class Aws::CognitoIdentityProvider::Client

An API client for CognitoIdentityProvider. To construct a client, you need to configure a `:region` and `:credentials`.

client = Aws::CognitoIdentityProvider::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).

See {#initialize} for a full list of supported configuration options.

Attributes

identifier[R]

@api private

Public Class Methods

errors_module() click to toggle source

@api private

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 7524
def errors_module
  Errors
end
new(*args) click to toggle source

@overload initialize(options)

@param [Hash] options
@option options [required, Aws::CredentialProvider] :credentials
  Your AWS credentials. This can be an instance of any one of the
  following classes:

  * `Aws::Credentials` - Used for configuring static, non-refreshing
    credentials.

  * `Aws::SharedCredentials` - Used for loading static credentials from a
    shared file, such as `~/.aws/config`.

  * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.

  * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
    assume a role after providing credentials via the web.

  * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
    access token generated from `aws login`.

  * `Aws::ProcessCredentials` - Used for loading credentials from a
    process that outputs to stdout.

  * `Aws::InstanceProfileCredentials` - Used for loading credentials
    from an EC2 IMDS on an EC2 instance.

  * `Aws::ECSCredentials` - Used for loading credentials from
    instances running in ECS.

  * `Aws::CognitoIdentityCredentials` - Used for loading credentials
    from the Cognito Identity service.

  When `:credentials` are not configured directly, the following
  locations will be searched for credentials:

  * `Aws.config[:credentials]`
  * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
  * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
  * `~/.aws/credentials`
  * `~/.aws/config`
  * EC2/ECS IMDS instance profile - When used by default, the timeouts
    are very aggressive. Construct and pass an instance of
    `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
    enable retries and extended timeouts.

@option options [required, String] :region
  The AWS region to connect to.  The configured `:region` is
  used to determine the service `:endpoint`. When not passed,
  a default `:region` is searched for in the following locations:

  * `Aws.config[:region]`
  * `ENV['AWS_REGION']`
  * `ENV['AMAZON_REGION']`
  * `ENV['AWS_DEFAULT_REGION']`
  * `~/.aws/credentials`
  * `~/.aws/config`

@option options [String] :access_key_id

@option options [Boolean] :active_endpoint_cache (false)
  When set to `true`, a thread polling for endpoints will be running in
  the background every 60 secs (default). Defaults to `false`.

@option options [Boolean] :adaptive_retry_wait_to_fill (true)
  Used only in `adaptive` retry mode.  When true, the request will sleep
  until there is sufficent client side capacity to retry the request.
  When false, the request will raise a `RetryCapacityNotAvailableError` and will
  not retry instead of sleeping.

@option options [Boolean] :client_side_monitoring (false)
  When `true`, client-side metrics will be collected for all API requests from
  this client.

@option options [String] :client_side_monitoring_client_id ("")
  Allows you to provide an identifier for this client which will be attached to
  all generated client side metrics. Defaults to an empty string.

@option options [String] :client_side_monitoring_host ("127.0.0.1")
  Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
  side monitoring agent is running on, where client metrics will be published via UDP.

@option options [Integer] :client_side_monitoring_port (31000)
  Required for publishing client metrics. The port that the client side monitoring
  agent is running on, where client metrics will be published via UDP.

@option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher)
  Allows you to provide a custom client-side monitoring publisher class. By default,
  will use the Client Side Monitoring Agent Publisher.

@option options [Boolean] :convert_params (true)
  When `true`, an attempt is made to coerce request parameters into
  the required types.

@option options [Boolean] :correct_clock_skew (true)
  Used only in `standard` and adaptive retry modes. Specifies whether to apply
  a clock skew correction and retry requests with skewed client clocks.

@option options [Boolean] :disable_host_prefix_injection (false)
  Set to true to disable SDK automatically adding host prefix
  to default service endpoint when available.

@option options [String] :endpoint
  The client endpoint is normally constructed from the `:region`
  option. You should only configure an `:endpoint` when connecting
  to test or custom endpoints. This should be a valid HTTP(S) URI.

@option options [Integer] :endpoint_cache_max_entries (1000)
  Used for the maximum size limit of the LRU cache storing endpoints data
  for endpoint discovery enabled operations. Defaults to 1000.

@option options [Integer] :endpoint_cache_max_threads (10)
  Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

@option options [Integer] :endpoint_cache_poll_interval (60)
  When :endpoint_discovery and :active_endpoint_cache is enabled,
  Use this option to config the time interval in seconds for making
  requests fetching endpoints information. Defaults to 60 sec.

@option options [Boolean] :endpoint_discovery (false)
  When set to `true`, endpoint discovery will be enabled for operations when available.

@option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
  The log formatter.

@option options [Symbol] :log_level (:info)
  The log level to send messages to the `:logger` at.

@option options [Logger] :logger
  The Logger instance to send log messages to.  If this option
  is not set, logging will be disabled.

@option options [Integer] :max_attempts (3)
  An integer representing the maximum number attempts that will be made for
  a single request, including the initial attempt.  For example,
  setting this value to 5 will result in a request being retried up to
  4 times. Used in `standard` and `adaptive` retry modes.

@option options [String] :profile ("default")
  Used when loading credentials from the shared credentials file
  at HOME/.aws/credentials.  When not specified, 'default' is used.

@option options [Proc] :retry_backoff
  A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
  This option is only used in the `legacy` retry mode.

@option options [Float] :retry_base_delay (0.3)
  The base delay in seconds used by the default backoff function. This option
  is only used in the `legacy` retry mode.

@option options [Symbol] :retry_jitter (:none)
  A delay randomiser function used by the default backoff function.
  Some predefined functions can be referenced by name - :none, :equal, :full,
  otherwise a Proc that takes and returns a number. This option is only used
  in the `legacy` retry mode.

  @see https://www.awsarchitectureblog.com/2015/03/backoff.html

@option options [Integer] :retry_limit (3)
  The maximum number of times to retry failed requests.  Only
  ~ 500 level server errors and certain ~ 400 level client errors
  are retried.  Generally, these are throttling errors, data
  checksum errors, networking errors, timeout errors, auth errors,
  endpoint discovery, and errors from expired credentials.
  This option is only used in the `legacy` retry mode.

@option options [Integer] :retry_max_delay (0)
  The maximum number of seconds to delay between retries (0 for no limit)
  used by the default backoff function. This option is only used in the
  `legacy` retry mode.

@option options [String] :retry_mode ("legacy")
  Specifies which retry algorithm to use. Values are:

  * `legacy` - The pre-existing retry behavior.  This is default value if
    no retry mode is provided.

  * `standard` - A standardized set of retry rules across the AWS SDKs.
    This includes support for retry quotas, which limit the number of
    unsuccessful retries a client can make.

  * `adaptive` - An experimental retry mode that includes all the
    functionality of `standard` mode along with automatic client side
    throttling.  This is a provisional mode that may change behavior
    in the future.

@option options [String] :secret_access_key

@option options [String] :session_token

@option options [Boolean] :simple_json (false)
  Disables request parameter conversion, validation, and formatting.
  Also disable response data type conversions. This option is useful
  when you want to ensure the highest level of performance by
  avoiding overhead of walking request parameters and response data
  structures.

  When `:simple_json` is enabled, the request parameters hash must
  be formatted exactly as the DynamoDB API expects.

@option options [Boolean] :stub_responses (false)
  Causes the client to return stubbed responses. By default
  fake responses are generated and returned. You can specify
  the response data to return or errors to raise by calling
  {ClientStubs#stub_responses}. See {ClientStubs} for more information.

  ** Please note ** When response stubbing is enabled, no HTTP
  requests are made, and retries are disabled.

@option options [Boolean] :validate_params (true)
  When `true`, request parameters are validated before
  sending the request.

@option options [URI::HTTP,String] :http_proxy A proxy to send
  requests through.  Formatted like 'http://proxy.com:123'.

@option options [Float] :http_open_timeout (15) The number of
  seconds to wait when opening a HTTP session before raising a
  `Timeout::Error`.

@option options [Integer] :http_read_timeout (60) The default
  number of seconds to wait for response data.  This value can
  safely be set per-request on the session.

@option options [Float] :http_idle_timeout (5) The number of
  seconds a connection is allowed to sit idle before it is
  considered stale.  Stale connections are closed and removed
  from the pool before making a request.

@option options [Float] :http_continue_timeout (1) The number of
  seconds to wait for a 100-continue response before sending the
  request body.  This option has no effect unless the request has
  "Expect" header set to "100-continue".  Defaults to `nil` which
  disables this behaviour.  This value can safely be set per
  request on the session.

@option options [Boolean] :http_wire_trace (false) When `true`,
  HTTP debug output will be sent to the `:logger`.

@option options [Boolean] :ssl_verify_peer (true) When `true`,
  SSL peer certificates are verified when establishing a
  connection.

@option options [String] :ssl_ca_bundle Full path to the SSL
  certificate authority bundle file that should be used when
  verifying peer certificates.  If you do not pass
  `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
  will be used if available.

@option options [String] :ssl_ca_directory Full path of the
  directory that contains the unbundled SSL certificate
  authority files for verifying peer certificates.  If you do
  not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
  system default will be used if available.
Calls superclass method
# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 334
def initialize(*args)
  super
end

Public Instance Methods

add_custom_attributes(params = {}, options = {}) click to toggle source

Adds additional user attributes to the user pool schema.

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to add custom
attributes.

@option params [required, Array<Types::SchemaAttributeType>] :custom_attributes

An array of custom attributes, such as Mutable and Name.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.add_custom_attributes({
  user_pool_id: "UserPoolIdType", # required
  custom_attributes: [ # required
    {
      name: "CustomAttributeNameType",
      attribute_data_type: "String", # accepts String, Number, DateTime, Boolean
      developer_only_attribute: false,
      mutable: false,
      required: false,
      number_attribute_constraints: {
        min_value: "StringType",
        max_value: "StringType",
      },
      string_attribute_constraints: {
        min_length: "StringType",
        max_length: "StringType",
      },
    },
  ],
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AddCustomAttributes AWS API Documentation

@overload add_custom_attributes(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 378
def add_custom_attributes(params = {}, options = {})
  req = build_request(:add_custom_attributes, params)
  req.send_request(options)
end
admin_add_user_to_group(params = {}, options = {}) click to toggle source

Adds the specified user to the specified group.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [required, String] :username

The username for the user.

@option params [required, String] :group_name

The group name.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_add_user_to_group({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  group_name: "GroupNameType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminAddUserToGroup AWS API Documentation

@overload admin_add_user_to_group(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 410
def admin_add_user_to_group(params = {}, options = {})
  req = build_request(:admin_add_user_to_group, params)
  req.send_request(options)
end
admin_confirm_sign_up(params = {}, options = {}) click to toggle source

Confirms user registration as an admin without using a confirmation code. Works on any user.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for which you want to confirm user registration.

@option params [required, String] :username

The user name for which you want to confirm user registration.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

If your user pool configuration includes triggers, the
AdminConfirmSignUp API action invokes the Lambda function that is
specified for the *post confirmation* trigger. When Amazon Cognito
invokes this function, it passes a JSON payload, which the function
receives as input. In this payload, the `clientMetadata` attribute
provides the data that you assigned to the ClientMetadata parameter in
your AdminConfirmSignUp request. In your function code in Lambda, you
can process the ClientMetadata value to enhance your workflow for your
specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_confirm_sign_up({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  client_metadata: {
    "StringType" => "StringType",
  },
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminConfirmSignUp AWS API Documentation

@overload admin_confirm_sign_up(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 479
def admin_confirm_sign_up(params = {}, options = {})
  req = build_request(:admin_confirm_sign_up, params)
  req.send_request(options)
end
admin_create_user(params = {}, options = {}) click to toggle source

Creates a new user in the specified user pool.

If `MessageAction` is not set, the default is to send a welcome message via email or phone (SMS).

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.

Alternatively, you can call `AdminCreateUser` with “SUPPRESS” for the `MessageAction` parameter, and Amazon Cognito will not send any email.

In either case, the user will be in the `FORCE_CHANGE_PASSWORD` state until they sign in and change their password.

`AdminCreateUser` requires developer credentials.

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :user_pool_id

The user pool ID for the user pool where the user will be created.

@option params [required, String] :username

The username for the user. Must be unique within the user pool. Must
be a UTF-8 string between 1 and 128 characters. After the user is
created, the username cannot be changed.

@option params [Array<Types::AttributeType>] :user_attributes

An array of name-value pairs that contain user attributes and
attribute values to be set for the user to be created. You can create
a user without specifying any attributes other than `Username`.
However, any attributes that you specify as required (when creating a
user pool or in the **Attributes** tab of the console) must be
supplied either by you (in your call to `AdminCreateUser`) or by the
user (when he or she signs up in response to your welcome message).

For custom attributes, you must prepend the `custom:` prefix to the
attribute name.

To send a message inviting the user to sign up, you must specify the
user's email address or phone number. This can be done in your call
to AdminCreateUser or in the **Users** tab of the Amazon Cognito
console for managing your user pools.

In your call to `AdminCreateUser`, you can set the `email_verified`
attribute to `True`, and you can set the `phone_number_verified`
attribute to `True`. (You can also do this by calling
[AdminUpdateUserAttributes][1].)

* **email**\: The email address of the user to whom the message that
  contains the code and username will be sent. Required if the
  `email_verified` attribute is set to `True`, or if `"EMAIL"` is
  specified in the `DesiredDeliveryMediums` parameter.

* **phone\_number**\: The phone number of the user to whom the message
  that contains the code and username will be sent. Required if the
  `phone_number_verified` attribute is set to `True`, or if `"SMS"` is
  specified in the `DesiredDeliveryMediums` parameter.

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html

@option params [Array<Types::AttributeType>] :validation_data

The user's validation data. This is an array of name-value pairs that
contain user attributes and attribute values that you can use for
custom validation, such as restricting the types of user accounts that
can be registered. For example, you might choose to allow or disallow
user sign-up based on the user's domain.

To configure custom validation, you must create a Pre Sign-up Lambda
trigger for the user pool as described in the Amazon Cognito Developer
Guide. The Lambda trigger receives the validation data and uses it in
the validation process.

The user's validation data is not persisted.

@option params [String] :temporary_password

The user's temporary password. This password must conform to the
password policy that you specified when you created the user pool.

The temporary password is valid only once. To complete the Admin
Create User flow, the user must enter the temporary password in the
sign-in page along with a new password to be used in all future
sign-ins.

This parameter is not required. If you do not specify a value, Amazon
Cognito generates one for you.

The temporary password can only be used until the user account
expiration limit that you specified when you created the user pool. To
reset the account after that time limit, you must call
`AdminCreateUser` again, specifying `"RESEND"` for the `MessageAction`
parameter.

@option params [Boolean] :force_alias_creation

This parameter is only used if the `phone_number_verified` or
`email_verified` attribute is set to `True`. Otherwise, it is ignored.

If this parameter is set to `True` and the phone number or email
address specified in the UserAttributes parameter already exists as an
alias with a different user, the API call will migrate the alias from
the previous user to the newly created user. The previous user will no
longer be able to log in using that alias.

If this parameter is set to `False`, the API throws an
`AliasExistsException` error if the alias already exists. The default
value is `False`.

@option params [String] :message_action

Set to `"RESEND"` to resend the invitation message to a user that
already exists and reset the expiration limit on the user's account.
Set to `"SUPPRESS"` to suppress sending the message. Only one value
can be specified.

@option params [Array<String>] :desired_delivery_mediums

Specify `"EMAIL"` if email will be used to send the welcome message.
Specify `"SMS"` if the phone number will be used. The default value is
`"SMS"`. More than one value can be specified.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the AdminCreateUser API action, Amazon Cognito
invokes the function that is assigned to the *pre sign-up* trigger.
When Amazon Cognito invokes this function, it passes a JSON payload,
which the function receives as input. This payload contains a
`clientMetadata` attribute, which provides the data that you assigned
to the ClientMetadata parameter in your AdminCreateUser request. In
your function code in Lambda, you can process the `clientMetadata`
value to enhance your workflow for your specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Types::AdminCreateUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::AdminCreateUserResponse#user #user} => Types::UserType

@example Request syntax with placeholder values

resp = client.admin_create_user({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  user_attributes: [
    {
      name: "AttributeNameType", # required
      value: "AttributeValueType",
    },
  ],
  validation_data: [
    {
      name: "AttributeNameType", # required
      value: "AttributeValueType",
    },
  ],
  temporary_password: "PasswordType",
  force_alias_creation: false,
  message_action: "RESEND", # accepts RESEND, SUPPRESS
  desired_delivery_mediums: ["SMS"], # accepts SMS, EMAIL
  client_metadata: {
    "StringType" => "StringType",
  },
})

@example Response structure

resp.user.username #=> String
resp.user.attributes #=> Array
resp.user.attributes[0].name #=> String
resp.user.attributes[0].value #=> String
resp.user.user_create_date #=> Time
resp.user.user_last_modified_date #=> Time
resp.user.enabled #=> Boolean
resp.user.user_status #=> String, one of "UNCONFIRMED", "CONFIRMED", "ARCHIVED", "COMPROMISED", "UNKNOWN", "RESET_REQUIRED", "FORCE_CHANGE_PASSWORD"
resp.user.mfa_options #=> Array
resp.user.mfa_options[0].delivery_medium #=> String, one of "SMS", "EMAIL"
resp.user.mfa_options[0].attribute_name #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminCreateUser AWS API Documentation

@overload admin_create_user(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 714
def admin_create_user(params = {}, options = {})
  req = build_request(:admin_create_user, params)
  req.send_request(options)
end
admin_delete_user(params = {}, options = {}) click to toggle source

Deletes a user as an administrator. Works on any user.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to delete the user.

@option params [required, String] :username

The user name of the user you wish to delete.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_delete_user({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminDeleteUser AWS API Documentation

@overload admin_delete_user(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 742
def admin_delete_user(params = {}, options = {})
  req = build_request(:admin_delete_user, params)
  req.send_request(options)
end
admin_delete_user_attributes(params = {}, options = {}) click to toggle source

Deletes the user attributes in a user pool as an administrator. Works on any user.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to delete user
attributes.

@option params [required, String] :username

The user name of the user from which you would like to delete
attributes.

@option params [required, Array<String>] :user_attribute_names

An array of strings representing the user attribute names you wish to
delete.

For custom attributes, you must prepend the `custom:` prefix to the
attribute name.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_delete_user_attributes({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  user_attribute_names: ["AttributeNameType"], # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminDeleteUserAttributes AWS API Documentation

@overload admin_delete_user_attributes(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 781
def admin_delete_user_attributes(params = {}, options = {})
  req = build_request(:admin_delete_user_attributes, params)
  req.send_request(options)
end
admin_disable_provider_for_user(params = {}, options = {}) click to toggle source

Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Cognito User Pools native username + password user, they are not permitted to use their password to sign-in. If the user to disable is a linked external IdP user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked `DestinationUser`) signs in, they must create a new user account. See [AdminLinkProviderForUser].

This action is enabled only for admin access and requires developer credentials.

The `ProviderName` must match the value specified when creating an IdP for the pool.

To disable a native username + password user, the `ProviderName` value must be `Cognito` and the `ProviderAttributeName` must be `Cognito_Subject`, with the `ProviderAttributeValue` being the name that is used in the user pool for the user.

The `ProviderAttributeName` must always be `Cognito_Subject` for social identity providers. The `ProviderAttributeValue` must always be the exact subject that was used when the user was originally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign-in, the `ProviderAttributeName` and `ProviderAttributeValue` must be the same values that were used for the `SourceUser` when the identities were originally linked using ` AdminLinkProviderForUser` call. (If the linking was done with `ProviderAttributeName` set to `Cognito_Subject`, the same applies here). However, if the user has already signed in, the `ProviderAttributeName` must be `Cognito_Subject` and `ProviderAttributeValue` must be the subject of the SAML assertion.

[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [required, Types::ProviderUserIdentifierType] :user

The user to be disabled.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_disable_provider_for_user({
  user_pool_id: "StringType", # required
  user: { # required
    provider_name: "ProviderNameType",
    provider_attribute_name: "StringType",
    provider_attribute_value: "StringType",
  },
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminDisableProviderForUser AWS API Documentation

@overload admin_disable_provider_for_user(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 848
def admin_disable_provider_for_user(params = {}, options = {})
  req = build_request(:admin_disable_provider_for_user, params)
  req.send_request(options)
end
admin_disable_user(params = {}, options = {}) click to toggle source

Disables the specified user.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to disable the user.

@option params [required, String] :username

The user name of the user you wish to disable.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_disable_user({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminDisableUser AWS API Documentation

@overload admin_disable_user(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 876
def admin_disable_user(params = {}, options = {})
  req = build_request(:admin_disable_user, params)
  req.send_request(options)
end
admin_enable_user(params = {}, options = {}) click to toggle source

Enables the specified user as an administrator. Works on any user.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to enable the user.

@option params [required, String] :username

The user name of the user you wish to enable.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_enable_user({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminEnableUser AWS API Documentation

@overload admin_enable_user(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 904
def admin_enable_user(params = {}, options = {})
  req = build_request(:admin_enable_user, params)
  req.send_request(options)
end
admin_forget_device(params = {}, options = {}) click to toggle source

Forgets the device, as an administrator.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :username

The user name.

@option params [required, String] :device_key

The device key.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_forget_device({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  device_key: "DeviceKeyType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminForgetDevice AWS API Documentation

@overload admin_forget_device(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 936
def admin_forget_device(params = {}, options = {})
  req = build_request(:admin_forget_device, params)
  req.send_request(options)
end
admin_get_device(params = {}, options = {}) click to toggle source

Gets the device, as an administrator.

Calling this action requires developer credentials.

@option params [required, String] :device_key

The device key.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :username

The user name.

@return [Types::AdminGetDeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::AdminGetDeviceResponse#device #device} => Types::DeviceType

@example Request syntax with placeholder values

resp = client.admin_get_device({
  device_key: "DeviceKeyType", # required
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
})

@example Response structure

resp.device.device_key #=> String
resp.device.device_attributes #=> Array
resp.device.device_attributes[0].name #=> String
resp.device.device_attributes[0].value #=> String
resp.device.device_create_date #=> Time
resp.device.device_last_modified_date #=> Time
resp.device.device_last_authenticated_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminGetDevice AWS API Documentation

@overload admin_get_device(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 980
def admin_get_device(params = {}, options = {})
  req = build_request(:admin_get_device, params)
  req.send_request(options)
end
admin_get_user(params = {}, options = {}) click to toggle source

Gets the specified user by user name in a user pool as an administrator. Works on any user.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to get information
about the user.

@option params [required, String] :username

The user name of the user you wish to retrieve.

@return [Types::AdminGetUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::AdminGetUserResponse#username #username} => String
* {Types::AdminGetUserResponse#user_attributes #user_attributes} => Array&lt;Types::AttributeType&gt;
* {Types::AdminGetUserResponse#user_create_date #user_create_date} => Time
* {Types::AdminGetUserResponse#user_last_modified_date #user_last_modified_date} => Time
* {Types::AdminGetUserResponse#enabled #enabled} => Boolean
* {Types::AdminGetUserResponse#user_status #user_status} => String
* {Types::AdminGetUserResponse#mfa_options #mfa_options} => Array&lt;Types::MFAOptionType&gt;
* {Types::AdminGetUserResponse#preferred_mfa_setting #preferred_mfa_setting} => String
* {Types::AdminGetUserResponse#user_mfa_setting_list #user_mfa_setting_list} => Array&lt;String&gt;

@example Request syntax with placeholder values

resp = client.admin_get_user({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
})

@example Response structure

resp.username #=> String
resp.user_attributes #=> Array
resp.user_attributes[0].name #=> String
resp.user_attributes[0].value #=> String
resp.user_create_date #=> Time
resp.user_last_modified_date #=> Time
resp.enabled #=> Boolean
resp.user_status #=> String, one of "UNCONFIRMED", "CONFIRMED", "ARCHIVED", "COMPROMISED", "UNKNOWN", "RESET_REQUIRED", "FORCE_CHANGE_PASSWORD"
resp.mfa_options #=> Array
resp.mfa_options[0].delivery_medium #=> String, one of "SMS", "EMAIL"
resp.mfa_options[0].attribute_name #=> String
resp.preferred_mfa_setting #=> String
resp.user_mfa_setting_list #=> Array
resp.user_mfa_setting_list[0] #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminGetUser AWS API Documentation

@overload admin_get_user(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1037
def admin_get_user(params = {}, options = {})
  req = build_request(:admin_get_user, params)
  req.send_request(options)
end
admin_initiate_auth(params = {}, options = {}) click to toggle source

Initiates the authentication flow, as an administrator.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

Calling this action requires developer credentials.

