Using the Amazon Cognito User Pools API, you can create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.
This API reference provides information about user pools in Amazon Cognito User Pools.
For more information, see the Amazon Cognito Documentation.
service : AWS.Config.Region -> AWS.Service.Service
Configuration for this service.
addCustomAttributes : AddCustomAttributesRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Adds additional user attributes to the user pool schema.
adminAddUserToGroup : AdminAddUserToGroupRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Adds the specified user to the specified group.
Requires developer credentials.
adminConfirmSignUp : AdminConfirmSignUpRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Confirms user registration as an admin without using a confirmation code. Works on any user.
Requires developer credentials.
adminCreateUser : AdminCreateUserRequest -> AWS.Http.Request AWS.Http.AWSAppError AdminCreateUserResponse
Creates a new user in the specified user pool.
If MessageAction
is not set, the default is to send a welcome message via email or phone (SMS).
This message is based on a template that you configured in your call to or . This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser with “SUPPRESS” for the MessageAction
parameter, and Amazon Cognito will not send any email.
In either case, the user will be in the FORCE_CHANGE_PASSWORD
state until they sign in and change their password.
AdminCreateUser requires developer credentials.
adminDeleteUser : AdminDeleteUserRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Deletes a user as an administrator. Works on any user.
Requires developer credentials.
adminDeleteUserAttributes : AdminDeleteUserAttributesRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Deletes the user attributes in a user pool as an administrator. Works on any user.
Requires developer credentials.
adminDisableProviderForUser : AdminDisableProviderForUserRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Cognito User Pools native username + password user, they are not permitted to use their password to sign-in. If the user to disable is a linked external IdP user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked DestinationUser
) signs in, they must create a new user account. See .
This action is enabled only for admin access and requires developer credentials.
The ProviderName
must match the value specified when creating an IdP for the pool.
To disable a native username + password user, the ProviderName
value must be Cognito
and the ProviderAttributeName
must be Cognito_Subject
, with the ProviderAttributeValue
being the name that is used in the user pool for the user.
The ProviderAttributeName
must always be Cognito_Subject
for social identity providers. The ProviderAttributeValue
must always be the exact subject that was used when the user was originally linked as a source user.
For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign-in, the ProviderAttributeName
and ProviderAttributeValue
must be the same values that were used for the SourceUser
when the identities were originally linked in the call. (If the linking was done with ProviderAttributeName
set to Cognito_Subject
, the same applies here). However, if the user has already signed in, the ProviderAttributeName
must be Cognito_Subject
and ProviderAttributeValue
must be the subject of the SAML assertion.
adminDisableUser : AdminDisableUserRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Disables the specified user as an administrator. Works on any user.
Requires developer credentials.
adminEnableUser : AdminEnableUserRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Enables the specified user as an administrator. Works on any user.
Requires developer credentials.
adminForgetDevice : AdminForgetDeviceRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Forgets the device, as an administrator.
Requires developer credentials.
adminGetDevice : AdminGetDeviceRequest -> AWS.Http.Request AWS.Http.AWSAppError AdminGetDeviceResponse
Gets the device, as an administrator.
Requires developer credentials.
adminGetUser : AdminGetUserRequest -> AWS.Http.Request AWS.Http.AWSAppError AdminGetUserResponse
Gets the specified user by user name in a user pool as an administrator. Works on any user.
Requires developer credentials.
adminInitiateAuth : AdminInitiateAuthRequest -> AWS.Http.Request AWS.Http.AWSAppError AdminInitiateAuthResponse
Initiates the authentication flow, as an administrator.
Requires developer credentials.
adminLinkProviderForUser : AdminLinkProviderForUserRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Links an existing user account in a user pool (DestinationUser
) to an identity from an external identity provider (SourceUser
) based on a specified attribute name and value from the external identity provider. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in, so that the federated user identity can be used to sign in as the existing user account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity, so that when the federated user identity is used, the user signs in as the existing user account.
Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external identity providers and provider attributes that have been trusted by the application owner.
See also .
This action is enabled only for admin access and requires developer credentials.
adminListDevices : AdminListDevicesRequest -> AWS.Http.Request AWS.Http.AWSAppError AdminListDevicesResponse
Lists devices, as an administrator.
Requires developer credentials.
adminListGroupsForUser : AdminListGroupsForUserRequest -> AWS.Http.Request AWS.Http.AWSAppError AdminListGroupsForUserResponse
Lists the groups that the user belongs to.
Requires developer credentials.
adminListUserAuthEvents : AdminListUserAuthEventsRequest -> AWS.Http.Request AWS.Http.AWSAppError AdminListUserAuthEventsResponse
Lists a history of user activity and any risks detected as part of Amazon Cognito advanced security.
adminRemoveUserFromGroup : AdminRemoveUserFromGroupRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Removes the specified user from the specified group.
Requires developer credentials.
adminResetUserPassword : AdminResetUserPasswordRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Resets the specified user's password in a user pool as an administrator. Works on any user.
When a developer calls this API, the current password is invalidated, so it must be changed. If a user tries to sign in after the API is called, the app will get a PasswordResetRequiredException exception back and should direct the user down the flow to reset the password, which is the same as the forgot password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.
Requires developer credentials.
adminRespondToAuthChallenge : AdminRespondToAuthChallengeRequest -> AWS.Http.Request AWS.Http.AWSAppError AdminRespondToAuthChallengeResponse
Responds to an authentication challenge, as an administrator.
Requires developer credentials.
adminSetUserMfapreference : AdminSetUserMfapreferenceRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Sets the user's multi-factor authentication (MFA) preference.
adminSetUserPassword : AdminSetUserPasswordRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
adminSetUserSettings : AdminSetUserSettingsRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Sets all the user settings for a specified user name. Works on any user.
Requires developer credentials.
adminUpdateAuthEventFeedback : AdminUpdateAuthEventFeedbackRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Provides feedback for an authentication event as to whether it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.
adminUpdateDeviceStatus : AdminUpdateDeviceStatusRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Updates the device status as an administrator.
Requires developer credentials.
adminUpdateUserAttributes : AdminUpdateUserAttributesRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user.
For custom attributes, you must prepend the custom:
prefix to the attribute name.
In addition to updating user attributes, this API can also be used to mark phone and email as verified.
Requires developer credentials.
adminUserGlobalSignOut : AdminUserGlobalSignOutRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Signs out users from all devices, as an administrator.
Requires developer credentials.
associateSoftwareToken : AssociateSoftwareTokenRequest -> AWS.Http.Request AWS.Http.AWSAppError AssociateSoftwareTokenResponse
Returns a unique generated shared secret key code for the user account. The request takes an access token or a session string, but not both.
changePassword : ChangePasswordRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Changes the password for a specified user in a user pool.
confirmDevice : ConfirmDeviceRequest -> AWS.Http.Request AWS.Http.AWSAppError ConfirmDeviceResponse
Confirms tracking of the device. This API call is the call that begins device tracking.
confirmForgotPassword : ConfirmForgotPasswordRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Allows a user to enter a confirmation code to reset a forgotten password.
confirmSignUp : ConfirmSignUpRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Confirms registration of a user and handles the existing alias from a previous user.
createGroup : CreateGroupRequest -> AWS.Http.Request AWS.Http.AWSAppError CreateGroupResponse
Creates a new group in the specified user pool.
Requires developer credentials.
createIdentityProvider : CreateIdentityProviderRequest -> AWS.Http.Request AWS.Http.AWSAppError CreateIdentityProviderResponse
Creates an identity provider for a user pool.
createResourceServer : CreateResourceServerRequest -> AWS.Http.Request AWS.Http.AWSAppError CreateResourceServerResponse
Creates a new OAuth2.0 resource server and defines custom scopes in it.
createUserImportJob : CreateUserImportJobRequest -> AWS.Http.Request AWS.Http.AWSAppError CreateUserImportJobResponse
Creates the user import job.
createUserPool : CreateUserPoolRequest -> AWS.Http.Request AWS.Http.AWSAppError CreateUserPoolResponse
Creates a new Amazon Cognito user pool and sets the password policy for the pool.
createUserPoolClient : CreateUserPoolClientRequest -> AWS.Http.Request AWS.Http.AWSAppError CreateUserPoolClientResponse
Creates the user pool client.
createUserPoolDomain : CreateUserPoolDomainRequest -> AWS.Http.Request AWS.Http.AWSAppError CreateUserPoolDomainResponse
Creates a new domain for a user pool.
deleteGroup : DeleteGroupRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Deletes a group. Currently only groups with no members can be deleted.
