Struct aws_sdk_cognitoidentityprovider::client::Client
source · pub struct Client { /* private fields */ }
Expand description
Client for Amazon Cognito Identity Provider
Client for invoking operations on Amazon Cognito Identity Provider. Each operation on Amazon Cognito Identity Provider is a method on this
this struct. .send()
MUST be invoked on the generated operations to dispatch the request to the service.
§Constructing a Client
A Config
is required to construct a client. For most use cases, the aws-config
crate should be used to automatically resolve this config using
aws_config::load_from_env()
, since this will resolve an SdkConfig
which can be shared
across multiple different AWS SDK clients. This config resolution process can be customized
by calling aws_config::from_env()
instead, which returns a ConfigLoader
that uses
the builder pattern to customize the default config.
In the simplest case, creating a client looks as follows:
let config = aws_config::load_from_env().await;
let client = aws_sdk_cognitoidentityprovider::Client::new(&config);
Occasionally, SDKs may have additional service-specific values that can be set on the Config
that
is absent from SdkConfig
, or slightly different settings for a specific client may be desired.
The Config
struct implements From<&SdkConfig>
, so setting these specific settings can be
done as follows:
let sdk_config = ::aws_config::load_from_env().await;
let config = aws_sdk_cognitoidentityprovider::config::Builder::from(&sdk_config)
.some_service_specific_setting("value")
.build();
See the aws-config
docs and Config
for more information on customizing configuration.
Note: Client construction is expensive due to connection thread pool initialization, and should be done once at application start-up.
§Using the Client
A client has a function for every operation that can be performed by the service.
For example, the AddCustomAttributes
operation has
a Client::add_custom_attributes
, function which returns a builder for that operation.
The fluent builder ultimately has a send()
function that returns an async future that
returns a result, as illustrated below:
let result = client.add_custom_attributes()
.user_pool_id("example")
.send()
.await;
The underlying HTTP requests that get made by this can be modified with the customize_operation
function on the fluent builder. See the customize
module for more
information.
Implementations§
source§impl Client
impl Client
sourcepub fn add_custom_attributes(&self) -> AddCustomAttributesFluentBuilder
pub fn add_custom_attributes(&self) -> AddCustomAttributesFluentBuilder
Constructs a fluent builder for the AddCustomAttributes
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to add custom attributes.
custom_attributes(SchemaAttributeType)
/set_custom_attributes(Option<Vec::<SchemaAttributeType>>)
:
required: trueAn array of custom attributes, such as Mutable and Name.
- On success, responds with
AddCustomAttributesOutput
- On failure, responds with
SdkError<AddCustomAttributesError>
source§impl Client
impl Client
sourcepub fn admin_add_user_to_group(&self) -> AdminAddUserToGroupFluentBuilder
pub fn admin_add_user_to_group(&self) -> AdminAddUserToGroupFluentBuilder
Constructs a fluent builder for the AdminAddUserToGroup
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.group_name(impl Into<String>)
/set_group_name(Option<String>)
:
required: trueThe name of the group that you want to add your user to.
- On success, responds with
AdminAddUserToGroupOutput
- On failure, responds with
SdkError<AdminAddUserToGroupError>
source§impl Client
impl Client
sourcepub fn admin_confirm_sign_up(&self) -> AdminConfirmSignUpFluentBuilder
pub fn admin_confirm_sign_up(&self) -> AdminConfirmSignUpFluentBuilder
Constructs a fluent builder for the AdminConfirmSignUp
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for which you want to confirm user registration.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
If your user pool configuration includes triggers, the AdminConfirmSignUp API action invokes the Lambda function that is specified for the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. In this payload, the
clientMetadata
attribute provides the data that you assigned to the ClientMetadata parameter in your AdminConfirmSignUp request. In your function code in Lambda, you can process the ClientMetadata value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
AdminConfirmSignUpOutput
- On failure, responds with
SdkError<AdminConfirmSignUpError>
source§impl Client
impl Client
sourcepub fn admin_create_user(&self) -> AdminCreateUserFluentBuilder
pub fn admin_create_user(&self) -> AdminCreateUserFluentBuilder
Constructs a fluent builder for the AdminCreateUser
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where the user will be created.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter.
-
The username can’t be a duplicate of another username in the same user pool.
-
You can’t change the value of a username after you create it.
-
You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see Customizing sign-in attributes.
-
user_attributes(AttributeType)
/set_user_attributes(Option<Vec::<AttributeType>>)
:
required: falseAn array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than
Username
. However, any attributes that you specify as required (when creating a user pool or in the Attributes tab of the console) either you should supply (in your call toAdminCreateUser
) or the user should supply (when they sign up in response to your welcome message).For custom attributes, you must prepend the
custom:
prefix to the attribute name.To send a message inviting the user to sign up, you must specify the user’s email address or phone number. You can do this in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.
In your call to
AdminCreateUser
, you can set theemail_verified
attribute toTrue
, and you can set thephone_number_verified
attribute toTrue
. You can also do this by calling AdminUpdateUserAttributes.-
email: The email address of the user to whom the message that contains the code and username will be sent. Required if the
email_verified
attribute is set toTrue
, or if“EMAIL”
is specified in theDesiredDeliveryMediums
parameter. -
phone_number: The phone number of the user to whom the message that contains the code and username will be sent. Required if the
phone_number_verified
attribute is set toTrue
, or if“SMS”
is specified in theDesiredDeliveryMediums
parameter.
-
validation_data(AttributeType)
/set_validation_data(Option<Vec::<AttributeType>>)
:
required: falseTemporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don’t need to retain.
Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.
For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.
temporary_password(impl Into<String>)
/set_temporary_password(Option<String>)
:
required: falseThe user’s temporary password. This password must conform to the password policy that you specified when you created the user pool.
The temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary password in the sign-in page, along with a new password to be used in all future sign-ins.
This parameter isn’t required. If you don’t specify a value, Amazon Cognito generates one for you.
The temporary password can only be used until the user account expiration limit that you set for your user pool. To reset the account after that time limit, you must call
AdminCreateUser
again and specifyRESEND
for theMessageAction
parameter.force_alias_creation(bool)
/set_force_alias_creation(Option<bool>)
:
required: falseThis parameter is used only if the
phone_number_verified
oremail_verified
attribute is set toTrue
. Otherwise, it is ignored.If this parameter is set to
True
and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias.If this parameter is set to
False
, the API throws anAliasExistsException
error if the alias already exists. The default value isFalse
.message_action(MessageActionType)
/set_message_action(Option<MessageActionType>)
:
required: falseSet to
RESEND
to resend the invitation message to a user that already exists and reset the expiration limit on the user’s account. Set toSUPPRESS
to suppress sending the message. You can specify only one value.desired_delivery_mediums(DeliveryMediumType)
/set_desired_delivery_mediums(Option<Vec::<DeliveryMediumType>>)
:
required: falseSpecify
“EMAIL”
if email will be used to send the welcome message. Specify“SMS”
if the phone number will be used. The default value is“SMS”
. You can specify more than one value.client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the pre sign-up trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
AdminCreateUserOutput
with field(s):user(Option<UserType>)
:The newly created user.
- On failure, responds with
SdkError<AdminCreateUserError>
source§impl Client
impl Client
sourcepub fn admin_delete_user(&self) -> AdminDeleteUserFluentBuilder
pub fn admin_delete_user(&self) -> AdminDeleteUserFluentBuilder
Constructs a fluent builder for the AdminDeleteUser
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to delete the user.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.
- On success, responds with
AdminDeleteUserOutput
- On failure, responds with
SdkError<AdminDeleteUserError>
source§impl Client
impl Client
sourcepub fn admin_delete_user_attributes(
&self
) -> AdminDeleteUserAttributesFluentBuilder
pub fn admin_delete_user_attributes( &self ) -> AdminDeleteUserAttributesFluentBuilder
Constructs a fluent builder for the AdminDeleteUserAttributes
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to delete user attributes.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.user_attribute_names(impl Into<String>)
/set_user_attribute_names(Option<Vec::<String>>)
:
required: trueAn array of strings representing the user attribute names you want to delete.
For custom attributes, you must prepend the
custom:
prefix to the attribute name.
- On success, responds with
AdminDeleteUserAttributesOutput
- On failure, responds with
SdkError<AdminDeleteUserAttributesError>
source§impl Client
impl Client
sourcepub fn admin_disable_provider_for_user(
&self
) -> AdminDisableProviderForUserFluentBuilder
pub fn admin_disable_provider_for_user( &self ) -> AdminDisableProviderForUserFluentBuilder
Constructs a fluent builder for the AdminDisableProviderForUser
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
user(ProviderUserIdentifierType)
/set_user(Option<ProviderUserIdentifierType>)
:
required: trueThe user to be disabled.
- On success, responds with
AdminDisableProviderForUserOutput
- On failure, responds with
SdkError<AdminDisableProviderForUserError>
source§impl Client
impl Client
sourcepub fn admin_disable_user(&self) -> AdminDisableUserFluentBuilder
pub fn admin_disable_user(&self) -> AdminDisableUserFluentBuilder
Constructs a fluent builder for the AdminDisableUser
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to disable the user.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.
- On success, responds with
AdminDisableUserOutput
- On failure, responds with
SdkError<AdminDisableUserError>
source§impl Client
impl Client
sourcepub fn admin_enable_user(&self) -> AdminEnableUserFluentBuilder
pub fn admin_enable_user(&self) -> AdminEnableUserFluentBuilder
Constructs a fluent builder for the AdminEnableUser
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to enable the user.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.
- On success, responds with
AdminEnableUserOutput
- On failure, responds with
SdkError<AdminEnableUserError>
source§impl Client
impl Client
sourcepub fn admin_forget_device(&self) -> AdminForgetDeviceFluentBuilder
pub fn admin_forget_device(&self) -> AdminForgetDeviceFluentBuilder
Constructs a fluent builder for the AdminForgetDevice
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.device_key(impl Into<String>)
/set_device_key(Option<String>)
:
required: trueThe device key.
- On success, responds with
AdminForgetDeviceOutput
- On failure, responds with
SdkError<AdminForgetDeviceError>
source§impl Client
impl Client
sourcepub fn admin_get_device(&self) -> AdminGetDeviceFluentBuilder
pub fn admin_get_device(&self) -> AdminGetDeviceFluentBuilder
Constructs a fluent builder for the AdminGetDevice
operation.
- The fluent builder is configurable:
device_key(impl Into<String>)
/set_device_key(Option<String>)
:
required: trueThe device key.
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.
- On success, responds with
AdminGetDeviceOutput
with field(s):device(Option<DeviceType>)
:The device.
- On failure, responds with
SdkError<AdminGetDeviceError>
source§impl Client
impl Client
sourcepub fn admin_get_user(&self) -> AdminGetUserFluentBuilder
pub fn admin_get_user(&self) -> AdminGetUserFluentBuilder
Constructs a fluent builder for the AdminGetUser
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to get information about the user.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.
- On success, responds with
AdminGetUserOutput
with field(s):username(String)
:The username of the user that you requested.
user_attributes(Option<Vec::<AttributeType>>)
:An array of name-value pairs representing user attributes.
user_create_date(Option<DateTime>)
:The date the user was created.
user_last_modified_date(Option<DateTime>)
:The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java
Date
object.enabled(bool)
:Indicates that the status is
enabled
.user_status(Option<UserStatusType>)
:The user status. Can be one of the following:
-
UNCONFIRMED - User has been created but not confirmed.
-
CONFIRMED - User has been confirmed.
-
UNKNOWN - User status isn’t known.
-
RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.
-
FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.
-
mfa_options(Option<Vec::<MfaOptionType>>)
:This response parameter is no longer supported. It provides information only about SMS MFA configurations. It doesn’t provide information about time-based one-time password (TOTP) software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.
preferred_mfa_setting(Option<String>)
:The user’s preferred MFA setting.
user_mfa_setting_list(Option<Vec::<String>>)
:The MFA options that are activated for the user. The possible values in this list are
SMS_MFA
andSOFTWARE_TOKEN_MFA
.
- On failure, responds with
SdkError<AdminGetUserError>
source§impl Client
impl Client
sourcepub fn admin_initiate_auth(&self) -> AdminInitiateAuthFluentBuilder
pub fn admin_initiate_auth(&self) -> AdminInitiateAuthFluentBuilder
Constructs a fluent builder for the AdminInitiateAuth
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe ID of the Amazon Cognito user pool.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe app client ID.
auth_flow(AuthFlowType)
/set_auth_flow(Option<AuthFlowType>)
:
required: trueThe authentication flow for this call to run. The API action will depend on this value. For example:
-
REFRESH_TOKEN_AUTH
will take in a valid refresh token and return new tokens. -
USER_SRP_AUTH
will take inUSERNAME
andSRP_A
and return the Secure Remote Password (SRP) protocol variables to be used for next challenge execution. -
ADMIN_USER_PASSWORD_AUTH
will take inUSERNAME
andPASSWORD
and return the next challenge or tokens.
Valid values include:
-
USER_SRP_AUTH
: Authentication flow for the Secure Remote Password (SRP) protocol. -
REFRESH_TOKEN_AUTH
/REFRESH_TOKEN
: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token. -
CUSTOM_AUTH
: Custom authentication flow. -
ADMIN_NO_SRP_AUTH
: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly if the flow is enabled for calling the app client. -
ADMIN_USER_PASSWORD_AUTH
: Admin-based user password authentication. This replaces theADMIN_NO_SRP_AUTH
authentication flow. In this flow, Amazon Cognito receives the password in the request instead of using the SRP process to verify passwords.
-
auth_parameters(impl Into<String>, impl Into<String>)
/set_auth_parameters(Option<HashMap::<String, String>>)
:
required: falseThe authentication parameters. These are inputs corresponding to the
AuthFlow
that you’re invoking. The required values depend on the value ofAuthFlow
:-
For
USER_SRP_AUTH
:USERNAME
(required),SRP_A
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. -
For
ADMIN_USER_PASSWORD_AUTH
:USERNAME
(required),PASSWORD
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. -
For
REFRESH_TOKEN_AUTH/REFRESH_TOKEN
:REFRESH_TOKEN
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. -
For
CUSTOM_AUTH
:USERNAME
(required),SECRET_HASH
(if app client is configured with client secret),DEVICE_KEY
. To start the authentication flow with password verification, includeChallengeName: SRP_A
andSRP_A: (The SRP_A Value)
.
For more information about
SECRET_HASH
, see Computing secret hash values. For information aboutDEVICE_KEY
, see Working with user devices in your user pool.-
client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
-
Pre signup
-
Pre authentication
-
User migration
When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a
validationData
attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process thevalidationData
value to enhance your workflow for your specific needs.When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn’t provide the ClientMetadata value as input:
-
Post authentication
-
Custom message
-
Pre token generation
-
Create auth challenge
-
Define auth challenge
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
analytics_metadata(AnalyticsMetadataType)
/set_analytics_metadata(Option<AnalyticsMetadataType>)
:
required: falseThe analytics metadata for collecting Amazon Pinpoint metrics for
AdminInitiateAuth
calls.context_data(ContextDataType)
/set_context_data(Option<ContextDataType>)
:
required: falseContextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
- On success, responds with
AdminInitiateAuthOutput
with field(s):challenge_name(Option<ChallengeNameType>)
:The name of the challenge that you’re responding to with this call. This is returned in the
AdminInitiateAuth
response if you must pass another challenge.-
MFA_SETUP
: If MFA is required, users who don’t have at least one of the MFA methods set up are presented with anMFA_SETUP
challenge. The user must set up at least one MFA type to continue to authenticate. -
SELECT_MFA_TYPE
: Selects the MFA type. Valid MFA options areSMS_MFA
for text SMS MFA, andSOFTWARE_TOKEN_MFA
for time-based one-time password (TOTP) software token MFA. -
SMS_MFA
: Next challenge is to supply anSMS_MFA_CODE
, delivered via SMS. -
PASSWORD_VERIFIER
: Next challenge is to supplyPASSWORD_CLAIM_SIGNATURE
,PASSWORD_CLAIM_SECRET_BLOCK
, andTIMESTAMP
after the client-side SRP calculations. -
CUSTOM_CHALLENGE
: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. -
DEVICE_SRP_AUTH
: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device. -
DEVICE_PASSWORD_VERIFIER
: Similar toPASSWORD_VERIFIER
, but for devices only. -
ADMIN_NO_SRP_AUTH
: This is returned if you must authenticate withUSERNAME
andPASSWORD
directly. An app client must be enabled to use this flow. -
NEW_PASSWORD_REQUIRED
: For users who are required to change their passwords after successful first login. Respond to this challenge withNEW_PASSWORD
and any required attributes that Amazon Cognito returned in therequiredAttributes
parameter. You can also set values for attributes that aren’t required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.In a
NEW_PASSWORD_REQUIRED
challenge response, you can’t modify a required attribute that already has a value. InAdminRespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in therequiredAttributes
parameter, then use theAdminUpdateUserAttributes
API operation to modify the value of any additional attributes. -
MFA_SETUP
: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parametersMFAS_CAN_SETUP
value.To set up software token MFA, use the session returned here from
InitiateAuth
as an input toAssociateSoftwareToken
, and use the session returned byVerifySoftwareToken
as an input toRespondToAuthChallenge
with challenge nameMFA_SETUP
to complete sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their account and then callInitiateAuth
again to restart sign-in.
-
session(Option<String>)
:The session that should be passed both ways in challenge-response calls to the service. If
AdminInitiateAuth
orAdminRespondToAuthChallenge
API call determines that the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the nextAdminRespondToAuthChallenge
API call.challenge_parameters(Option<HashMap::<String, String>>)
:The challenge parameters. These are returned to you in the
AdminInitiateAuth
response if you must pass another challenge. The responses in this parameter should be used to compute inputs to the next call (AdminRespondToAuthChallenge
).All challenges require
USERNAME
andSECRET_HASH
(if applicable).The value of the
USER_ID_FOR_SRP
attribute is the user’s actual username, not an alias (such as email address or phone number), even if you specified an alias in your call toAdminInitiateAuth
. This happens because, in theAdminRespondToAuthChallenge
APIChallengeResponses
, theUSERNAME
attribute can’t be an alias.authentication_result(Option<AuthenticationResultType>)
:The result of the authentication response. This is only returned if the caller doesn’t need to pass another challenge. If the caller does need to pass another challenge before it gets tokens,
ChallengeName
,ChallengeParameters
, andSession
are returned.