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :user_pool_id

The ID of the Amazon Cognito user pool.

@option params [required, String] :client_id

The app client ID.

@option params [required, String] :auth_flow

The authentication flow for this call to execute. The API action will
depend on this value. For example:

* `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
  new tokens.

* `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
  SRP variables to be used for next challenge execution.

* `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
  return the next challenge or tokens.

Valid values include:

* `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
  (SRP) protocol.

* `REFRESH_TOKEN_AUTH`/`REFRESH_TOKEN`\: Authentication flow for
  refreshing the access token and ID token by supplying a valid
  refresh token.

* `CUSTOM_AUTH`\: Custom authentication flow.

* `ADMIN_NO_SRP_AUTH`\: Non-SRP authentication flow; you can pass in
  the USERNAME and PASSWORD directly if the flow is enabled for
  calling the app client.

* `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
  PASSWORD are passed directly. If a user migration Lambda trigger is
  set, this flow will invoke the user migration Lambda if the USERNAME
  is not found in the user pool.

* `ADMIN_USER_PASSWORD_AUTH`\: Admin-based user password
  authentication. This replaces the `ADMIN_NO_SRP_AUTH` authentication
  flow. In this flow, Cognito receives the password in the request
  instead of using the SRP process to verify passwords.

@option params [Hash<String,String>] :auth_parameters

The authentication parameters. These are inputs corresponding to the
`AuthFlow` that you are invoking. The required values depend on the
value of `AuthFlow`\:

* For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
  `SECRET_HASH` (required if the app client is configured with a
  client secret), `DEVICE_KEY`.

* For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
  `SECRET_HASH` (required if the app client is configured with a
  client secret), `DEVICE_KEY`.

* For `ADMIN_NO_SRP_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if
  app client is configured with client secret), `PASSWORD` (required),
  `DEVICE_KEY`.

* For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
  client is configured with client secret), `DEVICE_KEY`. To start the
  authentication flow with password verification, include
  `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for
certain custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the AdminInitiateAuth API action, Amazon
Cognito invokes the Lambda functions that are specified for various
triggers. The ClientMetadata value is passed as input to the functions
for only the following triggers:

* Pre signup

* Pre authentication

* User migration

When Amazon Cognito invokes the functions for these triggers, it
passes a JSON payload, which the function receives as input. This
payload contains a `validationData` attribute, which provides the data
that you assigned to the ClientMetadata parameter in your
AdminInitiateAuth request. In your function code in Lambda, you can
process the `validationData` value to enhance your workflow for your
specific needs.

When you use the AdminInitiateAuth API action, Amazon Cognito also
invokes the functions for the following triggers, but it does not
provide the ClientMetadata value as input:

* Post authentication

* Custom message

* Pre token generation

* Create auth challenge

* Define auth challenge

* Verify auth challenge

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@option params [Types::AnalyticsMetadataType] :analytics_metadata

The analytics metadata for collecting Amazon Pinpoint metrics for
`AdminInitiateAuth` calls.

@option params [Types::ContextDataType] :context_data

Contextual data such as the user's device fingerprint, IP address, or
location used for evaluating the risk of an unexpected event by Amazon
Cognito advanced security.

@return [Types::AdminInitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::AdminInitiateAuthResponse#challenge_name #challenge_name} => String
* {Types::AdminInitiateAuthResponse#session #session} => String
* {Types::AdminInitiateAuthResponse#challenge_parameters #challenge_parameters} => Hash&lt;String,String&gt;
* {Types::AdminInitiateAuthResponse#authentication_result #authentication_result} => Types::AuthenticationResultType

@example Request syntax with placeholder values

resp = client.admin_initiate_auth({
  user_pool_id: "UserPoolIdType", # required
  client_id: "ClientIdType", # required
  auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
  auth_parameters: {
    "StringType" => "StringType",
  },
  client_metadata: {
    "StringType" => "StringType",
  },
  analytics_metadata: {
    analytics_endpoint_id: "StringType",
  },
  context_data: {
    ip_address: "StringType", # required
    server_name: "StringType", # required
    server_path: "StringType", # required
    http_headers: [ # required
      {
        header_name: "StringType",
        header_value: "StringType",
      },
    ],
    encoded_data: "StringType",
  },
})

@example Response structure

resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
resp.session #=> String
resp.challenge_parameters #=> Hash
resp.challenge_parameters["StringType"] #=> String
resp.authentication_result.access_token #=> String
resp.authentication_result.expires_in #=> Integer
resp.authentication_result.token_type #=> String
resp.authentication_result.refresh_token #=> String
resp.authentication_result.id_token #=> String
resp.authentication_result.new_device_metadata.device_key #=> String
resp.authentication_result.new_device_metadata.device_group_key #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminInitiateAuth AWS API Documentation

@overload admin_initiate_auth(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1264
def admin_initiate_auth(params = {}, options = {})
  req = build_request(:admin_initiate_auth, params)
  req.send_request(options)
end
admin_list_devices(params = {}, options = {}) click to toggle source

Lists devices, as an administrator.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :username

The user name.

@option params [Integer] :limit

The limit of the devices request.

@option params [String] :pagination_token

The pagination token.

@return [Types::AdminListDevicesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::AdminListDevicesResponse#devices #devices} => Array&lt;Types::DeviceType&gt;
* {Types::AdminListDevicesResponse#pagination_token #pagination_token} => String

@example Request syntax with placeholder values

resp = client.admin_list_devices({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  limit: 1,
  pagination_token: "SearchPaginationTokenType",
})

@example Response structure

resp.devices #=> Array
resp.devices[0].device_key #=> String
resp.devices[0].device_attributes #=> Array
resp.devices[0].device_attributes[0].name #=> String
resp.devices[0].device_attributes[0].value #=> String
resp.devices[0].device_create_date #=> Time
resp.devices[0].device_last_modified_date #=> Time
resp.devices[0].device_last_authenticated_date #=> Time
resp.pagination_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminListDevices AWS API Documentation

@overload admin_list_devices(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1412
def admin_list_devices(params = {}, options = {})
  req = build_request(:admin_list_devices, params)
  req.send_request(options)
end
admin_list_groups_for_user(params = {}, options = {}) click to toggle source

Lists the groups that the user belongs to.

Calling this action requires developer credentials.

@option params [required, String] :username

The username for the user.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [Integer] :limit

The limit of the request to list groups.

@option params [String] :next_token

An identifier that was returned from the previous call to this
operation, which can be used to return the next set of items in the
list.

@return [Types::AdminListGroupsForUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::AdminListGroupsForUserResponse#groups #groups} => Array&lt;Types::GroupType&gt;
* {Types::AdminListGroupsForUserResponse#next_token #next_token} => String

The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.

@example Request syntax with placeholder values

resp = client.admin_list_groups_for_user({
  username: "UsernameType", # required
  user_pool_id: "UserPoolIdType", # required
  limit: 1,
  next_token: "PaginationKey",
})

@example Response structure

resp.groups #=> Array
resp.groups[0].group_name #=> String
resp.groups[0].user_pool_id #=> String
resp.groups[0].description #=> String
resp.groups[0].role_arn #=> String
resp.groups[0].precedence #=> Integer
resp.groups[0].last_modified_date #=> Time
resp.groups[0].creation_date #=> Time
resp.next_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminListGroupsForUser AWS API Documentation

@overload admin_list_groups_for_user(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1467
def admin_list_groups_for_user(params = {}, options = {})
  req = build_request(:admin_list_groups_for_user, params)
  req.send_request(options)
end
admin_list_user_auth_events(params = {}, options = {}) click to toggle source

Lists a history of user activity and any risks detected as part of Amazon Cognito advanced security.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :username

The user pool username or an alias.

@option params [Integer] :max_results

The maximum number of authentication events to return.

@option params [String] :next_token

A pagination token.

@return [Types::AdminListUserAuthEventsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::AdminListUserAuthEventsResponse#auth_events #auth_events} => Array&lt;Types::AuthEventType&gt;
* {Types::AdminListUserAuthEventsResponse#next_token #next_token} => String

The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.

@example Request syntax with placeholder values

resp = client.admin_list_user_auth_events({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  max_results: 1,
  next_token: "PaginationKey",
})

@example Response structure

resp.auth_events #=> Array
resp.auth_events[0].event_id #=> String
resp.auth_events[0].event_type #=> String, one of "SignIn", "SignUp", "ForgotPassword"
resp.auth_events[0].creation_date #=> Time
resp.auth_events[0].event_response #=> String, one of "Success", "Failure"
resp.auth_events[0].event_risk.risk_decision #=> String, one of "NoRisk", "AccountTakeover", "Block"
resp.auth_events[0].event_risk.risk_level #=> String, one of "Low", "Medium", "High"
resp.auth_events[0].event_risk.compromised_credentials_detected #=> Boolean
resp.auth_events[0].challenge_responses #=> Array
resp.auth_events[0].challenge_responses[0].challenge_name #=> String, one of "Password", "Mfa"
resp.auth_events[0].challenge_responses[0].challenge_response #=> String, one of "Success", "Failure"
resp.auth_events[0].event_context_data.ip_address #=> String
resp.auth_events[0].event_context_data.device_name #=> String
resp.auth_events[0].event_context_data.timezone #=> String
resp.auth_events[0].event_context_data.city #=> String
resp.auth_events[0].event_context_data.country #=> String
resp.auth_events[0].event_feedback.feedback_value #=> String, one of "Valid", "Invalid"
resp.auth_events[0].event_feedback.provider #=> String
resp.auth_events[0].event_feedback.feedback_date #=> Time
resp.next_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminListUserAuthEvents AWS API Documentation

@overload admin_list_user_auth_events(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1530
def admin_list_user_auth_events(params = {}, options = {})
  req = build_request(:admin_list_user_auth_events, params)
  req.send_request(options)
end
admin_remove_user_from_group(params = {}, options = {}) click to toggle source

Removes the specified user from the specified group.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [required, String] :username

The username for the user.

@option params [required, String] :group_name

The group name.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_remove_user_from_group({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  group_name: "GroupNameType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminRemoveUserFromGroup AWS API Documentation

@overload admin_remove_user_from_group(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1562
def admin_remove_user_from_group(params = {}, options = {})
  req = build_request(:admin_remove_user_from_group, params)
  req.send_request(options)
end
admin_reset_user_password(params = {}, options = {}) click to toggle source

Resets the specified user's password in a user pool as an administrator. Works on any user.

When a developer calls this API, the current password is invalidated, so it must be changed. If a user tries to sign in after the API is called, the app will get a PasswordResetRequiredException exception back and should direct the user down the flow to reset the password, which is the same as the forgot password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

Calling this action requires developer credentials.

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to reset the user's
password.

@option params [required, String] :username

The user name of the user whose password you wish to reset.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the AdminResetUserPassword API action, Amazon
Cognito invokes the function that is assigned to the *custom message*
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
`clientMetadata` attribute, which provides the data that you assigned
to the ClientMetadata parameter in your AdminResetUserPassword
request. In your function code in Lambda, you can process the
`clientMetadata` value to enhance your workflow for your specific
needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_reset_user_password({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  client_metadata: {
    "StringType" => "StringType",
  },
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminResetUserPassword AWS API Documentation

@overload admin_reset_user_password(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1670
def admin_reset_user_password(params = {}, options = {})
  req = build_request(:admin_reset_user_password, params)
  req.send_request(options)
end
admin_respond_to_auth_challenge(params = {}, options = {}) click to toggle source

Responds to an authentication challenge, as an administrator.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

Calling this action requires developer credentials.

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :user_pool_id

The ID of the Amazon Cognito user pool.

@option params [required, String] :client_id

The app client ID.

@option params [required, String] :challenge_name

The challenge name. For more information, see [AdminInitiateAuth][1].

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html

@option params [Hash<String,String>] :challenge_responses

The challenge responses. These are inputs corresponding to the value
of `ChallengeName`, for example:

* `SMS_MFA`\: `SMS_MFA_CODE`, `USERNAME`, `SECRET_HASH` (if app client
  is configured with client secret).

* `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
  `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`,
  `SECRET_HASH` (if app client is configured with client secret).

* `ADMIN_NO_SRP_AUTH`\: `PASSWORD`, `USERNAME`, `SECRET_HASH` (if app
  client is configured with client secret).

* `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
  attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
  with client secret).

* `MFA_SETUP` requires `USERNAME`, plus you need to use the session
  value returned by `VerifySoftwareToken` in the `Session` parameter.

The value of the `USERNAME` attribute must be the user's actual
username, not an alias (such as email address or phone number). To
make this easier, the `AdminInitiateAuth` response includes the actual
username value in the `USERNAMEUSER_ID_FOR_SRP` attribute, even if you
specified an alias in your call to `AdminInitiateAuth`.

@option params [String] :session

The session which should be passed both ways in challenge-response
calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
API call determines that the caller needs to go through another
challenge, they return a session with other challenge parameters. This
session should be passed as it is to the next `RespondToAuthChallenge`
API call.

@option params [Types::AnalyticsMetadataType] :analytics_metadata

The analytics metadata for collecting Amazon Pinpoint metrics for
`AdminRespondToAuthChallenge` calls.

@option params [Types::ContextDataType] :context_data

Contextual data such as the user's device fingerprint, IP address, or
location used for evaluating the risk of an unexpected event by Amazon
Cognito advanced security.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the AdminRespondToAuthChallenge API action,
Amazon Cognito invokes any functions that are assigned to the
following triggers: *pre sign-up*, *custom message*, *post
authentication*, *user migration*, *pre token generation*, *define
auth challenge*, *create auth challenge*, and *verify auth challenge
response*. When Amazon Cognito invokes any of these functions, it
passes a JSON payload, which the function receives as input. This
payload contains a `clientMetadata` attribute, which provides the data
that you assigned to the ClientMetadata parameter in your
AdminRespondToAuthChallenge request. In your function code in Lambda,
you can process the `clientMetadata` value to enhance your workflow
for your specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Types::AdminRespondToAuthChallengeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::AdminRespondToAuthChallengeResponse#challenge_name #challenge_name} => String
* {Types::AdminRespondToAuthChallengeResponse#session #session} => String
* {Types::AdminRespondToAuthChallengeResponse#challenge_parameters #challenge_parameters} => Hash&lt;String,String&gt;
* {Types::AdminRespondToAuthChallengeResponse#authentication_result #authentication_result} => Types::AuthenticationResultType

@example Request syntax with placeholder values

resp = client.admin_respond_to_auth_challenge({
  user_pool_id: "UserPoolIdType", # required
  client_id: "ClientIdType", # required
  challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
  challenge_responses: {
    "StringType" => "StringType",
  },
  session: "SessionType",
  analytics_metadata: {
    analytics_endpoint_id: "StringType",
  },
  context_data: {
    ip_address: "StringType", # required
    server_name: "StringType", # required
    server_path: "StringType", # required
    http_headers: [ # required
      {
        header_name: "StringType",
        header_value: "StringType",
      },
    ],
    encoded_data: "StringType",
  },
  client_metadata: {
    "StringType" => "StringType",
  },
})

@example Response structure

resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
resp.session #=> String
resp.challenge_parameters #=> Hash
resp.challenge_parameters["StringType"] #=> String
resp.authentication_result.access_token #=> String
resp.authentication_result.expires_in #=> Integer
resp.authentication_result.token_type #=> String
resp.authentication_result.refresh_token #=> String
resp.authentication_result.id_token #=> String
resp.authentication_result.new_device_metadata.device_key #=> String
resp.authentication_result.new_device_metadata.device_group_key #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminRespondToAuthChallenge AWS API Documentation

@overload admin_respond_to_auth_challenge(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1858
def admin_respond_to_auth_challenge(params = {}, options = {})
  req = build_request(:admin_respond_to_auth_challenge, params)
  req.send_request(options)
end
admin_set_user_mfa_preference(params = {}, options = {}) click to toggle source

Sets the user's multi-factor authentication (MFA) preference, including which MFA options are enabled and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are enabled. If multiple options are enabled and no preference is set, a challenge to choose an MFA option will be returned during sign in.

@option params [Types::SMSMfaSettingsType] :sms_mfa_settings

The SMS text message MFA settings.

@option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings

The time-based one-time password software token MFA settings.

@option params [required, String] :username

The user pool username or alias.

@option params [required, String] :user_pool_id

The user pool ID.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_set_user_mfa_preference({
  sms_mfa_settings: {
    enabled: false,
    preferred_mfa: false,
  },
  software_token_mfa_settings: {
    enabled: false,
    preferred_mfa: false,
  },
  username: "UsernameType", # required
  user_pool_id: "UserPoolIdType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminSetUserMFAPreference AWS API Documentation

@overload admin_set_user_mfa_preference(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1903
def admin_set_user_mfa_preference(params = {}, options = {})
  req = build_request(:admin_set_user_mfa_preference, params)
  req.send_request(options)
end
admin_set_user_password(params = {}, options = {}) click to toggle source

Sets the specified user's password in a user pool as an administrator. Works on any user.

The password can be temporary or permanent. If it is temporary, the user status will be placed into the `FORCE_CHANGE_PASSWORD` state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the `NEW_PASSWORD_REQUIRED` challenge. If the user does not sign in before it expires, the user will not be able to sign in and their password will need to be reset by an administrator.

Once the user has set a new password, or the password is permanent, the user status will be set to `Confirmed`.

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to set the user's
password.

@option params [required, String] :username

The user name of the user whose password you wish to set.

@option params [required, String] :password

The password for the user.

@option params [Boolean] :permanent

`True` if the password is permanent, `False` if it is temporary.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_set_user_password({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  password: "PasswordType", # required
  permanent: false,
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminSetUserPassword AWS API Documentation

@overload admin_set_user_password(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1950
def admin_set_user_password(params = {}, options = {})
  req = build_request(:admin_set_user_password, params)
  req.send_request(options)
end
admin_set_user_settings(params = {}, options = {}) click to toggle source

*This action is no longer supported.* You can use it to configure only SMS MFA. You can't use it to configure TOTP software token MFA. To configure either type of MFA, use [AdminSetUserMFAPreference] instead.

[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html

@option params [required, String] :user_pool_id

The ID of the user pool that contains the user that you are setting
options for.

@option params [required, String] :username

The user name of the user that you are setting options for.

@option params [required, Array<Types::MFAOptionType>] :mfa_options

You can use this parameter only to set an SMS configuration that uses
SMS for delivery.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_set_user_settings({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  mfa_options: [ # required
    {
      delivery_medium: "SMS", # accepts SMS, EMAIL
      attribute_name: "AttributeNameType",
    },
  ],
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminSetUserSettings AWS API Documentation

@overload admin_set_user_settings(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 1994
def admin_set_user_settings(params = {}, options = {})
  req = build_request(:admin_set_user_settings, params)
  req.send_request(options)
end
admin_update_auth_event_feedback(params = {}, options = {}) click to toggle source

Provides feedback for an authentication event as to whether it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :username

The user pool username.

@option params [required, String] :event_id

The authentication event ID.

@option params [required, String] :feedback_value

The authentication event feedback value.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_update_auth_event_feedback({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  event_id: "EventIdType", # required
  feedback_value: "Valid", # required, accepts Valid, Invalid
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback AWS API Documentation

@overload admin_update_auth_event_feedback(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2031
def admin_update_auth_event_feedback(params = {}, options = {})
  req = build_request(:admin_update_auth_event_feedback, params)
  req.send_request(options)
end
admin_update_device_status(params = {}, options = {}) click to toggle source

Updates the device status as an administrator.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :username

The user name.

@option params [required, String] :device_key

The device key.

@option params [String] :device_remembered_status

The status indicating whether a device has been remembered or not.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_update_device_status({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  device_key: "DeviceKeyType", # required
  device_remembered_status: "remembered", # accepts remembered, not_remembered
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminUpdateDeviceStatus AWS API Documentation

@overload admin_update_device_status(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2067
def admin_update_device_status(params = {}, options = {})
  req = build_request(:admin_update_device_status, params)
  req.send_request(options)
end
admin_update_user_attributes(params = {}, options = {}) click to toggle source

Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user.

For custom attributes, you must prepend the `custom:` prefix to the attribute name.

In addition to updating user attributes, this API can also be used to mark phone and email as verified.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

Calling this action requires developer credentials.

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to update user
attributes.

@option params [required, String] :username

The user name of the user for whom you want to update user attributes.

@option params [required, Array<Types::AttributeType>] :user_attributes

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the `custom:` prefix to the
attribute name.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the AdminUpdateUserAttributes API action,
Amazon Cognito invokes the function that is assigned to the *custom
message* trigger. When Amazon Cognito invokes this function, it passes
a JSON payload, which the function receives as input. This payload
contains a `clientMetadata` attribute, which provides the data that
you assigned to the ClientMetadata parameter in your
AdminUpdateUserAttributes request. In your function code in Lambda,
you can process the `clientMetadata` value to enhance your workflow
for your specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_update_user_attributes({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  user_attributes: [ # required
    {
      name: "AttributeNameType", # required
      value: "AttributeValueType",
    },
  ],
  client_metadata: {
    "StringType" => "StringType",
  },
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminUpdateUserAttributes AWS API Documentation

@overload admin_update_user_attributes(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2182
def admin_update_user_attributes(params = {}, options = {})
  req = build_request(:admin_update_user_attributes, params)
  req.send_request(options)
end
admin_user_global_sign_out(params = {}, options = {}) click to toggle source

Signs out users from all devices, as an administrator. It also invalidates all refresh tokens issued to a user. The user's current access and Id tokens remain valid until their expiry. Access and Id tokens expire one hour after they are issued.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :username

The user name.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.admin_user_global_sign_out({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminUserGlobalSignOut AWS API Documentation

@overload admin_user_global_sign_out(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2213
def admin_user_global_sign_out(params = {}, options = {})
  req = build_request(:admin_user_global_sign_out, params)
  req.send_request(options)
end
associate_software_token(params = {}, options = {}) click to toggle source

Returns a unique generated shared secret key code for the user account. The request takes an access token or a session string, but not both.

<note markdown=“1”> Calling AssociateSoftwareToken immediately disassociates the existing software token from the user account. If the user doesn't subsequently verify the software token, their account is essentially set up to authenticate without MFA. If MFA config is set to Optional at the user pool level, the user can then login without MFA. However, if MFA is set to Required for the user pool, the user will be asked to setup a new software token MFA during sign in.

</note>

@option params [String] :access_token

The access token.

@option params [String] :session

The session which should be passed both ways in challenge-response
calls to the service. This allows authentication of the user as part
of the MFA setup process.

