Class: Aws::CognitoIdentityProvider::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::CognitoIdentityProvider::Client
- Includes:
- Aws::ClientStubs
- Defined in:
- gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb
Overview
An API client for CognitoIdentityProvider. To construct a client, you need to configure a :region
and :credentials
.
client = Aws::CognitoIdentityProvider::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the developer guide.
See #initialize for a full list of supported configuration options.
Instance Attribute Summary
Attributes inherited from Seahorse::Client::Base
API Operations collapse
-
#add_custom_attributes(params = {}) ⇒ Struct
Adds additional user attributes to the user pool schema.
-
#admin_add_user_to_group(params = {}) ⇒ Struct
Adds a user to a group.
-
#admin_confirm_sign_up(params = {}) ⇒ Struct
Confirms user sign-up as an administrator.
-
#admin_create_user(params = {}) ⇒ Types::AdminCreateUserResponse
Creates a new user in the specified user pool.
-
#admin_delete_user(params = {}) ⇒ Struct
Deletes a user profile in your user pool.
-
#admin_delete_user_attributes(params = {}) ⇒ Struct
Deletes attribute values from a user.
-
#admin_disable_provider_for_user(params = {}) ⇒ Struct
Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP).
-
#admin_disable_user(params = {}) ⇒ Struct
Deactivates a user profile and revokes all access tokens for the user.
-
#admin_enable_user(params = {}) ⇒ Struct
Activate sign-in for a user profile that previously had sign-in access disabled.
-
#admin_forget_device(params = {}) ⇒ Struct
Forgets, or deletes, a remembered device from a user's profile.
-
#admin_get_device(params = {}) ⇒ Types::AdminGetDeviceResponse
Given the device key, returns details for a user' device.
-
#admin_get_user(params = {}) ⇒ Types::AdminGetUserResponse
Given the username, returns details about a user profile in a user pool.
-
#admin_initiate_auth(params = {}) ⇒ Types::AdminInitiateAuthResponse
Starts sign-in for applications with a server-side component, for example a traditional web application.
-
#admin_link_provider_for_user(params = {}) ⇒ Struct
Links an existing user account in a user pool (
DestinationUser
) to an identity from an external IdP (SourceUser
) based on a specified attribute name and value from the external IdP. -
#admin_list_devices(params = {}) ⇒ Types::AdminListDevicesResponse
Lists a user's registered devices.
-
#admin_list_groups_for_user(params = {}) ⇒ Types::AdminListGroupsForUserResponse
Lists the groups that a user belongs to.
-
#admin_list_user_auth_events(params = {}) ⇒ Types::AdminListUserAuthEventsResponse
Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection.
-
#admin_remove_user_from_group(params = {}) ⇒ Struct
Given a username and a group name.
-
#admin_reset_user_password(params = {}) ⇒ Struct
Resets the specified user's password in a user pool.
-
#admin_respond_to_auth_challenge(params = {}) ⇒ Types::AdminRespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
-
#admin_set_user_mfa_preference(params = {}) ⇒ Struct
Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred.
-
#admin_set_user_password(params = {}) ⇒ Struct
Sets the specified user's password in a user pool.
-
#admin_set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA.
-
#admin_update_auth_event_feedback(params = {}) ⇒ Struct
Provides feedback for an authentication event indicating if it was from a valid user.
-
#admin_update_device_status(params = {}) ⇒ Struct
Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication.
-
#admin_update_user_attributes(params = {}) ⇒ Struct
This action might generate an SMS text message. -
#admin_user_global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
-
#associate_software_token(params = {}) ⇒ Types::AssociateSoftwareTokenResponse
Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response.
-
#change_password(params = {}) ⇒ Struct
Changes the password for a specified user in a user pool.
-
#complete_web_authn_registration(params = {}) ⇒ Struct
Completes registration of a passkey authenticator for the current user.
-
#confirm_device(params = {}) ⇒ Types::ConfirmDeviceResponse
Confirms a device that a user wants to remember.
-
#confirm_forgot_password(params = {}) ⇒ Struct
This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user.
-
#confirm_sign_up(params = {}) ⇒ Types::ConfirmSignUpResponse
This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool via the [SignUp][1] API operation.
-
#create_group(params = {}) ⇒ Types::CreateGroupResponse
Creates a new group in the specified user pool.
-
#create_identity_provider(params = {}) ⇒ Types::CreateIdentityProviderResponse
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
-
#create_managed_login_branding(params = {}) ⇒ Types::CreateManagedLoginBrandingResponse
Creates a new set of branding settings for a user pool style and associates it with an app client.
-
#create_resource_server(params = {}) ⇒ Types::CreateResourceServerResponse
Creates a new OAuth2.0 resource server and defines custom scopes within it.
-
#create_user_import_job(params = {}) ⇒ Types::CreateUserImportJobResponse
Creates a user import job.
-
#create_user_pool(params = {}) ⇒ Types::CreateUserPoolResponse
This action might generate an SMS text message. -
#create_user_pool_client(params = {}) ⇒ Types::CreateUserPoolClientResponse
Creates an app client in a user pool.
-
#create_user_pool_domain(params = {}) ⇒ Types::CreateUserPoolDomainResponse
A user pool domain hosts managed login, an authorization server and web server for authentication in your application.
-
#delete_group(params = {}) ⇒ Struct
Deletes a group from the specified user pool.
-
#delete_identity_provider(params = {}) ⇒ Struct
Deletes a user pool identity provider (IdP).
-
#delete_managed_login_branding(params = {}) ⇒ Struct
Deletes a managed login branding style.
-
#delete_resource_server(params = {}) ⇒ Struct
Deletes a resource server.
