Class: Aws::CognitoIdentityProvider::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::CognitoIdentityProvider::Client
- Includes:
- Aws::ClientStubs
- Defined in:
- lib/aws-sdk-cognitoidentityprovider/client.rb
Overview
An API client for CognitoIdentityProvider. To construct a client, you need to configure a ‘:region` and `:credentials`.
client = Aws::CognitoIdentityProvider::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
See #initialize for a full list of supported configuration options.
Class Attribute Summary collapse
- .identifier ⇒ Object readonly private
API Operations collapse
-
#add_custom_attributes(params = {}) ⇒ Struct
Adds additional user attributes to the user pool schema.
-
#admin_add_user_to_group(params = {}) ⇒ Struct
Adds a user to a group.
-
#admin_confirm_sign_up(params = {}) ⇒ Struct
This IAM-authenticated API operation confirms user sign-up as an administrator.
-
#admin_create_user(params = {}) ⇒ Types::AdminCreateUserResponse
Creates a new user in the specified user pool.
-
#admin_delete_user(params = {}) ⇒ Struct
Deletes a user as an administrator.
-
#admin_delete_user_attributes(params = {}) ⇒ Struct
Deletes the user attributes in a user pool as an administrator.
-
#admin_disable_provider_for_user(params = {}) ⇒ Struct
Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP).
-
#admin_disable_user(params = {}) ⇒ Struct
Deactivates a user and revokes all access tokens for the user.
-
#admin_enable_user(params = {}) ⇒ Struct
Enables the specified user as an administrator.
-
#admin_forget_device(params = {}) ⇒ Struct
Forgets the device, as an administrator.
-
#admin_get_device(params = {}) ⇒ Types::AdminGetDeviceResponse
Gets the device, as an administrator.
-
#admin_get_user(params = {}) ⇒ Types::AdminGetUserResponse
Gets the specified user by user name in a user pool as an administrator.
-
#admin_initiate_auth(params = {}) ⇒ Types::AdminInitiateAuthResponse
Initiates the authentication flow, as an administrator.
-
#admin_link_provider_for_user(params = {}) ⇒ Struct
Links an existing user account in a user pool (‘DestinationUser`) to an identity from an external IdP (`SourceUser`) based on a specified attribute name and value from the external IdP.
-
#admin_list_devices(params = {}) ⇒ Types::AdminListDevicesResponse
Lists devices, as an administrator.
-
#admin_list_groups_for_user(params = {}) ⇒ Types::AdminListGroupsForUserResponse
Lists the groups that a user belongs to.
-
#admin_list_user_auth_events(params = {}) ⇒ Types::AdminListUserAuthEventsResponse
A history of user activity and any risks detected as part of Amazon Cognito advanced security.
-
#admin_remove_user_from_group(params = {}) ⇒ Struct
Removes the specified user from the specified group.
-
#admin_reset_user_password(params = {}) ⇒ Struct
Resets the specified user’s password in a user pool as an administrator.
-
#admin_respond_to_auth_challenge(params = {}) ⇒ Types::AdminRespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
-
#admin_set_user_mfa_preference(params = {}) ⇒ Struct
Sets the user’s multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred.
-
#admin_set_user_password(params = {}) ⇒ Struct
Sets the specified user’s password in a user pool as an administrator.
-
#admin_set_user_settings(params = {}) ⇒ Struct
*This action is no longer supported.* You can use it to configure only SMS MFA.
-
#admin_update_auth_event_feedback(params = {}) ⇒ Struct
Provides feedback for an authentication event indicating if it was from a valid user.
-
#admin_update_device_status(params = {}) ⇒ Struct
Updates the device status as an administrator.
-
#admin_update_user_attributes(params = {}) ⇒ Struct
<note markdown=“1”> This action might generate an SMS text message.
-
#admin_user_global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
-
#associate_software_token(params = {}) ⇒ Types::AssociateSoftwareTokenResponse
Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response.
-
#change_password(params = {}) ⇒ Struct
Changes the password for a specified user in a user pool.
-
#confirm_device(params = {}) ⇒ Types::ConfirmDeviceResponse
Confirms tracking of the device.
-
#confirm_forgot_password(params = {}) ⇒ Struct
Allows a user to enter a confirmation code to reset a forgotten password.
-
#confirm_sign_up(params = {}) ⇒ Struct
This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the [SignUp] API operation.
-
#create_group(params = {}) ⇒ Types::CreateGroupResponse
Creates a new group in the specified user pool.
-
#create_identity_provider(params = {}) ⇒ Types::CreateIdentityProviderResponse
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
-
#create_resource_server(params = {}) ⇒ Types::CreateResourceServerResponse
Creates a new OAuth2.0 resource server and defines custom scopes within it.
-
#create_user_import_job(params = {}) ⇒ Types::CreateUserImportJobResponse
Creates a user import job.
-
#create_user_pool(params = {}) ⇒ Types::CreateUserPoolResponse
<note markdown=“1”> This action might generate an SMS text message.
-
#create_user_pool_client(params = {}) ⇒ Types::CreateUserPoolClientResponse
Creates the user pool client.
-
#create_user_pool_domain(params = {}) ⇒ Types::CreateUserPoolDomainResponse
Creates a new domain for a user pool.
-
#delete_group(params = {}) ⇒ Struct
Deletes a group.
-
#delete_identity_provider(params = {}) ⇒ Struct
Deletes an IdP for a user pool.
-
#delete_resource_server(params = {}) ⇒ Struct
Deletes a resource server.
-
#delete_user(params = {}) ⇒ Struct
Allows a user to delete their own user profile.
-
#delete_user_attributes(params = {}) ⇒ Struct
Deletes the attributes for a user.
-
#delete_user_pool(params = {}) ⇒ Struct
Deletes the specified Amazon Cognito user pool.
-
#delete_user_pool_client(params = {}) ⇒ Struct
Allows the developer to delete the user pool client.
-
#delete_user_pool_domain(params = {}) ⇒ Struct
Deletes a domain for a user pool.
-
#describe_identity_provider(params = {}) ⇒ Types::DescribeIdentityProviderResponse
Gets information about a specific IdP.
-
#describe_resource_server(params = {}) ⇒ Types::DescribeResourceServerResponse
Describes a resource server.
-
#describe_risk_configuration(params = {}) ⇒ Types::DescribeRiskConfigurationResponse
Describes the risk configuration.
-
#describe_user_import_job(params = {}) ⇒ Types::DescribeUserImportJobResponse
Describes the user import job.
-
#describe_user_pool(params = {}) ⇒ Types::DescribeUserPoolResponse
Returns the configuration information and metadata of the specified user pool.
-
#describe_user_pool_client(params = {}) ⇒ Types::DescribeUserPoolClientResponse
Client method for returning the configuration information and metadata of the specified user pool app client.
-
#describe_user_pool_domain(params = {}) ⇒ Types::DescribeUserPoolDomainResponse
Gets information about a domain.
-
#forget_device(params = {}) ⇒ Struct
Forgets the specified device.
