本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # 使用 的 Amazon Cognito 身分提供者範例 AWS CLI 下列程式碼範例示範如何使用 AWS Command Line Interface 搭配 Amazon Cognito Identity Provider 執行動作和實作常見案例。 *Actions* 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境中查看內容中的動作。 每個範例均包含完整原始碼的連結,您可在連結中找到如何設定和執行內容中程式碼的相關指示。 **Topics** + [動作](#actions) ## 動作 ### `add-custom-attributes` 以下程式碼範例顯示如何使用 `add-custom-attributes`。 **AWS CLI** **新增自訂屬性** 此範例會將自訂屬性 CustomAttr1 新增至使用者集區。那是一種字串類型,需要最少 1 個字元,最多 15 個字元。這不是必要的。 命令: ``` aws cognito-idp add-custom-attributes --user-pool-id us-west-2_aaaaaaaaa --custom-attributes Name="CustomAttr1",AttributeDataType="String",DeveloperOnlyAttribute=false,Required=false,StringAttributeConstraints="{MinLength=1,MaxLength=15}" ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AddCustomAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/add-custom-attributes.html)。 ### `admin-add-user-to-group` 以下程式碼範例顯示如何使用 `admin-add-user-to-group`。 **AWS CLI** **將使用者新增至群組** 此範例會將使用者 Jane 新增至群組 MyGroup。 命令: ``` aws cognito-idp admin-add-user-to-group --user-pool-id us-west-2_aaaaaaaaa --username Jane --group-name MyGroup ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminAddUserToGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-add-user-to-group.html)。 ### `admin-confirm-sign-up` 以下程式碼範例顯示如何使用 `admin-confirm-sign-up`。 **AWS CLI** **確認使用者註冊** 此範例會確認使用者 jane@example.com。 命令: ``` aws cognito-idp admin-confirm-sign-up --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminConfirmSignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-confirm-sign-up.html)。 ### `admin-create-user` 以下程式碼範例顯示如何使用 `admin-create-user`。 **AWS CLI** **建立使用者** 下列 `admin-create-user` 範例會建立具有指定的設定電子郵件地址和電話號碼的使用者。 ``` aws cognito-idp admin-create-user \ --user-pool-id us-west-2_aaaaaaaaa \ --username diego \ --user-attributes Name=email,Value=diego@example.com Name=phone_number,Value="+15555551212" \ --message-action SUPPRESS ``` 輸出: ``` { "User": { "Username": "diego", "Attributes": [ { "Name": "sub", "Value": "7325c1de-b05b-4f84-b321-9adc6e61f4a2" }, { "Name": "phone_number", "Value": "+15555551212" }, { "Name": "email", "Value": "diego@example.com" } ], "UserCreateDate": 1548099495.428, "UserLastModifiedDate": 1548099495.428, "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD" } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminCreateUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-create-user.html)。 ### `admin-delete-user-attributes` 以下程式碼範例顯示如何使用 `admin-delete-user-attributes`。 **AWS CLI** **刪除使用者屬性** 此範例會刪除使用者 diego@example.com 的自訂屬性 CustomAttr1。 命令: ``` aws cognito-idp admin-delete-user-attributes --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --user-attribute-names "custom:CustomAttr1" ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminDeleteUserAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-delete-user-attributes.html)。 ### `admin-delete-user` 以下程式碼範例顯示如何使用 `admin-delete-user`。 **AWS CLI** **若要刪除使用者** 此範例會刪除使用者。 命令: ``` aws cognito-idp admin-delete-user --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminDeleteUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-delete-user.html)。 ### `admin-disable-provider-for-user` 以下程式碼範例顯示如何使用 `admin-disable-provider-for-user`。 **AWS CLI** **從本機使用者設定檔取消聯合身分使用者的連結** 下列 `admin-disable-provider-for-user` 範例將 Google 使用者與其連結的本機設定檔中斷連線。 ``` aws cognito-idp admin-disable-provider-for-user \ --user-pool-id us-west-2_EXAMPLE \ --user ProviderAttributeName=Cognito_Subject,ProviderAttributeValue=0000000000000000,ProviderName=Google ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[將聯合身分使用者連結至現有的使用者設定檔](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminDisableProviderForUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-disable-provider-for-user.html)。 ### `admin-disable-user` 以下程式碼範例顯示如何使用 `admin-disable-user`。 **AWS CLI** **防止使用者登入** 下列 `admin-disable-user` 範例會防止使用者 `diego@example.com` 登入。 ``` aws cognito-idp admin-disable-user \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[管理使用者](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users.html)。 + 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [AdminDisableUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-disable-user.html)。 ### `admin-enable-user` 以下程式碼範例顯示如何使用 `admin-enable-user`。 **AWS CLI** **啟用使用者登入** 下列 `admin-enable-user` 範例會啟用使用者 diego@example.com 的登入。 ``` aws cognito-idp admin-enable-user \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[管理使用者](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminEnableUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-enable-user.html)。 ### `admin-forget-device` 以下程式碼範例顯示如何使用 `admin-forget-device`。 **AWS CLI** **忘記裝置** 此範例忘記使用者名稱為 jane@example.com 的裝置 命令: ``` aws cognito-idp admin-forget-device --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com --device-key us-west-2_abcd_1234-5678 ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminForgetDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-forget-device.html)。 ### `admin-get-device` 以下程式碼範例顯示如何使用 `admin-get-device`。 **AWS CLI** **取得裝置** 下列 `admin-get-device` 範例顯示使用者 `diego` 的一個裝置。 ``` aws cognito-idp admin-get-device \ --user-pool-id us-west-2_EXAMPLE \ --username diego \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 ``` 輸出: ``` { "Device": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[在使用者集區中運用使用者裝置](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminGetDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-get-device.html)。 ### `admin-get-user` 以下程式碼範例顯示如何使用 `admin-get-user`。 **AWS CLI** **若要取得使用者** 此範例取得使用者名稱 jane@example.com 的相關資訊。 命令: ``` aws cognito-idp admin-get-user --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com ``` 輸出: ``` { "Username": "4320de44-2322-4620-999b-5e2e1c8df013", "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD", "UserCreateDate": 1548108509.537, "UserAttributes": [ { "Name": "sub", "Value": "4320de44-2322-4620-999b-5e2e1c8df013" }, { "Name": "email_verified", "Value": "true" }, { "Name": "phone_number_verified", "Value": "true" }, { "Name": "phone_number", "Value": "+01115551212" }, { "Name": "email", "Value": "jane@example.com" } ], "UserLastModifiedDate": 1548108509.537 } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminGetUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-get-user.html)。 ### `admin-initiate-auth` 以下程式碼範例顯示如何使用 `admin-initiate-auth`。 **AWS CLI** **讓使用者以管理員身分登入** 下列 `admin-initiate-auth` 範例將使用者 diego@example.com 登入。此範例也包含用於威脅防護的中繼資料,和用於 Lambda 觸發的 ClientMetadata。使用者已設定 TOTP MFA,挑戰他們須先從驗證器應用程式提供程式碼,才能完成身分驗證。 ``` aws cognito-idp admin-initiate-auth \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --auth-flow ADMIN_USER_PASSWORD_AUTH \ --auth-parameters USERNAME=diego@example.com,PASSWORD="My@Example$Password3!",SECRET_HASH=ExampleEncodedClientIdSecretAndUsername= \ --context-data="{\"EncodedData\":\"abc123example\",\"HttpHeaders\":[{\"headerName\":\"UserAgent\",\"headerValue\":\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0\"}],\"IpAddress\":\"192.0.2.1\",\"ServerName\":\"example.com\",\"ServerPath\":\"/login\"}" \ --client-metadata="{\"MyExampleKey\": \"MyExampleValue\"}" ``` 輸出: ``` { "ChallengeName": "SOFTWARE_TOKEN_MFA", "Session": "AYABeExample...", "ChallengeParameters": { "FRIENDLY_DEVICE_NAME": "MyAuthenticatorApp", "USER_ID_FOR_SRP": "diego@example.com" } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[管理員驗證流程](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminInitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-initiate-auth.html)。 ### `admin-link-provider-for-user` 以下程式碼範例顯示如何使用 `admin-link-provider-for-user`。 **AWS CLI** **將本機使用者連結至聯合身分使用者** 下列 `admin-link-provider-for-user` 範例將本機使用者 diego 連結至將使用 Google 聯合登入的使用者。 ``` aws cognito-idp admin-link-provider-for-user \ --user-pool-id us-west-2_EXAMPLE \ --destination-user ProviderName=Cognito,ProviderAttributeValue=diego \ --source-user ProviderAttributeName=Cognito_Subject,ProviderAttributeValue=0000000000000000,ProviderName=Google ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[將聯合身分使用者連結至現有的使用者設定檔](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminLinkProviderForUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-link-provider-for-user.html)。 ### `admin-list-devices` 以下程式碼範例顯示如何使用 `admin-list-devices`。 **AWS CLI** **列出使用者的裝置** 下列 `admin-list-devices` 範例列出使用者 diego 的裝置。 ``` aws cognito-idp admin-list-devices \ --user-pool-id us-west-2_EXAMPLE \ --username diego \ --limit 1 ``` 輸出: ``` { "Devices": [ { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } ] } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[在使用者集區中運用使用者裝置](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminListDevices](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-list-devices.html)。 ### `admin-list-groups-for-user` 以下程式碼範例顯示如何使用 `admin-list-groups-for-user`。 **AWS CLI** **列出使用者的群組** 此範例列出使用者名稱 jane@example.com 的群組。 命令: ``` aws cognito-idp admin-list-groups-for-user --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com ``` 輸出: ``` { "Groups": [ { "Description": "Sample group", "Precedence": 1, "LastModifiedDate": 1548097827.125, "RoleArn": "arn:aws:iam::111111111111:role/SampleRole", "GroupName": "SampleGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "CreationDate": 1548097827.125 } ] } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminListGroupsForUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-list-groups-for-user.html)。 ### `admin-list-user-auth-events` 以下程式碼範例顯示如何使用 `admin-list-user-auth-events`。 **AWS CLI** **列出使用者的授權事件** 下列 `admin-list-user-auth-events` 範例列出使用者 diego 的最新使用者活動日誌事件。 ``` aws cognito-idp admin-list-user-auth-events \ --user-pool-id us-west-2_ywDJHlIfU \ --username brcotter+050123 \ --max-results 1 ``` 輸出: ``` { "AuthEvents": [ { "EventId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "EventType": "SignIn", "CreationDate": 1726694203.495, "EventResponse": "InProgress", "EventRisk": { "RiskDecision": "AccountTakeover", "RiskLevel": "Medium", "CompromisedCredentialsDetected": false }, "ChallengeResponses": [ { "ChallengeName": "Password", "ChallengeResponse": "Success" } ], "EventContextData": { "IpAddress": "192.0.2.1", "City": "Seattle", "Country": "United States" } } ], "NextToken": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222#2024-09-18T21:16:43.495Z" } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[檢視和匯出使用者事件歷程記錄](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-event-user-history)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminListUserAuthEvents](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-list-user-auth-events.html)。 ### `admin-remove-user-from-group` 以下程式碼範例顯示如何使用 `admin-remove-user-from-group`。 **AWS CLI** **從群組移除使用者** 此範例會從 SampleGroup 中移除 jane@example.com。 命令: ``` aws cognito-idp admin-remove-user-from-group --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com --group-name SampleGroup ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminRemoveUserFromGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-remove-user-from-group.html)。 ### `admin-reset-user-password` 以下程式碼範例顯示如何使用 `admin-reset-user-password`。 **AWS CLI** **重設使用者密碼** 此範例會重設 diego@example.com 的密碼。 命令: ``` aws cognito-idp admin-reset-user-password --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminResetUserPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-reset-user-password.html)。 ### `admin-respond-to-auth-challenge` 以下程式碼範例顯示如何使用 `admin-respond-to-auth-challenge`。 **AWS CLI** **回應身分驗證挑戰** 根據您的身分驗證流程、使用者集區組態和使用者設定,有多種方法可以回應不同的身分驗證挑戰。下列 `admin-respond-to-auth-challenge` 範例提供 diego@example.com 的 TOTP MFA 程式碼,並完成登入。此使用者集區已開啟裝置記憶功能,如此身分驗證結果也會傳回新裝置金鑰。 ``` aws cognito-idp admin-respond-to-auth-challenge \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --challenge-name SOFTWARE_TOKEN_MFA \ --challenge-responses USERNAME=diego@example.com,SOFTWARE_TOKEN_MFA_CODE=000000 \ --session AYABeExample... ``` 輸出: ``` { "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-ExAmPlE1" } } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[管理員驗證流程](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminRespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-respond-to-auth-challenge.html)。 ### `admin-set-user-mfa-preference` 以下程式碼範例顯示如何使用 `admin-set-user-mfa-preference`。 **AWS CLI** **設定使用者 MFA 偏好設定** 此範例會設定使用者名稱 diego@example.com 的 SMS MFA 偏好設定。 命令: ``` aws cognito-idp admin-set-user-mfa-preference --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --sms-mfa-settings Enabled=false,PreferredMfa=false ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminSetUserMfaPreference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-mfa-preference.html)。 ### `admin-set-user-password` 以下程式碼範例顯示如何使用 `admin-set-user-password`。 **AWS CLI** **將使用者密碼設定為管理員** 下列 `admin-set-user-password` 範例會永久設定 diego@example.com 的密碼。 ``` aws cognito-idp admin-set-user-password \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com \ --password MyExamplePassword1! \ --permanent ``` 此命令不會產生輸出。 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[密碼、密碼還原和密碼政策](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users-passwords.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminSetUserPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-password.html)。 ### `admin-set-user-settings` 以下程式碼範例顯示如何使用 `admin-set-user-settings`。 **AWS CLI** **設定使用者的設定** 此範例將使用者名稱 diego@example.com 的 MFA 交付偏好設定,設定為 EMAIL。 命令: ``` aws cognito-idp admin-set-user-settings --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --mfa-options DeliveryMedium=EMAIL ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminSetUserSettings](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-settings.html)。 ### `admin-update-auth-event-feedback` 以下程式碼範例顯示如何使用 `admin-update-auth-event-feedback`。 **AWS CLI** **提供授權事件的意見回饋** 此範例將 event-id 識別的授權事件的意見回饋值,設定為 Valid。 命令: ``` aws cognito-idp admin-update-auth-event-feedback --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --event-id c2c2cf89-c0d3-482d-aba6-99d78a5b0bfe --feedback-value Valid ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminUpdateAuthEventFeedback](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-update-auth-event-feedback.html)。 ### `admin-update-device-status` 以下程式碼範例顯示如何使用 `admin-update-device-status`。 **AWS CLI** **更新裝置狀態** 此範例將裝置金鑰識別的裝置記住狀態設定為 not\$1remembered。 