@return [Types::AssociateSoftwareTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::AssociateSoftwareTokenResponse#secret_code #secret_code} => String
* {Types::AssociateSoftwareTokenResponse#session #session} => String

@example Request syntax with placeholder values

resp = client.associate_software_token({
  access_token: "TokenModelType",
  session: "SessionType",
})

@example Response structure

resp.secret_code #=> String
resp.session #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AssociateSoftwareToken AWS API Documentation

@overload associate_software_token(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2261
def associate_software_token(params = {}, options = {})
  req = build_request(:associate_software_token, params)
  req.send_request(options)
end
build_request(operation_name, params = {}) click to toggle source

@param params ({}) @api private

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 7499
def build_request(operation_name, params = {})
  handlers = @handlers.for(operation_name)
  context = Seahorse::Client::RequestContext.new(
    operation_name: operation_name,
    operation: config.api.operation(operation_name),
    client: self,
    params: params,
    config: config)
  context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
  context[:gem_version] = '1.57.0'
  Seahorse::Client::Request.new(handlers, context)
end
change_password(params = {}, options = {}) click to toggle source

Changes the password for a specified user in a user pool.

@option params [required, String] :previous_password

The old password.

@option params [required, String] :proposed_password

The new password.

@option params [required, String] :access_token

The access token.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.change_password({
  previous_password: "PasswordType", # required
  proposed_password: "PasswordType", # required
  access_token: "TokenModelType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ChangePassword AWS API Documentation

@overload change_password(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2291
def change_password(params = {}, options = {})
  req = build_request(:change_password, params)
  req.send_request(options)
end
confirm_device(params = {}, options = {}) click to toggle source

Confirms tracking of the device. This API call is the call that begins device tracking.

@option params [required, String] :access_token

The access token.

@option params [required, String] :device_key

The device key.

@option params [Types::DeviceSecretVerifierConfigType] :device_secret_verifier_config

The configuration of the device secret verifier.

@option params [String] :device_name

The device name.

@return [Types::ConfirmDeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ConfirmDeviceResponse#user_confirmation_necessary #user_confirmation_necessary} => Boolean

@example Request syntax with placeholder values

resp = client.confirm_device({
  access_token: "TokenModelType", # required
  device_key: "DeviceKeyType", # required
  device_secret_verifier_config: {
    password_verifier: "StringType",
    salt: "StringType",
  },
  device_name: "DeviceNameType",
})

@example Response structure

resp.user_confirmation_necessary #=> Boolean

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ConfirmDevice AWS API Documentation

@overload confirm_device(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2335
def confirm_device(params = {}, options = {})
  req = build_request(:confirm_device, params)
  req.send_request(options)
end
confirm_forgot_password(params = {}, options = {}) click to toggle source

Allows a user to enter a confirmation code to reset a forgotten password.

@option params [required, String] :client_id

The app client ID of the app associated with the user pool.

@option params [String] :secret_hash

A keyed-hash message authentication code (HMAC) calculated using the
secret key of a user pool client and username plus the client ID in
the message.

@option params [required, String] :username

The user name of the user for whom you want to enter a code to
retrieve a forgotten password.

@option params [required, String] :confirmation_code

The confirmation code sent by a user's request to retrieve a
forgotten password. For more information, see [ForgotPassword][1].

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html

@option params [required, String] :password

The password sent by a user's request to retrieve a forgotten
password.

@option params [Types::AnalyticsMetadataType] :analytics_metadata

The Amazon Pinpoint analytics metadata for collecting metrics for
`ConfirmForgotPassword` calls.

@option params [Types::UserContextDataType] :user_context_data

Contextual data such as the user's device fingerprint, IP address, or
location used for evaluating the risk of an unexpected event by Amazon
Cognito advanced security.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the ConfirmForgotPassword API action, Amazon
Cognito invokes the function that is assigned to the *post
confirmation* trigger. When Amazon Cognito invokes this function, it
passes a JSON payload, which the function receives as input. This
payload contains a `clientMetadata` attribute, which provides the data
that you assigned to the ClientMetadata parameter in your
ConfirmForgotPassword request. In your function code in Lambda, you
can process the `clientMetadata` value to enhance your workflow for
your specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.confirm_forgot_password({
  client_id: "ClientIdType", # required
  secret_hash: "SecretHashType",
  username: "UsernameType", # required
  confirmation_code: "ConfirmationCodeType", # required
  password: "PasswordType", # required
  analytics_metadata: {
    analytics_endpoint_id: "StringType",
  },
  user_context_data: {
    encoded_data: "StringType",
  },
  client_metadata: {
    "StringType" => "StringType",
  },
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ConfirmForgotPassword AWS API Documentation

@overload confirm_forgot_password(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2439
def confirm_forgot_password(params = {}, options = {})
  req = build_request(:confirm_forgot_password, params)
  req.send_request(options)
end
confirm_sign_up(params = {}, options = {}) click to toggle source

Confirms registration of a user and handles the existing alias from a previous user.

@option params [required, String] :client_id

The ID of the app client associated with the user pool.

@option params [String] :secret_hash

A keyed-hash message authentication code (HMAC) calculated using the
secret key of a user pool client and username plus the client ID in
the message.

@option params [required, String] :username

The user name of the user whose registration you wish to confirm.

@option params [required, String] :confirmation_code

The confirmation code sent by a user's request to confirm
registration.

@option params [Boolean] :force_alias_creation

Boolean to be specified to force user confirmation irrespective of
existing alias. By default set to `False`. If this parameter is set to
`True` and the phone number/email used for sign up confirmation
already exists as an alias with a different user, the API call will
migrate the alias from the previous user to the newly created user
being confirmed. If set to `False`, the API will throw an
**AliasExistsException** error.

@option params [Types::AnalyticsMetadataType] :analytics_metadata

The Amazon Pinpoint analytics metadata for collecting metrics for
`ConfirmSignUp` calls.

@option params [Types::UserContextDataType] :user_context_data

Contextual data such as the user's device fingerprint, IP address, or
location used for evaluating the risk of an unexpected event by Amazon
Cognito advanced security.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the ConfirmSignUp API action, Amazon Cognito
invokes the function that is assigned to the *post confirmation*
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
`clientMetadata` attribute, which provides the data that you assigned
to the ClientMetadata parameter in your ConfirmSignUp request. In your
function code in Lambda, you can process the `clientMetadata` value to
enhance your workflow for your specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.confirm_sign_up({
  client_id: "ClientIdType", # required
  secret_hash: "SecretHashType",
  username: "UsernameType", # required
  confirmation_code: "ConfirmationCodeType", # required
  force_alias_creation: false,
  analytics_metadata: {
    analytics_endpoint_id: "StringType",
  },
  user_context_data: {
    encoded_data: "StringType",
  },
  client_metadata: {
    "StringType" => "StringType",
  },
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ConfirmSignUp AWS API Documentation

@overload confirm_sign_up(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2542
def confirm_sign_up(params = {}, options = {})
  req = build_request(:confirm_sign_up, params)
  req.send_request(options)
end
create_group(params = {}, options = {}) click to toggle source

Creates a new group in the specified user pool.

Calling this action requires developer credentials.

@option params [required, String] :group_name

The name of the group. Must be unique.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [String] :description

A string containing the description of the group.

@option params [String] :role_arn

The role ARN for the group.

@option params [Integer] :precedence

A nonnegative integer value that specifies the precedence of this
group relative to the other groups that a user can belong to in the
user pool. Zero is the highest precedence value. Groups with lower
`Precedence` values take precedence over groups with higher or null
`Precedence` values. If a user belongs to two or more groups, it is
the group with the lowest precedence value whose role ARN will be used
in the `cognito:roles` and `cognito:preferred_role` claims in the
user's tokens.

Two groups can have the same `Precedence` value. If this happens,
neither group takes precedence over the other. If two groups with the
same `Precedence` have the same role ARN, that role is used in the
`cognito:preferred_role` claim in tokens for users in each group. If
the two groups have different role ARNs, the `cognito:preferred_role`
claim is not set in users' tokens.

The default `Precedence` value is null.

@return [Types::CreateGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::CreateGroupResponse#group #group} => Types::GroupType

@example Request syntax with placeholder values

resp = client.create_group({
  group_name: "GroupNameType", # required
  user_pool_id: "UserPoolIdType", # required
  description: "DescriptionType",
  role_arn: "ArnType",
  precedence: 1,
})

@example Response structure

resp.group.group_name #=> String
resp.group.user_pool_id #=> String
resp.group.description #=> String
resp.group.role_arn #=> String
resp.group.precedence #=> Integer
resp.group.last_modified_date #=> Time
resp.group.creation_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateGroup AWS API Documentation

@overload create_group(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2610
def create_group(params = {}, options = {})
  req = build_request(:create_group, params)
  req.send_request(options)
end
create_identity_provider(params = {}, options = {}) click to toggle source

Creates an identity provider for a user pool.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :provider_name

The identity provider name.

@option params [required, String] :provider_type

The identity provider type.

@option params [required, Hash<String,String>] :provider_details

The identity provider details. The following list describes the
provider detail keys for each identity provider type.

* For Google and Login with Amazon:

  * client\_id

  * client\_secret

  * authorize\_scopes

* For Facebook:

  * client\_id

  * client\_secret

  * authorize\_scopes

  * api\_version

* For Sign in with Apple:

  * client\_id

  * team\_id

  * key\_id

  * private\_key

  * authorize\_scopes

* For OIDC providers:

  * client\_id

  * client\_secret

  * attributes\_request\_method

  * oidc\_issuer

  * authorize\_scopes

  * authorize\_url *if not available from discovery URL specified by
    oidc\_issuer key*

  * token\_url *if not available from discovery URL specified by
    oidc\_issuer key*

  * attributes\_url *if not available from discovery URL specified by
    oidc\_issuer key*

  * jwks\_uri *if not available from discovery URL specified by
    oidc\_issuer key*

* For SAML providers:

  * MetadataFile OR MetadataURL

  * IDPSignout *optional*

@option params [Hash<String,String>] :attribute_mapping

A mapping of identity provider attributes to standard and custom user
pool attributes.

@option params [Array<String>] :idp_identifiers

A list of identity provider identifiers.

@return [Types::CreateIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::CreateIdentityProviderResponse#identity_provider #identity_provider} => Types::IdentityProviderType

@example Request syntax with placeholder values

resp = client.create_identity_provider({
  user_pool_id: "UserPoolIdType", # required
  provider_name: "ProviderNameTypeV1", # required
  provider_type: "SAML", # required, accepts SAML, Facebook, Google, LoginWithAmazon, SignInWithApple, OIDC
  provider_details: { # required
    "StringType" => "StringType",
  },
  attribute_mapping: {
    "AttributeMappingKeyType" => "StringType",
  },
  idp_identifiers: ["IdpIdentifierType"],
})

@example Response structure

resp.identity_provider.user_pool_id #=> String
resp.identity_provider.provider_name #=> String
resp.identity_provider.provider_type #=> String, one of "SAML", "Facebook", "Google", "LoginWithAmazon", "SignInWithApple", "OIDC"
resp.identity_provider.provider_details #=> Hash
resp.identity_provider.provider_details["StringType"] #=> String
resp.identity_provider.attribute_mapping #=> Hash
resp.identity_provider.attribute_mapping["AttributeMappingKeyType"] #=> String
resp.identity_provider.idp_identifiers #=> Array
resp.identity_provider.idp_identifiers[0] #=> String
resp.identity_provider.last_modified_date #=> Time
resp.identity_provider.creation_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateIdentityProvider AWS API Documentation

@overload create_identity_provider(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2734
def create_identity_provider(params = {}, options = {})
  req = build_request(:create_identity_provider, params)
  req.send_request(options)
end
create_resource_server(params = {}, options = {}) click to toggle source

Creates a new OAuth2.0 resource server and defines custom scopes in it.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [required, String] :identifier

A unique resource server identifier for the resource server. This
could be an HTTPS endpoint where the resource server is located. For
example, `https://my-weather-api.example.com`.

@option params [required, String] :name

A friendly name for the resource server.

@option params [Array<Types::ResourceServerScopeType>] :scopes

A list of scopes. Each scope is map, where the keys are `name` and
`description`.

@return [Types::CreateResourceServerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::CreateResourceServerResponse#resource_server #resource_server} => Types::ResourceServerType

@example Request syntax with placeholder values

resp = client.create_resource_server({
  user_pool_id: "UserPoolIdType", # required
  identifier: "ResourceServerIdentifierType", # required
  name: "ResourceServerNameType", # required
  scopes: [
    {
      scope_name: "ResourceServerScopeNameType", # required
      scope_description: "ResourceServerScopeDescriptionType", # required
    },
  ],
})

@example Response structure

resp.resource_server.user_pool_id #=> String
resp.resource_server.identifier #=> String
resp.resource_server.name #=> String
resp.resource_server.scopes #=> Array
resp.resource_server.scopes[0].scope_name #=> String
resp.resource_server.scopes[0].scope_description #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateResourceServer AWS API Documentation

@overload create_resource_server(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2788
def create_resource_server(params = {}, options = {})
  req = build_request(:create_resource_server, params)
  req.send_request(options)
end
create_user_import_job(params = {}, options = {}) click to toggle source

Creates the user import job.

@option params [required, String] :job_name

The job name for the user import job.

@option params [required, String] :user_pool_id

The user pool ID for the user pool that the users are being imported
into.

@option params [required, String] :cloud_watch_logs_role_arn

The role ARN for the Amazon CloudWatch Logging role for the user
import job.

@return [Types::CreateUserImportJobResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::CreateUserImportJobResponse#user_import_job #user_import_job} => Types::UserImportJobType

@example Request syntax with placeholder values

resp = client.create_user_import_job({
  job_name: "UserImportJobNameType", # required
  user_pool_id: "UserPoolIdType", # required
  cloud_watch_logs_role_arn: "ArnType", # required
})

@example Response structure

resp.user_import_job.job_name #=> String
resp.user_import_job.job_id #=> String
resp.user_import_job.user_pool_id #=> String
resp.user_import_job.pre_signed_url #=> String
resp.user_import_job.creation_date #=> Time
resp.user_import_job.start_date #=> Time
resp.user_import_job.completion_date #=> Time
resp.user_import_job.status #=> String, one of "Created", "Pending", "InProgress", "Stopping", "Expired", "Stopped", "Failed", "Succeeded"
resp.user_import_job.cloud_watch_logs_role_arn #=> String
resp.user_import_job.imported_users #=> Integer
resp.user_import_job.skipped_users #=> Integer
resp.user_import_job.failed_users #=> Integer
resp.user_import_job.completion_message #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserImportJob AWS API Documentation

@overload create_user_import_job(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 2838
def create_user_import_job(params = {}, options = {})
  req = build_request(:create_user_import_job, params)
  req.send_request(options)
end
create_user_pool(params = {}, options = {}) click to toggle source

Creates a new Amazon Cognito user pool and sets the password policy for the pool.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :pool_name

A string used to name the user pool.

@option params [Types::UserPoolPolicyType] :policies

The policies associated with the new user pool.

@option params [Types::LambdaConfigType] :lambda_config

The Lambda trigger configuration information for the new user pool.

<note markdown="1"> In a push model, event sources (such as Amazon S3 and custom
applications) need permission to invoke a function. So you will need
to make an extra call to add permission for these event sources to
invoke your Lambda function.

 For more information on using the Lambda API to add permission, see [
AddPermission ][1].

 For adding permission using the CLI, see [ add-permission ][2].

 </note>

[1]: https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
[2]: https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html

@option params [Array<String>] :auto_verified_attributes

The attributes to be auto-verified. Possible values: **email**,
**phone\_number**.

@option params [Array<String>] :alias_attributes

Attributes supported as an alias for this user pool. Possible values:
**phone\_number**, **email**, or **preferred\_username**.

@option params [Array<String>] :username_attributes

Specifies whether email addresses or phone numbers can be specified as
usernames when a user signs up.

@option params [String] :sms_verification_message

A string representing the SMS verification message.

@option params [String] :email_verification_message

A string representing the email verification message.
EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
is DEVELOPER.

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount

@option params [String] :email_verification_subject

A string representing the email verification subject.
EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
is DEVELOPER.

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount

@option params [Types::VerificationMessageTemplateType] :verification_message_template

The template for the verification message that the user sees when the
app requests permission to access the user's information.

@option params [String] :sms_authentication_message

A string representing the SMS authentication message.

@option params [String] :mfa_configuration

Specifies MFA configuration details.

@option params [Types::DeviceConfigurationType] :device_configuration

The device configuration.

@option params [Types::EmailConfigurationType] :email_configuration

The email configuration.

@option params [Types::SmsConfigurationType] :sms_configuration

The SMS configuration.

@option params [Hash<String,String>] :user_pool_tags

The tag keys and values to assign to the user pool. A tag is a label
that you can use to categorize and manage user pools in different
ways, such as by purpose, owner, environment, or other criteria.

@option params [Types::AdminCreateUserConfigType] :admin_create_user_config

The configuration for `AdminCreateUser` requests.

@option params [Array<Types::SchemaAttributeType>] :schema

An array of schema attributes for the new user pool. These attributes
can be standard or custom attributes.

@option params [Types::UserPoolAddOnsType] :user_pool_add_ons

Used to enable advanced security risk detection. Set the key
`AdvancedSecurityMode` to the value "AUDIT".

@option params [Types::UsernameConfigurationType] :username_configuration

You can choose to set case sensitivity on the username input for the
selected sign-in option. For example, when this is set to `False`,
users will be able to sign in using either "username" or
"Username". This configuration is immutable once it has been set.
For more information, see [UsernameConfigurationType][1].

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html

@option params [Types::AccountRecoverySettingType] :account_recovery_setting

Use this setting to define which verified available method a user can
use to recover their password when they call `ForgotPassword`. It
allows you to define a preferred method when a user has more than one
method available. With this setting, SMS does not qualify for a valid
password recovery mechanism if the user also has SMS MFA enabled. In
the absence of this setting, Cognito uses the legacy behavior to
determine the recovery method where SMS is preferred over email.

@return [Types::CreateUserPoolResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::CreateUserPoolResponse#user_pool #user_pool} => Types::UserPoolType

@example Request syntax with placeholder values

resp = client.create_user_pool({
  pool_name: "UserPoolNameType", # required
  policies: {
    password_policy: {
      minimum_length: 1,
      require_uppercase: false,
      require_lowercase: false,
      require_numbers: false,
      require_symbols: false,
      temporary_password_validity_days: 1,
    },
  },
  lambda_config: {
    pre_sign_up: "ArnType",
    custom_message: "ArnType",
    post_confirmation: "ArnType",
    pre_authentication: "ArnType",
    post_authentication: "ArnType",
    define_auth_challenge: "ArnType",
    create_auth_challenge: "ArnType",
    verify_auth_challenge_response: "ArnType",
    pre_token_generation: "ArnType",
    user_migration: "ArnType",
    custom_sms_sender: {
      lambda_version: "V1_0", # required, accepts V1_0
      lambda_arn: "ArnType", # required
    },
    custom_email_sender: {
      lambda_version: "V1_0", # required, accepts V1_0
      lambda_arn: "ArnType", # required
    },
    kms_key_id: "ArnType",
  },
  auto_verified_attributes: ["phone_number"], # accepts phone_number, email
  alias_attributes: ["phone_number"], # accepts phone_number, email, preferred_username
  username_attributes: ["phone_number"], # accepts phone_number, email
  sms_verification_message: "SmsVerificationMessageType",
  email_verification_message: "EmailVerificationMessageType",
  email_verification_subject: "EmailVerificationSubjectType",
  verification_message_template: {
    sms_message: "SmsVerificationMessageType",
    email_message: "EmailVerificationMessageType",
    email_subject: "EmailVerificationSubjectType",
    email_message_by_link: "EmailVerificationMessageByLinkType",
    email_subject_by_link: "EmailVerificationSubjectByLinkType",
    default_email_option: "CONFIRM_WITH_LINK", # accepts CONFIRM_WITH_LINK, CONFIRM_WITH_CODE
  },
  sms_authentication_message: "SmsVerificationMessageType",
  mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
  device_configuration: {
    challenge_required_on_new_device: false,
    device_only_remembered_on_user_prompt: false,
  },
  email_configuration: {
    source_arn: "ArnType",
    reply_to_email_address: "EmailAddressType",
    email_sending_account: "COGNITO_DEFAULT", # accepts COGNITO_DEFAULT, DEVELOPER
    from: "StringType",
    configuration_set: "SESConfigurationSet",
  },
  sms_configuration: {
    sns_caller_arn: "ArnType", # required
    external_id: "StringType",
  },
  user_pool_tags: {
    "TagKeysType" => "TagValueType",
  },
  admin_create_user_config: {
    allow_admin_create_user_only: false,
    unused_account_validity_days: 1,
    invite_message_template: {
      sms_message: "SmsVerificationMessageType",
      email_message: "EmailVerificationMessageType",
      email_subject: "EmailVerificationSubjectType",
    },
  },
  schema: [
    {
      name: "CustomAttributeNameType",
      attribute_data_type: "String", # accepts String, Number, DateTime, Boolean
      developer_only_attribute: false,
      mutable: false,
      required: false,
      number_attribute_constraints: {
        min_value: "StringType",
        max_value: "StringType",
      },
      string_attribute_constraints: {
        min_length: "StringType",
        max_length: "StringType",
      },
    },
  ],
  user_pool_add_ons: {
    advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
  },
  username_configuration: {
    case_sensitive: false, # required
  },
  account_recovery_setting: {
    recovery_mechanisms: [
      {
        priority: 1, # required
        name: "verified_email", # required, accepts verified_email, verified_phone_number, admin_only
      },
    ],
  },
})

@example Response structure

resp.user_pool.id #=> String
resp.user_pool.name #=> String
resp.user_pool.policies.password_policy.minimum_length #=> Integer
resp.user_pool.policies.password_policy.require_uppercase #=> Boolean
resp.user_pool.policies.password_policy.require_lowercase #=> Boolean
resp.user_pool.policies.password_policy.require_numbers #=> Boolean
resp.user_pool.policies.password_policy.require_symbols #=> Boolean
resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
resp.user_pool.lambda_config.pre_sign_up #=> String
resp.user_pool.lambda_config.custom_message #=> String
resp.user_pool.lambda_config.post_confirmation #=> String
resp.user_pool.lambda_config.pre_authentication #=> String
resp.user_pool.lambda_config.post_authentication #=> String
resp.user_pool.lambda_config.define_auth_challenge #=> String
resp.user_pool.lambda_config.create_auth_challenge #=> String
resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
resp.user_pool.lambda_config.pre_token_generation #=> String
resp.user_pool.lambda_config.user_migration #=> String
resp.user_pool.lambda_config.custom_sms_sender.lambda_version #=> String, one of "V1_0"
resp.user_pool.lambda_config.custom_sms_sender.lambda_arn #=> String
resp.user_pool.lambda_config.custom_email_sender.lambda_version #=> String, one of "V1_0"
resp.user_pool.lambda_config.custom_email_sender.lambda_arn #=> String
resp.user_pool.lambda_config.kms_key_id #=> String
resp.user_pool.status #=> String, one of "Enabled", "Disabled"
resp.user_pool.last_modified_date #=> Time
resp.user_pool.creation_date #=> Time
resp.user_pool.schema_attributes #=> Array
resp.user_pool.schema_attributes[0].name #=> String
resp.user_pool.schema_attributes[0].attribute_data_type #=> String, one of "String", "Number", "DateTime", "Boolean"
resp.user_pool.schema_attributes[0].developer_only_attribute #=> Boolean
resp.user_pool.schema_attributes[0].mutable #=> Boolean
resp.user_pool.schema_attributes[0].required #=> Boolean
resp.user_pool.schema_attributes[0].number_attribute_constraints.min_value #=> String
resp.user_pool.schema_attributes[0].number_attribute_constraints.max_value #=> String
resp.user_pool.schema_attributes[0].string_attribute_constraints.min_length #=> String
resp.user_pool.schema_attributes[0].string_attribute_constraints.max_length #=> String
resp.user_pool.auto_verified_attributes #=> Array
resp.user_pool.auto_verified_attributes[0] #=> String, one of "phone_number", "email"
resp.user_pool.alias_attributes #=> Array
resp.user_pool.alias_attributes[0] #=> String, one of "phone_number", "email", "preferred_username"
resp.user_pool.username_attributes #=> Array
resp.user_pool.username_attributes[0] #=> String, one of "phone_number", "email"
resp.user_pool.sms_verification_message #=> String
resp.user_pool.email_verification_message #=> String
resp.user_pool.email_verification_subject #=> String
resp.user_pool.verification_message_template.sms_message #=> String
resp.user_pool.verification_message_template.email_message #=> String
resp.user_pool.verification_message_template.email_subject #=> String
resp.user_pool.verification_message_template.email_message_by_link #=> String
resp.user_pool.verification_message_template.email_subject_by_link #=> String
resp.user_pool.verification_message_template.default_email_option #=> String, one of "CONFIRM_WITH_LINK", "CONFIRM_WITH_CODE"
resp.user_pool.sms_authentication_message #=> String
resp.user_pool.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
resp.user_pool.device_configuration.challenge_required_on_new_device #=> Boolean
resp.user_pool.device_configuration.device_only_remembered_on_user_prompt #=> Boolean
resp.user_pool.estimated_number_of_users #=> Integer
resp.user_pool.email_configuration.source_arn #=> String
resp.user_pool.email_configuration.reply_to_email_address #=> String
resp.user_pool.email_configuration.email_sending_account #=> String, one of "COGNITO_DEFAULT", "DEVELOPER"
resp.user_pool.email_configuration.from #=> String
resp.user_pool.email_configuration.configuration_set #=> String
resp.user_pool.sms_configuration.sns_caller_arn #=> String
resp.user_pool.sms_configuration.external_id #=> String
resp.user_pool.user_pool_tags #=> Hash
resp.user_pool.user_pool_tags["TagKeysType"] #=> String
resp.user_pool.sms_configuration_failure #=> String
resp.user_pool.email_configuration_failure #=> String
resp.user_pool.domain #=> String
resp.user_pool.custom_domain #=> String
resp.user_pool.admin_create_user_config.allow_admin_create_user_only #=> Boolean
resp.user_pool.admin_create_user_config.unused_account_validity_days #=> Integer
resp.user_pool.admin_create_user_config.invite_message_template.sms_message #=> String
resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
resp.user_pool.username_configuration.case_sensitive #=> Boolean
resp.user_pool.arn #=> String
resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
resp.user_pool.account_recovery_setting.recovery_mechanisms[0].priority #=> Integer
resp.user_pool.account_recovery_setting.recovery_mechanisms[0].name #=> String, one of "verified_email", "verified_phone_number", "admin_only"

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPool AWS API Documentation

@overload create_user_pool(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3190
def create_user_pool(params = {}, options = {})
  req = build_request(:create_user_pool, params)
  req.send_request(options)
end
create_user_pool_client(params = {}, options = {}) click to toggle source

Creates the user pool client.

