Class: Aws::CognitoIdentityProvider::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::CognitoIdentityProvider::Client
- Includes:
- Aws::ClientStubs
- Defined in:
- gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb
Overview
An API client for CognitoIdentityProvider. To construct a client, you need to configure a :region
and :credentials
.
client = Aws::CognitoIdentityProvider::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the developer guide.
See #initialize for a full list of supported configuration options.
Instance Attribute Summary
Attributes inherited from Seahorse::Client::Base
API Operations collapse
-
#add_custom_attributes(params = {}) ⇒ Struct
Adds additional user attributes to the user pool schema.
-
#admin_add_user_to_group(params = {}) ⇒ Struct
Adds a user to a group.
-
#admin_confirm_sign_up(params = {}) ⇒ Struct
Confirms user sign-up as an administrator.
-
#admin_create_user(params = {}) ⇒ Types::AdminCreateUserResponse
Creates a new user in the specified user pool.
-
#admin_delete_user(params = {}) ⇒ Struct
Deletes a user profile in your user pool.
-
#admin_delete_user_attributes(params = {}) ⇒ Struct
Deletes attribute values from a user.
-
#admin_disable_provider_for_user(params = {}) ⇒ Struct
Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP).
-
#admin_disable_user(params = {}) ⇒ Struct
Deactivates a user profile and revokes all access tokens for the user.
-
#admin_enable_user(params = {}) ⇒ Struct
Activates sign-in for a user profile that previously had sign-in access disabled.
-
#admin_forget_device(params = {}) ⇒ Struct
Forgets, or deletes, a remembered device from a user's profile.
-
#admin_get_device(params = {}) ⇒ Types::AdminGetDeviceResponse
Given the device key, returns details for a user's device.
-
#admin_get_user(params = {}) ⇒ Types::AdminGetUserResponse
Given a username, returns details about a user profile in a user pool.
-
#admin_initiate_auth(params = {}) ⇒ Types::AdminInitiateAuthResponse
Starts sign-in for applications with a server-side component, for example a traditional web application.
-
#admin_link_provider_for_user(params = {}) ⇒ Struct
Links an existing user account in a user pool, or
DestinationUser
, to an identity from an external IdP, orSourceUser
, based on a specified attribute name and value from the external IdP. -
#admin_list_devices(params = {}) ⇒ Types::AdminListDevicesResponse
Lists a user's registered devices.
-
#admin_list_groups_for_user(params = {}) ⇒ Types::AdminListGroupsForUserResponse
Lists the groups that a user belongs to.
-
#admin_list_user_auth_events(params = {}) ⇒ Types::AdminListUserAuthEventsResponse
Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection.
-
#admin_remove_user_from_group(params = {}) ⇒ Struct
Given a username and a group name, removes them from the group.
-
#admin_reset_user_password(params = {}) ⇒ Struct
Resets the specified user's password in a user pool.
-
#admin_respond_to_auth_challenge(params = {}) ⇒ Types::AdminRespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
-
#admin_set_user_mfa_preference(params = {}) ⇒ Struct
Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred.
-
#admin_set_user_password(params = {}) ⇒ Struct
Sets the specified user's password in a user pool.
-
#admin_set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA.
-
#admin_update_auth_event_feedback(params = {}) ⇒ Struct
Provides the feedback for an authentication event generated by threat protection features.
-
#admin_update_device_status(params = {}) ⇒ Struct
Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication.
-
#admin_update_user_attributes(params = {}) ⇒ Struct
Updates the specified user's attributes.
-
#admin_user_global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
-
#associate_software_token(params = {}) ⇒ Types::AssociateSoftwareTokenResponse
Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response.
-
#change_password(params = {}) ⇒ Struct
Changes the password for the currently signed-in user.
-
#complete_web_authn_registration(params = {}) ⇒ Struct
Completes registration of a passkey authenticator for the currently signed-in user.
-
#confirm_device(params = {}) ⇒ Types::ConfirmDeviceResponse
Confirms a device that a user wants to remember.
-
#confirm_forgot_password(params = {}) ⇒ Struct
This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user.
-
#confirm_sign_up(params = {}) ⇒ Types::ConfirmSignUpResponse
Confirms the account of a new user.
-
#create_group(params = {}) ⇒ Types::CreateGroupResponse
Creates a new group in the specified user pool.
-
#create_identity_provider(params = {}) ⇒ Types::CreateIdentityProviderResponse
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
-
#create_managed_login_branding(params = {}) ⇒ Types::CreateManagedLoginBrandingResponse
Creates a new set of branding settings for a user pool style and associates it with an app client.
-
#create_resource_server(params = {}) ⇒ Types::CreateResourceServerResponse
Creates a new OAuth2.0 resource server and defines custom scopes within it.
-
#create_user_import_job(params = {}) ⇒ Types::CreateUserImportJobResponse
Creates a user import job.
-
#create_user_pool(params = {}) ⇒ Types::CreateUserPoolResponse
Creates a new Amazon Cognito user pool.
-
#create_user_pool_client(params = {}) ⇒ Types::CreateUserPoolClientResponse
Creates an app client in a user pool.
-
#create_user_pool_domain(params = {}) ⇒ Types::CreateUserPoolDomainResponse
A user pool domain hosts managed login, an authorization server and web server for authentication in your application.
-
#delete_group(params = {}) ⇒ Struct
Deletes a group from the specified user pool.
-
#delete_identity_provider(params = {}) ⇒ Struct
Deletes a user pool identity provider (IdP).
-
#delete_managed_login_branding(params = {}) ⇒ Struct
Deletes a managed login branding style.
-
#delete_resource_server(params = {}) ⇒ Struct
Deletes a resource server.
-
#delete_user(params = {}) ⇒ Struct
Deletes the profile of the currently signed-in user.
-
#delete_user_attributes(params = {}) ⇒ Struct
Deletes attributes from the currently signed-in user.
-
#delete_user_pool(params = {}) ⇒ Struct
Deletes a user pool.
-
#delete_user_pool_client(params = {}) ⇒ Struct
Deletes a user pool app client.
-
#delete_user_pool_domain(params = {}) ⇒ Struct
Given a user pool ID and domain identifier, deletes a user pool domain.
-
#delete_web_authn_credential(params = {}) ⇒ Struct
Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.
-
#describe_identity_provider(params = {}) ⇒ Types::DescribeIdentityProviderResponse
Given a user pool ID and identity provider (IdP) name, returns details about the IdP.
-
#describe_managed_login_branding(params = {}) ⇒ Types::DescribeManagedLoginBrandingResponse
Given the ID of a managed login branding style, returns detailed information about the style.
-
#describe_managed_login_branding_by_client(params = {}) ⇒ Types::DescribeManagedLoginBrandingByClientResponse
Given the ID of a user pool app client, returns detailed information about the style assigned to the app client.
-
#describe_resource_server(params = {}) ⇒ Types::DescribeResourceServerResponse
Describes a resource server.
-
#describe_risk_configuration(params = {}) ⇒ Types::DescribeRiskConfigurationResponse
Given an app client or user pool ID where threat protection is configured, describes the risk configuration.
-
#describe_user_import_job(params = {}) ⇒ Types::DescribeUserImportJobResponse
Describes a user import job.
-
#describe_user_pool(params = {}) ⇒ Types::DescribeUserPoolResponse
Given a user pool ID, returns configuration information.
-
#describe_user_pool_client(params = {}) ⇒ Types::DescribeUserPoolClientResponse
Given an app client ID, returns configuration information.
-
#describe_user_pool_domain(params = {}) ⇒ Types::DescribeUserPoolDomainResponse
Given a user pool domain name, returns information about the domain configuration.
-
#forget_device(params = {}) ⇒ Struct
Given a device key, deletes a remembered device as the currently signed-in user.