-
#forgot_password(params = {}) ⇒ Types::ForgotPasswordResponse
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user’s password.
-
#get_csv_header(params = {}) ⇒ Types::GetCSVHeaderResponse
Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.
-
#get_device(params = {}) ⇒ Types::GetDeviceResponse
Gets the device.
-
#get_group(params = {}) ⇒ Types::GetGroupResponse
Gets a group.
-
#get_identity_provider_by_identifier(params = {}) ⇒ Types::GetIdentityProviderByIdentifierResponse
Gets the specified IdP.
-
#get_log_delivery_configuration(params = {}) ⇒ Types::GetLogDeliveryConfigurationResponse
Gets the logging configuration of a user pool.
-
#get_signing_certificate(params = {}) ⇒ Types::GetSigningCertificateResponse
This method takes a user pool ID, and returns the signing certificate.
-
#get_ui_customization(params = {}) ⇒ Types::GetUICustomizationResponse
Gets the user interface (UI) Customization information for a particular app client’s app UI, if any such information exists for the client.
-
#get_user(params = {}) ⇒ Types::GetUserResponse
Gets the user attributes and metadata for a user.
-
#get_user_attribute_verification_code(params = {}) ⇒ Types::GetUserAttributeVerificationCodeResponse
Generates a user attribute verification code for the specified attribute name.
-
#get_user_pool_mfa_config(params = {}) ⇒ Types::GetUserPoolMfaConfigResponse
Gets the user pool multi-factor authentication (MFA) configuration.
-
#global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
-
#initiate_auth(params = {}) ⇒ Types::InitiateAuthResponse
Initiates sign-in for a user in the Amazon Cognito user directory.
-
#list_devices(params = {}) ⇒ Types::ListDevicesResponse
Lists the sign-in devices that Amazon Cognito has registered to the current user.
-
#list_groups(params = {}) ⇒ Types::ListGroupsResponse
Lists the groups associated with a user pool.
-
#list_identity_providers(params = {}) ⇒ Types::ListIdentityProvidersResponse
Lists information about all IdPs for a user pool.
-
#list_resource_servers(params = {}) ⇒ Types::ListResourceServersResponse
Lists the resource servers for a user pool.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are assigned to an Amazon Cognito user pool.
-
#list_user_import_jobs(params = {}) ⇒ Types::ListUserImportJobsResponse
Lists user import jobs for a user pool.
-
#list_user_pool_clients(params = {}) ⇒ Types::ListUserPoolClientsResponse
Lists the clients that have been created for the specified user pool.
-
#list_user_pools(params = {}) ⇒ Types::ListUserPoolsResponse
Lists the user pools associated with an Amazon Web Services account.
-
#list_users(params = {}) ⇒ Types::ListUsersResponse
Lists users and their basic details in a user pool.
-
#list_users_in_group(params = {}) ⇒ Types::ListUsersInGroupResponse
Lists the users in the specified group.
-
#resend_confirmation_code(params = {}) ⇒ Types::ResendConfirmationCodeResponse
Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
-
#respond_to_auth_challenge(params = {}) ⇒ Types::RespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
-
#revoke_token(params = {}) ⇒ Struct
Revokes all of the access tokens generated by, and at the same time as, the specified refresh token.
-
#set_log_delivery_configuration(params = {}) ⇒ Types::SetLogDeliveryConfigurationResponse
Sets up or modifies the logging configuration of a user pool.
-
#set_risk_configuration(params = {}) ⇒ Types::SetRiskConfigurationResponse
Configures actions on detected risks.
-
#set_ui_customization(params = {}) ⇒ Types::SetUICustomizationResponse
Sets the user interface (UI) customization information for a user pool’s built-in app UI.
-
#set_user_mfa_preference(params = {}) ⇒ Struct
Set the user’s multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred.
-
#set_user_pool_mfa_config(params = {}) ⇒ Types::SetUserPoolMfaConfigResponse
Sets the user pool multi-factor authentication (MFA) configuration.
-
#set_user_settings(params = {}) ⇒ Struct
*This action is no longer supported.* You can use it to configure only SMS MFA.
-
#sign_up(params = {}) ⇒ Types::SignUpResponse
Registers the user in the specified user pool and creates a user name, password, and user attributes.
-
#start_user_import_job(params = {}) ⇒ Types::StartUserImportJobResponse
Starts the user import.
-
#stop_user_import_job(params = {}) ⇒ Types::StopUserImportJobResponse
Stops the user import job.
-
#tag_resource(params = {}) ⇒ Struct
Assigns a set of tags to an Amazon Cognito user pool.
-
#untag_resource(params = {}) ⇒ Struct
Removes the specified tags from an Amazon Cognito user pool.
-
#update_auth_event_feedback(params = {}) ⇒ Struct
Provides the feedback for an authentication event, whether it was from a valid user or not.
-
#update_device_status(params = {}) ⇒ Struct
Updates the device status.
-
#update_group(params = {}) ⇒ Types::UpdateGroupResponse
Updates the specified group with the specified attributes.
-
#update_identity_provider(params = {}) ⇒ Types::UpdateIdentityProviderResponse
Updates IdP information for a user pool.
-
#update_resource_server(params = {}) ⇒ Types::UpdateResourceServerResponse
Updates the name and scopes of resource server.
-
#update_user_attributes(params = {}) ⇒ Types::UpdateUserAttributesResponse
With this operation, your users can update one or more of their attributes with their own credentials.
-
#update_user_pool(params = {}) ⇒ Struct
<note markdown=“1”> This action might generate an SMS text message.
-
#update_user_pool_client(params = {}) ⇒ Types::UpdateUserPoolClientResponse
Updates the specified user pool app client with the specified attributes.
-
#update_user_pool_domain(params = {}) ⇒ Types::UpdateUserPoolDomainResponse
Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.
-
#verify_software_token(params = {}) ⇒ Types::VerifySoftwareTokenResponse
Use this API to register a user’s entered time-based one-time password (TOTP) code and mark the user’s software token MFA status as “verified” if successful.
-
#verify_user_attribute(params = {}) ⇒ Struct
Verifies the specified user attributes in the user pool.
Class Method Summary collapse
- .errors_module ⇒ Object private
Instance Method Summary collapse
- #build_request(operation_name, params = {}) ⇒ Object private
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
- #waiter_names ⇒ Object deprecated private Deprecated.
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
453 454 455 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 453 def initialize(*args) super end |
Class Attribute Details
.identifier ⇒ Object (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
10955 10956 10957 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 10955 def identifier @identifier end |
Class Method Details
.errors_module ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
10958 10959 10960 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 10958 def errors_module Errors end |
Instance Method Details
#add_custom_attributes(params = {}) ⇒ Struct
Adds additional user attributes to the user pool schema.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
515 516 517 518 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 515 def add_custom_attributes(params = {}, = {}) req = build_request(:add_custom_attributes, params) req.send_request() end |
#admin_add_user_to_group(params = {}) ⇒ Struct
Adds a user to a group. A user who is in a group can present a preferred-role claim to an identity pool, and populates a ‘cognito:groups` claim to their access and identity tokens.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
569 570 571 572 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 569 def admin_add_user_to_group(params = {}, = {}) req = build_request(:admin_add_user_to_group, params) req.send_request() end |
#admin_confirm_sign_up(params = {}) ⇒ Struct
This IAM-authenticated API operation confirms user sign-up as an administrator. Unlike [ConfirmSignUp], your IAM credentials authorize user account confirmation. No confirmation code is required.
