Class: Aws::CognitoIdentityProvider::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::CognitoIdentityProvider::Client
- Includes:
- Aws::ClientStubs
- Defined in:
- gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb
Overview
An API client for CognitoIdentityProvider. To construct a client, you need to configure a :region
and :credentials
.
client = Aws::CognitoIdentityProvider::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the developer guide.
See #initialize for a full list of supported configuration options.
Instance Attribute Summary
Attributes inherited from Seahorse::Client::Base
API Operations collapse
-
#add_custom_attributes(params = {}) ⇒ Struct
Adds additional user attributes to the user pool schema.
-
#admin_add_user_to_group(params = {}) ⇒ Struct
Adds a user to a group.
-
#admin_confirm_sign_up(params = {}) ⇒ Struct
This IAM-authenticated API operation confirms user sign-up as an administrator.
-
#admin_create_user(params = {}) ⇒ Types::AdminCreateUserResponse
Creates a new user in the specified user pool.
-
#admin_delete_user(params = {}) ⇒ Struct
Deletes a user as an administrator.
-
#admin_delete_user_attributes(params = {}) ⇒ Struct
Deletes the user attributes in a user pool as an administrator.
-
#admin_disable_provider_for_user(params = {}) ⇒ Struct
Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP).
-
#admin_disable_user(params = {}) ⇒ Struct
Deactivates a user and revokes all access tokens for the user.
-
#admin_enable_user(params = {}) ⇒ Struct
Enables the specified user as an administrator.
-
#admin_forget_device(params = {}) ⇒ Struct
Forgets the device, as an administrator.
-
#admin_get_device(params = {}) ⇒ Types::AdminGetDeviceResponse
Gets the device, as an administrator.
-
#admin_get_user(params = {}) ⇒ Types::AdminGetUserResponse
Gets the specified user by user name in a user pool as an administrator.
-
#admin_initiate_auth(params = {}) ⇒ Types::AdminInitiateAuthResponse
Initiates the authentication flow, as an administrator.
-
#admin_link_provider_for_user(params = {}) ⇒ Struct
Links an existing user account in a user pool (
DestinationUser
) to an identity from an external IdP (SourceUser
) based on a specified attribute name and value from the external IdP. -
#admin_list_devices(params = {}) ⇒ Types::AdminListDevicesResponse
Lists a user's registered devices.
-
#admin_list_groups_for_user(params = {}) ⇒ Types::AdminListGroupsForUserResponse
Lists the groups that a user belongs to.
-
#admin_list_user_auth_events(params = {}) ⇒ Types::AdminListUserAuthEventsResponse
A history of user activity and any risks detected as part of Amazon Cognito advanced security.
-
#admin_remove_user_from_group(params = {}) ⇒ Struct
Removes the specified user from the specified group.
-
#admin_reset_user_password(params = {}) ⇒ Struct
Resets the specified user's password in a user pool as an administrator.
-
#admin_respond_to_auth_challenge(params = {}) ⇒ Types::AdminRespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
-
#admin_set_user_mfa_preference(params = {}) ⇒ Struct
Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred.
-
#admin_set_user_password(params = {}) ⇒ Struct
Sets the specified user's password in a user pool as an administrator.
-
#admin_set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA.
-
#admin_update_auth_event_feedback(params = {}) ⇒ Struct
Provides feedback for an authentication event indicating if it was from a valid user.
-
#admin_update_device_status(params = {}) ⇒ Struct
Updates the device status as an administrator.
-
#admin_update_user_attributes(params = {}) ⇒ Struct
This action might generate an SMS text message. -
#admin_user_global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
-
#associate_software_token(params = {}) ⇒ Types::AssociateSoftwareTokenResponse
Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response.
-
#change_password(params = {}) ⇒ Struct
Changes the password for a specified user in a user pool.
-
#complete_web_authn_registration(params = {}) ⇒ Struct
Completes registration of a passkey authenticator for the current user.
-
#confirm_device(params = {}) ⇒ Types::ConfirmDeviceResponse
Confirms tracking of the device.
-
#confirm_forgot_password(params = {}) ⇒ Struct
Allows a user to enter a confirmation code to reset a forgotten password.
-
#confirm_sign_up(params = {}) ⇒ Types::ConfirmSignUpResponse
This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the [SignUp][1] API operation.
-
#create_group(params = {}) ⇒ Types::CreateGroupResponse
Creates a new group in the specified user pool.
-
#create_identity_provider(params = {}) ⇒ Types::CreateIdentityProviderResponse
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
-
#create_managed_login_branding(params = {}) ⇒ Types::CreateManagedLoginBrandingResponse
Creates a new set of branding settings for a user pool style and associates it with an app client.
-
#create_resource_server(params = {}) ⇒ Types::CreateResourceServerResponse
Creates a new OAuth2.0 resource server and defines custom scopes within it.
-
#create_user_import_job(params = {}) ⇒ Types::CreateUserImportJobResponse
Creates a user import job.
-
#create_user_pool(params = {}) ⇒ Types::CreateUserPoolResponse
This action might generate an SMS text message. -
#create_user_pool_client(params = {}) ⇒ Types::CreateUserPoolClientResponse
Creates the user pool client.
-
#create_user_pool_domain(params = {}) ⇒ Types::CreateUserPoolDomainResponse
Creates a new domain for a user pool.
-
#delete_group(params = {}) ⇒ Struct
Deletes a group.
-
#delete_identity_provider(params = {}) ⇒ Struct
Deletes an IdP for a user pool.
-
#delete_managed_login_branding(params = {}) ⇒ Struct
Deletes a managed login branding style.
-
#delete_resource_server(params = {}) ⇒ Struct
Deletes a resource server.
-
#delete_user(params = {}) ⇒ Struct
Allows a user to delete their own user profile.
-
#delete_user_attributes(params = {}) ⇒ Struct
Deletes the attributes for a user.
-
#delete_user_pool(params = {}) ⇒ Struct
Deletes the specified Amazon Cognito user pool.
-
#delete_user_pool_client(params = {}) ⇒ Struct
Allows the developer to delete the user pool client.
-
#delete_user_pool_domain(params = {}) ⇒ Struct
Deletes a domain for a user pool.
-
#delete_web_authn_credential(params = {}) ⇒ Struct
Deletes a registered passkey, or webauthN, device for the currently signed-in user.
-
#describe_identity_provider(params = {}) ⇒ Types::DescribeIdentityProviderResponse
Gets information about a specific IdP.
-
#describe_managed_login_branding(params = {}) ⇒ Types::DescribeManagedLoginBrandingResponse
When given the ID of a managed login branding style, returns detailed information about the style.
-
#describe_managed_login_branding_by_client(params = {}) ⇒ Types::DescribeManagedLoginBrandingByClientResponse
When given the ID of a user pool app client, returns detailed information about the style assigned to the app client.
-
#describe_resource_server(params = {}) ⇒ Types::DescribeResourceServerResponse
Describes a resource server.
-
#describe_risk_configuration(params = {}) ⇒ Types::DescribeRiskConfigurationResponse
Describes the risk configuration.