Requires developer credentials.
deleteIdentityProvider : DeleteIdentityProviderRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Deletes an identity provider for a user pool.
deleteResourceServer : DeleteResourceServerRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Deletes a resource server.
deleteUser : DeleteUserRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Allows a user to delete himself or herself.
deleteUserAttributes : DeleteUserAttributesRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Deletes the attributes for a user.
deleteUserPool : DeleteUserPoolRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Deletes the specified Amazon Cognito user pool.
deleteUserPoolClient : DeleteUserPoolClientRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Allows the developer to delete the user pool client.
deleteUserPoolDomain : DeleteUserPoolDomainRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Deletes a domain for a user pool.
describeIdentityProvider : DescribeIdentityProviderRequest -> AWS.Http.Request AWS.Http.AWSAppError DescribeIdentityProviderResponse
Gets information about a specific identity provider.
describeResourceServer : DescribeResourceServerRequest -> AWS.Http.Request AWS.Http.AWSAppError DescribeResourceServerResponse
Describes a resource server.
describeRiskConfiguration : DescribeRiskConfigurationRequest -> AWS.Http.Request AWS.Http.AWSAppError DescribeRiskConfigurationResponse
Describes the risk configuration.
describeUserImportJob : DescribeUserImportJobRequest -> AWS.Http.Request AWS.Http.AWSAppError DescribeUserImportJobResponse
Describes the user import job.
describeUserPool : DescribeUserPoolRequest -> AWS.Http.Request AWS.Http.AWSAppError DescribeUserPoolResponse
Returns the configuration information and metadata of the specified user pool.
describeUserPoolClient : DescribeUserPoolClientRequest -> AWS.Http.Request AWS.Http.AWSAppError DescribeUserPoolClientResponse
Client method for returning the configuration information and metadata of the specified user pool app client.
describeUserPoolDomain : DescribeUserPoolDomainRequest -> AWS.Http.Request AWS.Http.AWSAppError DescribeUserPoolDomainResponse
Gets information about a domain.
forgetDevice : ForgetDeviceRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Forgets the specified device.
forgotPassword : ForgotPasswordRequest -> AWS.Http.Request AWS.Http.AWSAppError ForgotPasswordResponse
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the Username
parameter, you can use the username or user alias. If a verified phone number exists for the user, the confirmation code is sent to the phone number. Otherwise, if a verified email exists, the confirmation code is sent to the email. If neither a verified phone number nor a verified email exists, InvalidParameterException
is thrown. To use the confirmation code for resetting the password, call .
getCsvheader : GetCsvheaderRequest -> AWS.Http.Request AWS.Http.AWSAppError GetCsvheaderResponse
Gets the header information for the .csv file to be used as input for the user import job.
getDevice : GetDeviceRequest -> AWS.Http.Request AWS.Http.AWSAppError GetDeviceResponse
Gets the device.
getGroup : GetGroupRequest -> AWS.Http.Request AWS.Http.AWSAppError GetGroupResponse
Gets a group.
Requires developer credentials.
getIdentityProviderByIdentifier : GetIdentityProviderByIdentifierRequest -> AWS.Http.Request AWS.Http.AWSAppError GetIdentityProviderByIdentifierResponse
Gets the specified identity provider.
getSigningCertificate : GetSigningCertificateRequest -> AWS.Http.Request AWS.Http.AWSAppError GetSigningCertificateResponse
This method takes a user pool ID, and returns the signing certificate.
getUicustomization : GetUicustomizationRequest -> AWS.Http.Request AWS.Http.AWSAppError GetUicustomizationResponse
Gets the UI Customization information for a particular app client's app UI, if there is something set. If nothing is set for the particular client, but there is an existing pool level customization (app clientId
will be ALL
), then that is returned. If nothing is present, then an empty shape is returned.
getUser : GetUserRequest -> AWS.Http.Request AWS.Http.AWSAppError GetUserResponse
Gets the user attributes and metadata for a user.
getUserAttributeVerificationCode : GetUserAttributeVerificationCodeRequest -> AWS.Http.Request AWS.Http.AWSAppError GetUserAttributeVerificationCodeResponse
Gets the user attribute verification code for the specified attribute name.
getUserPoolMfaConfig : GetUserPoolMfaConfigRequest -> AWS.Http.Request AWS.Http.AWSAppError GetUserPoolMfaConfigResponse
Gets the user pool multi-factor authentication (MFA) configuration.
globalSignOut : GlobalSignOutRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Signs out users from all devices.
initiateAuth : InitiateAuthRequest -> AWS.Http.Request AWS.Http.AWSAppError InitiateAuthResponse
Initiates the authentication flow.
listDevices : ListDevicesRequest -> AWS.Http.Request AWS.Http.AWSAppError ListDevicesResponse
Lists the devices.
listGroups : ListGroupsRequest -> AWS.Http.Request AWS.Http.AWSAppError ListGroupsResponse
Lists the groups associated with a user pool.
Requires developer credentials.
listIdentityProviders : ListIdentityProvidersRequest -> AWS.Http.Request AWS.Http.AWSAppError ListIdentityProvidersResponse
Lists information about all identity providers for a user pool.
listResourceServers : ListResourceServersRequest -> AWS.Http.Request AWS.Http.AWSAppError ListResourceServersResponse
Lists the resource servers for a user pool.
listTagsForResource : ListTagsForResourceRequest -> AWS.Http.Request AWS.Http.AWSAppError ListTagsForResourceResponse
Lists the tags that are assigned to an Amazon Cognito user pool.
A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
You can use this action up to 10 times per second, per account.
listUserImportJobs : ListUserImportJobsRequest -> AWS.Http.Request AWS.Http.AWSAppError ListUserImportJobsResponse
Lists the user import jobs.
listUserPoolClients : ListUserPoolClientsRequest -> AWS.Http.Request AWS.Http.AWSAppError ListUserPoolClientsResponse
Lists the clients that have been created for the specified user pool.
listUserPools : ListUserPoolsRequest -> AWS.Http.Request AWS.Http.AWSAppError ListUserPoolsResponse
Lists the user pools associated with an AWS account.
listUsers : ListUsersRequest -> AWS.Http.Request AWS.Http.AWSAppError ListUsersResponse
Lists the users in the Amazon Cognito user pool.
listUsersInGroup : ListUsersInGroupRequest -> AWS.Http.Request AWS.Http.AWSAppError ListUsersInGroupResponse
Lists the users in the specified group.
Requires developer credentials.
resendConfirmationCode : ResendConfirmationCodeRequest -> AWS.Http.Request AWS.Http.AWSAppError ResendConfirmationCodeResponse
Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
respondToAuthChallenge : RespondToAuthChallengeRequest -> AWS.Http.Request AWS.Http.AWSAppError RespondToAuthChallengeResponse
Responds to the authentication challenge.
setRiskConfiguration : SetRiskConfigurationRequest -> AWS.Http.Request AWS.Http.AWSAppError SetRiskConfigurationResponse
Configures actions on detected risks. To delete the risk configuration for UserPoolId
or ClientId
, pass null values for all four configuration types.
To enable Amazon Cognito advanced security features, update the user pool to include the UserPoolAddOns
keyAdvancedSecurityMode
.
See .
setUicustomization : SetUicustomizationRequest -> AWS.Http.Request AWS.Http.AWSAppError SetUicustomizationResponse
Sets the UI customization information for a user pool's built-in app UI.
You can specify app UI customization settings for a single client (with a specific clientId
) or for all clients (by setting the clientId
to ALL
). If you specify ALL
, the default configuration will be used for every client that has no UI customization set previously. If you specify UI customization settings for a particular client, it will no longer fall back to the ALL
configuration.