命令: ``` aws cognito-idp admin-update-device-status --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --device-key xxxx --device-remembered-status not_remembered ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminUpdateDeviceStatus](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-update-device-status.html)。 ### `admin-update-user-attributes` 以下程式碼範例顯示如何使用 `admin-update-user-attributes`。 **AWS CLI** **更新使用者屬性** 此範例會更新使用者 diego@example.com 的自訂使用者屬性 CustomAttr1。 命令: ``` aws cognito-idp admin-update-user-attributes --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --user-attributes Name="custom:CustomAttr1",Value="Purple" ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AdminUpdateUserAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-update-user-attributes.html)。 ### `admin-user-global-sign-out` 以下程式碼範例顯示如何使用 `admin-user-global-sign-out`。 **AWS CLI** **以管理員身分登出使用者** 下列 `admin-user-global-sign-out` 範例將使用者 diego@example.com 登出。 ``` aws cognito-idp admin-user-global-sign-out \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[以使用者集區進行身分驗證](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。 + 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [AdminUserGlobalSignOut](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-user-global-sign-out.html)。 ### `associate-software-token` 以下程式碼範例顯示如何使用 `associate-software-token`。 **AWS CLI** **為 MFA 驗證器應用程式產生私密金鑰** 下列 `associate-software-token` 範例為已登入並收到存取字符的使用者,產生 TOTP 私有金鑰。產生的私有金鑰可手動輸入到驗證器應用程式中,或者應用程式可以將該私有金鑰轉譯為使用者可以掃描的 QR 碼。 ``` aws cognito-idp associate-software-token \ --access-token eyJra456defEXAMPLE ``` 輸出: ``` { "SecretCode": "QWERTYUIOP123456EXAMPLE" } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的 [TOTP 軟體字符 MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AssociateSoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/associate-software-token.html)。 ### `change-password` 以下程式碼範例顯示如何使用 `change-password`。 **AWS CLI** **變更密碼** 此範例會變更密碼。 命令: ``` aws cognito-idp change-password --previous-password OldPassword --proposed-password NewPassword --access-token ACCESS_TOKEN ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ChangePassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/change-password.html)。 ### `confirm-device` 以下程式碼範例顯示如何使用 `confirm-device`。 **AWS CLI** **確認使用者裝置** 下列 `confirm-device` 範例會為目前使用者新增記住的裝置。 ``` aws cognito-idp confirm-device \ --access-token eyJra456defEXAMPLE \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \ --device-secret-verifier-config PasswordVerifier=TXlWZXJpZmllclN0cmluZw,Salt=TXlTUlBTYWx0 ``` 輸出: ``` { "UserConfirmationNecessary": false } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[在使用者集區中運用使用者裝置](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ConfirmDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-device.html)。 ### `confirm-forgot-password` 以下程式碼範例顯示如何使用 `confirm-forgot-password`。 **AWS CLI** **確認忘記的密碼** 此範例會確認使用者名稱 diego@example.com 忘記密碼。 命令: ``` aws cognito-idp confirm-forgot-password --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --password PASSWORD --confirmation-code CONF_CODE ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ConfirmForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-forgot-password.html)。 ### `confirm-sign-up` 以下程式碼範例顯示如何使用 `confirm-sign-up`。 **AWS CLI** **若要確認註冊** 此範例會確認註冊使用者名稱 diego@example.com。 命令: ``` aws cognito-idp confirm-sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --confirmation-code CONF_CODE ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ConfirmSignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-sign-up.html)。 ### `create-group` 以下程式碼範例顯示如何使用 `create-group`。 **AWS CLI** **建立群組** 此範例會建立具有描述的群組。 命令: ``` aws cognito-idp create-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyNewGroup --description "New group." ``` 輸出: ``` { "Group": { "GroupName": "MyNewGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New group.", "LastModifiedDate": 1548270073.795, "CreationDate": 1548270073.795 } } ``` **建立具有角色和優先順序的群組** 此範例會建立具有描述的群組。並且包含角色和優先順序。 命令: ``` aws cognito-idp create-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyNewGroupWithRole --description "New group with a role." --role-arn arn:aws:iam::111111111111:role/MyNewGroupRole --precedence 2 ``` 輸出: ``` { "Group": { "GroupName": "MyNewGroupWithRole", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New group with a role.", "RoleArn": "arn:aws:iam::111111111111:role/MyNewGroupRole", "Precedence": 2, "LastModifiedDate": 1548270211.761, "CreationDate": 1548270211.761 } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-group.html)。 ### `create-identity-provider` 以下程式碼範例顯示如何使用 `create-identity-provider`。 **AWS CLI** **範例 1:使用中繼資料 URL 建立使用者集區 SAML 身分提供者 (IdP)** 下列 `create-identity-provider` 範例使用來自公有 URL、屬性映射和兩個識別碼的中繼資料,建立新的 SAML IdP。 ``` aws cognito-idp create-identity-provider \ --user-pool-id us-west-2_EXAMPLE \ --provider-name MySAML \ --provider-type SAML \ --provider-details IDPInit=true,IDPSignout=true,EncryptedResponses=true,MetadataURL=https://auth.example.com/sso/saml/metadata,RequestSigningAlgorithm=rsa-sha256 \ --attribute-mapping email=emailaddress,phone_number=phone,custom:111=department \ --idp-identifiers CorpSAML WestSAML ``` 輸出: ``` { "IdentityProvider": { "UserPoolId": "us-west-2_EXAMPLE", "ProviderName": "MySAML", "ProviderType": "SAML", "ProviderDetails": { "ActiveEncryptionCertificate": "MIICvTCCAaEXAMPLE", "EncryptedResponses": "true", "IDPInit": "true", "IDPSignout": "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }, "AttributeMapping": { "custom:111": "department", "emailaddress": "email", "phone": "phone_number" }, "IdpIdentifiers": [ "CorpSAML", "WestSAML" ], "LastModifiedDate": 1726853833.977, "CreationDate": 1726853833.977 } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[透過第三方新增使用者集區登入](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html)。 **範例 2:使用中繼資料檔案建立使用者集區 SAML 身分提供者 (IdP)** 下列 `create-identity-provider` 範例使用來自檔案、屬性映射和兩個識別碼的中繼資料,建立新的 SAML IdP。在 `--provider-details` 參數中的作業系統之間的檔案語法可能不同。為此操作建立 JSON 輸入檔案是最簡單方式: ``` aws cognito-idp create-identity-provider \ --cli-input-json file://.\SAML-identity-provider.json ``` `SAML-identity-provider.json` 的內容: ``` { "AttributeMapping": { "email" : "idp_email", "email_verified" : "idp_email_verified" }, "IdpIdentifiers": [ "platform" ], "ProviderDetails": { "MetadataFile": "[IDP_CERTIFICATE_DATA]urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "IDPSignout" : "true", "RequestSigningAlgorithm" : "rsa-sha256", "EncryptedResponses" : "true", "IDPInit" : "true" }, "ProviderName": "MySAML2", "ProviderType": "SAML", "UserPoolId": "us-west-2_EXAMPLE" } ``` 輸出: ``` { "IdentityProvider": { "UserPoolId": "us-west-2_EXAMPLE", "ProviderName": "MySAML2", "ProviderType": "SAML", "ProviderDetails": { "ActiveEncryptionCertificate": "[USER_POOL_ENCRYPTION_CERTIFICATE_DATA]", "EncryptedResponses": "true", "IDPInit": "true", "IDPSignout": "true", "MetadataFile": "[IDP_CERTIFICATE_DATA]urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://www.example.com/slo/saml", "SSORedirectBindingURI": "https://www.example.com/sso/saml" }, "AttributeMapping": { "email": "idp_email", "email_verified": "idp_email_verified" }, "IdpIdentifiers": [ "platform" ], "LastModifiedDate": 1726855290.731, "CreationDate": 1726855290.731 } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[透過第三方新增使用者集區登入](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateIdentityProvider](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-identity-provider.html)。 ### `create-resource-server` 以下程式碼範例顯示如何使用 `create-resource-server`。 **AWS CLI** **建立使用者集區用戶端** 下列 `create-resource-server` 範例以自訂範圍建立新的資源伺服器。 ``` aws cognito-idp create-resource-server \ --user-pool-id us-west-2_EXAMPLE \ --identifier solar-system-data \ --name "Solar system object tracker" \ --scopes ScopeName=sunproximity.read,ScopeDescription="Distance in AU from Sol" ScopeName=asteroids.add,ScopeDescription="Enter a new asteroid" ``` 輸出: ``` { "ResourceServer": { "UserPoolId": "us-west-2_EXAMPLE", "Identifier": "solar-system-data", "Name": "Solar system object tracker", "Scopes": [ { "ScopeName": "sunproximity.read", "ScopeDescription": "Distance in AU from Sol" }, { "ScopeName": "asteroids.add", "ScopeDescription": "Enter a new asteroid" } ] } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[範圍、M2M 和具有資源伺服器的 API](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateResourceServer](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-resource-server.html)。 ### `create-user-import-job` 以下程式碼範例顯示如何使用 `create-user-import-job`。 **AWS CLI** **建立使用者匯入任務** 此範例會建立名為 MyImportJob 的使用者匯入任務。 如需有關匯入使用者的詳細資訊,請參閱「從 CSV 檔將使用者匯入使用者集區」。 命令: ``` aws cognito-idp create-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-name MyImportJob --cloud-watch-logs-role-arn arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole ``` 輸出: ``` { "UserImportJob": { "JobName": "MyImportJob", "JobId": "import-qQ0DCt2fRh", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548271795.471, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } } ``` 使用預先簽章的 URL,以 curl 上傳 .csv 檔案: 命令: ``` curl -v -T "PATH_TO_CSV_FILE" -H "x-amz-server-side-encryption:aws:kms" "PRE_SIGNED_URL" ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateUserImportJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-import-job.html)。 ### `create-user-pool-client` 以下程式碼範例顯示如何使用 `create-user-pool-client`。 **AWS CLI** **建立使用者集區用戶端** 下列 `create-user-pool-client` 範例會透過下列各項來建立新的使用者集區用戶端:用戶端私密、明確的讀取和寫入屬性、具使用者名稱密碼和 SRP 流程的登入、具三個 IdP 的登入、OAuth 範圍的子集存取權、PinPoint 分析,以及延伸的身分驗證工作階段有效性。 ``` aws cognito-idp create-user-pool-client \ --user-pool-id us-west-2_EXAMPLE \ --client-name MyTestClient \ --generate-secret \ --refresh-token-validity 10 \ --access-token-validity 60 \ --id-token-validity 60 \ --token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \ --read-attributes email phone_number email_verified phone_number_verified \ --write-attributes email phone_number \ --explicit-auth-flows ALLOW_USER_PASSWORD_AUTH ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \ --supported-identity-providers Google Facebook MyOIDC \ --callback-urls https://www.amazon.com https://example.com http://localhost:8001 myapp://example \ --allowed-o-auth-flows code implicit \ --allowed-o-auth-scopes openid profile aws.cognito.signin.user.admin solar-system-data/asteroids.add \ --allowed-o-auth-flows-user-pool-client \ --analytics-configuration ApplicationArn=arn:aws:mobiletargeting:us-west-2:767671399759:apps/thisisanexamplepinpointapplicationid,UserDataShared=TRUE \ --prevent-user-existence-errors ENABLED \ --enable-token-revocation \ --enable-propagate-additional-user-context-data \ --auth-session-validity 4 ``` 輸出: ``` { "UserPoolClient": { "UserPoolId": "us-west-2_EXAMPLE", "ClientName": "MyTestClient", "ClientId": "123abc456defEXAMPLE", "ClientSecret": "this1234is5678my91011example1213client1415secret", "LastModifiedDate": 1726788459.464, "CreationDate": 1726788459.464, "RefreshTokenValidity": 10, "AccessTokenValidity": 60, "IdTokenValidity": 60, "TokenValidityUnits": { "AccessToken": "minutes", "IdToken": "minutes", "RefreshToken": "days" }, "ReadAttributes": [ "email_verified", "phone_number_verified", "phone_number", "email" ], "WriteAttributes": [ "phone_number", "email" ], "ExplicitAuthFlows": [ "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ], "SupportedIdentityProviders": [ "Google", "MyOIDC", "Facebook" ], "CallbackURLs": [ "https://example.com", "https://www.amazon.com", "myapp://example", "http://localhost:8001" ], "AllowedOAuthFlows": [ "implicit", "code" ], "AllowedOAuthScopes": [ "aws.cognito.signin.user.admin", "openid", "profile", "solar-system-data/asteroids.add" ], "AllowedOAuthFlowsUserPoolClient": true, "AnalyticsConfiguration": { "ApplicationArn": "arn:aws:mobiletargeting:us-west-2:123456789012:apps/thisisanexamplepinpointapplicationid", "RoleArn": "arn:aws:iam::123456789012:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp", "UserDataShared": true }, "PreventUserExistenceErrors": "ENABLED", "EnableTokenRevocation": true, "EnablePropagateAdditionalUserContextData": true, "AuthSessionValidity": 4 } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[使用應用程式用戶端的特定應用程式設定](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool-client.html)。 ### `create-user-pool-domain` 以下程式碼範例顯示如何使用 `create-user-pool-domain`。 **AWS CLI** **範例 1:建立使用者集區網域** 下列 `create-user-pool-domain` 範例會建立新的自訂網域。 ``` aws cognito-idp create-user-pool-domain \ --user-pool-id us-west-2_EXAMPLE \ --domain auth.example.com \ --custom-domain-config CertificateArn=arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222 ``` 輸出: ``` { "CloudFrontDomain": "example1domain.cloudfront.net" } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[設定使用者集區網域](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html)。 **範例 2:建立使用者集區網域** 下列 `create-user-pool-domain` 範例使用服務擁有的字首來建立新網域。 ``` aws cognito-idp create-user-pool-domain \ --user-pool-id us-west-2_EXAMPLE2 \ --domain mydomainprefix ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[設定使用者集區網域](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateUserPoolDomain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool-domain.html)。 ### `create-user-pool` 以下程式碼範例顯示如何使用 `create-user-pool`。 **AWS CLI** **建立最低限度設定的使用者集區** 此範例會使用預設值建立名為 MyUserPool 的使用者集區。沒有必要的屬性,也沒有應用程式用戶端。MFA 和進階安全性已停用。 命令: ``` aws cognito-idp create-user-pool --pool-name MyUserPool ``` 輸出: ``` { "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547833345.777, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": {}, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "CreationDate": 1547833345.777, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } } ``` **用兩個必要屬性建立新的使用者集區** 此範例會建立使用者集區 MyUserPool。集區設定為接受電子郵件作為使用者名稱屬性。它也會使用 Amazon Simple Email Service,將電子郵件來源地址設定為經過驗證的地址。 命令: ``` aws cognito-idp create-user-pool --pool-name MyUserPool --username-attributes "email" --email-configuration=SourceArn="arn:aws:ses:us-east-1:111111111111:identity/jane@example.com",ReplyToEmailAddress="jane@example.com" ``` 輸出: ``` { "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547837788.189, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": { "ReplyToEmailAddress": "jane@example.com", "SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/jane@example.com" }, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "UsernameAttributes": [ "email" ], "CreationDate": 1547837788.189, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool.html)。 ### `delete-group` 以下程式碼範例顯示如何使用 `delete-group`。 **AWS CLI** **刪除群組** 此範例會刪除群組。 命令: ``` aws cognito-idp delete-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroupName ``` + 如需 API 詳細資訊,請參閱**《AWS CLI 命令參考》中的 [DeleteGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-group.html)。 ### `delete-identity-provider` 以下程式碼範例顯示如何使用 `delete-identity-provider`。 **AWS CLI** **刪除身分提供者** 此範例會刪除身分提供者。 命令: ``` aws cognito-idp delete-identity-provider --user-pool-id us-west-2_aaaaaaaaa --provider-name Facebook ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteIdentityProvider](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-identity-provider.html)。 ### `delete-resource-server` 以下程式碼範例顯示如何使用 `delete-resource-server`。 **AWS CLI** **刪除資源伺服器** 此範例會刪除名為 weather.example.com 的資源伺服器。 命令: ``` aws cognito-idp delete-resource-server --user-pool-id us-west-2_aaaaaaaaa --identifier weather.example.com ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteResourceServer](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-resource-server.html)。 ### `delete-user-attributes` 以下程式碼範例顯示如何使用 `delete-user-attributes`。 **AWS CLI** **刪除使用者屬性** 下列 `delete-user-attributes` 範例會從目前登入的使用者中刪除自訂屬性 "custom:attribute"。 ``` aws cognito-idp delete-user-attributes \ --access-token ACCESS_TOKEN \ --user-attribute-names "custom:department" ``` 此命令不會產生輸出。 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[運用使用者屬性](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteUserAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user-attributes.html)。 ### `delete-user-pool-client` 以下程式碼範例顯示如何使用 `delete-user-pool-client`。 **AWS CLI** **刪除使用者集區用戶端** 此範例會刪除使用者集區用戶端。 命令: ``` aws cognito-idp delete-user-pool-client --user-pool-id us-west-2_aaaaaaaaa --client-id 38fjsnc484p94kpqsnet7mpld0 ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user-pool-client.html)。 ### `delete-user-pool-domain` 以下程式碼範例顯示如何使用 `delete-user-pool-domain`。 **AWS CLI** **刪除使用者集區網域** 下列 `delete-user-pool-domain` 範例會刪除名為 `my-domain` 的使用者集區網域 ``` aws cognito-idp delete-user-pool-domain \ --user-pool-id us-west-2_aaaaaaaaa \ --domain my-domain ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteUserPoolDomain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user-pool-domain.html)。 ### `delete-user-pool` 以下程式碼範例顯示如何使用 `delete-user-pool`。 **AWS CLI** **刪除使用者集區** 此範例運用使用者集區 ID us-west-2\$1aaaaaaaaa 刪除使用者集區。 命令: ``` aws cognito-idp delete-user-pool --user-pool-id us-west-2_aaaaaaaaa ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user-pool.html)。 ### `delete-user` 以下程式碼範例顯示如何使用 `delete-user`。 **AWS CLI** **若要刪除使用者** 此範例會刪除使用者。 命令: ``` aws cognito-idp delete-user --access-token ACCESS_TOKEN ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user.html)。 ### `describe-identity-provider` 以下程式碼範例顯示如何使用 `describe-identity-provider`。 **AWS CLI** **描述身分提供者** 此範例描述名為 Facebook 的身分提供者。 命令: ``` aws cognito-idp describe-identity-provider --user-pool-id us-west-2_aaaaaaaaa --provider-name Facebook ``` 輸出: ``` { "IdentityProvider": { "UserPoolId": "us-west-2_aaaaaaaaa", "ProviderName": "Facebook", "ProviderType": "Facebook", "ProviderDetails": { "attributes_url": "https://graph.facebook.com/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": myscope", "authorize_url": "https://www.facebook.com/v2.9/dialog/oauth", "client_id": "11111", "client_secret": "11111", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v2.9/oauth/access_token" }, "AttributeMapping": { "username": "id" }, "IdpIdentifiers": [], "LastModifiedDate": 1548105901.736, "CreationDate": 1548105901.736 } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeIdentityProvider](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-identity-provider.html)。 ### `describe-resource-server` 以下程式碼範例顯示如何使用 `describe-resource-server`。 **AWS CLI** **描述資源伺服器** 此範例描述資源伺服器 weather.example.com。 命令: ``` aws cognito-idp describe-resource-server --user-pool-id us-west-2_aaaaaaaaa --identifier weather.example.com ``` 輸出: ``` { "ResourceServer": { "UserPoolId": "us-west-2_aaaaaaaaa", "Identifier": "weather.example.com", "Name": "Weather", "Scopes": [ { "ScopeName": "weather.update", "ScopeDescription": "Update weather forecast" }, { "ScopeName": "weather.read", "ScopeDescription": "Read weather forecasts" }, { "ScopeName": "weather.delete", "ScopeDescription": "Delete a weather forecast" } ] } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeResourceServer](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-resource-server.html)。 ### `describe-risk-configuration` 以下程式碼範例顯示如何使用 `describe-risk-configuration`。 **AWS CLI** **描述風險組態** 此範例描述與集區 us-west-2\$1aaaaaaaaa 相關聯的風險組態。 命令: ``` aws cognito-idp describe-risk-configuration --user-pool-id us-west-2_aaaaaaaaa ``` 輸出: ``` { "RiskConfiguration": { "UserPoolId": "us-west-2_aaaaaaaaa", "CompromisedCredentialsRiskConfiguration": { "EventFilter": [ "SIGN_IN", "SIGN_UP", "PASSWORD_CHANGE" ], "Actions": { "EventAction": "BLOCK" } }, "AccountTakeoverRiskConfiguration": { "NotifyConfiguration": { "From": "diego@example.com", "ReplyTo": "diego@example.com", "SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/diego@example.com", "BlockEmail": { "Subject": "Blocked sign-in attempt", "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We blocked an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "NoActionEmail": { "Subject": "New sign-in attempt", "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We observed an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "MfaEmail": { "Subject": "New sign-in attempt", "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We required you to use multi-factor authentication for the following sign-in attempt:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" } }, "Actions": { "LowAction": { "Notify": true, "EventAction": "NO_ACTION" }, "MediumAction": { "Notify": true, "EventAction": "MFA_IF_CONFIGURED" }, "HighAction": { "Notify": true, "EventAction": "MFA_IF_CONFIGURED" } } } } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeRiskConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-risk-configuration.html)。 ### `describe-user-import-job` 以下程式碼範例顯示如何使用 `describe-user-import-job`。 **AWS CLI** **描述使用者匯入任務** 此範例描述使用者輸入任務。 如需有關匯入使用者的詳細資訊,請參閱「從 CSV 檔將使用者匯入使用者集區」。 命令: ``` aws cognito-idp describe-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-id import-TZqNQvDRnW ``` 輸出: ``` { "UserImportJob": { "JobName": "import-Test1", "JobId": "import-TZqNQvDRnW", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED URL", "CreationDate": 1548271708.512, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeUserImportJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-user-import-job.html)。 ### `describe-user-pool-client` 以下程式碼範例顯示如何使用 `describe-user-pool-client`。 **AWS CLI** **描述使用者集區用戶端** 此範例描述使用者集區用戶端。 命令: ``` aws cognito-idp describe-user-pool-client --user-pool-id us-west-2_aaaaaaaaa --client-id 38fjsnc484p94kpqsnet7mpld0 ``` 輸出: ``` { "UserPoolClient": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientName": "MyApp", "ClientId": "38fjsnc484p94kpqsnet7mpld0", "ClientSecret": "CLIENT_SECRET", "LastModifiedDate": 1548108676.163, "CreationDate": 1548108676.163, "RefreshTokenValidity": 30, "ReadAttributes": [ "address", "birthdate", "custom:CustomAttr1", "custom:CustomAttr2", "email", "email_verified", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "phone_number_verified", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" ], "WriteAttributes": [ "address", "birthdate", "custom:CustomAttr1", "custom:CustomAttr2", "email", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" ], "ExplicitAuthFlows": [ "ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH" ], "AllowedOAuthFlowsUserPoolClient": false } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-user-pool-client.html)。 ### `describe-user-pool-domain` 以下程式碼範例顯示如何使用 `describe-user-pool-domain`。 **AWS CLI** **描述使用者集區用戶端** 此範例描述名為 my-domain 的使用者集區網域。 命令: ``` aws cognito-idp describe-user-pool-domain --domain my-domain ``` 輸出: ``` { "DomainDescription": { "UserPoolId": "us-west-2_aaaaaaaaa", "AWSAccountId": "111111111111", "Domain": "my-domain", "S3Bucket": "aws-cognito-prod-pdx-assets", "CloudFrontDistribution": "aaaaaaaaaaaaa.cloudfront.net", "Version": "20190128175402", "Status": "ACTIVE", "CustomDomainConfig": {} } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeUserPoolDomain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-user-pool-domain.html)。 ### `describe-user-pool` 以下程式碼範例顯示如何使用 `describe-user-pool`。 **AWS CLI** **描述使用者集區** 下列範例描述使用者集區 ID 為 us-west-2\$1EXAMPLE 的使用者集區。 ``` aws cognito-idp describe-user-pool \ --user-pool-id us-west-2_EXAMPLE ``` 輸出: ``` { "UserPool": { "Id": "us-west-2_EXAMPLE", "Name": "MyUserPool", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireUppercase": true, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": true, "TemporaryPasswordValidityDays": 1 } }, "DeletionProtection": "ACTIVE", "LambdaConfig": { "PreSignUp": "arn:aws:lambda:us-west-2:123456789012:function:MyPreSignUpFunction", "CustomMessage": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomMessageFunction", "PostConfirmation": "arn:aws:lambda:us-west-2:123456789012:function:MyPostConfirmationFunction", "PreAuthentication": "arn:aws:lambda:us-west-2:123456789012:function:MyPreAuthenticationFunction", "PostAuthentication": "arn:aws:lambda:us-west-2:123456789012:function:MyPostAuthenticationFunction", "DefineAuthChallenge": "arn:aws:lambda:us-west-2:123456789012:function:MyDefineAuthChallengeFunction", "CreateAuthChallenge": "arn:aws:lambda:us-west-2:123456789012:function:MyCreateAuthChallengeFunction", "VerifyAuthChallengeResponse": "arn:aws:lambda:us-west-2:123456789012:function:MyVerifyAuthChallengeFunction", "PreTokenGeneration": "arn:aws:lambda:us-west-2:123456789012:function:MyPreTokenGenerationFunction", "UserMigration": "arn:aws:lambda:us-west-2:123456789012:function:MyMigrateUserFunction", "PreTokenGenerationConfig": { "LambdaVersion": "V2_0", "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyPreTokenGenerationFunction" }, "CustomSMSSender": { "LambdaVersion": "V1_0", "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomSMSSenderFunction" }, "CustomEmailSender": { "LambdaVersion": "V1_0", "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomEmailSenderFunction" }, "KMSKeyID": "arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" }, "LastModifiedDate": 1726784814.598, "CreationDate": 1602103465.273, "SchemaAttributes": [ { "Name": "sub", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": false, "Required": true, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" } }, { "Name": "name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "given_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "family_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "middle_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "nickname", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "preferred_username", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "profile", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "picture", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "website", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "email", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": true, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "email_verified", "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false }, { "Name": "gender", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "birthdate", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" } }, { "Name": "zoneinfo", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "locale", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "phone_number", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "phone_number_verified", "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false }, { "Name": "address", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "updated_at", "AttributeDataType": "Number", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "NumberAttributeConstraints": { "MinValue": "0" } }, { "Name": "identities", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": {} }, { "Name": "custom:111", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "256" } }, { "Name": "dev:custom:222", "AttributeDataType": "String", "DeveloperOnlyAttribute": true, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "421" } }, { "Name": "custom:accesstoken", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MaxLength": "2048" } }, { "Name": "custom:idtoken", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MaxLength": "2048" } } ], "AutoVerifiedAttributes": [ "email" ], "SmsVerificationMessage": "Your verification code is {####}. ", "EmailVerificationMessage": "Your verification code is {####}. ", "EmailVerificationSubject": "Your verification code", "VerificationMessageTemplate": { "SmsMessage": "Your verification code is {####}. ", "EmailMessage": "Your verification code is {####}. ", "EmailSubject": "Your verification code", "EmailMessageByLink": "Please click the link below to verify your email address. {##Verify Your Email##}\n this is from us-west-2_ywDJHlIfU", "EmailSubjectByLink": "Your verification link", "DefaultEmailOption": "CONFIRM_WITH_LINK" }, "SmsAuthenticationMessage": "Your verification code is {####}. ", "UserAttributeUpdateSettings": { "AttributesRequireVerificationBeforeUpdate": [] }, "MfaConfiguration": "OPTIONAL", "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": true, "DeviceOnlyRememberedOnUserPrompt": false }, "EstimatedNumberOfUsers": 166, "EmailConfiguration": { "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com", "EmailSendingAccount": "DEVELOPER" }, "SmsConfiguration": { "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/userpool-SMS-Role", "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SnsRegion": "us-west-2" }, "UserPoolTags": {}, "Domain": "myCustomDomain", "CustomDomain": "auth.example.com", "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": false, "UnusedAccountValidityDays": 1, "InviteMessageTemplate": { "SMSMessage": "Your username is {username} and temporary password is {####}. ", "EmailMessage": "Your username is {username} and temporary password is {####}. ", "EmailSubject": "Your temporary password" } }, "UserPoolAddOns": { "AdvancedSecurityMode": "ENFORCED", "AdvancedSecurityAdditionalFlows": {} }, "Arn": "arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE", "AccountRecoverySetting": { "RecoveryMechanisms": [ { "Priority": 1, "Name": "verified_email" } ] } } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[Amazon Cognito 使用者集區](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-user-pool.html)。 ### `forget-device` 以下程式碼範例顯示如何使用 `forget-device`。 **AWS CLI** **忘記裝置** 此範例忘記裝置本質為裝置。 命令: ``` aws cognito-idp forget-device --device-key us-west-2_abcd_1234-5678 ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ForgetDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/forget-device.html)。 ### `forgot-password` 以下程式碼範例顯示如何使用 `forgot-password`。 **AWS CLI** **強制變更密碼** 下列 `forgot-password` 範例將訊息傳送至 jane@example.com 以變更其密碼。 ``` aws cognito-idp forgot-password --client-id 38fjsnc484p94kpqsnet7mpld0 --username jane@example.com ``` 輸出: ``` { "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } } ``` + 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [ForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/forgot-password.html)。 ### `get-csv-header` 以下程式碼範例顯示如何使用 `get-csv-header`。 **AWS CLI** **建立 csv 標頭** 此範例會建立 csv 標頭。 如需有關匯入使用者的詳細資訊,請參閱「從 CSV 檔將使用者匯入使用者集區」。 命令: ``` aws cognito-idp get-csv-header --user-pool-id us-west-2_aaaaaaaaa ``` 輸出: ``` { "UserPoolId": "us-west-2_aaaaaaaaa", "CSVHeader": [ "name", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "email", "email_verified", "gender", "birthdate", "zoneinfo", "locale", "phone_number", "phone_number_verified", "address", "updated_at", "cognito:mfa_enabled", "cognito:username" ] } ``` ... 將使用者從 CSV 檔案匯入使用者集區:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetCsvHeader](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-csv-header.html)。 ### `get-device` 以下程式碼範例顯示如何使用 `get-device`。 **AWS CLI** **取得裝置** 下列 `get-device` 範例顯示一個供目前登入的使用者使用的裝置。 ``` aws cognito-idp get-device \ --access-token eyJra456defEXAMPLE \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 ``` 輸出: ``` { "Device": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[在使用者集區中運用使用者裝置](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-device.html)。 ### `get-group` 以下程式碼範例顯示如何使用 `get-group`。 **AWS CLI** **取得群組的相關資訊** 下列 `get-group` 範例列出名為 `MyGroup` 之使用者群組的屬性。此群組具有與其相關聯的優先順序和 IAM 角色。 ``` aws cognito-idp get-group \ --user-pool-id us-west-2_EXAMPLE \ --group-name MyGroup ``` 輸出: ``` { "Group": { "GroupName": "MyGroup", "UserPoolId": "us-west-2_EXAMPLE", "RoleArn": "arn:aws:iam::123456789012:role/example-cognito-role", "Precedence": 7, "LastModifiedDate": 1697211218.305, "CreationDate": 1611685503.954 } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[新增群組至使用者集區](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html)。 + 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [GetGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-group.html)。 ### `get-identity-provider-by-identifier` 以下程式碼範例顯示如何使用 `get-identity-provider-by-identifier`。 **AWS CLI** **從 IdP 識別碼取得身分提供者的組態** 下列 `get-identity-provider-by-identifier` 範例傳回識別碼為 `mysso` 的身分提供者組態。 ``` aws cognito-idp get-identity-provider-by-identifier \ --user-pool-id us-west-2_EXAMPLE \ --idp-identifier mysso ``` 輸出: ``` { "IdentityProvider": { "UserPoolId": "us-west-2_EXAMPLE", "ProviderName": "MYSAML", "ProviderType": "SAML", "ProviderDetails": { "ActiveEncryptionCertificate": "[Certificate contents]", "IDPSignout": "false", "MetadataURL": "https://auth.example.com/saml/metadata/", "SLORedirectBindingURI": "https://auth.example.com/saml/logout/", "SSORedirectBindingURI": "https://auth.example.com/saml/assertion/" }, "AttributeMapping": { "email": "email" }, "IdpIdentifiers": [ "mysso", "mysamlsso" ], "LastModifiedDate": 1705616729.188, "CreationDate": 1643734622.919 } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[第三方 IdP 登入](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetIdentityProviderByIdentifier](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-identity-provider-by-identifier.html)。 ### `get-log-delivery-configuration` 以下程式碼範例顯示如何使用 `get-log-delivery-configuration`。 **AWS CLI** **顯示日誌交付組態** 下列 `get-log-delivery-configuration` 範例顯示請求的使用者集區的日誌匯出設定。 ``` aws cognito-idp get-log-delivery-configuration \ --user-pool-id us-west-2_EXAMPLE ``` 輸出: ``` { "LogDeliveryConfiguration": { "UserPoolId": "us-west-2_EXAMPLE", "LogConfigurations": [ { "LogLevel": "INFO", "EventSource": "userAuthEvents", "FirehoseConfiguration": { "StreamArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/my-test-deliverystream" } }, { "LogLevel": "ERROR", "EventSource": "userNotification", "CloudWatchLogsConfiguration": { "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:my-message-delivery-logs" } } ] } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[匯出使用者集區日誌](https://docs.aws.amazon.com/cognito/latest/developerguide/exporting-quotas-and-usage.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetLogDeliveryConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-log-delivery-configuration.html)。 ### `get-signing-certificate` 以下程式碼範例顯示如何使用 `get-signing-certificate`。 **AWS CLI** **顯示 SAML 簽署憑證** 下列 `get-signing-certificate` 範例顯示請求使用者集區的 SAML 2.0 簽署憑證。 ``` aws cognito-idp get-signing-certificate \ --user-pool-id us-west-2_EXAMPLE ``` 輸出: ``` { "Certificate": "[Certificate content]" } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的 [SAML 簽署和加密](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetSigningCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-signing-certificate.html)。 ### `get-ui-customization` 以下程式碼範例顯示如何使用 `get-ui-customization`。 **AWS CLI** **顯示應用程式用戶端的傳統託管 UI 自訂設定** 下列 `get-ui-customization` 範例顯示未從使用者集區繼承設定之應用程式用戶端的傳統託管 UI 自訂設定。 ``` aws cognito-idp get-ui-customization \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 ``` 輸出: ``` { "UICustomization": { "UserPoolId": "us-west-2_EXAMPLE", "ClientId": "1example23456789", "ImageUrl": "https://example.cloudfront.net/us-west-2_EXAMPLE/1example23456789/20250115191928/assets/images/image.jpg", "CSS": "\n.logo-customizable {\n max-width: 80%;\n max-height: 30%;\n}\n\n.banner-customizable {\n padding: 25px 0px 25px 0px;\n background-color: lightgray;\n}\n\n.label-customizable {\n font-weight: 400;\n}\n\n.textDescription-customizable {\n padding-top: 100px;\n padding-bottom: 10px;\n display: block;\n font-size: 12px;\n}\n\n.idpDescription-customizable {\n padding-top: 10px;\n padding-bottom: 10px;\n display: block;\n font-size: 16px;\n}\n\n.legalText-customizable {\n color: #747474;\n font-size: 11px;\n}\n\n.submitButton-customizable {\n font-size: 14px;\n font-weight: bold;\n margin: 20px 0px 10px 0px;\n height: 50px;\n width: 100%;\n color: #fff;\n background-color: #337ab7;\n}\n\n.submitButton-customizable:hover {\n color: #fff;\n background-color: #286090;\n}\n\n.errorMessage-customizable {\n padding: 5px;\n font-size: 12px;\n width: 100%;\n background: #F5F5F5;\n border: 2px solid #D64958;\n color: #D64958;\n}\n\n.inputField-customizable {\n width: 100%;\n height: 34px;\n color: #555;\n background-color: #fff;\n border: 1px solid #ccc;\n}\n\n.inputField-customizable:focus {\n border-color: #66afe9;\n outline: 0;\n}\n\n.idpButton-customizable {\n height: 40px;\n width: 100%;\n width: 100%;\n text-align: center;\n margin-bottom: 15px;\n color: #fff;\n background-color: #5bc0de;\n border-color: #46b8da;\n}\n\n.idpButton-customizable:hover {\n color: #fff;\n background-color: #31b0d5;\n}\n\n.socialButton-customizable {\n border-radius: 2px;\n height: 60px;\n margin-bottom: 15px;\n padding: 1px;\n text-align: left;\n width: 100%;\n}\n\n.redirect-customizable {\n text-align: center;\n}\n\n.passwordCheck-notValid-customizable {\n color: #DF3312;\n}\n\n.passwordCheck-valid-customizable {\n color: #19BF00;\n}\n\n.background-customizable {\n background-color: #fff;\n}\n", "CSSVersion": "20250115191928" } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[託管 UI (傳統) 品牌](https://docs.aws.amazon.com/cognito/latest/developerguide/hosted-ui-classic-branding.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetUiCustomization](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-ui-customization.html)。 ### `get-user-attribute-verification-code` 以下程式碼範例顯示如何使用 `get-user-attribute-verification-code`。 **AWS CLI** **傳送屬性驗證碼給目前的使用者** 下列 `get-user-attribute-verification-code` 範例會將屬性驗證碼傳送至目前已登入使用者的電子郵件地址。 ``` aws cognito-idp get-user-attribute-verification-code \ --access-token eyJra456defEXAMPLE \ --attribute-name email ``` 輸出: ``` { "CodeDeliveryDetails": { "Destination": "a***@e***", "DeliveryMedium": "EMAIL", "AttributeName": "email" } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[註冊及確認使用者帳戶](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetUserAttributeVerificationCode](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-user-attribute-verification-code.html)。 ### `get-user-auth-factors` 以下程式碼範例顯示如何使用 `get-user-auth-factors`。 **AWS CLI** **列出目前使用者可用的身分驗證因素** 下列 `get-user-auth-factors` 範例列出目前已登入使用者的可用身分驗證因素。 ``` aws cognito-idp get-user-auth-factors \ --access-token eyJra456defEXAMPLE ``` 輸出: ``` { "Username": "testuser", "ConfiguredUserAuthFactors": [ "PASSWORD", "EMAIL_OTP", "SMS_OTP", "WEB_AUTHN" ] } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[身分驗證](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetUserAuthFactors](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-user-auth-factors.html)。 ### `get-user-pool-mfa-config` 以下程式碼範例顯示如何使用 `get-user-pool-mfa-config`。 **AWS CLI** **顯示使用者集區的多重要素驗證和 WebAuthn 設定** 下列 `get-user-pool-mfa-config` 範例顯示請求的使用者集區的 MFA 和 WebAuthn 組態。 ``` aws cognito-idp get-user-pool-mfa-config \ --user-pool-id us-west-2_EXAMPLE ``` 輸出: ``` { "SmsMfaConfiguration": { "SmsAuthenticationMessage": "Your OTP for MFA or sign-in: use {####}.", "SmsConfiguration": { "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/my-SMS-Role", "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SnsRegion": "us-west-2" } }, "SoftwareTokenMfaConfiguration": { "Enabled": true }, "EmailMfaConfiguration": { "Message": "Your OTP for MFA or sign-in: use {####}", "Subject": "OTP test" }, "MfaConfiguration": "OPTIONAL", "WebAuthnConfiguration": { "RelyingPartyId": "auth.example.com", "UserVerification": "preferred" } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[新增 MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetUserPoolMfaConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-user-pool-mfa-config.html)。 ### `get-user` 以下程式碼範例顯示如何使用 `get-user`。 **AWS CLI** **取得目前使用者的詳細資訊** 下列 `get-user` 範例顯示目前已登入使用者的設定檔。 ``` aws cognito-idp get-user \ --access-token eyJra456defEXAMPLE ``` 輸出: ``` { "Username": "johndoe", "UserAttributes": [ { "Name": "sub", "Value": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "identities", "Value": "[{\"userId\":\"a1b2c3d4-5678-90ab-cdef-EXAMPLE22222\",\"providerName\":\"SignInWithApple\",\"providerType\":\"SignInWithApple\",\"issuer\":null,\"primary\":false,\"dateCreated\":1701125599632}]" }, { "Name": "email_verified", "Value": "true" }, { "Name": "custom:state", "Value": "Maine" }, { "Name": "name", "Value": "John Doe" }, { "Name": "phone_number_verified", "Value": "true" }, { "Name": "phone_number", "Value": "+12065551212" }, { "Name": "preferred_username", "Value": "jamesdoe" }, { "Name": "locale", "Value": "EMEA" }, { "Name": "email", "Value": "jamesdoe@example.com" } ] } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[管理使用者](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [GetUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-user.html)。 ### `global-sign-out` 以下程式碼範例顯示如何使用 `global-sign-out`。 **AWS CLI** **登出目前的使用者** 下列 `global-sign-out` 範例會將目前的使用者從應用程式登出。 ``` aws cognito-idp global-sign-out \ --access-token eyJra456defEXAMPLE ``` 此命令不會產生輸出。 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[管理使用者](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users.html)。 + 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [GlobalSignOut](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/global-sign-out.html)。 ### `initiate-auth` 以下程式碼範例顯示如何使用 `initiate-auth`。 **AWS CLI** **讓使用者登入** 下列 `initiate-auth` 範例使用基本的使用者名稱密碼流程讓使用者登入,沒有額外的難題。 ``` aws cognito-idp initiate-auth \ --auth-flow USER_PASSWORD_AUTH \ --client-id 1example23456789 \ --analytics-metadata AnalyticsEndpointId=d70b2ba36a8c4dc5a04a0451aEXAMPLE \ --auth-parameters USERNAME=testuser,PASSWORD=[Password] --user-context-data EncodedData=mycontextdata --client-metadata MyTestKey=MyTestValue ``` 輸出: ``` { "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-v7w9UcY6" } } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[身分驗證](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [InitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/initiate-auth.html)。 ### `list-devices` 以下程式碼範例顯示如何使用 `list-devices`。 **AWS CLI** **列出使用者的裝置** 下列 `list-devices` 範例列出目前使用者已註冊的裝置。 ``` aws cognito-idp list-devices \ --access-token eyJra456defEXAMPLE ``` 輸出: ``` { "Devices": [ { "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "Dart-device" }, { "Name": "last_ip_used", "Value": "192.0.2.1" } ], "DeviceCreateDate": 1715100742.022, "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceLastAuthenticatedDate": 1715100742.0, "DeviceLastModifiedDate": 1723233651.167 }, { "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "last_ip_used", "Value": "192.0.2.2" } ], "DeviceCreateDate": 1726856147.993, "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "DeviceLastAuthenticatedDate": 1726856147.0, "DeviceLastModifiedDate": 1726856147.993 } ] } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[使用裝置](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListDevices](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-devices.html)。 ### `list-groups` 以下程式碼範例顯示如何使用 `list-groups`。 **AWS CLI** **列出使用者集區中的群組** 下列 `list-groups` 範例列出請求的使用者集區中的前兩個群組。 ``` aws cognito-idp list-groups \ --user-pool-id us-west-2_EXAMPLE \ --max-items 2 ``` 輸出: ``` { "Groups": [ { "CreationDate": 1681760899.633, "Description": "My test group", "GroupName": "testgroup", "LastModifiedDate": 1681760899.633, "Precedence": 1, "UserPoolId": "us-west-2_EXAMPLE" }, { "CreationDate": 1642632749.051, "Description": "Autogenerated group for users who sign in using Facebook", "GroupName": "us-west-2_EXAMPLE_Facebook", "LastModifiedDate": 1642632749.051, "UserPoolId": "us-west-2_EXAMPLE" } ], "NextToken": "[Pagination token]" } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[新增群組至使用者集區](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListGroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-groups.html)。 ### `list-identity-providers` 以下程式碼範例顯示如何使用 `list-identity-providers`。 **AWS CLI** **列出身分提供者** 下列 `list-identity-providers` 範例列出請求的使用者集區中,前兩個身分提供者。 ``` aws cognito-idp list-identity-providers \ --user-pool-id us-west-2_EXAMPLE \ --max-items 2 ``` 輸出: ``` { "Providers": [ { "CreationDate": 1619477386.504, "LastModifiedDate": 1703798328.142, "ProviderName": "Azure", "ProviderType": "SAML" }, { "CreationDate": 1642698776.175, "LastModifiedDate": 1642699086.453, "ProviderName": "LoginWithAmazon", "ProviderType": "LoginWithAmazon" } ], "NextToken": "[Pagination token]" } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[第三方 IdP 登入](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListIdentityProviders](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-identity-providers.html)。 ### `list-resource-servers` 以下程式碼範例顯示如何使用 `list-resource-servers`。 **AWS CLI** **列出資源伺服器** 下列 `list-resource-servers` 範例列出請求的使用者集區中,前兩個資源伺服器。 ``` aws cognito-idp list-resource-servers \ --user-pool-id us-west-2_EXAMPLE \ --max-results 2 ``` 輸出: ``` { "ResourceServers": [ { "Identifier": "myapi.example.com", "Name": "Example API with custom access control scopes", "Scopes": [ { "ScopeDescription": "International customers", "ScopeName": "international.read" }, { "ScopeDescription": "Domestic customers", "ScopeName": "domestic.read" } ], "UserPoolId": "us-west-2_EXAMPLE" }, { "Identifier": "myapi2.example.com", "Name": "Another example API for access control", "Scopes": [ { "ScopeDescription": "B2B customers", "ScopeName": "b2b.read" } ], "UserPoolId": "us-west-2_EXAMPLE" } ], "NextToken": "[Pagination token]" } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[利用資源伺服器控制存取權](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListResourceServers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-resource-servers.html)。 ### `list-tags-for-resource` 以下程式碼範例顯示如何使用 `list-tags-for-resource`。 **AWS CLI** **列出使用者集區標籤** 下列 `list-tags-for-resource` 範例列出利用請求的 ARN 指派給使用者集區的標籤。 ``` aws cognito-idp list-tags-for-resource \ --resource-arn arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE ``` 輸出: ``` { "Tags": { "administrator": "Jie", "tenant": "ExampleCorp" } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[標記 Amazon Cognito 資源](https://docs.aws.amazon.com/cognito/latest/developerguide/tagging.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListTagsForResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-tags-for-resource.html)。 ### `list-user-import-jobs` 以下程式碼範例顯示如何使用 `list-user-import-jobs`。 **AWS CLI** **列出使用者匯入任務和狀態** 下列 `list-user-import-jobs` 範例列出請求的使用者集區中,前三個使用者匯入任務及其詳細資訊。 ``` aws cognito-idp list-user-import-jobs \ --user-pool-id us-west-2_EXAMPLE \ --max-results 3 ``` 輸出: ``` { "PaginationToken": "us-west-2_EXAMPLE#import-example3#1667948397084", "UserImportJobs": [ { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/Cognito-UserImport-Role", "CompletionDate": 1735329786.142, "CompletionMessage": "The user import job has expired.", "CreationDate": 1735241621.022, "FailedUsers": 0, "ImportedUsers": 0, "JobId": "import-example1", "JobName": "Test-import-job-1", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "Status": "Expired", "UserPoolId": "us-west-2_EXAMPLE" }, { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/Cognito-UserImport-Role", "CompletionDate": 1681509058.408, "CompletionMessage": "Too many users have failed or been skipped during the import.", "CreationDate": 1681509001.477, "FailedUsers": 1, "ImportedUsers": 0, "JobId": "import-example2", "JobName": "Test-import-job-2", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "StartDate": 1681509057.965, "Status": "Failed", "UserPoolId": "us-west-2_EXAMPLE" }, { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/Cognito-UserImport-Role", "CompletionDate": 1.667864578676E9, "CompletionMessage": "Import Job Completed Successfully.", "CreationDate": 1.667864480281E9, "FailedUsers": 0, "ImportedUsers": 6, "JobId": "import-example3", "JobName": "Test-import-job-3", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "StartDate": 1.667864578167E9, "Status": "Succeeded", "UserPoolId": "us-west-2_EXAMPLE" } ] } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[從 CSV 檔案匯入使用者](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListUserImportJobs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-import-jobs.html)。 ### `list-user-pool-clients` 以下程式碼範例顯示如何使用 `list-user-pool-clients`。 **AWS CLI** **列出應用程式用戶端** 下列 `list-user-pool-clients` 範例列出請求的使用者集區中,前三個應用程式用戶端。 ``` aws cognito-idp list-user-pool-clients \ --user-pool-id us-west-2_EXAMPLE \ --max-results 3 ``` 輸出: ``` { "NextToken": "[Pagination token]", "UserPoolClients": [ { "ClientId": "1example23456789", "ClientName": "app-client-1", "UserPoolId": "us-west-2_EXAMPLE" }, { "ClientId": "2example34567890", "ClientName": "app-client-2", "UserPoolId": "us-west-2_EXAMPLE" }, { "ClientId": "3example45678901", "ClientName": "app-client-3", "UserPoolId": "us-west-2_EXAMPLE" } ] } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[應用程式用戶端](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListUserPoolClients](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-pool-clients.html)。 ### `list-user-pools` 以下程式碼範例顯示如何使用 `list-user-pools`。 **AWS CLI** **若要列出使用者集區** 下列`list-user-pools`範例列出目前 CLI 登入 AWS 資料帳戶中的 3 個可用使用者集區。 ``` aws cognito-idp list-user-pools \ --max-results 3 ``` 輸出: ``` { "NextToken": "[Pagination token]", "UserPools": [ { "CreationDate": 1681502497.741, "Id": "us-west-2_EXAMPLE1", "LambdaConfig": { "CustomMessage": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "PreSignUp": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "PreTokenGeneration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "PreTokenGenerationConfig": { "LambdaArn": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "LambdaVersion": "V1_0" } }, "LastModifiedDate": 1681502497.741, "Name": "user pool 1" }, { "CreationDate": 1686064178.717, "Id": "us-west-2_EXAMPLE2", "LambdaConfig": { }, "LastModifiedDate": 1686064178.873, "Name": "user pool 2" }, { "CreationDate": 1627681712.237, "Id": "us-west-2_EXAMPLE3", "LambdaConfig": { "UserMigration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction" }, "LastModifiedDate": 1678486942.479, "Name": "user pool 3" } ] } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[Amazon Cognito 使用者集區](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListUserPools](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-pools.html)。 ### `list-users-in-group` 以下程式碼範例顯示如何使用 `list-users-in-group`。 **AWS CLI** **列出群組中的使用者** 此範例列出群組 MyGroup 中的使用者。 命令: ``` aws cognito-idp list-users-in-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroup ``` 輸出: ``` { "Users": [ { "Username": "acf10624-80bb-401a-ac61-607bee2110ec", "Attributes": [ { "Name": "sub", "Value": "acf10624-80bb-401a-ac61-607bee2110ec" }, { "Name": "custom:CustomAttr1", "Value": "New Value!" }, { "Name": "email", "Value": "jane@example.com" } ], "UserCreateDate": 1548102770.284, "UserLastModifiedDate": 1548103204.893, "Enabled": true, "UserStatus": "CONFIRMED" }, { "Username": "22704aa3-fc10-479a-97eb-2af5806bd327", "Attributes": [ { "Name": "sub", "Value": "22704aa3-fc10-479a-97eb-2af5806bd327" }, { "Name": "email_verified", "Value": "true" }, { "Name": "email", "Value": "diego@example.com" } ], "UserCreateDate": 1548089817.683, "UserLastModifiedDate": 1548089817.683, "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD" } ] } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListUsersInGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-users-in-group.html)。 ### `list-users` 以下程式碼範例顯示如何使用 `list-users`。 **AWS CLI** **範例 1:列出具有伺服器端篩選條件的使用者** 下列 `list-users` 範例列出請求的使用者集區中,電子郵件地址開頭為 `testuser` 的 3 名使用者。 ``` aws cognito-idp list-users \ --user-pool-id us-west-2_EXAMPLE \ --filter email^=\"testuser\" \ --max-items 3 ``` 輸出: ``` { "PaginationToken": "efgh5678EXAMPLE", "Users": [ { "Attributes": [ { "Name": "sub", "Value": "eaad0219-2117-439f-8d46-4db20e59268f" }, { "Name": "email", "Value": "testuser@example.com" } ], "Enabled": true, "UserCreateDate": 1682955829.578, "UserLastModifiedDate": 1689030181.63, "UserStatus": "CONFIRMED", "Username": "testuser" }, { "Attributes": [ { "Name": "sub", "Value": "3b994cfd-0b07-4581-be46-3c82f9a70c90" }, { "Name": "email", "Value": "testuser2@example.com" } ], "Enabled": true, "UserCreateDate": 1684427979.201, "UserLastModifiedDate": 1684427979.201, "UserStatus": "UNCONFIRMED", "Username": "testuser2" }, { "Attributes": [ { "Name": "sub", "Value": "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7" }, { "Name": "email", "Value": "testuser3@example.com" } ], "Enabled": true, "UserCreateDate": 1684427823.641, "UserLastModifiedDate": 1684427823.641, "UserStatus": "UNCONFIRMED", "Username": "testuser3@example.com" } ] } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[管理和搜尋使用者](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html)。 **範例 2:列出具有用戶端篩選條件的使用者** 下列 `list-users` 範例列出三名具有屬性之使用者的屬性,在此情況下,其電子郵件地址包含電子郵件網域 "@example.com"。如果其他屬性包含此字串,也會顯示這些屬性。第二名使用者未符合查詢的屬性,而且會從顯示的輸出中排除,但不會從伺服器回應中排除。 ``` aws cognito-idp list-users \ --user-pool-id us-west-2_EXAMPLE \ --max-items 3 --query Users\[\*\].Attributes\[\?Value\.contains\(\@\,\'@example.com\'\)\] ``` 輸出: ``` [ [ { "Name": "email", "Value": "admin@example.com" } ], [], [ { "Name": "email", "Value": "operator@example.com" } ] ] ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[管理和搜尋使用者](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListUsers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-users.html)。 ### `list-web-authn-credentials` 以下程式碼範例顯示如何使用 `list-web-authn-credentials`。 **AWS CLI** **列出通行密鑰憑證** 下列 `list-web-authn-credentials` 範例列出目前使用者的通行密鑰或 WebAuthn 憑證。他們有一個已註冊的裝置。 ``` aws cognito-idp list-web-authn-credentials \ --access-token eyJra456defEXAMPLE ``` 輸出: ``` { "Credentials": [ { "AuthenticatorAttachment": "cross-platform", "CreatedAt": 1736293876.115, "CredentialId": "8LApgk4-lNUFHbhm2w6Und7-uxcc8coJGsPxiogvHoItc64xWQc3r4CEXAMPLE", "FriendlyCredentialName": "Roaming passkey", "RelyingPartyId": "auth.example.com" } ] } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[通行密鑰登入](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html#amazon-cognito-user-pools-authentication-flow-methods-passkey)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListWebAuthnCredentials](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-web-authn-credentials.html)。 ### `resend-confirmation-code` 以下程式碼範例顯示如何使用 `resend-confirmation-code`。 **AWS CLI** **若要重新傳送確認碼** 下列 `resend-confirmation-code` 範例會傳送確認碼給使用者 `jane`。 ``` aws cognito-idp resend-confirmation-code \ --client-id 12a3b456c7de890f11g123hijk \ --username jane ``` 輸出: ``` { "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[註冊及確認使用者帳戶](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ResendConfirmationCode](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/resend-confirmation-code.html)。 ### `respond-to-auth-challenge` 以下程式碼範例顯示如何使用 `respond-to-auth-challenge`。 **AWS CLI** **範例 1:回應 NEW\$1PASSWORD\$1REQUIRED 挑戰** 下列 `respond-to-auth-challenge` 範例回應 initiate-auth 傳回的 NEW\$1PASSWORD\$1REQUIRED 挑戰。設定使用者 `jane@example.com` 的密碼。 ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 \ --challenge-name NEW_PASSWORD_REQUIRED \ --challenge-responses USERNAME=jane@example.com,NEW_PASSWORD=[Password] \ --session AYABeEv5HklEXAMPLE ``` 輸出: ``` { "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "ACCESS_TOKEN", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "REFRESH_TOKEN", "IdToken": "ID_TOKEN", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-wt2ha1Zd" } } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[身分驗證](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。 **範例 2:回應 SELECT\$1MFA\$1TYPE 挑戰** 下列 `respond-to-auth-challenge` 範例選擇 TOTP MFA 做為目前使用者的 MFA 選項。系統提示使用者選取 MFA 類型,然後提示使用者輸入其 MFA 碼。 ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 --session AYABeEv5HklEXAMPLE --challenge-name SELECT_MFA_TYPE --challenge-responses USERNAME=testuser,ANSWER=SOFTWARE_TOKEN_MFA ``` 輸出: ``` { "ChallengeName": "SOFTWARE_TOKEN_MFA", "Session": "AYABeEv5HklEXAMPLE", "ChallengeParameters": { "FRIENDLY_DEVICE_NAME": "transparent" } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[新增 MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 **範例 3:回應 SOFTWARE\$1TOKEN\$1MFA 挑戰** 下列 `respond-to-auth-challenge` 範例提供 TOTP MFA 碼,並完成登入。 ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 \ --session AYABeEv5HklEXAMPLE \ --challenge-name SOFTWARE_TOKEN_MFA \ --challenge-responses USERNAME=testuser,SOFTWARE_TOKEN_MFA_CODE=123456 ``` 輸出: ``` { "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-v7w9UcY6" } } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[新增 MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [RespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/respond-to-auth-challenge.html)。 ### `revoke-token` 以下程式碼範例顯示如何使用 `revoke-token`。 **AWS CLI** **撤銷重新整理字符** 以下 `revoke-token` 會撤銷請求的重新整理字符,和相關聯的存取字符。 ``` aws cognito-idp revoke-token \ --token eyJjd123abcEXAMPLE \ --client-id 1example23456789 ``` 此命令不會產生輸出。 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[撤銷字符](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [RevokeToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/revoke-token.html)。 ### `set-log-delivery-configuration` 以下程式碼範例顯示如何使用 `set-log-delivery-configuration`。 **AWS CLI** **設定日誌從使用者集區匯出** 下列 `set-log-delivery-configuration` 範例會設定請求的使用者集區,將使用者通知錯誤記錄到日誌群組,並將使用者身分驗證資訊記錄到 S3 儲存貯體。 ``` aws cognito-idp set-log-delivery-configuration \ --user-pool-id us-west-2_EXAMPLE \ --log-configurations LogLevel=ERROR,EventSource=userNotification,CloudWatchLogsConfiguration={LogGroupArn=arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported} LogLevel=INFO,EventSource=userAuthEvents,S3Configuration={BucketArn=arn:aws:s3:::amzn-s3-demo-bucket1} ``` 輸出: ``` { "LogDeliveryConfiguration": { "LogConfigurations": [ { "CloudWatchLogsConfiguration": { "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported" }, "EventSource": "userNotification", "LogLevel": "ERROR" }, { "EventSource": "userAuthEvents", "LogLevel": "INFO", "S3Configuration": { "BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1" } } ], "UserPoolId": "us-west-2_EXAMPLE" } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[匯出使用者集區日誌](https://docs.aws.amazon.com/cognito/latest/developerguide/exporting-quotas-and-usage.