-
#describe_user_import_job(params = {}) ⇒ Types::DescribeUserImportJobResponse
Describes the user import job.
-
#describe_user_pool(params = {}) ⇒ Types::DescribeUserPoolResponse
Returns the configuration information and metadata of the specified user pool.
-
#describe_user_pool_client(params = {}) ⇒ Types::DescribeUserPoolClientResponse
Client method for returning the configuration information and metadata of the specified user pool app client.
-
#describe_user_pool_domain(params = {}) ⇒ Types::DescribeUserPoolDomainResponse
Gets information about a domain.
-
#forget_device(params = {}) ⇒ Struct
Forgets the specified device.
-
#forgot_password(params = {}) ⇒ Types::ForgotPasswordResponse
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password.
-
#get_csv_header(params = {}) ⇒ Types::GetCSVHeaderResponse
Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.
-
#get_device(params = {}) ⇒ Types::GetDeviceResponse
Gets the device.
-
#get_group(params = {}) ⇒ Types::GetGroupResponse
Gets a group.
-
#get_identity_provider_by_identifier(params = {}) ⇒ Types::GetIdentityProviderByIdentifierResponse
Gets the specified IdP.
-
#get_log_delivery_configuration(params = {}) ⇒ Types::GetLogDeliveryConfigurationResponse
Gets the logging configuration of a user pool.
-
#get_signing_certificate(params = {}) ⇒ Types::GetSigningCertificateResponse
This method takes a user pool ID, and returns the signing certificate.
-
#get_ui_customization(params = {}) ⇒ Types::GetUICustomizationResponse
Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client.
-
#get_user(params = {}) ⇒ Types::GetUserResponse
Gets the user attributes and metadata for a user.
-
#get_user_attribute_verification_code(params = {}) ⇒ Types::GetUserAttributeVerificationCodeResponse
Generates a user attribute verification code for the specified attribute name.
-
#get_user_auth_factors(params = {}) ⇒ Types::GetUserAuthFactorsResponse
Lists the authentication options for the currently signed-in user.
-
#get_user_pool_mfa_config(params = {}) ⇒ Types::GetUserPoolMfaConfigResponse
Gets the user pool multi-factor authentication (MFA) configuration.
-
#global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
-
#initiate_auth(params = {}) ⇒ Types::InitiateAuthResponse
Initiates sign-in for a user in the Amazon Cognito user directory.
-
#list_devices(params = {}) ⇒ Types::ListDevicesResponse
Lists the sign-in devices that Amazon Cognito has registered to the current user.
-
#list_groups(params = {}) ⇒ Types::ListGroupsResponse
Lists the groups associated with a user pool.
-
#list_identity_providers(params = {}) ⇒ Types::ListIdentityProvidersResponse
Lists information about all IdPs for a user pool.
-
#list_resource_servers(params = {}) ⇒ Types::ListResourceServersResponse
Lists the resource servers for a user pool.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are assigned to an Amazon Cognito user pool.
-
#list_user_import_jobs(params = {}) ⇒ Types::ListUserImportJobsResponse
Lists user import jobs for a user pool.
-
#list_user_pool_clients(params = {}) ⇒ Types::ListUserPoolClientsResponse
Lists the clients that have been created for the specified user pool.
-
#list_user_pools(params = {}) ⇒ Types::ListUserPoolsResponse
Lists the user pools associated with an Amazon Web Services account.
-
#list_users(params = {}) ⇒ Types::ListUsersResponse
Lists users and their basic details in a user pool.
-
#list_users_in_group(params = {}) ⇒ Types::ListUsersInGroupResponse
Lists the users in the specified group.
-
#list_web_authn_credentials(params = {}) ⇒ Types::ListWebAuthnCredentialsResponse
Generates a list of the current user's registered passkey, or webauthN, credentials.
-
#resend_confirmation_code(params = {}) ⇒ Types::ResendConfirmationCodeResponse
Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
-
#respond_to_auth_challenge(params = {}) ⇒ Types::RespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
-
#revoke_token(params = {}) ⇒ Struct
Revokes all of the access tokens generated by, and at the same time as, the specified refresh token.
-
#set_log_delivery_configuration(params = {}) ⇒ Types::SetLogDeliveryConfigurationResponse
Sets up or modifies the logging configuration of a user pool.
-
#set_risk_configuration(params = {}) ⇒ Types::SetRiskConfigurationResponse
Configures actions on detected risks.
-
#set_ui_customization(params = {}) ⇒ Types::SetUICustomizationResponse
Sets the user interface (UI) customization information for a user pool's built-in app UI.
-
#set_user_mfa_preference(params = {}) ⇒ Struct
Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred.
-
#set_user_pool_mfa_config(params = {}) ⇒ Types::SetUserPoolMfaConfigResponse
Sets the user pool multi-factor authentication (MFA) and passkey configuration.
-
#set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA.
-
#sign_up(params = {}) ⇒ Types::SignUpResponse
Registers the user in the specified user pool and creates a user name, password, and user attributes.
-
#start_user_import_job(params = {}) ⇒ Types::StartUserImportJobResponse
Starts the user import.
-
#start_web_authn_registration(params = {}) ⇒ Types::StartWebAuthnRegistrationResponse
Requests credential creation options from your user pool for registration of a passkey authenticator.
-
#stop_user_import_job(params = {}) ⇒ Types::StopUserImportJobResponse
Stops the user import job.
-
#tag_resource(params = {}) ⇒ Struct
Assigns a set of tags to an Amazon Cognito user pool.
-
#untag_resource(params = {}) ⇒ Struct
Removes the specified tags from an Amazon Cognito user pool.
-
#update_auth_event_feedback(params = {}) ⇒ Struct
Provides the feedback for an authentication event, whether it was from a valid user or not.
-
#update_device_status(params = {}) ⇒ Struct
Updates the device status.
-
#update_group(params = {}) ⇒ Types::UpdateGroupResponse
Updates the specified group with the specified attributes.
-
#update_identity_provider(params = {}) ⇒ Types::UpdateIdentityProviderResponse
Updates IdP information for a user pool.
-
#update_managed_login_branding(params = {}) ⇒ Types::UpdateManagedLoginBrandingResponse
Configures the branding settings for a user pool style.
-
#update_resource_server(params = {}) ⇒ Types::UpdateResourceServerResponse
Updates the name and scopes of resource server.
-
#update_user_attributes(params = {}) ⇒ Types::UpdateUserAttributesResponse
With this operation, your users can update one or more of their attributes with their own credentials.
-
#update_user_pool(params = {}) ⇒ Struct
This action might generate an SMS text message. -
#update_user_pool_client(params = {}) ⇒ Types::UpdateUserPoolClientResponse
Updates the specified user pool app client with the specified attributes.
-
#update_user_pool_domain(params = {}) ⇒ Types::UpdateUserPoolDomainResponse
Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.
-
#verify_software_token(params = {}) ⇒ Types::VerifySoftwareTokenResponse
Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful.
-
#verify_user_attribute(params = {}) ⇒ Struct
Verifies the specified user attributes in the user pool.
