;
|
|
2558
2558
|
/**
|
|
@@ -2845,7 +2845,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
2845
2845
|
*/
|
|
2846
2846
|
AuthParameters?: AuthParametersType;
|
|
2847
2847
|
/**
|
|
2848
|
-
* A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers. You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers: Pre signup Pre authentication User migration When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs. When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input: Post authentication Custom message Pre token generation Create auth challenge Define auth challenge
|
|
2848
|
+
* A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers. You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers: Pre signup Pre authentication User migration When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs. When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input: Post authentication Custom message Pre token generation Create auth challenge Define auth challenge For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide. When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose. Validate the ClientMetadata value. Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
|
|
2849
2849
|
*/
|
|
2850
2850
|
ClientMetadata?: ClientMetadataType;
|
|
2851
2851
|
/**
|
|
@@ -2863,7 +2863,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
2863
2863
|
}
|
|
2864
2864
|
export interface InitiateAuthResponse {
|
|
2865
2865
|
/**
|
|
2866
|
-
* The name of the challenge that you're responding to with this call. This name is returned in the
|
|
2866
|
+
* The name of the challenge that you're responding to with this call. This name is returned in the InitiateAuth response if you must pass another challenge. Valid values include the following: All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the parameters. SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS. PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations. CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device. DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only. NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge. In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes. MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value. To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user should call InitiateAuth again to restart sign-in.
|
|
2867
2867
|
*/
|
|
2868
2868
|
ChallengeName?: ChallengeNameType;
|
|
2869
2869
|
/**
|
|
@@ -2914,9 +2914,13 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
2914
2914
|
*/
|
|
2915
2915
|
VerifyAuthChallengeResponse?: ArnType;
|
|
2916
2916
|
/**
|
|
2917
|
-
*
|
|
2917
|
+
* The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger. Set this parameter for legacy purposes. If you also set an ARN in PreTokenGenerationConfig, its value must be identical to PreTokenGeneration. For new instances of pre token generation triggers, set the LambdaArn of PreTokenGenerationConfig. You can set
|
|
2918
2918
|
*/
|
|
2919
2919
|
PreTokenGeneration?: ArnType;
|
|
2920
|
+
/**
|
|
2921
|
+
* The detailed configuration of a pre token generation trigger. If you also set an ARN in PreTokenGeneration, its value must be identical to PreTokenGenerationConfig.
|
|
2922
|
+
*/
|
|
2923
|
+
PreTokenGenerationConfig?: PreTokenGenerationVersionConfigType;
|
|
2920
2924
|
/**
|
|
2921
2925
|
* The user migration Lambda config type.
|
|
2922
2926
|
*/
|
|
@@ -2944,7 +2948,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
2944
2948
|
*/
|
|
2945
2949
|
Limit?: QueryLimitType;
|
|
2946
2950
|
/**
|
|
2947
|
-
* The pagination token
|
|
2951
|
+
* This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
|
|
2948
2952
|
*/
|
|
2949
2953
|
PaginationToken?: SearchPaginationTokenType;
|
|
2950
2954
|
}
|
|
@@ -2954,7 +2958,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
2954
2958
|
*/
|
|
2955
2959
|
Devices?: DeviceListType;
|
|
2956
2960
|
/**
|
|
2957
|
-
* The pagination token
|
|
2961
|
+
* The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
|
|
2958
2962
|
*/
|
|
2959
2963
|
PaginationToken?: SearchPaginationTokenType;
|
|
2960
2964
|
}
|
|
@@ -3055,7 +3059,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3055
3059
|
*/
|
|
3056
3060
|
MaxResults: PoolQueryLimitType;
|
|
3057
3061
|
/**
|
|
3058
|
-
*
|
|
3062
|
+
* This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
|
|
3059
3063
|
*/
|
|
3060
3064
|
PaginationToken?: PaginationKeyType;
|
|
3061
3065
|
}
|
|
@@ -3065,7 +3069,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3065
3069
|
*/
|
|
3066
3070
|
UserImportJobs?: UserImportJobsListType;
|
|
3067
3071
|
/**
|
|
3068
|
-
*
|
|
3072
|
+
* The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
|
|
3069
3073
|
*/
|
|
3070
3074
|
PaginationToken?: PaginationKeyType;
|
|
3071
3075
|
}
|
|
@@ -3123,7 +3127,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3123
3127
|
*/
|
|
3124
3128
|
GroupName: GroupNameType;
|
|
3125
3129
|
/**
|
|
3126
|
-
* The
|
|
3130
|
+
* The maximum number of users that you want to retrieve before pagination.
|
|
3127
3131
|
*/
|
|
3128
3132
|
Limit?: QueryLimitType;
|
|
3129
3133
|
/**
|
|
@@ -3133,7 +3137,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3133
3137
|
}
|
|
3134
3138
|
export interface ListUsersInGroupResponse {
|
|
3135
3139
|
/**
|
|
3136
|
-
*
|
|
3140
|
+
* A list of users in the group, and their attributes.