-
#delete_user(params = {}) ⇒ Struct
Self-deletes a user profile.
-
#delete_user_attributes(params = {}) ⇒ Struct
Self-deletes attributes for a user.
-
#delete_user_pool(params = {}) ⇒ Struct
Deletes a user pool.
-
#delete_user_pool_client(params = {}) ⇒ Struct
Deletes a user pool app client.
-
#delete_user_pool_domain(params = {}) ⇒ Struct
Given a user pool ID and domain identifier, deletes a user pool domain.
-
#delete_web_authn_credential(params = {}) ⇒ Struct
Deletes a registered passkey, or webauthN, authenticator for the currently signed-in user.
-
#describe_identity_provider(params = {}) ⇒ Types::DescribeIdentityProviderResponse
Given a user pool ID and identity provider (IdP) name, returns details about the IdP.
-
#describe_managed_login_branding(params = {}) ⇒ Types::DescribeManagedLoginBrandingResponse
Given the ID of a managed login branding style, returns detailed information about the style.
-
#describe_managed_login_branding_by_client(params = {}) ⇒ Types::DescribeManagedLoginBrandingByClientResponse
Given the ID of a user pool app client, returns detailed information about the style assigned to the app client.
-
#describe_resource_server(params = {}) ⇒ Types::DescribeResourceServerResponse
Describes a resource server.
-
#describe_risk_configuration(params = {}) ⇒ Types::DescribeRiskConfigurationResponse
Given an app client or user pool ID where threat protection is configured, describes the risk configuration.
-
#describe_user_import_job(params = {}) ⇒ Types::DescribeUserImportJobResponse
Describes a user import job.
-
#describe_user_pool(params = {}) ⇒ Types::DescribeUserPoolResponse
Given a user pool ID, returns configuration information.
-
#describe_user_pool_client(params = {}) ⇒ Types::DescribeUserPoolClientResponse
Given an app client ID, returns configuration information.
-
#describe_user_pool_domain(params = {}) ⇒ Types::DescribeUserPoolDomainResponse
Given a user pool domain name, returns information about the domain configuration.
-
#forget_device(params = {}) ⇒ Struct
Forgets the specified device.
-
#forgot_password(params = {}) ⇒ Types::ForgotPasswordResponse
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password.
-
#get_csv_header(params = {}) ⇒ Types::GetCSVHeaderResponse
Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.
-
#get_device(params = {}) ⇒ Types::GetDeviceResponse
Gets the device.
-
#get_group(params = {}) ⇒ Types::GetGroupResponse
Gets a group.
-
#get_identity_provider_by_identifier(params = {}) ⇒ Types::GetIdentityProviderByIdentifierResponse
Gets the specified IdP.
-
#get_log_delivery_configuration(params = {}) ⇒ Types::GetLogDeliveryConfigurationResponse
Gets the logging configuration of a user pool.
-
#get_signing_certificate(params = {}) ⇒ Types::GetSigningCertificateResponse
This method takes a user pool ID, and returns the signing certificate.
-
#get_ui_customization(params = {}) ⇒ Types::GetUICustomizationResponse
Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client.
-
#get_user(params = {}) ⇒ Types::GetUserResponse
Gets the user attributes and metadata for a user.
-
#get_user_attribute_verification_code(params = {}) ⇒ Types::GetUserAttributeVerificationCodeResponse
Generates a user attribute verification code for the specified attribute name.
-
#get_user_auth_factors(params = {}) ⇒ Types::GetUserAuthFactorsResponse
Lists the authentication options for the currently signed-in user.
-
#get_user_pool_mfa_config(params = {}) ⇒ Types::GetUserPoolMfaConfigResponse
Gets the user pool multi-factor authentication (MFA) configuration.
-
#global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
-
#initiate_auth(params = {}) ⇒ Types::InitiateAuthResponse
Initiates sign-in for a user in the Amazon Cognito user directory.
-
#list_devices(params = {}) ⇒ Types::ListDevicesResponse
Lists the sign-in devices that Amazon Cognito has registered to the current user.
-
#list_groups(params = {}) ⇒ Types::ListGroupsResponse
Lists the groups associated with a user pool.
-
#list_identity_providers(params = {}) ⇒ Types::ListIdentityProvidersResponse
Lists information about all IdPs for a user pool.
-
#list_resource_servers(params = {}) ⇒ Types::ListResourceServersResponse
Lists the resource servers for a user pool.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are assigned to an Amazon Cognito user pool.
-
#list_user_import_jobs(params = {}) ⇒ Types::ListUserImportJobsResponse
Lists user import jobs for a user pool.
-
#list_user_pool_clients(params = {}) ⇒ Types::ListUserPoolClientsResponse
Lists the clients that have been created for the specified user pool.
-
#list_user_pools(params = {}) ⇒ Types::ListUserPoolsResponse
Lists the user pools associated with an Amazon Web Services account.
-
#list_users(params = {}) ⇒ Types::ListUsersResponse
Lists users and their basic details in a user pool.
-
#list_users_in_group(params = {}) ⇒ Types::ListUsersInGroupResponse
Lists the users in the specified group.
-
#list_web_authn_credentials(params = {}) ⇒ Types::ListWebAuthnCredentialsResponse
Generates a list of the current user's registered passkey, or webauthN, credentials.
-
#resend_confirmation_code(params = {}) ⇒ Types::ResendConfirmationCodeResponse
Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
-
#respond_to_auth_challenge(params = {}) ⇒ Types::RespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
-
#revoke_token(params = {}) ⇒ Struct
Revokes all of the access tokens generated by, and at the same time as, the specified refresh token.
