AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Links an existing user account in a user pool (DestinationUser) to an identity
from an external IdP (SourceUser) based on a specified attribute name and value
from the external IdP. This allows you to create a link from the existing user account
to an external federated user identity that has not yet been used to sign in. You
can then use the federated user identity to sign in as the existing user account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity. When the user signs in with a federated user identity, they sign in as the existing user account.
The maximum number of federated identities linked to a user is five.
Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external IdPs and provider attributes that have been trusted by the application owner.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
For .NET Core this operation is only available in asynchronous form. Please refer to AdminLinkProviderForUserAsync.
Namespace: Amazon.CognitoIdentityProvider
Assembly: AWSSDK.CognitoIdentityProvider.dll
Version: 3.x.y.z
public virtual AdminLinkProviderForUserResponse AdminLinkProviderForUser( AdminLinkProviderForUserRequest request )
Container for the necessary parameters to execute the AdminLinkProviderForUser service method.
| Exception | Condition |
|---|---|
| AliasExistsException | This exception is thrown when a user tries to confirm the account with an email address or phone number that has already been supplied as an alias for a different user profile. This exception indicates that an account with this email address or phone already exists in a user pool that you've configured to use email address or phone number as a sign-in alias. |
| InternalErrorException | This exception is thrown when Amazon Cognito encounters an internal error. |
| InvalidParameterException | This exception is thrown when the Amazon Cognito service encounters an invalid parameter. |
| LimitExceededException | This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. |
| NotAuthorizedException | This exception is thrown when a user isn't authorized. |
| ResourceNotFoundException | This exception is thrown when the Amazon Cognito service can't find the requested resource. |
| TooManyRequestsException | This exception is thrown when the user has made too many requests for a given operation. |
| UserNotFoundException | This exception is thrown when a user isn't found. |
.NET Framework:
Supported in: 4.5 and newer, 3.5