-
#forgot_password(params = {}) ⇒ Types::ForgotPasswordResponse
Sends a password-reset confirmation code for the currently signed-in user.
-
#get_csv_header(params = {}) ⇒ Types::GetCSVHeaderResponse
Given a user pool ID, generates a comma-separated value (CSV) list populated with available user attributes in the user pool.
-
#get_device(params = {}) ⇒ Types::GetDeviceResponse
Given a device key, returns information about a remembered device for the current user.
-
#get_group(params = {}) ⇒ Types::GetGroupResponse
Given a user pool ID and a group name, returns information about the user group.
-
#get_identity_provider_by_identifier(params = {}) ⇒ Types::GetIdentityProviderByIdentifierResponse
Given the identifier of an identity provider (IdP), for example
examplecorp
, returns information about the user pool configuration for that IdP. -
#get_log_delivery_configuration(params = {}) ⇒ Types::GetLogDeliveryConfigurationResponse
Given a user pool ID, returns the logging configuration.
-
#get_signing_certificate(params = {}) ⇒ Types::GetSigningCertificateResponse
Given a user pool ID, returns the signing certificate for SAML 2.0 federation.
-
#get_ui_customization(params = {}) ⇒ Types::GetUICustomizationResponse
Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any.
-
#get_user(params = {}) ⇒ Types::GetUserResponse
Gets user attributes and and MFA settings for the currently signed-in user.
-
#get_user_attribute_verification_code(params = {}) ⇒ Types::GetUserAttributeVerificationCodeResponse
Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.
-
#get_user_auth_factors(params = {}) ⇒ Types::GetUserAuthFactorsResponse
Lists the authentication options for the currently signed-in user.
-
#get_user_pool_mfa_config(params = {}) ⇒ Types::GetUserPoolMfaConfigResponse
Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA).
-
#global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
-
#initiate_auth(params = {}) ⇒ Types::InitiateAuthResponse
Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user directory.
-
#list_devices(params = {}) ⇒ Types::ListDevicesResponse
Lists the devices that Amazon Cognito has registered to the currently signed-in user.
-
#list_groups(params = {}) ⇒ Types::ListGroupsResponse
Given a user pool ID, returns user pool groups and their details.
-
#list_identity_providers(params = {}) ⇒ Types::ListIdentityProvidersResponse
Given a user pool ID, returns information about configured identity providers (IdPs).
-
#list_resource_servers(params = {}) ⇒ Types::ListResourceServersResponse
Given a user pool ID, returns all resource servers and their details.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are assigned to an Amazon Cognito user pool.
-
#list_user_import_jobs(params = {}) ⇒ Types::ListUserImportJobsResponse
Given a user pool ID, returns user import jobs and their details.
-
#list_user_pool_clients(params = {}) ⇒ Types::ListUserPoolClientsResponse
Given a user pool ID, lists app clients.
-
#list_user_pools(params = {}) ⇒ Types::ListUserPoolsResponse
Lists user pools and their details in the current Amazon Web Services account.
-
#list_users(params = {}) ⇒ Types::ListUsersResponse
Given a user pool ID, returns a list of users and their basic details in a user pool.
-
#list_users_in_group(params = {}) ⇒ Types::ListUsersInGroupResponse
Given a user pool ID and a group name, returns a list of users in the group.
-
#list_web_authn_credentials(params = {}) ⇒ Types::ListWebAuthnCredentialsResponse
Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials.
-
#resend_confirmation_code(params = {}) ⇒ Types::ResendConfirmationCodeResponse
Resends the code that confirms a new account for a user who has signed up in your user pool.
-
#respond_to_auth_challenge(params = {}) ⇒ Types::RespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
-
#revoke_token(params = {}) ⇒ Struct
Revokes all of the access tokens generated by, and at the same time as, the specified refresh token.
-
#set_log_delivery_configuration(params = {}) ⇒ Types::SetLogDeliveryConfigurationResponse
Sets up or modifies the logging configuration of a user pool.
-
#set_risk_configuration(params = {}) ⇒ Types::SetRiskConfigurationResponse
Configures threat protection for a user pool or app client.
-
#set_ui_customization(params = {}) ⇒ Types::SetUICustomizationResponse
Configures UI branding settings for domains with the hosted UI (classic) branding version.
-
#set_user_mfa_preference(params = {}) ⇒ Struct
Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred.
-
#set_user_pool_mfa_config(params = {}) ⇒ Types::SetUserPoolMfaConfigResponse
Sets user pool multi-factor authentication (MFA) and passkey configuration.
-
#set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA.
-
#sign_up(params = {}) ⇒ Types::SignUpResponse
Registers a user with an app client and requests a user name, password, and user attributes in the user pool.
-
#start_user_import_job(params = {}) ⇒ Types::StartUserImportJobResponse
Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes.
-
#start_web_authn_registration(params = {}) ⇒ Types::StartWebAuthnRegistrationResponse
Requests credential creation options from your user pool for the currently signed-in user.
-
#stop_user_import_job(params = {}) ⇒ Types::StopUserImportJobResponse
Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes.
-
#tag_resource(params = {}) ⇒ Struct
Assigns a set of tags to an Amazon Cognito user pool.
-
#untag_resource(params = {}) ⇒ Struct
Given tag IDs that you previously assigned to a user pool, removes them.
-
#update_auth_event_feedback(params = {}) ⇒ Struct
Provides the feedback for an authentication event generated by threat protection features.
-
#update_device_status(params = {}) ⇒ Struct
Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication.
-
#update_group(params = {}) ⇒ Types::UpdateGroupResponse
Given the name of a user pool group, updates any of the properties for precedence, IAM role, or description.
-
#update_identity_provider(params = {}) ⇒ Types::UpdateIdentityProviderResponse
Modifies the configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
-
#update_managed_login_branding(params = {}) ⇒ Types::UpdateManagedLoginBrandingResponse
Configures the branding settings for a user pool style.
-
#update_resource_server(params = {}) ⇒ Types::UpdateResourceServerResponse
Updates the name and scopes of a resource server.
-
#update_user_attributes(params = {}) ⇒ Types::UpdateUserAttributesResponse
Updates the currently signed-in user's attributes.
-
#update_user_pool(params = {}) ⇒ Struct
Updates the configuration of a user pool.
-
#update_user_pool_client(params = {}) ⇒ Types::UpdateUserPoolClientResponse
Given a user pool app client ID, updates the configuration.
-
#update_user_pool_domain(params = {}) ⇒ Types::UpdateUserPoolDomainResponse
A user pool domain hosts managed login, an authorization server and web server for authentication in your application.
-
#verify_software_token(params = {}) ⇒ Types::VerifySoftwareTokenResponse
Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool.
-
#verify_user_attribute(params = {}) ⇒ Struct
Submits a verification code for a signed-in user who has added or changed a value of an auto-verified attribute.
Instance Method Summary collapse
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
Methods included from Aws::ClientStubs
#api_requests, #stub_data, #stub_responses
Methods inherited from Seahorse::Client::Base
add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
474 475 476 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 474 def initialize(*args) super end |
Instance Method Details
#add_custom_attributes(params = {}) ⇒ Struct
Adds additional user attributes to the user pool schema. Custom
attributes can be mutable or immutable and have a custom:
or dev:
prefix. For more information, see Custom attributes.
Learn more
576 577 578 579 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 576 def add_custom_attributes(params = {}, = {}) req = build_request(:add_custom_attributes, params) req.send_request() end |
#admin_add_user_to_group(params = {}) ⇒ Struct
Adds a user to a group. A user who is in a group can present a
preferred-role claim to an identity pool, and populates a
cognito:groups
claim to their access and identity tokens.