Instance Method Summary collapse
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
Methods included from Aws::ClientStubs
#api_requests, #stub_data, #stub_responses
Methods inherited from Seahorse::Client::Base
add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
451 452 453 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 451 def initialize(*args) super end |
Instance Method Details
#add_custom_attributes(params = {}) ⇒ Struct
Adds additional user attributes to the user pool schema.
Learn more
513 514 515 516 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 513 def add_custom_attributes(params = {}, = {}) req = build_request(:add_custom_attributes, params) req.send_request() end |
#admin_add_user_to_group(params = {}) ⇒ Struct
Adds a user to a group. A user who is in a group can present a
preferred-role claim to an identity pool, and populates a
cognito:groups
claim to their access and identity tokens.
Learn more
567 568 569 570 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 567 def admin_add_user_to_group(params = {}, = {}) req = build_request(:admin_add_user_to_group, params) req.send_request() end |
#admin_confirm_sign_up(params = {}) ⇒ Struct
This IAM-authenticated API operation confirms user sign-up as an administrator. Unlike ConfirmSignUp, your IAM credentials authorize user account confirmation. No confirmation code is required.
This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.
Learn more
663 664 665 666 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 663 def admin_confirm_sign_up(params = {}, = {}) req = build_request(:admin_confirm_sign_up, params) req.send_request() end |
#admin_create_user(params = {}) ⇒ Types::AdminCreateUserResponse
Creates a new user in the specified user pool.
If MessageAction
isn't set, the default is to send a welcome
message via email or phone (SMS).
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser
with SUPPRESS
for the
MessageAction
parameter, and Amazon Cognito won't send any email.
In either case, if the user has a password, they will be in the
FORCE_CHANGE_PASSWORD
state until they sign in and set their
password. Your invitation message template must have the {####}
password placeholder if your users have passwords. If your template
doesn't have this placeholder, Amazon Cognito doesn't deliver the
invitation message. In this case, you must update your message
template and resend the password with a new AdminCreateUser
request
with a MessageAction
value of RESEND
.
Learn more
1011 1012 1013 1014 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1011 def admin_create_user(params = {}, = {}) req = build_request(:admin_create_user, params) req.send_request() end |
#admin_delete_user(params = {}) ⇒ Struct
Deletes a user as an administrator. Works on any user.
Learn more
1059 1060 1061 1062 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1059 def admin_delete_user(params = {}, = {}) req = build_request(:admin_delete_user, params) req.send_request() end |
#admin_delete_user_attributes(params = {}) ⇒ Struct
Deletes the user attributes in a user pool as an administrator. Works on any user.
Learn more
1117 1118 1119 1120 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1117 def admin_delete_user_attributes(params = {}, = {}) req = build_request(:admin_delete_user_attributes, params) req.send_request() end |
#admin_disable_provider_for_user(params = {}) ⇒ Struct
Prevents the user from signing in with the specified external (SAML or
social) identity provider (IdP). If the user that you want to
deactivate is a Amazon Cognito user pools native username + password
user, they can't use their password to sign in. If the user to
deactivate is a linked external IdP user, any link between that user
and an existing user is removed. When the external user signs in
again, and the user is no longer attached to the previously linked
DestinationUser
, the user must create a new user account. See
AdminLinkProviderForUser.
The ProviderName
must match the value specified when creating an IdP
for the pool.
To deactivate a native username + password user, the ProviderName
value must be Cognito
and the ProviderAttributeName
must be
Cognito_Subject
. The ProviderAttributeValue
must be the name that
is used in the user pool for the user.
The ProviderAttributeName
must always be Cognito_Subject
for
social IdPs. The ProviderAttributeValue
must always be the exact
subject that was used when the user was originally linked as a source
user.
For de-linking a SAML identity, there are two scenarios. If the linked
identity has not yet been used to sign in, the ProviderAttributeName
and ProviderAttributeValue
must be the same values that were used
for the SourceUser
when the identities were originally linked using
AdminLinkProviderForUser
call. (If the linking was done with
ProviderAttributeName
set to Cognito_Subject
, the same applies
here). However, if the user has already signed in, the
ProviderAttributeName
must be Cognito_Subject
and
ProviderAttributeValue
must be the subject of the SAML assertion.
Learn more
1197 1198 1199 1200 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1197 def admin_disable_provider_for_user(params = {}, = {}) req = build_request(:admin_disable_provider_for_user, params) req.send_request() end |
#admin_disable_user(params = {}) ⇒ Struct
Deactivates a user and revokes all access tokens for the user. A
deactivated user can't sign in, but still appears in the responses to
GetUser
and ListUsers
API requests.
Learn more
1247 1248 1249 1250 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1247 def admin_disable_user(params = {}, = {}) req = build_request(:admin_disable_user, params) req.send_request() end |
#admin_enable_user(params = {}) ⇒ Struct
Enables the specified user as an administrator. Works on any user.
Learn more
1295 1296 1297 1298 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1295 def admin_enable_user(params = {}, = {}) req = build_request(:admin_enable_user, params) req.send_request() end |
#admin_forget_device(params = {}) ⇒ Struct
Forgets the device, as an administrator.
Learn more
1347 1348 1349 1350 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1347 def admin_forget_device(params = {}, = {}) req = build_request(:admin_forget_device, params) req.send_request() end |
#admin_get_device(params = {}) ⇒ Types::AdminGetDeviceResponse
Gets the device, as an administrator.
Learn more
1411 1412 1413 1414 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1411 def admin_get_device(params = {}, = {}) req = build_request(:admin_get_device, params) req.send_request() end |
#admin_get_user(params = {}) ⇒ Types::AdminGetUserResponse
Gets the specified user by user name in a user pool as an administrator. Works on any user. This operation contributes to your monthly active user (MAU) count for the purpose of billing.
Learn more
1489 1490 1491 1492 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1489 def admin_get_user(params = {}, = {}) req = build_request(:admin_get_user, params) req.send_request() end |
#admin_initiate_auth(params = {}) ⇒ Types::AdminInitiateAuthResponse
Initiates the authentication flow, as an administrator.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
1775 1776 1777 1778 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1775 def admin_initiate_auth(params = {}, = {}) req = build_request(:admin_initiate_auth, params) req.send_request() end |
#admin_link_provider_for_user(params = {}) ⇒ Struct
Links an existing user account in a user pool (DestinationUser
) to
an identity from an external IdP (SourceUser
) based on a specified
attribute name and value from the external IdP. This allows you to
create a link from the existing user account to an external federated
user identity that has not yet been used to sign in. You can then use
the federated user identity to sign in as the existing user account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity. When the user signs in with a federated user identity, they sign in as the existing user account.
Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external IdPs and provider attributes that have been trusted by the application owner.
Learn more
1896 1897 1898 1899 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1896 def admin_link_provider_for_user(params = {}, = {}) req = build_request(:admin_link_provider_for_user, params) req.send_request() end |
#admin_list_devices(params = {}) ⇒ Types::AdminListDevicesResponse
Lists a user's registered devices.