- On failure, responds with
SdkError<AdminInitiateAuthError>
source§impl Client
impl Client
sourcepub fn admin_link_provider_for_user(
&self
) -> AdminLinkProviderForUserFluentBuilder
pub fn admin_link_provider_for_user( &self ) -> AdminLinkProviderForUserFluentBuilder
Constructs a fluent builder for the AdminLinkProviderForUser
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
destination_user(ProviderUserIdentifierType)
/set_destination_user(Option<ProviderUserIdentifierType>)
:
required: trueThe existing user in the user pool that you want to assign to the external IdP user account. This user can be a local (Username + Password) Amazon Cognito user pools user or a federated user (for example, a SAML or Facebook user). If the user doesn’t exist, Amazon Cognito generates an exception. Amazon Cognito returns this user when the new user (with the linked IdP attribute) signs in.
For a native username + password user, the
ProviderAttributeValue
for theDestinationUser
should be the username in the user pool. For a federated user, it should be the provider-specificuser_id
.The
ProviderAttributeName
of theDestinationUser
is ignored.The
ProviderName
should be set toCognito
for users in Cognito user pools.All attributes in the DestinationUser profile must be mutable. If you have assigned the user any immutable custom attributes, the operation won’t succeed.
source_user(ProviderUserIdentifierType)
/set_source_user(Option<ProviderUserIdentifierType>)
:
required: trueAn external IdP account for a user who doesn’t exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the
SourceUser
is using a federated social IdP, such as Facebook, Google, or Login with Amazon, you must set theProviderAttributeName
toCognito_Subject
. For social IdPs, theProviderName
will beFacebook
,Google
, orLoginWithAmazon
, and Amazon Cognito will automatically parse the Facebook, Google, and Login with Amazon tokens forid
,sub
, anduser_id
, respectively. TheProviderAttributeValue
for the user must be the same value as theid
,sub
, oruser_id
value found in the social IdP token.For OIDC, the
ProviderAttributeName
can be any value that matches a claim in the ID token, or that your app retrieves from theuserInfo
endpoint. You must map the claim to a user pool attribute in your IdP configuration, and set the user pool attribute name as the value ofProviderAttributeName
in yourAdminLinkProviderForUser
request.For SAML, the
ProviderAttributeName
can be any value that matches a claim in the SAML assertion. To link SAML users based on the subject of the SAML assertion, map the subject to a claim through the SAML IdP and set that claim name as the value ofProviderAttributeName
in yourAdminLinkProviderForUser
request.For both OIDC and SAML users, when you set
ProviderAttributeName
toCognito_Subject
, Amazon Cognito will automatically parse the default unique identifier found in the subject from the IdP token.
- On success, responds with
AdminLinkProviderForUserOutput
- On failure, responds with
SdkError<AdminLinkProviderForUserError>
source§impl Client
impl Client
sourcepub fn admin_list_devices(&self) -> AdminListDevicesFluentBuilder
pub fn admin_list_devices(&self) -> AdminListDevicesFluentBuilder
Constructs a fluent builder for the AdminListDevices
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.limit(i32)
/set_limit(Option<i32>)
:
required: falseThe limit of the devices request.
pagination_token(impl Into<String>)
/set_pagination_token(Option<String>)
:
required: falseThis API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
- On success, responds with
AdminListDevicesOutput
with field(s):devices(Option<Vec::<DeviceType>>)
:The devices in the list of devices response.
pagination_token(Option<String>)
:The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
- On failure, responds with
SdkError<AdminListDevicesError>
source§impl Client
impl Client
sourcepub fn admin_list_groups_for_user(&self) -> AdminListGroupsForUserFluentBuilder
pub fn admin_list_groups_for_user(&self) -> AdminListGroupsForUserFluentBuilder
Constructs a fluent builder for the AdminListGroupsForUser
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
limit(i32)
/set_limit(Option<i32>)
:
required: falseThe limit of the request to list groups.
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseAn identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
- On success, responds with
AdminListGroupsForUserOutput
with field(s):groups(Option<Vec::<GroupType>>)
:The groups that the user belongs to.
next_token(Option<String>)
:An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
- On failure, responds with
SdkError<AdminListGroupsForUserError>
source§impl Client
impl Client
sourcepub fn admin_list_user_auth_events(
&self
) -> AdminListUserAuthEventsFluentBuilder
pub fn admin_list_user_auth_events( &self ) -> AdminListUserAuthEventsFluentBuilder
Constructs a fluent builder for the AdminListUserAuthEvents
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.max_results(i32)
/set_max_results(Option<i32>)
:
required: falseThe maximum number of authentication events to return. Returns 60 events if you set
MaxResults
to 0, or if you don’t include aMaxResults
parameter.next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseA pagination token.
- On success, responds with
AdminListUserAuthEventsOutput
with field(s):auth_events(Option<Vec::<AuthEventType>>)
:The response object. It includes the
EventID
,EventType
,CreationDate
,EventRisk
, andEventResponse
.next_token(Option<String>)
:A pagination token.
- On failure, responds with
SdkError<AdminListUserAuthEventsError>
source§impl Client
impl Client
sourcepub fn admin_remove_user_from_group(
&self
) -> AdminRemoveUserFromGroupFluentBuilder
pub fn admin_remove_user_from_group( &self ) -> AdminRemoveUserFromGroupFluentBuilder
Constructs a fluent builder for the AdminRemoveUserFromGroup
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.group_name(impl Into<String>)
/set_group_name(Option<String>)
:
required: trueThe group name.
- On success, responds with
AdminRemoveUserFromGroupOutput
- On failure, responds with
SdkError<AdminRemoveUserFromGroupError>
source§impl Client
impl Client
sourcepub fn admin_reset_user_password(&self) -> AdminResetUserPasswordFluentBuilder
pub fn admin_reset_user_password(&self) -> AdminResetUserPasswordFluentBuilder
Constructs a fluent builder for the AdminResetUserPassword
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to reset the user’s password.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminResetUserPassword API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminResetUserPassword request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
AdminResetUserPasswordOutput
- On failure, responds with
SdkError<AdminResetUserPasswordError>
source§impl Client
impl Client
sourcepub fn admin_respond_to_auth_challenge(
&self
) -> AdminRespondToAuthChallengeFluentBuilder
pub fn admin_respond_to_auth_challenge( &self ) -> AdminRespondToAuthChallengeFluentBuilder
Constructs a fluent builder for the AdminRespondToAuthChallenge
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe ID of the Amazon Cognito user pool.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe app client ID.
challenge_name(ChallengeNameType)
/set_challenge_name(Option<ChallengeNameType>)
:
required: trueThe challenge name. For more information, see AdminInitiateAuth.
challenge_responses(impl Into<String>, impl Into<String>)
/set_challenge_responses(Option<HashMap::<String, String>>)
:
required: falseThe responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.
You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret.
- SMS_MFA
-
“ChallengeName”: “SMS_MFA”, “ChallengeResponses”: {“SMS_MFA_CODE”: “[SMS_code]”, “USERNAME”: “[username]”}
- PASSWORD_VERIFIER
-
“ChallengeName”: “PASSWORD_VERIFIER”, “ChallengeResponses”: {“PASSWORD_CLAIM_SIGNATURE”: “[claim_signature]”, “PASSWORD_CLAIM_SECRET_BLOCK”: “[secret_block]”, “TIMESTAMP”: [timestamp], “USERNAME”: “[username]”}
Add
“DEVICE_KEY”
when you sign in with a remembered device. - CUSTOM_CHALLENGE
-
“ChallengeName”: “CUSTOM_CHALLENGE”, “ChallengeResponses”: {“USERNAME”: “[username]”, “ANSWER”: “[challenge_answer]”}
Add
“DEVICE_KEY”
when you sign in with a remembered device. - NEW_PASSWORD_REQUIRED
-
“ChallengeName”: “NEW_PASSWORD_REQUIRED”, “ChallengeResponses”: {“NEW_PASSWORD”: “[new_password]”, “USERNAME”: “[username]”}
To set any required attributes that
InitiateAuth
returned in anrequiredAttributes
parameter, add“userAttributes.[attribute_name]”: “[attribute_value]”
. This parameter can also set values for writable attributes that aren’t required by your user pool.In a
NEW_PASSWORD_REQUIRED
challenge response, you can’t modify a required attribute that already has a value. InRespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in therequiredAttributes
parameter, then use theUpdateUserAttributes
API operation to modify the value of any additional attributes. - SOFTWARE_TOKEN_MFA
-
“ChallengeName”: “SOFTWARE_TOKEN_MFA”, “ChallengeResponses”: {“USERNAME”: “[username]”, “SOFTWARE_TOKEN_MFA_CODE”: [authenticator_code]}
- DEVICE_SRP_AUTH
-
“ChallengeName”: “DEVICE_SRP_AUTH”, “ChallengeResponses”: {“USERNAME”: “[username]”, “DEVICE_KEY”: “[device_key]”, “SRP_A”: “[srp_a]”}
- DEVICE_PASSWORD_VERIFIER
-
“ChallengeName”: “DEVICE_PASSWORD_VERIFIER”, “ChallengeResponses”: {“DEVICE_KEY”: “[device_key]”, “PASSWORD_CLAIM_SIGNATURE”: “[claim_signature]”, “PASSWORD_CLAIM_SECRET_BLOCK”: “[secret_block]”, “TIMESTAMP”: [timestamp], “USERNAME”: “[username]”}
- MFA_SETUP
-
“ChallengeName”: “MFA_SETUP”, “ChallengeResponses”: {“USERNAME”: “[username]”}, “SESSION”: “[Session ID from VerifySoftwareToken]”
- SELECT_MFA_TYPE
-
“ChallengeName”: “SELECT_MFA_TYPE”, “ChallengeResponses”: {“USERNAME”: “[username]”, “ANSWER”: “[SMS_MFA or SOFTWARE_TOKEN_MFA]”}
For more information about
SECRET_HASH
, see Computing secret hash values. For information aboutDEVICE_KEY
, see Working with user devices in your user pool.session(impl Into<String>)
/set_session(Option<String>)
:
required: falseThe session that should be passed both ways in challenge-response calls to the service. If an
InitiateAuth
orRespondToAuthChallenge
API call determines that the caller must pass another challenge, it returns a session with other challenge parameters. This session should be passed as it is to the nextRespondToAuthChallenge
API call.analytics_metadata(AnalyticsMetadataType)
/set_analytics_metadata(Option<AnalyticsMetadataType>)
:
required: falseThe analytics metadata for collecting Amazon Pinpoint metrics for
AdminRespondToAuthChallenge
calls.context_data(ContextDataType)
/set_context_data(Option<ContextDataType>)
:
required: falseContextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions that you have assigned to the following triggers:
-
pre sign-up
-
custom message
-
post authentication
-
user migration
-
pre token generation
-
define auth challenge
-
create auth challenge
-
verify auth challenge response
When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute that provides the data that you assigned to the ClientMetadata parameter in your AdminRespondToAuthChallenge request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
AdminRespondToAuthChallengeOutput
with field(s):challenge_name(Option<ChallengeNameType>)
:The name of the challenge. For more information, see AdminInitiateAuth.
session(Option<String>)
:The session that should be passed both ways in challenge-response calls to the service. If the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next
RespondToAuthChallenge
API call.challenge_parameters(Option<HashMap::<String, String>>)
:The challenge parameters. For more information, see AdminInitiateAuth.
authentication_result(Option<AuthenticationResultType>)
:The result returned by the server in response to the authentication request.
- On failure, responds with
SdkError<AdminRespondToAuthChallengeError>
source§impl Client
impl Client
sourcepub fn admin_set_user_mfa_preference(
&self
) -> AdminSetUserMFAPreferenceFluentBuilder
pub fn admin_set_user_mfa_preference( &self ) -> AdminSetUserMFAPreferenceFluentBuilder
Constructs a fluent builder for the AdminSetUserMFAPreference
operation.
- The fluent builder is configurable:
sms_mfa_settings(SmsMfaSettingsType)
/set_sms_mfa_settings(Option<SmsMfaSettingsType>)
:
required: falseThe SMS text message MFA settings.
software_token_mfa_settings(SoftwareTokenMfaSettingsType)
/set_software_token_mfa_settings(Option<SoftwareTokenMfaSettingsType>)
:
required: falseThe time-based one-time password software token MFA settings.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
- On success, responds with
AdminSetUserMfaPreferenceOutput
- On failure, responds with
SdkError<AdminSetUserMFAPreferenceError>
source§impl Client
impl Client
sourcepub fn admin_set_user_password(&self) -> AdminSetUserPasswordFluentBuilder
pub fn admin_set_user_password(&self) -> AdminSetUserPasswordFluentBuilder
Constructs a fluent builder for the AdminSetUserPassword
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to set the user’s password.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.password(impl Into<String>)
/set_password(Option<String>)
:
required: trueThe password for the user.
permanent(bool)
/set_permanent(Option<bool>)
:
required: falseTrue
if the password is permanent,False
if it is temporary.
- On success, responds with
AdminSetUserPasswordOutput
- On failure, responds with
SdkError<AdminSetUserPasswordError>
source§impl Client
impl Client
sourcepub fn admin_set_user_settings(&self) -> AdminSetUserSettingsFluentBuilder
pub fn admin_set_user_settings(&self) -> AdminSetUserSettingsFluentBuilder
Constructs a fluent builder for the AdminSetUserSettings
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe ID of the user pool that contains the user whose options you’re setting.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.mfa_options(MfaOptionType)
/set_mfa_options(Option<Vec::<MfaOptionType>>)
:
required: trueYou can use this parameter only to set an SMS configuration that uses SMS for delivery.
- On success, responds with
AdminSetUserSettingsOutput
- On failure, responds with
SdkError<AdminSetUserSettingsError>
source§impl Client
impl Client
sourcepub fn admin_update_auth_event_feedback(
&self
) -> AdminUpdateAuthEventFeedbackFluentBuilder
pub fn admin_update_auth_event_feedback( &self ) -> AdminUpdateAuthEventFeedbackFluentBuilder
Constructs a fluent builder for the AdminUpdateAuthEventFeedback
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.event_id(impl Into<String>)
/set_event_id(Option<String>)
:
required: trueThe authentication event ID.
feedback_value(FeedbackValueType)
/set_feedback_value(Option<FeedbackValueType>)
:
required: trueThe authentication event feedback value. When you provide a
FeedbackValue
value ofvalid
, you tell Amazon Cognito that you trust a user session where Amazon Cognito has evaluated some level of risk. When you provide aFeedbackValue
value ofinvalid
, you tell Amazon Cognito that you don’t trust a user session, or you don’t believe that Amazon Cognito evaluated a high-enough risk level.
- On success, responds with
AdminUpdateAuthEventFeedbackOutput
- On failure, responds with
SdkError<AdminUpdateAuthEventFeedbackError>
source§impl Client
impl Client
sourcepub fn admin_update_device_status(&self) -> AdminUpdateDeviceStatusFluentBuilder
pub fn admin_update_device_status(&self) -> AdminUpdateDeviceStatusFluentBuilder
Constructs a fluent builder for the AdminUpdateDeviceStatus
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.device_key(impl Into<String>)
/set_device_key(Option<String>)
:
required: trueThe device key.
device_remembered_status(DeviceRememberedStatusType)
/set_device_remembered_status(Option<DeviceRememberedStatusType>)
:
required: falseThe status indicating whether a device has been remembered or not.
- On success, responds with
AdminUpdateDeviceStatusOutput
- On failure, responds with
SdkError<AdminUpdateDeviceStatusError>
source§impl Client
impl Client
sourcepub fn admin_update_user_attributes(
&self
) -> AdminUpdateUserAttributesFluentBuilder
pub fn admin_update_user_attributes( &self ) -> AdminUpdateUserAttributesFluentBuilder
Constructs a fluent builder for the AdminUpdateUserAttributes
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to update user attributes.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.user_attributes(AttributeType)
/set_user_attributes(Option<Vec::<AttributeType>>)
:
required: trueAn array of name-value pairs representing user attributes.
For custom attributes, you must prepend the
custom:
prefix to the attribute name.If your user pool requires verification before Amazon Cognito updates an attribute value that you specify in this request, Amazon Cognito doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.
To update the value of an attribute that requires verification in the same API request, include the
email_verified
orphone_number_verified
attribute, with a value oftrue
. If you set theemail_verified
orphone_number_verified
value for anemail
orphone_number
attribute that requires verification totrue
, Amazon Cognito doesn’t send a verification message to your user.client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminUpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminUpdateUserAttributes request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
AdminUpdateUserAttributesOutput
- On failure, responds with
SdkError<AdminUpdateUserAttributesError>
source§impl Client
impl Client
sourcepub fn admin_user_global_sign_out(&self) -> AdminUserGlobalSignOutFluentBuilder
pub fn admin_user_global_sign_out(&self) -> AdminUserGlobalSignOutFluentBuilder
Constructs a fluent builder for the AdminUserGlobalSignOut
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.
- On success, responds with
AdminUserGlobalSignOutOutput
- On failure, responds with
SdkError<AdminUserGlobalSignOutError>
source§impl Client
impl Client
sourcepub fn associate_software_token(&self) -> AssociateSoftwareTokenFluentBuilder
pub fn associate_software_token(&self) -> AssociateSoftwareTokenFluentBuilder
Constructs a fluent builder for the AssociateSoftwareToken
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: falseA valid access token that Amazon Cognito issued to the user whose software token you want to generate.
session(impl Into<String>)
/set_session(Option<String>)
:
required: falseThe session that should be passed both ways in challenge-response calls to the service. This allows authentication of the user as part of the MFA setup process.
- On success, responds with
AssociateSoftwareTokenOutput
with field(s):secret_code(Option<String>)
:A unique generated shared secret code that is used in the TOTP algorithm to generate a one-time code.
session(Option<String>)
:The session that should be passed both ways in challenge-response calls to the service. This allows authentication of the user as part of the MFA setup process.