-
#set_log_delivery_configuration(params = {}) ⇒ Types::SetLogDeliveryConfigurationResponse
Sets up or modifies the logging configuration of a user pool.
-
#set_risk_configuration(params = {}) ⇒ Types::SetRiskConfigurationResponse
Configures actions on detected risks.
-
#set_ui_customization(params = {}) ⇒ Types::SetUICustomizationResponse
Sets the user interface (UI) customization information for a user pool's built-in app UI.
-
#set_user_mfa_preference(params = {}) ⇒ Struct
Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred.
-
#set_user_pool_mfa_config(params = {}) ⇒ Types::SetUserPoolMfaConfigResponse
Sets the user pool multi-factor authentication (MFA) and passkey configuration.
-
#set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA.
-
#sign_up(params = {}) ⇒ Types::SignUpResponse
Registers the user in the specified user pool and creates a user name, password, and user attributes.
-
#start_user_import_job(params = {}) ⇒ Types::StartUserImportJobResponse
Starts the user import.
-
#start_web_authn_registration(params = {}) ⇒ Types::StartWebAuthnRegistrationResponse
Requests credential creation options from your user pool for registration of a passkey authenticator.
-
#stop_user_import_job(params = {}) ⇒ Types::StopUserImportJobResponse
Stops the user import job.
-
#tag_resource(params = {}) ⇒ Struct
Assigns a set of tags to an Amazon Cognito user pool.
-
#untag_resource(params = {}) ⇒ Struct
Removes the specified tags from an Amazon Cognito user pool.
-
#update_auth_event_feedback(params = {}) ⇒ Struct
Provides the feedback for an authentication event, whether it was from a valid user or not.
-
#update_device_status(params = {}) ⇒ Struct
Updates the device status.
-
#update_group(params = {}) ⇒ Types::UpdateGroupResponse
Updates the specified group with the specified attributes.
-
#update_identity_provider(params = {}) ⇒ Types::UpdateIdentityProviderResponse
Updates IdP information for a user pool.
-
#update_managed_login_branding(params = {}) ⇒ Types::UpdateManagedLoginBrandingResponse
Configures the branding settings for a user pool style.
-
#update_resource_server(params = {}) ⇒ Types::UpdateResourceServerResponse
Updates the name and scopes of resource server.
-
#update_user_attributes(params = {}) ⇒ Types::UpdateUserAttributesResponse
With this operation, your users can update one or more of their attributes with their own credentials.
-
#update_user_pool(params = {}) ⇒ Struct
This action might generate an SMS text message. -
#update_user_pool_client(params = {}) ⇒ Types::UpdateUserPoolClientResponse
Updates the specified user pool app client with the specified attributes.
-
#update_user_pool_domain(params = {}) ⇒ Types::UpdateUserPoolDomainResponse
A user pool domain hosts managed login, an authorization server and web server for authentication in your application.
-
#verify_software_token(params = {}) ⇒ Types::VerifySoftwareTokenResponse
Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful.
-
#verify_user_attribute(params = {}) ⇒ Struct
Verifies the specified user attributes in the user pool.
Instance Method Summary collapse
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
Methods included from Aws::ClientStubs
#api_requests, #stub_data, #stub_responses
Methods inherited from Seahorse::Client::Base
add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
451 452 453 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 451 def initialize(*args) super end |
Instance Method Details
#add_custom_attributes(params = {}) ⇒ Struct
Adds additional user attributes to the user pool schema. Custom
attributes can be mutable or immutable and have a custom:
or dev:
prefix. For more information, see Custom attributes.
You can also create custom attributes in the Schema parameter of
CreateUserPool
and UpdateUserPool
. You can't delete custom
attributes after you create them.
Learn more
558 559 560 561 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 558 def add_custom_attributes(params = {}, = {}) req = build_request(:add_custom_attributes, params) req.send_request() end |
#admin_add_user_to_group(params = {}) ⇒ Struct
Adds a user to a group. A user who is in a group can present a
preferred-role claim to an identity pool, and populates a
cognito:groups
claim to their access and identity tokens.
Learn more
613 614 615 616 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 613 def admin_add_user_to_group(params = {}, = {}) req = build_request(:admin_add_user_to_group, params) req.send_request() end |
#admin_confirm_sign_up(params = {}) ⇒ Struct
Confirms user sign-up as an administrator. Unlike ConfirmSignUp, your IAM credentials authorize user account confirmation. No confirmation code is required.
This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.
Learn more
To configure your user pool to require administrative confirmation of
users, set AllowAdminCreateUserOnly
to true
in a CreateUserPool
or UpdateUserPool
request.
714 715 716 717 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 714 def admin_confirm_sign_up(params = {}, = {}) req = build_request(:admin_confirm_sign_up, params) req.send_request() end |
#admin_create_user(params = {}) ⇒ Types::AdminCreateUserResponse
Creates a new user in the specified user pool.
If MessageAction
isn't set, the default is to send a welcome
message via email or phone (SMS).
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser
with SUPPRESS
for the
MessageAction
parameter, and Amazon Cognito won't send any email.
In either case, if the user has a password, they will be in the
FORCE_CHANGE_PASSWORD
state until they sign in and set their
password. Your invitation message template must have the {####}
password placeholder if your users have passwords. If your template
doesn't have this placeholder, Amazon Cognito doesn't deliver the
invitation message. In this case, you must update your message
template and resend the password with a new AdminCreateUser
request
with a MessageAction
value of RESEND
.
Learn more
1062 1063 1064 1065 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1062 def admin_create_user(params = {}, = {}) req = build_request(:admin_create_user, params) req.send_request() end |
#admin_delete_user(params = {}) ⇒ Struct
Deletes a user profile in your user pool.