Learn more
1972 1973 1974 1975 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 1972 def admin_list_devices(params = {}, = {}) req = build_request(:admin_list_devices, params) req.send_request() end |
#admin_list_groups_for_user(params = {}) ⇒ Types::AdminListGroupsForUserResponse
Lists the groups that a user belongs to.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2047 2048 2049 2050 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2047 def admin_list_groups_for_user(params = {}, = {}) req = build_request(:admin_list_groups_for_user, params) req.send_request() end |
#admin_list_user_auth_events(params = {}) ⇒ Types::AdminListUserAuthEventsResponse
A history of user activity and any risks detected as part of Amazon Cognito advanced security.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2134 2135 2136 2137 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2134 def admin_list_user_auth_events(params = {}, = {}) req = build_request(:admin_list_user_auth_events, params) req.send_request() end |
#admin_remove_user_from_group(params = {}) ⇒ Struct
Removes the specified user from the specified group.
Learn more
2186 2187 2188 2189 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2186 def admin_remove_user_from_group(params = {}, = {}) req = build_request(:admin_remove_user_from_group, params) req.send_request() end |
#admin_reset_user_password(params = {}) ⇒ Struct
Resets the specified user's password in a user pool as an administrator. Works on any user.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Deactivates a user's password, requiring them to change it. If a user
tries to sign in after the API is called, Amazon Cognito responds with
a PasswordResetRequiredException
error. Your app must then perform
the actions that reset your user's password: the forgot-password
flow. In addition, if the user pool has phone verification selected
and a verified phone number exists for the user, or if email
verification is selected and a verified email exists for the user,
calling this API will also result in sending a message to the end user
with the code to change their password.
Learn more
2314 2315 2316 2317 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2314 def admin_reset_user_password(params = {}, = {}) req = build_request(:admin_reset_user_password, params) req.send_request() end |
#admin_respond_to_auth_challenge(params = {}) ⇒ Types::AdminRespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt
for an MFA code, for device authentication that bypasses MFA, or for a
custom authentication challenge. An AdminRespondToAuthChallenge
API
request provides the answer to that challenge, like a code or a secure
remote password (SRP). The parameters of a response to an
authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Learn more
2654 2655 2656 2657 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2654 def admin_respond_to_auth_challenge(params = {}, = {}) req = build_request(:admin_respond_to_auth_challenge, params) req.send_request() end |
#admin_set_user_mfa_preference(params = {}) ⇒ Struct
Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.
Learn more
2740 2741 2742 2743 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2740 def admin_set_user_mfa_preference(params = {}, = {}) req = build_request(:admin_set_user_mfa_preference, params) req.send_request() end |
#admin_set_user_password(params = {}) ⇒ Struct
Sets the specified user's password in a user pool as an administrator. Works on any user.
The password can be temporary or permanent. If it is temporary, the
user status enters the FORCE_CHANGE_PASSWORD
state. When the user
next tries to sign in, the InitiateAuth/AdminInitiateAuth response
will contain the NEW_PASSWORD_REQUIRED
challenge. If the user
doesn't sign in before it expires, the user won't be able to sign
in, and an administrator must reset their password.
Once the user has set a new password, or the password is permanent,
the user status is set to Confirmed
.
AdminSetUserPassword
can set a password for the user profile that
Amazon Cognito creates for third-party federated users. When you set a
password, the federated user's status changes from
EXTERNAL_PROVIDER
to CONFIRMED
. A user in this state can sign in
as a federated user, and initiate authentication flows in the API like
a linked native user. They can also modify their password and
attributes in token-authenticated API requests like ChangePassword
and UpdateUserAttributes
. As a best security practice and to keep
users in sync with your external IdP, don't set passwords on
federated user profiles. To set up a federated user for native sign-in
with a linked native user, refer to Linking federated users to an
existing user profile.
Learn more
2822 2823 2824 2825 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2822 def admin_set_user_password(params = {}, = {}) req = build_request(:admin_set_user_password, params) req.send_request() end |
#admin_set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use AdminSetUserMFAPreference instead.
Learn more
2885 2886 2887 2888 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2885 def admin_set_user_settings(params = {}, = {}) req = build_request(:admin_set_user_settings, params) req.send_request() end |
#admin_update_auth_event_feedback(params = {}) ⇒ Struct
Provides feedback for an authentication event indicating if it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.
Learn more
2949 2950 2951 2952 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 2949 def admin_update_auth_event_feedback(params = {}, = {}) req = build_request(:admin_update_auth_event_feedback, params) req.send_request() end |
#admin_update_device_status(params = {}) ⇒ Struct
Updates the device status as an administrator.
Learn more
3005 3006 3007 3008 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3005 def admin_update_device_status(params = {}, = {}) req = build_request(:admin_update_device_status, params) req.send_request() end |
#admin_update_user_attributes(params = {}) ⇒ Struct
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must prepend the custom:
prefix to the
attribute name.
In addition to updating user attributes, this API can also be used to mark phone and email as verified.
Learn more
3154 3155 3156 3157 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3154 def admin_update_user_attributes(params = {}, = {}) req = build_request(:admin_update_user_attributes, params) req.send_request() end |
#admin_user_global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.
Amazon Cognito returns an
Access Token has been revoked
error when your app attempts to authorize a user pools API request with a revoked access token that contains the scopeaws.cognito.signin.user.admin
.Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with
ServerSideTokenCheck
enabled for its user pool IdP configuration in CognitoIdentityProvider.Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.
Other requests might be valid until your user's token expires.
Learn more
3227 3228 3229 3230 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3227 def admin_user_global_sign_out(params = {}, = {}) req = build_request(:admin_user_global_sign_out, params) req.send_request() end |
#associate_software_token(params = {}) ⇒ Types::AssociateSoftwareTokenResponse
Begins setup of time-based one-time password (TOTP) multi-factor
authentication (MFA) for a user, with a unique private key that Amazon
Cognito generates and returns in the API response. You can authorize
an AssociateSoftwareToken
request with either the user's access
token, or a session string from a challenge response that you received
from Amazon Cognito.
MFA_SETUP
or SOFTWARE_TOKEN_SETUP
challenge each time your user signs in. Complete setup with
AssociateSoftwareToken
and VerifySoftwareToken
.
After you set up software token MFA for your user, Amazon Cognito
generates a SOFTWARE_TOKEN_MFA
challenge when they authenticate.
Respond to this challenge with your user's TOTP.
3298 3299 3300 3301 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3298 def associate_software_token(params = {}, = {}) req = build_request(:associate_software_token, params) req.send_request() end |
#change_password(params = {}) ⇒ Struct
Changes the password for a specified user in a user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3347 3348 3349 3350 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3347 def change_password(params = {}, = {}) req = build_request(:change_password, params) req.send_request() end |
#complete_web_authn_registration(params = {}) ⇒ Struct
Completes registration of a passkey authenticator for the current user. Your application provides data from a successful registration request with the data from the output of a StartWebAuthnRegistration.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3395 3396 3397 3398 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3395 def complete_web_authn_registration(params = {}, = {}) req = build_request(:complete_web_authn_registration, params) req.send_request() end |
#confirm_device(params = {}) ⇒ Types::ConfirmDeviceResponse
Confirms tracking of the device. This API call is the call that begins device tracking. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
3458 3459 3460 3461 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3458 def confirm_device(params = {}, = {}) req = build_request(:confirm_device, params) req.send_request() end |
#confirm_forgot_password(params = {}) ⇒ Struct
Allows a user to enter a confirmation code to reset a forgotten password.