- On failure, responds with
SdkError<AssociateSoftwareTokenError>
source§impl Client
impl Client
sourcepub fn change_password(&self) -> ChangePasswordFluentBuilder
pub fn change_password(&self) -> ChangePasswordFluentBuilder
Constructs a fluent builder for the ChangePassword
operation.
- The fluent builder is configurable:
previous_password(impl Into<String>)
/set_previous_password(Option<String>)
:
required: trueThe old password.
proposed_password(impl Into<String>)
/set_proposed_password(Option<String>)
:
required: trueThe new password.
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose password you want to change.
- On success, responds with
ChangePasswordOutput
- On failure, responds with
SdkError<ChangePasswordError>
source§impl Client
impl Client
sourcepub fn confirm_device(&self) -> ConfirmDeviceFluentBuilder
pub fn confirm_device(&self) -> ConfirmDeviceFluentBuilder
Constructs a fluent builder for the ConfirmDevice
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose device you want to confirm.
device_key(impl Into<String>)
/set_device_key(Option<String>)
:
required: trueThe device key.
device_secret_verifier_config(DeviceSecretVerifierConfigType)
/set_device_secret_verifier_config(Option<DeviceSecretVerifierConfigType>)
:
required: falseThe configuration of the device secret verifier.
device_name(impl Into<String>)
/set_device_name(Option<String>)
:
required: falseThe device name.
- On success, responds with
ConfirmDeviceOutput
with field(s):user_confirmation_necessary(bool)
:Indicates whether the user confirmation must confirm the device response.
- On failure, responds with
SdkError<ConfirmDeviceError>
source§impl Client
impl Client
sourcepub fn confirm_forgot_password(&self) -> ConfirmForgotPasswordFluentBuilder
pub fn confirm_forgot_password(&self) -> ConfirmForgotPasswordFluentBuilder
Constructs a fluent builder for the ConfirmForgotPassword
operation.
- The fluent builder is configurable:
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe app client ID of the app associated with the user pool.
secret_hash(impl Into<String>)
/set_secret_hash(Option<String>)
:
required: falseA keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message. For more information about
SecretHash
, see Computing secret hash values.username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.confirmation_code(impl Into<String>)
/set_confirmation_code(Option<String>)
:
required: trueThe confirmation code from your user’s request to reset their password. For more information, see ForgotPassword.
password(impl Into<String>)
/set_password(Option<String>)
:
required: trueThe new password that your user wants to set.
analytics_metadata(AnalyticsMetadataType)
/set_analytics_metadata(Option<AnalyticsMetadataType>)
:
required: falseThe Amazon Pinpoint analytics metadata for collecting metrics for
ConfirmForgotPassword
calls.user_context_data(UserContextDataType)
/set_user_context_data(Option<UserContextDataType>)
:
required: falseContextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmForgotPassword API action, Amazon Cognito invokes the function that is assigned to the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmForgotPassword request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
ConfirmForgotPasswordOutput
- On failure, responds with
SdkError<ConfirmForgotPasswordError>
source§impl Client
impl Client
sourcepub fn confirm_sign_up(&self) -> ConfirmSignUpFluentBuilder
pub fn confirm_sign_up(&self) -> ConfirmSignUpFluentBuilder
Constructs a fluent builder for the ConfirmSignUp
operation.
- The fluent builder is configurable:
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe ID of the app client associated with the user pool.
secret_hash(impl Into<String>)
/set_secret_hash(Option<String>)
:
required: falseA keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.confirmation_code(impl Into<String>)
/set_confirmation_code(Option<String>)
:
required: trueThe confirmation code sent by a user’s request to confirm registration.
force_alias_creation(bool)
/set_force_alias_creation(Option<bool>)
:
required: falseBoolean to be specified to force user confirmation irrespective of existing alias. By default set to
False
. If this parameter is set toTrue
and the phone number/email used for sign up confirmation already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user being confirmed. If set toFalse
, the API will throw an AliasExistsException error.analytics_metadata(AnalyticsMetadataType)
/set_analytics_metadata(Option<AnalyticsMetadataType>)
:
required: falseThe Amazon Pinpoint analytics metadata for collecting metrics for
ConfirmSignUp
calls.user_context_data(UserContextDataType)
/set_user_context_data(Option<UserContextDataType>)
:
required: falseContextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmSignUp API action, Amazon Cognito invokes the function that is assigned to the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmSignUp request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
ConfirmSignUpOutput
- On failure, responds with
SdkError<ConfirmSignUpError>
source§impl Client
impl Client
sourcepub fn create_group(&self) -> CreateGroupFluentBuilder
pub fn create_group(&self) -> CreateGroupFluentBuilder
Constructs a fluent builder for the CreateGroup
operation.
- The fluent builder is configurable:
group_name(impl Into<String>)
/set_group_name(Option<String>)
:
required: trueThe name of the group. Must be unique.
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
description(impl Into<String>)
/set_description(Option<String>)
:
required: falseA string containing the description of the group.
role_arn(impl Into<String>)
/set_role_arn(Option<String>)
:
required: falseThe role Amazon Resource Name (ARN) for the group.
precedence(i32)
/set_precedence(Option<i32>)
:
required: falseA non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower
Precedence
values take precedence over groups with higher or nullPrecedence
values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user’s tokens for thecognito:roles
andcognito:preferred_role
claims.Two groups can have the same
Precedence
value. If this happens, neither group takes precedence over the other. If two groups with the samePrecedence
have the same role ARN, that role is used in thecognito:preferred_role
claim in tokens for users in each group. If the two groups have different role ARNs, thecognito:preferred_role
claim isn’t set in users’ tokens.The default
Precedence
value is null. The maximumPrecedence
value is2^31-1
.
- On success, responds with
CreateGroupOutput
with field(s):group(Option<GroupType>)
:The group object for the group.
- On failure, responds with
SdkError<CreateGroupError>
source§impl Client
impl Client
sourcepub fn create_identity_provider(&self) -> CreateIdentityProviderFluentBuilder
pub fn create_identity_provider(&self) -> CreateIdentityProviderFluentBuilder
Constructs a fluent builder for the CreateIdentityProvider
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
provider_name(impl Into<String>)
/set_provider_name(Option<String>)
:
required: trueThe IdP name.
provider_type(IdentityProviderTypeType)
/set_provider_type(Option<IdentityProviderTypeType>)
:
required: trueThe IdP type.
provider_details(impl Into<String>, impl Into<String>)
/set_provider_details(Option<HashMap::<String, String>>)
:
required: trueThe scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP
authorize_scopes
values must match the values listed here.- OpenID Connect (OIDC)
-
Amazon Cognito accepts the following elements when it can’t discover endpoint URLs from
oidc_issuer
:attributes_url
,authorize_url
,jwks_uri
,token_url
.Create or update request:
“ProviderDetails”: { “attributes_request_method”: “GET”, “attributes_url”: “https://auth.example.com/userInfo”, “authorize_scopes”: “openid profile email”, “authorize_url”: “https://auth.example.com/authorize”, “client_id”: “1example23456789”, “client_secret”: “provider-app-client-secret”, “jwks_uri”: “https://auth.example.com/.well-known/jwks.json”, “oidc_issuer”: “https://auth.example.com”, “token_url”: “https://example.com/token” }
Describe response:
“ProviderDetails”: { “attributes_request_method”: “GET”, “attributes_url”: “https://auth.example.com/userInfo”, “attributes_url_add_attributes”: “false”, “authorize_scopes”: “openid profile email”, “authorize_url”: “https://auth.example.com/authorize”, “client_id”: “1example23456789”, “client_secret”: “provider-app-client-secret”, “jwks_uri”: “https://auth.example.com/.well-known/jwks.json”, “oidc_issuer”: “https://auth.example.com”, “token_url”: “https://example.com/token” }
- SAML
-
Create or update request with Metadata URL:
“ProviderDetails”: { “IDPInit”: “true”, “IDPSignout”: “true”, “EncryptedResponses” : “true”, “MetadataURL”: “https://auth.example.com/sso/saml/metadata”, “RequestSigningAlgorithm”: “rsa-sha256” }
Create or update request with Metadata file:
“ProviderDetails”: { “IDPInit”: “true”, “IDPSignout”: “true”, “EncryptedResponses” : “true”, “MetadataFile”: “[metadata XML]”, “RequestSigningAlgorithm”: “rsa-sha256” }
The value of
MetadataFile
must be the plaintext metadata document with all quote (“) characters escaped by backslashes.Describe response:
“ProviderDetails”: { “IDPInit”: “true”, “IDPSignout”: “true”, “EncryptedResponses” : “true”, “ActiveEncryptionCertificate”: “[certificate]”, “MetadataURL”: “https://auth.example.com/sso/saml/metadata”, “RequestSigningAlgorithm”: “rsa-sha256”, “SLORedirectBindingURI”: “https://auth.example.com/slo/saml”, “SSORedirectBindingURI”: “https://auth.example.com/sso/saml” }
- LoginWithAmazon
-
Create or update request:
“ProviderDetails”: { “authorize_scopes”: “profile postal_code”, “client_id”: “amzn1.application-oa2-client.1example23456789”, “client_secret”: “provider-app-client-secret”
Describe response:
“ProviderDetails”: { “attributes_url”: “https://api.amazon.com/user/profile”, “attributes_url_add_attributes”: “false”, “authorize_scopes”: “profile postal_code”, “authorize_url”: “https://www.amazon.com/ap/oa”, “client_id”: “amzn1.application-oa2-client.1example23456789”, “client_secret”: “provider-app-client-secret”, “token_request_method”: “POST”, “token_url”: “https://api.amazon.com/auth/o2/token” }
-
Create or update request:
“ProviderDetails”: { “authorize_scopes”: “email profile openid”, “client_id”: “1example23456789.apps.googleusercontent.com”, “client_secret”: “provider-app-client-secret” }
Describe response:
“ProviderDetails”: { “attributes_url”: “https://people.googleapis.com/v1/people/me?personFields=”, “attributes_url_add_attributes”: “true”, “authorize_scopes”: “email profile openid”, “authorize_url”: “https://accounts.google.com/o/oauth2/v2/auth”, “client_id”: “1example23456789.apps.googleusercontent.com”, “client_secret”: “provider-app-client-secret”, “oidc_issuer”: “https://accounts.google.com”, “token_request_method”: “POST”, “token_url”: “https://www.googleapis.com/oauth2/v4/token” }
- SignInWithApple
-
Create or update request:
“ProviderDetails”: { “authorize_scopes”: “email name”, “client_id”: “com.example.cognito”, “private_key”: “1EXAMPLE”, “key_id”: “2EXAMPLE”, “team_id”: “3EXAMPLE” }
Describe response:
“ProviderDetails”: { “attributes_url_add_attributes”: “false”, “authorize_scopes”: “email name”, “authorize_url”: “https://appleid.apple.com/auth/authorize”, “client_id”: “com.example.cognito”, “key_id”: “1EXAMPLE”, “oidc_issuer”: “https://appleid.apple.com”, “team_id”: “2EXAMPLE”, “token_request_method”: “POST”, “token_url”: “https://appleid.apple.com/auth/token” }
-
Create or update request:
“ProviderDetails”: { “api_version”: “v17.0”, “authorize_scopes”: “public_profile, email”, “client_id”: “1example23456789”, “client_secret”: “provider-app-client-secret” }
Describe response:
“ProviderDetails”: { “api_version”: “v17.0”, “attributes_url”: “https://graph.facebook.com/v17.0/me?fields=”, “attributes_url_add_attributes”: “true”, “authorize_scopes”: “public_profile, email”, “authorize_url”: “https://www.facebook.com/v17.0/dialog/oauth”, “client_id”: “1example23456789”, “client_secret”: “provider-app-client-secret”, “token_request_method”: “GET”, “token_url”: “https://graph.facebook.com/v17.0/oauth/access_token” }
attribute_mapping(impl Into<String>, impl Into<String>)
/set_attribute_mapping(Option<HashMap::<String, String>>)
:
required: falseA mapping of IdP attributes to standard and custom user pool attributes.
idp_identifiers(impl Into<String>)
/set_idp_identifiers(Option<Vec::<String>>)
:
required: falseA list of IdP identifiers.
- On success, responds with
CreateIdentityProviderOutput
with field(s):identity_provider(Option<IdentityProviderType>)
:The newly created IdP object.
- On failure, responds with
SdkError<CreateIdentityProviderError>
source§impl Client
impl Client
sourcepub fn create_resource_server(&self) -> CreateResourceServerFluentBuilder
pub fn create_resource_server(&self) -> CreateResourceServerFluentBuilder
Constructs a fluent builder for the CreateResourceServer
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
identifier(impl Into<String>)
/set_identifier(Option<String>)
:
required: trueA unique resource server identifier for the resource server. The identifier can be an API friendly name like
solar-system-data
. You can also set an API URL likehttps://solar-system-data-api.example.com
as your identifier.Amazon Cognito represents scopes in the access token in the format
$resource-server-identifier/$scope
. Longer scope-identifier strings increase the size of your access tokens.name(impl Into<String>)
/set_name(Option<String>)
:
required: trueA friendly name for the resource server.
scopes(ResourceServerScopeType)
/set_scopes(Option<Vec::<ResourceServerScopeType>>)
:
required: falseA list of scopes. Each scope is a key-value map with the keys
name
anddescription
.
- On success, responds with
CreateResourceServerOutput
with field(s):resource_server(Option<ResourceServerType>)
:The newly created resource server.
- On failure, responds with
SdkError<CreateResourceServerError>
source§impl Client
impl Client
sourcepub fn create_user_import_job(&self) -> CreateUserImportJobFluentBuilder
pub fn create_user_import_job(&self) -> CreateUserImportJobFluentBuilder
Constructs a fluent builder for the CreateUserImportJob
operation.
- The fluent builder is configurable:
job_name(impl Into<String>)
/set_job_name(Option<String>)
:
required: trueThe job name for the user import job.
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool that the users are being imported into.
cloud_watch_logs_role_arn(impl Into<String>)
/set_cloud_watch_logs_role_arn(Option<String>)
:
required: trueThe role ARN for the Amazon CloudWatch Logs Logging role for the user import job.
- On success, responds with
CreateUserImportJobOutput
with field(s):user_import_job(Option<UserImportJobType>)
:The job object that represents the user import job.
- On failure, responds with
SdkError<CreateUserImportJobError>
source§impl Client
impl Client
sourcepub fn create_user_pool(&self) -> CreateUserPoolFluentBuilder
pub fn create_user_pool(&self) -> CreateUserPoolFluentBuilder
Constructs a fluent builder for the CreateUserPool
operation.
- The fluent builder is configurable:
pool_name(impl Into<String>)
/set_pool_name(Option<String>)
:
required: trueA string used to name the user pool.
policies(UserPoolPolicyType)
/set_policies(Option<UserPoolPolicyType>)
:
required: falseThe policies associated with the new user pool.
deletion_protection(DeletionProtectionType)
/set_deletion_protection(Option<DeletionProtectionType>)
:
required: falseWhen active,
DeletionProtection
prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature.When you try to delete a protected user pool in a
DeleteUserPool
API request, Amazon Cognito returns anInvalidParameterException
error. To delete a protected user pool, send a newDeleteUserPool
request after you deactivate deletion protection in anUpdateUserPool
API request.lambda_config(LambdaConfigType)
/set_lambda_config(Option<LambdaConfigType>)
:
required: falseThe Lambda trigger configuration information for the new user pool.
In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function.
For more information on using the Lambda API to add permission, see AddPermission .
For adding permission using the CLI, see add-permission .
auto_verified_attributes(VerifiedAttributeType)
/set_auto_verified_attributes(Option<Vec::<VerifiedAttributeType>>)
:
required: falseThe attributes to be auto-verified. Possible values: email, phone_number.
alias_attributes(AliasAttributeType)
/set_alias_attributes(Option<Vec::<AliasAttributeType>>)
:
required: falseAttributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username.
username_attributes(UsernameAttributeType)
/set_username_attributes(Option<Vec::<UsernameAttributeType>>)
:
required: falseSpecifies whether a user can use an email address or phone number as a username when they sign up.
sms_verification_message(impl Into<String>)
/set_sms_verification_message(Option<String>)
:
required: falseThis parameter is no longer used. See VerificationMessageTemplateType.
email_verification_message(impl Into<String>)
/set_email_verification_message(Option<String>)
:
required: falseThis parameter is no longer used. See VerificationMessageTemplateType.
email_verification_subject(impl Into<String>)
/set_email_verification_subject(Option<String>)
:
required: falseThis parameter is no longer used. See VerificationMessageTemplateType.
verification_message_template(VerificationMessageTemplateType)
/set_verification_message_template(Option<VerificationMessageTemplateType>)
:
required: falseThe template for the verification message that the user sees when the app requests permission to access the user’s information.
sms_authentication_message(impl Into<String>)
/set_sms_authentication_message(Option<String>)
:
required: falseA string representing the SMS authentication message.
mfa_configuration(UserPoolMfaType)
/set_mfa_configuration(Option<UserPoolMfaType>)
:
required: falseSpecifies MFA configuration details.
user_attribute_update_settings(UserAttributeUpdateSettingsType)
/set_user_attribute_update_settings(Option<UserAttributeUpdateSettingsType>)
:
required: falseThe settings for updates to user attributes. These settings include the property
AttributesRequireVerificationBeforeUpdate
, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers.device_configuration(DeviceConfigurationType)
/set_device_configuration(Option<DeviceConfigurationType>)
:
required: falseThe device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.