To use this API, your user pool must have a domain associated with it. Otherwise, there is no place to host the app's pages, and the service will throw an error.
setUserMfapreference : SetUserMfapreferenceRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Set the user's multi-factor authentication (MFA) method preference.
setUserPoolMfaConfig : SetUserPoolMfaConfigRequest -> AWS.Http.Request AWS.Http.AWSAppError SetUserPoolMfaConfigResponse
Set the user pool MFA configuration.
setUserSettings : SetUserSettingsRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Sets the user settings like multi-factor authentication (MFA). If MFA is to be removed for a particular attribute pass the attribute with code delivery as null. If null list is passed, all MFA options are removed.
signUp : SignUpRequest -> AWS.Http.Request AWS.Http.AWSAppError SignUpResponse
Registers the user in the specified user pool and creates a user name, password, and user attributes.
startUserImportJob : StartUserImportJobRequest -> AWS.Http.Request AWS.Http.AWSAppError StartUserImportJobResponse
Starts the user import.
stopUserImportJob : StopUserImportJobRequest -> AWS.Http.Request AWS.Http.AWSAppError StopUserImportJobResponse
Stops the user import job.
tagResource : TagResourceRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
Each tag consists of a key and value, both of which you define. A key is a general category for more specific values. For example, if you have two versions of a user pool, one for testing and another for production, you might assign an Environment
tag key to both user pools. The value of this key might be Test
for one user pool and Production
for the other.
Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an IAM policy, you can constrain permissions for user pools based on specific tags or tag values.
You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.
untagResource : UntagResourceRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Removes the specified tags from an Amazon Cognito user pool. You can use this action up to 5 times per second, per account
updateAuthEventFeedback : UpdateAuthEventFeedbackRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Provides the feedback for an authentication event whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.
updateDeviceStatus : UpdateDeviceStatusRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Updates the device status.
updateGroup : UpdateGroupRequest -> AWS.Http.Request AWS.Http.AWSAppError UpdateGroupResponse
Updates the specified group with the specified attributes.
Requires developer credentials.
updateIdentityProvider : UpdateIdentityProviderRequest -> AWS.Http.Request AWS.Http.AWSAppError UpdateIdentityProviderResponse
Updates identity provider information for a user pool.
updateResourceServer : UpdateResourceServerRequest -> AWS.Http.Request AWS.Http.AWSAppError UpdateResourceServerResponse
Updates the name and scopes of resource server. All other fields are read-only.
updateUserAttributes : UpdateUserAttributesRequest -> AWS.Http.Request AWS.Http.AWSAppError UpdateUserAttributesResponse
Allows a user to update a specific attribute (one at a time).
updateUserPool : UpdateUserPoolRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Updates the specified user pool with the specified attributes. If you don't provide a value for an attribute, it will be set to the default value. You can get a list of the current user pool settings with .
updateUserPoolClient : UpdateUserPoolClientRequest -> AWS.Http.Request AWS.Http.AWSAppError UpdateUserPoolClientResponse
Updates the specified user pool app client with the specified attributes. If you don't provide a value for an attribute, it will be set to the default value. You can get a list of the current user pool app client settings with .
updateUserPoolDomain : UpdateUserPoolDomainRequest -> AWS.Http.Request AWS.Http.AWSAppError UpdateUserPoolDomainResponse
Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.
You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You cannot use it to change the domain for a user pool.
A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with AWS Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.
Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.
However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.
When you add your new certificate in ACM, you must choose US East (N. Virginia) as the AWS Region.
After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.
For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI
.
verifySoftwareToken : VerifySoftwareTokenRequest -> AWS.Http.Request AWS.Http.AWSAppError VerifySoftwareTokenResponse
Use this API to register a user's entered TOTP code and mark the user's software token MFA status as "verified" if successful. The request takes an access token or a session string, but not both.
verifyUserAttribute : VerifyUserAttributeRequest -> AWS.Http.Request AWS.Http.AWSAppError ()
Verifies the specified user attributes in the user pool.
{ eventAction : AccountTakeoverEventActionType
, notify : Basics.Bool
}
The AccountTakeoverActionType data model.
{ highAction : Maybe AccountTakeoverActionType
, lowAction : Maybe AccountTakeoverActionType
, mediumAction : Maybe AccountTakeoverActionType
}
The AccountTakeoverActionsType data model.
The AccountTakeoverEventActionType data model.
{ actions : AccountTakeoverActionsType
, notifyConfiguration : Maybe NotifyConfigurationType
}
The AccountTakeoverRiskConfigurationType data model.
{ customAttributes : CustomAttributesListType
, userPoolId : String
}
The AddCustomAttributesRequest data model.
{}
The AddCustomAttributesResponse data model.
{ groupName : String
, userPoolId : String
, username : String
}
The AdminAddUserToGroupRequest data model.
{ userPoolId : String
, username : String
}
The AdminConfirmSignUpRequest data model.
{}
The AdminConfirmSignUpResponse data model.
{ allowAdminCreateUserOnly : Maybe Basics.Bool
, inviteMessageTemplate : Maybe MessageTemplateType
, unusedAccountValidityDays : Maybe Basics.Int
}
The AdminCreateUserConfigType data model.
{ desiredDeliveryMediums : Maybe DeliveryMediumListType
, forceAliasCreation : Maybe Basics.Bool
, messageAction : Maybe MessageActionType
, temporaryPassword : Maybe String
, userAttributes : Maybe AttributeListType
, userPoolId : String
, username : String
, validationData : Maybe AttributeListType
}
The AdminCreateUserRequest data model.
{ user : Maybe UserType }
The AdminCreateUserResponse data model.
{ userAttributeNames : AttributeNameListType
, userPoolId : String
, username : String
}
The AdminDeleteUserAttributesRequest data model.
{}
The AdminDeleteUserAttributesResponse data model.
{ userPoolId : String
, username : String
}
The AdminDeleteUserRequest data model.
{ user : ProviderUserIdentifierType
, userPoolId : String
}
The AdminDisableProviderForUserRequest data model.
{}
The AdminDisableProviderForUserResponse data model.
{ userPoolId : String
, username : String
}
The AdminDisableUserRequest data model.
{}
The AdminDisableUserResponse data model.
{ userPoolId : String
, username : String
}
The AdminEnableUserRequest data model.
{}
The AdminEnableUserResponse data model.
{ deviceKey : String
, userPoolId : String
, username : String
}
The AdminForgetDeviceRequest data model.
{ deviceKey : String
, userPoolId : String
, username : String
}
The AdminGetDeviceRequest data model.
{ device : DeviceType }
The AdminGetDeviceResponse data model.
{ userPoolId : String
, username : String
}
The AdminGetUserRequest data model.
{ enabled : Maybe Basics.Bool
, mfaoptions : Maybe MfaoptionListType
, preferredMfaSetting : Maybe String
, userAttributes : Maybe AttributeListType
, userCreateDate : Maybe String
, userLastModifiedDate : Maybe String
, userMfasettingList : Maybe UserMfasettingListType
, userStatus : Maybe UserStatusType
, username : String
}
The AdminGetUserResponse data model.
{ analyticsMetadata : Maybe AnalyticsMetadataType
, authFlow : AuthFlowType
, authParameters : Maybe AuthParametersType
, clientId : String
, clientMetadata : Maybe ClientMetadataType
, contextData : Maybe ContextDataType
, userPoolId : String
}
The AdminInitiateAuthRequest data model.
{ authenticationResult : Maybe AuthenticationResultType
, challengeName : Maybe ChallengeNameType
, challengeParameters : Maybe ChallengeParametersType
, session : Maybe String
}
The AdminInitiateAuthResponse data model.
{ destinationUser : ProviderUserIdentifierType
, sourceUser : ProviderUserIdentifierType
, userPoolId : String
}
The AdminLinkProviderForUserRequest data model.
{}
The AdminLinkProviderForUserResponse data model.
{ limit : Maybe Basics.Int
, paginationToken : Maybe String
, userPoolId : String
, username : String
}
The AdminListDevicesRequest data model.
{ devices : Maybe DeviceListType
, paginationToken : Maybe String
}
The AdminListDevicesResponse data model.
{ limit : Maybe Basics.Int
, nextToken : Maybe String
, userPoolId : String
, username : String
}
The AdminListGroupsForUserRequest data model.
{ groups : Maybe GroupListType
, nextToken : Maybe String
}
The AdminListGroupsForUserResponse data model.
{ maxResults : Maybe Basics.Int
, nextToken : Maybe String
, userPoolId : String
, username : String
}
The AdminListUserAuthEventsRequest data model.