Learn more
1110 1111 1112 1113 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1110 def admin_delete_user(params = {}, = {}) req = build_request(:admin_delete_user, params) req.send_request() end |
#admin_delete_user_attributes(params = {}) ⇒ Struct
Deletes attribute values from a user. This operation doesn't affect tokens for existing user sessions. The next ID token that the user receives will no longer have this attribute.
Learn more
1168 1169 1170 1171 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1168 def admin_delete_user_attributes(params = {}, = {}) req = build_request(:admin_delete_user_attributes, params) req.send_request() end |
#admin_disable_provider_for_user(params = {}) ⇒ Struct
Prevents the user from signing in with the specified external (SAML or
social) identity provider (IdP). If the user that you want to
deactivate is a Amazon Cognito user pools native username + password
user, they can't use their password to sign in. If the user to
deactivate is a linked external IdP user, any link between that user
and an existing user is removed. When the external user signs in
again, and the user is no longer attached to the previously linked
DestinationUser
, the user must create a new user account. See
AdminLinkProviderForUser.
The ProviderName
must match the value specified when creating an IdP
for the pool.
To deactivate a native username + password user, the ProviderName
value must be Cognito
and the ProviderAttributeName
must be
Cognito_Subject
. The ProviderAttributeValue
must be the name that
is used in the user pool for the user.
The ProviderAttributeName
must always be Cognito_Subject
for
social IdPs. The ProviderAttributeValue
must always be the exact
subject that was used when the user was originally linked as a source
user.
For de-linking a SAML identity, there are two scenarios. If the linked
identity has not yet been used to sign in, the ProviderAttributeName
and ProviderAttributeValue
must be the same values that were used
for the SourceUser
when the identities were originally linked using
AdminLinkProviderForUser
call. (If the linking was done with
ProviderAttributeName
set to Cognito_Subject
, the same applies
here). However, if the user has already signed in, the
ProviderAttributeName
must be Cognito_Subject
and
ProviderAttributeValue
must be the subject of the SAML assertion.
Learn more
1249 1250 1251 1252 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1249 def admin_disable_provider_for_user(params = {}, = {}) req = build_request(:admin_disable_provider_for_user, params) req.send_request() end |
#admin_disable_user(params = {}) ⇒ Struct
Deactivates a user profile and revokes all access tokens for the user.
A deactivated user can't sign in, but still appears in the responses
to ListUsers
API requests.
Learn more
1299 1300 1301 1302 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1299 def admin_disable_user(params = {}, = {}) req = build_request(:admin_disable_user, params) req.send_request() end |
#admin_enable_user(params = {}) ⇒ Struct
Activate sign-in for a user profile that previously had sign-in access disabled.
Learn more
1349 1350 1351 1352 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1349 def admin_enable_user(params = {}, = {}) req = build_request(:admin_enable_user, params) req.send_request() end |
#admin_forget_device(params = {}) ⇒ Struct
Forgets, or deletes, a remembered device from a user's profile. After you forget the device, the user can no longer complete device authentication with that device and when applicable, must submit MFA codes again. For more information, see Working with devices.
Learn more
1410 1411 1412 1413 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1410 def admin_forget_device(params = {}, = {}) req = build_request(:admin_forget_device, params) req.send_request() end |
#admin_get_device(params = {}) ⇒ Types::AdminGetDeviceResponse
Given the device key, returns details for a user' device. For more information, see Working with devices.
Learn more
1481 1482 1483 1484 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1481 def admin_get_device(params = {}, = {}) req = build_request(:admin_get_device, params) req.send_request() end |
#admin_get_user(params = {}) ⇒ Types::AdminGetUserResponse
Given the username, returns details about a user profile in a user
pool. This operation contributes to your monthly active user (MAU)
count for the purpose of billing. You can specify alias attributes in
the Username
parameter.
Learn more
1560 1561 1562 1563 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1560 def admin_get_user(params = {}, = {}) req = build_request(:admin_get_user, params) req.send_request() end |
#admin_initiate_auth(params = {}) ⇒ Types::AdminInitiateAuthResponse
Starts sign-in for applications with a server-side component, for example a traditional web application. This operation specifies the authentication flow that you'd like to begin. The authentication flow that you specify must be supported in your app client configuration. For more information about authentication flows, see Authentication flows.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
1859 1860 1861 1862 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1859 def admin_initiate_auth(params = {}, = {}) req = build_request(:admin_initiate_auth, params) req.send_request() end |
#admin_link_provider_for_user(params = {}) ⇒ Struct
Links an existing user account in a user pool (DestinationUser
) to
an identity from an external IdP (SourceUser
) based on a specified
attribute name and value from the external IdP. This allows you to
create a link from the existing user account to an external federated
user identity that has not yet been used to sign in. You can then use
the federated user identity to sign in as the existing user account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity. When the user signs in with a federated user identity, they sign in as the existing user account.
Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external IdPs and provider attributes that have been trusted by the application owner.
Learn more
1980 1981 1982 1983 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1980 def admin_link_provider_for_user(params = {}, = {}) req = build_request(:admin_link_provider_for_user, params) req.send_request() end |
#admin_list_devices(params = {}) ⇒ Types::AdminListDevicesResponse
Lists a user's registered devices. Remembered devices are used in authentication services where you offer a "Remember me" option for users who you want to permit to sign in without MFA from a trusted device. Users can bypass MFA while your application performs device SRP authentication on the back end. For more information, see Working with devices.