When you create a new user pool client, token revocation is automatically enabled. For more information about revoking tokens, see [RevokeToken].

[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to create a user
pool client.

@option params [required, String] :client_name

The client name for the user pool client you would like to create.

@option params [Boolean] :generate_secret

Boolean to specify whether you want to generate a secret for the user
pool client being created.

@option params [Integer] :refresh_token_validity

The time limit, in days, after which the refresh token is no longer
valid and cannot be used.

@option params [Integer] :access_token_validity

The time limit, between 5 minutes and 1 day, after which the access
token is no longer valid and cannot be used. This value will be
overridden if you have entered a value in TokenValidityUnits.

@option params [Integer] :id_token_validity

The time limit, between 5 minutes and 1 day, after which the ID token
is no longer valid and cannot be used. This value will be overridden
if you have entered a value in TokenValidityUnits.

@option params [Types::TokenValidityUnitsType] :token_validity_units

The units in which the validity times are represented in. Default for
RefreshToken is days, and default for ID and access tokens are hours.

@option params [Array<String>] :read_attributes

The read attributes.

@option params [Array<String>] :write_attributes

The user pool attributes that the app client can write to.

If your app client allows users to sign in through an identity
provider, this array must include all attributes that are mapped to
identity provider attributes. Amazon Cognito updates mapped attributes
when users sign in to your application through an identity provider.
If your app client lacks write access to a mapped attribute, Amazon
Cognito throws an error when it attempts to update the attribute. For
more information, see [Specifying Identity Provider Attribute Mappings
for Your User Pool][1].

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html

@option params [Array<String>] :explicit_auth_flows

The authentication flows that are supported by the user pool clients.
Flow names without the `ALLOW_` prefix are deprecated in favor of new
names with the `ALLOW_` prefix. Note that values with `ALLOW_` prefix
cannot be used along with values without `ALLOW_` prefix.

Valid values include:

* `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
  authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
  replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
  flow, Cognito receives the password in the request instead of using
  the SRP (Secure Remote Password protocol) protocol to verify
  passwords.

* `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.

* `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
  authentication. In this flow, Cognito receives the password in the
  request instead of using the SRP protocol to verify passwords.

* `ALLOW_USER_SRP_AUTH`\: Enable SRP based authentication.

* `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.

@option params [Array<String>] :supported_identity_providers

A list of provider names for the identity providers that are supported
on this client. The following are supported: `COGNITO`, `Facebook`,
`Google` and `LoginWithAmazon`.

@option params [Array<String>] :callback_urls

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:

* Be an absolute URI.

* Be registered with the authorization server.

* Not include a fragment component.

See [OAuth 2.0 - Redirection Endpoint][1].

Amazon Cognito requires HTTPS over HTTP except for http://localhost
for testing purposes only.

App callback URLs such as myapp://example are also supported.

[1]: https://tools.ietf.org/html/rfc6749#section-3.1.2

@option params [Array<String>] :logout_urls

A list of allowed logout URLs for the identity providers.

@option params [String] :default_redirect_uri

The default redirect URI. Must be in the `CallbackURLs` list.

A redirect URI must:

* Be an absolute URI.

* Be registered with the authorization server.

* Not include a fragment component.

See [OAuth 2.0 - Redirection Endpoint][1].

Amazon Cognito requires HTTPS over HTTP except for http://localhost
for testing purposes only.

App callback URLs such as myapp://example are also supported.

[1]: https://tools.ietf.org/html/rfc6749#section-3.1.2

@option params [Array<String>] :allowed_o_auth_flows

The allowed OAuth flows.

Set to `code` to initiate a code grant flow, which provides an
authorization code as the response. This code can be exchanged for
access tokens with the token endpoint.

Set to `implicit` to specify that the client should get the access
token (and, optionally, ID token, based on scopes) directly.

Set to `client_credentials` to specify that the client should get the
access token (and, optionally, ID token, based on scopes) from the
token endpoint using a combination of client and client\_secret.

@option params [Array<String>] :allowed_o_auth_scopes

The allowed OAuth scopes. Possible values provided by OAuth are:
`phone`, `email`, `openid`, and `profile`. Possible values provided by
Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
scopes created in Resource Servers are also supported.

@option params [Boolean] :allowed_o_auth_flows_user_pool_client

Set to true if the client is allowed to follow the OAuth protocol when
interacting with Cognito user pools.

@option params [Types::AnalyticsConfigurationType] :analytics_configuration

The Amazon Pinpoint analytics configuration for collecting metrics for
this user pool.

<note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
supports sending events to Amazon Pinpoint projects in us-east-1. In
regions where Pinpoint is available, Cognito User Pools will support
sending events to Amazon Pinpoint projects within that same region.

 </note>

@option params [String] :prevent_user_existence_errors

Use this setting to choose which errors and responses are returned by
Cognito APIs during authentication, account confirmation, and password
recovery when the user does not exist in the user pool. When set to
`ENABLED` and the user does not exist, authentication returns an error
indicating either the username or password was incorrect, and account
confirmation and password recovery return a response indicating a code
was sent to a simulated destination. When set to `LEGACY`, those APIs
will return a `UserNotFoundException` exception if the user does not
exist in the user pool.

Valid values include:

* `ENABLED` - This prevents user existence-related errors.

* `LEGACY` - This represents the old behavior of Cognito where user
  existence related errors are not prevented.

<note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
will default to `ENABLED` for newly created user pool clients if no
value is provided.

 </note>

@option params [Boolean] :enable_token_revocation

Enables or disables token revocation. For more information about
revoking tokens, see [RevokeToken][1].

If you don't include this parameter, token revocation is
automatically enabled for the new user pool client.

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html

@return [Types::CreateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::CreateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType

@example Request syntax with placeholder values

resp = client.create_user_pool_client({
  user_pool_id: "UserPoolIdType", # required
  client_name: "ClientNameType", # required
  generate_secret: false,
  refresh_token_validity: 1,
  access_token_validity: 1,
  id_token_validity: 1,
  token_validity_units: {
    access_token: "seconds", # accepts seconds, minutes, hours, days
    id_token: "seconds", # accepts seconds, minutes, hours, days
    refresh_token: "seconds", # accepts seconds, minutes, hours, days
  },
  read_attributes: ["ClientPermissionType"],
  write_attributes: ["ClientPermissionType"],
  explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
  supported_identity_providers: ["ProviderNameType"],
  callback_urls: ["RedirectUrlType"],
  logout_urls: ["RedirectUrlType"],
  default_redirect_uri: "RedirectUrlType",
  allowed_o_auth_flows: ["code"], # accepts code, implicit, client_credentials
  allowed_o_auth_scopes: ["ScopeType"],
  allowed_o_auth_flows_user_pool_client: false,
  analytics_configuration: {
    application_id: "HexStringType",
    application_arn: "ArnType",
    role_arn: "ArnType",
    external_id: "StringType",
    user_data_shared: false,
  },
  prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
  enable_token_revocation: false,
})

@example Response structure

resp.user_pool_client.user_pool_id #=> String
resp.user_pool_client.client_name #=> String
resp.user_pool_client.client_id #=> String
resp.user_pool_client.client_secret #=> String
resp.user_pool_client.last_modified_date #=> Time
resp.user_pool_client.creation_date #=> Time
resp.user_pool_client.refresh_token_validity #=> Integer
resp.user_pool_client.access_token_validity #=> Integer
resp.user_pool_client.id_token_validity #=> Integer
resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
resp.user_pool_client.read_attributes #=> Array
resp.user_pool_client.read_attributes[0] #=> String
resp.user_pool_client.write_attributes #=> Array
resp.user_pool_client.write_attributes[0] #=> String
resp.user_pool_client.explicit_auth_flows #=> Array
resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"
resp.user_pool_client.supported_identity_providers #=> Array
resp.user_pool_client.supported_identity_providers[0] #=> String
resp.user_pool_client.callback_urls #=> Array
resp.user_pool_client.callback_urls[0] #=> String
resp.user_pool_client.logout_urls #=> Array
resp.user_pool_client.logout_urls[0] #=> String
resp.user_pool_client.default_redirect_uri #=> String
resp.user_pool_client.allowed_o_auth_flows #=> Array
resp.user_pool_client.allowed_o_auth_flows[0] #=> String, one of "code", "implicit", "client_credentials"
resp.user_pool_client.allowed_o_auth_scopes #=> Array
resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
resp.user_pool_client.analytics_configuration.application_id #=> String
resp.user_pool_client.analytics_configuration.application_arn #=> String
resp.user_pool_client.analytics_configuration.role_arn #=> String
resp.user_pool_client.analytics_configuration.external_id #=> String
resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
resp.user_pool_client.enable_token_revocation #=> Boolean

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClient AWS API Documentation

@overload create_user_pool_client(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3483
def create_user_pool_client(params = {}, options = {})
  req = build_request(:create_user_pool_client, params)
  req.send_request(options)
end
create_user_pool_domain(params = {}, options = {}) click to toggle source

Creates a new domain for a user pool.

@option params [required, String] :domain

The domain string.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [Types::CustomDomainConfigType] :custom_domain_config

The configuration for a custom domain that hosts the sign-up and
sign-in webpages for your application.

Provide this parameter only if you want to use a custom domain for
your user pool. Otherwise, you can exclude this parameter and use the
Amazon Cognito hosted domain instead.

For more information about the hosted domain and custom domains, see
[Configuring a User Pool Domain][1].

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html

@return [Types::CreateUserPoolDomainResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::CreateUserPoolDomainResponse#cloud_front_domain #cloud_front_domain} => String

@example Request syntax with placeholder values

resp = client.create_user_pool_domain({
  domain: "DomainType", # required
  user_pool_id: "UserPoolIdType", # required
  custom_domain_config: {
    certificate_arn: "ArnType", # required
  },
})

@example Response structure

resp.cloud_front_domain #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolDomain AWS API Documentation

@overload create_user_pool_domain(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3533
def create_user_pool_domain(params = {}, options = {})
  req = build_request(:create_user_pool_domain, params)
  req.send_request(options)
end
delete_group(params = {}, options = {}) click to toggle source

Deletes a group.

Calling this action requires developer credentials.

@option params [required, String] :group_name

The name of the group.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.delete_group({
  group_name: "GroupNameType", # required
  user_pool_id: "UserPoolIdType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteGroup AWS API Documentation

@overload delete_group(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3561
def delete_group(params = {}, options = {})
  req = build_request(:delete_group, params)
  req.send_request(options)
end
delete_identity_provider(params = {}, options = {}) click to toggle source

Deletes an identity provider for a user pool.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :provider_name

The identity provider name.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.delete_identity_provider({
  user_pool_id: "UserPoolIdType", # required
  provider_name: "ProviderNameType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteIdentityProvider AWS API Documentation

@overload delete_identity_provider(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3587
def delete_identity_provider(params = {}, options = {})
  req = build_request(:delete_identity_provider, params)
  req.send_request(options)
end
delete_resource_server(params = {}, options = {}) click to toggle source

Deletes a resource server.

@option params [required, String] :user_pool_id

The user pool ID for the user pool that hosts the resource server.

@option params [required, String] :identifier

The identifier for the resource server.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.delete_resource_server({
  user_pool_id: "UserPoolIdType", # required
  identifier: "ResourceServerIdentifierType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteResourceServer AWS API Documentation

@overload delete_resource_server(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3613
def delete_resource_server(params = {}, options = {})
  req = build_request(:delete_resource_server, params)
  req.send_request(options)
end
delete_user(params = {}, options = {}) click to toggle source

Allows a user to delete himself or herself.

@option params [required, String] :access_token

The access token from a request to delete a user.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.delete_user({
  access_token: "TokenModelType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUser AWS API Documentation

@overload delete_user(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3635
def delete_user(params = {}, options = {})
  req = build_request(:delete_user, params)
  req.send_request(options)
end
delete_user_attributes(params = {}, options = {}) click to toggle source

Deletes the attributes for a user.

@option params [required, Array<String>] :user_attribute_names

An array of strings representing the user attribute names you wish to
delete.

For custom attributes, you must prepend the `custom:` prefix to the
attribute name.

@option params [required, String] :access_token

The access token used in the request to delete user attributes.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.delete_user_attributes({
  user_attribute_names: ["AttributeNameType"], # required
  access_token: "TokenModelType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserAttributes AWS API Documentation

@overload delete_user_attributes(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3665
def delete_user_attributes(params = {}, options = {})
  req = build_request(:delete_user_attributes, params)
  req.send_request(options)
end
delete_user_pool(params = {}, options = {}) click to toggle source

Deletes the specified Amazon Cognito user pool.

@option params [required, String] :user_pool_id

The user pool ID for the user pool you want to delete.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.delete_user_pool({
  user_pool_id: "UserPoolIdType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserPool AWS API Documentation

@overload delete_user_pool(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3687
def delete_user_pool(params = {}, options = {})
  req = build_request(:delete_user_pool, params)
  req.send_request(options)
end
delete_user_pool_client(params = {}, options = {}) click to toggle source

Allows the developer to delete the user pool client.

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to delete the
client.

@option params [required, String] :client_id

The app client ID of the app associated with the user pool.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.delete_user_pool_client({
  user_pool_id: "UserPoolIdType", # required
  client_id: "ClientIdType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserPoolClient AWS API Documentation

@overload delete_user_pool_client(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3714
def delete_user_pool_client(params = {}, options = {})
  req = build_request(:delete_user_pool_client, params)
  req.send_request(options)
end
delete_user_pool_domain(params = {}, options = {}) click to toggle source

Deletes a domain for a user pool.

@option params [required, String] :domain

The domain string.

@option params [required, String] :user_pool_id

The user pool ID.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.delete_user_pool_domain({
  domain: "DomainType", # required
  user_pool_id: "UserPoolIdType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserPoolDomain AWS API Documentation

@overload delete_user_pool_domain(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3740
def delete_user_pool_domain(params = {}, options = {})
  req = build_request(:delete_user_pool_domain, params)
  req.send_request(options)
end
describe_identity_provider(params = {}, options = {}) click to toggle source

Gets information about a specific identity provider.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :provider_name

The identity provider name.

@return [Types::DescribeIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::DescribeIdentityProviderResponse#identity_provider #identity_provider} => Types::IdentityProviderType

@example Request syntax with placeholder values

resp = client.describe_identity_provider({
  user_pool_id: "UserPoolIdType", # required
  provider_name: "ProviderNameType", # required
})

@example Response structure

resp.identity_provider.user_pool_id #=> String
resp.identity_provider.provider_name #=> String
resp.identity_provider.provider_type #=> String, one of "SAML", "Facebook", "Google", "LoginWithAmazon", "SignInWithApple", "OIDC"
resp.identity_provider.provider_details #=> Hash
resp.identity_provider.provider_details["StringType"] #=> String
resp.identity_provider.attribute_mapping #=> Hash
resp.identity_provider.attribute_mapping["AttributeMappingKeyType"] #=> String
resp.identity_provider.idp_identifiers #=> Array
resp.identity_provider.idp_identifiers[0] #=> String
resp.identity_provider.last_modified_date #=> Time
resp.identity_provider.creation_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeIdentityProvider AWS API Documentation

@overload describe_identity_provider(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3782
def describe_identity_provider(params = {}, options = {})
  req = build_request(:describe_identity_provider, params)
  req.send_request(options)
end
describe_resource_server(params = {}, options = {}) click to toggle source

Describes a resource server.

@option params [required, String] :user_pool_id

The user pool ID for the user pool that hosts the resource server.

@option params [required, String] :identifier

The identifier for the resource server

@return [Types::DescribeResourceServerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::DescribeResourceServerResponse#resource_server #resource_server} => Types::ResourceServerType

@example Request syntax with placeholder values

resp = client.describe_resource_server({
  user_pool_id: "UserPoolIdType", # required
  identifier: "ResourceServerIdentifierType", # required
})

@example Response structure

resp.resource_server.user_pool_id #=> String
resp.resource_server.identifier #=> String
resp.resource_server.name #=> String
resp.resource_server.scopes #=> Array
resp.resource_server.scopes[0].scope_name #=> String
resp.resource_server.scopes[0].scope_description #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeResourceServer AWS API Documentation

@overload describe_resource_server(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3819
def describe_resource_server(params = {}, options = {})
  req = build_request(:describe_resource_server, params)
  req.send_request(options)
end
describe_risk_configuration(params = {}, options = {}) click to toggle source

Describes the risk configuration.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [String] :client_id

The app client ID.

@return [Types::DescribeRiskConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::DescribeRiskConfigurationResponse#risk_configuration #risk_configuration} => Types::RiskConfigurationType

@example Request syntax with placeholder values

resp = client.describe_risk_configuration({
  user_pool_id: "UserPoolIdType", # required
  client_id: "ClientIdType",
})

@example Response structure

resp.risk_configuration.user_pool_id #=> String
resp.risk_configuration.client_id #=> String
resp.risk_configuration.compromised_credentials_risk_configuration.event_filter #=> Array
resp.risk_configuration.compromised_credentials_risk_configuration.event_filter[0] #=> String, one of "SIGN_IN", "PASSWORD_CHANGE", "SIGN_UP"
resp.risk_configuration.compromised_credentials_risk_configuration.actions.event_action #=> String, one of "BLOCK", "NO_ACTION"
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.from #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.reply_to #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.source_arn #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.block_email.subject #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.block_email.html_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.block_email.text_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.no_action_email.subject #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.no_action_email.html_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.no_action_email.text_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.mfa_email.subject #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.mfa_email.html_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.mfa_email.text_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.actions.low_action.notify #=> Boolean
resp.risk_configuration.account_takeover_risk_configuration.actions.low_action.event_action #=> String, one of "BLOCK", "MFA_IF_CONFIGURED", "MFA_REQUIRED", "NO_ACTION"
resp.risk_configuration.account_takeover_risk_configuration.actions.medium_action.notify #=> Boolean
resp.risk_configuration.account_takeover_risk_configuration.actions.medium_action.event_action #=> String, one of "BLOCK", "MFA_IF_CONFIGURED", "MFA_REQUIRED", "NO_ACTION"
resp.risk_configuration.account_takeover_risk_configuration.actions.high_action.notify #=> Boolean
resp.risk_configuration.account_takeover_risk_configuration.actions.high_action.event_action #=> String, one of "BLOCK", "MFA_IF_CONFIGURED", "MFA_REQUIRED", "NO_ACTION"
resp.risk_configuration.risk_exception_configuration.blocked_ip_range_list #=> Array
resp.risk_configuration.risk_exception_configuration.blocked_ip_range_list[0] #=> String
resp.risk_configuration.risk_exception_configuration.skipped_ip_range_list #=> Array
resp.risk_configuration.risk_exception_configuration.skipped_ip_range_list[0] #=> String
resp.risk_configuration.last_modified_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeRiskConfiguration AWS API Documentation

@overload describe_risk_configuration(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3878
def describe_risk_configuration(params = {}, options = {})
  req = build_request(:describe_risk_configuration, params)
  req.send_request(options)
end
describe_user_import_job(params = {}, options = {}) click to toggle source

Describes the user import job.

@option params [required, String] :user_pool_id

The user pool ID for the user pool that the users are being imported
into.

@option params [required, String] :job_id

The job ID for the user import job.

@return [Types::DescribeUserImportJobResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::DescribeUserImportJobResponse#user_import_job #user_import_job} => Types::UserImportJobType

@example Request syntax with placeholder values

resp = client.describe_user_import_job({
  user_pool_id: "UserPoolIdType", # required
  job_id: "UserImportJobIdType", # required
})

@example Response structure

resp.user_import_job.job_name #=> String
resp.user_import_job.job_id #=> String
resp.user_import_job.user_pool_id #=> String
resp.user_import_job.pre_signed_url #=> String
resp.user_import_job.creation_date #=> Time
resp.user_import_job.start_date #=> Time
resp.user_import_job.completion_date #=> Time
resp.user_import_job.status #=> String, one of "Created", "Pending", "InProgress", "Stopping", "Expired", "Stopped", "Failed", "Succeeded"
resp.user_import_job.cloud_watch_logs_role_arn #=> String
resp.user_import_job.imported_users #=> Integer
resp.user_import_job.skipped_users #=> Integer
resp.user_import_job.failed_users #=> Integer
resp.user_import_job.completion_message #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserImportJob AWS API Documentation

@overload describe_user_import_job(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 3923
def describe_user_import_job(params = {}, options = {})
  req = build_request(:describe_user_import_job, params)
  req.send_request(options)
end
describe_user_pool(params = {}, options = {}) click to toggle source

Returns the configuration information and metadata of the specified user pool.

@option params [required, String] :user_pool_id

The user pool ID for the user pool you want to describe.