This request sets a user account active in a user pool that [requires confirmation of new user accounts] before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][3]
- Using the Amazon Cognito user pools API and user pool endpoints][4
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#signing-up-users-in-your-app-and-confirming-them-as-admin [3]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [4]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
665 666 667 668 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 665 def admin_confirm_sign_up(params = {}, = {}) req = build_request(:admin_confirm_sign_up, params) req.send_request() end |
#admin_create_user(params = {}) ⇒ Types::AdminCreateUserResponse
Creates a new user in the specified user pool.
If ‘MessageAction` isn’t set, the default is to send a welcome message via email or phone (SMS).
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call ‘AdminCreateUser` with `SUPPRESS` for the `MessageAction` parameter, and Amazon Cognito won’t send any email.
In either case, the user will be in the ‘FORCE_CHANGE_PASSWORD` state until they sign in and change their password.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][3]
- Using the Amazon Cognito user pools API and user pool endpoints][4
</note>
[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html [3]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [4]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
989 990 991 992 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 989 def admin_create_user(params = {}, = {}) req = build_request(:admin_create_user, params) req.send_request() end |
#admin_delete_user(params = {}) ⇒ Struct
Deletes a user as an administrator. Works on any user.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1037 1038 1039 1040 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1037 def admin_delete_user(params = {}, = {}) req = build_request(:admin_delete_user, params) req.send_request() end |
#admin_delete_user_attributes(params = {}) ⇒ Struct
Deletes the user attributes in a user pool as an administrator. Works on any user.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1095 1096 1097 1098 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1095 def admin_delete_user_attributes(params = {}, = {}) req = build_request(:admin_delete_user_attributes, params) req.send_request() end |
#admin_disable_provider_for_user(params = {}) ⇒ Struct
Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can’t use their password to sign in. If the user to deactivate is a linked external IdP user, any link between that user and an existing user is removed. When the external user signs in again, and the user is no longer attached to the previously linked ‘DestinationUser`, the user must create a new user account. See [AdminLinkProviderForUser].
The ‘ProviderName` must match the value specified when creating an IdP for the pool.
To deactivate a native username + password user, the ‘ProviderName` value must be `Cognito` and the `ProviderAttributeName` must be `Cognito_Subject`. The `ProviderAttributeValue` must be the name that is used in the user pool for the user.
The ‘ProviderAttributeName` must always be `Cognito_Subject` for social IdPs. The `ProviderAttributeValue` must always be the exact subject that was used when the user was originally linked as a source user.
For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the ‘ProviderAttributeName` and `ProviderAttributeValue` must be the same values that were used for the `SourceUser` when the identities were originally linked using ` AdminLinkProviderForUser` call. (If the linking was done with `ProviderAttributeName` set to `Cognito_Subject`, the same applies here). However, if the user has already signed in, the `ProviderAttributeName` must be `Cognito_Subject` and `ProviderAttributeValue` must be the subject of the SAML assertion.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][2]
- Using the Amazon Cognito user pools API and user pool endpoints][3
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html [2]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1175 1176 1177 1178 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1175 def admin_disable_provider_for_user(params = {}, = {}) req = build_request(:admin_disable_provider_for_user, params) req.send_request() end |
#admin_disable_user(params = {}) ⇒ Struct
Deactivates a user and revokes all access tokens for the user. A deactivated user can’t sign in, but still appears in the responses to ‘GetUser` and `ListUsers` API requests.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1225 1226 1227 1228 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1225 def admin_disable_user(params = {}, = {}) req = build_request(:admin_disable_user, params) req.send_request() end |
#admin_enable_user(params = {}) ⇒ Struct
Enables the specified user as an administrator. Works on any user.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1273 1274 1275 1276 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1273 def admin_enable_user(params = {}, = {}) req = build_request(:admin_enable_user, params) req.send_request() end |
#admin_forget_device(params = {}) ⇒ Struct
Forgets the device, as an administrator.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1325 1326 1327 1328 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1325 def admin_forget_device(params = {}, = {}) req = build_request(:admin_forget_device, params) req.send_request() end |
#admin_get_device(params = {}) ⇒ Types::AdminGetDeviceResponse
Gets the device, as an administrator.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1389 1390 1391 1392 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1389 def admin_get_device(params = {}, = {}) req = build_request(:admin_get_device, params) req.send_request() end |
#admin_get_user(params = {}) ⇒ Types::AdminGetUserResponse
Gets the specified user by user name in a user pool as an administrator. Works on any user.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1466 1467 1468 1469 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1466 def admin_get_user(params = {}, = {}) req = build_request(:admin_get_user, params) req.send_request() end |
#admin_initiate_auth(params = {}) ⇒ Types::AdminInitiateAuthResponse
Initiates the authentication flow, as an administrator.
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][3]
- Using the Amazon Cognito user pools API and user pool endpoints][4
</note>
[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html [3]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [4]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1710 1711 1712 1713 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1710 def admin_initiate_auth(params = {}, = {}) req = build_request(:admin_initiate_auth, params) req.send_request() end |
#admin_link_provider_for_user(params = {}) ⇒ Struct
Links an existing user account in a user pool (‘DestinationUser`) to an identity from an external IdP (`SourceUser`) based on a specified attribute name and value from the external IdP. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in. You can then use the federated user identity to sign in as the existing user account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity. When the user signs in with a federated user identity, they sign in as the existing user account.
<note markdown=“1”> The maximum number of federated identities linked to a user is five.
</note>
Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external IdPs and provider attributes that have been trusted by the application owner.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1832 1833 1834 1835 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1832 def admin_link_provider_for_user(params = {}, = {}) req = build_request(:admin_link_provider_for_user, params) req.send_request() end |
#admin_list_devices(params = {}) ⇒ Types::AdminListDevicesResponse
Lists devices, as an administrator.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
1908 1909 1910 1911 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1908 def admin_list_devices(params = {}, = {}) req = build_request(:admin_list_devices, params) req.send_request() end |
#admin_list_groups_for_user(params = {}) ⇒ Types::AdminListGroupsForUserResponse
Lists the groups that a user belongs to.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1983 1984 1985 1986 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 1983 def admin_list_groups_for_user(params = {}, = {}) req = build_request(:admin_list_groups_for_user, params) req.send_request() end |
#admin_list_user_auth_events(params = {}) ⇒ Types::AdminListUserAuthEventsResponse
A history of user activity and any risks detected as part of Amazon Cognito advanced security.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2070 2071 2072 2073 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 2070 def admin_list_user_auth_events(params = {}, = {}) req = build_request(:admin_list_user_auth_events, params) req.send_request() end |
#admin_remove_user_from_group(params = {}) ⇒ Struct
Removes the specified user from the specified group.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2122 2123 2124 2125 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 2122 def admin_remove_user_from_group(params = {}, = {}) req = build_request(:admin_remove_user_from_group, params) req.send_request() end |
#admin_reset_user_password(params = {}) ⇒ Struct
Resets the specified user’s password in a user pool as an administrator. Works on any user.