Learn more
2063 2064 2065 2066 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2063 def admin_list_devices(params = {}, = {}) req = build_request(:admin_list_devices, params) req.send_request() end |
#admin_list_groups_for_user(params = {}) ⇒ Types::AdminListGroupsForUserResponse
Lists the groups that a user belongs to. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2146 2147 2148 2149 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2146 def admin_list_groups_for_user(params = {}, = {}) req = build_request(:admin_list_groups_for_user, params) req.send_request() end |
#admin_list_user_auth_events(params = {}) ⇒ Types::AdminListUserAuthEventsResponse
Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection. For more information, see Viewing user event history.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2241 2242 2243 2244 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2241 def admin_list_user_auth_events(params = {}, = {}) req = build_request(:admin_list_user_auth_events, params) req.send_request() end |
#admin_remove_user_from_group(params = {}) ⇒ Struct
Given a username and a group name. removes them from the group. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.
Learn more
2300 2301 2302 2303 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2300 def admin_remove_user_from_group(params = {}, = {}) req = build_request(:admin_remove_user_from_group, params) req.send_request() end |
#admin_reset_user_password(params = {}) ⇒ Struct
Resets the specified user's password in a user pool. This operation doesn't change the user's password, but sends a password-reset code. This operation is the administrative authentication API equivalent to ForgotPassword.
This operation deactivates a user's password, requiring them to
change it. If a user tries to sign in after the API request, Amazon
Cognito responds with a PasswordResetRequiredException
error. Your
app must then complete the forgot-password flow by prompting the user
for their code and a new password, then submitting those values in a
ConfirmForgotPassword request. In addition, if the user pool has
phone verification selected and a verified phone number exists for the
user, or if email verification is selected and a verified email exists
for the user, calling this API will also result in sending a message
to the end user with the code to change their password.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
2431 2432 2433 2434 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2431 def admin_reset_user_password(params = {}, = {}) req = build_request(:admin_reset_user_password, params) req.send_request() end |
#admin_respond_to_auth_challenge(params = {}) ⇒ Types::AdminRespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt
for an MFA code, for device authentication that bypasses MFA, or for a
custom authentication challenge. An AdminRespondToAuthChallenge
API
request provides the answer to that challenge, like a code or a secure
remote password (SRP). The parameters of a response to an
authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
2783 2784 2785 2786 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2783 def admin_respond_to_auth_challenge(params = {}, = {}) req = build_request(:admin_respond_to_auth_challenge, params) req.send_request() end |
#admin_set_user_mfa_preference(params = {}) ⇒ Struct
Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.
This operation doesn't reset an existing TOTP MFA for a user. To register a new TOTP factor for a user, make an AssociateSoftwareToken request. For more information, see TOTP software token MFA.
Learn more
2876 2877 2878 2879 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2876 def admin_set_user_mfa_preference(params = {}, = {}) req = build_request(:admin_set_user_mfa_preference, params) req.send_request() end |
#admin_set_user_password(params = {}) ⇒ Struct
Sets the specified user's password in a user pool. This operation
administratively sets a temporary or permanent password for a user.
With this operation, you can bypass self-service password changes and
permit immediate sign-in with the password that you set. To do this,
set Permanent
to true
.
You can also set a new temporary password in this request, send it to
a user, and require them to choose a new password on their next
sign-in. To do this, set Permanent
to false
.
If the password is temporary, the user's Status
becomes
FORCE_CHANGE_PASSWORD
. When the user next tries to sign in, the
InitiateAuth
or AdminInitiateAuth
response includes the
NEW_PASSWORD_REQUIRED
challenge. If the user doesn't sign in before
the temporary password expires, they can no longer sign in and you
must repeat this operation to set a temporary or permanent password
for them.
After the user sets a new password, or if you set a permanent
password, their status becomes Confirmed
.
AdminSetUserPassword
can set a password for the user profile that
Amazon Cognito creates for third-party federated users. When you set a
password, the federated user's status changes from
EXTERNAL_PROVIDER
to CONFIRMED
. A user in this state can sign in
as a federated user, and initiate authentication flows in the API like
a linked native user. They can also modify their password and
attributes in token-authenticated API requests like ChangePassword
and UpdateUserAttributes
. As a best security practice and to keep
users in sync with your external IdP, don't set passwords on
federated user profiles. To set up a federated user for native sign-in
with a linked native user, refer to Linking federated users to an
existing user profile.
Learn more
2970 2971 2972 2973 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2970 def admin_set_user_password(params = {}, = {}) req = build_request(:admin_set_user_password, params) req.send_request() end |
#admin_set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use AdminSetUserMFAPreference instead.
Learn more
3033 3034 3035 3036 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3033 def admin_set_user_settings(params = {}, = {}) req = build_request(:admin_set_user_settings, params) req.send_request() end |
#admin_update_auth_event_feedback(params = {}) ⇒ Struct
Provides feedback for an authentication event indicating if it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To train the threat-protection model to recognize trusted and untrusted sign-in characteristics, configure threat protection in audit-only mode and provide a mechanism for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree with.
Learn more
3107 3108 3109 3110 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3107 def admin_update_auth_event_feedback(params = {}, = {}) req = build_request(:admin_update_auth_event_feedback, params) req.send_request() end |
#admin_update_device_status(params = {}) ⇒ Struct
Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.
Learn more
3174 3175 3176 3177 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3174 def admin_update_device_status(params = {}, = {}) req = build_request(:admin_update_device_status, params) req.send_request() end |
#admin_update_user_attributes(params = {}) ⇒ Struct
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must prepend the custom:
prefix to the
attribute name.
This operation can set a user's email address or phone number as
verified and permit immediate sign-in in user pools that require
verification of these attributes. To do this, set the email_verified
or phone_number_verified
attribute to true
.
Learn more
3323 3324 3325 3326 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3323 def admin_update_user_attributes(params = {}, = {}) req = build_request(:admin_update_user_attributes, params) req.send_request() end |
#admin_user_global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.