@return [Types::DescribeUserPoolResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::DescribeUserPoolResponse#user_pool #user_pool} => Types::UserPoolType

@example Request syntax with placeholder values

resp = client.describe_user_pool({
  user_pool_id: "UserPoolIdType", # required
})

@example Response structure

resp.user_pool.id #=> String
resp.user_pool.name #=> String
resp.user_pool.policies.password_policy.minimum_length #=> Integer
resp.user_pool.policies.password_policy.require_uppercase #=> Boolean
resp.user_pool.policies.password_policy.require_lowercase #=> Boolean
resp.user_pool.policies.password_policy.require_numbers #=> Boolean
resp.user_pool.policies.password_policy.require_symbols #=> Boolean
resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
resp.user_pool.lambda_config.pre_sign_up #=> String
resp.user_pool.lambda_config.custom_message #=> String
resp.user_pool.lambda_config.post_confirmation #=> String
resp.user_pool.lambda_config.pre_authentication #=> String
resp.user_pool.lambda_config.post_authentication #=> String
resp.user_pool.lambda_config.define_auth_challenge #=> String
resp.user_pool.lambda_config.create_auth_challenge #=> String
resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
resp.user_pool.lambda_config.pre_token_generation #=> String
resp.user_pool.lambda_config.user_migration #=> String
resp.user_pool.lambda_config.custom_sms_sender.lambda_version #=> String, one of "V1_0"
resp.user_pool.lambda_config.custom_sms_sender.lambda_arn #=> String
resp.user_pool.lambda_config.custom_email_sender.lambda_version #=> String, one of "V1_0"
resp.user_pool.lambda_config.custom_email_sender.lambda_arn #=> String
resp.user_pool.lambda_config.kms_key_id #=> String
resp.user_pool.status #=> String, one of "Enabled", "Disabled"
resp.user_pool.last_modified_date #=> Time
resp.user_pool.creation_date #=> Time
resp.user_pool.schema_attributes #=> Array
resp.user_pool.schema_attributes[0].name #=> String
resp.user_pool.schema_attributes[0].attribute_data_type #=> String, one of "String", "Number", "DateTime", "Boolean"
resp.user_pool.schema_attributes[0].developer_only_attribute #=> Boolean
resp.user_pool.schema_attributes[0].mutable #=> Boolean
resp.user_pool.schema_attributes[0].required #=> Boolean
resp.user_pool.schema_attributes[0].number_attribute_constraints.min_value #=> String
resp.user_pool.schema_attributes[0].number_attribute_constraints.max_value #=> String
resp.user_pool.schema_attributes[0].string_attribute_constraints.min_length #=> String
resp.user_pool.schema_attributes[0].string_attribute_constraints.max_length #=> String
resp.user_pool.auto_verified_attributes #=> Array
resp.user_pool.auto_verified_attributes[0] #=> String, one of "phone_number", "email"
resp.user_pool.alias_attributes #=> Array
resp.user_pool.alias_attributes[0] #=> String, one of "phone_number", "email", "preferred_username"
resp.user_pool.username_attributes #=> Array
resp.user_pool.username_attributes[0] #=> String, one of "phone_number", "email"
resp.user_pool.sms_verification_message #=> String
resp.user_pool.email_verification_message #=> String
resp.user_pool.email_verification_subject #=> String
resp.user_pool.verification_message_template.sms_message #=> String
resp.user_pool.verification_message_template.email_message #=> String
resp.user_pool.verification_message_template.email_subject #=> String
resp.user_pool.verification_message_template.email_message_by_link #=> String
resp.user_pool.verification_message_template.email_subject_by_link #=> String
resp.user_pool.verification_message_template.default_email_option #=> String, one of "CONFIRM_WITH_LINK", "CONFIRM_WITH_CODE"
resp.user_pool.sms_authentication_message #=> String
resp.user_pool.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
resp.user_pool.device_configuration.challenge_required_on_new_device #=> Boolean
resp.user_pool.device_configuration.device_only_remembered_on_user_prompt #=> Boolean
resp.user_pool.estimated_number_of_users #=> Integer
resp.user_pool.email_configuration.source_arn #=> String
resp.user_pool.email_configuration.reply_to_email_address #=> String
resp.user_pool.email_configuration.email_sending_account #=> String, one of "COGNITO_DEFAULT", "DEVELOPER"
resp.user_pool.email_configuration.from #=> String
resp.user_pool.email_configuration.configuration_set #=> String
resp.user_pool.sms_configuration.sns_caller_arn #=> String
resp.user_pool.sms_configuration.external_id #=> String
resp.user_pool.user_pool_tags #=> Hash
resp.user_pool.user_pool_tags["TagKeysType"] #=> String
resp.user_pool.sms_configuration_failure #=> String
resp.user_pool.email_configuration_failure #=> String
resp.user_pool.domain #=> String
resp.user_pool.custom_domain #=> String
resp.user_pool.admin_create_user_config.allow_admin_create_user_only #=> Boolean
resp.user_pool.admin_create_user_config.unused_account_validity_days #=> Integer
resp.user_pool.admin_create_user_config.invite_message_template.sms_message #=> String
resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
resp.user_pool.username_configuration.case_sensitive #=> Boolean
resp.user_pool.arn #=> String
resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
resp.user_pool.account_recovery_setting.recovery_mechanisms[0].priority #=> Integer
resp.user_pool.account_recovery_setting.recovery_mechanisms[0].name #=> String, one of "verified_email", "verified_phone_number", "admin_only"

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPool AWS API Documentation

@overload describe_user_pool(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4031
def describe_user_pool(params = {}, options = {})
  req = build_request(:describe_user_pool, params)
  req.send_request(options)
end
describe_user_pool_client(params = {}, options = {}) click to toggle source

Client method for returning the configuration information and metadata of the specified user pool app client.

@option params [required, String] :user_pool_id

The user pool ID for the user pool you want to describe.

@option params [required, String] :client_id

The app client ID of the app associated with the user pool.

@return [Types::DescribeUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::DescribeUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType

@example Request syntax with placeholder values

resp = client.describe_user_pool_client({
  user_pool_id: "UserPoolIdType", # required
  client_id: "ClientIdType", # required
})

@example Response structure

resp.user_pool_client.user_pool_id #=> String
resp.user_pool_client.client_name #=> String
resp.user_pool_client.client_id #=> String
resp.user_pool_client.client_secret #=> String
resp.user_pool_client.last_modified_date #=> Time
resp.user_pool_client.creation_date #=> Time
resp.user_pool_client.refresh_token_validity #=> Integer
resp.user_pool_client.access_token_validity #=> Integer
resp.user_pool_client.id_token_validity #=> Integer
resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
resp.user_pool_client.read_attributes #=> Array
resp.user_pool_client.read_attributes[0] #=> String
resp.user_pool_client.write_attributes #=> Array
resp.user_pool_client.write_attributes[0] #=> String
resp.user_pool_client.explicit_auth_flows #=> Array
resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"
resp.user_pool_client.supported_identity_providers #=> Array
resp.user_pool_client.supported_identity_providers[0] #=> String
resp.user_pool_client.callback_urls #=> Array
resp.user_pool_client.callback_urls[0] #=> String
resp.user_pool_client.logout_urls #=> Array
resp.user_pool_client.logout_urls[0] #=> String
resp.user_pool_client.default_redirect_uri #=> String
resp.user_pool_client.allowed_o_auth_flows #=> Array
resp.user_pool_client.allowed_o_auth_flows[0] #=> String, one of "code", "implicit", "client_credentials"
resp.user_pool_client.allowed_o_auth_scopes #=> Array
resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
resp.user_pool_client.analytics_configuration.application_id #=> String
resp.user_pool_client.analytics_configuration.application_arn #=> String
resp.user_pool_client.analytics_configuration.role_arn #=> String
resp.user_pool_client.analytics_configuration.external_id #=> String
resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
resp.user_pool_client.enable_token_revocation #=> Boolean

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolClient AWS API Documentation

@overload describe_user_pool_client(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4100
def describe_user_pool_client(params = {}, options = {})
  req = build_request(:describe_user_pool_client, params)
  req.send_request(options)
end
describe_user_pool_domain(params = {}, options = {}) click to toggle source

Gets information about a domain.

@option params [required, String] :domain

The domain string.

@return [Types::DescribeUserPoolDomainResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::DescribeUserPoolDomainResponse#domain_description #domain_description} => Types::DomainDescriptionType

@example Request syntax with placeholder values

resp = client.describe_user_pool_domain({
  domain: "DomainType", # required
})

@example Response structure

resp.domain_description.user_pool_id #=> String
resp.domain_description.aws_account_id #=> String
resp.domain_description.domain #=> String
resp.domain_description.s3_bucket #=> String
resp.domain_description.cloud_front_distribution #=> String
resp.domain_description.version #=> String
resp.domain_description.status #=> String, one of "CREATING", "DELETING", "UPDATING", "ACTIVE", "FAILED"
resp.domain_description.custom_domain_config.certificate_arn #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolDomain AWS API Documentation

@overload describe_user_pool_domain(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4135
def describe_user_pool_domain(params = {}, options = {})
  req = build_request(:describe_user_pool_domain, params)
  req.send_request(options)
end
forget_device(params = {}, options = {}) click to toggle source

Forgets the specified device.

@option params [String] :access_token

The access token for the forgotten device request.

@option params [required, String] :device_key

The device key.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.forget_device({
  access_token: "TokenModelType",
  device_key: "DeviceKeyType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ForgetDevice AWS API Documentation

@overload forget_device(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4161
def forget_device(params = {}, options = {})
  req = build_request(:forget_device, params)
  req.send_request(options)
end
forgot_password(params = {}, options = {}) click to toggle source

Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the `Username` parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see

Recovering User Accounts][1

in the *Amazon Cognito Developer Guide*.

If neither a verified phone number nor a verified email exists, an `InvalidParameterException` is thrown. To use the confirmation code for resetting the password, call [ConfirmForgotPassword].

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html [2]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html [3]: console.aws.amazon.com/pinpoint/home/ [4]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :client_id

The ID of the client associated with the user pool.

@option params [String] :secret_hash

A keyed-hash message authentication code (HMAC) calculated using the
secret key of a user pool client and username plus the client ID in
the message.

@option params [Types::UserContextDataType] :user_context_data

Contextual data such as the user's device fingerprint, IP address, or
location used for evaluating the risk of an unexpected event by Amazon
Cognito advanced security.

@option params [required, String] :username

The user name of the user for whom you want to enter a code to reset a
forgotten password.

@option params [Types::AnalyticsMetadataType] :analytics_metadata

The Amazon Pinpoint analytics metadata for collecting metrics for
`ForgotPassword` calls.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the ForgotPassword API action, Amazon Cognito
invokes any functions that are assigned to the following triggers:
*pre sign-up*, *custom message*, and *user migration*. When Amazon
Cognito invokes any of these functions, it passes a JSON payload,
which the function receives as input. This payload contains a
`clientMetadata` attribute, which provides the data that you assigned
to the ClientMetadata parameter in your ForgotPassword request. In
your function code in Lambda, you can process the `clientMetadata`
value to enhance your workflow for your specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Types::ForgotPasswordResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ForgotPasswordResponse#code_delivery_details #code_delivery_details} => Types::CodeDeliveryDetailsType

@example Request syntax with placeholder values

resp = client.forgot_password({
  client_id: "ClientIdType", # required
  secret_hash: "SecretHashType",
  user_context_data: {
    encoded_data: "StringType",
  },
  username: "UsernameType", # required
  analytics_metadata: {
    analytics_endpoint_id: "StringType",
  },
  client_metadata: {
    "StringType" => "StringType",
  },
})

@example Response structure

resp.code_delivery_details.destination #=> String
resp.code_delivery_details.delivery_medium #=> String, one of "SMS", "EMAIL"
resp.code_delivery_details.attribute_name #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ForgotPassword AWS API Documentation

@overload forgot_password(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4294
def forgot_password(params = {}, options = {})
  req = build_request(:forgot_password, params)
  req.send_request(options)
end
get_csv_header(params = {}, options = {}) click to toggle source

Gets the header information for the .csv file to be used as input for the user import job.

@option params [required, String] :user_pool_id

The user pool ID for the user pool that the users are to be imported
into.

@return [Types::GetCSVHeaderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::GetCSVHeaderResponse#user_pool_id #user_pool_id} => String
* {Types::GetCSVHeaderResponse#csv_header #csv_header} => Array&lt;String&gt;

@example Request syntax with placeholder values

resp = client.get_csv_header({
  user_pool_id: "UserPoolIdType", # required
})

@example Response structure

resp.user_pool_id #=> String
resp.csv_header #=> Array
resp.csv_header[0] #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetCSVHeader AWS API Documentation

@overload get_csv_header(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4327
def get_csv_header(params = {}, options = {})
  req = build_request(:get_csv_header, params)
  req.send_request(options)
end
get_device(params = {}, options = {}) click to toggle source

Gets the device.

@option params [required, String] :device_key

The device key.

@option params [String] :access_token

The access token.

@return [Types::GetDeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::GetDeviceResponse#device #device} => Types::DeviceType

@example Request syntax with placeholder values

resp = client.get_device({
  device_key: "DeviceKeyType", # required
  access_token: "TokenModelType",
})

@example Response structure

resp.device.device_key #=> String
resp.device.device_attributes #=> Array
resp.device.device_attributes[0].name #=> String
resp.device.device_attributes[0].value #=> String
resp.device.device_create_date #=> Time
resp.device.device_last_modified_date #=> Time
resp.device.device_last_authenticated_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetDevice AWS API Documentation

@overload get_device(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4365
def get_device(params = {}, options = {})
  req = build_request(:get_device, params)
  req.send_request(options)
end
get_group(params = {}, options = {}) click to toggle source

Gets a group.

Calling this action requires developer credentials.

@option params [required, String] :group_name

The name of the group.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@return [Types::GetGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::GetGroupResponse#group #group} => Types::GroupType

@example Request syntax with placeholder values

resp = client.get_group({
  group_name: "GroupNameType", # required
  user_pool_id: "UserPoolIdType", # required
})

@example Response structure

resp.group.group_name #=> String
resp.group.user_pool_id #=> String
resp.group.description #=> String
resp.group.role_arn #=> String
resp.group.precedence #=> Integer
resp.group.last_modified_date #=> Time
resp.group.creation_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetGroup AWS API Documentation

@overload get_group(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4405
def get_group(params = {}, options = {})
  req = build_request(:get_group, params)
  req.send_request(options)
end
get_identity_provider_by_identifier(params = {}, options = {}) click to toggle source

Gets the specified identity provider.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :idp_identifier

The identity provider ID.

@return [Types::GetIdentityProviderByIdentifierResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::GetIdentityProviderByIdentifierResponse#identity_provider #identity_provider} => Types::IdentityProviderType

@example Request syntax with placeholder values

resp = client.get_identity_provider_by_identifier({
  user_pool_id: "UserPoolIdType", # required
  idp_identifier: "IdpIdentifierType", # required
})

@example Response structure

resp.identity_provider.user_pool_id #=> String
resp.identity_provider.provider_name #=> String
resp.identity_provider.provider_type #=> String, one of "SAML", "Facebook", "Google", "LoginWithAmazon", "SignInWithApple", "OIDC"
resp.identity_provider.provider_details #=> Hash
resp.identity_provider.provider_details["StringType"] #=> String
resp.identity_provider.attribute_mapping #=> Hash
resp.identity_provider.attribute_mapping["AttributeMappingKeyType"] #=> String
resp.identity_provider.idp_identifiers #=> Array
resp.identity_provider.idp_identifiers[0] #=> String
resp.identity_provider.last_modified_date #=> Time
resp.identity_provider.creation_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier AWS API Documentation

@overload get_identity_provider_by_identifier(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4447
def get_identity_provider_by_identifier(params = {}, options = {})
  req = build_request(:get_identity_provider_by_identifier, params)
  req.send_request(options)
end
get_signing_certificate(params = {}, options = {}) click to toggle source

This method takes a user pool ID, and returns the signing certificate.

@option params [required, String] :user_pool_id

The user pool ID.

@return [Types::GetSigningCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::GetSigningCertificateResponse#certificate #certificate} => String

@example Request syntax with placeholder values

resp = client.get_signing_certificate({
  user_pool_id: "UserPoolIdType", # required
})

@example Response structure

resp.certificate #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetSigningCertificate AWS API Documentation

@overload get_signing_certificate(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4475
def get_signing_certificate(params = {}, options = {})
  req = build_request(:get_signing_certificate, params)
  req.send_request(options)
end
get_ui_customization(params = {}, options = {}) click to toggle source

Gets the UI Customization information for a particular app client's app UI, if there is something set. If nothing is set for the particular client, but there is an existing pool level customization (app `clientId` will be `ALL`), then that is returned. If nothing is present, then an empty shape is returned.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [String] :client_id

The client ID for the client app.

@return [Types::GetUICustomizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::GetUICustomizationResponse#ui_customization #ui_customization} => Types::UICustomizationType

@example Request syntax with placeholder values

resp = client.get_ui_customization({
  user_pool_id: "UserPoolIdType", # required
  client_id: "ClientIdType",
})

@example Response structure

resp.ui_customization.user_pool_id #=> String
resp.ui_customization.client_id #=> String
resp.ui_customization.image_url #=> String
resp.ui_customization.css #=> String
resp.ui_customization.css_version #=> String
resp.ui_customization.last_modified_date #=> Time
resp.ui_customization.creation_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUICustomization AWS API Documentation

@overload get_ui_customization(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4517
def get_ui_customization(params = {}, options = {})
  req = build_request(:get_ui_customization, params)
  req.send_request(options)
end
get_user(params = {}, options = {}) click to toggle source

Gets the user attributes and metadata for a user.

@option params [required, String] :access_token

The access token returned by the server response to get information
about the user.

@return [Types::GetUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::GetUserResponse#username #username} => String
* {Types::GetUserResponse#user_attributes #user_attributes} => Array&lt;Types::AttributeType&gt;
* {Types::GetUserResponse#mfa_options #mfa_options} => Array&lt;Types::MFAOptionType&gt;
* {Types::GetUserResponse#preferred_mfa_setting #preferred_mfa_setting} => String
* {Types::GetUserResponse#user_mfa_setting_list #user_mfa_setting_list} => Array&lt;String&gt;

@example Request syntax with placeholder values

resp = client.get_user({
  access_token: "TokenModelType", # required
})

@example Response structure

resp.username #=> String
resp.user_attributes #=> Array
resp.user_attributes[0].name #=> String
resp.user_attributes[0].value #=> String
resp.mfa_options #=> Array
resp.mfa_options[0].delivery_medium #=> String, one of "SMS", "EMAIL"
resp.mfa_options[0].attribute_name #=> String
resp.preferred_mfa_setting #=> String
resp.user_mfa_setting_list #=> Array
resp.user_mfa_setting_list[0] #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUser AWS API Documentation

@overload get_user(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4559
def get_user(params = {}, options = {})
  req = build_request(:get_user, params)
  req.send_request(options)
end
get_user_attribute_verification_code(params = {}, options = {}) click to toggle source

Gets the user attribute verification code for the specified attribute name.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :access_token

The access token returned by the server response to get the user
attribute verification code.

@option params [required, String] :attribute_name

The attribute name returned by the server response to get the user
attribute verification code.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the GetUserAttributeVerificationCode API
action, Amazon Cognito invokes the function that is assigned to the
*custom message* trigger. When Amazon Cognito invokes this function,
it passes a JSON payload, which the function receives as input. This
payload contains a `clientMetadata` attribute, which provides the data
that you assigned to the ClientMetadata parameter in your
GetUserAttributeVerificationCode request. In your function code in
Lambda, you can process the `clientMetadata` value to enhance your
workflow for your specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Types::GetUserAttributeVerificationCodeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::GetUserAttributeVerificationCodeResponse#code_delivery_details #code_delivery_details} => Types::CodeDeliveryDetailsType

@example Request syntax with placeholder values

resp = client.get_user_attribute_verification_code({
  access_token: "TokenModelType", # required
  attribute_name: "AttributeNameType", # required
  client_metadata: {
    "StringType" => "StringType",
  },
})

@example Response structure

resp.code_delivery_details.destination #=> String
resp.code_delivery_details.delivery_medium #=> String, one of "SMS", "EMAIL"
resp.code_delivery_details.attribute_name #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserAttributeVerificationCode AWS API Documentation

@overload get_user_attribute_verification_code(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4663
def get_user_attribute_verification_code(params = {}, options = {})
  req = build_request(:get_user_attribute_verification_code, params)
  req.send_request(options)
end
get_user_pool_mfa_config(params = {}, options = {}) click to toggle source

Gets the user pool multi-factor authentication (MFA) configuration.

@option params [required, String] :user_pool_id

The user pool ID.

@return [Types::GetUserPoolMfaConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::GetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
* {Types::GetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
* {Types::GetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String

@example Request syntax with placeholder values

resp = client.get_user_pool_mfa_config({
  user_pool_id: "UserPoolIdType", # required
})

@example Response structure

resp.sms_mfa_configuration.sms_authentication_message #=> String
resp.sms_mfa_configuration.sms_configuration.sns_caller_arn #=> String
resp.sms_mfa_configuration.sms_configuration.external_id #=> String
resp.software_token_mfa_configuration.enabled #=> Boolean
resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserPoolMfaConfig AWS API Documentation

@overload get_user_pool_mfa_config(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4697
def get_user_pool_mfa_config(params = {}, options = {})
  req = build_request(:get_user_pool_mfa_config, params)
  req.send_request(options)
end
global_sign_out(params = {}, options = {}) click to toggle source

Signs out users from all devices. It also invalidates all refresh tokens issued to a user. The user's current access and Id tokens remain valid until their expiry. Access and Id tokens expire one hour after they are issued.

@option params [required, String] :access_token

The access token.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.global_sign_out({
  access_token: "TokenModelType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GlobalSignOut AWS API Documentation

@overload global_sign_out(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4722
def global_sign_out(params = {}, options = {})
  req = build_request(:global_sign_out, params)
  req.send_request(options)
end
initiate_auth(params = {}, options = {}) click to toggle source

Initiates the authentication flow.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :auth_flow

The authentication flow for this call to execute. The API action will
depend on this value. For example:

* `REFRESH_TOKEN_AUTH` will take in a valid refresh token and return
  new tokens.

* `USER_SRP_AUTH` will take in `USERNAME` and `SRP_A` and return the
  SRP variables to be used for next challenge execution.

* `USER_PASSWORD_AUTH` will take in `USERNAME` and `PASSWORD` and
  return the next challenge or tokens.

Valid values include:

* `USER_SRP_AUTH`\: Authentication flow for the Secure Remote Password
  (SRP) protocol.

* `REFRESH_TOKEN_AUTH`/`REFRESH_TOKEN`\: Authentication flow for
  refreshing the access token and ID token by supplying a valid
  refresh token.

* `CUSTOM_AUTH`\: Custom authentication flow.

* `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; USERNAME and
  PASSWORD are passed directly. If a user migration Lambda trigger is
  set, this flow will invoke the user migration Lambda if the USERNAME
  is not found in the user pool.

* `ADMIN_USER_PASSWORD_AUTH`\: Admin-based user password
  authentication. This replaces the `ADMIN_NO_SRP_AUTH` authentication
  flow. In this flow, Cognito receives the password in the request
  instead of using the SRP process to verify passwords.

`ADMIN_NO_SRP_AUTH` is not a valid value.

@option params [Hash<String,String>] :auth_parameters

The authentication parameters. These are inputs corresponding to the
`AuthFlow` that you are invoking. The required values depend on the
value of `AuthFlow`\:

* For `USER_SRP_AUTH`\: `USERNAME` (required), `SRP_A` (required),
  `SECRET_HASH` (required if the app client is configured with a
  client secret), `DEVICE_KEY`.