Learn more
631 632 633 634 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 631 def admin_add_user_to_group(params = {}, = {}) req = build_request(:admin_add_user_to_group, params) req.send_request() end |
#admin_confirm_sign_up(params = {}) ⇒ Struct
Confirms user sign-up as an administrator.
This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.
Learn more
To configure your user pool to require administrative confirmation of
users, set AllowAdminCreateUserOnly
to true
in a CreateUserPool
or UpdateUserPool
request.
729 730 731 732 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 729 def admin_confirm_sign_up(params = {}, = {}) req = build_request(:admin_confirm_sign_up, params) req.send_request() end |
#admin_create_user(params = {}) ⇒ Types::AdminCreateUserResponse
Creates a new user in the specified user pool.
If MessageAction
isn't set, the default is to send a welcome
message via email or phone (SMS).
This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser
with SUPPRESS
for the
MessageAction
parameter, and Amazon Cognito won't send any email.
In either case, if the user has a password, they will be in the
FORCE_CHANGE_PASSWORD
state until they sign in and set their
password. Your invitation message template must have the {####}
password placeholder if your users have passwords. If your template
doesn't have this placeholder, Amazon Cognito doesn't deliver the
invitation message. In this case, you must update your message
template and resend the password with a new AdminCreateUser
request
with a MessageAction
value of RESEND
.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
1068 1069 1070 1071 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1068 def admin_create_user(params = {}, = {}) req = build_request(:admin_create_user, params) req.send_request() end |
#admin_delete_user(params = {}) ⇒ Struct
Deletes a user profile in your user pool.
Learn more
1116 1117 1118 1119 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1116 def admin_delete_user(params = {}, = {}) req = build_request(:admin_delete_user, params) req.send_request() end |
#admin_delete_user_attributes(params = {}) ⇒ Struct
Deletes attribute values from a user. This operation doesn't affect tokens for existing user sessions. The next ID token that the user receives will no longer have the deleted attributes.
Learn more
1174 1175 1176 1177 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1174 def admin_delete_user_attributes(params = {}, = {}) req = build_request(:admin_delete_user_attributes, params) req.send_request() end |
#admin_disable_provider_for_user(params = {}) ⇒ Struct
Prevents the user from signing in with the specified external (SAML or
social) identity provider (IdP). If the user that you want to
deactivate is a Amazon Cognito user pools native username + password
user, they can't use their password to sign in. If the user to
deactivate is a linked external IdP user, any link between that user
and an existing user is removed. When the external user signs in
again, and the user is no longer attached to the previously linked
DestinationUser
, the user must create a new user account.
The value of ProviderName
must match the name of a user pool IdP.
To deactivate a local user, set ProviderName
to Cognito
and the
ProviderAttributeName
to Cognito_Subject
. The
ProviderAttributeValue
must be user's local username.
The ProviderAttributeName
must always be Cognito_Subject
for
social IdPs. The ProviderAttributeValue
must always be the exact
subject that was used when the user was originally linked as a source
user.
For de-linking a SAML identity, there are two scenarios. If the linked
identity has not yet been used to sign in, the ProviderAttributeName
and ProviderAttributeValue
must be the same values that were used
for the SourceUser
when the identities were originally linked using
AdminLinkProviderForUser
call. This is also true if the linking was
done with ProviderAttributeName
set to Cognito_Subject
. If the
user has already signed in, the ProviderAttributeName
must be
Cognito_Subject
and ProviderAttributeValue
must be the NameID
from their SAML assertion.
Learn more
1251 1252 1253 1254 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1251 def admin_disable_provider_for_user(params = {}, = {}) req = build_request(:admin_disable_provider_for_user, params) req.send_request() end |
#admin_disable_user(params = {}) ⇒ Struct
Deactivates a user profile and revokes all access tokens for the user.
A deactivated user can't sign in, but still appears in the responses
to ListUsers
API requests.
Learn more
1301 1302 1303 1304 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1301 def admin_disable_user(params = {}, = {}) req = build_request(:admin_disable_user, params) req.send_request() end |
#admin_enable_user(params = {}) ⇒ Struct
Activates sign-in for a user profile that previously had sign-in access disabled.
Learn more
1351 1352 1353 1354 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1351 def admin_enable_user(params = {}, = {}) req = build_request(:admin_enable_user, params) req.send_request() end |
#admin_forget_device(params = {}) ⇒ Struct
Forgets, or deletes, a remembered device from a user's profile. After you forget the device, the user can no longer complete device authentication with that device and when applicable, must submit MFA codes again. For more information, see Working with devices.
Learn more
1407 1408 1409 1410 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1407 def admin_forget_device(params = {}, = {}) req = build_request(:admin_forget_device, params) req.send_request() end |
#admin_get_device(params = {}) ⇒ Types::AdminGetDeviceResponse
Given the device key, returns details for a user's device. For more information, see Working with devices.
Learn more
1473 1474 1475 1476 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1473 def admin_get_device(params = {}, = {}) req = build_request(:admin_get_device, params) req.send_request() end |
#admin_get_user(params = {}) ⇒ Types::AdminGetUserResponse
Given a username, returns details about a user profile in a user pool.
You can specify alias attributes in the Username
request parameter.
This operation contributes to your monthly active user (MAU) count for the purpose of billing.
Learn more
1553 1554 1555 1556 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1553 def admin_get_user(params = {}, = {}) req = build_request(:admin_get_user, params) req.send_request() end |
#admin_initiate_auth(params = {}) ⇒ Types::AdminInitiateAuthResponse
Starts sign-in for applications with a server-side component, for example a traditional web application. This operation specifies the authentication flow that you'd like to begin. The authentication flow that you specify must be supported in your app client configuration. For more information about authentication flows, see Authentication flows.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
1843 1844 1845 1846 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1843 def admin_initiate_auth(params = {}, = {}) req = build_request(:admin_initiate_auth, params) req.send_request() end |
#admin_link_provider_for_user(params = {}) ⇒ Struct
Links an existing user account in a user pool, or DestinationUser
,
to an identity from an external IdP, or SourceUser
, based on a
specified attribute name and value from the external IdP.
This operation connects a local user profile with a user identity who
hasn't yet signed in from their third-party IdP. When the user signs
in with their IdP, they get access-control configuration from the
local user profile. Linked local users can also sign in with SDK-based
API operations like InitiateAuth
after they sign in at least once
through their IdP. For more information, see Linking federated
users.
Because this API allows a user with an external federated identity to sign in as a local user, it is critical that it only be used with external IdPs and linked attributes that you trust.
Learn more
1964 1965 1966 1967 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1964 def admin_link_provider_for_user(params = {}, = {}) req = build_request(:admin_link_provider_for_user, params) req.send_request() end |
#admin_list_devices(params = {}) ⇒ Types::AdminListDevicesResponse
Lists a user's registered devices. Remembered devices are used in authentication services where you offer a "Remember me" option for users who you want to permit to sign in without MFA from a trusted device. Users can bypass MFA while your application performs device SRP authentication on the back end. For more information, see Working with devices.
Learn more
2047 2048 2049 2050 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2047 def admin_list_devices(params = {}, = {}) req = build_request(:admin_list_devices, params) req.send_request() end |
#admin_list_groups_for_user(params = {}) ⇒ Types::AdminListGroupsForUserResponse
Lists the groups that a user belongs to. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2130 2131 2132 2133 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2130 def admin_list_groups_for_user(params = {}, = {}) req = build_request(:admin_list_groups_for_user, params) req.send_request() end |
#admin_list_user_auth_events(params = {}) ⇒ Types::AdminListUserAuthEventsResponse
Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection. For more information, see Viewing user event history.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2225 2226 2227 2228 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2225 def admin_list_user_auth_events(params = {}, = {}) req = build_request(:admin_list_user_auth_events, params) req.send_request() end |
#admin_remove_user_from_group(params = {}) ⇒ Struct
Given a username and a group name, removes them from the group. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.