To use this API operation, your user pool must have self-service account recovery configured. Use [AdminSetUserPassword] if you manage passwords as an administrator.
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
Deactivates a user’s password, requiring them to change it. If a user tries to sign in after the API is called, Amazon Cognito responds with a ‘PasswordResetRequiredException` error. Your app must then perform the actions that reset your user’s password: the forgot-password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][4]
- Using the Amazon Cognito user pools API and user pool endpoints][5
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html [2]: console.aws.amazon.com/pinpoint/home/ [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html [4]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [5]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2250 2251 2252 2253 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 2250 def admin_reset_user_password(params = {}, = {}) req = build_request(:admin_reset_user_password, params) req.send_request() end |
#admin_respond_to_auth_challenge(params = {}) ⇒ Types::AdminRespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An ‘AdminRespondToAuthChallenge` API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see [Custom authentication challenge Lambda triggers].
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][4]
- Using the Amazon Cognito user pools API and user pool endpoints][5
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html [2]: console.aws.amazon.com/pinpoint/home/ [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html [4]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [5]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2548 2549 2550 2551 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 2548 def admin_respond_to_auth_challenge(params = {}, = {}) req = build_request(:admin_respond_to_auth_challenge, params) req.send_request() end |
#admin_set_user_mfa_preference(params = {}) ⇒ Struct
Sets the user’s multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2634 2635 2636 2637 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 2634 def admin_set_user_mfa_preference(params = {}, = {}) req = build_request(:admin_set_user_mfa_preference, params) req.send_request() end |
#admin_set_user_password(params = {}) ⇒ Struct
Sets the specified user’s password in a user pool as an administrator. Works on any user.
The password can be temporary or permanent. If it is temporary, the user status enters the ‘FORCE_CHANGE_PASSWORD` state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the `NEW_PASSWORD_REQUIRED` challenge. If the user doesn’t sign in before it expires, the user won’t be able to sign in, and an administrator must reset their password.
Once the user has set a new password, or the password is permanent, the user status is set to ‘Confirmed`.
‘AdminSetUserPassword` can set a password for the user profile that Amazon Cognito creates for third-party federated users. When you set a password, the federated user’s status changes from ‘EXTERNAL_PROVIDER` to `CONFIRMED`. A user in this state can sign in as a federated user, and initiate authentication flows in the API like a linked native user. They can also modify their password and attributes in token-authenticated API requests like `ChangePassword` and `UpdateUserAttributes`. As a best security practice and to keep users in sync with your external IdP, don’t set passwords on federated user profiles. To set up a federated user for native sign-in with a linked native user, refer to [Linking federated users to an existing user profile].
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][2]
- Using the Amazon Cognito user pools API and user pool endpoints][3
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html [2]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2716 2717 2718 2719 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 2716 def admin_set_user_password(params = {}, = {}) req = build_request(:admin_set_user_password, params) req.send_request() end |
#admin_set_user_settings(params = {}) ⇒ Struct
*This action is no longer supported.* You can use it to configure only SMS MFA. You can’t use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use
- AdminSetUserMFAPreference][1
-
instead.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][2]
- Using the Amazon Cognito user pools API and user pool endpoints][3
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html [2]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2779 2780 2781 2782 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 2779 def admin_set_user_settings(params = {}, = {}) req = build_request(:admin_set_user_settings, params) req.send_request() end |
#admin_update_auth_event_feedback(params = {}) ⇒ Struct
Provides feedback for an authentication event indicating if it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2843 2844 2845 2846 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 2843 def admin_update_auth_event_feedback(params = {}, = {}) req = build_request(:admin_update_auth_event_feedback, params) req.send_request() end |
#admin_update_device_status(params = {}) ⇒ Struct
Updates the device status as an administrator.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
2899 2900 2901 2902 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 2899 def admin_update_device_status(params = {}, = {}) req = build_request(:admin_update_device_status, params) req.send_request() end |
#admin_update_user_attributes(params = {}) ⇒ Struct
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
Updates the specified user’s attributes, including developer attributes, as an administrator. Works on any user. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must prepend the ‘custom:` prefix to the attribute name.
In addition to updating user attributes, this API can also be used to mark phone and email as verified.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][3]
- Using the Amazon Cognito user pools API and user pool endpoints][4
</note>
[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html [3]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [4]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3047 3048 3049 3050 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3047 def admin_update_user_attributes(params = {}, = {}) req = build_request(:admin_update_user_attributes, params) req.send_request() end |
#admin_user_global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.
-
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user’s access tokens. For more information, see [Using the Amazon Cognito user pools API and user pool endpoints].
Amazon Cognito returns an ‘Access Token has been revoked` error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope `aws.cognito.signin.user.admin`.
-
Amazon Cognito no longer accepts a signed-out user’s ID token in a
- GetId ][2
-
request to an identity pool with ‘ServerSideTokenCheck`
enabled for its user pool IdP configuration in [CognitoIdentityProvider].
-
Amazon Cognito no longer accepts a signed-out user’s refresh tokens in refresh requests.
Other requests might be valid until your user’s token expires.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][4]
- Using the Amazon Cognito user pools API and user pool endpoints][1
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html [2]: docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetId.html [3]: docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_CognitoIdentityProvider.html [4]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
3120 3121 3122 3123 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3120 def admin_user_global_sign_out(params = {}, = {}) req = build_request(:admin_user_global_sign_out, params) req.send_request() end |
#associate_software_token(params = {}) ⇒ Types::AssociateSoftwareTokenResponse
Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an ‘AssociateSoftwareToken` request with either the user’s access token, or a session string from a challenge response that you received from Amazon Cognito.
<note markdown=“1”> Amazon Cognito disassociates an existing software token when you verify the new token in a [ VerifySoftwareToken] API request. If you don’t verify the software token and your user pool doesn’t require MFA, the user can then authenticate with user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito generates an ‘MFA_SETUP` or `SOFTWARE_TOKEN_SETUP` challenge each time your user signs in. Complete setup with `AssociateSoftwareToken` and `VerifySoftwareToken`.
After you set up software token MFA for your user, Amazon Cognito
generates a ‘SOFTWARE_TOKEN_MFA` challenge when they authenticate. Respond to this challenge with your user’s TOTP.
