You are viewing documentation for version 3 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: Aws::CognitoIdentityProvider::Types::AdminLinkProviderForUserRequest

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/types.rb

Overview

Note:

When making an API call, you may pass AdminLinkProviderForUserRequest data as a hash:

{
  user_pool_id: "StringType", # required
  destination_user: { # required
    provider_name: "ProviderNameType",
    provider_attribute_name: "StringType",
    provider_attribute_value: "StringType",
  },
  source_user: { # required
    provider_name: "ProviderNameType",
    provider_attribute_name: "StringType",
    provider_attribute_value: "StringType",
  },
}

Instance Attribute Summary collapse

Instance Attribute Details

#destination_userTypes::ProviderUserIdentifierType

The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.

For a native username + password user, the ProviderAttributeValue for the DestinationUser should be the username in the user pool. For a federated user, it should be the provider-specific user_id.

The ProviderAttributeName of the DestinationUser is ignored.

The ProviderName should be set to Cognito for users in Cognito user pools.



1079
1080
1081
1082
1083
1084
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/types.rb', line 1079

class AdminLinkProviderForUserRequest < Struct.new(
  :user_pool_id,
  :destination_user,
  :source_user)
  include Aws::Structure
end

#source_userTypes::ProviderUserIdentifierType

An external identity provider account for a user who does not currently exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.

If the SourceUser is a federated social identity provider user (Facebook, Google, or Login with Amazon), you must set the ProviderAttributeName to Cognito_Subject. For social identity providers, the ProviderName will be Facebook, Google, or LoginWithAmazon, and Cognito will automatically parse the Facebook, Google, and Login with Amazon tokens for id, sub, and user_id, respectively. The ProviderAttributeValue for the user must be the same value as the id, sub, or user_id value found in the social identity provider token.

For SAML, the ProviderAttributeName can be any value that matches a claim in the SAML assertion. If you wish to link SAML users based on the subject of the SAML assertion, you should map the subject to a claim through the SAML identity provider and submit that claim name as the ProviderAttributeName. If you set ProviderAttributeName to Cognito_Subject, Cognito will automatically parse the default unique identifier found in the subject from the SAML token.



1079
1080
1081
1082
1083
1084
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/types.rb', line 1079

class AdminLinkProviderForUserRequest < Struct.new(
  :user_pool_id,
  :destination_user,
  :source_user)
  include Aws::Structure
end

#user_pool_idString

The user pool ID for the user pool.

Returns:

  • (String)


1079
1080
1081
1082
1083
1084
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/types.rb', line 1079

class AdminLinkProviderForUserRequest < Struct.new(
  :user_pool_id,
  :destination_user,
  :source_user)
  include Aws::Structure
end