* For `REFRESH_TOKEN_AUTH/REFRESH_TOKEN`\: `REFRESH_TOKEN` (required),
  `SECRET_HASH` (required if the app client is configured with a
  client secret), `DEVICE_KEY`.

* For `CUSTOM_AUTH`\: `USERNAME` (required), `SECRET_HASH` (if app
  client is configured with client secret), `DEVICE_KEY`. To start the
  authentication flow with password verification, include
  `ChallengeName: SRP_A` and `SRP_A: (The SRP_A Value)`.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for
certain custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the InitiateAuth API action, Amazon Cognito
invokes the Lambda functions that are specified for various triggers.
The ClientMetadata value is passed as input to the functions for only
the following triggers:

* Pre signup

* Pre authentication

* User migration

When Amazon Cognito invokes the functions for these triggers, it
passes a JSON payload, which the function receives as input. This
payload contains a `validationData` attribute, which provides the data
that you assigned to the ClientMetadata parameter in your InitiateAuth
request. In your function code in Lambda, you can process the
`validationData` value to enhance your workflow for your specific
needs.

When you use the InitiateAuth API action, Amazon Cognito also invokes
the functions for the following triggers, but it does not provide the
ClientMetadata value as input:

* Post authentication

* Custom message

* Pre token generation

* Create auth challenge

* Define auth challenge

* Verify auth challenge

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@option params [required, String] :client_id

The app client ID.

@option params [Types::AnalyticsMetadataType] :analytics_metadata

The Amazon Pinpoint analytics metadata for collecting metrics for
`InitiateAuth` calls.

@option params [Types::UserContextDataType] :user_context_data

Contextual data such as the user's device fingerprint, IP address, or
location used for evaluating the risk of an unexpected event by Amazon
Cognito advanced security.

@return [Types::InitiateAuthResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::InitiateAuthResponse#challenge_name #challenge_name} => String
* {Types::InitiateAuthResponse#session #session} => String
* {Types::InitiateAuthResponse#challenge_parameters #challenge_parameters} => Hash&lt;String,String&gt;
* {Types::InitiateAuthResponse#authentication_result #authentication_result} => Types::AuthenticationResultType

@example Request syntax with placeholder values

resp = client.initiate_auth({
  auth_flow: "USER_SRP_AUTH", # required, accepts USER_SRP_AUTH, REFRESH_TOKEN_AUTH, REFRESH_TOKEN, CUSTOM_AUTH, ADMIN_NO_SRP_AUTH, USER_PASSWORD_AUTH, ADMIN_USER_PASSWORD_AUTH
  auth_parameters: {
    "StringType" => "StringType",
  },
  client_metadata: {
    "StringType" => "StringType",
  },
  client_id: "ClientIdType", # required
  analytics_metadata: {
    analytics_endpoint_id: "StringType",
  },
  user_context_data: {
    encoded_data: "StringType",
  },
})

@example Response structure

resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
resp.session #=> String
resp.challenge_parameters #=> Hash
resp.challenge_parameters["StringType"] #=> String
resp.authentication_result.access_token #=> String
resp.authentication_result.expires_in #=> Integer
resp.authentication_result.token_type #=> String
resp.authentication_result.refresh_token #=> String
resp.authentication_result.id_token #=> String
resp.authentication_result.new_device_metadata.device_key #=> String
resp.authentication_result.new_device_metadata.device_group_key #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InitiateAuth AWS API Documentation

@overload initiate_auth(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4928
def initiate_auth(params = {}, options = {})
  req = build_request(:initiate_auth, params)
  req.send_request(options)
end
list_devices(params = {}, options = {}) click to toggle source

Lists the devices.

@option params [required, String] :access_token

The access tokens for the request to list devices.

@option params [Integer] :limit

The limit of the device request.

@option params [String] :pagination_token

The pagination token for the list request.

@return [Types::ListDevicesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListDevicesResponse#devices #devices} => Array&lt;Types::DeviceType&gt;
* {Types::ListDevicesResponse#pagination_token #pagination_token} => String

@example Request syntax with placeholder values

resp = client.list_devices({
  access_token: "TokenModelType", # required
  limit: 1,
  pagination_token: "SearchPaginationTokenType",
})

@example Response structure

resp.devices #=> Array
resp.devices[0].device_key #=> String
resp.devices[0].device_attributes #=> Array
resp.devices[0].device_attributes[0].name #=> String
resp.devices[0].device_attributes[0].value #=> String
resp.devices[0].device_create_date #=> Time
resp.devices[0].device_last_modified_date #=> Time
resp.devices[0].device_last_authenticated_date #=> Time
resp.pagination_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListDevices AWS API Documentation

@overload list_devices(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 4973
def list_devices(params = {}, options = {})
  req = build_request(:list_devices, params)
  req.send_request(options)
end
list_groups(params = {}, options = {}) click to toggle source

Lists the groups associated with a user pool.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [Integer] :limit

The limit of the request to list groups.

@option params [String] :next_token

An identifier that was returned from the previous call to this
operation, which can be used to return the next set of items in the
list.

@return [Types::ListGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListGroupsResponse#groups #groups} => Array&lt;Types::GroupType&gt;
* {Types::ListGroupsResponse#next_token #next_token} => String

The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.

@example Request syntax with placeholder values

resp = client.list_groups({
  user_pool_id: "UserPoolIdType", # required
  limit: 1,
  next_token: "PaginationKey",
})

@example Response structure

resp.groups #=> Array
resp.groups[0].group_name #=> String
resp.groups[0].user_pool_id #=> String
resp.groups[0].description #=> String
resp.groups[0].role_arn #=> String
resp.groups[0].precedence #=> Integer
resp.groups[0].last_modified_date #=> Time
resp.groups[0].creation_date #=> Time
resp.next_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListGroups AWS API Documentation

@overload list_groups(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5024
def list_groups(params = {}, options = {})
  req = build_request(:list_groups, params)
  req.send_request(options)
end
list_identity_providers(params = {}, options = {}) click to toggle source

Lists information about all identity providers for a user pool.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [Integer] :max_results

The maximum number of identity providers to return.

@option params [String] :next_token

A pagination token.

@return [Types::ListIdentityProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListIdentityProvidersResponse#providers #providers} => Array&lt;Types::ProviderDescription&gt;
* {Types::ListIdentityProvidersResponse#next_token #next_token} => String

The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.

@example Request syntax with placeholder values

resp = client.list_identity_providers({
  user_pool_id: "UserPoolIdType", # required
  max_results: 1,
  next_token: "PaginationKeyType",
})

@example Response structure

resp.providers #=> Array
resp.providers[0].provider_name #=> String
resp.providers[0].provider_type #=> String, one of "SAML", "Facebook", "Google", "LoginWithAmazon", "SignInWithApple", "OIDC"
resp.providers[0].last_modified_date #=> Time
resp.providers[0].creation_date #=> Time
resp.next_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListIdentityProviders AWS API Documentation

@overload list_identity_providers(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5068
def list_identity_providers(params = {}, options = {})
  req = build_request(:list_identity_providers, params)
  req.send_request(options)
end
list_resource_servers(params = {}, options = {}) click to toggle source

Lists the resource servers for a user pool.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [Integer] :max_results

The maximum number of resource servers to return.

@option params [String] :next_token

A pagination token.

@return [Types::ListResourceServersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListResourceServersResponse#resource_servers #resource_servers} => Array&lt;Types::ResourceServerType&gt;
* {Types::ListResourceServersResponse#next_token #next_token} => String

The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.

@example Request syntax with placeholder values

resp = client.list_resource_servers({
  user_pool_id: "UserPoolIdType", # required
  max_results: 1,
  next_token: "PaginationKeyType",
})

@example Response structure

resp.resource_servers #=> Array
resp.resource_servers[0].user_pool_id #=> String
resp.resource_servers[0].identifier #=> String
resp.resource_servers[0].name #=> String
resp.resource_servers[0].scopes #=> Array
resp.resource_servers[0].scopes[0].scope_name #=> String
resp.resource_servers[0].scopes[0].scope_description #=> String
resp.next_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListResourceServers AWS API Documentation

@overload list_resource_servers(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5114
def list_resource_servers(params = {}, options = {})
  req = build_request(:list_resource_servers, params)
  req.send_request(options)
end
list_tags_for_resource(params = {}, options = {}) click to toggle source

Lists the tags that are assigned to an Amazon Cognito user pool.

A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.

You can use this action up to 10 times per second, per account.

@option params [required, String] :resource_arn

The Amazon Resource Name (ARN) of the user pool that the tags are
assigned to.

@return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListTagsForResourceResponse#tags #tags} => Hash&lt;String,String&gt;

@example Request syntax with placeholder values

resp = client.list_tags_for_resource({
  resource_arn: "ArnType", # required
})

@example Response structure

resp.tags #=> Hash
resp.tags["TagKeysType"] #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListTagsForResource AWS API Documentation

@overload list_tags_for_resource(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5150
def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end
list_user_import_jobs(params = {}, options = {}) click to toggle source

Lists the user import jobs.

@option params [required, String] :user_pool_id

The user pool ID for the user pool that the users are being imported
into.

@option params [required, Integer] :max_results

The maximum number of import jobs you want the request to return.

@option params [String] :pagination_token

An identifier that was returned from the previous call to
`ListUserImportJobs`, which can be used to return the next set of
import jobs in the list.

@return [Types::ListUserImportJobsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListUserImportJobsResponse#user_import_jobs #user_import_jobs} => Array&lt;Types::UserImportJobType&gt;
* {Types::ListUserImportJobsResponse#pagination_token #pagination_token} => String

@example Request syntax with placeholder values

resp = client.list_user_import_jobs({
  user_pool_id: "UserPoolIdType", # required
  max_results: 1, # required
  pagination_token: "PaginationKeyType",
})

@example Response structure

resp.user_import_jobs #=> Array
resp.user_import_jobs[0].job_name #=> String
resp.user_import_jobs[0].job_id #=> String
resp.user_import_jobs[0].user_pool_id #=> String
resp.user_import_jobs[0].pre_signed_url #=> String
resp.user_import_jobs[0].creation_date #=> Time
resp.user_import_jobs[0].start_date #=> Time
resp.user_import_jobs[0].completion_date #=> Time
resp.user_import_jobs[0].status #=> String, one of "Created", "Pending", "InProgress", "Stopping", "Expired", "Stopped", "Failed", "Succeeded"
resp.user_import_jobs[0].cloud_watch_logs_role_arn #=> String
resp.user_import_jobs[0].imported_users #=> Integer
resp.user_import_jobs[0].skipped_users #=> Integer
resp.user_import_jobs[0].failed_users #=> Integer
resp.user_import_jobs[0].completion_message #=> String
resp.pagination_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListUserImportJobs AWS API Documentation

@overload list_user_import_jobs(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5204
def list_user_import_jobs(params = {}, options = {})
  req = build_request(:list_user_import_jobs, params)
  req.send_request(options)
end
list_user_pool_clients(params = {}, options = {}) click to toggle source

Lists the clients that have been created for the specified user pool.

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to list user pool
clients.

@option params [Integer] :max_results

The maximum number of results you want the request to return when
listing the user pool clients.

@option params [String] :next_token

An identifier that was returned from the previous call to this
operation, which can be used to return the next set of items in the
list.

@return [Types::ListUserPoolClientsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListUserPoolClientsResponse#user_pool_clients #user_pool_clients} => Array&lt;Types::UserPoolClientDescription&gt;
* {Types::ListUserPoolClientsResponse#next_token #next_token} => String

The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.

@example Request syntax with placeholder values

resp = client.list_user_pool_clients({
  user_pool_id: "UserPoolIdType", # required
  max_results: 1,
  next_token: "PaginationKey",
})

@example Response structure

resp.user_pool_clients #=> Array
resp.user_pool_clients[0].client_id #=> String
resp.user_pool_clients[0].user_pool_id #=> String
resp.user_pool_clients[0].client_name #=> String
resp.next_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListUserPoolClients AWS API Documentation

@overload list_user_pool_clients(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5251
def list_user_pool_clients(params = {}, options = {})
  req = build_request(:list_user_pool_clients, params)
  req.send_request(options)
end
list_user_pools(params = {}, options = {}) click to toggle source

Lists the user pools associated with an account.

@option params [String] :next_token

An identifier that was returned from the previous call to this
operation, which can be used to return the next set of items in the
list.

@option params [required, Integer] :max_results

The maximum number of results you want the request to return when
listing the user pools.

@return [Types::ListUserPoolsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListUserPoolsResponse#user_pools #user_pools} => Array&lt;Types::UserPoolDescriptionType&gt;
* {Types::ListUserPoolsResponse#next_token #next_token} => String

The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.

@example Request syntax with placeholder values

resp = client.list_user_pools({
  next_token: "PaginationKeyType",
  max_results: 1, # required
})

@example Response structure

resp.user_pools #=> Array
resp.user_pools[0].id #=> String
resp.user_pools[0].name #=> String
resp.user_pools[0].lambda_config.pre_sign_up #=> String
resp.user_pools[0].lambda_config.custom_message #=> String
resp.user_pools[0].lambda_config.post_confirmation #=> String
resp.user_pools[0].lambda_config.pre_authentication #=> String
resp.user_pools[0].lambda_config.post_authentication #=> String
resp.user_pools[0].lambda_config.define_auth_challenge #=> String
resp.user_pools[0].lambda_config.create_auth_challenge #=> String
resp.user_pools[0].lambda_config.verify_auth_challenge_response #=> String
resp.user_pools[0].lambda_config.pre_token_generation #=> String
resp.user_pools[0].lambda_config.user_migration #=> String
resp.user_pools[0].lambda_config.custom_sms_sender.lambda_version #=> String, one of "V1_0"
resp.user_pools[0].lambda_config.custom_sms_sender.lambda_arn #=> String
resp.user_pools[0].lambda_config.custom_email_sender.lambda_version #=> String, one of "V1_0"
resp.user_pools[0].lambda_config.custom_email_sender.lambda_arn #=> String
resp.user_pools[0].lambda_config.kms_key_id #=> String
resp.user_pools[0].status #=> String, one of "Enabled", "Disabled"
resp.user_pools[0].last_modified_date #=> Time
resp.user_pools[0].creation_date #=> Time
resp.next_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListUserPools AWS API Documentation

@overload list_user_pools(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5310
def list_user_pools(params = {}, options = {})
  req = build_request(:list_user_pools, params)
  req.send_request(options)
end
list_users(params = {}, options = {}) click to toggle source

Lists the users in the Amazon Cognito user pool.

@option params [required, String] :user_pool_id

The user pool ID for the user pool on which the search should be
performed.

@option params [Array<String>] :attributes_to_get

An array of strings, where each string is the name of a user attribute
to be returned for each user in the search results. If the array is
null, all attributes are returned.

@option params [Integer] :limit

Maximum number of users to be returned.

@option params [String] :pagination_token

An identifier that was returned from the previous call to this
operation, which can be used to return the next set of items in the
list.

@option params [String] :filter

A filter string of the form "*AttributeName* *Filter-Type*
"*AttributeValue*"". Quotation marks within the filter string must
be escaped using the backslash (\\) character. For example,
"`family_name` = \\"Reddy\\"".

* *AttributeName*\: The name of the attribute to search for. You can
  only search for one attribute at a time.

* *Filter-Type*\: For an exact match, use =, for example,
  "`given_name` = \\"Jon\\"". For a prefix ("starts with")
  match, use ^=, for example, "`given_name` ^= \\"Jon\\"".

* *AttributeValue*\: The attribute value that must be matched for each
  user.

If the filter string is empty, `ListUsers` returns all users in the
user pool.

You can only search for the following standard attributes:

* `username` (case-sensitive)

* `email`

* `phone_number`

* `name`

* `given_name`

* `family_name`

* `preferred_username`

* `cognito:user_status` (called **Status** in the Console)
  (case-insensitive)

* `status (called Enabled in the Console) (case-sensitive)`

* `sub`

Custom attributes are not searchable.

For more information, see [Searching for Users Using the ListUsers
API][1] and [Examples of Using the ListUsers API][2] in the *Amazon
Cognito Developer Guide*.

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
[2]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples

@return [Types::ListUsersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListUsersResponse#users #users} => Array&lt;Types::UserType&gt;
* {Types::ListUsersResponse#pagination_token #pagination_token} => String

The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.

@example Request syntax with placeholder values

resp = client.list_users({
  user_pool_id: "UserPoolIdType", # required
  attributes_to_get: ["AttributeNameType"],
  limit: 1,
  pagination_token: "SearchPaginationTokenType",
  filter: "UserFilterType",
})

@example Response structure

resp.users #=> Array
resp.users[0].username #=> String
resp.users[0].attributes #=> Array
resp.users[0].attributes[0].name #=> String
resp.users[0].attributes[0].value #=> String
resp.users[0].user_create_date #=> Time
resp.users[0].user_last_modified_date #=> Time
resp.users[0].enabled #=> Boolean
resp.users[0].user_status #=> String, one of "UNCONFIRMED", "CONFIRMED", "ARCHIVED", "COMPROMISED", "UNKNOWN", "RESET_REQUIRED", "FORCE_CHANGE_PASSWORD"
resp.users[0].mfa_options #=> Array
resp.users[0].mfa_options[0].delivery_medium #=> String, one of "SMS", "EMAIL"
resp.users[0].mfa_options[0].attribute_name #=> String
resp.pagination_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListUsers AWS API Documentation

@overload list_users(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5424
def list_users(params = {}, options = {})
  req = build_request(:list_users, params)
  req.send_request(options)
end
list_users_in_group(params = {}, options = {}) click to toggle source

Lists the users in the specified group.

Calling this action requires developer credentials.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [required, String] :group_name

The name of the group.

@option params [Integer] :limit

The limit of the request to list users.

@option params [String] :next_token

An identifier that was returned from the previous call to this
operation, which can be used to return the next set of items in the
list.

@return [Types::ListUsersInGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ListUsersInGroupResponse#users #users} => Array&lt;Types::UserType&gt;
* {Types::ListUsersInGroupResponse#next_token #next_token} => String

The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.

@example Request syntax with placeholder values

resp = client.list_users_in_group({
  user_pool_id: "UserPoolIdType", # required
  group_name: "GroupNameType", # required
  limit: 1,
  next_token: "PaginationKey",
})

@example Response structure

resp.users #=> Array
resp.users[0].username #=> String
resp.users[0].attributes #=> Array
resp.users[0].attributes[0].name #=> String
resp.users[0].attributes[0].value #=> String
resp.users[0].user_create_date #=> Time
resp.users[0].user_last_modified_date #=> Time
resp.users[0].enabled #=> Boolean
resp.users[0].user_status #=> String, one of "UNCONFIRMED", "CONFIRMED", "ARCHIVED", "COMPROMISED", "UNKNOWN", "RESET_REQUIRED", "FORCE_CHANGE_PASSWORD"
resp.users[0].mfa_options #=> Array
resp.users[0].mfa_options[0].delivery_medium #=> String, one of "SMS", "EMAIL"
resp.users[0].mfa_options[0].attribute_name #=> String
resp.next_token #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListUsersInGroup AWS API Documentation

@overload list_users_in_group(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5483
def list_users_in_group(params = {}, options = {})
  req = build_request(:list_users_in_group, params)
  req.send_request(options)
end
resend_confirmation_code(params = {}, options = {}) click to toggle source

Resends the confirmation (for confirmation of registration) to a specific user in the user pool.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :client_id

The ID of the client associated with the user pool.

@option params [String] :secret_hash

A keyed-hash message authentication code (HMAC) calculated using the
secret key of a user pool client and username plus the client ID in
the message.

@option params [Types::UserContextDataType] :user_context_data

Contextual data such as the user's device fingerprint, IP address, or
location used for evaluating the risk of an unexpected event by Amazon
Cognito advanced security.

@option params [required, String] :username

The user name of the user to whom you wish to resend a confirmation
code.

@option params [Types::AnalyticsMetadataType] :analytics_metadata

The Amazon Pinpoint analytics metadata for collecting metrics for
`ResendConfirmationCode` calls.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the ResendConfirmationCode API action, Amazon
Cognito invokes the function that is assigned to the *custom message*
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
`clientMetadata` attribute, which provides the data that you assigned
to the ClientMetadata parameter in your ResendConfirmationCode
request. In your function code in Lambda, you can process the
`clientMetadata` value to enhance your workflow for your specific
needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Types::ResendConfirmationCodeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::ResendConfirmationCodeResponse#code_delivery_details #code_delivery_details} => Types::CodeDeliveryDetailsType

@example Request syntax with placeholder values

resp = client.resend_confirmation_code({
  client_id: "ClientIdType", # required
  secret_hash: "SecretHashType",
  user_context_data: {
    encoded_data: "StringType",
  },
  username: "UsernameType", # required
  analytics_metadata: {
    analytics_endpoint_id: "StringType",
  },
  client_metadata: {
    "StringType" => "StringType",
  },
})

@example Response structure

resp.code_delivery_details.destination #=> String
resp.code_delivery_details.delivery_medium #=> String, one of "SMS", "EMAIL"
resp.code_delivery_details.attribute_name #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ResendConfirmationCode AWS API Documentation

@overload resend_confirmation_code(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5607
def resend_confirmation_code(params = {}, options = {})
  req = build_request(:resend_confirmation_code, params)
  req.send_request(options)
end
respond_to_auth_challenge(params = {}, options = {}) click to toggle source

Responds to the authentication challenge.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :client_id

The app client ID.

@option params [required, String] :challenge_name

The challenge name. For more information, see [InitiateAuth][1].

`ADMIN_NO_SRP_AUTH` is not a valid value.

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html

@option params [String] :session

The session which should be passed both ways in challenge-response
calls to the service. If `InitiateAuth` or `RespondToAuthChallenge`
API call determines that the caller needs to go through another
challenge, they return a session with other challenge parameters. This
session should be passed as it is to the next `RespondToAuthChallenge`
API call.

@option params [Hash<String,String>] :challenge_responses

The challenge responses. These are inputs corresponding to the value
of `ChallengeName`, for example:

<note markdown="1"> `SECRET_HASH` (if app client is configured with client secret) applies
to all inputs below (including `SOFTWARE_TOKEN_MFA`).

 </note>

* `SMS_MFA`\: `SMS_MFA_CODE`, `USERNAME`.

* `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
  `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`.

* `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, any other required
  attributes, `USERNAME`.

* `SOFTWARE_TOKEN_MFA`\: `USERNAME` and `SOFTWARE_TOKEN_MFA_CODE` are
  required attributes.

* `DEVICE_SRP_AUTH` requires `USERNAME`, `DEVICE_KEY`, `SRP_A` (and
  `SECRET_HASH`).

* `DEVICE_PASSWORD_VERIFIER` requires everything that
  `PASSWORD_VERIFIER` requires plus `DEVICE_KEY`.

* `MFA_SETUP` requires `USERNAME`, plus you need to use the session
  value returned by `VerifySoftwareToken` in the `Session` parameter.

@option params [Types::AnalyticsMetadataType] :analytics_metadata

The Amazon Pinpoint analytics metadata for collecting metrics for
`RespondToAuthChallenge` calls.