{ authEvents : Maybe AuthEventsType
, nextToken : Maybe String
}
The AdminListUserAuthEventsResponse data model.
{ groupName : String
, userPoolId : String
, username : String
}
The AdminRemoveUserFromGroupRequest data model.
{ userPoolId : String
, username : String
}
The AdminResetUserPasswordRequest data model.
{}
The AdminResetUserPasswordResponse data model.
{ analyticsMetadata : Maybe AnalyticsMetadataType
, challengeName : ChallengeNameType
, challengeResponses : Maybe ChallengeResponsesType
, clientId : String
, contextData : Maybe ContextDataType
, session : Maybe String
, userPoolId : String
}
The AdminRespondToAuthChallengeRequest data model.
{ authenticationResult : Maybe AuthenticationResultType
, challengeName : Maybe ChallengeNameType
, challengeParameters : Maybe ChallengeParametersType
, session : Maybe String
}
The AdminRespondToAuthChallengeResponse data model.
{ smsmfaSettings : Maybe SmsmfaSettingsType
, softwareTokenMfaSettings : Maybe SoftwareTokenMfaSettingsType
, userPoolId : String
, username : String
}
The AdminSetUserMfapreferenceRequest data model.
{}
The AdminSetUserMfapreferenceResponse data model.
{ password : String
, permanent : Maybe Basics.Bool
, userPoolId : String
, username : String
}
The AdminSetUserPasswordRequest data model.
{}
The AdminSetUserPasswordResponse data model.
{ mfaoptions : MfaoptionListType
, userPoolId : String
, username : String
}
The AdminSetUserSettingsRequest data model.
{}
The AdminSetUserSettingsResponse data model.
{ eventId : String
, feedbackValue : FeedbackValueType
, userPoolId : String
, username : String
}
The AdminUpdateAuthEventFeedbackRequest data model.
{}
The AdminUpdateAuthEventFeedbackResponse data model.
{ deviceKey : String
, deviceRememberedStatus : Maybe DeviceRememberedStatusType
, userPoolId : String
, username : String
}
The AdminUpdateDeviceStatusRequest data model.
{}
The AdminUpdateDeviceStatusResponse data model.
{ userAttributes : AttributeListType
, userPoolId : String
, username : String
}
The AdminUpdateUserAttributesRequest data model.
{}
The AdminUpdateUserAttributesResponse data model.
{ userPoolId : String
, username : String
}
The AdminUserGlobalSignOutRequest data model.
{}
The AdminUserGlobalSignOutResponse data model.
The AdvancedSecurityModeType data model.
The AliasAttributeType data model.
List AliasAttributeType
The AliasAttributesListType data model.
{ applicationId : String
, externalId : String
, roleArn : String
, userDataShared : Maybe Basics.Bool
}
The AnalyticsConfigurationType data model.
{ analyticsEndpointId : Maybe String }
The AnalyticsMetadataType data model.
{ accessToken : Maybe String
, session : Maybe String
}
The AssociateSoftwareTokenRequest data model.
{ secretCode : Maybe String
, session : Maybe String
}
The AssociateSoftwareTokenResponse data model.
The AttributeDataType data model.
List AttributeType
The AttributeListType data model.
Dict String String
The AttributeMappingType data model.
List String
The AttributeNameListType data model.
{ name : String
, value : Maybe String
}
The AttributeType data model.
{ challengeResponses : Maybe ChallengeResponseListType
, creationDate : Maybe String
, eventContextData : Maybe EventContextDataType
, eventFeedback : Maybe EventFeedbackType
, eventId : Maybe String
, eventResponse : Maybe EventResponseType
, eventRisk : Maybe EventRiskType
, eventType : Maybe EventType
}
The AuthEventType data model.
List AuthEventType
The AuthEventsType data model.
The AuthFlowType data model.
Dict String String
The AuthParametersType data model.
{ accessToken : Maybe String
, expiresIn : Maybe Basics.Int
, idToken : Maybe String
, newDeviceMetadata : Maybe NewDeviceMetadataType
, refreshToken : Maybe String
, tokenType : Maybe String
}
The AuthenticationResultType data model.
List String
The BlockedIprangeListType data model.
List String
The CallbackUrlsListType data model.
The ChallengeName data model.
The ChallengeNameType data model.
Dict String String
The ChallengeParametersType data model.
The ChallengeResponse data model.
List ChallengeResponseType
The ChallengeResponseListType data model.
{ challengeName : Maybe ChallengeName
, challengeResponse : Maybe ChallengeResponse
}
The ChallengeResponseType data model.
Dict String String
The ChallengeResponsesType data model.
{ accessToken : String
, previousPassword : String
, proposedPassword : String
}
The ChangePasswordRequest data model.
{}
The ChangePasswordResponse data model.
Dict String String
The ClientMetadataType data model.
List String
The ClientPermissionListType data model.
List CodeDeliveryDetailsType
The CodeDeliveryDetailsListType data model.
{ attributeName : Maybe String
, deliveryMedium : Maybe DeliveryMediumType
, destination : Maybe String
}
The CodeDeliveryDetailsType data model.
{ eventAction : CompromisedCredentialsEventActionType }
The CompromisedCredentialsActionsType data model.
The CompromisedCredentialsEventActionType data model.
{ actions : CompromisedCredentialsActionsType
, eventFilter : Maybe EventFiltersType
}
The CompromisedCredentialsRiskConfigurationType data model.
{ accessToken : String
, deviceKey : String
, deviceName : Maybe String
, deviceSecretVerifierConfig : Maybe DeviceSecretVerifierConfigType
}
The ConfirmDeviceRequest data model.
{ userConfirmationNecessary : Maybe Basics.Bool }
The ConfirmDeviceResponse data model.
{ analyticsMetadata : Maybe AnalyticsMetadataType
, clientId : String
, confirmationCode : String
, password : String
, secretHash : Maybe String
, userContextData : Maybe UserContextDataType
, username : String
}
The ConfirmForgotPasswordRequest data model.
{}
The ConfirmForgotPasswordResponse data model.
{ analyticsMetadata : Maybe AnalyticsMetadataType
, clientId : String
, confirmationCode : String
, forceAliasCreation : Maybe Basics.Bool
, secretHash : Maybe String
, userContextData : Maybe UserContextDataType
, username : String
}
The ConfirmSignUpRequest data model.
{}
The ConfirmSignUpResponse data model.
{ encodedData : Maybe String
, httpHeaders : HttpHeaderList
, ipAddress : String
, serverName : String
, serverPath : String
}
The ContextDataType data model.
{ description : Maybe String
, groupName : String
, precedence : Maybe Basics.Int
, roleArn : Maybe String
, userPoolId : String
}
The CreateGroupRequest data model.
{ group : Maybe GroupType }
The CreateGroupResponse data model.
{ attributeMapping : Maybe AttributeMappingType
, idpIdentifiers : Maybe IdpIdentifiersListType
, providerDetails : ProviderDetailsType
, providerName : String
, providerType : IdentityProviderTypeType
, userPoolId : String
}
The CreateIdentityProviderRequest data model.
{ identityProvider : IdentityProviderType }
The CreateIdentityProviderResponse data model.
{ identifier : String
, name : String
, scopes : Maybe ResourceServerScopeListType
, userPoolId : String
}
The CreateResourceServerRequest data model.
{ resourceServer : ResourceServerType }
The CreateResourceServerResponse data model.
{ cloudWatchLogsRoleArn : String
, jobName : String
, userPoolId : String
}
The CreateUserImportJobRequest data model.
{ userImportJob : Maybe UserImportJobType }
The CreateUserImportJobResponse data model.
{ allowedOauthFlows : Maybe OauthFlowsType
, allowedOauthFlowsUserPoolClient : Maybe Basics.Bool
, allowedOauthScopes : Maybe ScopeListType
, analyticsConfiguration : Maybe AnalyticsConfigurationType
, callbackUrls : Maybe CallbackUrlsListType
, clientName : String
, defaultRedirectUri : Maybe String
, explicitAuthFlows : Maybe ExplicitAuthFlowsListType
, generateSecret : Maybe Basics.Bool
, logoutUrls : Maybe LogoutUrlsListType
, readAttributes : Maybe ClientPermissionListType
, refreshTokenValidity : Maybe Basics.Int
, supportedIdentityProviders : Maybe SupportedIdentityProvidersListType
, userPoolId : String
, writeAttributes : Maybe ClientPermissionListType
}
The CreateUserPoolClientRequest data model.