When you provide a value for any
DeviceConfiguration
field, you activate the Amazon Cognito device-remembering feature.email_configuration(EmailConfigurationType)
/set_email_configuration(Option<EmailConfigurationType>)
:
required: falseThe email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages from your user pool.
sms_configuration(SmsConfigurationType)
/set_sms_configuration(Option<SmsConfigurationType>)
:
required: falseThe SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.
user_pool_tags(impl Into<String>, impl Into<String>)
/set_user_pool_tags(Option<HashMap::<String, String>>)
:
required: falseThe tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
admin_create_user_config(AdminCreateUserConfigType)
/set_admin_create_user_config(Option<AdminCreateUserConfigType>)
:
required: falseThe configuration for
AdminCreateUser
requests.schema(SchemaAttributeType)
/set_schema(Option<Vec::<SchemaAttributeType>>)
:
required: falseAn array of schema attributes for the new user pool. These attributes can be standard or custom attributes.
user_pool_add_ons(UserPoolAddOnsType)
/set_user_pool_add_ons(Option<UserPoolAddOnsType>)
:
required: falseUser pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to
AUDIT
. To configure automatic security responses to risky traffic to your user pool, set toENFORCED
.For more information, see Adding advanced security to a user pool.
username_configuration(UsernameConfigurationType)
/set_username_configuration(Option<UsernameConfigurationType>)
:
required: falseCase sensitivity on the username input for the selected sign-in option. When case sensitivity is set to
False
(case insensitive), users can sign in with any combination of capital and lowercase letters. For example,username
,USERNAME
, orUserName
, or for email,email@example.com
orEMaiL@eXamplE.Com
. For most use cases, set case sensitivity toFalse
(case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.This configuration is immutable after you set it. For more information, see UsernameConfigurationType.
account_recovery_setting(AccountRecoverySettingType)
/set_account_recovery_setting(Option<AccountRecoverySettingType>)
:
required: falseThe available verified method a user can use to recover their password when they call
ForgotPassword
. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn’t qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.
- On success, responds with
CreateUserPoolOutput
with field(s):user_pool(Option<UserPoolType>)
:A container for the user pool details.
- On failure, responds with
SdkError<CreateUserPoolError>
source§impl Client
impl Client
sourcepub fn create_user_pool_client(&self) -> CreateUserPoolClientFluentBuilder
pub fn create_user_pool_client(&self) -> CreateUserPoolClientFluentBuilder
Constructs a fluent builder for the CreateUserPoolClient
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to create a user pool client.
client_name(impl Into<String>)
/set_client_name(Option<String>)
:
required: trueThe client name for the user pool client you would like to create.
generate_secret(bool)
/set_generate_secret(Option<bool>)
:
required: falseBoolean to specify whether you want to generate a secret for the user pool client being created.
refresh_token_validity(i32)
/set_refresh_token_validity(Option<i32>)
:
required: falseThe refresh token time limit. After this limit expires, your user can’t use their refresh token. To specify the time unit for
RefreshTokenValidity
asseconds
,minutes
,hours
, ordays
, set aTokenValidityUnits
value in your API request.For example, when you set
RefreshTokenValidity
as10
andTokenValidityUnits
asdays
, your user can refresh their session and retrieve new access and ID tokens for 10 days.The default time unit for
RefreshTokenValidity
in an API request is days. You can’t setRefreshTokenValidity
to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. Valid range is displayed below in seconds.If you don’t specify otherwise in the configuration of your app client, your refresh tokens are valid for 30 days.
access_token_validity(i32)
/set_access_token_validity(Option<i32>)
:
required: falseThe access token time limit. After this limit expires, your user can’t use their access token. To specify the time unit for
AccessTokenValidity
asseconds
,minutes
,hours
, ordays
, set aTokenValidityUnits
value in your API request.For example, when you set
AccessTokenValidity
to10
andTokenValidityUnits
tohours
, your user can authorize access with their access token for 10 hours.The default time unit for
AccessTokenValidity
in an API request is hours. Valid range is displayed below in seconds.If you don’t specify otherwise in the configuration of your app client, your access tokens are valid for one hour.
id_token_validity(i32)
/set_id_token_validity(Option<i32>)
:
required: falseThe ID token time limit. After this limit expires, your user can’t use their ID token. To specify the time unit for
IdTokenValidity
asseconds
,minutes
,hours
, ordays
, set aTokenValidityUnits
value in your API request.For example, when you set
IdTokenValidity
as10
andTokenValidityUnits
ashours
, your user can authenticate their session with their ID token for 10 hours.The default time unit for
IdTokenValidity
in an API request is hours. Valid range is displayed below in seconds.If you don’t specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
token_validity_units(TokenValidityUnitsType)
/set_token_validity_units(Option<TokenValidityUnitsType>)
:
required: falseThe units in which the validity times are represented. The default unit for RefreshToken is days, and default for ID and access tokens are hours.
read_attributes(impl Into<String>)
/set_read_attributes(Option<Vec::<String>>)
:
required: falseThe list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user’s profile data.
When you don’t specify the
ReadAttributes
for your app client, your app can read the values ofemail_verified
,phone_number_verified
, and the Standard attributes of your user pool. When your user pool has read access to these default attributes,ReadAttributes
doesn’t return any information. Amazon Cognito only populatesReadAttributes
in the API response if you have specified your own custom set of read attributes.write_attributes(impl Into<String>)
/set_write_attributes(Option<Vec::<String>>)
:
required: falseThe list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets
family_name
to the new value.When you don’t specify the
WriteAttributes
for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes,WriteAttributes
doesn’t return any information. Amazon Cognito only populatesWriteAttributes
in the API response if you have specified your own custom set of write attributes.If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
explicit_auth_flows(ExplicitAuthFlowsType)
/set_explicit_auth_flows(Option<Vec::<ExplicitAuthFlowsType>>)
:
required: falseThe authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.
If you don’t specify a value for
ExplicitAuthFlows
, your user client supportsALLOW_REFRESH_TOKEN_AUTH
,ALLOW_USER_SRP_AUTH
, andALLOW_CUSTOM_AUTH
.Valid values include:
-
ALLOW_ADMIN_USER_PASSWORD_AUTH
: Enable admin based user password authentication flowADMIN_USER_PASSWORD_AUTH
. This setting replaces theADMIN_NO_SRP_AUTH
setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password. -
ALLOW_CUSTOM_AUTH
: Enable Lambda trigger based authentication. -
ALLOW_USER_PASSWORD_AUTH
: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords. -
ALLOW_USER_SRP_AUTH
: Enable SRP-based authentication. -
ALLOW_REFRESH_TOKEN_AUTH
: Enable authflow to refresh tokens.
In some environments, you will see the values
ADMIN_NO_SRP_AUTH
,CUSTOM_AUTH_FLOW_ONLY
, orUSER_PASSWORD_AUTH
. You can’t assign these legacyExplicitAuthFlows
values to user pool clients at the same time as values that begin withALLOW_
, likeALLOW_USER_SRP_AUTH
.-
supported_identity_providers(impl Into<String>)
/set_supported_identity_providers(Option<Vec::<String>>)
:
required: falseA list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported:
COGNITO
,Facebook
,Google
,SignInWithApple
, andLoginWithAmazon
. You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for exampleMySAMLIdP
orMyOIDCIdP
.callback_urls(impl Into<String>)
/set_callback_urls(Option<Vec::<String>>)
:
required: falseA list of allowed redirect (callback) URLs for the IdPs.
A redirect URI must:
-
Be an absolute URI.
-
Be registered with the authorization server.
-
Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
-
logout_urls(impl Into<String>)
/set_logout_urls(Option<Vec::<String>>)
:
required: falseA list of allowed logout URLs for the IdPs.
default_redirect_uri(impl Into<String>)
/set_default_redirect_uri(Option<String>)
:
required: falseThe default redirect URI. In app clients with one assigned IdP, replaces
redirect_uri
in authentication requests. Must be in theCallbackURLs
list.A redirect URI must:
-
Be an absolute URI.
-
Be registered with the authorization server.
-
Not include a fragment component.
For more information, see Default redirect URI.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
-
allowed_o_auth_flows(OAuthFlowType)
/set_allowed_o_auth_flows(Option<Vec::<OAuthFlowType>>)
:
required: falseThe OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add
client_credentials
as the only allowed OAuth flow.- code
-
Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the
/oauth2/token
endpoint. - implicit
-
Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
- client_credentials
-
Issue the access token from the
/oauth2/token
endpoint directly to a non-person user using a combination of the client ID and client secret.
allowed_o_auth_scopes(impl Into<String>)
/set_allowed_o_auth_scopes(Option<Vec::<String>>)
:
required: falseThe allowed OAuth scopes. Possible values provided by OAuth are
phone
,email
,openid
, andprofile
. Possible values provided by Amazon Web Services areaws.cognito.signin.user.admin
. Custom scopes created in Resource Servers are also supported.allowed_o_auth_flows_user_pool_client(bool)
/set_allowed_o_auth_flows_user_pool_client(Option<bool>)
:
required: falseSet to
true
to use OAuth 2.0 features in your user pool app client.AllowedOAuthFlowsUserPoolClient
must betrue
before you can configure the following features in your app client.-
CallBackURLs
: Callback URLs. -
LogoutURLs
: Sign-out redirect URLs. -
AllowedOAuthScopes
: OAuth 2.0 scopes. -
AllowedOAuthFlows
: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.
To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
AllowedOAuthFlowsUserPoolClient
totrue
in aCreateUserPoolClient
orUpdateUserPoolClient
API request. If you don’t set a value forAllowedOAuthFlowsUserPoolClient
in a request with the CLI or SDKs, it defaults tofalse
.-
analytics_configuration(AnalyticsConfigurationType)
/set_analytics_configuration(Option<AnalyticsConfigurationType>)
:
required: falseThe user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.
In Amazon Web Services Regions where Amazon Pinpoint isn’t available, user pools only support sending events to Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.
prevent_user_existence_errors(PreventUserExistenceErrorTypes)
/set_prevent_user_existence_errors(Option<PreventUserExistenceErrorTypes>)
:
required: falseErrors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn’t exist in the user pool. When set to
ENABLED
and the user doesn’t exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set toLEGACY
, those APIs return aUserNotFoundException
exception if the user doesn’t exist in the user pool.Valid values include:
-
ENABLED
- This prevents user existence-related errors. -
LEGACY
- This represents the early behavior of Amazon Cognito where user existence related errors aren’t prevented.
-
enable_token_revocation(bool)
/set_enable_token_revocation(Option<bool>)
:
required: falseActivates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
If you don’t include this parameter, token revocation is automatically activated for the new user pool client.
enable_propagate_additional_user_context_data(bool)
/set_enable_propagate_additional_user_context_data(Option<bool>)
:
required: falseActivates the propagation of additional user context data. For more information about propagation of user context data, see Adding advanced security to a user pool. If you don’t include this parameter, you can’t send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate
EnablePropagateAdditionalUserContextData
in an app client that has a client secret.auth_session_validity(i32)
/set_auth_session_validity(Option<i32>)
:
required: falseAmazon Cognito creates a session token for each API request in an authentication flow.
AuthSessionValidity
is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires.
- On success, responds with
CreateUserPoolClientOutput
with field(s):user_pool_client(Option<UserPoolClientType>)
:The user pool client that was just created.
- On failure, responds with
SdkError<CreateUserPoolClientError>
source§impl Client
impl Client
sourcepub fn create_user_pool_domain(&self) -> CreateUserPoolDomainFluentBuilder
pub fn create_user_pool_domain(&self) -> CreateUserPoolDomainFluentBuilder
Constructs a fluent builder for the CreateUserPoolDomain
operation.
- The fluent builder is configurable:
domain(impl Into<String>)
/set_domain(Option<String>)
:
required: trueThe domain string. For custom domains, this is the fully-qualified domain name, such as
auth.example.com
. For Amazon Cognito prefix domains, this is the prefix alone, such asauth
.user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
custom_domain_config(CustomDomainConfigType)
/set_custom_domain_config(Option<CustomDomainConfigType>)
:
required: falseThe configuration for a custom domain that hosts the sign-up and sign-in webpages for your application.
Provide this parameter only if you want to use a custom domain for your user pool. Otherwise, you can exclude this parameter and use the Amazon Cognito hosted domain instead.
For more information about the hosted domain and custom domains, see Configuring a User Pool Domain.
- On success, responds with
CreateUserPoolDomainOutput
with field(s):cloud_front_domain(Option<String>)
:The Amazon CloudFront endpoint that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider. Amazon Cognito returns this value if you set a custom domain with
CustomDomainConfig
. If you set an Amazon Cognito prefix domain, this operation returns a blank response.
- On failure, responds with
SdkError<CreateUserPoolDomainError>
source§impl Client
impl Client
sourcepub fn delete_group(&self) -> DeleteGroupFluentBuilder
pub fn delete_group(&self) -> DeleteGroupFluentBuilder
Constructs a fluent builder for the DeleteGroup
operation.
- The fluent builder is configurable:
group_name(impl Into<String>)
/set_group_name(Option<String>)
:
required: trueThe name of the group.
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
- On success, responds with
DeleteGroupOutput
- On failure, responds with
SdkError<DeleteGroupError>
source§impl Client
impl Client
sourcepub fn delete_identity_provider(&self) -> DeleteIdentityProviderFluentBuilder
pub fn delete_identity_provider(&self) -> DeleteIdentityProviderFluentBuilder
Constructs a fluent builder for the DeleteIdentityProvider
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
provider_name(impl Into<String>)
/set_provider_name(Option<String>)
:
required: trueThe IdP name.
- On success, responds with
DeleteIdentityProviderOutput
- On failure, responds with
SdkError<DeleteIdentityProviderError>
source§impl Client
impl Client
sourcepub fn delete_resource_server(&self) -> DeleteResourceServerFluentBuilder
pub fn delete_resource_server(&self) -> DeleteResourceServerFluentBuilder
Constructs a fluent builder for the DeleteResourceServer
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool that hosts the resource server.
identifier(impl Into<String>)
/set_identifier(Option<String>)
:
required: trueThe identifier for the resource server.
- On success, responds with
DeleteResourceServerOutput
- On failure, responds with
SdkError<DeleteResourceServerError>
source§impl Client
impl Client
sourcepub fn delete_user(&self) -> DeleteUserFluentBuilder
pub fn delete_user(&self) -> DeleteUserFluentBuilder
Constructs a fluent builder for the DeleteUser
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose user profile you want to delete.
- On success, responds with
DeleteUserOutput
- On failure, responds with
SdkError<DeleteUserError>
source§impl Client
impl Client
sourcepub fn delete_user_attributes(&self) -> DeleteUserAttributesFluentBuilder
pub fn delete_user_attributes(&self) -> DeleteUserAttributesFluentBuilder
Constructs a fluent builder for the DeleteUserAttributes
operation.
- The fluent builder is configurable:
user_attribute_names(impl Into<String>)
/set_user_attribute_names(Option<Vec::<String>>)
:
required: trueAn array of strings representing the user attribute names you want to delete.
For custom attributes, you must prependattach the
custom:
prefix to the front of the attribute name.access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose attributes you want to delete.
- On success, responds with
DeleteUserAttributesOutput
- On failure, responds with
SdkError<DeleteUserAttributesError>
source§impl Client
impl Client
sourcepub fn delete_user_pool(&self) -> DeleteUserPoolFluentBuilder
pub fn delete_user_pool(&self) -> DeleteUserPoolFluentBuilder
Constructs a fluent builder for the DeleteUserPool
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool you want to delete.
- On success, responds with
DeleteUserPoolOutput
- On failure, responds with
SdkError<DeleteUserPoolError>
source§impl Client
impl Client
sourcepub fn delete_user_pool_client(&self) -> DeleteUserPoolClientFluentBuilder
pub fn delete_user_pool_client(&self) -> DeleteUserPoolClientFluentBuilder
Constructs a fluent builder for the DeleteUserPoolClient
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to delete the client.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe app client ID of the app associated with the user pool.
- On success, responds with
DeleteUserPoolClientOutput
- On failure, responds with
SdkError<DeleteUserPoolClientError>
source§impl Client
impl Client
sourcepub fn delete_user_pool_domain(&self) -> DeleteUserPoolDomainFluentBuilder
pub fn delete_user_pool_domain(&self) -> DeleteUserPoolDomainFluentBuilder
Constructs a fluent builder for the DeleteUserPoolDomain
operation.
- The fluent builder is configurable:
domain(impl Into<String>)
/set_domain(Option<String>)
:
required: trueThe domain string. For custom domains, this is the fully-qualified domain name, such as
auth.example.com
. For Amazon Cognito prefix domains, this is the prefix alone, such asauth
.user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
- On success, responds with
DeleteUserPoolDomainOutput
- On failure, responds with
SdkError<DeleteUserPoolDomainError>
source§impl Client
impl Client
sourcepub fn describe_identity_provider(
&self
) -> DescribeIdentityProviderFluentBuilder
pub fn describe_identity_provider( &self ) -> DescribeIdentityProviderFluentBuilder
Constructs a fluent builder for the DescribeIdentityProvider
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
provider_name(impl Into<String>)
/set_provider_name(Option<String>)
:
required: trueThe IdP name.
- On success, responds with
DescribeIdentityProviderOutput
with field(s):identity_provider(Option<IdentityProviderType>)
:The identity provider details.
- On failure, responds with
SdkError<DescribeIdentityProviderError>
source§impl Client
impl Client
sourcepub fn describe_resource_server(&self) -> DescribeResourceServerFluentBuilder
pub fn describe_resource_server(&self) -> DescribeResourceServerFluentBuilder
Constructs a fluent builder for the DescribeResourceServer
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool that hosts the resource server.
identifier(impl Into<String>)
/set_identifier(Option<String>)
:
required: trueA unique resource server identifier for the resource server. The identifier can be an API friendly name like
solar-system-data
. You can also set an API URL likehttps://solar-system-data-api.example.com
as your identifier.Amazon Cognito represents scopes in the access token in the format
$resource-server-identifier/$scope
. Longer scope-identifier strings increase the size of your access tokens.
- On success, responds with
DescribeResourceServerOutput
with field(s):resource_server(Option<ResourceServerType>)
:The resource server.
- On failure, responds with
SdkError<DescribeResourceServerError>
source§impl Client
impl Client
sourcepub fn describe_risk_configuration(
&self
) -> DescribeRiskConfigurationFluentBuilder
pub fn describe_risk_configuration( &self ) -> DescribeRiskConfigurationFluentBuilder
Constructs a fluent builder for the DescribeRiskConfiguration
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: falseThe app client ID.
- On success, responds with
DescribeRiskConfigurationOutput
with field(s):risk_configuration(Option<RiskConfigurationType>)
:The risk configuration.