Amazon Cognito returns an
Access Token has been revoked
error when your app attempts to authorize a user pools API request with a revoked access token that contains the scopeaws.cognito.signin.user.admin
.Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with
ServerSideTokenCheck
enabled for its user pool IdP configuration in CognitoIdentityProvider.Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.
Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.
Learn more
3402 3403 3404 3405 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3402 def admin_user_global_sign_out(params = {}, = {}) req = build_request(:admin_user_global_sign_out, params) req.send_request() end |
#associate_software_token(params = {}) ⇒ Types::AssociateSoftwareTokenResponse
Begins setup of time-based one-time password (TOTP) multi-factor
authentication (MFA) for a user, with a unique private key that Amazon
Cognito generates and returns in the API response. You can authorize
an AssociateSoftwareToken
request with either the user's access
token, or a session string from a challenge response that you received
from Amazon Cognito.
MFA_SETUP
or SOFTWARE_TOKEN_SETUP
challenge each time your user signs in. Complete setup with
AssociateSoftwareToken
and VerifySoftwareToken
.
After you set up software token MFA for your user, Amazon Cognito
generates a SOFTWARE_TOKEN_MFA
challenge when they authenticate.
Respond to this challenge with your user's TOTP.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3478 3479 3480 3481 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3478 def associate_software_token(params = {}, = {}) req = build_request(:associate_software_token, params) req.send_request() end |
#change_password(params = {}) ⇒ Struct
Changes the password for a specified user in a user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3528 3529 3530 3531 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3528 def change_password(params = {}, = {}) req = build_request(:change_password, params) req.send_request() end |
#complete_web_authn_registration(params = {}) ⇒ Struct
Completes registration of a passkey authenticator for the current user. Your application provides data from a successful registration request with the data from the output of a StartWebAuthnRegistration.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3576 3577 3578 3579 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3576 def complete_web_authn_registration(params = {}, = {}) req = build_request(:complete_web_authn_registration, params) req.send_request() end |
#confirm_device(params = {}) ⇒ Types::ConfirmDeviceResponse
Confirms a device that a user wants to remember. A remembered device is a "Remember me on this device" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3643 3644 3645 3646 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3643 def confirm_device(params = {}, = {}) req = build_request(:confirm_device, params) req.send_request() end |
#confirm_forgot_password(params = {}) ⇒ Struct
This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user.
3780 3781 3782 3783 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3780 def confirm_forgot_password(params = {}, = {}) req = build_request(:confirm_forgot_password, params) req.send_request() end |
#confirm_sign_up(params = {}) ⇒ Types::ConfirmSignUpResponse
This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.
Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users, users created with the AdminCreateUser API operation, confirm their accounts when they respond to their invitation email message and choose a password. They do not receive a confirmation code. Instead, they receive a temporary password.
3956 3957 3958 3959 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3956 def confirm_sign_up(params = {}, = {}) req = build_request(:confirm_sign_up, params) req.send_request() end |
#create_group(params = {}) ⇒ Types::CreateGroupResponse
Creates a new group in the specified user pool. For more information about user pool groups see Adding groups to a user pool.
Learn more
4049 4050 4051 4052 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4049 def create_group(params = {}, = {}) req = build_request(:create_group, params) req.send_request() end |
#create_identity_provider(params = {}) ⇒ Types::CreateIdentityProviderResponse
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.
Learn more
4270 4271 4272 4273 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4270 def create_identity_provider(params = {}, = {}) req = build_request(:create_identity_provider, params) req.send_request() end |
#create_managed_login_branding(params = {}) ⇒ Types::CreateManagedLoginBrandingResponse
Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer.
Provides values for UI customization in a Settings
JSON object and
image files in an Assets
array. To send the JSON object Document
type parameter in Settings
, you might need to update to the most
recent version of your Amazon Web Services SDK. To create a new style
with default settings, set UseCognitoProvidedValues
to true
and
don't provide values for any other options.
This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.
As a best practice, modify the output of
DescribeManagedLoginBrandingByClient into the request parameters
for this operation. To get all settings, set ReturnMergedResources
to true
. For more information, see API and SDK operations for
managed login branding.
Learn more
4396 4397 4398 4399 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4396 def create_managed_login_branding(params = {}, = {}) req = build_request(:create_managed_login_branding, params) req.send_request() end |
#create_resource_server(params = {}) ⇒ Types::CreateResourceServerResponse
Creates a new OAuth2.0 resource server and defines custom scopes within it. Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.
Learn more
4478 4479 4480 4481 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4478 def create_resource_server(params = {}, = {}) req = build_request(:create_resource_server, params) req.send_request() end |
#create_user_import_job(params = {}) ⇒ Types::CreateUserImportJobResponse
Creates a user import job. You can import users into user pools from a comma-separated values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services bill. To generate a template for your import, see GetCSVHeader. To learn more about CSV import, see Importing users from a CSV file.
Learn more
4552 4553 4554 4555 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4552 def create_user_import_job(params = {}, = {}) req = build_request(:create_user_import_job, params) req.send_request() end |
#create_user_pool(params = {}) ⇒ Types::CreateUserPoolResponse
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration options. You can create a user pool in the Amazon Cognito console to your preferences and use the output of DescribeUserPool to generate requests from that baseline.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Learn more
5517 5518 5519 5520 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 5517 def create_user_pool(params = {}, = {}) req = build_request(:create_user_pool, params) req.send_request() end |
#create_user_pool_client(params = {}) ⇒ Types::CreateUserPoolClientResponse
Creates an app client in a user pool. This operation sets basic and advanced configuration options. You can create an app client in the Amazon Cognito console to your preferences and use the output of DescribeUserPoolClient to generate requests from that baseline.