3584 3585 3586 3587 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3584 def confirm_forgot_password(params = {}, = {}) req = build_request(:confirm_forgot_password, params) req.send_request() end |
#confirm_sign_up(params = {}) ⇒ Types::ConfirmSignUpResponse
This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.
Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users, users created with the AdminCreateUser API operation, confirm their accounts when they respond to their invitation email message and choose a password. They do not receive a confirmation code. Instead, they receive a temporary password.
3734 3735 3736 3737 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3734 def confirm_sign_up(params = {}, = {}) req = build_request(:confirm_sign_up, params) req.send_request() end |
#create_group(params = {}) ⇒ Types::CreateGroupResponse
Creates a new group in the specified user pool.
Learn more
3819 3820 3821 3822 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 3819 def create_group(params = {}, = {}) req = build_request(:create_group, params) req.send_request() end |
#create_identity_provider(params = {}) ⇒ Types::CreateIdentityProviderResponse
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
Learn more
4016 4017 4018 4019 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4016 def create_identity_provider(params = {}, = {}) req = build_request(:create_identity_provider, params) req.send_request() end |
#create_managed_login_branding(params = {}) ⇒ Types::CreateManagedLoginBrandingResponse
Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer.
Provides values for UI customization in a Settings
JSON object and
image files in an Assets
array. To send the JSON object Document
type parameter in Settings
, you might need to update to the most
recent version of your Amazon Web Services SDK.
This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.
For more information, see API and SDK operations for managed login branding
Learn more
4136 4137 4138 4139 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4136 def create_managed_login_branding(params = {}, = {}) req = build_request(:create_managed_login_branding, params) req.send_request() end |
#create_resource_server(params = {}) ⇒ Types::CreateResourceServerResponse
Creates a new OAuth2.0 resource server and defines custom scopes within it.
Learn more
4213 4214 4215 4216 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4213 def create_resource_server(params = {}, = {}) req = build_request(:create_resource_server, params) req.send_request() end |
#create_user_import_job(params = {}) ⇒ Types::CreateUserImportJobResponse
Creates a user import job.
Learn more
4281 4282 4283 4284 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 4281 def create_user_import_job(params = {}, = {}) req = build_request(:create_user_import_job, params) req.send_request() end |
#create_user_pool(params = {}) ⇒ Types::CreateUserPoolResponse
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Creates a new Amazon Cognito user pool and sets the password policy for the pool.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Learn more
5193 5194 5195 5196 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 5193 def create_user_pool(params = {}, = {}) req = build_request(:create_user_pool, params) req.send_request() end |
#create_user_pool_client(params = {}) ⇒ Types::CreateUserPoolClientResponse
Creates the user pool client.
When you create a new user pool client, token revocation is automatically activated. For more information about revoking tokens, see RevokeToken.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Learn more
5786 5787 5788 5789 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 5786 def create_user_pool_client(params = {}, = {}) req = build_request(:create_user_pool_client, params) req.send_request() end |
#create_user_pool_domain(params = {}) ⇒ Types::CreateUserPoolDomainResponse
Creates a new domain for a user pool. The domain hosts user pool domain services like managed login, the hosted UI (classic), and the user pool authorization server.
Learn more
5873 5874 5875 5876 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 5873 def create_user_pool_domain(params = {}, = {}) req = build_request(:create_user_pool_domain, params) req.send_request() end |
#delete_group(params = {}) ⇒ Struct
Deletes a group.
Calling this action requires developer credentials.
5901 5902 5903 5904 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 5901 def delete_group(params = {}, = {}) req = build_request(:delete_group, params) req.send_request() end |
#delete_identity_provider(params = {}) ⇒ Struct
Deletes an IdP for a user pool.
5927 5928 5929 5930 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 5927 def delete_identity_provider(params = {}, = {}) req = build_request(:delete_identity_provider, params) req.send_request() end |
#delete_managed_login_branding(params = {}) ⇒ Struct
Deletes a managed login branding style. When you delete a style, you delete the branding association for an app client and restore it to default settings.
Learn more
5974 5975 5976 5977 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 5974 def delete_managed_login_branding(params = {}, = {}) req = build_request(:delete_managed_login_branding, params) req.send_request() end |
#delete_resource_server(params = {}) ⇒ Struct
Deletes a resource server.
6000 6001 6002 6003 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6000 def delete_resource_server(params = {}, = {}) req = build_request(:delete_resource_server, params) req.send_request() end |
#delete_user(params = {}) ⇒ Struct
Allows a user to delete their own user profile.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6039 6040 6041 6042 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6039 def delete_user(params = {}, = {}) req = build_request(:delete_user, params) req.send_request() end |
#delete_user_attributes(params = {}) ⇒ Struct
Deletes the attributes for a user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6086 6087 6088 6089 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6086 def delete_user_attributes(params = {}, = {}) req = build_request(:delete_user_attributes, params) req.send_request() end |
#delete_user_pool(params = {}) ⇒ Struct
Deletes the specified Amazon Cognito user pool.
6108 6109 6110 6111 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6108 def delete_user_pool(params = {}, = {}) req = build_request(:delete_user_pool, params) req.send_request() end |
#delete_user_pool_client(params = {}) ⇒ Struct
Allows the developer to delete the user pool client.
6135 6136 6137 6138 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6135 def delete_user_pool_client(params = {}, = {}) req = build_request(:delete_user_pool_client, params) req.send_request() end |
#delete_user_pool_domain(params = {}) ⇒ Struct
Deletes a domain for a user pool.
6163 6164 6165 6166 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6163 def delete_user_pool_domain(params = {}, = {}) req = build_request(:delete_user_pool_domain, params) req.send_request() end |
#delete_web_authn_credential(params = {}) ⇒ Struct
Deletes a registered passkey, or webauthN, device for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6199 6200 6201 6202 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6199 def delete_web_authn_credential(params = {}, = {}) req = build_request(:delete_web_authn_credential, params) req.send_request() end |
#describe_identity_provider(params = {}) ⇒ Types::DescribeIdentityProviderResponse
Gets information about a specific IdP.
6241 6242 6243 6244 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6241 def describe_identity_provider(params = {}, = {}) req = build_request(:describe_identity_provider, params) req.send_request() end |
#describe_managed_login_branding(params = {}) ⇒ Types::DescribeManagedLoginBrandingResponse
When given the ID of a managed login branding style, returns detailed information about the style.
6293 6294 6295 6296 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6293 def describe_managed_login_branding(params = {}, = {}) req = build_request(:describe_managed_login_branding, params) req.send_request() end |
#describe_managed_login_branding_by_client(params = {}) ⇒ Types::DescribeManagedLoginBrandingByClientResponse
When given the ID of a user pool app client, returns detailed information about the style assigned to the app client.