Learn more
2284 2285 2286 2287 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2284 def admin_remove_user_from_group(params = {}, = {}) req = build_request(:admin_remove_user_from_group, params) req.send_request() end |
#admin_reset_user_password(params = {}) ⇒ Struct
Resets the specified user's password in a user pool. This operation doesn't change the user's password, but sends a password-reset code.
To use this API operation, your user pool must have self-service account recovery configured.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
2398 2399 2400 2401 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2398 def admin_reset_user_password(params = {}, = {}) req = build_request(:admin_reset_user_password, params) req.send_request() end |
#admin_respond_to_auth_challenge(params = {}) ⇒ Types::AdminRespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt
for an MFA code, for device authentication that bypasses MFA, or for a
custom authentication challenge. An AdminRespondToAuthChallenge
API
request provides the answer to that challenge, like a code or a secure
remote password (SRP). The parameters of a response to an
authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
2834 2835 2836 2837 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2834 def admin_respond_to_auth_challenge(params = {}, = {}) req = build_request(:admin_respond_to_auth_challenge, params) req.send_request() end |
#admin_set_user_mfa_preference(params = {}) ⇒ Struct
Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.
Learn more
2922 2923 2924 2925 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2922 def admin_set_user_mfa_preference(params = {}, = {}) req = build_request(:admin_set_user_mfa_preference, params) req.send_request() end |
#admin_set_user_password(params = {}) ⇒ Struct
Sets the specified user's password in a user pool. This operation
administratively sets a temporary or permanent password for a user.
With this operation, you can bypass self-service password changes and
permit immediate sign-in with the password that you set. To do this,
set Permanent
to true
.
You can also set a new temporary password in this request, send it to
a user, and require them to choose a new password on their next
sign-in. To do this, set Permanent
to false
.
If the password is temporary, the user's Status
becomes
FORCE_CHANGE_PASSWORD
. When the user next tries to sign in, the
InitiateAuth
or AdminInitiateAuth
response includes the
NEW_PASSWORD_REQUIRED
challenge. If the user doesn't sign in before
the temporary password expires, they can no longer sign in and you
must repeat this operation to set a temporary or permanent password
for them.
After the user sets a new password, or if you set a permanent
password, their status becomes Confirmed
.
AdminSetUserPassword
can set a password for the user profile that
Amazon Cognito creates for third-party federated users. When you set a
password, the federated user's status changes from
EXTERNAL_PROVIDER
to CONFIRMED
. A user in this state can sign in
as a federated user, and initiate authentication flows in the API like
a linked native user. They can also modify their password and
attributes in token-authenticated API requests like ChangePassword
and UpdateUserAttributes
. As a best security practice and to keep
users in sync with your external IdP, don't set passwords on
federated user profiles. To set up a federated user for native sign-in
with a linked native user, refer to Linking federated users to an
existing user profile.
Learn more
3016 3017 3018 3019 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3016 def admin_set_user_password(params = {}, = {}) req = build_request(:admin_set_user_password, params) req.send_request() end |
#admin_set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA.
Learn more
3077 3078 3079 3080 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3077 def admin_set_user_settings(params = {}, = {}) req = build_request(:admin_set_user_settings, params) req.send_request() end |
#admin_update_auth_event_feedback(params = {}) ⇒ Struct
Provides the feedback for an authentication event generated by threat protection features. Your response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.
To train the threat-protection model to recognize trusted and untrusted sign-in characteristics, configure threat protection in audit-only mode and provide a mechanism for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree with.
Learn more
3152 3153 3154 3155 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3152 def admin_update_auth_event_feedback(params = {}, = {}) req = build_request(:admin_update_auth_event_feedback, params) req.send_request() end |
#admin_update_device_status(params = {}) ⇒ Struct
Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.
Learn more
3219 3220 3221 3222 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3219 def admin_update_device_status(params = {}, = {}) req = build_request(:admin_update_device_status, params) req.send_request() end |
#admin_update_user_attributes(params = {}) ⇒ Struct
Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must add a custom:
prefix to the
attribute name, for example custom:department
.
This operation can set a user's email address or phone number as
verified and permit immediate sign-in in user pools that require
verification of these attributes. To do this, set the email_verified
or phone_number_verified
attribute to true
.
Learn more
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
3368 3369 3370 3371 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3368 def admin_update_user_attributes(params = {}, = {}) req = build_request(:admin_update_user_attributes, params) req.send_request() end |
#admin_user_global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.
Amazon Cognito returns an
Access Token has been revoked
error when your app attempts to authorize a user pools API request with a revoked access token that contains the scopeaws.cognito.signin.user.admin
.Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with
ServerSideTokenCheck
enabled for its user pool IdP configuration in CognitoIdentityProvider.Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.
Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.
Learn more
3447 3448 3449 3450 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3447 def admin_user_global_sign_out(params = {}, = {}) req = build_request(:admin_user_global_sign_out, params) req.send_request() end |
#associate_software_token(params = {}) ⇒ Types::AssociateSoftwareTokenResponse
Begins setup of time-based one-time password (TOTP) multi-factor
authentication (MFA) for a user, with a unique private key that Amazon
Cognito generates and returns in the API response. You can authorize
an AssociateSoftwareToken
request with either the user's access
token, or a session string from a challenge response that you received
from Amazon Cognito.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3509 3510 3511 3512 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3509 def associate_software_token(params = {}, = {}) req = build_request(:associate_software_token, params) req.send_request() end |
#change_password(params = {}) ⇒ Struct
Changes the password for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3559 3560 3561 3562 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3559 def change_password(params = {}, = {}) req = build_request(:change_password, params) req.send_request() end |
#complete_web_authn_registration(params = {}) ⇒ Struct
Completes registration of a passkey authenticator for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3602 3603 3604 3605 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3602 def complete_web_authn_registration(params = {}, = {}) req = build_request(:complete_web_authn_registration, params) req.send_request() end |
#confirm_device(params = {}) ⇒ Types::ConfirmDeviceResponse
Confirms a device that a user wants to remember. A remembered device is a "Remember me on this device" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3670 3671 3672 3673 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3670 def confirm_device(params = {}, = {}) req = build_request(:confirm_device, params) req.send_request() end |
#confirm_forgot_password(params = {}) ⇒ Struct
This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user.
3803 3804 3805 3806 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3803 def confirm_forgot_password(params = {}, = {}) req = build_request(:confirm_forgot_password, params) req.send_request() end |
#confirm_sign_up(params = {}) ⇒ Types::ConfirmSignUpResponse
Confirms the account of a new user. This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.
Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP.
3974 3975 3976 3977 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3974 def confirm_sign_up(params = {}, = {}) req = build_request(:confirm_sign_up, params) req.send_request() end |
#create_group(params = {}) ⇒ Types::CreateGroupResponse
Creates a new group in the specified user pool. For more information about user pool groups, see Adding groups to a user pool.
Learn more
4067 4068 4069 4070 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4067 def create_group(params = {}, = {}) req = build_request(:create_group, params) req.send_request() end |
#create_identity_provider(params = {}) ⇒ Types::CreateIdentityProviderResponse
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.
Learn more
4288 4289 4290 4291 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4288 def create_identity_provider(params = {}, = {}) req = build_request(:create_identity_provider, params) req.send_request() end |
#create_managed_login_branding(params = {}) ⇒ Types::CreateManagedLoginBrandingResponse
Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer.
Provides values for UI customization in a Settings
JSON object and
image files in an Assets
array. To send the JSON object Document
type parameter in Settings
, you might need to update to the most
recent version of your Amazon Web Services SDK. To create a new style
with default settings, set UseCognitoProvidedValues
to true
and
don't provide values for any other options.