</note>
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3191 3192 3193 3194 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3191 def associate_software_token(params = {}, = {}) req = build_request(:associate_software_token, params) req.send_request() end |
#build_request(operation_name, params = {}) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
10928 10929 10930 10931 10932 10933 10934 10935 10936 10937 10938 10939 10940 10941 10942 10943 10944 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 10928 def build_request(operation_name, params = {}) handlers = @handlers.for(operation_name) tracer = config.telemetry_provider.tracer_provider.tracer( Aws::Telemetry.module_to_tracer_name('Aws::CognitoIdentityProvider') ) context = Seahorse::Client::RequestContext.new( operation_name: operation_name, operation: config.api.operation(operation_name), client: self, params: params, config: config, tracer: tracer ) context[:gem_name] = 'aws-sdk-cognitoidentityprovider' context[:gem_version] = '1.105.0' Seahorse::Client::Request.new(handlers, context) end |
#change_password(params = {}) ⇒ Struct
Changes the password for a specified user in a user pool.
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3238 3239 3240 3241 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3238 def change_password(params = {}, = {}) req = build_request(:change_password, params) req.send_request() end |
#confirm_device(params = {}) ⇒ Types::ConfirmDeviceResponse
Confirms tracking of the device. This API call is the call that begins device tracking. For more information about device authentication, see [Working with user devices in your user pool].
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3301 3302 3303 3304 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3301 def confirm_device(params = {}, = {}) req = build_request(:confirm_device, params) req.send_request() end |
#confirm_forgot_password(params = {}) ⇒ Struct
Allows a user to enter a confirmation code to reset a forgotten password.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3427 3428 3429 3430 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3427 def confirm_forgot_password(params = {}, = {}) req = build_request(:confirm_forgot_password, params) req.send_request() end |
#confirm_sign_up(params = {}) ⇒ Struct
This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the [SignUp] API operation. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.
Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users, users created with the
- AdminCreateUser][2
-
API operation, confirm their accounts when they
respond to their invitation email message and choose a password. They do not receive a confirmation code. Instead, they receive a temporary password.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html [2]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3565 3566 3567 3568 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3565 def confirm_sign_up(params = {}, = {}) req = build_request(:confirm_sign_up, params) req.send_request() end |
#create_group(params = {}) ⇒ Types::CreateGroupResponse
Creates a new group in the specified user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3650 3651 3652 3653 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3650 def create_group(params = {}, = {}) req = build_request(:create_group, params) req.send_request() end |
#create_identity_provider(params = {}) ⇒ Types::CreateIdentityProviderResponse
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3848 3849 3850 3851 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3848 def create_identity_provider(params = {}, = {}) req = build_request(:create_identity_provider, params) req.send_request() end |
#create_resource_server(params = {}) ⇒ Types::CreateResourceServerResponse
Creates a new OAuth2.0 resource server and defines custom scopes within it.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3925 3926 3927 3928 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3925 def create_resource_server(params = {}, = {}) req = build_request(:create_resource_server, params) req.send_request() end |
#create_user_import_job(params = {}) ⇒ Types::CreateUserImportJobResponse
Creates a user import job.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
3993 3994 3995 3996 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 3993 def create_user_import_job(params = {}, = {}) req = build_request(:create_user_import_job, params) req.send_request() end |
#create_user_pool(params = {}) ⇒ Types::CreateUserPoolResponse
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
Creates a new Amazon Cognito user pool and sets the password policy for the pool.
If you don’t provide a value for an attribute, Amazon Cognito sets it to its default value.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][3]
- Using the Amazon Cognito user pools API and user pool endpoints][4
</note>
[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html [3]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [4]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
4898 4899 4900 4901 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 4898 def create_user_pool(params = {}, = {}) req = build_request(:create_user_pool, params) req.send_request() end |
#create_user_pool_client(params = {}) ⇒ Types::CreateUserPoolClientResponse
Creates the user pool client.
When you create a new user pool client, token revocation is automatically activated. For more information about revoking tokens, see [RevokeToken].
If you don’t provide a value for an attribute, Amazon Cognito sets it to its default value.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][2]
- Using the Amazon Cognito user pools API and user pool endpoints][3
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html [2]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
5470 5471 5472 5473 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5470 def create_user_pool_client(params = {}, = {}) req = build_request(:create_user_pool_client, params) req.send_request() end |
#create_user_pool_domain(params = {}) ⇒ Types::CreateUserPoolDomainResponse
Creates a new domain for a user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
5540 5541 5542 5543 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5540 def create_user_pool_domain(params = {}, = {}) req = build_request(:create_user_pool_domain, params) req.send_request() end |
#delete_group(params = {}) ⇒ Struct
Deletes a group.
Calling this action requires developer credentials.
5568 5569 5570 5571 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5568 def delete_group(params = {}, = {}) req = build_request(:delete_group, params) req.send_request() end |
#delete_identity_provider(params = {}) ⇒ Struct
Deletes an IdP for a user pool.
5594 5595 5596 5597 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5594 def delete_identity_provider(params = {}, = {}) req = build_request(:delete_identity_provider, params) req.send_request() end |
#delete_resource_server(params = {}) ⇒ Struct
Deletes a resource server.
5620 5621 5622 5623 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5620 def delete_resource_server(params = {}, = {}) req = build_request(:delete_resource_server, params) req.send_request() end |
#delete_user(params = {}) ⇒ Struct
Allows a user to delete their own user profile.
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
5659 5660 5661 5662 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5659 def delete_user(params = {}, = {}) req = build_request(:delete_user, params) req.send_request() end |
#delete_user_attributes(params = {}) ⇒ Struct
Deletes the attributes for a user.
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
5706 5707 5708 5709 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5706 def delete_user_attributes(params = {}, = {}) req = build_request(:delete_user_attributes, params) req.send_request() end |
#delete_user_pool(params = {}) ⇒ Struct
Deletes the specified Amazon Cognito user pool.
5728 5729 5730 5731 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5728 def delete_user_pool(params = {}, = {}) req = build_request(:delete_user_pool, params) req.send_request() end |
#delete_user_pool_client(params = {}) ⇒ Struct
Allows the developer to delete the user pool client.
5755 5756 5757 5758 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5755 def delete_user_pool_client(params = {}, = {}) req = build_request(:delete_user_pool_client, params) req.send_request() end |
#delete_user_pool_domain(params = {}) ⇒ Struct
Deletes a domain for a user pool.
5783 5784 5785 5786 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5783 def delete_user_pool_domain(params = {}, = {}) req = build_request(:delete_user_pool_domain, params) req.send_request() end |
#describe_identity_provider(params = {}) ⇒ Types::DescribeIdentityProviderResponse
Gets information about a specific IdP.
5825 5826 5827 5828 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5825 def describe_identity_provider(params = {}, = {}) req = build_request(:describe_identity_provider, params) req.send_request() end |
#describe_resource_server(params = {}) ⇒ Types::DescribeResourceServerResponse
Describes a resource server.
5869 5870 5871 5872 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5869 def describe_resource_server(params = {}, = {}) req = build_request(:describe_resource_server, params) req.send_request() end |
#describe_risk_configuration(params = {}) ⇒ Types::DescribeRiskConfigurationResponse
Describes the risk configuration.