- On failure, responds with
SdkError<DescribeRiskConfigurationError>
source§impl Client
impl Client
sourcepub fn describe_user_import_job(&self) -> DescribeUserImportJobFluentBuilder
pub fn describe_user_import_job(&self) -> DescribeUserImportJobFluentBuilder
Constructs a fluent builder for the DescribeUserImportJob
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool that the users are being imported into.
job_id(impl Into<String>)
/set_job_id(Option<String>)
:
required: trueThe job ID for the user import job.
- On success, responds with
DescribeUserImportJobOutput
with field(s):user_import_job(Option<UserImportJobType>)
:The job object that represents the user import job.
- On failure, responds with
SdkError<DescribeUserImportJobError>
source§impl Client
impl Client
sourcepub fn describe_user_pool(&self) -> DescribeUserPoolFluentBuilder
pub fn describe_user_pool(&self) -> DescribeUserPoolFluentBuilder
Constructs a fluent builder for the DescribeUserPool
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool you want to describe.
- On success, responds with
DescribeUserPoolOutput
with field(s):user_pool(Option<UserPoolType>)
:The container of metadata returned by the server to describe the pool.
- On failure, responds with
SdkError<DescribeUserPoolError>
source§impl Client
impl Client
sourcepub fn describe_user_pool_client(&self) -> DescribeUserPoolClientFluentBuilder
pub fn describe_user_pool_client(&self) -> DescribeUserPoolClientFluentBuilder
Constructs a fluent builder for the DescribeUserPoolClient
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool you want to describe.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe app client ID of the app associated with the user pool.
- On success, responds with
DescribeUserPoolClientOutput
with field(s):user_pool_client(Option<UserPoolClientType>)
:The user pool client from a server response to describe the user pool client.
- On failure, responds with
SdkError<DescribeUserPoolClientError>
source§impl Client
impl Client
sourcepub fn describe_user_pool_domain(&self) -> DescribeUserPoolDomainFluentBuilder
pub fn describe_user_pool_domain(&self) -> DescribeUserPoolDomainFluentBuilder
Constructs a fluent builder for the DescribeUserPoolDomain
operation.
- The fluent builder is configurable:
domain(impl Into<String>)
/set_domain(Option<String>)
:
required: trueThe domain string. For custom domains, this is the fully-qualified domain name, such as
auth.example.com
. For Amazon Cognito prefix domains, this is the prefix alone, such asauth
.
- On success, responds with
DescribeUserPoolDomainOutput
with field(s):domain_description(Option<DomainDescriptionType>)
:A domain description object containing information about the domain.
- On failure, responds with
SdkError<DescribeUserPoolDomainError>
source§impl Client
impl Client
sourcepub fn forget_device(&self) -> ForgetDeviceFluentBuilder
pub fn forget_device(&self) -> ForgetDeviceFluentBuilder
Constructs a fluent builder for the ForgetDevice
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: falseA valid access token that Amazon Cognito issued to the user whose registered device you want to forget.
device_key(impl Into<String>)
/set_device_key(Option<String>)
:
required: trueThe device key.
- On success, responds with
ForgetDeviceOutput
- On failure, responds with
SdkError<ForgetDeviceError>
source§impl Client
impl Client
sourcepub fn forgot_password(&self) -> ForgotPasswordFluentBuilder
pub fn forgot_password(&self) -> ForgotPasswordFluentBuilder
Constructs a fluent builder for the ForgotPassword
operation.
- The fluent builder is configurable:
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe ID of the client associated with the user pool.
secret_hash(impl Into<String>)
/set_secret_hash(Option<String>)
:
required: falseA keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
user_context_data(UserContextDataType)
/set_user_context_data(Option<UserContextDataType>)
:
required: falseContextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.analytics_metadata(AnalyticsMetadataType)
/set_analytics_metadata(Option<AnalyticsMetadataType>)
:
required: falseThe Amazon Pinpoint analytics metadata that contributes to your metrics for
ForgotPassword
calls.client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ForgotPassword API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and user migration. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your ForgotPassword request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
ForgotPasswordOutput
with field(s):code_delivery_details(Option<CodeDeliveryDetailsType>)
:The code delivery details returned by the server in response to the request to reset a password.
- On failure, responds with
SdkError<ForgotPasswordError>
source§impl Client
impl Client
sourcepub fn get_csv_header(&self) -> GetCSVHeaderFluentBuilder
pub fn get_csv_header(&self) -> GetCSVHeaderFluentBuilder
Constructs a fluent builder for the GetCSVHeader
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool that the users are to be imported into.
- On success, responds with
GetCsvHeaderOutput
with field(s):user_pool_id(Option<String>)
:The user pool ID for the user pool that the users are to be imported into.
csv_header(Option<Vec::<String>>)
:The header information of the CSV file for the user import job.
- On failure, responds with
SdkError<GetCSVHeaderError>
source§impl Client
impl Client
sourcepub fn get_device(&self) -> GetDeviceFluentBuilder
pub fn get_device(&self) -> GetDeviceFluentBuilder
Constructs a fluent builder for the GetDevice
operation.
- The fluent builder is configurable:
device_key(impl Into<String>)
/set_device_key(Option<String>)
:
required: trueThe device key.
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: falseA valid access token that Amazon Cognito issued to the user whose device information you want to request.
- On success, responds with
GetDeviceOutput
with field(s):device(Option<DeviceType>)
:The device.
- On failure, responds with
SdkError<GetDeviceError>
source§impl Client
impl Client
sourcepub fn get_group(&self) -> GetGroupFluentBuilder
pub fn get_group(&self) -> GetGroupFluentBuilder
Constructs a fluent builder for the GetGroup
operation.
- The fluent builder is configurable:
group_name(impl Into<String>)
/set_group_name(Option<String>)
:
required: trueThe name of the group.
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
- On success, responds with
GetGroupOutput
with field(s):group(Option<GroupType>)
:The group object for the group.
- On failure, responds with
SdkError<GetGroupError>
source§impl Client
impl Client
sourcepub fn get_identity_provider_by_identifier(
&self
) -> GetIdentityProviderByIdentifierFluentBuilder
pub fn get_identity_provider_by_identifier( &self ) -> GetIdentityProviderByIdentifierFluentBuilder
Constructs a fluent builder for the GetIdentityProviderByIdentifier
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
idp_identifier(impl Into<String>)
/set_idp_identifier(Option<String>)
:
required: trueThe IdP identifier.
- On success, responds with
GetIdentityProviderByIdentifierOutput
with field(s):identity_provider(Option<IdentityProviderType>)
:The identity provider details.
- On failure, responds with
SdkError<GetIdentityProviderByIdentifierError>
source§impl Client
impl Client
sourcepub fn get_log_delivery_configuration(
&self
) -> GetLogDeliveryConfigurationFluentBuilder
pub fn get_log_delivery_configuration( &self ) -> GetLogDeliveryConfigurationFluentBuilder
Constructs a fluent builder for the GetLogDeliveryConfiguration
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe ID of the user pool where you want to view detailed activity logging configuration.
- On success, responds with
GetLogDeliveryConfigurationOutput
with field(s):log_delivery_configuration(Option<LogDeliveryConfigurationType>)
:The detailed activity logging configuration of the requested user pool.
- On failure, responds with
SdkError<GetLogDeliveryConfigurationError>
source§impl Client
impl Client
sourcepub fn get_signing_certificate(&self) -> GetSigningCertificateFluentBuilder
pub fn get_signing_certificate(&self) -> GetSigningCertificateFluentBuilder
Constructs a fluent builder for the GetSigningCertificate
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
- On success, responds with
GetSigningCertificateOutput
with field(s):certificate(Option<String>)
:The signing certificate.
- On failure, responds with
SdkError<GetSigningCertificateError>
source§impl Client
impl Client
sourcepub fn get_ui_customization(&self) -> GetUICustomizationFluentBuilder
pub fn get_ui_customization(&self) -> GetUICustomizationFluentBuilder
Constructs a fluent builder for the GetUICustomization
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: falseThe client ID for the client app.
- On success, responds with
GetUiCustomizationOutput
with field(s):ui_customization(Option<UiCustomizationType>)
:The UI customization information.
- On failure, responds with
SdkError<GetUICustomizationError>
source§impl Client
impl Client
sourcepub fn get_user(&self) -> GetUserFluentBuilder
pub fn get_user(&self) -> GetUserFluentBuilder
Constructs a fluent builder for the GetUser
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA non-expired access token for the user whose information you want to query.
- On success, responds with
GetUserOutput
with field(s):username(String)
:The username of the user that you requested.
user_attributes(Vec::<AttributeType>)
:An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the
custom:
prefix to the attribute name.mfa_options(Option<Vec::<MfaOptionType>>)
:This response parameter is no longer supported. It provides information only about SMS MFA configurations. It doesn’t provide information about time-based one-time password (TOTP) software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.
preferred_mfa_setting(Option<String>)
:The user’s preferred MFA setting.
user_mfa_setting_list(Option<Vec::<String>>)
:The MFA options that are activated for the user. The possible values in this list are
SMS_MFA
andSOFTWARE_TOKEN_MFA
.
- On failure, responds with
SdkError<GetUserError>
source§impl Client
impl Client
sourcepub fn get_user_attribute_verification_code(
&self
) -> GetUserAttributeVerificationCodeFluentBuilder
pub fn get_user_attribute_verification_code( &self ) -> GetUserAttributeVerificationCodeFluentBuilder
Constructs a fluent builder for the GetUserAttributeVerificationCode
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA non-expired access token for the user whose attribute verification code you want to generate.
attribute_name(impl Into<String>)
/set_attribute_name(Option<String>)
:
required: trueThe attribute name returned by the server response to get the user attribute verification code.
client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the GetUserAttributeVerificationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your GetUserAttributeVerificationCode request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
GetUserAttributeVerificationCodeOutput
with field(s):code_delivery_details(Option<CodeDeliveryDetailsType>)
:The code delivery details returned by the server in response to the request to get the user attribute verification code.
- On failure, responds with
SdkError<GetUserAttributeVerificationCodeError>
source§impl Client
impl Client
sourcepub fn get_user_pool_mfa_config(&self) -> GetUserPoolMfaConfigFluentBuilder
pub fn get_user_pool_mfa_config(&self) -> GetUserPoolMfaConfigFluentBuilder
Constructs a fluent builder for the GetUserPoolMfaConfig
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
- On success, responds with
GetUserPoolMfaConfigOutput
with field(s):sms_mfa_configuration(Option<SmsMfaConfigType>)
:The SMS text message multi-factor authentication (MFA) configuration.
software_token_mfa_configuration(Option<SoftwareTokenMfaConfigType>)
:The software token multi-factor authentication (MFA) configuration.
mfa_configuration(Option<UserPoolMfaType>)
:The multi-factor authentication (MFA) configuration. Valid values include:
-
OFF
MFA won’t be used for any users. -
ON
MFA is required for all users to sign in. -
OPTIONAL
MFA will be required only for individual users who have an MFA factor activated.
-
- On failure, responds with
SdkError<GetUserPoolMfaConfigError>
source§impl Client
impl Client
sourcepub fn global_sign_out(&self) -> GlobalSignOutFluentBuilder
pub fn global_sign_out(&self) -> GlobalSignOutFluentBuilder
Constructs a fluent builder for the GlobalSignOut
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user who you want to sign out.
- On success, responds with
GlobalSignOutOutput
- On failure, responds with
SdkError<GlobalSignOutError>
source§impl Client
impl Client
sourcepub fn initiate_auth(&self) -> InitiateAuthFluentBuilder
pub fn initiate_auth(&self) -> InitiateAuthFluentBuilder
Constructs a fluent builder for the InitiateAuth
operation.
- The fluent builder is configurable:
auth_flow(AuthFlowType)
/set_auth_flow(Option<AuthFlowType>)
:
required: trueThe authentication flow for this call to run. The API action will depend on this value. For example:
-
REFRESH_TOKEN_AUTH
takes in a valid refresh token and returns new tokens. -
USER_SRP_AUTH
takes inUSERNAME
andSRP_A
and returns the SRP variables to be used for next challenge execution. -
USER_PASSWORD_AUTH
takes inUSERNAME
andPASSWORD
and returns the next challenge or tokens.
Valid values include:
-
USER_SRP_AUTH
: Authentication flow for the Secure Remote Password (SRP) protocol. -
REFRESH_TOKEN_AUTH
/REFRESH_TOKEN
: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token. -
CUSTOM_AUTH
: Custom authentication flow. -
USER_PASSWORD_AUTH
: Non-SRP authentication flow; user name and password are passed directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambda if it doesn’t find the user name in the user pool.
ADMIN_NO_SRP_AUTH
isn’t a valid value.-
auth_parameters(impl Into<String>, impl Into<String>)
/set_auth_parameters(Option<HashMap::<String, String>>)
:
required: falseThe authentication parameters. These are inputs corresponding to the
AuthFlow
that you’re invoking. The required values depend on the value ofAuthFlow
:-
For
USER_SRP_AUTH
:USERNAME
(required),SRP_A
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. -
For
USER_PASSWORD_AUTH
:USERNAME
(required),PASSWORD
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. -
For
REFRESH_TOKEN_AUTH/REFRESH_TOKEN
:REFRESH_TOKEN
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. -
For
CUSTOM_AUTH
:USERNAME
(required),SECRET_HASH
(if app client is configured with client secret),DEVICE_KEY
. To start the authentication flow with password verification, includeChallengeName: SRP_A
andSRP_A: (The SRP_A Value)
.
For more information about
SECRET_HASH
, see Computing secret hash values. For information aboutDEVICE_KEY
, see Working with user devices in your user pool.-
client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
-
Pre signup
-
Pre authentication
-
User migration
When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a
validationData
attribute, which provides the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function code in Lambda, you can process thevalidationData
value to enhance your workflow for your specific needs.When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn’t provide the ClientMetadata value as input:
-
Post authentication
-
Custom message
-
Pre token generation
-
Create auth challenge
-
Define auth challenge
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe app client ID.
analytics_metadata(AnalyticsMetadataType)
/set_analytics_metadata(Option<AnalyticsMetadataType>)
:
required: falseThe Amazon Pinpoint analytics metadata that contributes to your metrics for
InitiateAuth
calls.user_context_data(UserContextDataType)
/set_user_context_data(Option<UserContextDataType>)
:
required: falseContextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
- On success, responds with
InitiateAuthOutput
with field(s):challenge_name(Option<ChallengeNameType>)
:The name of the challenge that you’re responding to with this call. This name is returned in the
InitiateAuth
response if you must pass another challenge.Valid values include the following:
All of the following challenges require
USERNAME
andSECRET_HASH
(if applicable) in the parameters.-
SMS_MFA
: Next challenge is to supply anSMS_MFA_CODE
, delivered via SMS. -
PASSWORD_VERIFIER
: Next challenge is to supplyPASSWORD_CLAIM_SIGNATURE
,PASSWORD_CLAIM_SECRET_BLOCK
, andTIMESTAMP
after the client-side SRP calculations. -
CUSTOM_CHALLENGE
: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. -
DEVICE_SRP_AUTH
: If device tracking was activated on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device. -
DEVICE_PASSWORD_VERIFIER
: Similar toPASSWORD_VERIFIER
, but for devices only. -
NEW_PASSWORD_REQUIRED
: For users who are required to change their passwords after successful first login.Respond to this challenge with
NEW_PASSWORD
and any required attributes that Amazon Cognito returned in therequiredAttributes
parameter. You can also set values for attributes that aren’t required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.In a
NEW_PASSWORD_REQUIRED
challenge response, you can’t modify a required attribute that already has a value. InRespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in therequiredAttributes
parameter, then use theUpdateUserAttributes
API operation to modify the value of any additional attributes. -
MFA_SETUP
: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parametersMFAS_CAN_SETUP
value.To set up software token MFA, use the session returned here from
InitiateAuth
as an input toAssociateSoftwareToken
. Use the session returned byVerifySoftwareToken
as an input toRespondToAuthChallenge
with challenge nameMFA_SETUP
to complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user should callInitiateAuth
again to restart sign-in.
-
session(Option<String>)
:The session that should pass both ways in challenge-response calls to the service. If the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next
RespondToAuthChallenge
API call.challenge_parameters(Option<HashMap::<String, String>>)
:The challenge parameters. These are returned in the
InitiateAuth
response if you must pass another challenge. The responses in this parameter should be used to compute inputs to the next call (RespondToAuthChallenge
).All challenges require
USERNAME
andSECRET_HASH
(if applicable).authentication_result(Option<AuthenticationResultType>)
:The result of the authentication response. This result is only returned if the caller doesn’t need to pass another challenge. If the caller does need to pass another challenge before it gets tokens,
ChallengeName
,ChallengeParameters
, andSession
are returned.
- On failure, responds with
SdkError<InitiateAuthError>
source§impl Client
impl Client
sourcepub fn list_devices(&self) -> ListDevicesFluentBuilder
pub fn list_devices(&self) -> ListDevicesFluentBuilder
Constructs a fluent builder for the ListDevices
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose list of devices you want to view.
limit(i32)
/set_limit(Option<i32>)
:
required: falseThe limit of the device request.
pagination_token(impl Into<String>)
/set_pagination_token(Option<String>)
:
required: falseThis API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
- On success, responds with
ListDevicesOutput
with field(s):devices(Option<Vec::<DeviceType>>)
:The devices returned in the list devices response.
pagination_token(Option<String>)
:The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
- On failure, responds with
SdkError<ListDevicesError>
source§impl Client
impl Client
sourcepub fn list_groups(&self) -> ListGroupsFluentBuilder
pub fn list_groups(&self) -> ListGroupsFluentBuilder
Constructs a fluent builder for the ListGroups
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
limit(i32)
/set_limit(Option<i32>)
:
required: falseThe limit of the request to list groups.
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseAn identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
- On success, responds with
ListGroupsOutput
with field(s):groups(Option<Vec::<GroupType>>)
:The group objects for the groups.
next_token(Option<String>)
:An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
- On failure, responds with
SdkError<ListGroupsError>
source§impl Client
impl Client
sourcepub fn list_identity_providers(&self) -> ListIdentityProvidersFluentBuilder
pub fn list_identity_providers(&self) -> ListIdentityProvidersFluentBuilder
Constructs a fluent builder for the ListIdentityProviders
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
max_results(i32)
/set_max_results(Option<i32>)
:
required: falseThe maximum number of IdPs to return.