|
|
3137
3141
|
*/
|
|
3138
3142
|
Users?: UsersListType;
|
|
3139
3143
|
/**
|
|
@@ -3147,7 +3151,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3147
3151
|
*/
|
|
3148
3152
|
UserPoolId: UserPoolIdType;
|
|
3149
3153
|
/**
|
|
3150
|
-
* A JSON array of user attribute names, for example given_name, that you want Amazon Cognito to include in the response for each user. When you don't provide an AttributesToGet parameter, Amazon Cognito returns all attributes for each user.
|
|
3154
|
+
* A JSON array of user attribute names, for example given_name, that you want Amazon Cognito to include in the response for each user. When you don't provide an AttributesToGet parameter, Amazon Cognito returns all attributes for each user. Use AttributesToGet with required attributes in your user pool, or in conjunction with Filter. Amazon Cognito returns an error if not all users in the results have set a value for the attribute you request. Attributes that you can't filter on, including custom attributes, must have a value set in every user profile before an AttributesToGet parameter returns results.
|
|
3151
3155
|
*/
|
|
3152
3156
|
AttributesToGet?: SearchedAttributeNamesListType;
|
|
3153
3157
|
/**
|
|
@@ -3155,7 +3159,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3155
3159
|
*/
|
|
3156
3160
|
Limit?: QueryLimitType;
|
|
3157
3161
|
/**
|
|
3158
|
-
*
|
|
3162
|
+
* This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
|
|
3159
3163
|
*/
|
|
3160
3164
|
PaginationToken?: SearchPaginationTokenType;
|
|
3161
3165
|
/**
|
|
@@ -3169,7 +3173,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3169
3173
|
*/
|
|
3170
3174
|
Users?: UsersListType;
|
|
3171
3175
|
/**
|
|
3172
|
-
*
|
|
3176
|
+
* The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
|
|
3173
3177
|
*/
|
|
3174
3178
|
PaginationToken?: SearchPaginationTokenType;
|
|
3175
3179
|
}
|
|
@@ -3314,13 +3318,24 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3314
3318
|
*/
|
|
3315
3319
|
RequireSymbols?: BooleanType;
|
|
3316
3320
|
/**
|
|
3317
|
-
* The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.
|
|
3321
|
+
* The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to 7. If you submit a value of 0, Amazon Cognito treats it as a null value and sets TemporaryPasswordValidityDays to its default value. When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.
|
|
3318
3322
|
*/
|
|
3319
3323
|
TemporaryPasswordValidityDays?: TemporaryPasswordValidityDaysType;
|
|
3320
3324
|
}
|
|
3321
3325
|
export type PasswordType = string;
|
|
3322
3326
|
export type PoolQueryLimitType = number;
|
|
3323
3327
|
export type PreSignedUrlType = string;
|
|
3328
|
+
export type PreTokenGenerationLambdaVersionType = "V1_0"|"V2_0"|string;
|
|
3329
|
+
export interface PreTokenGenerationVersionConfigType {
|
|
3330
|
+
/**
|
|
3331
|
+
* The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features.
|
|
3332
|
+
*/
|
|
3333
|
+
LambdaVersion: PreTokenGenerationLambdaVersionType;
|
|
3334
|
+
/**
|
|
3335
|
+
* The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger. This parameter and the PreTokenGeneration property of LambdaConfig have the same value. For new instances of pre token generation triggers, set LambdaArn.
|
|
3336
|
+
*/
|
|
3337
|
+
LambdaArn: ArnType;
|
|
3338
|
+
}
|
|
3324
3339
|
export type PrecedenceType = number;
|
|
3325
3340
|
export type PreventUserExistenceErrorTypes = "LEGACY"|"ENABLED"|string;
|
|
3326
3341
|
export type PriorityType = number;
|
|
@@ -3391,7 +3406,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3391
3406
|
*/
|
|
3392
3407
|
UserContextData?: UserContextDataType;
|
|
3393
3408
|
/**
|
|
3394
|
-
* The username
|
|
3409
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
3395
3410
|
*/
|
|
3396
3411
|
Username: UsernameType;
|
|
3397
3412
|
/**
|
|
@@ -3457,7 +3472,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3457
3472
|
*/
|
|
3458
3473
|
Session?: SessionType;
|
|
3459
3474
|
/**
|
|
3460
|
-
* The challenge
|
|
3475
|
+
* The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters. You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. SMS_MFA "ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[SMS_code]", "USERNAME": "[username]"} PASSWORD_VERIFIER "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"} Add "DEVICE_KEY" when you sign in with a remembered device. CUSTOM_CHALLENGE "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[challenge_answer]"} Add "DEVICE_KEY" when you sign in with a remembered device. NEW_PASSWORD_REQUIRED "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD": "[new_password]", "USERNAME": "[username]"} To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add "userAttributes.[attribute_name]": "[attribute_value]". This parameter can also set values for writable attributes that aren't required by your user pool. In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes. SOFTWARE_TOKEN_MFA "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME": "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]} DEVICE_SRP_AUTH "ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"} DEVICE_PASSWORD_VERIFIER "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY": "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"} MFA_SETUP "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"}, "SESSION": "[Session ID from VerifySoftwareToken]" SELECT_MFA_TYPE "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"} For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
|
|
3461
3476
|
*/
|
|
3462
3477
|
ChallengeResponses?: ChallengeResponsesType;
|
|
3463
3478
|
/**
|
|
@@ -3559,11 +3574,11 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3559
3574
|
}
|
|
3560
3575
|
export interface SchemaAttributeType {
|
|
3561
3576
|
/**
|
|
3562
|
-
* The name of your user pool attribute,
|
|
3577
|
+
* The name of your user pool attribute. When you create or update a user pool, adding a schema attribute creates a custom or developer-only attribute. When you add an attribute with a Name value of MyAttribute, Amazon Cognito creates the custom attribute custom:MyAttribute. When DeveloperOnlyAttribute is true, Amazon Cognito creates your attribute as dev:MyAttribute. In an operation that describes a user pool, Amazon Cognito returns this value as value for standard attributes, custom:value for custom attributes, and dev:value for developer-only attributes..