5928 5929 5930 5931 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5928 def describe_risk_configuration(params = {}, = {}) req = build_request(:describe_risk_configuration, params) req.send_request() end |
#describe_user_import_job(params = {}) ⇒ Types::DescribeUserImportJobResponse
Describes the user import job.
5973 5974 5975 5976 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 5973 def describe_user_import_job(params = {}, = {}) req = build_request(:describe_user_import_job, params) req.send_request() end |
#describe_user_pool(params = {}) ⇒ Types::DescribeUserPoolResponse
Returns the configuration information and metadata of the specified user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
6107 6108 6109 6110 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6107 def describe_user_pool(params = {}, = {}) req = build_request(:describe_user_pool, params) req.send_request() end |
#describe_user_pool_client(params = {}) ⇒ Types::DescribeUserPoolClientResponse
Client method for returning the configuration information and metadata of the specified user pool app client.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
6196 6197 6198 6199 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6196 def describe_user_pool_client(params = {}, = {}) req = build_request(:describe_user_pool_client, params) req.send_request() end |
#describe_user_pool_domain(params = {}) ⇒ Types::DescribeUserPoolDomainResponse
Gets information about a domain.
6233 6234 6235 6236 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6233 def describe_user_pool_domain(params = {}, = {}) req = build_request(:describe_user_pool_domain, params) req.send_request() end |
#forget_device(params = {}) ⇒ Struct
Forgets the specified device. For more information about device authentication, see [Working with user devices in your user pool].
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
6278 6279 6280 6281 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6278 def forget_device(params = {}, = {}) req = build_request(:forget_device, params) req.send_request() end |
#forgot_password(params = {}) ⇒ Types::ForgotPasswordResponse
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user’s password. For the ‘Username` parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see
- Recovering User Accounts][1
-
in the *Amazon Cognito Developer Guide*.
To use the confirmation code for resetting the password, call [ConfirmForgotPassword].
If neither a verified phone number nor a verified email exists, this API returns ‘InvalidParameterException`. If your app client has a client secret and you don’t provide a ‘SECRET_HASH` parameter, this API returns `NotAuthorizedException`.
To use this API operation, your user pool must have self-service account recovery configured. Use [AdminSetUserPassword] if you manage passwords as an administrator.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html [2]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html [3]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html [4]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html [5]: console.aws.amazon.com/pinpoint/home/ [6]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
6435 6436 6437 6438 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6435 def forgot_password(params = {}, = {}) req = build_request(:forgot_password, params) req.send_request() end |
#get_csv_header(params = {}) ⇒ Types::GetCSVHeaderResponse
Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.
6468 6469 6470 6471 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6468 def get_csv_header(params = {}, = {}) req = build_request(:get_csv_header, params) req.send_request() end |
#get_device(params = {}) ⇒ Types::GetDeviceResponse
Gets the device. For more information about device authentication, see [Working with user devices in your user pool].
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
6525 6526 6527 6528 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6525 def get_device(params = {}, = {}) req = build_request(:get_device, params) req.send_request() end |
#get_group(params = {}) ⇒ Types::GetGroupResponse
Gets a group.
Calling this action requires developer credentials.
6565 6566 6567 6568 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6565 def get_group(params = {}, = {}) req = build_request(:get_group, params) req.send_request() end |
#get_identity_provider_by_identifier(params = {}) ⇒ Types::GetIdentityProviderByIdentifierResponse
Gets the specified IdP.
6607 6608 6609 6610 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6607 def get_identity_provider_by_identifier(params = {}, = {}) req = build_request(:get_identity_provider_by_identifier, params) req.send_request() end |
#get_log_delivery_configuration(params = {}) ⇒ Types::GetLogDeliveryConfigurationResponse
Gets the logging configuration of a user pool.
6642 6643 6644 6645 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6642 def get_log_delivery_configuration(params = {}, = {}) req = build_request(:get_log_delivery_configuration, params) req.send_request() end |
#get_signing_certificate(params = {}) ⇒ Types::GetSigningCertificateResponse
This method takes a user pool ID, and returns the signing certificate. The issued certificate is valid for 10 years from the date of issue.
Amazon Cognito issues and assigns a new signing certificate annually. This process returns a new value in the response to ‘GetSigningCertificate`, but doesn’t invalidate the original certificate.
6676 6677 6678 6679 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6676 def get_signing_certificate(params = {}, = {}) req = build_request(:get_signing_certificate, params) req.send_request() end |
#get_ui_customization(params = {}) ⇒ Types::GetUICustomizationResponse
Gets the user interface (UI) Customization information for a particular app client’s app UI, if any such information exists for the client. If nothing is set for the particular client, but there is an existing pool level customization (the app ‘clientId` is `ALL`), then that information is returned. If nothing is present, then an empty shape is returned.
6719 6720 6721 6722 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6719 def get_ui_customization(params = {}, = {}) req = build_request(:get_ui_customization, params) req.send_request() end |
#get_user(params = {}) ⇒ Types::GetUserResponse
Gets the user attributes and metadata for a user.
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
6777 6778 6779 6780 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6777 def get_user(params = {}, = {}) req = build_request(:get_user, params) req.send_request() end |
#get_user_attribute_verification_code(params = {}) ⇒ Types::GetUserAttributeVerificationCodeResponse
Generates a user attribute verification code for the specified attribute name. Sends a message to a user with a code that they must return in a VerifyUserAttribute request.
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html [2]: console.aws.amazon.com/pinpoint/home/ [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
6894 6895 6896 6897 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6894 def get_user_attribute_verification_code(params = {}, = {}) req = build_request(:get_user_attribute_verification_code, params) req.send_request() end |
#get_user_pool_mfa_config(params = {}) ⇒ Types::GetUserPoolMfaConfigResponse
Gets the user pool multi-factor authentication (MFA) configuration.
6932 6933 6934 6935 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6932 def get_user_pool_mfa_config(params = {}, = {}) req = build_request(:get_user_pool_mfa_config, params) req.send_request() end |
#global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
-
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user’s access tokens. For more information, see [Using the Amazon Cognito user pools API and user pool endpoints].
Amazon Cognito returns an ‘Access Token has been revoked` error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope `aws.cognito.signin.user.admin`.
-
Amazon Cognito no longer accepts a signed-out user’s ID token in a
- GetId ][2
-
request to an identity pool with ‘ServerSideTokenCheck`
enabled for its user pool IdP configuration in [CognitoIdentityProvider].
-
Amazon Cognito no longer accepts a signed-out user’s refresh tokens in refresh requests.
Other requests might be valid until your user’s token expires.
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html [2]: docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetId.html [3]: docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_CognitoIdentityProvider.html
6995 6996 6997 6998 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 6995 def global_sign_out(params = {}, = {}) req = build_request(:global_sign_out, params) req.send_request() end |
#initiate_auth(params = {}) ⇒ Types::InitiateAuthResponse
Initiates sign-in for a user in the Amazon Cognito user directory. You can’t sign in a user with a federated IdP with ‘InitiateAuth`. For more information, see [ Adding user pool sign-in through a third party].