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseA pagination token.
- On success, responds with
ListIdentityProvidersOutput
with field(s):providers(Vec::<ProviderDescription>)
:A list of IdP objects.
next_token(Option<String>)
:A pagination token.
- On failure, responds with
SdkError<ListIdentityProvidersError>
source§impl Client
impl Client
sourcepub fn list_resource_servers(&self) -> ListResourceServersFluentBuilder
pub fn list_resource_servers(&self) -> ListResourceServersFluentBuilder
Constructs a fluent builder for the ListResourceServers
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
max_results(i32)
/set_max_results(Option<i32>)
:
required: falseThe maximum number of resource servers to return.
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseA pagination token.
- On success, responds with
ListResourceServersOutput
with field(s):resource_servers(Vec::<ResourceServerType>)
:The resource servers.
next_token(Option<String>)
:A pagination token.
- On failure, responds with
SdkError<ListResourceServersError>
source§impl Client
impl Client
Constructs a fluent builder for the ListTagsForResource
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the user pool that the tags are assigned to.
- On success, responds with
ListTagsForResourceOutput
with field(s):tags(Option<HashMap::<String, String>>)
:The tags that are assigned to the user pool.
- On failure, responds with
SdkError<ListTagsForResourceError>
source§impl Client
impl Client
sourcepub fn list_user_import_jobs(&self) -> ListUserImportJobsFluentBuilder
pub fn list_user_import_jobs(&self) -> ListUserImportJobsFluentBuilder
Constructs a fluent builder for the ListUserImportJobs
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool that the users are being imported into.
max_results(i32)
/set_max_results(Option<i32>)
:
required: trueThe maximum number of import jobs you want the request to return.
pagination_token(impl Into<String>)
/set_pagination_token(Option<String>)
:
required: falseThis API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
- On success, responds with
ListUserImportJobsOutput
with field(s):user_import_jobs(Option<Vec::<UserImportJobType>>)
:The user import jobs.
pagination_token(Option<String>)
:The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
- On failure, responds with
SdkError<ListUserImportJobsError>
source§impl Client
impl Client
sourcepub fn list_user_pool_clients(&self) -> ListUserPoolClientsFluentBuilder
pub fn list_user_pool_clients(&self) -> ListUserPoolClientsFluentBuilder
Constructs a fluent builder for the ListUserPoolClients
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to list user pool clients.
max_results(i32)
/set_max_results(Option<i32>)
:
required: falseThe maximum number of results you want the request to return when listing the user pool clients.
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseAn identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
- On success, responds with
ListUserPoolClientsOutput
with field(s):user_pool_clients(Option<Vec::<UserPoolClientDescription>>)
:The user pool clients in the response that lists user pool clients.
next_token(Option<String>)
:An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
- On failure, responds with
SdkError<ListUserPoolClientsError>
source§impl Client
impl Client
sourcepub fn list_user_pools(&self) -> ListUserPoolsFluentBuilder
pub fn list_user_pools(&self) -> ListUserPoolsFluentBuilder
Constructs a fluent builder for the ListUserPools
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseAn identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
max_results(i32)
/set_max_results(Option<i32>)
:
required: trueThe maximum number of results you want the request to return when listing the user pools.
- On success, responds with
ListUserPoolsOutput
with field(s):user_pools(Option<Vec::<UserPoolDescriptionType>>)
:The user pools from the response to list users.
next_token(Option<String>)
:An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
- On failure, responds with
SdkError<ListUserPoolsError>
source§impl Client
impl Client
sourcepub fn list_users(&self) -> ListUsersFluentBuilder
pub fn list_users(&self) -> ListUsersFluentBuilder
Constructs a fluent builder for the ListUsers
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool on which the search should be performed.
attributes_to_get(impl Into<String>)
/set_attributes_to_get(Option<Vec::<String>>)
:
required: falseA JSON array of user attribute names, for example
given_name
, that you want Amazon Cognito to include in the response for each user. When you don’t provide anAttributesToGet
parameter, Amazon Cognito returns all attributes for each user.Use
AttributesToGet
with required attributes in your user pool, or in conjunction withFilter
. Amazon Cognito returns an error if not all users in the results have set a value for the attribute you request. Attributes that you can’t filter on, including custom attributes, must have a value set in every user profile before anAttributesToGet
parameter returns results.limit(i32)
/set_limit(Option<i32>)
:
required: falseMaximum number of users to be returned.
pagination_token(impl Into<String>)
/set_pagination_token(Option<String>)
:
required: falseThis API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.
filter(impl Into<String>)
/set_filter(Option<String>)
:
required: falseA filter string of the form “AttributeName Filter-Type “AttributeValue”“. Quotation marks within the filter string must be escaped using the backslash (
</code>) character. For example,
“family_name = "Reddy"”
.-
AttributeName: The name of the attribute to search for. You can only search for one attribute at a time.
-
Filter-Type: For an exact match, use
=
, for example, “given_name = "Jon"
”. For a prefix (“starts with”) match, use^=
, for example, “given_name ^= "Jon"
”. -
AttributeValue: The attribute value that must be matched for each user.
If the filter string is empty,
ListUsers
returns all users in the user pool.You can only search for the following standard attributes:
-
username
(case-sensitive) -
email
-
phone_number
-
name
-
given_name
-
family_name
-
preferred_username
-
cognito:user_status
(called Status in the Console) (case-insensitive) -
status (called Enabled in the Console) (case-sensitive)
-
sub
Custom attributes aren’t searchable.
You can also list users with a client-side filter. The server-side filter matches no more than one attribute. For an advanced search, use a client-side filter with the
–query
parameter of thelist-users
action in the CLI. When you use a client-side filter, ListUsers returns a paginated list of zero or more users. You can receive multiple pages in a row with zero results. Repeat the query with each pagination token that is returned until you receive a null pagination token value, and then review the combined result.For more information about server-side and client-side filtering, see FilteringCLI output in the Command Line Interface User Guide.
For more information, see Searching for Users Using the ListUsers API and Examples of Using the ListUsers API in the Amazon Cognito Developer Guide.
-
- On success, responds with
ListUsersOutput
with field(s):users(Option<Vec::<UserType>>)
:A list of the user pool users, and their attributes, that match your query.
Amazon Cognito creates a profile in your user pool for each native user in your user pool, and each unique user ID from your third-party identity providers (IdPs). When you link users with the AdminLinkProviderForUser API operation, the output of
ListUsers
displays both the IdP user and the native user that you linked. You can identify IdP users in theUsers
object of this API response by the IdP prefix that Amazon Cognito appends toUsername
.pagination_token(Option<String>)
:The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.
- On failure, responds with
SdkError<ListUsersError>
source§impl Client
impl Client
sourcepub fn list_users_in_group(&self) -> ListUsersInGroupFluentBuilder
pub fn list_users_in_group(&self) -> ListUsersInGroupFluentBuilder
Constructs a fluent builder for the ListUsersInGroup
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
group_name(impl Into<String>)
/set_group_name(Option<String>)
:
required: trueThe name of the group.
limit(i32)
/set_limit(Option<i32>)
:
required: falseThe maximum number of users that you want to retrieve before pagination.
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseAn identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
- On success, responds with
ListUsersInGroupOutput
with field(s):users(Option<Vec::<UserType>>)
:A list of users in the group, and their attributes.
next_token(Option<String>)
:An identifier that you can use in a later request to return the next set of items in the list.
- On failure, responds with
SdkError<ListUsersInGroupError>
source§impl Client
impl Client
sourcepub fn resend_confirmation_code(&self) -> ResendConfirmationCodeFluentBuilder
pub fn resend_confirmation_code(&self) -> ResendConfirmationCodeFluentBuilder
Constructs a fluent builder for the ResendConfirmationCode
operation.
- The fluent builder is configurable:
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe ID of the client associated with the user pool.
secret_hash(impl Into<String>)
/set_secret_hash(Option<String>)
:
required: falseA keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
user_context_data(UserContextDataType)
/set_user_context_data(Option<UserContextDataType>)
:
required: falseContextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.analytics_metadata(AnalyticsMetadataType)
/set_analytics_metadata(Option<AnalyticsMetadataType>)
:
required: falseThe Amazon Pinpoint analytics metadata that contributes to your metrics for
ResendConfirmationCode
calls.client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ResendConfirmationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your ResendConfirmationCode request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
ResendConfirmationCodeOutput
with field(s):code_delivery_details(Option<CodeDeliveryDetailsType>)
:The code delivery details returned by the server in response to the request to resend the confirmation code.
- On failure, responds with
SdkError<ResendConfirmationCodeError>
source§impl Client
impl Client
sourcepub fn respond_to_auth_challenge(&self) -> RespondToAuthChallengeFluentBuilder
pub fn respond_to_auth_challenge(&self) -> RespondToAuthChallengeFluentBuilder
Constructs a fluent builder for the RespondToAuthChallenge
operation.
- The fluent builder is configurable:
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe app client ID.
challenge_name(ChallengeNameType)
/set_challenge_name(Option<ChallengeNameType>)
:
required: trueThe challenge name. For more information, see InitiateAuth.
ADMIN_NO_SRP_AUTH
isn’t a valid value.session(impl Into<String>)
/set_session(Option<String>)
:
required: falseThe session that should be passed both ways in challenge-response calls to the service. If
InitiateAuth
orRespondToAuthChallenge
API call determines that the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the nextRespondToAuthChallenge
API call.challenge_responses(impl Into<String>, impl Into<String>)
/set_challenge_responses(Option<HashMap::<String, String>>)
:
required: falseThe responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.
You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret.
- SMS_MFA
-
“ChallengeName”: “SMS_MFA”, “ChallengeResponses”: {“SMS_MFA_CODE”: “[SMS_code]”, “USERNAME”: “[username]”}
- PASSWORD_VERIFIER
-
“ChallengeName”: “PASSWORD_VERIFIER”, “ChallengeResponses”: {“PASSWORD_CLAIM_SIGNATURE”: “[claim_signature]”, “PASSWORD_CLAIM_SECRET_BLOCK”: “[secret_block]”, “TIMESTAMP”: [timestamp], “USERNAME”: “[username]”}
Add
“DEVICE_KEY”
when you sign in with a remembered device. - CUSTOM_CHALLENGE
-
“ChallengeName”: “CUSTOM_CHALLENGE”, “ChallengeResponses”: {“USERNAME”: “[username]”, “ANSWER”: “[challenge_answer]”}
Add
“DEVICE_KEY”
when you sign in with a remembered device. - NEW_PASSWORD_REQUIRED
-
“ChallengeName”: “NEW_PASSWORD_REQUIRED”, “ChallengeResponses”: {“NEW_PASSWORD”: “[new_password]”, “USERNAME”: “[username]”}
To set any required attributes that
InitiateAuth
returned in anrequiredAttributes
parameter, add“userAttributes.[attribute_name]”: “[attribute_value]”
. This parameter can also set values for writable attributes that aren’t required by your user pool.In a
NEW_PASSWORD_REQUIRED
challenge response, you can’t modify a required attribute that already has a value. InRespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in therequiredAttributes
parameter, then use theUpdateUserAttributes
API operation to modify the value of any additional attributes. - SOFTWARE_TOKEN_MFA
-
“ChallengeName”: “SOFTWARE_TOKEN_MFA”, “ChallengeResponses”: {“USERNAME”: “[username]”, “SOFTWARE_TOKEN_MFA_CODE”: [authenticator_code]}
- DEVICE_SRP_AUTH
-
“ChallengeName”: “DEVICE_SRP_AUTH”, “ChallengeResponses”: {“USERNAME”: “[username]”, “DEVICE_KEY”: “[device_key]”, “SRP_A”: “[srp_a]”}
- DEVICE_PASSWORD_VERIFIER
-
“ChallengeName”: “DEVICE_PASSWORD_VERIFIER”, “ChallengeResponses”: {“DEVICE_KEY”: “[device_key]”, “PASSWORD_CLAIM_SIGNATURE”: “[claim_signature]”, “PASSWORD_CLAIM_SECRET_BLOCK”: “[secret_block]”, “TIMESTAMP”: [timestamp], “USERNAME”: “[username]”}
- MFA_SETUP
-
“ChallengeName”: “MFA_SETUP”, “ChallengeResponses”: {“USERNAME”: “[username]”}, “SESSION”: “[Session ID from VerifySoftwareToken]”
- SELECT_MFA_TYPE
-
“ChallengeName”: “SELECT_MFA_TYPE”, “ChallengeResponses”: {“USERNAME”: “[username]”, “ANSWER”: “[SMS_MFA or SOFTWARE_TOKEN_MFA]”}
For more information about
SECRET_HASH
, see Computing secret hash values. For information aboutDEVICE_KEY
, see Working with user devices in your user pool.analytics_metadata(AnalyticsMetadataType)
/set_analytics_metadata(Option<AnalyticsMetadataType>)
:
required: falseThe Amazon Pinpoint analytics metadata that contributes to your metrics for
RespondToAuthChallenge
calls.user_context_data(UserContextDataType)
/set_user_context_data(Option<UserContextDataType>)
:
required: falseContextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: post authentication, pre token generation, define auth challenge, create auth challenge, and verify auth challenge. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
RespondToAuthChallengeOutput
with field(s):challenge_name(Option<ChallengeNameType>)
:The challenge name. For more information, see InitiateAuth.
session(Option<String>)
:The session that should be passed both ways in challenge-response calls to the service. If the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next
RespondToAuthChallenge
API call.challenge_parameters(Option<HashMap::<String, String>>)
:The challenge parameters. For more information, see InitiateAuth.
authentication_result(Option<AuthenticationResultType>)
:The result returned by the server in response to the request to respond to the authentication challenge.
- On failure, responds with
SdkError<RespondToAuthChallengeError>
source§impl Client
impl Client
sourcepub fn revoke_token(&self) -> RevokeTokenFluentBuilder
pub fn revoke_token(&self) -> RevokeTokenFluentBuilder
Constructs a fluent builder for the RevokeToken
operation.
- The fluent builder is configurable:
token(impl Into<String>)
/set_token(Option<String>)
:
required: trueThe refresh token that you want to revoke.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe client ID for the token that you want to revoke.
client_secret(impl Into<String>)
/set_client_secret(Option<String>)
:
required: falseThe secret for the client ID. This is required only if the client ID has a secret.
- On success, responds with
RevokeTokenOutput
- On failure, responds with
SdkError<RevokeTokenError>
source§impl Client
impl Client
sourcepub fn set_log_delivery_configuration(
&self
) -> SetLogDeliveryConfigurationFluentBuilder
pub fn set_log_delivery_configuration( &self ) -> SetLogDeliveryConfigurationFluentBuilder
Constructs a fluent builder for the SetLogDeliveryConfiguration
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe ID of the user pool where you want to configure detailed activity logging .
log_configurations(LogConfigurationType)
/set_log_configurations(Option<Vec::<LogConfigurationType>>)
:
required: trueA collection of all of the detailed activity logging configurations for a user pool.
- On success, responds with
SetLogDeliveryConfigurationOutput
with field(s):log_delivery_configuration(Option<LogDeliveryConfigurationType>)
:The detailed activity logging configuration that you applied to the requested user pool.
- On failure, responds with
SdkError<SetLogDeliveryConfigurationError>
source§impl Client
impl Client
sourcepub fn set_risk_configuration(&self) -> SetRiskConfigurationFluentBuilder
pub fn set_risk_configuration(&self) -> SetRiskConfigurationFluentBuilder
Constructs a fluent builder for the SetRiskConfiguration
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: falseThe app client ID. If
ClientId
is null, then the risk configuration is mapped touserPoolId
. When the client ID is null, the same risk configuration is applied to all the clients in the userPool.Otherwise,
ClientId
is mapped to the client. When the client ID isn’t null, the user pool configuration is overridden and the risk configuration for the client is used instead.compromised_credentials_risk_configuration(CompromisedCredentialsRiskConfigurationType)
/set_compromised_credentials_risk_configuration(Option<CompromisedCredentialsRiskConfigurationType>)
:
required: falseThe compromised credentials risk configuration.
account_takeover_risk_configuration(AccountTakeoverRiskConfigurationType)
/set_account_takeover_risk_configuration(Option<AccountTakeoverRiskConfigurationType>)
:
required: falseThe account takeover risk configuration.
risk_exception_configuration(RiskExceptionConfigurationType)
/set_risk_exception_configuration(Option<RiskExceptionConfigurationType>)
:
required: falseThe configuration to override the risk decision.
- On success, responds with
SetRiskConfigurationOutput
with field(s):risk_configuration(Option<RiskConfigurationType>)
:The risk configuration.
- On failure, responds with
SdkError<SetRiskConfigurationError>
source§impl Client
impl Client
sourcepub fn set_ui_customization(&self) -> SetUICustomizationFluentBuilder
pub fn set_ui_customization(&self) -> SetUICustomizationFluentBuilder
Constructs a fluent builder for the SetUICustomization
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: falseThe client ID for the client app.
css(impl Into<String>)
/set_css(Option<String>)
:
required: falseThe CSS values in the UI customization.
image_file(Blob)
/set_image_file(Option<Blob>)
:
required: falseThe uploaded logo image for the UI customization.
- On success, responds with
SetUiCustomizationOutput
with field(s):ui_customization(Option<UiCustomizationType>)
:The UI customization information.
- On failure, responds with
SdkError<SetUICustomizationError>
source§impl Client
impl Client
sourcepub fn set_user_mfa_preference(&self) -> SetUserMFAPreferenceFluentBuilder
pub fn set_user_mfa_preference(&self) -> SetUserMFAPreferenceFluentBuilder
Constructs a fluent builder for the SetUserMFAPreference
operation.
- The fluent builder is configurable:
sms_mfa_settings(SmsMfaSettingsType)
/set_sms_mfa_settings(Option<SmsMfaSettingsType>)
:
required: falseThe SMS text message multi-factor authentication (MFA) settings.
software_token_mfa_settings(SoftwareTokenMfaSettingsType)
/set_software_token_mfa_settings(Option<SoftwareTokenMfaSettingsType>)
:
required: falseThe time-based one-time password (TOTP) software token MFA settings.