{ userPoolClient : Maybe UserPoolClientType }
The CreateUserPoolClientResponse data model.
{ customDomainConfig : Maybe CustomDomainConfigType
, domain : String
, userPoolId : String
}
The CreateUserPoolDomainRequest data model.
{ cloudFrontDomain : Maybe String }
The CreateUserPoolDomainResponse data model.
{ adminCreateUserConfig : Maybe AdminCreateUserConfigType
, aliasAttributes : Maybe AliasAttributesListType
, autoVerifiedAttributes : Maybe VerifiedAttributesListType
, deviceConfiguration : Maybe DeviceConfigurationType
, emailConfiguration : Maybe EmailConfigurationType
, emailVerificationMessage : Maybe String
, emailVerificationSubject : Maybe String
, lambdaConfig : Maybe LambdaConfigType
, mfaConfiguration : Maybe UserPoolMfaType
, policies : Maybe UserPoolPolicyType
, poolName : String
, schema : Maybe SchemaAttributesListType
, smsAuthenticationMessage : Maybe String
, smsConfiguration : Maybe SmsConfigurationType
, smsVerificationMessage : Maybe String
, userPoolAddOns : Maybe UserPoolAddOnsType
, userPoolTags : Maybe UserPoolTagsType
, usernameAttributes : Maybe UsernameAttributesListType
, verificationMessageTemplate : Maybe VerificationMessageTemplateType
}
The CreateUserPoolRequest data model.
{ userPool : Maybe UserPoolType }
The CreateUserPoolResponse data model.
List SchemaAttributeType
The CustomAttributesListType data model.
{ certificateArn : String }
The CustomDomainConfigType data model.
The DefaultEmailOptionType data model.
{ groupName : String
, userPoolId : String
}
The DeleteGroupRequest data model.
{ providerName : String
, userPoolId : String
}
The DeleteIdentityProviderRequest data model.
{ identifier : String
, userPoolId : String
}
The DeleteResourceServerRequest data model.
{ accessToken : String
, userAttributeNames : AttributeNameListType
}
The DeleteUserAttributesRequest data model.
{}
The DeleteUserAttributesResponse data model.
{ clientId : String
, userPoolId : String
}
The DeleteUserPoolClientRequest data model.
{ domain : String
, userPoolId : String
}
The DeleteUserPoolDomainRequest data model.
{}
The DeleteUserPoolDomainResponse data model.
{ userPoolId : String }
The DeleteUserPoolRequest data model.
{ accessToken : String }
The DeleteUserRequest data model.
List DeliveryMediumType
The DeliveryMediumListType data model.
The DeliveryMediumType data model.
{ providerName : String
, userPoolId : String
}
The DescribeIdentityProviderRequest data model.
{ identityProvider : IdentityProviderType }
The DescribeIdentityProviderResponse data model.
{ identifier : String
, userPoolId : String
}
The DescribeResourceServerRequest data model.
{ resourceServer : ResourceServerType }
The DescribeResourceServerResponse data model.
{ clientId : Maybe String
, userPoolId : String
}
The DescribeRiskConfigurationRequest data model.
{ riskConfiguration : RiskConfigurationType }
The DescribeRiskConfigurationResponse data model.
{ jobId : String
, userPoolId : String
}
The DescribeUserImportJobRequest data model.
{ userImportJob : Maybe UserImportJobType }
The DescribeUserImportJobResponse data model.
{ clientId : String
, userPoolId : String
}
The DescribeUserPoolClientRequest data model.
{ userPoolClient : Maybe UserPoolClientType }
The DescribeUserPoolClientResponse data model.
{ domain : String }
The DescribeUserPoolDomainRequest data model.
{ domainDescription : Maybe DomainDescriptionType }
The DescribeUserPoolDomainResponse data model.
{ userPoolId : String }
The DescribeUserPoolRequest data model.
{ userPool : Maybe UserPoolType }
The DescribeUserPoolResponse data model.
{ challengeRequiredOnNewDevice : Maybe Basics.Bool
, deviceOnlyRememberedOnUserPrompt : Maybe Basics.Bool
}
The DeviceConfigurationType data model.
List DeviceType
The DeviceListType data model.
The DeviceRememberedStatusType data model.
{ passwordVerifier : Maybe String
, salt : Maybe String
}
The DeviceSecretVerifierConfigType data model.
{ deviceAttributes : Maybe AttributeListType
, deviceCreateDate : Maybe String
, deviceKey : Maybe String
, deviceLastAuthenticatedDate : Maybe String
, deviceLastModifiedDate : Maybe String
}
The DeviceType data model.
{ awsaccountId : Maybe String
, cloudFrontDistribution : Maybe String
, customDomainConfig : Maybe CustomDomainConfigType
, domain : Maybe String
, s3Bucket : Maybe String
, status : Maybe DomainStatusType
, userPoolId : Maybe String
, version : Maybe String
}
The DomainDescriptionType data model.
The DomainStatusType data model.
{ emailSendingAccount : Maybe EmailSendingAccountType
, replyToEmailAddress : Maybe String
, sourceArn : Maybe String
}
The EmailConfigurationType data model.
The EmailSendingAccountType data model.
{ city : Maybe String
, country : Maybe String
, deviceName : Maybe String
, ipAddress : Maybe String
, timezone : Maybe String
}
The EventContextDataType data model.
{ feedbackDate : Maybe String
, feedbackValue : FeedbackValueType
, provider : String
}
The EventFeedbackType data model.
The EventFilterType data model.
List EventFilterType
The EventFiltersType data model.
The EventResponseType data model.
{ riskDecision : Maybe RiskDecisionType
, riskLevel : Maybe RiskLevelType
}
The EventRiskType data model.
The EventType data model.
List ExplicitAuthFlowsType
The ExplicitAuthFlowsListType data model.
The ExplicitAuthFlowsType data model.
The FeedbackValueType data model.
{ accessToken : Maybe String
, deviceKey : String
}
The ForgetDeviceRequest data model.
{ analyticsMetadata : Maybe AnalyticsMetadataType
, clientId : String
, secretHash : Maybe String
, userContextData : Maybe UserContextDataType
, username : String
}
The ForgotPasswordRequest data model.
{ codeDeliveryDetails : Maybe CodeDeliveryDetailsType }
The ForgotPasswordResponse data model.
{ userPoolId : String }
The GetCsvheaderRequest data model.
{ csvheader : Maybe ListOfStringTypes
, userPoolId : Maybe String
}
The GetCsvheaderResponse data model.
{ accessToken : Maybe String
, deviceKey : String
}
The GetDeviceRequest data model.
{ device : DeviceType }
The GetDeviceResponse data model.
{ groupName : String
, userPoolId : String
}
The GetGroupRequest data model.
{ group : Maybe GroupType }
The GetGroupResponse data model.
{ idpIdentifier : String
, userPoolId : String
}
The GetIdentityProviderByIdentifierRequest data model.
{ identityProvider : IdentityProviderType }
The GetIdentityProviderByIdentifierResponse data model.
{ userPoolId : String }
The GetSigningCertificateRequest data model.
{ certificate : Maybe String }
The GetSigningCertificateResponse data model.
{ clientId : Maybe String
, userPoolId : String
}
The GetUicustomizationRequest data model.
{ uicustomization : UicustomizationType }
The GetUicustomizationResponse data model.
{ accessToken : String
, attributeName : String
}
The GetUserAttributeVerificationCodeRequest data model.
{ codeDeliveryDetails : Maybe CodeDeliveryDetailsType }
The GetUserAttributeVerificationCodeResponse data model.
{ userPoolId : String }
The GetUserPoolMfaConfigRequest data model.
{ mfaConfiguration : Maybe UserPoolMfaType
, smsMfaConfiguration : Maybe SmsMfaConfigType
, softwareTokenMfaConfiguration : Maybe SoftwareTokenMfaConfigType
}
The GetUserPoolMfaConfigResponse data model.
{ accessToken : String }
The GetUserRequest data model.