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html [3]: console.aws.amazon.com/pinpoint/home/ [4]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
7259 7260 7261 7262 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 7259 def initiate_auth(params = {}, = {}) req = build_request(:initiate_auth, params) req.send_request() end |
#list_devices(params = {}) ⇒ Types::ListDevicesResponse
Lists the sign-in devices that Amazon Cognito has registered to the current user. For more information about device authentication, see [Working with user devices in your user pool].
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
7329 7330 7331 7332 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 7329 def list_devices(params = {}, = {}) req = build_request(:list_devices, params) req.send_request() end |
#list_groups(params = {}) ⇒ Types::ListGroupsResponse
Lists the groups associated with a user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
7396 7397 7398 7399 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 7396 def list_groups(params = {}, = {}) req = build_request(:list_groups, params) req.send_request() end |
#list_identity_providers(params = {}) ⇒ Types::ListIdentityProvidersResponse
Lists information about all IdPs for a user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
7458 7459 7460 7461 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 7458 def list_identity_providers(params = {}, = {}) req = build_request(:list_identity_providers, params) req.send_request() end |
#list_resource_servers(params = {}) ⇒ Types::ListResourceServersResponse
Lists the resource servers for a user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
7522 7523 7524 7525 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 7522 def list_resource_servers(params = {}, = {}) req = build_request(:list_resource_servers, params) req.send_request() end |
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are assigned to an Amazon Cognito user pool.
A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
You can use this action up to 10 times per second, per account.
7558 7559 7560 7561 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 7558 def (params = {}, = {}) req = build_request(:list_tags_for_resource, params) req.send_request() end |
#list_user_import_jobs(params = {}) ⇒ Types::ListUserImportJobsResponse
Lists user import jobs for a user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
7633 7634 7635 7636 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 7633 def list_user_import_jobs(params = {}, = {}) req = build_request(:list_user_import_jobs, params) req.send_request() end |
#list_user_pool_clients(params = {}) ⇒ Types::ListUserPoolClientsResponse
Lists the clients that have been created for the specified user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
7698 7699 7700 7701 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 7698 def list_user_pool_clients(params = {}, = {}) req = build_request(:list_user_pool_clients, params) req.send_request() end |
#list_user_pools(params = {}) ⇒ Types::ListUserPoolsResponse
Lists the user pools associated with an Amazon Web Services account.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
7777 7778 7779 7780 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 7777 def list_user_pools(params = {}, = {}) req = build_request(:list_user_pools, params) req.send_request() end |
#list_users(params = {}) ⇒ Types::ListUsersResponse
Lists users and their basic details in a user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8011 8012 8013 8014 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8011 def list_users(params = {}, = {}) req = build_request(:list_users, params) req.send_request() end |
#list_users_in_group(params = {}) ⇒ Types::ListUsersInGroupResponse
Lists the users in the specified group.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8087 8088 8089 8090 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8087 def list_users_in_group(params = {}, = {}) req = build_request(:list_users_in_group, params) req.send_request() end |
#resend_confirmation_code(params = {}) ⇒ Types::ResendConfirmationCodeResponse
Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html [2]: console.aws.amazon.com/pinpoint/home/ [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
8226 8227 8228 8229 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8226 def resend_confirmation_code(params = {}, = {}) req = build_request(:resend_confirmation_code, params) req.send_request() end |
#respond_to_auth_challenge(params = {}) ⇒ Types::RespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. A ‘RespondToAuthChallenge` API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see [Custom authentication challenge Lambda triggers].
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html [3]: console.aws.amazon.com/pinpoint/home/ [4]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
8493 8494 8495 8496 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8493 def respond_to_auth_challenge(params = {}, = {}) req = build_request(:respond_to_auth_challenge, params) req.send_request() end |
#revoke_token(params = {}) ⇒ Struct
Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can’t use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
8540 8541 8542 8543 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8540 def revoke_token(params = {}, = {}) req = build_request(:revoke_token, params) req.send_request() end |
#set_log_delivery_configuration(params = {}) ⇒ Types::SetLogDeliveryConfigurationResponse
Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and advanced security features user activity logs.
8594 8595 8596 8597 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8594 def set_log_delivery_configuration(params = {}, = {}) req = build_request(:set_log_delivery_configuration, params) req.send_request() end |
#set_risk_configuration(params = {}) ⇒ Types::SetRiskConfigurationResponse
Configures actions on detected risks. To delete the risk configuration for ‘UserPoolId` or `ClientId`, pass null values for all four configuration types.
To activate Amazon Cognito advanced security features, update the user pool to include the ‘UserPoolAddOns` key`AdvancedSecurityMode`.
8719 8720 8721 8722 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8719 def set_risk_configuration(params = {}, = {}) req = build_request(:set_risk_configuration, params) req.send_request() end |
#set_ui_customization(params = {}) ⇒ Types::SetUICustomizationResponse
Sets the user interface (UI) customization information for a user pool’s built-in app UI.
You can specify app UI customization settings for a single client (with a specific ‘clientId`) or for all clients (by setting the `clientId` to `ALL`). If you specify `ALL`, the default configuration is used for every client that has no previously set UI customization. If you specify UI customization settings for a particular client, it will no longer return to the `ALL` configuration.
<note markdown=“1”> To use this API, your user pool must have a domain associated with it. Otherwise, there is no place to host the app’s pages, and the service will throw an error.
</note>
8779 8780 8781 8782 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8779 def set_ui_customization(params = {}, = {}) req = build_request(:set_ui_customization, params) req.send_request() end |
#set_user_mfa_preference(params = {}) ⇒ Struct
Set the user’s multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
8860 8861 8862 8863 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8860 def set_user_mfa_preference(params = {}, = {}) req = build_request(:set_user_mfa_preference, params) req.send_request() end |
#set_user_pool_mfa_config(params = {}) ⇒ Types::SetUserPoolMfaConfigResponse
Sets the user pool multi-factor authentication (MFA) configuration.
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
8975 8976 8977 8978 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 8975 def set_user_pool_mfa_config(params = {}, = {}) req = build_request(:set_user_pool_mfa_config, params) req.send_request() end |
#set_user_settings(params = {}) ⇒ Struct
*This action is no longer supported.* You can use it to configure only SMS MFA. You can’t use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use
- SetUserMFAPreference][1
-
instead.
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
9028 9029 9030 9031 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9028 def set_user_settings(params = {}, = {}) req = build_request(:set_user_settings, params) req.send_request() end |
#sign_up(params = {}) ⇒ Types::SignUpResponse
Registers the user in the specified user pool and creates a user name, password, and user attributes.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html [2]: console.aws.amazon.com/pinpoint/home/ [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
9211 9212 9213 9214 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9211 def sign_up(params = {}, = {}) req = build_request(:sign_up, params) req.send_request() end |
#start_user_import_job(params = {}) ⇒ Types::StartUserImportJobResponse
Starts the user import.