6345 6346 6347 6348 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6345 def describe_managed_login_branding_by_client(params = {}, = {}) req = build_request(:describe_managed_login_branding_by_client, params) req.send_request() end |
#describe_resource_server(params = {}) ⇒ Types::DescribeResourceServerResponse
Describes a resource server.
6389 6390 6391 6392 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6389 def describe_resource_server(params = {}, = {}) req = build_request(:describe_resource_server, params) req.send_request() end |
#describe_risk_configuration(params = {}) ⇒ Types::DescribeRiskConfigurationResponse
Describes the risk configuration.
6448 6449 6450 6451 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6448 def describe_risk_configuration(params = {}, = {}) req = build_request(:describe_risk_configuration, params) req.send_request() end |
#describe_user_import_job(params = {}) ⇒ Types::DescribeUserImportJobResponse
Describes the user import job.
6493 6494 6495 6496 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6493 def describe_user_import_job(params = {}, = {}) req = build_request(:describe_user_import_job, params) req.send_request() end |
#describe_user_pool(params = {}) ⇒ Types::DescribeUserPoolResponse
Returns the configuration information and metadata of the specified user pool.
Learn more
6630 6631 6632 6633 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6630 def describe_user_pool(params = {}, = {}) req = build_request(:describe_user_pool, params) req.send_request() end |
#describe_user_pool_client(params = {}) ⇒ Types::DescribeUserPoolClientResponse
Client method for returning the configuration information and metadata of the specified user pool app client.
Learn more
6719 6720 6721 6722 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6719 def describe_user_pool_client(params = {}, = {}) req = build_request(:describe_user_pool_client, params) req.send_request() end |
#describe_user_pool_domain(params = {}) ⇒ Types::DescribeUserPoolDomainResponse
Gets information about a domain.
6757 6758 6759 6760 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6757 def describe_user_pool_domain(params = {}, = {}) req = build_request(:describe_user_pool_domain, params) req.send_request() end |
#forget_device(params = {}) ⇒ Struct
Forgets the specified device. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
6802 6803 6804 6805 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6802 def forget_device(params = {}, = {}) req = build_request(:forget_device, params) req.send_request() end |
#forgot_password(params = {}) ⇒ Types::ForgotPasswordResponse
Calling this API causes a message to be sent to the end user with a
confirmation code that is required to change the user's password. For
the Username
parameter, you can use the username or user alias. The
method used to send the confirmation code is sent according to the
specified AccountRecoverySetting. For more information, see
Recovering User Accounts in the Amazon Cognito Developer Guide.
To use the confirmation code for resetting the password, call
ConfirmForgotPassword.
If neither a verified phone number nor a verified email exists, this
API returns InvalidParameterException
. If your app client has a
client secret and you don't provide a SECRET_HASH
parameter, this
API returns NotAuthorizedException
.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
6959 6960 6961 6962 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6959 def forgot_password(params = {}, = {}) req = build_request(:forgot_password, params) req.send_request() end |
#get_csv_header(params = {}) ⇒ Types::GetCSVHeaderResponse
Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.
6992 6993 6994 6995 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 6992 def get_csv_header(params = {}, = {}) req = build_request(:get_csv_header, params) req.send_request() end |
#get_device(params = {}) ⇒ Types::GetDeviceResponse
Gets the device. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
7049 7050 7051 7052 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7049 def get_device(params = {}, = {}) req = build_request(:get_device, params) req.send_request() end |
#get_group(params = {}) ⇒ Types::GetGroupResponse
Gets a group.
Calling this action requires developer credentials.
7089 7090 7091 7092 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7089 def get_group(params = {}, = {}) req = build_request(:get_group, params) req.send_request() end |
#get_identity_provider_by_identifier(params = {}) ⇒ Types::GetIdentityProviderByIdentifierResponse
Gets the specified IdP.
7131 7132 7133 7134 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7131 def get_identity_provider_by_identifier(params = {}, = {}) req = build_request(:get_identity_provider_by_identifier, params) req.send_request() end |
#get_log_delivery_configuration(params = {}) ⇒ Types::GetLogDeliveryConfigurationResponse
Gets the logging configuration of a user pool.
7166 7167 7168 7169 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7166 def get_log_delivery_configuration(params = {}, = {}) req = build_request(:get_log_delivery_configuration, params) req.send_request() end |
#get_signing_certificate(params = {}) ⇒ Types::GetSigningCertificateResponse
This method takes a user pool ID, and returns the signing certificate. The issued certificate is valid for 10 years from the date of issue.
Amazon Cognito issues and assigns a new signing certificate annually.
This process returns a new value in the response to
GetSigningCertificate
, but doesn't invalidate the original
certificate.
7200 7201 7202 7203 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7200 def get_signing_certificate(params = {}, = {}) req = build_request(:get_signing_certificate, params) req.send_request() end |
#get_ui_customization(params = {}) ⇒ Types::GetUICustomizationResponse
Gets the user interface (UI) Customization information for a
particular app client's app UI, if any such information exists for
the client. If nothing is set for the particular client, but there is
an existing pool level customization (the app clientId
is ALL
),
then that information is returned. If nothing is present, then an
empty shape is returned.
7243 7244 7245 7246 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7243 def get_ui_customization(params = {}, = {}) req = build_request(:get_ui_customization, params) req.send_request() end |
#get_user(params = {}) ⇒ Types::GetUserResponse
Gets the user attributes and metadata for a user.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
7301 7302 7303 7304 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7301 def get_user(params = {}, = {}) req = build_request(:get_user, params) req.send_request() end |
#get_user_attribute_verification_code(params = {}) ⇒ Types::GetUserAttributeVerificationCodeResponse
Generates a user attribute verification code for the specified attribute name. Sends a message to a user with a code that they must return in a VerifyUserAttribute request.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
7418 7419 7420 7421 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7418 def get_user_attribute_verification_code(params = {}, = {}) req = build_request(:get_user_attribute_verification_code, params) req.send_request() end |
#get_user_auth_factors(params = {}) ⇒ Types::GetUserAuthFactorsResponse
Lists the authentication options for the currently signed-in user. Returns the following:
The user's multi-factor authentication (MFA) preferences.
The user's options in the
USER_AUTH
flow that they can select in aSELECT_CHALLENGE
response or request in aPREFERRED_CHALLENGE
request.
7462 7463 7464 7465 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7462 def get_user_auth_factors(params = {}, = {}) req = build_request(:get_user_auth_factors, params) req.send_request() end |
#get_user_pool_mfa_config(params = {}) ⇒ Types::GetUserPoolMfaConfigResponse
Gets the user pool multi-factor authentication (MFA) configuration.
7503 7504 7505 7506 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7503 def get_user_pool_mfa_config(params = {}, = {}) req = build_request(:get_user_pool_mfa_config, params) req.send_request() end |
#global_sign_out(params = {}) ⇒ Struct
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.