{ mfaoptions : Maybe MfaoptionListType
, preferredMfaSetting : Maybe String
, userAttributes : AttributeListType
, userMfasettingList : Maybe UserMfasettingListType
, username : String
}
The GetUserResponse data model.
{ accessToken : String }
The GlobalSignOutRequest data model.
{}
The GlobalSignOutResponse data model.
List GroupType
The GroupListType data model.
{ creationDate : Maybe String
, description : Maybe String
, groupName : Maybe String
, lastModifiedDate : Maybe String
, precedence : Maybe Basics.Int
, roleArn : Maybe String
, userPoolId : Maybe String
}
The GroupType data model.
{ headerName : Maybe String
, headerValue : Maybe String
}
The HttpHeader data model.
List HttpHeader
The HttpHeaderList data model.
{ attributeMapping : Maybe AttributeMappingType
, creationDate : Maybe String
, idpIdentifiers : Maybe IdpIdentifiersListType
, lastModifiedDate : Maybe String
, providerDetails : Maybe ProviderDetailsType
, providerName : Maybe String
, providerType : Maybe IdentityProviderTypeType
, userPoolId : Maybe String
}
The IdentityProviderType data model.
The IdentityProviderTypeType data model.
List String
The IdpIdentifiersListType data model.
{ analyticsMetadata : Maybe AnalyticsMetadataType
, authFlow : AuthFlowType
, authParameters : Maybe AuthParametersType
, clientId : String
, clientMetadata : Maybe ClientMetadataType
, userContextData : Maybe UserContextDataType
}
The InitiateAuthRequest data model.
{ authenticationResult : Maybe AuthenticationResultType
, challengeName : Maybe ChallengeNameType
, challengeParameters : Maybe ChallengeParametersType
, session : Maybe String
}
The InitiateAuthResponse data model.
{ createAuthChallenge : Maybe String
, customMessage : Maybe String
, defineAuthChallenge : Maybe String
, postAuthentication : Maybe String
, postConfirmation : Maybe String
, preAuthentication : Maybe String
, preSignUp : Maybe String
, preTokenGeneration : Maybe String
, userMigration : Maybe String
, verifyAuthChallengeResponse : Maybe String
}
The LambdaConfigType data model.
{ accessToken : String
, limit : Maybe Basics.Int
, paginationToken : Maybe String
}
The ListDevicesRequest data model.
{ devices : Maybe DeviceListType
, paginationToken : Maybe String
}
The ListDevicesResponse data model.
{ limit : Maybe Basics.Int
, nextToken : Maybe String
, userPoolId : String
}
The ListGroupsRequest data model.
{ groups : Maybe GroupListType
, nextToken : Maybe String
}
The ListGroupsResponse data model.
{ maxResults : Maybe Basics.Int
, nextToken : Maybe String
, userPoolId : String
}
The ListIdentityProvidersRequest data model.
{ nextToken : Maybe String
, providers : ProvidersListType
}
The ListIdentityProvidersResponse data model.
List String
The ListOfStringTypes data model.
{ maxResults : Maybe Basics.Int
, nextToken : Maybe String
, userPoolId : String
}
The ListResourceServersRequest data model.
{ nextToken : Maybe String
, resourceServers : ResourceServersListType
}
The ListResourceServersResponse data model.
{ resourceArn : String }
The ListTagsForResourceRequest data model.
{ tags : Maybe UserPoolTagsType }
The ListTagsForResourceResponse data model.
{ maxResults : Basics.Int
, paginationToken : Maybe String
, userPoolId : String
}
The ListUserImportJobsRequest data model.
{ paginationToken : Maybe String
, userImportJobs : Maybe UserImportJobsListType
}
The ListUserImportJobsResponse data model.
{ maxResults : Maybe Basics.Int
, nextToken : Maybe String
, userPoolId : String
}
The ListUserPoolClientsRequest data model.
{ nextToken : Maybe String
, userPoolClients : Maybe UserPoolClientListType
}
The ListUserPoolClientsResponse data model.
{ maxResults : Basics.Int
, nextToken : Maybe String
}
The ListUserPoolsRequest data model.
{ nextToken : Maybe String
, userPools : Maybe UserPoolListType
}
The ListUserPoolsResponse data model.
{ groupName : String
, limit : Maybe Basics.Int
, nextToken : Maybe String
, userPoolId : String
}
The ListUsersInGroupRequest data model.
{ nextToken : Maybe String
, users : Maybe UsersListType
}
The ListUsersInGroupResponse data model.
{ attributesToGet : Maybe SearchedAttributeNamesListType
, filter : Maybe String
, limit : Maybe Basics.Int
, paginationToken : Maybe String
, userPoolId : String
}
The ListUsersRequest data model.
{ paginationToken : Maybe String
, users : Maybe UsersListType
}
The ListUsersResponse data model.
List String
The LogoutUrlsListType data model.
The MessageActionType data model.
{ emailMessage : Maybe String
, emailSubject : Maybe String
, smsmessage : Maybe String
}
The MessageTemplateType data model.
List MfaoptionType
The MfaoptionListType data model.
{ attributeName : Maybe String
, deliveryMedium : Maybe DeliveryMediumType
}
The MfaoptionType data model.
{ deviceGroupKey : Maybe String
, deviceKey : Maybe String
}
The NewDeviceMetadataType data model.
{ blockEmail : Maybe NotifyEmailType
, from : Maybe String
, mfaEmail : Maybe NotifyEmailType
, noActionEmail : Maybe NotifyEmailType
, replyTo : Maybe String
, sourceArn : String
}
The NotifyConfigurationType data model.
{ htmlBody : Maybe String
, subject : String
, textBody : Maybe String
}
The NotifyEmailType data model.
{ maxValue : Maybe String
, minValue : Maybe String
}
The NumberAttributeConstraintsType data model.
The OauthFlowType data model.
List OauthFlowType
The OauthFlowsType data model.
{ minimumLength : Maybe Basics.Int
, requireLowercase : Maybe Basics.Bool
, requireNumbers : Maybe Basics.Bool
, requireSymbols : Maybe Basics.Bool
, requireUppercase : Maybe Basics.Bool
, temporaryPasswordValidityDays : Maybe Basics.Int
}
The PasswordPolicyType data model.
{ creationDate : Maybe String
, lastModifiedDate : Maybe String
, providerName : Maybe String
, providerType : Maybe IdentityProviderTypeType
}
The ProviderDescription data model.
Dict String String
The ProviderDetailsType data model.
{ providerAttributeName : Maybe String
, providerAttributeValue : Maybe String
, providerName : Maybe String
}
The ProviderUserIdentifierType data model.
List ProviderDescription
The ProvidersListType data model.
{ analyticsMetadata : Maybe AnalyticsMetadataType
, clientId : String
, secretHash : Maybe String
, userContextData : Maybe UserContextDataType
, username : String
}
The ResendConfirmationCodeRequest data model.
{ codeDeliveryDetails : Maybe CodeDeliveryDetailsType }
The ResendConfirmationCodeResponse data model.
List ResourceServerScopeType
The ResourceServerScopeListType data model.
{ scopeDescription : String
, scopeName : String
}
The ResourceServerScopeType data model.
{ identifier : Maybe String
, name : Maybe String
, scopes : Maybe ResourceServerScopeListType
, userPoolId : Maybe String
}
The ResourceServerType data model.
List ResourceServerType
The ResourceServersListType data model.
{ analyticsMetadata : Maybe AnalyticsMetadataType
, challengeName : ChallengeNameType
, challengeResponses : Maybe ChallengeResponsesType
, clientId : String
, session : Maybe String
, userContextData : Maybe UserContextDataType
}
The RespondToAuthChallengeRequest data model.
{ authenticationResult : Maybe AuthenticationResultType
, challengeName : Maybe ChallengeNameType
, challengeParameters : Maybe ChallengeParametersType
, session : Maybe String
}
The RespondToAuthChallengeResponse data model.
{ accountTakeoverRiskConfiguration : Maybe AccountTakeoverRiskConfigurationType
, clientId : Maybe String
, compromisedCredentialsRiskConfiguration : Maybe CompromisedCredentialsRiskConfigurationType
, lastModifiedDate : Maybe String
, riskExceptionConfiguration : Maybe RiskExceptionConfigurationType
, userPoolId : Maybe String
}
The RiskConfigurationType data model.