@option params [Types::UserContextDataType] :user_context_data

Contextual data such as the user's device fingerprint, IP address, or
location used for evaluating the risk of an unexpected event by Amazon
Cognito advanced security.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the RespondToAuthChallenge API action, Amazon
Cognito invokes any functions that are assigned to the following
triggers: *post authentication*, *pre token generation*, *define auth
challenge*, *create auth challenge*, and *verify auth challenge*. When
Amazon Cognito invokes any of these functions, it passes a JSON
payload, which the function receives as input. This payload contains a
`clientMetadata` attribute, which provides the data that you assigned
to the ClientMetadata parameter in your RespondToAuthChallenge
request. In your function code in Lambda, you can process the
`clientMetadata` value to enhance your workflow for your specific
needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Types::RespondToAuthChallengeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::RespondToAuthChallengeResponse#challenge_name #challenge_name} => String
* {Types::RespondToAuthChallengeResponse#session #session} => String
* {Types::RespondToAuthChallengeResponse#challenge_parameters #challenge_parameters} => Hash&lt;String,String&gt;
* {Types::RespondToAuthChallengeResponse#authentication_result #authentication_result} => Types::AuthenticationResultType

@example Request syntax with placeholder values

resp = client.respond_to_auth_challenge({
  client_id: "ClientIdType", # required
  challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
  session: "SessionType",
  challenge_responses: {
    "StringType" => "StringType",
  },
  analytics_metadata: {
    analytics_endpoint_id: "StringType",
  },
  user_context_data: {
    encoded_data: "StringType",
  },
  client_metadata: {
    "StringType" => "StringType",
  },
})

@example Response structure

resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
resp.session #=> String
resp.challenge_parameters #=> Hash
resp.challenge_parameters["StringType"] #=> String
resp.authentication_result.access_token #=> String
resp.authentication_result.expires_in #=> Integer
resp.authentication_result.token_type #=> String
resp.authentication_result.refresh_token #=> String
resp.authentication_result.id_token #=> String
resp.authentication_result.new_device_metadata.device_key #=> String
resp.authentication_result.new_device_metadata.device_group_key #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RespondToAuthChallenge AWS API Documentation

@overload respond_to_auth_challenge(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5783
def respond_to_auth_challenge(params = {}, options = {})
  req = build_request(:respond_to_auth_challenge, params)
  req.send_request(options)
end
revoke_token(params = {}, options = {}) click to toggle source

Revokes all of the access tokens generated by the specified refresh token. After the token is revoked, you can not use the revoked token to access Cognito authenticated APIs.

@option params [required, String] :token

The token that you want to revoke.

@option params [required, String] :client_id

The client ID for the token that you want to revoke.

@option params [String] :client_secret

The secret for the client ID. This is required only if the client ID
has a secret.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.revoke_token({
  token: "TokenModelType", # required
  client_id: "ClientIdType", # required
  client_secret: "ClientSecretType",
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeToken AWS API Documentation

@overload revoke_token(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5816
def revoke_token(params = {}, options = {})
  req = build_request(:revoke_token, params)
  req.send_request(options)
end
set_risk_configuration(params = {}, options = {}) click to toggle source

Configures actions on detected risks. To delete the risk configuration for `UserPoolId` or `ClientId`, pass null values for all four configuration types.

To enable Amazon Cognito advanced security features, update the user pool to include the `UserPoolAddOns` key`AdvancedSecurityMode`.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [String] :client_id

The app client ID. If `ClientId` is null, then the risk configuration
is mapped to `userPoolId`. When the client ID is null, the same risk
configuration is applied to all the clients in the userPool.

Otherwise, `ClientId` is mapped to the client. When the client ID is
not null, the user pool configuration is overridden and the risk
configuration for the client is used instead.

@option params [Types::CompromisedCredentialsRiskConfigurationType] :compromised_credentials_risk_configuration

The compromised credentials risk configuration.

@option params [Types::AccountTakeoverRiskConfigurationType] :account_takeover_risk_configuration

The account takeover risk configuration.

@option params [Types::RiskExceptionConfigurationType] :risk_exception_configuration

The configuration to override the risk decision.

@return [Types::SetRiskConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::SetRiskConfigurationResponse#risk_configuration #risk_configuration} => Types::RiskConfigurationType

@example Request syntax with placeholder values

resp = client.set_risk_configuration({
  user_pool_id: "UserPoolIdType", # required
  client_id: "ClientIdType",
  compromised_credentials_risk_configuration: {
    event_filter: ["SIGN_IN"], # accepts SIGN_IN, PASSWORD_CHANGE, SIGN_UP
    actions: { # required
      event_action: "BLOCK", # required, accepts BLOCK, NO_ACTION
    },
  },
  account_takeover_risk_configuration: {
    notify_configuration: {
      from: "StringType",
      reply_to: "StringType",
      source_arn: "ArnType", # required
      block_email: {
        subject: "EmailNotificationSubjectType", # required
        html_body: "EmailNotificationBodyType",
        text_body: "EmailNotificationBodyType",
      },
      no_action_email: {
        subject: "EmailNotificationSubjectType", # required
        html_body: "EmailNotificationBodyType",
        text_body: "EmailNotificationBodyType",
      },
      mfa_email: {
        subject: "EmailNotificationSubjectType", # required
        html_body: "EmailNotificationBodyType",
        text_body: "EmailNotificationBodyType",
      },
    },
    actions: { # required
      low_action: {
        notify: false, # required
        event_action: "BLOCK", # required, accepts BLOCK, MFA_IF_CONFIGURED, MFA_REQUIRED, NO_ACTION
      },
      medium_action: {
        notify: false, # required
        event_action: "BLOCK", # required, accepts BLOCK, MFA_IF_CONFIGURED, MFA_REQUIRED, NO_ACTION
      },
      high_action: {
        notify: false, # required
        event_action: "BLOCK", # required, accepts BLOCK, MFA_IF_CONFIGURED, MFA_REQUIRED, NO_ACTION
      },
    },
  },
  risk_exception_configuration: {
    blocked_ip_range_list: ["StringType"],
    skipped_ip_range_list: ["StringType"],
  },
})

@example Response structure

resp.risk_configuration.user_pool_id #=> String
resp.risk_configuration.client_id #=> String
resp.risk_configuration.compromised_credentials_risk_configuration.event_filter #=> Array
resp.risk_configuration.compromised_credentials_risk_configuration.event_filter[0] #=> String, one of "SIGN_IN", "PASSWORD_CHANGE", "SIGN_UP"
resp.risk_configuration.compromised_credentials_risk_configuration.actions.event_action #=> String, one of "BLOCK", "NO_ACTION"
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.from #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.reply_to #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.source_arn #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.block_email.subject #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.block_email.html_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.block_email.text_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.no_action_email.subject #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.no_action_email.html_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.no_action_email.text_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.mfa_email.subject #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.mfa_email.html_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.notify_configuration.mfa_email.text_body #=> String
resp.risk_configuration.account_takeover_risk_configuration.actions.low_action.notify #=> Boolean
resp.risk_configuration.account_takeover_risk_configuration.actions.low_action.event_action #=> String, one of "BLOCK", "MFA_IF_CONFIGURED", "MFA_REQUIRED", "NO_ACTION"
resp.risk_configuration.account_takeover_risk_configuration.actions.medium_action.notify #=> Boolean
resp.risk_configuration.account_takeover_risk_configuration.actions.medium_action.event_action #=> String, one of "BLOCK", "MFA_IF_CONFIGURED", "MFA_REQUIRED", "NO_ACTION"
resp.risk_configuration.account_takeover_risk_configuration.actions.high_action.notify #=> Boolean
resp.risk_configuration.account_takeover_risk_configuration.actions.high_action.event_action #=> String, one of "BLOCK", "MFA_IF_CONFIGURED", "MFA_REQUIRED", "NO_ACTION"
resp.risk_configuration.risk_exception_configuration.blocked_ip_range_list #=> Array
resp.risk_configuration.risk_exception_configuration.blocked_ip_range_list[0] #=> String
resp.risk_configuration.risk_exception_configuration.skipped_ip_range_list #=> Array
resp.risk_configuration.risk_exception_configuration.skipped_ip_range_list[0] #=> String
resp.risk_configuration.last_modified_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetRiskConfiguration AWS API Documentation

@overload set_risk_configuration(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 5941
def set_risk_configuration(params = {}, options = {})
  req = build_request(:set_risk_configuration, params)
  req.send_request(options)
end
set_ui_customization(params = {}, options = {}) click to toggle source

Sets the UI customization information for a user pool's built-in app UI.

You can specify app UI customization settings for a single client (with a specific `clientId`) or for all clients (by setting the `clientId` to `ALL`). If you specify `ALL`, the default configuration will be used for every client that has no UI customization set previously. If you specify UI customization settings for a particular client, it will no longer fall back to the `ALL` configuration.

<note markdown=“1”> To use this API, your user pool must have a domain associated with it. Otherwise, there is no place to host the app's pages, and the service will throw an error.

</note>

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [String] :client_id

The client ID for the client app.

@option params [String] :css

The CSS values in the UI customization.

@option params [String, StringIO, File] :image_file

The uploaded logo image for the UI customization.

@return [Types::SetUICustomizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::SetUICustomizationResponse#ui_customization #ui_customization} => Types::UICustomizationType

@example Request syntax with placeholder values

resp = client.set_ui_customization({
  user_pool_id: "UserPoolIdType", # required
  client_id: "ClientIdType",
  css: "CSSType",
  image_file: "data",
})

@example Response structure

resp.ui_customization.user_pool_id #=> String
resp.ui_customization.client_id #=> String
resp.ui_customization.image_url #=> String
resp.ui_customization.css #=> String
resp.ui_customization.css_version #=> String
resp.ui_customization.last_modified_date #=> Time
resp.ui_customization.creation_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUICustomization AWS API Documentation

@overload set_ui_customization(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6001
def set_ui_customization(params = {}, options = {})
  req = build_request(:set_ui_customization, params)
  req.send_request(options)
end
set_user_mfa_preference(params = {}, options = {}) click to toggle source

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are enabled and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are enabled. If multiple options are enabled and no preference is set, a challenge to choose an MFA option will be returned during sign in. If an MFA type is enabled for a user, the user will be prompted for MFA during all sign in attempts, unless device tracking is turned on and the device has been trusted. If you would like MFA to be applied selectively based on the assessed risk level of sign in attempts, disable MFA for users and turn on Adaptive Authentication for the user pool.

@option params [Types::SMSMfaSettingsType] :sms_mfa_settings

The SMS text message multi-factor authentication (MFA) settings.

@option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings

The time-based one-time password software token MFA settings.

@option params [required, String] :access_token

The access token for the user.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.set_user_mfa_preference({
  sms_mfa_settings: {
    enabled: false,
    preferred_mfa: false,
  },
  software_token_mfa_settings: {
    enabled: false,
    preferred_mfa: false,
  },
  access_token: "TokenModelType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserMFAPreference AWS API Documentation

@overload set_user_mfa_preference(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6047
def set_user_mfa_preference(params = {}, options = {})
  req = build_request(:set_user_mfa_preference, params)
  req.send_request(options)
end
set_user_pool_mfa_config(params = {}, options = {}) click to toggle source

Set the user pool multi-factor authentication (MFA) configuration.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :user_pool_id

The user pool ID.

@option params [Types::SmsMfaConfigType] :sms_mfa_configuration

The SMS text message MFA configuration.

@option params [Types::SoftwareTokenMfaConfigType] :software_token_mfa_configuration

The software token MFA configuration.

@option params [String] :mfa_configuration

The MFA configuration. Users who don't have an MFA factor set up
won't be able to sign-in if you set the MfaConfiguration value to
‘ON’. See [Adding Multi-Factor Authentication (MFA) to a User
Pool](cognito/latest/developerguide/user-pool-settings-mfa.html) to
learn more. Valid values include:

* `OFF` MFA will not be used for any users.

* `ON` MFA is required for all users to sign in.

* `OPTIONAL` MFA will be required only for individual users who have
  an MFA factor enabled.

@return [Types::SetUserPoolMfaConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::SetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
* {Types::SetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
* {Types::SetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String

@example Request syntax with placeholder values

resp = client.set_user_pool_mfa_config({
  user_pool_id: "UserPoolIdType", # required
  sms_mfa_configuration: {
    sms_authentication_message: "SmsVerificationMessageType",
    sms_configuration: {
      sns_caller_arn: "ArnType", # required
      external_id: "StringType",
    },
  },
  software_token_mfa_configuration: {
    enabled: false,
  },
  mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
})

@example Response structure

resp.sms_mfa_configuration.sms_authentication_message #=> String
resp.sms_mfa_configuration.sms_configuration.sns_caller_arn #=> String
resp.sms_mfa_configuration.sms_configuration.external_id #=> String
resp.software_token_mfa_configuration.enabled #=> Boolean
resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserPoolMfaConfig AWS API Documentation

@overload set_user_pool_mfa_config(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6138
def set_user_pool_mfa_config(params = {}, options = {})
  req = build_request(:set_user_pool_mfa_config, params)
  req.send_request(options)
end
set_user_settings(params = {}, options = {}) click to toggle source

*This action is no longer supported.* You can use it to configure only SMS MFA. You can't use it to configure TOTP software token MFA. To configure either type of MFA, use [SetUserMFAPreference] instead.

[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html

@option params [required, String] :access_token

The access token for the set user settings request.

@option params [required, Array<Types::MFAOptionType>] :mfa_options

You can use this parameter only to set an SMS configuration that uses
SMS for delivery.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.set_user_settings({
  access_token: "TokenModelType", # required
  mfa_options: [ # required
    {
      delivery_medium: "SMS", # accepts SMS, EMAIL
      attribute_name: "AttributeNameType",
    },
  ],
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserSettings AWS API Documentation

@overload set_user_settings(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6176
def set_user_settings(params = {}, options = {})
  req = build_request(:set_user_settings, params)
  req.send_request(options)
end
sign_up(params = {}, options = {}) click to toggle source

Registers the user in the specified user pool and creates a user name, password, and user attributes.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :client_id

The ID of the client associated with the user pool.

@option params [String] :secret_hash

A keyed-hash message authentication code (HMAC) calculated using the
secret key of a user pool client and username plus the client ID in
the message.

@option params [required, String] :username

The user name of the user you wish to register.

@option params [required, String] :password

The password of the user you wish to register.

@option params [Array<Types::AttributeType>] :user_attributes

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the `custom:` prefix to the
attribute name.

@option params [Array<Types::AttributeType>] :validation_data

The validation data in the request to register a user.

@option params [Types::AnalyticsMetadataType] :analytics_metadata

The Amazon Pinpoint analytics metadata for collecting metrics for
`SignUp` calls.

@option params [Types::UserContextDataType] :user_context_data

Contextual data such as the user's device fingerprint, IP address, or
location used for evaluating the risk of an unexpected event by Amazon
Cognito advanced security.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the SignUp API action, Amazon Cognito invokes
any functions that are assigned to the following triggers: *pre
sign-up*, *custom message*, and *post confirmation*. When Amazon
Cognito invokes any of these functions, it passes a JSON payload,
which the function receives as input. This payload contains a
`clientMetadata` attribute, which provides the data that you assigned
to the ClientMetadata parameter in your SignUp request. In your
function code in Lambda, you can process the `clientMetadata` value to
enhance your workflow for your specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Types::SignUpResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::SignUpResponse#user_confirmed #user_confirmed} => Boolean
* {Types::SignUpResponse#code_delivery_details #code_delivery_details} => Types::CodeDeliveryDetailsType
* {Types::SignUpResponse#user_sub #user_sub} => String

@example Request syntax with placeholder values

resp = client.sign_up({
  client_id: "ClientIdType", # required
  secret_hash: "SecretHashType",
  username: "UsernameType", # required
  password: "PasswordType", # required
  user_attributes: [
    {
      name: "AttributeNameType", # required
      value: "AttributeValueType",
    },
  ],
  validation_data: [
    {
      name: "AttributeNameType", # required
      value: "AttributeValueType",
    },
  ],
  analytics_metadata: {
    analytics_endpoint_id: "StringType",
  },
  user_context_data: {
    encoded_data: "StringType",
  },
  client_metadata: {
    "StringType" => "StringType",
  },
})

@example Response structure

resp.user_confirmed #=> Boolean
resp.code_delivery_details.destination #=> String
resp.code_delivery_details.delivery_medium #=> String, one of "SMS", "EMAIL"
resp.code_delivery_details.attribute_name #=> String
resp.user_sub #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SignUp AWS API Documentation

@overload sign_up(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6328
def sign_up(params = {}, options = {})
  req = build_request(:sign_up, params)
  req.send_request(options)
end
start_user_import_job(params = {}, options = {}) click to toggle source

Starts the user import.

@option params [required, String] :user_pool_id

The user pool ID for the user pool that the users are being imported
into.

@option params [required, String] :job_id

The job ID for the user import job.

@return [Types::StartUserImportJobResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::StartUserImportJobResponse#user_import_job #user_import_job} => Types::UserImportJobType

@example Request syntax with placeholder values

resp = client.start_user_import_job({
  user_pool_id: "UserPoolIdType", # required
  job_id: "UserImportJobIdType", # required
})

@example Response structure

resp.user_import_job.job_name #=> String
resp.user_import_job.job_id #=> String
resp.user_import_job.user_pool_id #=> String
resp.user_import_job.pre_signed_url #=> String
resp.user_import_job.creation_date #=> Time
resp.user_import_job.start_date #=> Time
resp.user_import_job.completion_date #=> Time
resp.user_import_job.status #=> String, one of "Created", "Pending", "InProgress", "Stopping", "Expired", "Stopped", "Failed", "Succeeded"
resp.user_import_job.cloud_watch_logs_role_arn #=> String
resp.user_import_job.imported_users #=> Integer
resp.user_import_job.skipped_users #=> Integer
resp.user_import_job.failed_users #=> Integer
resp.user_import_job.completion_message #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/StartUserImportJob AWS API Documentation

@overload start_user_import_job(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6373
def start_user_import_job(params = {}, options = {})
  req = build_request(:start_user_import_job, params)
  req.send_request(options)
end
stop_user_import_job(params = {}, options = {}) click to toggle source

Stops the user import job.

@option params [required, String] :user_pool_id

The user pool ID for the user pool that the users are being imported
into.

@option params [required, String] :job_id

The job ID for the user import job.

@return [Types::StopUserImportJobResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::StopUserImportJobResponse#user_import_job #user_import_job} => Types::UserImportJobType

@example Request syntax with placeholder values

resp = client.stop_user_import_job({
  user_pool_id: "UserPoolIdType", # required
  job_id: "UserImportJobIdType", # required
})

@example Response structure

resp.user_import_job.job_name #=> String
resp.user_import_job.job_id #=> String
resp.user_import_job.user_pool_id #=> String
resp.user_import_job.pre_signed_url #=> String
resp.user_import_job.creation_date #=> Time
resp.user_import_job.start_date #=> Time
resp.user_import_job.completion_date #=> Time
resp.user_import_job.status #=> String, one of "Created", "Pending", "InProgress", "Stopping", "Expired", "Stopped", "Failed", "Succeeded"
resp.user_import_job.cloud_watch_logs_role_arn #=> String
resp.user_import_job.imported_users #=> Integer
resp.user_import_job.skipped_users #=> Integer
resp.user_import_job.failed_users #=> Integer
resp.user_import_job.completion_message #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/StopUserImportJob AWS API Documentation

@overload stop_user_import_job(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6418
def stop_user_import_job(params = {}, options = {})
  req = build_request(:stop_user_import_job, params)
  req.send_request(options)
end
tag_resource(params = {}, options = {}) click to toggle source

Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.

Each tag consists of a key and value, both of which you define. A key is a general category for more specific values. For example, if you have two versions of a user pool, one for testing and another for production, you might assign an `Environment` tag key to both user pools. The value of this key might be `Test` for one user pool and `Production` for the other.

Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an IAM policy, you can constrain permissions for user pools based on specific tags or tag values.

You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.

@option params [required, String] :resource_arn

The Amazon Resource Name (ARN) of the user pool to assign the tags to.

@option params [required, Hash<String,String>] :tags

The tags to assign to the user pool.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.tag_resource({
  resource_arn: "ArnType", # required
  tags: { # required
    "TagKeysType" => "TagValueType",
  },
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TagResource AWS API Documentation

@overload tag_resource(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6464
def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end
untag_resource(params = {}, options = {}) click to toggle source

Removes the specified tags from an Amazon Cognito user pool. You can use this action up to 5 times per second, per account

@option params [required, String] :resource_arn

The Amazon Resource Name (ARN) of the user pool that the tags are
assigned to.

@option params [required, Array<String>] :tag_keys

The keys of the tags to remove from the user pool.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.untag_resource({
  resource_arn: "ArnType", # required
  tag_keys: ["TagKeysType"], # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UntagResource AWS API Documentation

@overload untag_resource(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6492
def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end
update_auth_event_feedback(params = {}, options = {}) click to toggle source

Provides the feedback for an authentication event whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :username

The user pool username.

@option params [required, String] :event_id

The event ID.

@option params [required, String] :feedback_token

The feedback token.

@option params [required, String] :feedback_value

The authentication event feedback value.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.update_auth_event_feedback({
  user_pool_id: "UserPoolIdType", # required
  username: "UsernameType", # required
  event_id: "EventIdType", # required
  feedback_token: "TokenModelType", # required
  feedback_value: "Valid", # required, accepts Valid, Invalid
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateAuthEventFeedback AWS API Documentation

@overload update_auth_event_feedback(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6533
def update_auth_event_feedback(params = {}, options = {})
  req = build_request(:update_auth_event_feedback, params)
  req.send_request(options)
end
update_device_status(params = {}, options = {}) click to toggle source

Updates the device status.

@option params [required, String] :access_token

The access token.

@option params [required, String] :device_key

The device key.

@option params [String] :device_remembered_status

The status of whether a device is remembered.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.update_device_status({
  access_token: "TokenModelType", # required
  device_key: "DeviceKeyType", # required
  device_remembered_status: "remembered", # accepts remembered, not_remembered
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateDeviceStatus AWS API Documentation

@overload update_device_status(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6563
def update_device_status(params = {}, options = {})
  req = build_request(:update_device_status, params)
  req.send_request(options)
end
update_group(params = {}, options = {}) click to toggle source

Updates the specified group with the specified attributes.

Calling this action requires developer credentials.

@option params [required, String] :group_name

The name of the group.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [String] :description

A string containing the new description of the group.

@option params [String] :role_arn

The new role ARN for the group. This is used for setting the
`cognito:roles` and `cognito:preferred_role` claims in the token.

@option params [Integer] :precedence

The new precedence value for the group. For more information about
this parameter, see [CreateGroup][1].

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html

@return [Types::UpdateGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::UpdateGroupResponse#group #group} => Types::GroupType

@example Request syntax with placeholder values

resp = client.update_group({
  group_name: "GroupNameType", # required
  user_pool_id: "UserPoolIdType", # required
  description: "DescriptionType",
  role_arn: "ArnType",
  precedence: 1,
})

@example Response structure

resp.group.group_name #=> String
resp.group.user_pool_id #=> String
resp.group.description #=> String
resp.group.role_arn #=> String
resp.group.precedence #=> Integer
resp.group.last_modified_date #=> Time
resp.group.creation_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateGroup AWS API Documentation

@overload update_group(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6621
def update_group(params = {}, options = {})
  req = build_request(:update_group, params)
  req.send_request(options)
end
update_identity_provider(params = {}, options = {}) click to toggle source

Updates identity provider information for a user pool.

@option params [required, String] :user_pool_id

The user pool ID.

@option params [required, String] :provider_name

The identity provider name.

@option params [Hash<String,String>] :provider_details

The identity provider details to be updated, such as `MetadataURL` and
`MetadataFile`.

@option params [Hash<String,String>] :attribute_mapping

The identity provider attribute mapping to be changed.

@option params [Array<String>] :idp_identifiers

A list of identity provider identifiers.