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [SetLogDeliveryConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-log-delivery-configuration.html)。 ### `set-risk-configuration` 以下程式碼範例顯示如何使用 `set-risk-configuration`。 **AWS CLI** **設定威脅防護風險組態** 下列 `set-risk-configuration` 範例會在請求的應用程式用戶端中,設定威脅防護訊息和動作、遭入侵的憑證,以及 IP 位址的例外狀況。由於 NotifyConfiguration 物件的複雜性,JSON 輸入是此命令的最佳實務。 ``` aws cognito-idp set-risk-configuration \ --cli-input-json file://set-risk-configuration.json ``` `set-risk-configuration.json` 的內容: ``` { "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "MFA_REQUIRED", "Notify": true }, "LowAction": { "EventAction": "NO_ACTION", "Notify": true }, "MediumAction": { "EventAction": "MFA_IF_CONFIGURED", "Notify": true } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We blocked an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "Blocked sign-in attempt", "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "From": "admin@example.com", "MfaEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We required you to use multi-factor authentication for the following sign-in attempt:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "New sign-in attempt", "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "NoActionEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We observed an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "New sign-in attempt", "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "ReplyTo": "admin@example.com", "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com" } }, "ClientId": "1example23456789", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "BLOCK" }, "EventFilter": [ "PASSWORD_CHANGE", "SIGN_UP", "SIGN_IN" ] }, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "192.0.2.1/32", "192.0.2.2/32" ], "SkippedIPRangeList": [ "203.0.113.1/32", "203.0.113.2/32" ] }, "UserPoolId": "us-west-2_EXAMPLE" } ``` 輸出: ``` { "RiskConfiguration": { "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "MFA_REQUIRED", "Notify": true }, "LowAction": { "EventAction": "NO_ACTION", "Notify": true }, "MediumAction": { "EventAction": "MFA_IF_CONFIGURED", "Notify": true } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We blocked an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "Blocked sign-in attempt", "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "From": "admin@example.com", "MfaEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We required you to use multi-factor authentication for the following sign-in attempt:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "New sign-in attempt", "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "NoActionEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We observed an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "New sign-in attempt", "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "ReplyTo": "admin@example.com", "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com" } }, "ClientId": "1example23456789", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "BLOCK" }, "EventFilter": [ "PASSWORD_CHANGE", "SIGN_UP", "SIGN_IN" ] }, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "192.0.2.1/32", "192.0.2.2/32" ], "SkippedIPRangeList": [ "203.0.113.1/32", "203.0.113.2/32" ] }, "UserPoolId": "us-west-2_EXAMPLE" } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[威脅防護](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [SetRiskConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-risk-configuration.html)。 ### `set-ui-customization` 以下程式碼範例顯示如何使用 `set-ui-customization`。 **AWS CLI** **範例 1:自訂應用程式用戶端的傳統託管 UI** 下列 `set-ui-customization` 範例使用一些自訂 CSS,設定請求的應用程式用戶端,並以 Amazon Cognito 標誌做為應用程式標誌。 ``` aws cognito-idp set-ui-customization \ --user-pool-id us-west-2_ywDJHlIfU \ --client-id 14pq32c5q2uq2q7keorloqvb23 \ --css ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n" \ --image-file iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAMAAAC5zwKfAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAA2UExURd00TN9BV/Cmsfvm6f3y9P////fM0uqAj+yNmu6ZpvnZ3eNabuFNYuZneehzhPKzvPTAxwAAAOiMMlkAAAASdFJOU///////////////////////AOK/vxIAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAKDSURBVFhH7ZfpkoMgEISDHKuEw/d/2u2BQWMiBrG29o+fVsKatdPMAeZxc3Nz8w+ISekzmB++sYIw/I/tjHzrPpO2Tx62EbR2PNxFac+jVuKxRaV50IzXkUe76NOCoUuwlvnQKei02gNF0ykotOLRBq/nboeWRxAISx2EbsHFoRhK6Igk2JJlwScfQjgt06dOaWWiTbEDAe/iq8N9kqCw2uCbHkHlYkaXEF8EYeL9RDqT4FhC6XMIIEifdcUwCc4leNyhabadWU6OlKYJE1Oac3NSPhB5rlaXlSgmr/1lww4nPaU/1ylfLGxX1r6Y66ZZkCqvnOlqKWws59ELj7fULc2CubwySYkdDuuiY0/F0L6Q5pZiSG0SfZTSTCOUhxOCH1AdIoCpTTIjtd+VpEjUDDytQH/0Fpc661Aisas/4qmyUItD557pSCOSQQzlx27J+meyDGc5zZgfhWuXE1lGgmVOMwmWdeGdzhjqZV14x5vSj7vsC5JDz/Cl0Vhp56n2NQt1wQIpury1EPbwyaYm+IhmAQKoajkH51wg4cMZ1wQ3QG9efKWWOaDhYWnU6jXjCMdRmm21PArI+Pb5DYoH93hq0ZCPlxeGJho/DI15C6sQc/L2sTC47UFBKZGHT6k+zlXg7WebA0Nr0HTcLMfk/Y4Rc65D3iG6WDd7YLSlVqk87bVhUwhnClrx11RsVQwlAA818Mn+QEs71BhSFU6orsUfKhHp72XMGYXi4q9c64RXRvzkWurRfG2vI2be/VaNcNgpX0Evb/vio7nPMmj5qujkpQgSaPd1UcVqciHFDNZpOcGlcOPyi+AamCbIL9fitxAGeFN2Dl+3vZubm5u/4fH4Bd14HhIPdwZPAAAAAElFTkSuQmCC ``` 輸出: ``` { "UICustomization": { "UserPoolId": "us-west-2_ywDJHlIfU", "ClientId": "14pq32c5q2uq2q7keorloqvb23", "ImageUrl": "https://cf.thewrong.club/14pq32c5q2uq2q7keorloqvb23/20250117005911/assets/images/image.jpg", "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n", "CSSVersion": "20250117005911" } } ``` **範例 2:為所有應用程式用戶端設定預設 UI 自訂** 下列 `set-ui-customization` 範例會為沒有特定用戶端組態的所有應用程式用戶端,設定請求的使用者集區。命令會套用一些自訂 CSS,並以 Amazon Cognito 標誌做為應用程式標誌。 ``` aws cognito-idp set-ui-customization \ --user-pool-id us-west-2_ywDJHlIfU \ --client-id ALL \ --css ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n" \ --image-file iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAMAAAC5zwKfAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAA2UExURd00TN9BV/Cmsfvm6f3y9P////fM0uqAj+yNmu6ZpvnZ3eNabuFNYuZneehzhPKzvPTAxwAAAOiMMlkAAAASdFJOU///////////////////////AOK/vxIAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAKDSURBVFhH7ZfpkoMgEISDHKuEw/d/2u2BQWMiBrG29o+fVsKatdPMAeZxc3Nz8w+ISekzmB++sYIw/I/tjHzrPpO2Tx62EbR2PNxFac+jVuKxRaV50IzXkUe76NOCoUuwlvnQKei02gNF0ykotOLRBq/nboeWRxAISx2EbsHFoRhK6Igk2JJlwScfQjgt06dOaWWiTbEDAe/iq8N9kqCw2uCbHkHlYkaXEF8EYeL9RDqT4FhC6XMIIEifdcUwCc4leNyhabadWU6OlKYJE1Oac3NSPhB5rlaXlSgmr/1lww4nPaU/1ylfLGxX1r6Y66ZZkCqvnOlqKWws59ELj7fULc2CubwySYkdDuuiY0/F0L6Q5pZiSG0SfZTSTCOUhxOCH1AdIoCpTTIjtd+VpEjUDDytQH/0Fpc661Aisas/4qmyUItD557pSCOSQQzlx27J+meyDGc5zZgfhWuXE1lGgmVOMwmWdeGdzhjqZV14x5vSj7vsC5JDz/Cl0Vhp56n2NQt1wQIpury1EPbwyaYm+IhmAQKoajkH51wg4cMZ1wQ3QG9efKWWOaDhYWnU6jXjCMdRmm21PArI+Pb5DYoH93hq0ZCPlxeGJho/DI15C6sQc/L2sTC47UFBKZGHT6k+zlXg7WebA0Nr0HTcLMfk/Y4Rc65D3iG6WDd7YLSlVqk87bVhUwhnClrx11RsVQwlAA818Mn+QEs71BhSFU6orsUfKhHp72XMGYXi4q9c64RXRvzkWurRfG2vI2be/VaNcNgpX0Evb/vio7nPMmj5qujkpQgSaPd1UcVqciHFDNZpOcGlcOPyi+AamCbIL9fitxAGeFN2Dl+3vZubm5u/4fH4Bd14HhIPdwZPAAAAAElFTkSuQmCC ``` 輸出: ``` { "UICustomization": { "UserPoolId": "us-west-2_ywDJHlIfU", "ClientId": "14pq32c5q2uq2q7keorloqvb23", "ImageUrl": "https://cf.thewrong.club/14pq32c5q2uq2q7keorloqvb23/20250117005911/assets/images/image.jpg", "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n", "CSSVersion": "20250117005911" } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[託管 UI (傳統) 品牌](https://docs.aws.amazon.com/cognito/latest/developerguide/hosted-ui-classic-branding.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [SetUiCustomization](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-ui-customization.html)。 ### `set-user-mfa-preference` 以下程式碼範例顯示如何使用 `set-user-mfa-preference`。 **AWS CLI** **設定使用者的 MFA 偏好設定** 下列 `set-user-mfa-preference` 範例將目前使用者設定為使用 TOTP MFA,並停用其他所有 MFA 因素。 ``` aws cognito-idp set-user-mfa-preference \ --access-token eyJra456defEXAMPLE \ --software-token-mfa-settings Enabled=true,PreferredMfa=true \ --sms-mfa-settings Enabled=false,PreferredMfa=false \ --email-mfa-settings Enabled=false,PreferredMfa=false ``` 此命令不會產生輸出。 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[新增 MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [SetUserMfaPreference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-user-mfa-preference.html)。 ### `set-user-pool-mfa-config` 以下程式碼範例顯示如何使用 `set-user-pool-mfa-config`。 **AWS CLI** **設定使用者集區 MFA 和 WebAuthn** 下列 `set-user-pool-mfa-config` 範例藉由所有可用的 MFA 方法,使用選用的 MFA 設定請求的使用者集區,並設定 WebAuthn 組態。 ``` aws cognito-idp set-user-pool-mfa-config \ --user-pool-id us-west-2_EXAMPLE \ --sms-mfa-configuration "SmsAuthenticationMessage=\"Your OTP for MFA or sign-in: use {####}.\",SmsConfiguration={SnsCallerArn=arn:aws:iam::123456789012:role/service-role/test-SMS-Role,ExternalId=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111,SnsRegion=us-west-2}" \ --software-token-mfa-configuration Enabled=true \ --email-mfa-configuration "Message=\"Your OTP for MFA or sign-in: use {####}\",Subject=\"OTP test\"" \ --mfa-configuration OPTIONAL \ --web-authn-configuration RelyingPartyId=auth.example.com,UserVerification=preferred ``` 輸出: ``` { "EmailMfaConfiguration": { "Message": "Your OTP for MFA or sign-in: use {####}", "Subject": "OTP test" }, "MfaConfiguration": "OPTIONAL", "SmsMfaConfiguration": { "SmsAuthenticationMessage": "Your OTP for MFA or sign-in: use {####}.", "SmsConfiguration": { "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/test-SMS-Role", "SnsRegion": "us-west-2" } }, "SoftwareTokenMfaConfiguration": { "Enabled": true }, "WebAuthnConfiguration": { "RelyingPartyId": "auth.example.com", "UserVerification": "preferred" } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[新增 MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) 和[通行密鑰登入](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html#amazon-cognito-user-pools-authentication-flow-methods-passkey)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [SetUserPoolMfaConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-user-pool-mfa-config.html)。 ### `set-user-settings` 以下程式碼範例顯示如何使用 `set-user-settings`。 **AWS CLI** **設定使用者的設定** 此範例會將 MFA 交付偏好設定為 EMAIL。 命令: ``` aws cognito-idp set-user-settings --access-token ACCESS_TOKEN --mfa-options DeliveryMedium=EMAIL ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [SetUserSettings](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-user-settings.html)。 ### `sign-up` 以下程式碼範例顯示如何使用 `sign-up`。 **AWS CLI** **若要將使用者登出** 此範例註冊了 jane@example.com。 命令: ``` aws cognito-idp sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username jane@example.com --password PASSWORD --user-attributes Name="email",Value="jane@example.com" Name="name",Value="Jane" ``` 輸出: ``` { "UserConfirmed": false, "UserSub": "e04d60a6-45dc-441c-a40b-e25a787d4862" } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [SignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/sign-up.html)。 ### `start-user-import-job` 以下程式碼範例顯示如何使用 `start-user-import-job`。 **AWS CLI** **啟動匯入任務** 下列 `start-user-import-job` 範例在請求的使用者集區中,啟動請求的匯入任務。 ``` aws cognito-idp start-user-import-job \ --user-pool-id us-west-2_EXAMPLE \ --job-id import-mAgUtd8PMm ``` 輸出: ``` { "UserImportJob": { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/example-cloudwatch-logs-role", "CreationDate": 1736442975.904, "FailedUsers": 0, "ImportedUsers": 0, "JobId": "import-mAgUtd8PMm", "JobName": "Customer import", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "StartDate": 1736443020.081, "Status": "Pending", "UserPoolId": "us-west-2_EXAMPLE" } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[將使用者匯入使用者集區](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [StartUserImportJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/start-user-import-job.html)。 ### `start-web-authn-registration` 以下程式碼範例顯示如何使用 `start-web-authn-registration`。 **AWS CLI** **取得已登入使用者的通行密鑰註冊資訊** 下列 `start-web-authn-registration` 範例會為目前使用者產生 WebAuthn 註冊選項。 ``` aws cognito-idp start-web-authn-registration \ --access-token eyJra456defEXAMPLE ``` 輸出: ``` { "CredentialCreationOptions": { "authenticatorSelection": { "requireResidentKey": true, "residentKey": "required", "userVerification": "preferred" }, "challenge": "wxvbDicyqQqvF2EXAMPLE", "excludeCredentials": [ { "id": "8LApgk4-lNUFHbhm2w6Und7-uxcc8coJGsPxiogvHoItc64xWQc3r4CEXAMPLE", "type": "public-key" } ], "pubKeyCredParams": [ { "alg": -7, "type": "public-key" }, { "alg": -257, "type": "public-key" } ], "rp": { "id": "auth.example.com", "name": "auth.example.com" }, "timeout": 60000, "user": { "displayName": "testuser", "id": "ZWFhZDAyMTktMjExNy00MzlmLThkNDYtNGRiMjBlNEXAMPLE", "name": "testuser" } } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[通行密鑰登入](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html#amazon-cognito-user-pools-authentication-flow-methods-passkey)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [StartWebAuthnRegistration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/start-web-authn-registration.html)。 ### `stop-user-import-job` 以下程式碼範例顯示如何使用 `stop-user-import-job`。 **AWS CLI** **停止匯入任務** 下列 `stop-user-import-job` 範例在請求的使用者集區中,停止請求的執行中使用者匯入任務。 ``` aws cognito-idp stop-user-import-job \ --user-pool-id us-west-2_EXAMPLE \ --job-id import-mAgUtd8PMm ``` 輸出: ``` { "UserImportJob": { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/example-cloudwatch-logs-role", "CompletionDate": 1736443496.379, "CompletionMessage": "The Import Job was stopped by the developer.", "CreationDate": 1736443471.781, "FailedUsers": 0, "ImportedUsers": 0, "JobId": "import-mAgUtd8PMm", "JobName": "Customer import", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "StartDate": 1736443494.154, "Status": "Stopped", "UserPoolId": "us-west-2_EXAMPLE" } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[將使用者匯入使用者集區](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [StopUserImportJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/stop-user-import-job.html)。 ### `tag-resource` 以下程式碼範例顯示如何使用 `tag-resource`。 **AWS CLI** **標記使用者集區** 下列 `tag-resource` 範例將 `administrator` 和 `department` 標籤套用至請求的使用者集區。 ``` aws cognito-idp tag-resource \ --resource-arn arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE \ --tags administrator=Jie,tenant=ExampleCorp ``` 此命令不會產生輸出。 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[標記 Amazon Cognito 資源](https://docs.aws.amazon.com/cognito/latest/developerguide/tagging.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [TagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/tag-resource.html)。 ### `untag-resource` 以下程式碼範例顯示如何使用 `untag-resource`。 **AWS CLI** **從使用者集區移除標籤** 下列 `untag-resource` 範例從請求的使用者集區中移除 `administrator` 和 `department` 標籤。 ``` aws cognito-idp untag-resource \ --resource-arn arn:aws:cognito-idp:us-west-2:767671399759:userpool/us-west-2_l5cxwdm2K \ --tag-keys administrator tenant ``` 此命令不會產生輸出。 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[標記 Amazon Cognito 資源](https://docs.aws.amazon.com/cognito/latest/developerguide/tagging.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UntagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/untag-resource.html)。 ### `update-auth-event-feedback` 以下程式碼範例顯示如何使用 `update-auth-event-feedback`。 **AWS CLI** **更新授權事件意見回饋** 此範例會更新授權事件意見回饋。並且會標記事件為「有效」。 命令: ``` aws cognito-idp update-auth-event-feedback --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --event-id EVENT_ID --feedback-token FEEDBACK_TOKEN --feedback-value "Valid" ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateAuthEventFeedback](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-auth-event-feedback.html)。 ### `update-device-status` 以下程式碼範例顯示如何使用 `update-device-status`。 **AWS CLI** **更新裝置狀態** 此範例會將裝置的狀態更新為 "not\$1remembered"。 命令: ``` aws cognito-idp update-device-status --access-token ACCESS_TOKEN --device-key DEVICE_KEY --device-remembered-status "not_remembered" ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateDeviceStatus](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-device-status.html)。 ### `update-group` 以下程式碼範例顯示如何使用 `update-group`。 **AWS CLI** **更新群組** 此範例會更新 MyGroup 的描述和優先順序。 命令: ``` aws cognito-idp update-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroup --description "New description" --precedence 2 ``` 輸出: ``` { "Group": { "GroupName": "MyGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New description", "RoleArn": "arn:aws:iam::111111111111:role/MyRole", "Precedence": 2, "LastModifiedDate": 1548800862.812, "CreationDate": 1548097827.125 } } ``` + 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [UpdateGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-group.html)。 ### `update-identity-provider` 以下程式碼範例顯示如何使用 `update-identity-provider`。 **AWS CLI** **更新使用者集區身分提供者** 下列 `update-identity-provider` 範例會在請求的使用者集區中更新 OIDC 提供者 "MyOIDCIdP"。 ``` aws cognito-idp update-identity-provider \ --cli-input-json file://update-identity-provider.json ``` `update-identity-provider.json` 的內容: ``` { "AttributeMapping": { "email": "idp_email", "email_verified": "idp_email_verified", "username": "sub" }, "CreationDate": 1.701129701653E9, "IdpIdentifiers": [ "corp", "dev" ], "LastModifiedDate": 1.701129701653E9, "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile", "authorize_url": "https://example.com/authorize", "client_id": "idpexampleclient123", "client_secret": "idpexamplesecret456", "jwks_uri": "https://example.com/.well-known/jwks.json", "oidc_issuer": "https://example.com", "token_url": "https://example.com/token" }, "ProviderName": "MyOIDCIdP", "UserPoolId": "us-west-2_EXAMPLE" } ``` 輸出: ``` { "IdentityProvider": { "AttributeMapping": { "email": "idp_email", "email_verified": "idp_email_verified", "username": "sub" }, "CreationDate": 1701129701.653, "IdpIdentifiers": [ "corp", "dev" ], "LastModifiedDate": 1736444278.211, "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile", "authorize_url": "https://example.com/authorize", "client_id": "idpexampleclient123", "client_secret": "idpexamplesecret456", "jwks_uri": "https://example.com/.well-known/jwks.json", "oidc_issuer": "https://example.com", "token_url": "https://example.com/token" }, "ProviderName": "MyOIDCIdP", "ProviderType": "OIDC", "UserPoolId": "us-west-2_EXAMPLE" } } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[設定網域](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateIdentityProvider](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-identity-provider.html)。 ### `update-managed-login-branding` 以下程式碼範例顯示如何使用 `update-managed-login-branding`。 **AWS CLI** **更新受管登入品牌樣式** 下列 `update-managed-login-branding` 範例會更新請求的應用程式用戶端品牌樣式。 ``` aws cognito-idp update-managed-login-branding \ --cli-input-json file://update-managed-login-branding.json ``` `update-managed-login-branding.json` 的內容: ``` { "Assets": [ { "Bytes": "PHN2ZyB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiB2aWV3Qm94PSIwIDAgMjAwMDAgNDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8ZyBjbGlwLXBhdGg9InVybCgjY2xpcDBfMTcyNTlfMjM2Njc0KSI+CjxyZWN0IHdpZHRoPSIyMDAwMCIgaGVpZ2h0PSI0MDAiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQpIi8+CjxwYXRoIGQ9Ik0wIDBIMjAwMDBWNDAwSDBWMFoiIGZpbGw9IiMxMjIwMzciIGZpbGwtb3BhY2l0eT0iMC41Ii8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQiIHgxPSItODk0LjI0OSIgeTE9IjE5OS45MzEiIHgyPSIxODAzNC41IiB5Mj0iLTU4OTkuNTciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0JGODBGRiIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNGRjhGQUIiLz4KPC9saW5lYXJHcmFkaWVudD4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xNzI1OV8yMzY2NzQiPgo8cmVjdCB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo=", "Category": "PAGE_FOOTER_BACKGROUND", "ColorMode": "DARK", "Extension": "SVG" } ], "ManagedLoginBrandingId": "63f30090-6b1f-4278-b885-2bbb81f8e545", "Settings": { "categories": { "auth": { "authMethodOrder": [ [ { "display": "BUTTON", "type": "FEDERATED" }, { "display": "INPUT", "type": "USERNAME_PASSWORD" } ] ], "federation": { "interfaceStyle": "BUTTON_LIST", "order": [ ] } }, "form": { "displayGraphics": true, "instructions": { "enabled": false }, "languageSelector": { "enabled": false }, "location": { "horizontal": "CENTER", "vertical": "CENTER" }, "sessionTimerDisplay": "NONE" }, "global": { "colorSchemeMode": "LIGHT", "pageFooter": { "enabled": false }, "pageHeader": { "enabled": false }, "spacingDensity": "REGULAR" }, "signUp": { "acceptanceElements": [ { "enforcement": "NONE", "textKey": "en" } ] } }, "componentClasses": { "buttons": { "borderRadius": 8.0 }, "divider": { "darkMode": { "borderColor": "232b37ff" }, "lightMode": { "borderColor": "ebebf0ff" } }, "dropDown": { "borderRadius": 8.0, "darkMode": { "defaults": { "itemBackgroundColor": "192534ff" }, "hover": { "itemBackgroundColor": "081120ff", "itemBorderColor": "5f6b7aff", "itemTextColor": "e9ebedff" }, "match": { "itemBackgroundColor": "d1d5dbff", "itemTextColor": "89bdeeff" } }, "lightMode": { "defaults": { "itemBackgroundColor": "ffffffff" }, "hover": { "itemBackgroundColor": "f4f4f4ff", "itemBorderColor": "7d8998ff", "itemTextColor": "000716ff" }, "match": { "itemBackgroundColor": "414d5cff", "itemTextColor": "0972d3ff" } } }, "focusState": { "darkMode": { "borderColor": "539fe5ff" }, "lightMode": { "borderColor": "0972d3ff" } }, "idpButtons": { "icons": { "enabled": true } }, "input": { "borderRadius": 8.0, "darkMode": { "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "5f6b7aff" }, "placeholderColor": "8d99a8ff" }, "lightMode": { "defaults": { "backgroundColor": "ffffffff", "borderColor": "7d8998ff" }, "placeholderColor": "5f6b7aff" } }, "inputDescription": { "darkMode": { "textColor": "8d99a8ff" }, "lightMode": { "textColor": "5f6b7aff" } }, "inputLabel": { "darkMode": { "textColor": "d1d5dbff" }, "lightMode": { "textColor": "000716ff" } }, "link": { "darkMode": { "defaults": { "textColor": "539fe5ff" }, "hover": { "textColor": "89bdeeff" } }, "lightMode": { "defaults": { "textColor": "0972d3ff" }, "hover": { "textColor": "033160ff" } } }, "optionControls": { "darkMode": { "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "7d8998ff" }, "selected": { "backgroundColor": "539fe5ff", "foregroundColor": "000716ff" } }, "lightMode": { "defaults": { "backgroundColor": "ffffffff", "borderColor": "7d8998ff" }, "selected": { "backgroundColor": "0972d3ff", "foregroundColor": "ffffffff" } } }, "statusIndicator": { "darkMode": { "error": { "backgroundColor": "1a0000ff", "borderColor": "eb6f6fff", "indicatorColor": "eb6f6fff" }, "pending": { "indicatorColor": "AAAAAAAA" }, "success": { "backgroundColor": "001a02ff", "borderColor": "29ad32ff", "indicatorColor": "29ad32ff" }, "warning": { "backgroundColor": "1d1906ff", "borderColor": "e0ca57ff", "indicatorColor": "e0ca57ff" } }, "lightMode": { "error": { "backgroundColor": "fff7f7ff", "borderColor": "d91515ff", "indicatorColor": "d91515ff" }, "pending": { "indicatorColor": "AAAAAAAA" }, "success": { "backgroundColor": "f2fcf3ff", "borderColor": "037f0cff", "indicatorColor": "037f0cff" }, "warning": { "backgroundColor": "fffce9ff", "borderColor": "8d6605ff", "indicatorColor": "8d6605ff" } } } }, "components": { "alert": { "borderRadius": 12.0, "darkMode": { "error": { "backgroundColor": "1a0000ff", "borderColor": "eb6f6fff" } }, "lightMode": { "error": { "backgroundColor": "fff7f7ff", "borderColor": "d91515ff" } } }, "favicon": { "enabledTypes": [ "ICO", "SVG" ] }, "form": { "backgroundImage": { "enabled": false }, "borderRadius": 8.0, "darkMode": { "backgroundColor": "0f1b2aff", "borderColor": "424650ff" }, "lightMode": { "backgroundColor": "ffffffff", "borderColor": "c6c6cdff" }, "logo": { "enabled": false, "formInclusion": "IN", "location": "CENTER", "position": "TOP" } }, "idpButton": { "custom": { }, "standard": { "darkMode": { "active": { "backgroundColor": "354150ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" }, "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "c6c6cdff", "textColor": "c6c6cdff" }, "hover": { "backgroundColor": "192534ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" } }, "lightMode": { "active": { "backgroundColor": "d3e7f9ff", "borderColor": "033160ff", "textColor": "033160ff" }, "defaults": { "backgroundColor": "ffffffff", "borderColor": "424650ff", "textColor": "424650ff" }, "hover": { "backgroundColor": "f2f8fdff", "borderColor": "033160ff", "textColor": "033160ff" } } } }, "pageBackground": { "darkMode": { "color": "0f1b2aff" }, "image": { "enabled": true }, "lightMode": { "color": "ffffffff" } }, "pageFooter": { "backgroundImage": { "enabled": false }, "darkMode": { "background": { "color": "0f141aff" }, "borderColor": "424650ff" }, "lightMode": { "background": { "color": "fafafaff" }, "borderColor": "d5dbdbff" }, "logo": { "enabled": false, "location": "START" } }, "pageHeader": { "backgroundImage": { "enabled": false }, "darkMode": { "background": { "color": "0f141aff" }, "borderColor": "424650ff" }, "lightMode": { "background": { "color": "fafafaff" }, "borderColor": "d5dbdbff" }, "logo": { "enabled": false, "location": "START" } }, "pageText": { "darkMode": { "bodyColor": "b6bec9ff", "descriptionColor": "b6bec9ff", "headingColor": "d1d5dbff" }, "lightMode": { "bodyColor": "414d5cff", "descriptionColor": "414d5cff", "headingColor": "000716ff" } }, "phoneNumberSelector": { "displayType": "TEXT" }, "primaryButton": { "darkMode": { "active": { "backgroundColor": "539fe5ff", "textColor": "000716ff" }, "defaults": { "backgroundColor": "539fe5ff", "textColor": "000716ff" }, "disabled": { "backgroundColor": "ffffffff", "borderColor": "ffffffff" }, "hover": { "backgroundColor": "89bdeeff", "textColor": "000716ff" } }, "lightMode": { "active": { "backgroundColor": "033160ff", "textColor": "ffffffff" }, "defaults": { "backgroundColor": "0972d3ff", "textColor": "ffffffff" }, "disabled": { "backgroundColor": "ffffffff", "borderColor": "ffffffff" }, "hover": { "backgroundColor": "033160ff", "textColor": "ffffffff" } } }, "secondaryButton": { "darkMode": { "active": { "backgroundColor": "354150ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" }, "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "539fe5ff", "textColor": "539fe5ff" }, "hover": { "backgroundColor": "192534ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" } }, "lightMode": { "active": { "backgroundColor": "d3e7f9ff", "borderColor": "033160ff", "textColor": "033160ff" }, "defaults": { "backgroundColor": "ffffffff", "borderColor": "0972d3ff", "textColor": "0972d3ff" }, "hover": { "backgroundColor": "f2f8fdff", "borderColor": "033160ff", "textColor": "033160ff" } } } } }, "UseCognitoProvidedValues": false, "UserPoolId": "ca-central-1_EXAMPLE" } ``` 輸出: ``` { "ManagedLoginBranding": { "Assets": [ { "Bytes": "PHN2ZyB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiB2aWV3Qm94PSIwIDAgMjAwMDAgNDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8ZyBjbGlwLXBhdGg9InVybCgjY2xpcDBfMTcyNTlfMjM2Njc0KSI+CjxyZWN0IHdpZHRoPSIyMDAwMCIgaGVpZ2h0PSI0MDAiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQpIi8+CjxwYXRoIGQ9Ik0wIDBIMjAwMDBWNDAwSDBWMFoiIGZpbGw9IiMxMjIwMzciIGZpbGwtb3BhY2l0eT0iMC41Ii8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQiIHgxPSItODk0LjI0OSIgeTE9IjE5OS45MzEiIHgyPSIxODAzNC41IiB5Mj0iLTU4OTkuNTciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0JGODBGRiIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNGRjhGQUIiLz4KPC9saW5lYXJHcmFkaWVudD4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xNzI1OV8yMzY2NzQiPgo8cmVjdCB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo=", "Category": "PAGE_FOOTER_BACKGROUND", "ColorMode": "DARK", "Extension": "SVG" } ], "CreationDate": 1732138490.642, "LastModifiedDate": 1732140420.301, "ManagedLoginBrandingId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "Settings": { "categories": { "auth": { "authMethodOrder": [ [ { "display": "BUTTON", "type": "FEDERATED" }, { "display": "INPUT", "type": "USERNAME_PASSWORD" } ] ], "federation": { "interfaceStyle": "BUTTON_LIST", "order": [ ] } }, "form": { "displayGraphics": true, "instructions": { "enabled": false }, "languageSelector": { "enabled": false }, "location": { "horizontal": "CENTER", "vertical": "CENTER" }, "sessionTimerDisplay": "NONE" }, "global": { "colorSchemeMode": "LIGHT", "pageFooter": { "enabled": false }, "pageHeader": { "enabled": false }, "spacingDensity": "REGULAR" }, "signUp": { "acceptanceElements": [ { "enforcement": "NONE", "textKey": "en" } ] } }, "componentClasses": { "buttons": { "borderRadius": 8.0 }, "divider": { "darkMode": { "borderColor": "232b37ff" }, "lightMode": { "borderColor": "ebebf0ff" } }, "dropDown": { "borderRadius": 8.0, "darkMode": { "defaults": { "itemBackgroundColor": "192534ff" }, "hover": { "itemBackgroundColor": "081120ff", "itemBorderColor": "5f6b7aff", "itemTextColor": "e9ebedff" }, "match": { "itemBackgroundColor": "d1d5dbff", "itemTextColor": "89bdeeff" } }, "lightMode": { "defaults": { "itemBackgroundColor": "ffffffff" }, "hover": { "itemBackgroundColor": "f4f4f4ff", "itemBorderColor": "7d8998ff", "itemTextColor": "000716ff" }, "match": { "itemBackgroundColor": "414d5cff", "itemTextColor": "0972d3ff" } } }, "focusState": { "darkMode": { "borderColor": "539fe5ff" }, "lightMode": { "borderColor": "0972d3ff" } }, "idpButtons": { "icons": { "enabled": true } }, "input": { "borderRadius": 8.0, "darkMode": { "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "5f6b7aff" }, "placeholderColor": "8d99a8ff" }, "lightMode": { "defaults": { "backgroundColor": "ffffffff", "borderColor": "7d8998ff" }, "placeholderColor": "5f6b7aff" } }, "inputDescription": { "darkMode": { "textColor": "8d99a8ff" }, "lightMode": { "textColor": "5f6b7aff" } }, "inputLabel": { "darkMode": { "textColor": "d1d5dbff" }, "lightMode": { "textColor": "000716ff" } }, "link": { "darkMode": { "defaults": { "textColor": "539fe5ff" }, "hover": { "textColor": "89bdeeff" } }, "lightMode": { "defaults": { "textColor": "0972d3ff" }, "hover": { "textColor": "033160ff" } } }, "optionControls": { "darkMode": { "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "7d8998ff" }, "selected": { "backgroundColor": "539fe5ff", "foregroundColor": "000716ff" } }, "lightMode": { "defaults": { "backgroundColor": "ffffffff", "borderColor": "7d8998ff" }, "selected": { "backgroundColor": "0972d3ff", "foregroundColor": "ffffffff" } } }, "statusIndicator": { "darkMode": { "error": { "backgroundColor": "1a0000ff", "borderColor": "eb6f6fff", "indicatorColor": "eb6f6fff" }, "pending": { "indicatorColor": "AAAAAAAA" }, "success": { "backgroundColor": "001a02ff", "borderColor": "29ad32ff", "indicatorColor": "29ad32ff" }, "warning": { "backgroundColor": "1d1906ff", "borderColor": "e0ca57ff", "indicatorColor": "e0ca57ff" } }, "lightMode": { "error": { "backgroundColor": "fff7f7ff", "borderColor": "d91515ff", "indicatorColor": "d91515ff" }, "pending": { "indicatorColor": "AAAAAAAA" }, "success": { "backgroundColor": "f2fcf3ff", "borderColor": "037f0cff", "indicatorColor": "037f0cff" }, "warning": { "backgroundColor": "fffce9ff", "borderColor": "8d6605ff", "indicatorColor": "8d6605ff" } } } }, "components": { "alert": { "borderRadius": 12.0, "darkMode": { "error": { "backgroundColor": "1a0000ff", "borderColor": "eb6f6fff" } }, "lightMode": { "error": { "backgroundColor": "fff7f7ff", "borderColor": "d91515ff" } } }, "favicon": { "enabledTypes": [ "ICO", "SVG" ] }, "form": { "backgroundImage": { "enabled": false }, "borderRadius": 8.0, "darkMode": { "backgroundColor": "0f1b2aff", "borderColor": "424650ff" }, "lightMode": { "backgroundColor": "ffffffff", "borderColor": "c6c6cdff" }, "logo": { "enabled": false, "formInclusion": "IN", "location": "CENTER", "position": "TOP" } }, "idpButton": { "custom": { }, "standard": { "darkMode": { "active": { "backgroundColor": "354150ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" }, "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "c6c6cdff", "textColor": "c6c6cdff" }, "hover": { "backgroundColor": "192534ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" } }, "lightMode": { "active": { "backgroundColor": "d3e7f9ff", "borderColor": "033160ff", "textColor": "033160ff" }, "defaults": { "backgroundColor": "ffffffff", "borderColor": "424650ff", "textColor": "424650ff" }, "hover": { "backgroundColor": "f2f8fdff", "borderColor": "033160ff", "textColor": "033160ff" } } } }, "pageBackground": { "darkMode": { "color": "0f1b2aff" }, "image": { "enabled": true }, "lightMode": { "color": "ffffffff" } }, "pageFooter": { "backgroundImage": { "enabled": false }, "darkMode": { "background": { "color": "0f141aff" }, "borderColor": "424650ff" }, "lightMode": { "background": { "color": "fafafaff" }, "borderColor": "d5dbdbff" }, "logo": { "enabled": false, "location": "START" } }, "pageHeader": { "backgroundImage": { "enabled": false }, "darkMode": { "background": { "color": "0f141aff" }, "borderColor": "424650ff" }, "lightMode": { "background": { "color": "fafafaff" }, "borderColor": "d5dbdbff" }, "logo": { "enabled": false, "location": "START" } }, "pageText": { "darkMode": { "bodyColor": "b6bec9ff", "descriptionColor": "b6bec9ff", "headingColor": "d1d5dbff" }, "lightMode": { "bodyColor": "414d5cff", "descriptionColor": "414d5cff", "headingColor": "000716ff" } }, "phoneNumberSelector": { "displayType": "TEXT" }, "primaryButton": { "darkMode": { "active": { "backgroundColor": "539fe5ff", "textColor": "000716ff" }, "defaults": { "backgroundColor": "539fe5ff", "textColor": "000716ff" }, "disabled": { "backgroundColor": "ffffffff", "borderColor": "ffffffff" }, "hover": { "backgroundColor": "89bdeeff", "textColor": "000716ff" } }, "lightMode": { "active": { "backgroundColor": "033160ff", "textColor": "ffffffff" }, "defaults": { "backgroundColor": "0972d3ff", "textColor": "ffffffff" }, "disabled": { "backgroundColor": "ffffffff", "borderColor": "ffffffff" }, "hover": { "backgroundColor": "033160ff", "textColor": "ffffffff" } } }, "secondaryButton": { "darkMode": { "active": { "backgroundColor": "354150ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" }, "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "539fe5ff", "textColor": "539fe5ff" }, "hover": { "backgroundColor": "192534ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" } }, "lightMode": { "active": { "backgroundColor": "d3e7f9ff", "borderColor": "033160ff", "textColor": "033160ff" }, "defaults": { "backgroundColor": "ffffffff", "borderColor": "0972d3ff", "textColor": "0972d3ff" }, "hover": { "backgroundColor": "f2f8fdff", "borderColor": "033160ff", "textColor": "033160ff" } } } } }, "UseCognitoProvidedValues": false, "UserPoolId": "ca-central-1_EXAMPLE" } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[將品牌套用至受管登入頁面](https://docs.aws.amazon.com/cognito/latest/developerguide/managed-login-branding.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateManagedLoginBranding](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-managed-login-branding.html)。 ### `update-resource-server` 以下程式碼範例顯示如何使用 `update-resource-server`。 **AWS CLI** **更新資源伺服器** 此範例會更新資源伺服器 Weather。此範例會新增範圍。 命令: ``` aws cognito-idp update-resource-server --user-pool-id us-west-2_aaaaaaaaa --identifier weather.example.com --name Weather --scopes ScopeName=NewScope,ScopeDescription="New scope description" ``` 輸出: ``` { "ResourceServer": { "UserPoolId": "us-west-2_aaaaaaaaa", "Identifier": "weather.example.com", "Name": "Happy", "Scopes": [ { "ScopeName": "NewScope", "ScopeDescription": "New scope description" } ] } } ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateResourceServer](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-resource-server.html)。 ### `update-user-attributes` 以下程式碼範例顯示如何使用 `update-user-attributes`。 **AWS CLI** **更新使用者屬性** 此範例會更新使用者屬性 "nickname"。 命令: ``` aws cognito-idp update-user-attributes --access-token ACCESS_TOKEN --user-attributes Name="nickname",Value="Dan" ``` + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateUserAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-attributes.html)。 ### `update-user-pool-client` 以下程式碼範例顯示如何使用 `update-user-pool-client`。 **AWS CLI** **更新應用程式用戶端** 以下 `update-user-pool-client` 範例更新請求的應用程式用戶端組態。 ``` aws cognito-idp update-user-pool-client \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --client-name my-test-app \ --refresh-token-validity 30 \ --access-token-validity 60 \ --id-token-validity 60 \ --token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \ --read-attributes "address" "birthdate" "email" "email_verified" "family_name" "gender" "locale" "middle_name" "name" "nickname" "phone_number" "phone_number_verified" "picture" "preferred_username" "profile" "updated_at" "website" "zoneinfo" \ --write-attributes "address" "birthdate" "email" "family_name" "gender" "locale" "middle_name" "name" "nickname" "phone_number" "picture" "preferred_username" "profile" "updated_at" "website" "zoneinfo" \ --explicit-auth-flows "ALLOW_ADMIN_USER_PASSWORD_AUTH" "ALLOW_CUSTOM_AUTH" "ALLOW_REFRESH_TOKEN_AUTH" "ALLOW_USER_PASSWORD_AUTH" "ALLOW_USER_SRP_AUTH" \ --supported-identity-providers "MySAML" "COGNITO" "Google" \ --callback-urls "https://www.example.com" "https://app2.example.com" \ --logout-urls "https://auth.example.com/login?client_id=1example23456789&response_type=code&redirect_uri=https%3A%2F%2Fwww.example.com" "https://example.com/logout" \ --default-redirect-uri "https://www.example.com" \ --allowed-o-auth-flows "code" "implicit" \ --allowed-o-auth-scopes "openid" "profile" "aws.cognito.signin.user.admin" \ --allowed-o-auth-flows-user-pool-client \ --prevent-user-existence-errors ENABLED \ --enable-token-revocation \ --no-enable-propagate-additional-user-context-data \ --auth-session-validity 3 ``` 輸出: ``` { "UserPoolClient": { "UserPoolId": "us-west-2_EXAMPLE", "ClientName": "my-test-app", "ClientId": "1example23456789", "LastModifiedDate": "2025-01-31T14:40:12.498000-08:00", "CreationDate": "2023-09-13T16:26:34.408000-07:00", "RefreshTokenValidity": 30, "AccessTokenValidity": 60, "IdTokenValidity": 60, "TokenValidityUnits": { "AccessToken": "minutes", "IdToken": "minutes", "RefreshToken": "days" }, "ReadAttributes": [ "website", "zoneinfo", "address", "birthdate", "email_verified", "gender", "profile", "phone_number_verified", "preferred_username", "locale", "middle_name", "picture", "updated_at", "name", "nickname", "phone_number", "family_name", "email" ], "WriteAttributes": [ "website", "zoneinfo", "address", "birthdate", "gender", "profile", "preferred_username", "locale", "middle_name", "picture", "updated_at", "name", "nickname", "phone_number", "family_name", "email" ], "ExplicitAuthFlows": [ "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ], "SupportedIdentityProviders": [ "Google", "COGNITO", "MySAML" ], "CallbackURLs": [ "https://www.example.com", "https://app2.example.com" ], "LogoutURLs": [ "https://example.com/logout", "https://auth.example.com/login?client_id=1example23456789&response_type=code&redirect_uri=https%3A%2F%2Fwww.example.com" ], "DefaultRedirectURI": "https://www.example.com", "AllowedOAuthFlows": [ "implicit", "code" ], "AllowedOAuthScopes": [ "aws.cognito.signin.user.admin", "openid", "profile" ], "AllowedOAuthFlowsUserPoolClient": true, "PreventUserExistenceErrors": "ENABLED", "EnableTokenRevocation": true, "EnablePropagateAdditionalUserContextData": false, "AuthSessionValidity": 3 } } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[使用應用程式用戶端的特定應用程式設定](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-pool-client.html)。 ### `update-user-pool-domain` 以下程式碼範例顯示如何使用 `update-user-pool-domain`。 **AWS CLI** **更新自訂網域** 下列 `update-user-pool-domain` 範例設定請求的使用者集區之自訂網域的品牌版本和憑證。 ``` aws cognito-idp update-user-pool-domain \ --user-pool-id ca-central-1_EXAMPLE \ --domain auth.example.com \ --managed-login-version 2 \ --custom-domain-config CertificateArn=arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 ``` 輸出: ``` { "CloudFrontDomain": "example.cloudfront.net", "ManagedLoginVersion": 2 } ``` 如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[受管登入](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html)和[設定網域](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateUserPoolDomain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-pool-domain.html)。 ### `update-user-pool` 以下程式碼範例顯示如何使用 `update-user-pool`。 **AWS CLI** **更新使用者集區** 下列 `update-user-pool` 範例使用每個可用組態選項的範例語法,來修改使用者集區。若要更新使用者集區,您必須指定所有先前設定的選項,否則這些選項會重設為預設值。 ``` aws cognito-idp update-user-pool --user-pool-id us-west-2_EXAMPLE \ --policies PasswordPolicy=\{MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7\} \ --deletion-protection ACTIVE \ --lambda-config PreSignUp="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-presignup-function",PreTokenGeneration="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-pretoken-function" \ --auto-verified-attributes "phone_number" "email" \ --verification-message-template \{\"SmsMessage\":\""Your code is {####}"\",\"EmailMessage\":\""Your code is {####}"\",\"EmailSubject\":\""Your verification code"\",\"EmailMessageByLink\":\""Click {##here##} to verify your email address."\",\"EmailSubjectByLink\":\""Your verification link"\",\"DefaultEmailOption\":\"CONFIRM_WITH_LINK\"\} \ --sms-authentication-message "Your code is {####}" \ --user-attribute-update-settings AttributesRequireVerificationBeforeUpdate="email","phone_number" \ --mfa-configuration "OPTIONAL" \ --device-configuration ChallengeRequiredOnNewDevice=true,DeviceOnlyRememberedOnUserPrompt=true \ --email-configuration SourceArn="arn:aws:ses:us-west-2:123456789012:identity/admin@example.com",ReplyToEmailAddress="amdin+noreply@example.com",EmailSendingAccount=DEVELOPER,From="admin@amazon.com",ConfigurationSet="test-configuration-set" \ --sms-configuration SnsCallerArn="arn:aws:iam::123456789012:role/service-role/SNS-SMS-Role",ExternalId="12345",SnsRegion="us-west-2" \ --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ --user-pool-tags "Function"="MyMobileGame","Developers"="Berlin" \ --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ --user-pool-add-ons AdvancedSecurityMode="AUDIT" \ --account-recovery-setting RecoveryMechanisms=\[\{Priority=1,Name="verified_email"\},\{Priority=2,Name="verified_phone_number"\}\] ``` 此命令不會產生輸出。 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[更新使用者集區組態](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-updating.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-pool.html)。 ### `verify-software-token` 以下程式碼範例顯示如何使用 `verify-software-token`。 **AWS CLI** **確認註冊 TOTP 驗證器** 下列 `verify-software-token` 範例會完成目前使用者的 TOTP 註冊。 ``` aws cognito-idp verify-software-token \ --access-token eyJra456defEXAMPLE \ --user-code 123456 ``` 輸出: ``` { "Status": "SUCCESS" } ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[將 MFA 新增到使用者集區](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 + 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [VerifySoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/verify-software-token.html)。 ### `verify-user-attribute` 以下程式碼範例顯示如何使用 `verify-user-attribute`。 **AWS CLI** **驗證屬性變更** 下列 `verify-user-attribute` 範例會驗證目前使用者的電子郵件屬性的變更。 ``` aws cognito-idp verify-user-attribute \ --access-token eyJra456defEXAMPLE \ --attribute-name email \ --code 123456 ``` 如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》**中的[設定電子郵件或電話驗證](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html)。 + 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [VerifyUserAttribute](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/verify-user-attribute.html)。