|
|
3563
3578
|
*/
|
|
3564
3579
|
Name?: CustomAttributeNameType;
|
|
3565
3580
|
/**
|
|
3566
|
-
* The data format of the values for your attribute.
|
|
3581
|
+
* The data format of the values for your attribute. When you choose an AttributeDataType, Amazon Cognito validates the input against the data type. A custom attribute value in your user's ID token is always a string, for example "custom:isMember" : "true" or "custom:YearsAsMember" : "12".
|
|
3567
3582
|
*/
|
|
3568
3583
|
AttributeDataType?: AttributeDataType;
|
|
3569
3584
|
/**
|
|
@@ -3733,7 +3748,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3733
3748
|
*/
|
|
3734
3749
|
SecretHash?: SecretHashType;
|
|
3735
3750
|
/**
|
|
3736
|
-
* The
|
|
3751
|
+
* The username of the user that you want to sign up. The value of this parameter is typically a username, but can be any alias attribute in your user pool.
|
|
3737
3752
|
*/
|
|
3738
3753
|
Username: UsernameType;
|
|
3739
3754
|
/**
|
|
@@ -3745,7 +3760,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3745
3760
|
*/
|
|
3746
3761
|
UserAttributes?: AttributeListType;
|
|
3747
3762
|
/**
|
|
3748
|
-
*
|
|
3763
|
+
* Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.
|
|
3749
3764
|
*/
|
|
3750
3765
|
ValidationData?: AttributeListType;
|
|
3751
3766
|
/**
|
|
@@ -3942,7 +3957,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
3942
3957
|
*/
|
|
3943
3958
|
UserPoolId: UserPoolIdType;
|
|
3944
3959
|
/**
|
|
3945
|
-
* The user
|
|
3960
|
+
* The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, you can also use their sub in this request.
|
|
3946
3961
|
*/
|
|
3947
3962
|
Username: UsernameType;
|
|
3948
3963
|
/**
|
|
@@ -4106,11 +4121,11 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
4106
4121
|
*/
|
|
4107
4122
|
TokenValidityUnits?: TokenValidityUnitsType;
|
|
4108
4123
|
/**
|
|
4109
|
-
* The read-only
|
|
4124
|
+
* The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data. When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
|
|
4110
4125
|
*/
|
|
4111
4126
|
ReadAttributes?: ClientPermissionListType;
|
|
4112
4127
|
/**
|
|
4113
|
-
* The
|
|
4128
|
+
* The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value. When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes. If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
|
|
4114
4129
|
*/
|
|
4115
4130
|
WriteAttributes?: ClientPermissionListType;
|
|
4116
4131
|
/**
|
|
@@ -4411,11 +4426,11 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
4411
4426
|
*/
|
|
4412
4427
|
TokenValidityUnits?: TokenValidityUnitsType;
|
|
4413
4428
|
/**
|
|
4414
|
-
* The
|
|
4429
|
+
* The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data. When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
|
|
4415
4430
|
*/
|
|
4416
4431
|
ReadAttributes?: ClientPermissionListType;
|
|
4417
4432
|
/**
|
|
4418
|
-
* The
|
|
4433
|
+
* The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value. When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes. If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
|
|
4419
4434
|
*/
|
|
4420
4435
|
WriteAttributes?: ClientPermissionListType;
|
|
4421
4436
|
/**
|
|
@@ -4531,7 +4546,7 @@ declare namespace CognitoIdentityServiceProvider {
|
|
|
4531
4546
|
*/
|
|
4532
4547
|
LambdaConfig?: LambdaConfigType;
|
|
4533
4548
|
/**
|
|
4534
|
-
*
|
|
4549
|
+
* This parameter is no longer used.
|
|
4535
4550
|
*/
|
|
4536
4551
|
Status?: StatusType;
|
|
4537
4552
|
/**
|