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose MFA preference you want to set.
- On success, responds with
SetUserMfaPreferenceOutput
- On failure, responds with
SdkError<SetUserMFAPreferenceError>
source§impl Client
impl Client
sourcepub fn set_user_pool_mfa_config(&self) -> SetUserPoolMfaConfigFluentBuilder
pub fn set_user_pool_mfa_config(&self) -> SetUserPoolMfaConfigFluentBuilder
Constructs a fluent builder for the SetUserPoolMfaConfig
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
sms_mfa_configuration(SmsMfaConfigType)
/set_sms_mfa_configuration(Option<SmsMfaConfigType>)
:
required: falseThe SMS text message MFA configuration.
software_token_mfa_configuration(SoftwareTokenMfaConfigType)
/set_software_token_mfa_configuration(Option<SoftwareTokenMfaConfigType>)
:
required: falseThe software token MFA configuration.
mfa_configuration(UserPoolMfaType)
/set_mfa_configuration(Option<UserPoolMfaType>)
:
required: falseThe MFA configuration. If you set the MfaConfiguration value to ‘ON’, only users who have set up an MFA factor can sign in. To learn more, see Adding Multi-Factor Authentication (MFA) to a user pool. Valid values include:
-
OFF
MFA won’t be used for any users. -
ON
MFA is required for all users to sign in. -
OPTIONAL
MFA will be required only for individual users who have an MFA factor activated.
-
- On success, responds with
SetUserPoolMfaConfigOutput
with field(s):sms_mfa_configuration(Option<SmsMfaConfigType>)
:The SMS text message MFA configuration.
software_token_mfa_configuration(Option<SoftwareTokenMfaConfigType>)
:The software token MFA configuration.
mfa_configuration(Option<UserPoolMfaType>)
:The MFA configuration. Valid values include:
-
OFF
MFA won’t be used for any users. -
ON
MFA is required for all users to sign in. -
OPTIONAL
MFA will be required only for individual users who have an MFA factor enabled.
-
- On failure, responds with
SdkError<SetUserPoolMfaConfigError>
source§impl Client
impl Client
sourcepub fn set_user_settings(&self) -> SetUserSettingsFluentBuilder
pub fn set_user_settings(&self) -> SetUserSettingsFluentBuilder
Constructs a fluent builder for the SetUserSettings
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose user settings you want to configure.
mfa_options(MfaOptionType)
/set_mfa_options(Option<Vec::<MfaOptionType>>)
:
required: trueYou can use this parameter only to set an SMS configuration that uses SMS for delivery.
- On success, responds with
SetUserSettingsOutput
- On failure, responds with
SdkError<SetUserSettingsError>
source§impl Client
impl Client
sourcepub fn sign_up(&self) -> SignUpFluentBuilder
pub fn sign_up(&self) -> SignUpFluentBuilder
Constructs a fluent builder for the SignUp
operation.
- The fluent builder is configurable:
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe ID of the client associated with the user pool.
secret_hash(impl Into<String>)
/set_secret_hash(Option<String>)
:
required: falseA keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to sign up. The value of this parameter is typically a username, but can be any alias attribute in your user pool.
password(impl Into<String>)
/set_password(Option<String>)
:
required: trueThe password of the user you want to register.
user_attributes(AttributeType)
/set_user_attributes(Option<Vec::<AttributeType>>)
:
required: falseAn array of name-value pairs representing user attributes.
For custom attributes, you must prepend the
custom:
prefix to the attribute name.validation_data(AttributeType)
/set_validation_data(Option<Vec::<AttributeType>>)
:
required: falseTemporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don’t need to retain.
Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.
For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.
analytics_metadata(AnalyticsMetadataType)
/set_analytics_metadata(Option<AnalyticsMetadataType>)
:
required: falseThe Amazon Pinpoint analytics metadata that contributes to your metrics for
SignUp
calls.user_context_data(UserContextDataType)
/set_user_context_data(Option<UserContextDataType>)
:
required: falseContextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the SignUp API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and post confirmation. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your SignUp request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
SignUpOutput
with field(s):user_confirmed(bool)
:A response from the server indicating that a user registration has been confirmed.
code_delivery_details(Option<CodeDeliveryDetailsType>)
:The code delivery details returned by the server response to the user registration request.
user_sub(String)
:The UUID of the authenticated user. This isn’t the same as
username
.
- On failure, responds with
SdkError<SignUpError>
source§impl Client
impl Client
sourcepub fn start_user_import_job(&self) -> StartUserImportJobFluentBuilder
pub fn start_user_import_job(&self) -> StartUserImportJobFluentBuilder
Constructs a fluent builder for the StartUserImportJob
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool that the users are being imported into.
job_id(impl Into<String>)
/set_job_id(Option<String>)
:
required: trueThe job ID for the user import job.
- On success, responds with
StartUserImportJobOutput
with field(s):user_import_job(Option<UserImportJobType>)
:The job object that represents the user import job.
- On failure, responds with
SdkError<StartUserImportJobError>
source§impl Client
impl Client
sourcepub fn stop_user_import_job(&self) -> StopUserImportJobFluentBuilder
pub fn stop_user_import_job(&self) -> StopUserImportJobFluentBuilder
Constructs a fluent builder for the StopUserImportJob
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool that the users are being imported into.
job_id(impl Into<String>)
/set_job_id(Option<String>)
:
required: trueThe job ID for the user import job.
- On success, responds with
StopUserImportJobOutput
with field(s):user_import_job(Option<UserImportJobType>)
:The job object that represents the user import job.
- On failure, responds with
SdkError<StopUserImportJobError>
source§impl Client
impl Client
sourcepub fn tag_resource(&self) -> TagResourceFluentBuilder
pub fn tag_resource(&self) -> TagResourceFluentBuilder
Constructs a fluent builder for the TagResource
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the user pool to assign the tags to.
tags(impl Into<String>, impl Into<String>)
/set_tags(Option<HashMap::<String, String>>)
:
required: trueThe tags to assign to the user pool.
- On success, responds with
TagResourceOutput
- On failure, responds with
SdkError<TagResourceError>
source§impl Client
impl Client
sourcepub fn untag_resource(&self) -> UntagResourceFluentBuilder
pub fn untag_resource(&self) -> UntagResourceFluentBuilder
Constructs a fluent builder for the UntagResource
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the user pool that the tags are assigned to.
tag_keys(impl Into<String>)
/set_tag_keys(Option<Vec::<String>>)
:
required: trueThe keys of the tags to remove from the user pool.
- On success, responds with
UntagResourceOutput
- On failure, responds with
SdkError<UntagResourceError>
source§impl Client
impl Client
sourcepub fn update_auth_event_feedback(&self) -> UpdateAuthEventFeedbackFluentBuilder
pub fn update_auth_event_feedback(&self) -> UpdateAuthEventFeedbackFluentBuilder
Constructs a fluent builder for the UpdateAuthEventFeedback
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
username(impl Into<String>)
/set_username(Option<String>)
:
required: trueThe username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If
username
isn’t an alias attribute in your user pool, this value must be thesub
of a local user or the username of a user from a third-party IdP.event_id(impl Into<String>)
/set_event_id(Option<String>)
:
required: trueThe event ID.
feedback_token(impl Into<String>)
/set_feedback_token(Option<String>)
:
required: trueThe feedback token.
feedback_value(FeedbackValueType)
/set_feedback_value(Option<FeedbackValueType>)
:
required: trueThe authentication event feedback value. When you provide a
FeedbackValue
value ofvalid
, you tell Amazon Cognito that you trust a user session where Amazon Cognito has evaluated some level of risk. When you provide aFeedbackValue
value ofinvalid
, you tell Amazon Cognito that you don’t trust a user session, or you don’t believe that Amazon Cognito evaluated a high-enough risk level.
- On success, responds with
UpdateAuthEventFeedbackOutput
- On failure, responds with
SdkError<UpdateAuthEventFeedbackError>
source§impl Client
impl Client
sourcepub fn update_device_status(&self) -> UpdateDeviceStatusFluentBuilder
pub fn update_device_status(&self) -> UpdateDeviceStatusFluentBuilder
Constructs a fluent builder for the UpdateDeviceStatus
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose device status you want to update.
device_key(impl Into<String>)
/set_device_key(Option<String>)
:
required: trueThe device key.
device_remembered_status(DeviceRememberedStatusType)
/set_device_remembered_status(Option<DeviceRememberedStatusType>)
:
required: falseThe status of whether a device is remembered.
- On success, responds with
UpdateDeviceStatusOutput
- On failure, responds with
SdkError<UpdateDeviceStatusError>
source§impl Client
impl Client
sourcepub fn update_group(&self) -> UpdateGroupFluentBuilder
pub fn update_group(&self) -> UpdateGroupFluentBuilder
Constructs a fluent builder for the UpdateGroup
operation.
- The fluent builder is configurable:
group_name(impl Into<String>)
/set_group_name(Option<String>)
:
required: trueThe name of the group.
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
description(impl Into<String>)
/set_description(Option<String>)
:
required: falseA string containing the new description of the group.
role_arn(impl Into<String>)
/set_role_arn(Option<String>)
:
required: falseThe new role Amazon Resource Name (ARN) for the group. This is used for setting the
cognito:roles
andcognito:preferred_role
claims in the token.precedence(i32)
/set_precedence(Option<i32>)
:
required: falseThe new precedence value for the group. For more information about this parameter, see CreateGroup.
- On success, responds with
UpdateGroupOutput
with field(s):group(Option<GroupType>)
:The group object for the group.
- On failure, responds with
SdkError<UpdateGroupError>
source§impl Client
impl Client
sourcepub fn update_identity_provider(&self) -> UpdateIdentityProviderFluentBuilder
pub fn update_identity_provider(&self) -> UpdateIdentityProviderFluentBuilder
Constructs a fluent builder for the UpdateIdentityProvider
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID.
provider_name(impl Into<String>)
/set_provider_name(Option<String>)
:
required: trueThe IdP name.
provider_details(impl Into<String>, impl Into<String>)
/set_provider_details(Option<HashMap::<String, String>>)
:
required: falseThe scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP
authorize_scopes
values must match the values listed here.- OpenID Connect (OIDC)
-
Amazon Cognito accepts the following elements when it can’t discover endpoint URLs from
oidc_issuer
:attributes_url
,authorize_url
,jwks_uri
,token_url
.Create or update request:
“ProviderDetails”: { “attributes_request_method”: “GET”, “attributes_url”: “https://auth.example.com/userInfo”, “authorize_scopes”: “openid profile email”, “authorize_url”: “https://auth.example.com/authorize”, “client_id”: “1example23456789”, “client_secret”: “provider-app-client-secret”, “jwks_uri”: “https://auth.example.com/.well-known/jwks.json”, “oidc_issuer”: “https://auth.example.com”, “token_url”: “https://example.com/token” }
Describe response:
“ProviderDetails”: { “attributes_request_method”: “GET”, “attributes_url”: “https://auth.example.com/userInfo”, “attributes_url_add_attributes”: “false”, “authorize_scopes”: “openid profile email”, “authorize_url”: “https://auth.example.com/authorize”, “client_id”: “1example23456789”, “client_secret”: “provider-app-client-secret”, “jwks_uri”: “https://auth.example.com/.well-known/jwks.json”, “oidc_issuer”: “https://auth.example.com”, “token_url”: “https://example.com/token” }
- SAML
-
Create or update request with Metadata URL:
“ProviderDetails”: { “IDPInit”: “true”, “IDPSignout”: “true”, “EncryptedResponses” : “true”, “MetadataURL”: “https://auth.example.com/sso/saml/metadata”, “RequestSigningAlgorithm”: “rsa-sha256” }
Create or update request with Metadata file:
“ProviderDetails”: { “IDPInit”: “true”, “IDPSignout”: “true”, “EncryptedResponses” : “true”, “MetadataFile”: “[metadata XML]”, “RequestSigningAlgorithm”: “rsa-sha256” }
The value of
MetadataFile
must be the plaintext metadata document with all quote (“) characters escaped by backslashes.Describe response:
“ProviderDetails”: { “IDPInit”: “true”, “IDPSignout”: “true”, “EncryptedResponses” : “true”, “ActiveEncryptionCertificate”: “[certificate]”, “MetadataURL”: “https://auth.example.com/sso/saml/metadata”, “RequestSigningAlgorithm”: “rsa-sha256”, “SLORedirectBindingURI”: “https://auth.example.com/slo/saml”, “SSORedirectBindingURI”: “https://auth.example.com/sso/saml” }
- LoginWithAmazon
-
Create or update request:
“ProviderDetails”: { “authorize_scopes”: “profile postal_code”, “client_id”: “amzn1.application-oa2-client.1example23456789”, “client_secret”: “provider-app-client-secret”
Describe response:
“ProviderDetails”: { “attributes_url”: “https://api.amazon.com/user/profile”, “attributes_url_add_attributes”: “false”, “authorize_scopes”: “profile postal_code”, “authorize_url”: “https://www.amazon.com/ap/oa”, “client_id”: “amzn1.application-oa2-client.1example23456789”, “client_secret”: “provider-app-client-secret”, “token_request_method”: “POST”, “token_url”: “https://api.amazon.com/auth/o2/token” }
-
Create or update request:
“ProviderDetails”: { “authorize_scopes”: “email profile openid”, “client_id”: “1example23456789.apps.googleusercontent.com”, “client_secret”: “provider-app-client-secret” }
Describe response:
“ProviderDetails”: { “attributes_url”: “https://people.googleapis.com/v1/people/me?personFields=”, “attributes_url_add_attributes”: “true”, “authorize_scopes”: “email profile openid”, “authorize_url”: “https://accounts.google.com/o/oauth2/v2/auth”, “client_id”: “1example23456789.apps.googleusercontent.com”, “client_secret”: “provider-app-client-secret”, “oidc_issuer”: “https://accounts.google.com”, “token_request_method”: “POST”, “token_url”: “https://www.googleapis.com/oauth2/v4/token” }
- SignInWithApple
-
Create or update request:
“ProviderDetails”: { “authorize_scopes”: “email name”, “client_id”: “com.example.cognito”, “private_key”: “1EXAMPLE”, “key_id”: “2EXAMPLE”, “team_id”: “3EXAMPLE” }
Describe response:
“ProviderDetails”: { “attributes_url_add_attributes”: “false”, “authorize_scopes”: “email name”, “authorize_url”: “https://appleid.apple.com/auth/authorize”, “client_id”: “com.example.cognito”, “key_id”: “1EXAMPLE”, “oidc_issuer”: “https://appleid.apple.com”, “team_id”: “2EXAMPLE”, “token_request_method”: “POST”, “token_url”: “https://appleid.apple.com/auth/token” }
-
Create or update request:
“ProviderDetails”: { “api_version”: “v17.0”, “authorize_scopes”: “public_profile, email”, “client_id”: “1example23456789”, “client_secret”: “provider-app-client-secret” }
Describe response:
“ProviderDetails”: { “api_version”: “v17.0”, “attributes_url”: “https://graph.facebook.com/v17.0/me?fields=”, “attributes_url_add_attributes”: “true”, “authorize_scopes”: “public_profile, email”, “authorize_url”: “https://www.facebook.com/v17.0/dialog/oauth”, “client_id”: “1example23456789”, “client_secret”: “provider-app-client-secret”, “token_request_method”: “GET”, “token_url”: “https://graph.facebook.com/v17.0/oauth/access_token” }
attribute_mapping(impl Into<String>, impl Into<String>)
/set_attribute_mapping(Option<HashMap::<String, String>>)
:
required: falseThe IdP attribute mapping to be changed.
idp_identifiers(impl Into<String>)
/set_idp_identifiers(Option<Vec::<String>>)
:
required: falseA list of IdP identifiers.
- On success, responds with
UpdateIdentityProviderOutput
with field(s):identity_provider(Option<IdentityProviderType>)
:The identity provider details.
- On failure, responds with
SdkError<UpdateIdentityProviderError>
source§impl Client
impl Client
sourcepub fn update_resource_server(&self) -> UpdateResourceServerFluentBuilder
pub fn update_resource_server(&self) -> UpdateResourceServerFluentBuilder
Constructs a fluent builder for the UpdateResourceServer
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool.
identifier(impl Into<String>)
/set_identifier(Option<String>)
:
required: trueA unique resource server identifier for the resource server. The identifier can be an API friendly name like
solar-system-data
. You can also set an API URL likehttps://solar-system-data-api.example.com
as your identifier.Amazon Cognito represents scopes in the access token in the format
$resource-server-identifier/$scope
. Longer scope-identifier strings increase the size of your access tokens.name(impl Into<String>)
/set_name(Option<String>)
:
required: trueThe name of the resource server.
scopes(ResourceServerScopeType)
/set_scopes(Option<Vec::<ResourceServerScopeType>>)
:
required: falseThe scope values to be set for the resource server.
- On success, responds with
UpdateResourceServerOutput
with field(s):resource_server(Option<ResourceServerType>)
:The resource server.
- On failure, responds with
SdkError<UpdateResourceServerError>
source§impl Client
impl Client
sourcepub fn update_user_attributes(&self) -> UpdateUserAttributesFluentBuilder
pub fn update_user_attributes(&self) -> UpdateUserAttributesFluentBuilder
Constructs a fluent builder for the UpdateUserAttributes
operation.
- The fluent builder is configurable:
user_attributes(AttributeType)
/set_user_attributes(Option<Vec::<AttributeType>>)
:
required: trueAn array of name-value pairs representing user attributes.
For custom attributes, you must prepend the
custom:
prefix to the attribute name.If you have set an attribute to require verification before Amazon Cognito updates its value, this request doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose user attributes you want to update.
client_metadata(impl Into<String>, impl Into<String>)
/set_client_metadata(Option<HashMap::<String, String>>)
:
required: falseA map of custom key-value pairs that you can provide as input for any custom workflows that this action initiates.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the UpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to the ClientMetadata parameter in your UpdateUserAttributes request. In your function code in Lambda, you can process theclientMetadata
value to enhance your workflow for your specific needs.For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won’t do the following:
-
Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn’t include triggers, the ClientMetadata parameter serves no purpose.
-
Validate the ClientMetadata value.
