You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::CognitoIdentityProvider::Types::AdminLinkProviderForUserRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::CognitoIdentityProvider::Types::AdminLinkProviderForUserRequest
- Defined in:
- (unknown)
Overview
When passing AdminLinkProviderForUserRequest as input to an Aws::Client method, you can use a vanilla Hash:
{
user_pool_id: "StringType", # required
destination_user: { # required
provider_name: "ProviderNameType",
provider_attribute_name: "StringType",
provider_attribute_value: "StringType",
},
source_user: { # required
provider_name: "ProviderNameType",
provider_attribute_name: "StringType",
provider_attribute_value: "StringType",
},
}
Instance Attribute Summary collapse
-
#destination_user ⇒ Types::ProviderUserIdentifierType
The existing user in the user pool to be linked to the external identity provider user account.
-
#source_user ⇒ Types::ProviderUserIdentifierType
An external identity provider account for a user who does not currently exist yet in the user pool.
-
#user_pool_id ⇒ String
The user pool ID for the user pool.
Instance Attribute Details
#destination_user ⇒ Types::ProviderUserIdentifierType
The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn\'t exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.
For a native username + password user, the ProviderAttributeValue
for
the DestinationUser
should be the username in the user pool. For a
federated user, it should be the provider-specific user_id
.
The ProviderAttributeName
of the DestinationUser
is ignored.
The ProviderName
should be set to Cognito
for users in Cognito user
pools.
#source_user ⇒ Types::ProviderUserIdentifierType
An external identity provider account for a user who does not currently exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser
is a federated social identity provider user
(Facebook, Google, or Login with Amazon), you must set the
ProviderAttributeName
to Cognito_Subject
. For social identity
providers, the ProviderName
will be Facebook
, Google
, or
LoginWithAmazon
, and Cognito will automatically parse the Facebook,
Google, and Login with Amazon tokens for id
, sub
, and user_id
,
respectively. The ProviderAttributeValue
for the user must be the same
value as the id
, sub
, or user_id
value found in the social
identity provider token.
For SAML, the ProviderAttributeName
can be any value that matches a
claim in the SAML assertion. If you wish to link SAML users based on the
subject of the SAML assertion, you should map the subject to a claim
through the SAML identity provider and submit that claim name as the
ProviderAttributeName
. If you set ProviderAttributeName
to
Cognito_Subject
, Cognito will automatically parse the default unique
identifier found in the subject from the SAML token.
#user_pool_id ⇒ String
The user pool ID for the user pool.