Amazon Cognito returns an
Access Token has been revoked
error when your app attempts to authorize a user pools API request with a revoked access token that contains the scopeaws.cognito.signin.user.admin
.Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with
ServerSideTokenCheck
enabled for its user pool IdP configuration in CognitoIdentityProvider.Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.
Other requests might be valid until your user's token expires.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
7566 7567 7568 7569 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7566 def global_sign_out(params = {}, = {}) req = build_request(:global_sign_out, params) req.send_request() end |
#initiate_auth(params = {}) ⇒ Types::InitiateAuthResponse
Initiates sign-in for a user in the Amazon Cognito user directory. You
can't sign in a user with a federated IdP with InitiateAuth
. For
more information, see Adding user pool sign-in through a third
party.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
7879 7880 7881 7882 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7879 def initiate_auth(params = {}, = {}) req = build_request(:initiate_auth, params) req.send_request() end |
#list_devices(params = {}) ⇒ Types::ListDevicesResponse
Lists the sign-in devices that Amazon Cognito has registered to the current user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
7949 7950 7951 7952 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 7949 def list_devices(params = {}, = {}) req = build_request(:list_devices, params) req.send_request() end |
#list_groups(params = {}) ⇒ Types::ListGroupsResponse
Lists the groups associated with a user pool.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8016 8017 8018 8019 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8016 def list_groups(params = {}, = {}) req = build_request(:list_groups, params) req.send_request() end |
#list_identity_providers(params = {}) ⇒ Types::ListIdentityProvidersResponse
Lists information about all IdPs for a user pool.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8078 8079 8080 8081 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8078 def list_identity_providers(params = {}, = {}) req = build_request(:list_identity_providers, params) req.send_request() end |
#list_resource_servers(params = {}) ⇒ Types::ListResourceServersResponse
Lists the resource servers for a user pool.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8142 8143 8144 8145 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8142 def list_resource_servers(params = {}, = {}) req = build_request(:list_resource_servers, params) req.send_request() end |
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are assigned to an Amazon Cognito user pool.
A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
You can use this action up to 10 times per second, per account.
8178 8179 8180 8181 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8178 def (params = {}, = {}) req = build_request(:list_tags_for_resource, params) req.send_request() end |
#list_user_import_jobs(params = {}) ⇒ Types::ListUserImportJobsResponse
Lists user import jobs for a user pool.
Learn more
8253 8254 8255 8256 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8253 def list_user_import_jobs(params = {}, = {}) req = build_request(:list_user_import_jobs, params) req.send_request() end |
#list_user_pool_clients(params = {}) ⇒ Types::ListUserPoolClientsResponse
Lists the clients that have been created for the specified user pool.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8318 8319 8320 8321 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8318 def list_user_pool_clients(params = {}, = {}) req = build_request(:list_user_pool_clients, params) req.send_request() end |
#list_user_pools(params = {}) ⇒ Types::ListUserPoolsResponse
Lists the user pools associated with an Amazon Web Services account.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8397 8398 8399 8400 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8397 def list_user_pools(params = {}, = {}) req = build_request(:list_user_pools, params) req.send_request() end |
#list_users(params = {}) ⇒ Types::ListUsersResponse
Lists users and their basic details in a user pool.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8631 8632 8633 8634 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8631 def list_users(params = {}, = {}) req = build_request(:list_users, params) req.send_request() end |
#list_users_in_group(params = {}) ⇒ Types::ListUsersInGroupResponse
Lists the users in the specified group.
Learn more
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
8707 8708 8709 8710 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8707 def list_users_in_group(params = {}, = {}) req = build_request(:list_users_in_group, params) req.send_request() end |
#list_web_authn_credentials(params = {}) ⇒ Types::ListWebAuthnCredentialsResponse
Generates a list of the current user's registered passkey, or webauthN, credentials.
8757 8758 8759 8760 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8757 def list_web_authn_credentials(params = {}, = {}) req = build_request(:list_web_authn_credentials, params) req.send_request() end |
#resend_confirmation_code(params = {}) ⇒ Types::ResendConfirmationCodeResponse
Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
8896 8897 8898 8899 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 8896 def resend_confirmation_code(params = {}, = {}) req = build_request(:resend_confirmation_code, params) req.send_request() end |
#respond_to_auth_challenge(params = {}) ⇒ Types::RespondToAuthChallengeResponse
Some API operations in a user pool generate a challenge, like a prompt
for an MFA code, for device authentication that bypasses MFA, or for a
custom authentication challenge. A RespondToAuthChallenge
API
request provides the answer to that challenge, like a code or a secure
remote password (SRP). The parameters of a response to an
authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
9205 9206 9207 9208 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9205 def respond_to_auth_challenge(params = {}, = {}) req = build_request(:respond_to_auth_challenge, params) req.send_request() end |
#revoke_token(params = {}) ⇒ Struct
Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.
9252 9253 9254 9255 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9252 def revoke_token(params = {}, = {}) req = build_request(:revoke_token, params) req.send_request() end |
#set_log_delivery_configuration(params = {}) ⇒ Types::SetLogDeliveryConfigurationResponse
Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and advanced security features user activity logs.
9306 9307 9308 9309 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9306 def set_log_delivery_configuration(params = {}, = {}) req = build_request(:set_log_delivery_configuration, params) req.send_request() end |
#set_risk_configuration(params = {}) ⇒ Types::SetRiskConfigurationResponse
Configures actions on detected risks. To delete the risk configuration
for UserPoolId
or ClientId
, pass null values for all four
configuration types.
To activate Amazon Cognito advanced security features, update the user
pool to include the UserPoolAddOns
keyAdvancedSecurityMode
.
9431 9432 9433 9434 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9431 def set_risk_configuration(params = {}, = {}) req = build_request(:set_risk_configuration, params) req.send_request() end |
#set_ui_customization(params = {}) ⇒ Types::SetUICustomizationResponse
Sets the user interface (UI) customization information for a user pool's built-in app UI.
You can specify app UI customization settings for a single client
(with a specific clientId
) or for all clients (by setting the
clientId
to ALL
). If you specify ALL
, the default configuration
is used for every client that has no previously set UI customization.
If you specify UI customization settings for a particular client, it
will no longer return to the ALL
configuration.
9491 9492 9493 9494 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9491 def set_ui_customization(params = {}, = {}) req = build_request(:set_ui_customization, params) req.send_request() end |
#set_user_mfa_preference(params = {}) ⇒ Struct
Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
9572 9573 9574 9575 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9572 def set_user_mfa_preference(params = {}, = {}) req = build_request(:set_user_mfa_preference, params) req.send_request() end |
#set_user_pool_mfa_config(params = {}) ⇒ Types::SetUserPoolMfaConfigResponse
Sets the user pool multi-factor authentication (MFA) and passkey configuration.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
9700 9701 9702 9703 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9700 def set_user_pool_mfa_config(params = {}, = {}) req = build_request(:set_user_pool_mfa_config, params) req.send_request() end |
#set_user_settings(params = {}) ⇒ Struct
This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use SetUserMFAPreference instead.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
9753 9754 9755 9756 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9753 def set_user_settings(params = {}, = {}) req = build_request(:set_user_settings, params) req.send_request() end |
#sign_up(params = {}) ⇒ Types::SignUpResponse
Registers the user in the specified user pool and creates a user name, password, and user attributes.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
You might receive a LimitExceeded
exception in response to this
request if you have exceeded a rate quota for email or SMS messages,
and if your user pool automatically verifies email addresses or phone
numbers. When you get this exception in the response, the user is
successfully created and is in an UNCONFIRMED
state. You can send a
new code with the ResendConfirmationCode request, or confirm the
user as an administrator with an AdminConfirmSignUp request.