New app clients activate token revocation by default. For more information about revoking tokens, see RevokeToken.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Learn more
6109 6110 6111 6112 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6109 def create_user_pool_client(params = {}, = {}) req = build_request(:create_user_pool_client, params) req.send_request() end |
#create_user_pool_domain(params = {}) ⇒ Types::CreateUserPoolDomainResponse
A user pool domain hosts managed login, an authorization server and
web server for authentication in your application. This operation
creates a new user pool prefix or custom domain and sets the managed
login branding version. Set the branding version to 1
for hosted UI
(classic) or 2
for managed login. When you choose a custom domain,
you must provide an SSL certificate in the US East (N. Virginia)
Amazon Web Services Region in your request.
Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.
For more information about adding a custom domain to your user pool, see Configuring a user pool domain.
Learn more
6210 6211 6212 6213 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6210 def create_user_pool_domain(params = {}, = {}) req = build_request(:create_user_pool_domain, params) req.send_request() end |
#delete_group(params = {}) ⇒ Struct
Deletes a group from the specified user pool. When you delete a group,
that group no longer contributes to users' cognito:preferred_group
or cognito:groups
claims, and no longer influence access-control
decision that are based on group membership. For more information
about user pool groups, see Adding groups to a user pool.
Learn more
6259 6260 6261 6262 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6259 def delete_group(params = {}, = {}) req = build_request(:delete_group, params) req.send_request() end |
#delete_identity_provider(params = {}) ⇒ Struct
Deletes a user pool identity provider (IdP). After you delete an IdP, users can no longer sign in to your user pool through that IdP. For more information about user pool IdPs, see Third-party IdP sign-in.
Learn more
6308 6309 6310 6311 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6308 def delete_identity_provider(params = {}, = {}) req = build_request(:delete_identity_provider, params) req.send_request() end |
#delete_managed_login_branding(params = {}) ⇒ Struct
Deletes a managed login branding style. When you delete a style, you delete the branding association for an app client. When an app client doesn't have a style assigned, your managed login pages for that app client are nonfunctional until you create a new style or switch the domain branding version.
Learn more
6357 6358 6359 6360 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6357 def delete_managed_login_branding(params = {}, = {}) req = build_request(:delete_managed_login_branding, params) req.send_request() end |
#delete_resource_server(params = {}) ⇒ Struct
Deletes a resource server. After you delete a resource server, users can no longer generate access tokens with scopes that are associate with that resource server.
Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.
Learn more
6408 6409 6410 6411 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6408 def delete_resource_server(params = {}, = {}) req = build_request(:delete_resource_server, params) req.send_request() end |
#delete_user(params = {}) ⇒ Struct
Self-deletes a user profile. A deleted user profile can no longer be used to sign in and can't be restored.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6448 6449 6450 6451 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6448 def delete_user(params = {}, = {}) req = build_request(:delete_user, params) req.send_request() end |
#delete_user_attributes(params = {}) ⇒ Struct
Self-deletes attributes for a user. For example, your application can
submit a request to this operation when a user wants to remove their
birthdate
attribute value.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6497 6498 6499 6500 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6497 def delete_user_attributes(params = {}, = {}) req = build_request(:delete_user_attributes, params) req.send_request() end |
#delete_user_pool(params = {}) ⇒ Struct
Deletes a user pool. After you delete a user pool, users can no longer sign in to any associated applications.
6520 6521 6522 6523 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6520 def delete_user_pool(params = {}, = {}) req = build_request(:delete_user_pool, params) req.send_request() end |
#delete_user_pool_client(params = {}) ⇒ Struct
Deletes a user pool app client. After you delete an app client, users can no longer sign in to the associated application.
6547 6548 6549 6550 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6547 def delete_user_pool_client(params = {}, = {}) req = build_request(:delete_user_pool_client, params) req.send_request() end |
#delete_user_pool_domain(params = {}) ⇒ Struct
Given a user pool ID and domain identifier, deletes a user pool domain. After you delete a user pool domain, your managed login pages and authorization server are no longer available.
6577 6578 6579 6580 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6577 def delete_user_pool_domain(params = {}, = {}) req = build_request(:delete_user_pool_domain, params) req.send_request() end |
#delete_web_authn_credential(params = {}) ⇒ Struct
Deletes a registered passkey, or webauthN, authenticator for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6626 6627 6628 6629 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6626 def delete_web_authn_credential(params = {}, = {}) req = build_request(:delete_web_authn_credential, params) req.send_request() end |
#describe_identity_provider(params = {}) ⇒ Types::DescribeIdentityProviderResponse
Given a user pool ID and identity provider (IdP) name, returns details about the IdP.
6669 6670 6671 6672 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6669 def describe_identity_provider(params = {}, = {}) req = build_request(:describe_identity_provider, params) req.send_request() end |
#describe_managed_login_branding(params = {}) ⇒ Types::DescribeManagedLoginBrandingResponse
Given the ID of a managed login branding style, returns detailed information about the style.
6721 6722 6723 6724 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6721 def describe_managed_login_branding(params = {}, = {}) req = build_request(:describe_managed_login_branding, params) req.send_request() end |
#describe_managed_login_branding_by_client(params = {}) ⇒ Types::DescribeManagedLoginBrandingByClientResponse
Given the ID of a user pool app client, returns detailed information about the style assigned to the app client.
6773 6774 6775 6776 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6773 def describe_managed_login_branding_by_client(params = {}, = {}) req = build_request(:describe_managed_login_branding_by_client, params) req.send_request() end |
#describe_resource_server(params = {}) ⇒ Types::DescribeResourceServerResponse
Describes a resource server. For more information about resource servers, see Access control with resource servers.