The RiskDecisionType data model.
{ blockedIprangeList : Maybe BlockedIprangeListType
, skippedIprangeList : Maybe SkippedIprangeListType
}
The RiskExceptionConfigurationType data model.
The RiskLevelType data model.
{ attributeDataType : Maybe AttributeDataType
, developerOnlyAttribute : Maybe Basics.Bool
, mutable : Maybe Basics.Bool
, name : Maybe String
, numberAttributeConstraints : Maybe NumberAttributeConstraintsType
, required : Maybe Basics.Bool
, stringAttributeConstraints : Maybe StringAttributeConstraintsType
}
The SchemaAttributeType data model.
List SchemaAttributeType
The SchemaAttributesListType data model.
List String
The ScopeListType data model.
List String
The SearchedAttributeNamesListType data model.
{ accountTakeoverRiskConfiguration : Maybe AccountTakeoverRiskConfigurationType
, clientId : Maybe String
, compromisedCredentialsRiskConfiguration : Maybe CompromisedCredentialsRiskConfigurationType
, riskExceptionConfiguration : Maybe RiskExceptionConfigurationType
, userPoolId : String
}
The SetRiskConfigurationRequest data model.
{ riskConfiguration : RiskConfigurationType }
The SetRiskConfigurationResponse data model.
{ css : Maybe String
, clientId : Maybe String
, imageFile : Maybe String
, userPoolId : String
}
The SetUicustomizationRequest data model.
{ uicustomization : UicustomizationType }
The SetUicustomizationResponse data model.
{ accessToken : String
, smsmfaSettings : Maybe SmsmfaSettingsType
, softwareTokenMfaSettings : Maybe SoftwareTokenMfaSettingsType
}
The SetUserMfapreferenceRequest data model.
{}
The SetUserMfapreferenceResponse data model.
{ mfaConfiguration : Maybe UserPoolMfaType
, smsMfaConfiguration : Maybe SmsMfaConfigType
, softwareTokenMfaConfiguration : Maybe SoftwareTokenMfaConfigType
, userPoolId : String
}
The SetUserPoolMfaConfigRequest data model.
{ mfaConfiguration : Maybe UserPoolMfaType
, smsMfaConfiguration : Maybe SmsMfaConfigType
, softwareTokenMfaConfiguration : Maybe SoftwareTokenMfaConfigType
}
The SetUserPoolMfaConfigResponse data model.
{ accessToken : String
, mfaoptions : MfaoptionListType
}
The SetUserSettingsRequest data model.
{}
The SetUserSettingsResponse data model.
{ analyticsMetadata : Maybe AnalyticsMetadataType
, clientId : String
, password : String
, secretHash : Maybe String
, userAttributes : Maybe AttributeListType
, userContextData : Maybe UserContextDataType
, username : String
, validationData : Maybe AttributeListType
}
The SignUpRequest data model.
{ codeDeliveryDetails : Maybe CodeDeliveryDetailsType
, userConfirmed : Basics.Bool
, userSub : String
}
The SignUpResponse data model.
List String
The SkippedIprangeListType data model.
{ externalId : Maybe String
, snsCallerArn : String
}
The SmsConfigurationType data model.
{ smsAuthenticationMessage : Maybe String
, smsConfiguration : Maybe SmsConfigurationType
}
The SmsMfaConfigType data model.
{ enabled : Maybe Basics.Bool
, preferredMfa : Maybe Basics.Bool
}
The SmsmfaSettingsType data model.
{ enabled : Maybe Basics.Bool }
The SoftwareTokenMfaConfigType data model.
{ enabled : Maybe Basics.Bool
, preferredMfa : Maybe Basics.Bool
}
The SoftwareTokenMfaSettingsType data model.
{ jobId : String
, userPoolId : String
}
The StartUserImportJobRequest data model.
{ userImportJob : Maybe UserImportJobType }
The StartUserImportJobResponse data model.
The StatusType data model.
{ jobId : String
, userPoolId : String
}
The StopUserImportJobRequest data model.
{ userImportJob : Maybe UserImportJobType }
The StopUserImportJobResponse data model.
{ maxLength : Maybe String
, minLength : Maybe String
}
The StringAttributeConstraintsType data model.
List String
The SupportedIdentityProvidersListType data model.
{ resourceArn : String
, tags : Maybe UserPoolTagsType
}
The TagResourceRequest data model.
{}
The TagResourceResponse data model.
{ css : Maybe String
, cssversion : Maybe String
, clientId : Maybe String
, creationDate : Maybe String
, imageUrl : Maybe String
, lastModifiedDate : Maybe String
, userPoolId : Maybe String
}
The UicustomizationType data model.
{ resourceArn : String
, tagKeys : Maybe UserPoolTagsListType
}
The UntagResourceRequest data model.
{}
The UntagResourceResponse data model.
{ eventId : String
, feedbackToken : String
, feedbackValue : FeedbackValueType
, userPoolId : String
, username : String
}
The UpdateAuthEventFeedbackRequest data model.
{}
The UpdateAuthEventFeedbackResponse data model.
{ accessToken : String
, deviceKey : String
, deviceRememberedStatus : Maybe DeviceRememberedStatusType
}
The UpdateDeviceStatusRequest data model.
{}
The UpdateDeviceStatusResponse data model.
{ description : Maybe String
, groupName : String
, precedence : Maybe Basics.Int
, roleArn : Maybe String
, userPoolId : String
}
The UpdateGroupRequest data model.
{ group : Maybe GroupType }
The UpdateGroupResponse data model.
{ attributeMapping : Maybe AttributeMappingType
, idpIdentifiers : Maybe IdpIdentifiersListType
, providerDetails : Maybe ProviderDetailsType
, providerName : String
, userPoolId : String
}
The UpdateIdentityProviderRequest data model.
{ identityProvider : IdentityProviderType }
The UpdateIdentityProviderResponse data model.
{ identifier : String
, name : String
, scopes : Maybe ResourceServerScopeListType
, userPoolId : String
}
The UpdateResourceServerRequest data model.
{ resourceServer : ResourceServerType }
The UpdateResourceServerResponse data model.
{ accessToken : String
, userAttributes : AttributeListType
}
The UpdateUserAttributesRequest data model.
{ codeDeliveryDetailsList : Maybe CodeDeliveryDetailsListType }
The UpdateUserAttributesResponse data model.
{ allowedOauthFlows : Maybe OauthFlowsType
, allowedOauthFlowsUserPoolClient : Maybe Basics.Bool
, allowedOauthScopes : Maybe ScopeListType
, analyticsConfiguration : Maybe AnalyticsConfigurationType
, callbackUrls : Maybe CallbackUrlsListType
, clientId : String
, clientName : Maybe String
, defaultRedirectUri : Maybe String
, explicitAuthFlows : Maybe ExplicitAuthFlowsListType
, logoutUrls : Maybe LogoutUrlsListType
, readAttributes : Maybe ClientPermissionListType
, refreshTokenValidity : Maybe Basics.Int
, supportedIdentityProviders : Maybe SupportedIdentityProvidersListType
, userPoolId : String
, writeAttributes : Maybe ClientPermissionListType
}
The UpdateUserPoolClientRequest data model.
{ userPoolClient : Maybe UserPoolClientType }
The UpdateUserPoolClientResponse data model.
{ customDomainConfig : CustomDomainConfigType
, domain : String
, userPoolId : String
}
The UpdateUserPoolDomainRequest data model.
{ cloudFrontDomain : Maybe String }
The UpdateUserPoolDomainResponse data model.
{ adminCreateUserConfig : Maybe AdminCreateUserConfigType
, autoVerifiedAttributes : Maybe VerifiedAttributesListType
, deviceConfiguration : Maybe DeviceConfigurationType
, emailConfiguration : Maybe EmailConfigurationType
, emailVerificationMessage : Maybe String
, emailVerificationSubject : Maybe String
, lambdaConfig : Maybe LambdaConfigType
, mfaConfiguration : Maybe UserPoolMfaType
, policies : Maybe UserPoolPolicyType
, smsAuthenticationMessage : Maybe String
, smsConfiguration : Maybe SmsConfigurationType
, smsVerificationMessage : Maybe String
, userPoolAddOns : Maybe UserPoolAddOnsType
, userPoolId : String
, userPoolTags : Maybe UserPoolTagsType
, verificationMessageTemplate : Maybe VerificationMessageTemplateType
}
The UpdateUserPoolRequest data model.