This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.
Learn more
4400 4401 4402 4403 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4400 def create_managed_login_branding(params = {}, = {}) req = build_request(:create_managed_login_branding, params) req.send_request() end |
#create_resource_server(params = {}) ⇒ Types::CreateResourceServerResponse
Creates a new OAuth2.0 resource server and defines custom scopes within it. Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.
Learn more
4482 4483 4484 4485 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4482 def create_resource_server(params = {}, = {}) req = build_request(:create_resource_server, params) req.send_request() end |
#create_user_import_job(params = {}) ⇒ Types::CreateUserImportJobResponse
Creates a user import job. You can import users into user pools from a comma-separated values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services bill.
Learn more
4552 4553 4554 4555 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4552 def create_user_import_job(params = {}, = {}) req = build_request(:create_user_import_job, params) req.send_request() end |
#create_user_pool(params = {}) ⇒ Types::CreateUserPoolResponse
Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration options.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
5508 5509 5510 5511 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 5508 def create_user_pool(params = {}, = {}) req = build_request(:create_user_pool, params) req.send_request() end |
#create_user_pool_client(params = {}) ⇒ Types::CreateUserPoolClientResponse
Creates an app client in a user pool. This operation sets basic and advanced configuration options.
Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Learn more
6108 6109 6110 6111 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6108 def create_user_pool_client(params = {}, = {}) req = build_request(:create_user_pool_client, params) req.send_request() end |
#create_user_pool_domain(params = {}) ⇒ Types::CreateUserPoolDomainResponse
A user pool domain hosts managed login, an authorization server and
web server for authentication in your application. This operation
creates a new user pool prefix domain or custom domain and sets the
managed login branding version. Set the branding version to 1
for
hosted UI (classic) or 2
for managed login. When you choose a custom
domain, you must provide an SSL certificate in the US East (N.
Virginia) Amazon Web Services Region in your request.
Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.
For more information about adding a custom domain to your user pool, see Configuring a user pool domain.
Learn more
6213 6214 6215 6216 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6213 def create_user_pool_domain(params = {}, = {}) req = build_request(:create_user_pool_domain, params) req.send_request() end |
#delete_group(params = {}) ⇒ Struct
Deletes a group from the specified user pool. When you delete a group,
that group no longer contributes to users' cognito:preferred_group
or cognito:groups
claims, and no longer influence access-control
decision that are based on group membership. For more information
about user pool groups, see Adding groups to a user pool.
Learn more
6262 6263 6264 6265 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6262 def delete_group(params = {}, = {}) req = build_request(:delete_group, params) req.send_request() end |
#delete_identity_provider(params = {}) ⇒ Struct
Deletes a user pool identity provider (IdP). After you delete an IdP, users can no longer sign in to your user pool through that IdP. For more information about user pool IdPs, see Third-party IdP sign-in.
Learn more
6311 6312 6313 6314 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6311 def delete_identity_provider(params = {}, = {}) req = build_request(:delete_identity_provider, params) req.send_request() end |
#delete_managed_login_branding(params = {}) ⇒ Struct
Deletes a managed login branding style. When you delete a style, you delete the branding association for an app client. When an app client doesn't have a style assigned, your managed login pages for that app client are nonfunctional until you create a new style or switch the domain branding version.
Learn more
6360 6361 6362 6363 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6360 def delete_managed_login_branding(params = {}, = {}) req = build_request(:delete_managed_login_branding, params) req.send_request() end |
#delete_resource_server(params = {}) ⇒ Struct
Deletes a resource server. After you delete a resource server, users can no longer generate access tokens with scopes that are associate with that resource server.
Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.
Learn more
6411 6412 6413 6414 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6411 def delete_resource_server(params = {}, = {}) req = build_request(:delete_resource_server, params) req.send_request() end |
#delete_user(params = {}) ⇒ Struct
Deletes the profile of the currently signed-in user. A deleted user profile can no longer be used to sign in and can't be restored.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6452 6453 6454 6455 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6452 def delete_user(params = {}, = {}) req = build_request(:delete_user, params) req.send_request() end |
#delete_user_attributes(params = {}) ⇒ Struct
Deletes attributes from the currently signed-in user. For example,
your application can submit a request to this operation when a user
wants to remove their birthdate
attribute value.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6502 6503 6504 6505 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6502 def delete_user_attributes(params = {}, = {}) req = build_request(:delete_user_attributes, params) req.send_request() end |
#delete_user_pool(params = {}) ⇒ Struct
Deletes a user pool. After you delete a user pool, users can no longer sign in to any associated applications.
When you delete a user pool, it's no longer visible or operational in your Amazon Web Services account. Amazon Cognito retains deleted user pools in an inactive state for 14 days, then begins a cleanup process that fully removes them from Amazon Web Services systems. In case of accidental deletion, contact Amazon Web ServicesSupport within 14 days for restoration assistance.
Amazon Cognito begins full deletion of all resources from deleted user pools after 14 days. In the case of large user pools, the cleanup process might take significant additional time before all user data is permanently deleted.
6537 6538 6539 6540 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6537 def delete_user_pool(params = {}, = {}) req = build_request(:delete_user_pool, params) req.send_request() end |
#delete_user_pool_client(params = {}) ⇒ Struct
Deletes a user pool app client. After you delete an app client, users can no longer sign in to the associated application.
6564 6565 6566 6567 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6564 def delete_user_pool_client(params = {}, = {}) req = build_request(:delete_user_pool_client, params) req.send_request() end |
#delete_user_pool_domain(params = {}) ⇒ Struct
Given a user pool ID and domain identifier, deletes a user pool domain. After you delete a user pool domain, your managed login pages and authorization server are no longer available.
6594 6595 6596 6597 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6594 def delete_user_pool_domain(params = {}, = {}) req = build_request(:delete_user_pool_domain, params) req.send_request() end |
#delete_web_authn_credential(params = {}) ⇒ Struct
Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6639 6640 6641 6642 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6639 def delete_web_authn_credential(params = {}, = {}) req = build_request(:delete_web_authn_credential, params) req.send_request() end |
#describe_identity_provider(params = {}) ⇒ Types::DescribeIdentityProviderResponse
Given a user pool ID and identity provider (IdP) name, returns details about the IdP.
6682 6683 6684 6685 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6682 def describe_identity_provider(params = {}, = {}) req = build_request(:describe_identity_provider, params) req.send_request() end |
#describe_managed_login_branding(params = {}) ⇒ Types::DescribeManagedLoginBrandingResponse
Given the ID of a managed login branding style, returns detailed information about the style.
6734 6735 6736 6737 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6734 def describe_managed_login_branding(params = {}, = {}) req = build_request(:describe_managed_login_branding, params) req.send_request() end |
#describe_managed_login_branding_by_client(params = {}) ⇒ Types::DescribeManagedLoginBrandingByClientResponse
Given the ID of a user pool app client, returns detailed information about the style assigned to the app client.
6786 6787 6788 6789 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6786 def describe_managed_login_branding_by_client(params = {}, = {}) req = build_request(:describe_managed_login_branding_by_client, params) req.send_request() end |
#describe_resource_server(params = {}) ⇒ Types::DescribeResourceServerResponse
Describes a resource server. For more information about resource servers, see Access control with resource servers.
6835 6836 6837 6838 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6835 def describe_resource_server(params = {}, = {}) req = build_request(:describe_resource_server, params) req.send_request() end |
#describe_risk_configuration(params = {}) ⇒ Types::DescribeRiskConfigurationResponse
Given an app client or user pool ID where threat protection is configured, describes the risk configuration. This operation returns details about adaptive authentication, compromised credentials, and IP-address allow- and denylists. For more information about threat protection, see Threat protection.