-
Encrypt the ClientMetadata value. Don’t use Amazon Cognito to provide sensitive information.
-
- On success, responds with
UpdateUserAttributesOutput
with field(s):code_delivery_details_list(Option<Vec::<CodeDeliveryDetailsType>>)
:The code delivery details list from the server for the request to update user attributes.
- On failure, responds with
SdkError<UpdateUserAttributesError>
source§impl Client
impl Client
sourcepub fn update_user_pool(&self) -> UpdateUserPoolFluentBuilder
pub fn update_user_pool(&self) -> UpdateUserPoolFluentBuilder
Constructs a fluent builder for the UpdateUserPool
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool you want to update.
policies(UserPoolPolicyType)
/set_policies(Option<UserPoolPolicyType>)
:
required: falseA container with the policies you want to update in a user pool.
deletion_protection(DeletionProtectionType)
/set_deletion_protection(Option<DeletionProtectionType>)
:
required: falseWhen active,
DeletionProtection
prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature.When you try to delete a protected user pool in a
DeleteUserPool
API request, Amazon Cognito returns anInvalidParameterException
error. To delete a protected user pool, send a newDeleteUserPool
request after you deactivate deletion protection in anUpdateUserPool
API request.lambda_config(LambdaConfigType)
/set_lambda_config(Option<LambdaConfigType>)
:
required: falseThe Lambda configuration information from the request to update the user pool.
auto_verified_attributes(VerifiedAttributeType)
/set_auto_verified_attributes(Option<Vec::<VerifiedAttributeType>>)
:
required: falseThe attributes that are automatically verified when Amazon Cognito requests to update user pools.
sms_verification_message(impl Into<String>)
/set_sms_verification_message(Option<String>)
:
required: falseThis parameter is no longer used. See VerificationMessageTemplateType.
email_verification_message(impl Into<String>)
/set_email_verification_message(Option<String>)
:
required: falseThis parameter is no longer used. See VerificationMessageTemplateType.
email_verification_subject(impl Into<String>)
/set_email_verification_subject(Option<String>)
:
required: falseThis parameter is no longer used. See VerificationMessageTemplateType.
verification_message_template(VerificationMessageTemplateType)
/set_verification_message_template(Option<VerificationMessageTemplateType>)
:
required: falseThe template for verification messages.
sms_authentication_message(impl Into<String>)
/set_sms_authentication_message(Option<String>)
:
required: falseThe contents of the SMS authentication message.
user_attribute_update_settings(UserAttributeUpdateSettingsType)
/set_user_attribute_update_settings(Option<UserAttributeUpdateSettingsType>)
:
required: falseThe settings for updates to user attributes. These settings include the property
AttributesRequireVerificationBeforeUpdate
, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers.mfa_configuration(UserPoolMfaType)
/set_mfa_configuration(Option<UserPoolMfaType>)
:
required: falsePossible values include:
-
OFF
- MFA tokens aren’t required and can’t be specified during user registration. -
ON
- MFA tokens are required for all user registrations. You can only specify ON when you’re initially creating a user pool. You can use the SetUserPoolMfaConfig API operation to turn MFA “ON” for existing user pools. -
OPTIONAL
- Users have the option when registering to create an MFA token.
-
device_configuration(DeviceConfigurationType)
/set_device_configuration(Option<DeviceConfigurationType>)
:
required: falseThe device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.
When you provide a value for any
DeviceConfiguration
field, you activate the Amazon Cognito device-remembering feature.email_configuration(EmailConfigurationType)
/set_email_configuration(Option<EmailConfigurationType>)
:
required: falseThe email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for email invitation and verification messages from your user pool.
sms_configuration(SmsConfigurationType)
/set_sms_configuration(Option<SmsConfigurationType>)
:
required: falseThe SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.
user_pool_tags(impl Into<String>, impl Into<String>)
/set_user_pool_tags(Option<HashMap::<String, String>>)
:
required: falseThe tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
admin_create_user_config(AdminCreateUserConfigType)
/set_admin_create_user_config(Option<AdminCreateUserConfigType>)
:
required: falseThe configuration for
AdminCreateUser
requests.user_pool_add_ons(UserPoolAddOnsType)
/set_user_pool_add_ons(Option<UserPoolAddOnsType>)
:
required: falseUser pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to
AUDIT
. To configure automatic security responses to risky traffic to your user pool, set toENFORCED
.For more information, see Adding advanced security to a user pool.
account_recovery_setting(AccountRecoverySettingType)
/set_account_recovery_setting(Option<AccountRecoverySettingType>)
:
required: falseThe available verified method a user can use to recover their password when they call
ForgotPassword
. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn’t qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.
- On success, responds with
UpdateUserPoolOutput
- On failure, responds with
SdkError<UpdateUserPoolError>
source§impl Client
impl Client
sourcepub fn update_user_pool_client(&self) -> UpdateUserPoolClientFluentBuilder
pub fn update_user_pool_client(&self) -> UpdateUserPoolClientFluentBuilder
Constructs a fluent builder for the UpdateUserPoolClient
operation.
- The fluent builder is configurable:
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe user pool ID for the user pool where you want to update the user pool client.
client_id(impl Into<String>)
/set_client_id(Option<String>)
:
required: trueThe ID of the client associated with the user pool.
client_name(impl Into<String>)
/set_client_name(Option<String>)
:
required: falseThe client name from the update user pool client request.
refresh_token_validity(i32)
/set_refresh_token_validity(Option<i32>)
:
required: falseThe refresh token time limit. After this limit expires, your user can’t use their refresh token. To specify the time unit for
RefreshTokenValidity
asseconds
,minutes
,hours
, ordays
, set aTokenValidityUnits
value in your API request.For example, when you set
RefreshTokenValidity
as10
andTokenValidityUnits
asdays
, your user can refresh their session and retrieve new access and ID tokens for 10 days.The default time unit for
RefreshTokenValidity
in an API request is days. You can’t setRefreshTokenValidity
to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. Valid range is displayed below in seconds.If you don’t specify otherwise in the configuration of your app client, your refresh tokens are valid for 30 days.
access_token_validity(i32)
/set_access_token_validity(Option<i32>)
:
required: falseThe access token time limit. After this limit expires, your user can’t use their access token. To specify the time unit for
AccessTokenValidity
asseconds
,minutes
,hours
, ordays
, set aTokenValidityUnits
value in your API request.For example, when you set
AccessTokenValidity
to10
andTokenValidityUnits
tohours
, your user can authorize access with their access token for 10 hours.The default time unit for
AccessTokenValidity
in an API request is hours. Valid range is displayed below in seconds.If you don’t specify otherwise in the configuration of your app client, your access tokens are valid for one hour.
id_token_validity(i32)
/set_id_token_validity(Option<i32>)
:
required: falseThe ID token time limit. After this limit expires, your user can’t use their ID token. To specify the time unit for
IdTokenValidity
asseconds
,minutes
,hours
, ordays
, set aTokenValidityUnits
value in your API request.For example, when you set
IdTokenValidity
as10
andTokenValidityUnits
ashours
, your user can authenticate their session with their ID token for 10 hours.The default time unit for
IdTokenValidity
in an API request is hours. Valid range is displayed below in seconds.If you don’t specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
token_validity_units(TokenValidityUnitsType)
/set_token_validity_units(Option<TokenValidityUnitsType>)
:
required: falseThe time units you use when you set the duration of ID, access, and refresh tokens. The default unit for RefreshToken is days, and the default for ID and access tokens is hours.
read_attributes(impl Into<String>)
/set_read_attributes(Option<Vec::<String>>)
:
required: falseThe list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user’s profile data.
When you don’t specify the
ReadAttributes
for your app client, your app can read the values ofemail_verified
,phone_number_verified
, and the Standard attributes of your user pool. When your user pool has read access to these default attributes,ReadAttributes
doesn’t return any information. Amazon Cognito only populatesReadAttributes
in the API response if you have specified your own custom set of read attributes.write_attributes(impl Into<String>)
/set_write_attributes(Option<Vec::<String>>)
:
required: falseThe list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets
family_name
to the new value.When you don’t specify the
WriteAttributes
for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes,WriteAttributes
doesn’t return any information. Amazon Cognito only populatesWriteAttributes
in the API response if you have specified your own custom set of write attributes.If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
explicit_auth_flows(ExplicitAuthFlowsType)
/set_explicit_auth_flows(Option<Vec::<ExplicitAuthFlowsType>>)
:
required: falseThe authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.
If you don’t specify a value for
ExplicitAuthFlows
, your user client supportsALLOW_REFRESH_TOKEN_AUTH
,ALLOW_USER_SRP_AUTH
, andALLOW_CUSTOM_AUTH
.Valid values include:
-
ALLOW_ADMIN_USER_PASSWORD_AUTH
: Enable admin based user password authentication flowADMIN_USER_PASSWORD_AUTH
. This setting replaces theADMIN_NO_SRP_AUTH
setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password. -
ALLOW_CUSTOM_AUTH
: Enable Lambda trigger based authentication. -
ALLOW_USER_PASSWORD_AUTH
: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords. -
ALLOW_USER_SRP_AUTH
: Enable SRP-based authentication. -
ALLOW_REFRESH_TOKEN_AUTH
: Enable authflow to refresh tokens.
In some environments, you will see the values
ADMIN_NO_SRP_AUTH
,CUSTOM_AUTH_FLOW_ONLY
, orUSER_PASSWORD_AUTH
. You can’t assign these legacyExplicitAuthFlows
values to user pool clients at the same time as values that begin withALLOW_
, likeALLOW_USER_SRP_AUTH
.-
supported_identity_providers(impl Into<String>)
/set_supported_identity_providers(Option<Vec::<String>>)
:
required: falseA list of provider names for the IdPs that this client supports. The following are supported:
COGNITO
,Facebook
,Google
,SignInWithApple
,LoginWithAmazon
, and the names of your own SAML and OIDC providers.callback_urls(impl Into<String>)
/set_callback_urls(Option<Vec::<String>>)
:
required: falseA list of allowed redirect (callback) URLs for the IdPs.
A redirect URI must:
-
Be an absolute URI.
-
Be registered with the authorization server.
-
Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as
myapp://example
are also supported.-
logout_urls(impl Into<String>)
/set_logout_urls(Option<Vec::<String>>)
:
required: falseA list of allowed logout URLs for the IdPs.
default_redirect_uri(impl Into<String>)
/set_default_redirect_uri(Option<String>)
:
required: falseThe default redirect URI. Must be in the
CallbackURLs
list.A redirect URI must:
-
Be an absolute URI.
-
Be registered with the authorization server.
-
Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for
http://localhost
for testing purposes only.App callback URLs such as
myapp://example
are also supported.-
allowed_o_auth_flows(OAuthFlowType)
/set_allowed_o_auth_flows(Option<Vec::<OAuthFlowType>>)
:
required: falseThe allowed OAuth flows.
- code
-
Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the
/oauth2/token
endpoint. - implicit
-
Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
- client_credentials
-
Issue the access token from the
/oauth2/token
endpoint directly to a non-person user using a combination of the client ID and client secret.
allowed_o_auth_scopes(impl Into<String>)
/set_allowed_o_auth_scopes(Option<Vec::<String>>)
:
required: falseThe allowed OAuth scopes. Possible values provided by OAuth are
phone
,email
,openid
, andprofile
. Possible values provided by Amazon Web Services areaws.cognito.signin.user.admin
. Custom scopes created in Resource Servers are also supported.allowed_o_auth_flows_user_pool_client(bool)
/set_allowed_o_auth_flows_user_pool_client(Option<bool>)
:
required: falseSet to
true
to use OAuth 2.0 features in your user pool app client.AllowedOAuthFlowsUserPoolClient
must betrue
before you can configure the following features in your app client.-
CallBackURLs
: Callback URLs. -
LogoutURLs
: Sign-out redirect URLs. -
AllowedOAuthScopes
: OAuth 2.0 scopes. -
AllowedOAuthFlows
: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.
To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
AllowedOAuthFlowsUserPoolClient
totrue
in aCreateUserPoolClient
orUpdateUserPoolClient
API request. If you don’t set a value forAllowedOAuthFlowsUserPoolClient
in a request with the CLI or SDKs, it defaults tofalse
.-
analytics_configuration(AnalyticsConfigurationType)
/set_analytics_configuration(Option<AnalyticsConfigurationType>)
:
required: falseThe Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.
In Amazon Web Services Regions where Amazon Pinpoint isn’t available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.
prevent_user_existence_errors(PreventUserExistenceErrorTypes)
/set_prevent_user_existence_errors(Option<PreventUserExistenceErrorTypes>)
:
required: falseErrors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn’t exist in the user pool. When set to
ENABLED
and the user doesn’t exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set toLEGACY
, those APIs return aUserNotFoundException
exception if the user doesn’t exist in the user pool.Valid values include:
-
ENABLED
- This prevents user existence-related errors. -
LEGACY
- This represents the early behavior of Amazon Cognito where user existence related errors aren’t prevented.
-
enable_token_revocation(bool)
/set_enable_token_revocation(Option<bool>)
:
required: falseActivates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
enable_propagate_additional_user_context_data(bool)
/set_enable_propagate_additional_user_context_data(Option<bool>)
:
required: falseActivates the propagation of additional user context data. For more information about propagation of user context data, see Adding advanced security to a user pool. If you don’t include this parameter, you can’t send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate
EnablePropagateAdditionalUserContextData
in an app client that has a client secret.auth_session_validity(i32)
/set_auth_session_validity(Option<i32>)
:
required: falseAmazon Cognito creates a session token for each API request in an authentication flow.
AuthSessionValidity
is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires.
- On success, responds with
UpdateUserPoolClientOutput
with field(s):user_pool_client(Option<UserPoolClientType>)
:The user pool client value from the response from the server when you request to update the user pool client.
- On failure, responds with
SdkError<UpdateUserPoolClientError>
source§impl Client
impl Client
sourcepub fn update_user_pool_domain(&self) -> UpdateUserPoolDomainFluentBuilder
pub fn update_user_pool_domain(&self) -> UpdateUserPoolDomainFluentBuilder
Constructs a fluent builder for the UpdateUserPoolDomain
operation.
- The fluent builder is configurable:
domain(impl Into<String>)
/set_domain(Option<String>)
:
required: trueThe domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be
auth.example.com
.This string can include only lowercase letters, numbers, and hyphens. Don’t use a hyphen for the first or last character. Use periods to separate subdomain names.
user_pool_id(impl Into<String>)
/set_user_pool_id(Option<String>)
:
required: trueThe ID of the user pool that is associated with the custom domain whose certificate you’re updating.
custom_domain_config(CustomDomainConfigType)
/set_custom_domain_config(Option<CustomDomainConfigType>)
:
required: trueThe configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.
- On success, responds with
UpdateUserPoolDomainOutput
with field(s):cloud_front_domain(Option<String>)
:The Amazon CloudFront endpoint that Amazon Cognito set up when you added the custom domain to your user pool.
- On failure, responds with
SdkError<UpdateUserPoolDomainError>
source§impl Client
impl Client
sourcepub fn verify_software_token(&self) -> VerifySoftwareTokenFluentBuilder
pub fn verify_software_token(&self) -> VerifySoftwareTokenFluentBuilder
Constructs a fluent builder for the VerifySoftwareToken
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: falseA valid access token that Amazon Cognito issued to the user whose software token you want to verify.
session(impl Into<String>)
/set_session(Option<String>)
:
required: falseThe session that should be passed both ways in challenge-response calls to the service.
user_code(impl Into<String>)
/set_user_code(Option<String>)
:
required: trueThe one- time password computed using the secret code returned by AssociateSoftwareToken.
friendly_device_name(impl Into<String>)
/set_friendly_device_name(Option<String>)
:
required: falseThe friendly device name.
- On success, responds with
VerifySoftwareTokenOutput
with field(s):status(Option<VerifySoftwareTokenResponseType>)
:The status of the verify software token.
session(Option<String>)
:The session that should be passed both ways in challenge-response calls to the service.
- On failure, responds with
SdkError<VerifySoftwareTokenError>
source§impl Client
impl Client
sourcepub fn verify_user_attribute(&self) -> VerifyUserAttributeFluentBuilder
pub fn verify_user_attribute(&self) -> VerifyUserAttributeFluentBuilder
Constructs a fluent builder for the VerifyUserAttribute
operation.
- The fluent builder is configurable:
access_token(impl Into<String>)
/set_access_token(Option<String>)
:
required: trueA valid access token that Amazon Cognito issued to the user whose user attributes you want to verify.
attribute_name(impl Into<String>)
/set_attribute_name(Option<String>)
:
required: trueThe attribute name in the request to verify user attributes.
code(impl Into<String>)
/set_code(Option<String>)
:
required: trueThe verification code in the request to verify user attributes.
- On success, responds with
VerifyUserAttributeOutput
- On failure, responds with
SdkError<VerifyUserAttributeError>
source§impl Client
impl Client
sourcepub fn from_conf(conf: Config) -> Self
pub fn from_conf(conf: Config) -> Self
Creates a new client from the service Config
.
§Panics
This method will panic in the following cases:
- Retries or timeouts are enabled without a
sleep_impl
configured. - Identity caching is enabled without a
sleep_impl
andtime_source
configured. - No
behavior_version
is provided.
The panic message for each of these will have instructions on how to resolve them.
source§impl Client
impl Client
sourcepub fn new(sdk_config: &SdkConfig) -> Self
pub fn new(sdk_config: &SdkConfig) -> Self
Creates a new client from an SDK Config.
§Panics
- This method will panic if the
sdk_config
is missing an async sleep implementation. If you experience this panic, set thesleep_impl
on the Config passed into this function to fix it. - This method will panic if the
sdk_config
is missing an HTTP connector. If you experience this panic, set thehttp_connector
on the Config passed into this function to fix it. - This method will panic if no
BehaviorVersion
is provided. If you experience this panic, setbehavior_version
on the Config or enable thebehavior-version-latest
Cargo feature.
Trait Implementations§
Auto Trait Implementations§
impl Freeze for Client
impl !RefUnwindSafe for Client
impl Send for Client
impl Sync for Client
impl Unpin for Client
impl !UnwindSafe for Client
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more