9961 9962 9963 9964 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 9961 def sign_up(params = {}, = {}) req = build_request(:sign_up, params) req.send_request() end |
#start_user_import_job(params = {}) ⇒ Types::StartUserImportJobResponse
Starts the user import.
10006 10007 10008 10009 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10006 def start_user_import_job(params = {}, = {}) req = build_request(:start_user_import_job, params) req.send_request() end |
#start_web_authn_registration(params = {}) ⇒ Types::StartWebAuthnRegistrationResponse
Requests credential creation options from your user pool for registration of a passkey authenticator. Returns information about the user pool, the user profile, and authentication requirements. Users must provide this information in their request to enroll your application with their passkey provider.
After users present this data and register with their passkey provider, return the response to your user pool in a CompleteWebAuthnRegistration API request.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
10050 10051 10052 10053 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10050 def start_web_authn_registration(params = {}, = {}) req = build_request(:start_web_authn_registration, params) req.send_request() end |
#stop_user_import_job(params = {}) ⇒ Types::StopUserImportJobResponse
Stops the user import job.
10095 10096 10097 10098 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10095 def stop_user_import_job(params = {}, = {}) req = build_request(:stop_user_import_job, params) req.send_request() end |
#tag_resource(params = {}) ⇒ Struct
Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
Each tag consists of a key and value, both of which you define. A key
is a general category for more specific values. For example, if you
have two versions of a user pool, one for testing and another for
production, you might assign an Environment
tag key to both user
pools. The value of this key might be Test
for one user pool, and
Production
for the other.
Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an Identity and Access Management policy, you can constrain permissions for user pools based on specific tags or tag values.
You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.
10141 10142 10143 10144 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10141 def tag_resource(params = {}, = {}) req = build_request(:tag_resource, params) req.send_request() end |
#untag_resource(params = {}) ⇒ Struct
Removes the specified tags from an Amazon Cognito user pool. You can use this action up to 5 times per second, per account.
10169 10170 10171 10172 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10169 def untag_resource(params = {}, = {}) req = build_request(:untag_resource, params) req.send_request() end |
#update_auth_event_feedback(params = {}) ⇒ Struct
Provides the feedback for an authentication event, whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.
10232 10233 10234 10235 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10232 def update_auth_event_feedback(params = {}, = {}) req = build_request(:update_auth_event_feedback, params) req.send_request() end |
#update_device_status(params = {}) ⇒ Struct
Updates the device status. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
10281 10282 10283 10284 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10281 def update_device_status(params = {}, = {}) req = build_request(:update_device_status, params) req.send_request() end |
#update_group(params = {}) ⇒ Types::UpdateGroupResponse
Updates the specified group with the specified attributes.
Learn more
10356 10357 10358 10359 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10356 def update_group(params = {}, = {}) req = build_request(:update_group, params) req.send_request() end |
#update_identity_provider(params = {}) ⇒ Types::UpdateIdentityProviderResponse
Updates IdP information for a user pool.
Learn more
10547 10548 10549 10550 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10547 def update_identity_provider(params = {}, = {}) req = build_request(:update_identity_provider, params) req.send_request() end |
#update_managed_login_branding(params = {}) ⇒ Types::UpdateManagedLoginBrandingResponse
Configures the branding settings for a user pool style. This operation is the programmatic option for the configuration of a style in the branding designer.
Provides values for UI customization in a Settings
JSON object and
image files in an Assets
array.
This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.
For more information, see API and SDK operations for managed login branding.
Learn more
10659 10660 10661 10662 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10659 def update_managed_login_branding(params = {}, = {}) req = build_request(:update_managed_login_branding, params) req.send_request() end |
#update_resource_server(params = {}) ⇒ Types::UpdateResourceServerResponse
Updates the name and scopes of resource server. All other fields are read-only.
If you don't provide a value for an attribute, it is set to the default value.
Learn more
10738 10739 10740 10741 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10738 def update_resource_server(params = {}, = {}) req = build_request(:update_resource_server, params) req.send_request() end |
#update_user_attributes(params = {}) ⇒ Types::UpdateUserAttributesResponse
With this operation, your users can update one or more of their
attributes with their own credentials. You authorize this API request
with the user's access token. To delete an attribute from your user,
submit the attribute in your API request with a blank value. Custom
attribute values in this request must include the custom:
prefix.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
10871 10872 10873 10874 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 10871 def update_user_attributes(params = {}, = {}) req = build_request(:update_user_attributes, params) req.send_request() end |
#update_user_pool(params = {}) ⇒ Struct
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using DescribeUserPool.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Learn more
11191 11192 11193 11194 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11191 def update_user_pool(params = {}, = {}) req = build_request(:update_user_pool, params) req.send_request() end |
#update_user_pool_client(params = {}) ⇒ Types::UpdateUserPoolClientResponse
Updates the specified user pool app client with the specified attributes. You can get a list of the current user pool app client settings using DescribeUserPoolClient.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
You can also use this operation to enable token revocation for user pool clients. For more information about revoking tokens, see RevokeToken.
Learn more
11651 11652 11653 11654 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11651 def update_user_pool_client(params = {}, = {}) req = build_request(:update_user_pool_client, params) req.send_request() end |
#update_user_pool_domain(params = {}) ⇒ Types::UpdateUserPoolDomainResponse
Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.
You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You can't use it to change the domain for a user pool.
A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.
Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.
However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.
When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Amazon Web Services Region.
After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.
For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.
Learn more
11770 11771 11772 11773 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11770 def update_user_pool_domain(params = {}, = {}) req = build_request(:update_user_pool_domain, params) req.send_request() end |
#verify_software_token(params = {}) ⇒ Types::VerifySoftwareTokenResponse
Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful. The request takes an access token or a session string, but not both.
11835 11836 11837 11838 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11835 def verify_software_token(params = {}, = {}) req = build_request(:verify_software_token, params) req.send_request() end |
#verify_user_attribute(params = {}) ⇒ Struct
Verifies the specified user attributes in the user pool.
If your user pool requires verification before Amazon Cognito updates the attribute value, VerifyUserAttribute updates the affected attribute to its pending value. For more information, see UserAttributeUpdateSettingsType.
Authorize this action with a signed-in user's access token. It must
include the scope aws.cognito.signin.user.admin
.
11888 11889 11890 11891 |
# File 'gems/aws-sdk-cognitoidentityprovider/lib/aws-sdk-cognitoidentityprovider/client.rb', line 11888 def verify_user_attribute(params = {}, = {}) req = build_request(:verify_user_attribute, params) req.send_request() end |