6910 6911 6912 6913 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6910 def describe_risk_configuration(params = {}, = {}) req = build_request(:describe_risk_configuration, params) req.send_request() end |
#describe_user_import_job(params = {}) ⇒ Types::DescribeUserImportJobResponse
Describes a user import job. For more information about user CSV import, see Importing users from a CSV file.
6959 6960 6961 6962 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6959 def describe_user_import_job(params = {}, = {}) req = build_request(:describe_user_import_job, params) req.send_request() end |
#describe_user_pool(params = {}) ⇒ Types::DescribeUserPoolResponse
Given a user pool ID, returns configuration information. This operation is useful when you want to inspect an existing user pool and programmatically replicate the configuration to another user pool.
Learn more
7097 7098 7099 7100 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7097 def describe_user_pool(params = {}, = {}) req = build_request(:describe_user_pool, params) req.send_request() end |
#describe_user_pool_client(params = {}) ⇒ Types::DescribeUserPoolClientResponse
Given an app client ID, returns configuration information. This operation is useful when you want to inspect an existing app client and programmatically replicate the configuration to another app client. For more information about app clients, see App clients.
Learn more
7190 7191 7192 7193 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7190 def describe_user_pool_client(params = {}, = {}) req = build_request(:describe_user_pool_client, params) req.send_request() end |
#describe_user_pool_domain(params = {}) ⇒ Types::DescribeUserPoolDomainResponse
Given a user pool domain name, returns information about the domain configuration.
Learn more
7247 7248 7249 7250 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7247 def describe_user_pool_domain(params = {}, = {}) req = build_request(:describe_user_pool_domain, params) req.send_request() end |
#forget_device(params = {}) ⇒ Struct
Given a device key, deletes a remembered device as the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
7295 7296 7297 7298 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7295 def forget_device(params = {}, = {}) req = build_request(:forget_device, params) req.send_request() end |
#forgot_password(params = {}) ⇒ Types::ForgotPasswordResponse
Sends a password-reset confirmation code for the currently signed-in user.
For the Username
parameter, you can use the username or user alias.
If neither a verified phone number nor a verified email exists, Amazon
Cognito responds with an InvalidParameterException
error . If your
app client has a client secret and you don't provide a SECRET_HASH
parameter, this API returns NotAuthorizedException
.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
7455 7456 7457 7458 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7455 def forgot_password(params = {}, = {}) req = build_request(:forgot_password, params) req.send_request() end |
#get_csv_header(params = {}) ⇒ Types::GetCSVHeaderResponse
Given a user pool ID, generates a comma-separated value (CSV) list
populated with available user attributes in the user pool. This list
is the header for the CSV file that determines the users in a user
import job. Save the content of CSVHeader
in the response as a
.csv
file and populate it with the usernames and attributes of users
that you want to import. For more information about CSV user import,
see Importing users from a CSV file.
Learn more
7511 7512 7513 7514 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7511 def get_csv_header(params = {}, = {}) req = build_request(:get_csv_header, params) req.send_request() end |
#get_device(params = {}) ⇒ Types::GetDeviceResponse
Given a device key, returns information about a remembered device for the current user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
7570 7571 7572 7573 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7570 def get_device(params = {}, = {}) req = build_request(:get_device, params) req.send_request() end |
#get_group(params = {}) ⇒ Types::GetGroupResponse
Given a user pool ID and a group name, returns information about the user group.
For more information about user pool groups, see Adding groups to a user pool.
Learn more
7632 7633 7634 7635 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7632 def get_group(params = {}, = {}) req = build_request(:get_group, params) req.send_request() end |
#get_identity_provider_by_identifier(params = {}) ⇒ Types::GetIdentityProviderByIdentifierResponse
Given the identifier of an identity provider (IdP), for example
examplecorp
, returns information about the user pool configuration
for that IdP. For more information about IdPs, see Third-party IdP
sign-in.
7685 7686 7687 7688 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7685 def get_identity_provider_by_identifier(params = {}, = {}) req = build_request(:get_identity_provider_by_identifier, params) req.send_request() end |
#get_log_delivery_configuration(params = {}) ⇒ Types::GetLogDeliveryConfigurationResponse
Given a user pool ID, returns the logging configuration. User pools can export message-delivery error and threat-protection activity logs to external Amazon Web Services services. For more information, see Exporting user pool logs.
Learn more
7742 7743 7744 7745 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7742 def get_log_delivery_configuration(params = {}, = {}) req = build_request(:get_log_delivery_configuration, params) req.send_request() end |
#get_signing_certificate(params = {}) ⇒ Types::GetSigningCertificateResponse
Given a user pool ID, returns the signing certificate for SAML 2.0 federation.
Issued certificates are valid for 10 years from the date of issue.
Amazon Cognito issues and assigns a new signing certificate annually.
This renewal process returns a new value in the response to
GetSigningCertificate
, but doesn't invalidate the original
certificate.
For more information, see Signing SAML requests.
Learn more
7799 7800 7801 7802 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7799 def get_signing_certificate(params = {}, = {}) req = build_request(:get_signing_certificate, params) req.send_request() end |
#get_ui_customization(params = {}) ⇒ Types::GetUICustomizationResponse
Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any. Returns user-pool level branding information if no app client branding is applied, or if you don't specify an app client ID. Returns an empty object if you haven't applied hosted UI branding to either the client or the user pool. For more information, see Hosted UI (classic) branding.
7846 7847 7848 7849 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7846 def get_ui_customization(params = {}, = {}) req = build_request(:get_ui_customization, params) req.send_request() end |
#get_user(params = {}) ⇒ Types::GetUserResponse
Gets user attributes and and MFA settings for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
7906 7907 7908 7909 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7906 def get_user(params = {}, = {}) req = build_request(:get_user, params) req.send_request() end |
#get_user_attribute_verification_code(params = {}) ⇒ Types::GetUserAttributeVerificationCodeResponse
Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
8023 8024 8025 8026 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8023 def get_user_attribute_verification_code(params = {}, = {}) req = build_request(:get_user_attribute_verification_code, params) req.send_request() end |
#get_user_auth_factors(params = {}) ⇒ Types::GetUserAuthFactorsResponse
Lists the authentication options for the currently signed-in user. Returns the following:
The user's multi-factor authentication (MFA) preferences.
The user's options for choice-based authentication with the
USER_AUTH
flow.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
8083 8084 8085 8086 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8083 def get_user_auth_factors(params = {}, = {}) req = build_request(:get_user_auth_factors, params) req.send_request() end |
#get_user_pool_mfa_config(params = {}) ⇒ Types::GetUserPoolMfaConfigResponse
Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA). This operation describes the following:
The WebAuthn relying party (RP) ID and user-verification settings.
The required, optional, or disabled state of MFA for all user pool users.
The message templates for email and SMS MFA.
The enabled or disabled state of time-based one-time password (TOTP) MFA.
Learn more
8155 8156 8157 8158 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8155 def get_user_pool_mfa_config(params = {}, = {}) req = build_request(:get_user_pool_mfa_config, params) req.send_request() end |
#global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.
Amazon Cognito returns an
Access Token has been revoked
error when your app attempts to authorize a user pools API request with a revoked access token that contains the scopeaws.cognito.signin.user.admin
.Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with
ServerSideTokenCheck
enabled for its user pool IdP configuration in CognitoIdentityProvider.Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.
Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
8225 8226 8227 8228 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8225 def global_sign_out(params = {}, = {}) req = build_request(:global_sign_out, params) req.send_request() end |
#initiate_auth(params = {}) ⇒ Types::InitiateAuthResponse
Declares an authentication flow and initiates sign-in for a user in
the Amazon Cognito user directory. Amazon Cognito might respond with
an additional challenge or an AuthenticationResult
that contains the
outcome of a successful authentication. You can't sign in a user with
a federated IdP with InitiateAuth
. For more information, see
Authentication.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
8542 8543 8544 8545 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8542 def initiate_auth(params = {}, = {}) req = build_request(:initiate_auth, params) req.send_request() end |
#list_devices(params = {}) ⇒ Types::ListDevicesResponse
Lists the devices that Amazon Cognito has registered to the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
8614 8615 8616 8617 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8614 def list_devices(params = {}, = {}) req = build_request(:list_devices, params) req.send_request() end |
#list_groups(params = {}) ⇒ Types::ListGroupsResponse
Given a user pool ID, returns user pool groups and their details.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8685 8686 8687 8688 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8685 def list_groups(params = {}, = {}) req = build_request(:list_groups, params) req.send_request() end |
#list_identity_providers(params = {}) ⇒ Types::ListIdentityProvidersResponse
Given a user pool ID, returns information about configured identity providers (IdPs). For more information about IdPs, see Third-party IdP sign-in.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8756 8757 8758 8759 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8756 def list_identity_providers(params = {}, = {}) req = build_request(:list_identity_providers, params) req.send_request() end |
#list_resource_servers(params = {}) ⇒ Types::ListResourceServersResponse
Given a user pool ID, returns all resource servers and their details. For more information about resource servers, see Access control with resource servers.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8829 8830 8831 8832 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8829 def list_resource_servers(params = {}, = {}) req = build_request(:list_resource_servers, params) req.send_request() end |
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are assigned to an Amazon Cognito user pool. For more information, see Tagging resources.
8864 8865 8866 8867 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8864 def (params = {}, = {}) req = build_request(:list_tags_for_resource, params) req.send_request() end |
#list_user_import_jobs(params = {}) ⇒ Types::ListUserImportJobsResponse
Given a user pool ID, returns user import jobs and their details. Import jobs are retained in user pool configuration so that you can stage, stop, start, review, and delete them. For more information about user import, see Importing users from a CSV file.
Learn more
8943 8944 8945 8946 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8943 def list_user_import_jobs(params = {}, = {}) req = build_request(:list_user_import_jobs, params) req.send_request() end |
#list_user_pool_clients(params = {}) ⇒ Types::ListUserPoolClientsResponse
Given a user pool ID, lists app clients. App clients are sets of rules for the access that you want a user pool to grant to one application. For more information, see App clients.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
9013 9014 9015 9016 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9013 def list_user_pool_clients(params = {}, = {}) req = build_request(:list_user_pool_clients, params) req.send_request() end |
#list_user_pools(params = {}) ⇒ Types::ListUserPoolsResponse
Lists user pools and their details in the current Amazon Web Services account.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
9096 9097 9098 9099 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9096 def list_user_pools(params = {}, = {}) req = build_request(:list_user_pools, params) req.send_request() end |
#list_users(params = {}) ⇒ Types::ListUsersResponse
Given a user pool ID, returns a list of users and their basic details in a user pool.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
9331 9332 9333 9334 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9331 def list_users(params = {}, = {}) req = build_request(:list_users, params) req.send_request() end |
#list_users_in_group(params = {}) ⇒ Types::ListUsersInGroupResponse
Given a user pool ID and a group name, returns a list of users in the group. For more information about user pool groups, see Adding groups to a user pool.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
9414 9415 9416 9417 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9414 def list_users_in_group(params = {}, = {}) req = build_request(:list_users_in_group, params) req.send_request() end |
#list_web_authn_credentials(params = {}) ⇒ Types::ListWebAuthnCredentialsResponse
Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
9484 9485 9486 9487 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9484 def list_web_authn_credentials(params = {}, = {}) req = build_request(:list_web_authn_credentials, params) req.send_request() end |
#resend_confirmation_code(params = {}) ⇒ Types::ResendConfirmationCodeResponse
Resends the code that confirms a new account for a user who has signed
up in your user pool. Amazon Cognito sends confirmation codes to the
user attribute in the AutoVerifiedAttributes
property of your user
pool. When you prompt new users for the confirmation code, include a
"Resend code" option that generates a call to this API operation.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
9639 9640 9641 9642 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9639 def resend_confirmation_code(params = {}, = {}) req = build_request(:resend_confirmation_code, params) req.send_request() end |
#respond_to_auth_challenge(params = {}) ⇒ Types::RespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt
for an MFA code, for device authentication that bypasses MFA, or for a
custom authentication challenge. A RespondToAuthChallenge
API
request provides the answer to that challenge, like a code or a secure
remote password (SRP). The parameters of a response to an
authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
10046 10047 10048 10049 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10046 def respond_to_auth_challenge(params = {}, = {}) req = build_request(:respond_to_auth_challenge, params) req.send_request() end |
#revoke_token(params = {}) ⇒ Struct
Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.
10094 10095 10096 10097 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10094 def revoke_token(params = {}, = {}) req = build_request(:revoke_token, params) req.send_request() end |
#set_log_delivery_configuration(params = {}) ⇒ Types::SetLogDeliveryConfigurationResponse
Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs.
10153 10154 10155 10156 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10153 def set_log_delivery_configuration(params = {}, = {}) req = build_request(:set_log_delivery_configuration, params) req.send_request() end |
#set_risk_configuration(params = {}) ⇒ Types::SetRiskConfigurationResponse
Configures threat protection for a user pool or app client. Sets configuration for the following.
Responses to risks with adaptive authentication
Responses to vulnerable passwords with compromised-credentials detection
Notifications to users who have had risky activity detected
IP-address denylist and allowlist
To set the risk configuration for the user pool to defaults, send this
request with only the UserPoolId
parameter. To reset the threat
protection settings of an app client to be inherited from the user
pool, send UserPoolId
and ClientId
parameters only. To change
threat protection to audit-only or off, update the value of
UserPoolAddOns
in an UpdateUserPool
request. To activate this
setting, your user pool must be on the Plus tier.
10306 10307 10308 10309 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10306 def set_risk_configuration(params = {}, = {}) req = build_request(:set_risk_configuration, params) req.send_request() end |
#set_ui_customization(params = {}) ⇒ Types::SetUICustomizationResponse
Configures UI branding settings for domains with the hosted UI (classic) branding version. Your user pool must have a domain. Configure a domain with .
Set the default configuration for all clients with a ClientId
of
ALL
. When the ClientId
value is an app client ID, the settings you
pass in this request apply to that app client and override the default
ALL
configuration.
Learn more
10385 10386 10387 10388 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10385 def set_ui_customization(params = {}, = {}) req = build_request(:set_ui_customization, params) req.send_request() end |
#set_user_mfa_preference(params = {}) ⇒ Struct
Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
10468 10469 10470 10471 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10468 def set_user_mfa_preference(params = {}, = {}) req = build_request(:set_user_mfa_preference, params) req.send_request() end |
#set_user_pool_mfa_config(params = {}) ⇒ Types::SetUserPoolMfaConfigResponse
Sets user pool multi-factor authentication (MFA) and passkey configuration. For more information about user pool MFA, see Adding MFA. For more information about WebAuthn passkeys see Authentication flows.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
10596 10597 10598 10599 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10596 def set_user_pool_mfa_config(params = {}, = {}) req = build_request(:set_user_pool_mfa_config, params) req.send_request() end |
#set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token or email MFA.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
10648 10649 10650 10651 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10648 def set_user_settings(params = {}, = {}) req = build_request(:set_user_settings, params) req.send_request() end |
#sign_up(params = {}) ⇒ Types::SignUpResponse
Registers a user with an app client and requests a user name, password, and user attributes in the user pool.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
You might receive a LimitExceeded
exception in response to this
request if you have exceeded a rate quota for email or SMS messages,
and if your user pool automatically verifies email addresses or phone
numbers. When you get this exception in the response, the user is
successfully created and is in an UNCONFIRMED
state.