{}
The UpdateUserPoolResponse data model.
{ encodedData : Maybe String }
The UserContextDataType data model.
The UserImportJobStatusType data model.
{ cloudWatchLogsRoleArn : Maybe String
, completionDate : Maybe String
, completionMessage : Maybe String
, creationDate : Maybe String
, failedUsers : Maybe Basics.Int
, importedUsers : Maybe Basics.Int
, jobId : Maybe String
, jobName : Maybe String
, preSignedUrl : Maybe String
, skippedUsers : Maybe Basics.Int
, startDate : Maybe String
, status : Maybe UserImportJobStatusType
, userPoolId : Maybe String
}
The UserImportJobType data model.
List UserImportJobType
The UserImportJobsListType data model.
List String
The UserMfasettingListType data model.
{ advancedSecurityMode : AdvancedSecurityModeType }
The UserPoolAddOnsType data model.
{ clientId : Maybe String
, clientName : Maybe String
, userPoolId : Maybe String
}
The UserPoolClientDescription data model.
List UserPoolClientDescription
The UserPoolClientListType data model.
{ allowedOauthFlows : Maybe OauthFlowsType
, allowedOauthFlowsUserPoolClient : Maybe Basics.Bool
, allowedOauthScopes : Maybe ScopeListType
, analyticsConfiguration : Maybe AnalyticsConfigurationType
, callbackUrls : Maybe CallbackUrlsListType
, clientId : Maybe String
, clientName : Maybe String
, clientSecret : Maybe String
, creationDate : Maybe String
, defaultRedirectUri : Maybe String
, explicitAuthFlows : Maybe ExplicitAuthFlowsListType
, lastModifiedDate : Maybe String
, logoutUrls : Maybe LogoutUrlsListType
, readAttributes : Maybe ClientPermissionListType
, refreshTokenValidity : Maybe Basics.Int
, supportedIdentityProviders : Maybe SupportedIdentityProvidersListType
, userPoolId : Maybe String
, writeAttributes : Maybe ClientPermissionListType
}
The UserPoolClientType data model.
{ creationDate : Maybe String
, id : Maybe String
, lambdaConfig : Maybe LambdaConfigType
, lastModifiedDate : Maybe String
, name : Maybe String
, status : Maybe StatusType
}
The UserPoolDescriptionType data model.
List UserPoolDescriptionType
The UserPoolListType data model.
The UserPoolMfaType data model.
{ passwordPolicy : Maybe PasswordPolicyType }
The UserPoolPolicyType data model.
List String
The UserPoolTagsListType data model.
Dict String String
The UserPoolTagsType data model.
{ adminCreateUserConfig : Maybe AdminCreateUserConfigType
, aliasAttributes : Maybe AliasAttributesListType
, arn : Maybe String
, autoVerifiedAttributes : Maybe VerifiedAttributesListType
, creationDate : Maybe String
, customDomain : Maybe String
, deviceConfiguration : Maybe DeviceConfigurationType
, domain : Maybe String
, emailConfiguration : Maybe EmailConfigurationType
, emailConfigurationFailure : Maybe String
, emailVerificationMessage : Maybe String
, emailVerificationSubject : Maybe String
, estimatedNumberOfUsers : Maybe Basics.Int
, id : Maybe String
, lambdaConfig : Maybe LambdaConfigType
, lastModifiedDate : Maybe String
, mfaConfiguration : Maybe UserPoolMfaType
, name : Maybe String
, policies : Maybe UserPoolPolicyType
, schemaAttributes : Maybe SchemaAttributesListType
, smsAuthenticationMessage : Maybe String
, smsConfiguration : Maybe SmsConfigurationType
, smsConfigurationFailure : Maybe String
, smsVerificationMessage : Maybe String
, status : Maybe StatusType
, userPoolAddOns : Maybe UserPoolAddOnsType
, userPoolTags : Maybe UserPoolTagsType
, usernameAttributes : Maybe UsernameAttributesListType
, verificationMessageTemplate : Maybe VerificationMessageTemplateType
}
The UserPoolType data model.
The UserStatusType data model.
{ attributes : Maybe AttributeListType
, enabled : Maybe Basics.Bool
, mfaoptions : Maybe MfaoptionListType
, userCreateDate : Maybe String
, userLastModifiedDate : Maybe String
, userStatus : Maybe UserStatusType
, username : Maybe String
}
The UserType data model.
The UsernameAttributeType data model.
List UsernameAttributeType
The UsernameAttributesListType data model.
List UserType
The UsersListType data model.
{ defaultEmailOption : Maybe DefaultEmailOptionType
, emailMessage : Maybe String
, emailMessageByLink : Maybe String
, emailSubject : Maybe String
, emailSubjectByLink : Maybe String
, smsMessage : Maybe String
}
The VerificationMessageTemplateType data model.
The VerifiedAttributeType data model.
List VerifiedAttributeType
The VerifiedAttributesListType data model.
{ accessToken : Maybe String
, friendlyDeviceName : Maybe String
, session : Maybe String
, userCode : String
}
The VerifySoftwareTokenRequest data model.
{ session : Maybe String
, status : Maybe VerifySoftwareTokenResponseType
}
The VerifySoftwareTokenResponse data model.
The VerifySoftwareTokenResponseType data model.
{ accessToken : String
, attributeName : String
, code : String
}
The VerifyUserAttributeRequest data model.
{}
The VerifyUserAttributeResponse data model.
accountTakeoverEventActionType : Enum AccountTakeoverEventActionType
The AccountTakeoverEventActionType data model.
advancedSecurityModeType : Enum AdvancedSecurityModeType
The AdvancedSecurityModeType data model.
aliasAttributeType : Enum AliasAttributeType
The AliasAttributeType data model.
attributeDataType : Enum AttributeDataType
The AttributeDataType data model.
authFlowType : Enum AuthFlowType
The AuthFlowType data model.
challengeName : Enum ChallengeName
The ChallengeName data model.
challengeNameType : Enum ChallengeNameType
The ChallengeNameType data model.
challengeResponse : Enum ChallengeResponse
The ChallengeResponse data model.
compromisedCredentialsEventActionType : Enum CompromisedCredentialsEventActionType
The CompromisedCredentialsEventActionType data model.
defaultEmailOptionType : Enum DefaultEmailOptionType
The DefaultEmailOptionType data model.
deliveryMediumType : Enum DeliveryMediumType
The DeliveryMediumType data model.
deviceRememberedStatusType : Enum DeviceRememberedStatusType
The DeviceRememberedStatusType data model.
domainStatusType : Enum DomainStatusType
The DomainStatusType data model.
emailSendingAccountType : Enum EmailSendingAccountType
The EmailSendingAccountType data model.
eventFilterType : Enum EventFilterType
The EventFilterType data model.
eventResponseType : Enum EventResponseType
The EventResponseType data model.
eventType : Enum EventType
The EventType data model.
explicitAuthFlowsType : Enum ExplicitAuthFlowsType
The ExplicitAuthFlowsType data model.
feedbackValueType : Enum FeedbackValueType
The FeedbackValueType data model.
identityProviderTypeType : Enum IdentityProviderTypeType
The IdentityProviderTypeType data model.
messageActionType : Enum MessageActionType
The MessageActionType data model.
oauthFlowType : Enum OauthFlowType
The OauthFlowType data model.
riskDecisionType : Enum RiskDecisionType
The RiskDecisionType data model.
riskLevelType : Enum RiskLevelType
The RiskLevelType data model.
statusType : Enum StatusType
The StatusType data model.
userImportJobStatusType : Enum UserImportJobStatusType
The UserImportJobStatusType data model.
userPoolMfaType : Enum UserPoolMfaType
The UserPoolMfaType data model.
userStatusType : Enum UserStatusType
The UserStatusType data model.
usernameAttributeType : Enum UsernameAttributeType
The UsernameAttributeType data model.
verifiedAttributeType : Enum VerifiedAttributeType
The VerifiedAttributeType data model.
verifySoftwareTokenResponseType : Enum VerifySoftwareTokenResponseType
The VerifySoftwareTokenResponseType data model.