9256 9257 9258 9259 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9256 def start_user_import_job(params = {}, = {}) req = build_request(:start_user_import_job, params) req.send_request() end |
#stop_user_import_job(params = {}) ⇒ Types::StopUserImportJobResponse
Stops the user import job.
9301 9302 9303 9304 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9301 def stop_user_import_job(params = {}, = {}) req = build_request(:stop_user_import_job, params) req.send_request() end |
#tag_resource(params = {}) ⇒ Struct
Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
Each tag consists of a key and value, both of which you define. A key is a general category for more specific values. For example, if you have two versions of a user pool, one for testing and another for production, you might assign an ‘Environment` tag key to both user pools. The value of this key might be `Test` for one user pool, and `Production` for the other.
Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an Identity and Access Management policy, you can constrain permissions for user pools based on specific tags or tag values.
You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.
9347 9348 9349 9350 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9347 def tag_resource(params = {}, = {}) req = build_request(:tag_resource, params) req.send_request() end |
#untag_resource(params = {}) ⇒ Struct
Removes the specified tags from an Amazon Cognito user pool. You can use this action up to 5 times per second, per account.
9375 9376 9377 9378 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9375 def untag_resource(params = {}, = {}) req = build_request(:untag_resource, params) req.send_request() end |
#update_auth_event_feedback(params = {}) ⇒ Struct
Provides the feedback for an authentication event, whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
9438 9439 9440 9441 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9438 def update_auth_event_feedback(params = {}, = {}) req = build_request(:update_auth_event_feedback, params) req.send_request() end |
#update_device_status(params = {}) ⇒ Struct
Updates the device status. For more information about device authentication, see [Working with user devices in your user pool].
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
9487 9488 9489 9490 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9487 def update_device_status(params = {}, = {}) req = build_request(:update_device_status, params) req.send_request() end |
#update_group(params = {}) ⇒ Types::UpdateGroupResponse
Updates the specified group with the specified attributes.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
9562 9563 9564 9565 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9562 def update_group(params = {}, = {}) req = build_request(:update_group, params) req.send_request() end |
#update_identity_provider(params = {}) ⇒ Types::UpdateIdentityProviderResponse
Updates IdP information for a user pool.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
9754 9755 9756 9757 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9754 def update_identity_provider(params = {}, = {}) req = build_request(:update_identity_provider, params) req.send_request() end |
#update_resource_server(params = {}) ⇒ Types::UpdateResourceServerResponse
Updates the name and scopes of resource server. All other fields are read-only.
If you don’t provide a value for an attribute, it is set to the default value.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][1]
- Using the Amazon Cognito user pools API and user pool endpoints][2
</note>
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
9833 9834 9835 9836 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9833 def update_resource_server(params = {}, = {}) req = build_request(:update_resource_server, params) req.send_request() end |
#update_user_attributes(params = {}) ⇒ Types::UpdateUserAttributesResponse
With this operation, your users can update one or more of their attributes with their own credentials. You authorize this API request with the user’s access token. To delete an attribute from your user, submit the attribute in your API request with a blank value. Custom attribute values in this request must include the ‘custom:` prefix.
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html [2]: console.aws.amazon.com/pinpoint/home/ [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html
9966 9967 9968 9969 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 9966 def update_user_attributes(params = {}, = {}) req = build_request(:update_user_attributes, params) req.send_request() end |
#update_user_pool(params = {}) ⇒ Struct
<note markdown=“1”> This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with [Amazon Pinpoint]. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text with Amazon Cognito or any
other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In <a href=“https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html”>sandbox mode</a> , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see [ SMS message settings for Amazon Cognito user pools] in the *Amazon Cognito Developer Guide*.
</note>
Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using [DescribeUserPool].
If you don’t provide a value for an attribute, Amazon Cognito sets it to its default value.
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][4]
- Using the Amazon Cognito user pools API and user pool endpoints][5
</note>
[1]: console.aws.amazon.com/pinpoint/home/ [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html [3]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html [4]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [5]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
10268 10269 10270 10271 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 10268 def update_user_pool(params = {}, = {}) req = build_request(:update_user_pool, params) req.send_request() end |
#update_user_pool_client(params = {}) ⇒ Types::UpdateUserPoolClientResponse
Updates the specified user pool app client with the specified attributes. You can get a list of the current user pool app client settings using [DescribeUserPoolClient].
If you don’t provide a value for an attribute, Amazon Cognito sets it to its default value.
You can also use this operation to enable token revocation for user pool clients. For more information about revoking tokens, see [RevokeToken].
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][3]
- Using the Amazon Cognito user pools API and user pool endpoints][4
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html [2]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html [3]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [4]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
10706 10707 10708 10709 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 10706 def update_user_pool_client(params = {}, = {}) req = build_request(:update_user_pool_client, params) req.send_request() end |
#update_user_pool_domain(params = {}) ⇒ Types::UpdateUserPoolDomainResponse
Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.
You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You can’t use it to change the domain for a user pool.
A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.
Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.
However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.
When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Amazon Web Services Region.
After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.
For more information about adding a custom domain to your user pool, see [Using Your Own Domain for the Hosted UI].
<note markdown=“1”> Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
**Learn more**
* [Signing Amazon Web Services API Requests][2]
- Using the Amazon Cognito user pools API and user pool endpoints][3
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html [2]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html [3]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
10801 10802 10803 10804 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 10801 def update_user_pool_domain(params = {}, = {}) req = build_request(:update_user_pool_domain, params) req.send_request() end |
#verify_software_token(params = {}) ⇒ Types::VerifySoftwareTokenResponse
Use this API to register a user’s entered time-based one-time password (TOTP) code and mark the user’s software token MFA status as “verified” if successful. The request takes an access token or a session string, but not both.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
10866 10867 10868 10869 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 10866 def verify_software_token(params = {}, = {}) req = build_request(:verify_software_token, params) req.send_request() end |
#verify_user_attribute(params = {}) ⇒ Struct
Verifies the specified user attributes in the user pool.
If your user pool requires verification before Amazon Cognito updates the attribute value, VerifyUserAttribute updates the affected attribute to its pending value. For more information, see [ UserAttributeUpdateSettingsType].
Authorize this action with a signed-in user’s access token. It must include the scope ‘aws.cognito.signin.user.admin`.
<note markdown=“1”> Amazon Cognito doesn’t evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can’t use IAM credentials to authorize requests, and you can’t grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints].
</note>
[1]: docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserAttributeUpdateSettingsType.html [2]: docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
10919 10920 10921 10922 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 10919 def verify_user_attribute(params = {}, = {}) req = build_request(:verify_user_attribute, params) req.send_request() end |
#waiter_names ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
10948 10949 10950 |
# File 'lib/aws-sdk-cognitoidentityprovider/client.rb', line 10948 def waiter_names [] end |