10860 10861 10862 10863 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10860 def sign_up(params = {}, = {}) req = build_request(:sign_up, params) req.send_request() end |
#start_user_import_job(params = {}) ⇒ Types::StartUserImportJobResponse
Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file.
10911 10912 10913 10914 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10911 def start_user_import_job(params = {}, = {}) req = build_request(:start_user_import_job, params) req.send_request() end |
#start_web_authn_registration(params = {}) ⇒ Types::StartWebAuthnRegistrationResponse
Requests credential creation options from your user pool for the currently signed-in user. Returns information about the user pool, the user profile, and authentication requirements. Users must provide this information in their request to enroll your application with their passkey provider.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
10948 10949 10950 10951 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10948 def start_web_authn_registration(params = {}, = {}) req = build_request(:start_web_authn_registration, params) req.send_request() end |
#stop_user_import_job(params = {}) ⇒ Types::StopUserImportJobResponse
Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file.
10999 11000 11001 11002 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10999 def stop_user_import_job(params = {}, = {}) req = build_request(:stop_user_import_job, params) req.send_request() end |
#tag_resource(params = {}) ⇒ Struct
Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
Each tag consists of a key and value, both of which you define. A key
is a general category for more specific values. For example, if you
have two versions of a user pool, one for testing and another for
production, you might assign an Environment
tag key to both user
pools. The value of this key might be Test
for one user pool, and
Production
for the other.
Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an Identity and Access Management policy, you can constrain permissions for user pools based on specific tags or tag values.
You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.
11046 11047 11048 11049 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11046 def tag_resource(params = {}, = {}) req = build_request(:tag_resource, params) req.send_request() end |
#untag_resource(params = {}) ⇒ Struct
Given tag IDs that you previously assigned to a user pool, removes them.
11074 11075 11076 11077 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11074 def untag_resource(params = {}, = {}) req = build_request(:untag_resource, params) req.send_request() end |
#update_auth_event_feedback(params = {}) ⇒ Struct
Provides the feedback for an authentication event generated by threat protection features. The user's response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.
This operation requires a FeedbackToken
that Amazon Cognito
generates and adds to notification emails when users have potentially
suspicious authentication events. Users invoke this operation when
they select the link that corresponds to {one-click-link-valid}
or
{one-click-link-invalid}
in your notification template. Because
FeedbackToken
is a required parameter, you can' make requests to
UpdateAuthEventFeedback
without the contents of the notification
email message.
11153 11154 11155 11156 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11153 def update_auth_event_feedback(params = {}, = {}) req = build_request(:update_auth_event_feedback, params) req.send_request() end |
#update_device_status(params = {}) ⇒ Struct
Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
11211 11212 11213 11214 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11211 def update_device_status(params = {}, = {}) req = build_request(:update_device_status, params) req.send_request() end |
#update_group(params = {}) ⇒ Types::UpdateGroupResponse
Given the name of a user pool group, updates any of the properties for precedence, IAM role, or description. For more information about user pool groups, see Adding groups to a user pool.
Learn more
11302 11303 11304 11305 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11302 def update_group(params = {}, = {}) req = build_request(:update_group, params) req.send_request() end |
#update_identity_provider(params = {}) ⇒ Types::UpdateIdentityProviderResponse
Modifies the configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.
Learn more
11517 11518 11519 11520 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11517 def update_identity_provider(params = {}, = {}) req = build_request(:update_identity_provider, params) req.send_request() end |
#update_managed_login_branding(params = {}) ⇒ Types::UpdateManagedLoginBrandingResponse
Configures the branding settings for a user pool style. This operation is the programmatic option for the configuration of a style in the branding designer.
Provides values for UI customization in a Settings
JSON object and
image files in an Assets
array.
This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.
Learn more
11625 11626 11627 11628 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11625 def update_managed_login_branding(params = {}, = {}) req = build_request(:update_managed_login_branding, params) req.send_request() end |
#update_resource_server(params = {}) ⇒ Types::UpdateResourceServerResponse
Updates the name and scopes of a resource server. All other fields are read-only. For more information about resource servers, see Access control with resource servers.
If you don't provide a value for an attribute, it is set to the default value.
Learn more
11708 11709 11710 11711 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11708 def update_resource_server(params = {}, = {}) req = build_request(:update_resource_server, params) req.send_request() end |
#update_user_attributes(params = {}) ⇒ Types::UpdateUserAttributesResponse
Updates the currently signed-in user's attributes. To delete an attribute from the user, submit the attribute in your API request with a blank value.
For custom attributes, you must add a custom:
prefix to the
attribute name, for example custom:department
.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
11843 11844 11845 11846 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11843 def update_user_attributes(params = {}, = {}) req = build_request(:update_user_attributes, params) req.send_request() end |
#update_user_pool(params = {}) ⇒ Struct
Updates the configuration of a user pool. To avoid setting parameters to Amazon Cognito defaults, construct this API request to pass the existing configuration of your user pool, modified to include the changes that you want to make.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
12182 12183 12184 12185 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 12182 def update_user_pool(params = {}, = {}) req = build_request(:update_user_pool, params) req.send_request() end |
#update_user_pool_client(params = {}) ⇒ Types::UpdateUserPoolClientResponse
Given a user pool app client ID, updates the configuration. To avoid setting parameters to Amazon Cognito defaults, construct this API request to pass the existing configuration of your app client, modified to include the changes that you want to make.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.
Learn more
12645 12646 12647 12648 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 12645 def update_user_pool_client(params = {}, = {}) req = build_request(:update_user_pool_client, params) req.send_request() end |
#update_user_pool_domain(params = {}) ⇒ Types::UpdateUserPoolDomainResponse
A user pool domain hosts managed login, an authorization server and
web server for authentication in your application. This operation
updates the branding version for user pool domains between 1
for
hosted UI (classic) and 2
for managed login. It also updates the SSL
certificate for user pool custom domains.
Changes to the domain branding version take up to one minute to take effect for a prefix domain and up to five minutes for a custom domain.
This operation doesn't change the name of your user pool domain. To
change your domain, delete it with DeleteUserPoolDomain
and create a
new domain with CreateUserPoolDomain
.
You can pass the ARN of a new Certificate Manager certificate in this request. Typically, ACM certificates automatically renew and you user pool can continue to use the same ARN. But if you generate a new certificate for your custom domain name, replace the original configuration with the new ARN in this request.
ACM certificates for custom domains must be in the US East (N. Virginia) Amazon Web Services Region. After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.
For more information about adding a custom domain to your user pool, see Configuring a user pool domain.
Learn more
12753 12754 12755 12756 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 12753 def update_user_pool_domain(params = {}, = {}) req = build_request(:update_user_pool_domain, params) req.send_request() end |
#verify_software_token(params = {}) ⇒ Types::VerifySoftwareTokenResponse
Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool. Marks the user's software token MFA status as "verified" if successful. The request takes an access token or a session string, but not both.
12814 12815 12816 12817 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 12814 def verify_software_token(params = {}, = {}) req = build_request(:verify_software_token, params) req.send_request() end |
#verify_user_attribute(params = {}) ⇒ Struct
Submits a verification code for a signed-in user who has added or
changed a value of an auto-verified attribute. When successful, the
user's attribute becomes verified and the attribute email_verified
or phone_number_verified
becomes true
.
If your user pool requires verification before Amazon Cognito updates the attribute value, this operation updates the affected attribute to its pending value.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
12870 12871 12872 12873 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 12870 def verify_user_attribute(params = {}, = {}) req = build_request(:verify_user_attribute, params) req.send_request() end |