@return [Types::UpdateIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::UpdateIdentityProviderResponse#identity_provider #identity_provider} => Types::IdentityProviderType

@example Request syntax with placeholder values

resp = client.update_identity_provider({
  user_pool_id: "UserPoolIdType", # required
  provider_name: "ProviderNameType", # required
  provider_details: {
    "StringType" => "StringType",
  },
  attribute_mapping: {
    "AttributeMappingKeyType" => "StringType",
  },
  idp_identifiers: ["IdpIdentifierType"],
})

@example Response structure

resp.identity_provider.user_pool_id #=> String
resp.identity_provider.provider_name #=> String
resp.identity_provider.provider_type #=> String, one of "SAML", "Facebook", "Google", "LoginWithAmazon", "SignInWithApple", "OIDC"
resp.identity_provider.provider_details #=> Hash
resp.identity_provider.provider_details["StringType"] #=> String
resp.identity_provider.attribute_mapping #=> Hash
resp.identity_provider.attribute_mapping["AttributeMappingKeyType"] #=> String
resp.identity_provider.idp_identifiers #=> Array
resp.identity_provider.idp_identifiers[0] #=> String
resp.identity_provider.last_modified_date #=> Time
resp.identity_provider.creation_date #=> Time

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateIdentityProvider AWS API Documentation

@overload update_identity_provider(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6680
def update_identity_provider(params = {}, options = {})
  req = build_request(:update_identity_provider, params)
  req.send_request(options)
end
update_resource_server(params = {}, options = {}) click to toggle source

Updates the name and scopes of resource server. All other fields are read-only.

If you don't provide a value for an attribute, it will be set to the default value.

@option params [required, String] :user_pool_id

The user pool ID for the user pool.

@option params [required, String] :identifier

The identifier for the resource server.

@option params [required, String] :name

The name of the resource server.

@option params [Array<Types::ResourceServerScopeType>] :scopes

The scope values to be set for the resource server.

@return [Types::UpdateResourceServerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::UpdateResourceServerResponse#resource_server #resource_server} => Types::ResourceServerType

@example Request syntax with placeholder values

resp = client.update_resource_server({
  user_pool_id: "UserPoolIdType", # required
  identifier: "ResourceServerIdentifierType", # required
  name: "ResourceServerNameType", # required
  scopes: [
    {
      scope_name: "ResourceServerScopeNameType", # required
      scope_description: "ResourceServerScopeDescriptionType", # required
    },
  ],
})

@example Response structure

resp.resource_server.user_pool_id #=> String
resp.resource_server.identifier #=> String
resp.resource_server.name #=> String
resp.resource_server.scopes #=> Array
resp.resource_server.scopes[0].scope_name #=> String
resp.resource_server.scopes[0].scope_description #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateResourceServer AWS API Documentation

@overload update_resource_server(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6734
def update_resource_server(params = {}, options = {})
  req = build_request(:update_resource_server, params)
  req.send_request(options)
end
update_user_attributes(params = {}, options = {}) click to toggle source

Allows a user to update a specific attribute (one at a time).

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, Array<Types::AttributeType>] :user_attributes

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the `custom:` prefix to the
attribute name.

@option params [required, String] :access_token

The access token for the request to update user attributes.

@option params [Hash<String,String>] :client_metadata

A map of custom key-value pairs that you can provide as input for any
custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the UpdateUserAttributes API action, Amazon
Cognito invokes the function that is assigned to the *custom message*
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
`clientMetadata` attribute, which provides the data that you assigned
to the ClientMetadata parameter in your UpdateUserAttributes request.
In your function code in Lambda, you can process the `clientMetadata`
value to enhance your workflow for your specific needs.

For more information, see [Customizing User Pool Workflows with Lambda
Triggers][1] in the *Amazon Cognito Developer Guide*.

<note markdown="1"> Take the following limitations into consideration when you use the
ClientMetadata parameter:

 * Amazon Cognito does not store the ClientMetadata value. This data is
  available only to Lambda triggers that are assigned to a user pool
  to support custom workflows. If your user pool configuration does
  not include triggers, the ClientMetadata parameter serves no
  purpose.

* Amazon Cognito does not validate the ClientMetadata value.

* Amazon Cognito does not encrypt the the ClientMetadata value, so
  don't use it to provide sensitive information.

 </note>

[1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

@return [Types::UpdateUserAttributesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::UpdateUserAttributesResponse#code_delivery_details_list #code_delivery_details_list} => Array&lt;Types::CodeDeliveryDetailsType&gt;

@example Request syntax with placeholder values

resp = client.update_user_attributes({
  user_attributes: [ # required
    {
      name: "AttributeNameType", # required
      value: "AttributeValueType",
    },
  ],
  access_token: "TokenModelType", # required
  client_metadata: {
    "StringType" => "StringType",
  },
})

@example Response structure

resp.code_delivery_details_list #=> Array
resp.code_delivery_details_list[0].destination #=> String
resp.code_delivery_details_list[0].delivery_medium #=> String, one of "SMS", "EMAIL"
resp.code_delivery_details_list[0].attribute_name #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserAttributes AWS API Documentation

@overload update_user_attributes(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 6843
def update_user_attributes(params = {}, options = {})
  req = build_request(:update_user_attributes, params)
  req.send_request(options)
end
update_user_pool(params = {}, options = {}) click to toggle source

Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using [DescribeUserPool]. If you don't provide a value for an attribute, it will be set to the default value.

<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any

other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see [ SMS message settings for Cognito User Pools] in the *Amazon Cognito Developer Guide*.

</note>

[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html [2]: console.aws.amazon.com/pinpoint/home/ [3]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html

@option params [required, String] :user_pool_id

The user pool ID for the user pool you want to update.

@option params [Types::UserPoolPolicyType] :policies

A container with the policies you wish to update in a user pool.

@option params [Types::LambdaConfigType] :lambda_config

The Lambda configuration information from the request to update the
user pool.

@option params [Array<String>] :auto_verified_attributes

The attributes that are automatically verified when the Amazon Cognito
service makes a request to update user pools.

@option params [String] :sms_verification_message

A container with information about the SMS verification message.

@option params [String] :email_verification_message

The contents of the email verification message.

@option params [String] :email_verification_subject

The subject of the email verification message.

@option params [Types::VerificationMessageTemplateType] :verification_message_template

The template for verification messages.

@option params [String] :sms_authentication_message

The contents of the SMS authentication message.

@option params [String] :mfa_configuration

Can be one of the following values:

* `OFF` - MFA tokens are not required and cannot be specified during
  user registration.

* `ON` - MFA tokens are required for all user registrations. You can
  only specify ON when you are initially creating a user pool. You can
  use the [SetUserPoolMfaConfig][1] API operation to turn MFA "ON"
  for existing user pools.

* `OPTIONAL` - Users have the option when registering to create an MFA
  token.

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html

@option params [Types::DeviceConfigurationType] :device_configuration

Device configuration.

@option params [Types::EmailConfigurationType] :email_configuration

Email configuration.

@option params [Types::SmsConfigurationType] :sms_configuration

SMS configuration.

@option params [Hash<String,String>] :user_pool_tags

The tag keys and values to assign to the user pool. A tag is a label
that you can use to categorize and manage user pools in different
ways, such as by purpose, owner, environment, or other criteria.

@option params [Types::AdminCreateUserConfigType] :admin_create_user_config

The configuration for `AdminCreateUser` requests.

@option params [Types::UserPoolAddOnsType] :user_pool_add_ons

Used to enable advanced security risk detection. Set the key
`AdvancedSecurityMode` to the value "AUDIT".

@option params [Types::AccountRecoverySettingType] :account_recovery_setting

Use this setting to define which verified available method a user can
use to recover their password when they call `ForgotPassword`. It
allows you to define a preferred method when a user has more than one
method available. With this setting, SMS does not qualify for a valid
password recovery mechanism if the user also has SMS MFA enabled. In
the absence of this setting, Cognito uses the legacy behavior to
determine the recovery method where SMS is preferred over email.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.update_user_pool({
  user_pool_id: "UserPoolIdType", # required
  policies: {
    password_policy: {
      minimum_length: 1,
      require_uppercase: false,
      require_lowercase: false,
      require_numbers: false,
      require_symbols: false,
      temporary_password_validity_days: 1,
    },
  },
  lambda_config: {
    pre_sign_up: "ArnType",
    custom_message: "ArnType",
    post_confirmation: "ArnType",
    pre_authentication: "ArnType",
    post_authentication: "ArnType",
    define_auth_challenge: "ArnType",
    create_auth_challenge: "ArnType",
    verify_auth_challenge_response: "ArnType",
    pre_token_generation: "ArnType",
    user_migration: "ArnType",
    custom_sms_sender: {
      lambda_version: "V1_0", # required, accepts V1_0
      lambda_arn: "ArnType", # required
    },
    custom_email_sender: {
      lambda_version: "V1_0", # required, accepts V1_0
      lambda_arn: "ArnType", # required
    },
    kms_key_id: "ArnType",
  },
  auto_verified_attributes: ["phone_number"], # accepts phone_number, email
  sms_verification_message: "SmsVerificationMessageType",
  email_verification_message: "EmailVerificationMessageType",
  email_verification_subject: "EmailVerificationSubjectType",
  verification_message_template: {
    sms_message: "SmsVerificationMessageType",
    email_message: "EmailVerificationMessageType",
    email_subject: "EmailVerificationSubjectType",
    email_message_by_link: "EmailVerificationMessageByLinkType",
    email_subject_by_link: "EmailVerificationSubjectByLinkType",
    default_email_option: "CONFIRM_WITH_LINK", # accepts CONFIRM_WITH_LINK, CONFIRM_WITH_CODE
  },
  sms_authentication_message: "SmsVerificationMessageType",
  mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
  device_configuration: {
    challenge_required_on_new_device: false,
    device_only_remembered_on_user_prompt: false,
  },
  email_configuration: {
    source_arn: "ArnType",
    reply_to_email_address: "EmailAddressType",
    email_sending_account: "COGNITO_DEFAULT", # accepts COGNITO_DEFAULT, DEVELOPER
    from: "StringType",
    configuration_set: "SESConfigurationSet",
  },
  sms_configuration: {
    sns_caller_arn: "ArnType", # required
    external_id: "StringType",
  },
  user_pool_tags: {
    "TagKeysType" => "TagValueType",
  },
  admin_create_user_config: {
    allow_admin_create_user_only: false,
    unused_account_validity_days: 1,
    invite_message_template: {
      sms_message: "SmsVerificationMessageType",
      email_message: "EmailVerificationMessageType",
      email_subject: "EmailVerificationSubjectType",
    },
  },
  user_pool_add_ons: {
    advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
  },
  account_recovery_setting: {
    recovery_mechanisms: [
      {
        priority: 1, # required
        name: "verified_email", # required, accepts verified_email, verified_phone_number, admin_only
      },
    ],
  },
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPool AWS API Documentation

@overload update_user_pool(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 7052
def update_user_pool(params = {}, options = {})
  req = build_request(:update_user_pool, params)
  req.send_request(options)
end
update_user_pool_client(params = {}, options = {}) click to toggle source

Updates the specified user pool app client with the specified attributes. You can get a list of the current user pool app client settings using [DescribeUserPoolClient].

If you don't provide a value for an attribute, it will be set to the default value.

You can also use this operation to enable token revocation for user pool clients. For more information about revoking tokens, see [RevokeToken].

[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html [2]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html

@option params [required, String] :user_pool_id

The user pool ID for the user pool where you want to update the user
pool client.

@option params [required, String] :client_id

The ID of the client associated with the user pool.

@option params [String] :client_name

The client name from the update user pool client request.

@option params [Integer] :refresh_token_validity

The time limit, in days, after which the refresh token is no longer
valid and cannot be used.

@option params [Integer] :access_token_validity

The time limit, after which the access token is no longer valid and
cannot be used.

@option params [Integer] :id_token_validity

The time limit, after which the ID token is no longer valid and cannot
be used.

@option params [Types::TokenValidityUnitsType] :token_validity_units

The units in which the validity times are represented in. Default for
RefreshToken is days, and default for ID and access tokens are hours.

@option params [Array<String>] :read_attributes

The read-only attributes of the user pool.

@option params [Array<String>] :write_attributes

The writeable attributes of the user pool.

@option params [Array<String>] :explicit_auth_flows

The authentication flows that are supported by the user pool clients.
Flow names without the `ALLOW_` prefix are deprecated in favor of new
names with the `ALLOW_` prefix. Note that values with `ALLOW_` prefix
cannot be used along with values without `ALLOW_` prefix.

Valid values include:

* `ALLOW_ADMIN_USER_PASSWORD_AUTH`\: Enable admin based user password
  authentication flow `ADMIN_USER_PASSWORD_AUTH`. This setting
  replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication
  flow, Cognito receives the password in the request instead of using
  the SRP (Secure Remote Password protocol) protocol to verify
  passwords.

* `ALLOW_CUSTOM_AUTH`\: Enable Lambda trigger based authentication.

* `ALLOW_USER_PASSWORD_AUTH`\: Enable user password-based
  authentication. In this flow, Cognito receives the password in the
  request instead of using the SRP protocol to verify passwords.

* `ALLOW_USER_SRP_AUTH`\: Enable SRP based authentication.

* `ALLOW_REFRESH_TOKEN_AUTH`\: Enable authflow to refresh tokens.

@option params [Array<String>] :supported_identity_providers

A list of provider names for the identity providers that are supported
on this client.

@option params [Array<String>] :callback_urls

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:

* Be an absolute URI.

* Be registered with the authorization server.

* Not include a fragment component.

See [OAuth 2.0 - Redirection Endpoint][1].

Amazon Cognito requires HTTPS over HTTP except for http://localhost
for testing purposes only.

App callback URLs such as myapp://example are also supported.

[1]: https://tools.ietf.org/html/rfc6749#section-3.1.2

@option params [Array<String>] :logout_urls

A list of allowed logout URLs for the identity providers.

@option params [String] :default_redirect_uri

The default redirect URI. Must be in the `CallbackURLs` list.

A redirect URI must:

* Be an absolute URI.

* Be registered with the authorization server.

* Not include a fragment component.

See [OAuth 2.0 - Redirection Endpoint][1].

Amazon Cognito requires HTTPS over HTTP except for http://localhost
for testing purposes only.

App callback URLs such as myapp://example are also supported.

[1]: https://tools.ietf.org/html/rfc6749#section-3.1.2

@option params [Array<String>] :allowed_o_auth_flows

The allowed OAuth flows.

Set to `code` to initiate a code grant flow, which provides an
authorization code as the response. This code can be exchanged for
access tokens with the token endpoint.

Set to `implicit` to specify that the client should get the access
token (and, optionally, ID token, based on scopes) directly.

Set to `client_credentials` to specify that the client should get the
access token (and, optionally, ID token, based on scopes) from the
token endpoint using a combination of client and client\_secret.

@option params [Array<String>] :allowed_o_auth_scopes

The allowed OAuth scopes. Possible values provided by OAuth are:
`phone`, `email`, `openid`, and `profile`. Possible values provided by
Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
scopes created in Resource Servers are also supported.

@option params [Boolean] :allowed_o_auth_flows_user_pool_client

Set to true if the client is allowed to follow the OAuth protocol when
interacting with Cognito user pools.

@option params [Types::AnalyticsConfigurationType] :analytics_configuration

The Amazon Pinpoint analytics configuration for collecting metrics for
this user pool.

<note markdown="1"> In regions where Pinpoint is not available, Cognito User Pools only
supports sending events to Amazon Pinpoint projects in us-east-1. In
regions where Pinpoint is available, Cognito User Pools will support
sending events to Amazon Pinpoint projects within that same region.

 </note>

@option params [String] :prevent_user_existence_errors

Use this setting to choose which errors and responses are returned by
Cognito APIs during authentication, account confirmation, and password
recovery when the user does not exist in the user pool. When set to
`ENABLED` and the user does not exist, authentication returns an error
indicating either the username or password was incorrect, and account
confirmation and password recovery return a response indicating a code
was sent to a simulated destination. When set to `LEGACY`, those APIs
will return a `UserNotFoundException` exception if the user does not
exist in the user pool.

Valid values include:

* `ENABLED` - This prevents user existence-related errors.

* `LEGACY` - This represents the old behavior of Cognito where user
  existence related errors are not prevented.

<note markdown="1"> After February 15th 2020, the value of `PreventUserExistenceErrors`
will default to `ENABLED` for newly created user pool clients if no
value is provided.

 </note>

@option params [Boolean] :enable_token_revocation

Enables or disables token revocation. For more information about
revoking tokens, see [RevokeToken][1].

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html

@return [Types::UpdateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::UpdateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType

@example Request syntax with placeholder values

resp = client.update_user_pool_client({
  user_pool_id: "UserPoolIdType", # required
  client_id: "ClientIdType", # required
  client_name: "ClientNameType",
  refresh_token_validity: 1,
  access_token_validity: 1,
  id_token_validity: 1,
  token_validity_units: {
    access_token: "seconds", # accepts seconds, minutes, hours, days
    id_token: "seconds", # accepts seconds, minutes, hours, days
    refresh_token: "seconds", # accepts seconds, minutes, hours, days
  },
  read_attributes: ["ClientPermissionType"],
  write_attributes: ["ClientPermissionType"],
  explicit_auth_flows: ["ADMIN_NO_SRP_AUTH"], # accepts ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH
  supported_identity_providers: ["ProviderNameType"],
  callback_urls: ["RedirectUrlType"],
  logout_urls: ["RedirectUrlType"],
  default_redirect_uri: "RedirectUrlType",
  allowed_o_auth_flows: ["code"], # accepts code, implicit, client_credentials
  allowed_o_auth_scopes: ["ScopeType"],
  allowed_o_auth_flows_user_pool_client: false,
  analytics_configuration: {
    application_id: "HexStringType",
    application_arn: "ArnType",
    role_arn: "ArnType",
    external_id: "StringType",
    user_data_shared: false,
  },
  prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
  enable_token_revocation: false,
})

@example Response structure

resp.user_pool_client.user_pool_id #=> String
resp.user_pool_client.client_name #=> String
resp.user_pool_client.client_id #=> String
resp.user_pool_client.client_secret #=> String
resp.user_pool_client.last_modified_date #=> Time
resp.user_pool_client.creation_date #=> Time
resp.user_pool_client.refresh_token_validity #=> Integer
resp.user_pool_client.access_token_validity #=> Integer
resp.user_pool_client.id_token_validity #=> Integer
resp.user_pool_client.token_validity_units.access_token #=> String, one of "seconds", "minutes", "hours", "days"
resp.user_pool_client.token_validity_units.id_token #=> String, one of "seconds", "minutes", "hours", "days"
resp.user_pool_client.token_validity_units.refresh_token #=> String, one of "seconds", "minutes", "hours", "days"
resp.user_pool_client.read_attributes #=> Array
resp.user_pool_client.read_attributes[0] #=> String
resp.user_pool_client.write_attributes #=> Array
resp.user_pool_client.write_attributes[0] #=> String
resp.user_pool_client.explicit_auth_flows #=> Array
resp.user_pool_client.explicit_auth_flows[0] #=> String, one of "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"
resp.user_pool_client.supported_identity_providers #=> Array
resp.user_pool_client.supported_identity_providers[0] #=> String
resp.user_pool_client.callback_urls #=> Array
resp.user_pool_client.callback_urls[0] #=> String
resp.user_pool_client.logout_urls #=> Array
resp.user_pool_client.logout_urls[0] #=> String
resp.user_pool_client.default_redirect_uri #=> String
resp.user_pool_client.allowed_o_auth_flows #=> Array
resp.user_pool_client.allowed_o_auth_flows[0] #=> String, one of "code", "implicit", "client_credentials"
resp.user_pool_client.allowed_o_auth_scopes #=> Array
resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
resp.user_pool_client.analytics_configuration.application_id #=> String
resp.user_pool_client.analytics_configuration.application_arn #=> String
resp.user_pool_client.analytics_configuration.role_arn #=> String
resp.user_pool_client.analytics_configuration.external_id #=> String
resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
resp.user_pool_client.enable_token_revocation #=> Boolean

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClient AWS API Documentation

@overload update_user_pool_client(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 7331
def update_user_pool_client(params = {}, options = {})
  req = build_request(:update_user_pool_client, params)
  req.send_request(options)
end
update_user_pool_domain(params = {}, options = {}) click to toggle source

Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.

You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You cannot use it to change the domain for a user pool.

A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.

Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.

However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.

When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Region.

After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.

For more information about adding a custom domain to your user pool, see [Using Your Own Domain for the Hosted UI].

[1]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html

@option params [required, String] :domain

The domain name for the custom domain that hosts the sign-up and
sign-in pages for your application. For example: `auth.example.com`.

This string can include only lowercase letters, numbers, and hyphens.
Do not use a hyphen for the first or last character. Use periods to
separate subdomain names.

@option params [required, String] :user_pool_id

The ID of the user pool that is associated with the custom domain that
you are updating the certificate for.

@option params [required, Types::CustomDomainConfigType] :custom_domain_config

The configuration for a custom domain that hosts the sign-up and
sign-in pages for your application. Use this object to specify an SSL
certificate that is managed by ACM.

@return [Types::UpdateUserPoolDomainResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::UpdateUserPoolDomainResponse#cloud_front_domain #cloud_front_domain} => String

@example Request syntax with placeholder values

resp = client.update_user_pool_domain({
  domain: "DomainType", # required
  user_pool_id: "UserPoolIdType", # required
  custom_domain_config: { # required
    certificate_arn: "ArnType", # required
  },
})

@example Response structure

resp.cloud_front_domain #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolDomain AWS API Documentation

@overload update_user_pool_domain(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 7410
def update_user_pool_domain(params = {}, options = {})
  req = build_request(:update_user_pool_domain, params)
  req.send_request(options)
end
verify_software_token(params = {}, options = {}) click to toggle source

Use this API to register a user's entered TOTP code and mark the user's software token MFA status as “verified” if successful. The request takes an access token or a session string, but not both.

@option params [String] :access_token

The access token.

@option params [String] :session

The session which should be passed both ways in challenge-response
calls to the service.

@option params [required, String] :user_code

The one time password computed using the secret code returned by
[AssociateSoftwareToken"][1].

[1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html

@option params [String] :friendly_device_name

The friendly device name.

@return [Types::VerifySoftwareTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:

* {Types::VerifySoftwareTokenResponse#status #status} => String
* {Types::VerifySoftwareTokenResponse#session #session} => String

@example Request syntax with placeholder values

resp = client.verify_software_token({
  access_token: "TokenModelType",
  session: "SessionType",
  user_code: "SoftwareTokenMFAUserCodeType", # required
  friendly_device_name: "StringType",
})

@example Response structure

resp.status #=> String, one of "SUCCESS", "ERROR"
resp.session #=> String

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/VerifySoftwareToken AWS API Documentation

@overload verify_software_token(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 7460
def verify_software_token(params = {}, options = {})
  req = build_request(:verify_software_token, params)
  req.send_request(options)
end
verify_user_attribute(params = {}, options = {}) click to toggle source

Verifies the specified user attributes in the user pool.

@option params [required, String] :access_token

Represents the access token of the request to verify user attributes.

@option params [required, String] :attribute_name

The attribute name in the request to verify user attributes.

@option params [required, String] :code

The verification code in the request to verify user attributes.

@return [Struct] Returns an empty {Seahorse::Client::Response response}.

@example Request syntax with placeholder values

resp = client.verify_user_attribute({
  access_token: "TokenModelType", # required
  attribute_name: "AttributeNameType", # required
  code: "ConfirmationCodeType", # required
})

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/VerifyUserAttribute AWS API Documentation

@overload verify_user_attribute(params = {}) @param [Hash] params ({})

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 7490
def verify_user_attribute(params = {}, options = {})
  req = build_request(:verify_user_attribute, params)
  req.send_request(options)
end
waiter_names() click to toggle source

@api private @deprecated

# File lib/aws-sdk-cognitoidentityprovider/client.rb, line 7514
def waiter_names
  []
end