6822 6823 6824 6825 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6822 def describe_resource_server(params = {}, = {}) req = build_request(:describe_resource_server, params) req.send_request() end |
#describe_risk_configuration(params = {}) ⇒ Types::DescribeRiskConfigurationResponse
Given an app client or user pool ID where threat protection is configured, describes the risk configuration. This operation returns details about adaptive authentication, compromised credentials, and IP-address allow- and denylists. For more information about threat protection, see Threat protection.
6897 6898 6899 6900 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6897 def describe_risk_configuration(params = {}, = {}) req = build_request(:describe_risk_configuration, params) req.send_request() end |
#describe_user_import_job(params = {}) ⇒ Types::DescribeUserImportJobResponse
Describes a user import job. For more information about user CSV import, see Importing users from a CSV file.
6946 6947 6948 6949 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6946 def describe_user_import_job(params = {}, = {}) req = build_request(:describe_user_import_job, params) req.send_request() end |
#describe_user_pool(params = {}) ⇒ Types::DescribeUserPoolResponse
Given a user pool ID, returns configuration information. This operation is useful when you want to inspect an existing user pool and programmatically replicate the configuration to another user pool.
Learn more
7084 7085 7086 7087 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7084 def describe_user_pool(params = {}, = {}) req = build_request(:describe_user_pool, params) req.send_request() end |
#describe_user_pool_client(params = {}) ⇒ Types::DescribeUserPoolClientResponse
Given an app client ID, returns configuration information. This operation is useful when you want to inspect an existing app client and programmatically replicate the configuration to another app client. For more information about app clients, see App clients.
Learn more
7177 7178 7179 7180 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7177 def describe_user_pool_client(params = {}, = {}) req = build_request(:describe_user_pool_client, params) req.send_request() end |
#describe_user_pool_domain(params = {}) ⇒ Types::DescribeUserPoolDomainResponse
Given a user pool domain name, returns information about the domain configuration.
Learn more
7234 7235 7236 7237 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7234 def describe_user_pool_domain(params = {}, = {}) req = build_request(:describe_user_pool_domain, params) req.send_request() end |
#forget_device(params = {}) ⇒ Struct
Forgets the specified device. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
7279 7280 7281 7282 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7279 def forget_device(params = {}, = {}) req = build_request(:forget_device, params) req.send_request() end |
#forgot_password(params = {}) ⇒ Types::ForgotPasswordResponse
Calling this API causes a message to be sent to the end user with a
confirmation code that is required to change the user's password. For
the Username
parameter, you can use the username or user alias. The
method used to send the confirmation code is sent according to the
specified AccountRecoverySetting. For more information, see
Recovering User Accounts in the Amazon Cognito Developer Guide.
To use the confirmation code for resetting the password, call
ConfirmForgotPassword.
If neither a verified phone number nor a verified email exists, this
API returns InvalidParameterException
. If your app client has a
client secret and you don't provide a SECRET_HASH
parameter, this
API returns NotAuthorizedException
.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
7448 7449 7450 7451 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7448 def forgot_password(params = {}, = {}) req = build_request(:forgot_password, params) req.send_request() end |
#get_csv_header(params = {}) ⇒ Types::GetCSVHeaderResponse
Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.
7480 7481 7482 7483 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7480 def get_csv_header(params = {}, = {}) req = build_request(:get_csv_header, params) req.send_request() end |
#get_device(params = {}) ⇒ Types::GetDeviceResponse
Gets the device. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
7537 7538 7539 7540 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7537 def get_device(params = {}, = {}) req = build_request(:get_device, params) req.send_request() end |
#get_group(params = {}) ⇒ Types::GetGroupResponse
Gets a group.
Calling this action requires developer credentials.
7577 7578 7579 7580 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7577 def get_group(params = {}, = {}) req = build_request(:get_group, params) req.send_request() end |
#get_identity_provider_by_identifier(params = {}) ⇒ Types::GetIdentityProviderByIdentifierResponse
Gets the specified IdP.
7619 7620 7621 7622 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7619 def get_identity_provider_by_identifier(params = {}, = {}) req = build_request(:get_identity_provider_by_identifier, params) req.send_request() end |
#get_log_delivery_configuration(params = {}) ⇒ Types::GetLogDeliveryConfigurationResponse
Gets the logging configuration of a user pool.
7654 7655 7656 7657 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7654 def get_log_delivery_configuration(params = {}, = {}) req = build_request(:get_log_delivery_configuration, params) req.send_request() end |
#get_signing_certificate(params = {}) ⇒ Types::GetSigningCertificateResponse
This method takes a user pool ID, and returns the signing certificate. The issued certificate is valid for 10 years from the date of issue.
Amazon Cognito issues and assigns a new signing certificate annually.
This process returns a new value in the response to
GetSigningCertificate
, but doesn't invalidate the original
certificate.
7688 7689 7690 7691 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7688 def get_signing_certificate(params = {}, = {}) req = build_request(:get_signing_certificate, params) req.send_request() end |
#get_ui_customization(params = {}) ⇒ Types::GetUICustomizationResponse
Gets the user interface (UI) Customization information for a
particular app client's app UI, if any such information exists for
the client. If nothing is set for the particular client, but there is
an existing pool level customization (the app clientId
is ALL
),
then that information is returned. If nothing is present, then an
empty shape is returned.
7731 7732 7733 7734 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7731 def get_ui_customization(params = {}, = {}) req = build_request(:get_ui_customization, params) req.send_request() end |
#get_user(params = {}) ⇒ Types::GetUserResponse
Gets the user attributes and metadata for a user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.