com.amazonaws.services.cognitoidp.AWSCognitoIdentityProvider Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of aws-java-sdk-cognitoidp Show documentation

The AWS Java SDK for Amazon Cognito Identity Provider Service module holds the client classes that are used for communicating with Amazon Cognito Identity Provider Service.

There is a newer version: 1.12.772

Show newest version

/* * Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with * the License. A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions * and limitations under the License. */ package com.amazonaws.services.cognitoidp; import javax.annotation.Generated; import com.amazonaws.*; import com.amazonaws.regions.*; import com.amazonaws.services.cognitoidp.model.*; /** * Interface for accessing Amazon Cognito Identity Provider. * * Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.cognitoidp.AbstractAWSCognitoIdentityProvider} instead. * * * * With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users * from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users * at Adding * user pool sign-in through a third party and in the User pool federation endpoints and hosted UI reference. * * * This API reference provides detailed information about API operations and object types in Amazon Cognito. * * * Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and * authorization models for client-side and server-side authentication of users. You can interact with operations in the * Amazon Cognito user pools API as any of the following subjects. * * * * * An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions. * * * * * A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, * authenticate, or authorize a user. * * * * * A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or * authorize a user. * * * * * For more information, see Using the Amazon * Cognito user pools API and user pool endpoints in the Amazon Cognito Developer Guide. * * * With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this * API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the * CognitoIdentityProvider client in other supported Amazon Web Services SDKs. * * * * * Amazon Web * Services Command Line Interface * * * * * Amazon Web Services SDK for .NET * * * * * Amazon Web Services SDK for C++ * * * * * Amazon * Web Services SDK for Go * * * * * Amazon Web Services SDK for Java V2 * * * * * Amazon Web * Services SDK for JavaScript * * * * * Amazon Web Services SDK for * PHP V3 * * * * * Amazon Web * Services SDK for Python * * * * * Amazon Web Services * SDK for Ruby V3 * * * * * To get started with an Amazon Web Services SDK, see Tools to Build * on Amazon Web Services. For example actions and scenarios, see Code * examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs. * */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public interface AWSCognitoIdentityProvider { /** * The region metadata service name for computing region endpoints. You can use this value to retrieve metadata * (such as supported regions) of the service. * * @see RegionUtils#getRegionsForService(String) */ String ENDPOINT_PREFIX = "cognito-idp"; /** * Overrides the default endpoint for this client ("https://cognito-idp.us-east-1.amazonaws.com"). Callers can use * this method to control which AWS region they want to work with. * * Callers can pass in just the endpoint (ex: "cognito-idp.us-east-1.amazonaws.com") or a full URL, including the * protocol (ex: "https://cognito-idp.us-east-1.amazonaws.com"). If the protocol is not specified here, the default * protocol from this client's {@link ClientConfiguration} will be used, which by default is HTTPS. * * For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available * endpoints for all AWS services, see: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html#region-selection- * choose-endpoint * * This method is not threadsafe. An endpoint should be configured when the client is created and before any * service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in * transit or retrying. * * @param endpoint * The endpoint (ex: "cognito-idp.us-east-1.amazonaws.com") or a full URL, including the protocol (ex: * "https://cognito-idp.us-east-1.amazonaws.com") of the region specific AWS endpoint this client will * communicate with. * @deprecated use {@link AwsClientBuilder#setEndpointConfiguration(AwsClientBuilder.EndpointConfiguration)} for * example: * {@code builder.setEndpointConfiguration(new EndpointConfiguration(endpoint, signingRegion));} */ @Deprecated void setEndpoint(String endpoint); /** * An alternative to {@link AWSCognitoIdentityProvider#setEndpoint(String)}, sets the regional endpoint for this * client's service calls. Callers can use this method to control which AWS region they want to work with. * * By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the * {@link ClientConfiguration} supplied at construction. * * This method is not threadsafe. A region should be configured when the client is created and before any service * requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit * or retrying. * * @param region * The region this client will communicate with. See {@link Region#getRegion(com.amazonaws.regions.Regions)} * for accessing a given region. Must not be null and must be a region where the service is available. * * @see Region#getRegion(com.amazonaws.regions.Regions) * @see Region#createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration) * @see Region#isServiceSupported(String) * @deprecated use {@link AwsClientBuilder#setRegion(String)} */ @Deprecated void setRegion(Region region); /** * * Adds additional user attributes to the user pool schema. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param addCustomAttributesRequest * Represents the request to add custom attributes. * @return Result of the AddCustomAttributes operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserImportInProgressException * This exception is thrown when you're trying to modify a user pool while a user import job is in progress * for that pool. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AddCustomAttributes * @see AWS API Documentation */ AddCustomAttributesResult addCustomAttributes(AddCustomAttributesRequest addCustomAttributesRequest); /** * * Adds a user to a group. A user who is in a group can present a preferred-role claim to an identity pool, and * populates a cognito:groups claim to their access and identity tokens. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminAddUserToGroupRequest * @return Result of the AdminAddUserToGroup operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminAddUserToGroup * @see AWS API Documentation */ AdminAddUserToGroupResult adminAddUserToGroup(AdminAddUserToGroupRequest adminAddUserToGroupRequest); /** * * This IAM-authenticated API operation provides a code that Amazon Cognito sent to your user when they signed up in * your user pool. After your user enters their code, they confirm ownership of the email address or phone number * that they provided, and their user account becomes active. Depending on your user pool configuration, your users * will receive their confirmation code in an email or SMS message. * * * Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users * who federate through an external identity provider (IdP) have already been confirmed by their IdP. * Administrator-created users confirm their accounts when they respond to their invitation email message and choose * a password. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminConfirmSignUpRequest * Confirm a user's registration as a user pool administrator. * @return Result of the AdminConfirmSignUp operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyFailedAttemptsException * This exception is thrown when the user has made too many failed attempts for a given action, such as * sign-in. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminConfirmSignUp * @see AWS * API Documentation */ AdminConfirmSignUpResult adminConfirmSignUp(AdminConfirmSignUpRequest adminConfirmSignUpRequest); /** * * Creates a new user in the specified user pool. * * * If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS). * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * This message is based on a template that you configured in your call to create or update a user pool. This * template includes your custom sign-up instructions and placeholders for user name and temporary password. * * * Alternatively, you can call AdminCreateUser with SUPPRESS for the * MessageAction parameter, and Amazon Cognito won't send any email. * * * In either case, the user will be in the FORCE_CHANGE_PASSWORD state until they sign in and change * their password. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminCreateUserRequest * Represents the request to create a user in the specified user pool. * @return Result of the AdminCreateUser operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UsernameExistsException * This exception is thrown when Amazon Cognito encounters a user name that already exists in the user pool. * @throws InvalidPasswordException * This exception is thrown when Amazon Cognito encounters an invalid password. * @throws CodeDeliveryFailureException * This exception is thrown when a verification code fails to deliver successfully. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws PreconditionNotMetException * This exception is thrown when a precondition is not met. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UnsupportedUserStateException * The request failed because the user is in an unsupported state. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminCreateUser * @see AWS * API Documentation */ AdminCreateUserResult adminCreateUser(AdminCreateUserRequest adminCreateUserRequest); /** * * Deletes a user as an administrator. Works on any user. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminDeleteUserRequest * Represents the request to delete a user as an administrator. * @return Result of the AdminDeleteUser operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminDeleteUser * @see AWS * API Documentation */ AdminDeleteUserResult adminDeleteUser(AdminDeleteUserRequest adminDeleteUserRequest); /** * * Deletes the user attributes in a user pool as an administrator. Works on any user. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminDeleteUserAttributesRequest * Represents the request to delete user attributes as an administrator. * @return Result of the AdminDeleteUserAttributes operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminDeleteUserAttributes * @see AWS API Documentation */ AdminDeleteUserAttributesResult adminDeleteUserAttributes(AdminDeleteUserAttributesRequest adminDeleteUserAttributesRequest); /** * * Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP). If the * user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can't use * their password to sign in. If the user to deactivate is a linked external IdP user, any link between that user * and an existing user is removed. When the external user signs in again, and the user is no longer attached to the * previously linked DestinationUser, the user must create a new user account. See AdminLinkProviderForUser. * * * The ProviderName must match the value specified when creating an IdP for the pool. * * * To deactivate a native username + password user, the ProviderName value must be Cognito * and the ProviderAttributeName must be Cognito_Subject. The * ProviderAttributeValue must be the name that is used in the user pool for the user. * * * The ProviderAttributeName must always be Cognito_Subject for social IdPs. The * ProviderAttributeValue must always be the exact subject that was used when the user was originally * linked as a source user. * * * For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, * the ProviderAttributeName and ProviderAttributeValue must be the same values that were * used for the SourceUser when the identities were originally linked using * AdminLinkProviderForUser call. (If the linking was done with ProviderAttributeName set * to Cognito_Subject, the same applies here). However, if the user has already signed in, the * ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue * must be the subject of the SAML assertion. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminDisableProviderForUserRequest * @return Result of the AdminDisableProviderForUser operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws AliasExistsException * This exception is thrown when a user tries to confirm the account with an email address or phone number * that has already been supplied as an alias for a different user profile. This exception indicates that an * account with this email address or phone already exists in a user pool that you've configured to use * email address or phone number as a sign-in alias. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminDisableProviderForUser * @see AWS API Documentation */ AdminDisableProviderForUserResult adminDisableProviderForUser(AdminDisableProviderForUserRequest adminDisableProviderForUserRequest); /** * * Deactivates a user and revokes all access tokens for the user. A deactivated user can't sign in, but still * appears in the responses to GetUser and ListUsers API requests. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminDisableUserRequest * Represents the request to disable the user as an administrator. * @return Result of the AdminDisableUser operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminDisableUser * @see AWS * API Documentation */ AdminDisableUserResult adminDisableUser(AdminDisableUserRequest adminDisableUserRequest); /** * * Enables the specified user as an administrator. Works on any user. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminEnableUserRequest * Represents the request that enables the user as an administrator. * @return Result of the AdminEnableUser operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminEnableUser * @see AWS * API Documentation */ AdminEnableUserResult adminEnableUser(AdminEnableUserRequest adminEnableUserRequest); /** * * Forgets the device, as an administrator. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminForgetDeviceRequest * Sends the forgot device request, as an administrator. * @return Result of the AdminForgetDevice operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminForgetDevice * @see AWS * API Documentation */ AdminForgetDeviceResult adminForgetDevice(AdminForgetDeviceRequest adminForgetDeviceRequest); /** * * Gets the device, as an administrator. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminGetDeviceRequest * Represents the request to get the device, as an administrator. * @return Result of the AdminGetDevice operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @sample AWSCognitoIdentityProvider.AdminGetDevice * @see AWS API * Documentation */ AdminGetDeviceResult adminGetDevice(AdminGetDeviceRequest adminGetDeviceRequest); /** * * Gets the specified user by user name in a user pool as an administrator. Works on any user. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminGetUserRequest * Represents the request to get the specified user as an administrator. * @return Result of the AdminGetUser operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminGetUser * @see AWS API * Documentation */ AdminGetUserResult adminGetUser(AdminGetUserRequest adminGetUserRequest); /** * * Initiates the authentication flow, as an administrator. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminInitiateAuthRequest * Initiates the authorization request, as an administrator. * @return Result of the AdminInitiateAuth operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws MFAMethodNotFoundException * This exception is thrown when Amazon Cognito can't find a multi-factor authentication (MFA) method. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @sample AWSCognitoIdentityProvider.AdminInitiateAuth * @see AWS * API Documentation */ AdminInitiateAuthResult adminInitiateAuth(AdminInitiateAuthRequest adminInitiateAuthRequest); /** * * Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP * (SourceUser) based on a specified attribute name and value from the external IdP. This allows you to * create a link from the existing user account to an external federated user identity that has not yet been used to * sign in. You can then use the federated user identity to sign in as the existing user account. * * * For example, if there is an existing user with a username and password, this API links that user to a federated * user identity. When the user signs in with a federated user identity, they sign in as the existing user account. * * * * The maximum number of federated identities linked to a user is five. * * * * Because this API allows a user with an external federated identity to sign in as an existing user in the user * pool, it is critical that it only be used with external IdPs and provider attributes that have been trusted by * the application owner. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminLinkProviderForUserRequest * @return Result of the AdminLinkProviderForUser operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws AliasExistsException * This exception is thrown when a user tries to confirm the account with an email address or phone number * that has already been supplied as an alias for a different user profile. This exception indicates that an * account with this email address or phone already exists in a user pool that you've configured to use * email address or phone number as a sign-in alias. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminLinkProviderForUser * @see AWS API Documentation */ AdminLinkProviderForUserResult adminLinkProviderForUser(AdminLinkProviderForUserRequest adminLinkProviderForUserRequest); /** * * Lists devices, as an administrator. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminListDevicesRequest * Represents the request to list devices, as an administrator. * @return Result of the AdminListDevices operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @sample AWSCognitoIdentityProvider.AdminListDevices * @see AWS * API Documentation */ AdminListDevicesResult adminListDevices(AdminListDevicesRequest adminListDevicesRequest); /** * * Lists the groups that a user belongs to. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminListGroupsForUserRequest * @return Result of the AdminListGroupsForUser operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminListGroupsForUser * @see AWS API Documentation */ AdminListGroupsForUserResult adminListGroupsForUser(AdminListGroupsForUserRequest adminListGroupsForUserRequest); /** * * A history of user activity and any risks detected as part of Amazon Cognito advanced security. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminListUserAuthEventsRequest * @return Result of the AdminListUserAuthEvents operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserPoolAddOnNotEnabledException * This exception is thrown when user pool add-ons aren't enabled. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminListUserAuthEvents * @see AWS API Documentation */ AdminListUserAuthEventsResult adminListUserAuthEvents(AdminListUserAuthEventsRequest adminListUserAuthEventsRequest); /** * * Removes the specified user from the specified group. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminRemoveUserFromGroupRequest * @return Result of the AdminRemoveUserFromGroup operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminRemoveUserFromGroup * @see AWS API Documentation */ AdminRemoveUserFromGroupResult adminRemoveUserFromGroup(AdminRemoveUserFromGroupRequest adminRemoveUserFromGroupRequest); /** * * Resets the specified user's password in a user pool as an administrator. Works on any user. * * * To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * Deactivates a user's password, requiring them to change it. If a user tries to sign in after the API is called, * Amazon Cognito responds with a PasswordResetRequiredException error. Your app must then perform the * actions that reset your user's password: the forgot-password flow. In addition, if the user pool has phone * verification selected and a verified phone number exists for the user, or if email verification is selected and a * verified email exists for the user, calling this API will also result in sending a message to the end user with * the code to change their password. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminResetUserPasswordRequest * Represents the request to reset a user's password as an administrator. * @return Result of the AdminResetUserPassword operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminResetUserPassword * @see AWS API Documentation */ AdminResetUserPasswordResult adminResetUserPassword(AdminResetUserPasswordRequest adminResetUserPasswordRequest); /** * * Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication * that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge API * request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a * response to an authentication challenge vary with the type of challenge. * * * For more information about custom authentication challenges, see Custom * authentication challenge Lambda triggers. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminRespondToAuthChallengeRequest * The request to respond to the authentication challenge, as an administrator. * @return Result of the AdminRespondToAuthChallenge operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws CodeMismatchException * This exception is thrown if the provided code doesn't match what the server was expecting. * @throws ExpiredCodeException * This exception is thrown if a code has expired. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws InvalidPasswordException * This exception is thrown when Amazon Cognito encounters an invalid password. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws MFAMethodNotFoundException * This exception is thrown when Amazon Cognito can't find a multi-factor authentication (MFA) method. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws AliasExistsException * This exception is thrown when a user tries to confirm the account with an email address or phone number * that has already been supplied as an alias for a different user profile. This exception indicates that an * account with this email address or phone already exists in a user pool that you've configured to use * email address or phone number as a sign-in alias. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws SoftwareTokenMFANotFoundException * This exception is thrown when the software token time-based one-time password (TOTP) multi-factor * authentication (MFA) isn't activated for the user pool. * @sample AWSCognitoIdentityProvider.AdminRespondToAuthChallenge * @see AWS API Documentation */ AdminRespondToAuthChallengeResult adminRespondToAuthChallenge(AdminRespondToAuthChallengeRequest adminRespondToAuthChallengeRequest); /** * * The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any * are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a * user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge * to choose an MFA option will be returned during sign-in. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminSetUserMFAPreferenceRequest * @return Result of the AdminSetUserMFAPreference operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminSetUserMFAPreference * @see AWS API Documentation */ AdminSetUserMFAPreferenceResult adminSetUserMFAPreference(AdminSetUserMFAPreferenceRequest adminSetUserMFAPreferenceRequest); /** * * Sets the specified user's password in a user pool as an administrator. Works on any user. * * * The password can be temporary or permanent. If it is temporary, the user status enters the * FORCE_CHANGE_PASSWORD state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth * response will contain the NEW_PASSWORD_REQUIRED challenge. If the user doesn't sign in before it * expires, the user won't be able to sign in, and an administrator must reset their password. * * * Once the user has set a new password, or the password is permanent, the user status is set to * Confirmed. * * * AdminSetUserPassword can set a password for the user profile that Amazon Cognito creates for * third-party federated users. When you set a password, the federated user's status changes from * EXTERNAL_PROVIDER to CONFIRMED. A user in this state can sign in as a federated user, * and initiate authentication flows in the API like a linked native user. They can also modify their password and * attributes in token-authenticated API requests like ChangePassword and * UpdateUserAttributes. As a best security practice and to keep users in sync with your external IdP, * don't set passwords on federated user profiles. To set up a federated user for native sign-in with a linked * native user, refer to Linking federated users to an existing user profile. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminSetUserPasswordRequest * @return Result of the AdminSetUserPassword operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InvalidPasswordException * This exception is thrown when Amazon Cognito encounters an invalid password. * @sample AWSCognitoIdentityProvider.AdminSetUserPassword * @see AWS API Documentation */ AdminSetUserPasswordResult adminSetUserPassword(AdminSetUserPasswordRequest adminSetUserPasswordRequest); /** * * This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to * configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use AdminSetUserMFAPreference instead. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminSetUserSettingsRequest * You can use this parameter to set an MFA configuration that uses the SMS delivery medium. * @return Result of the AdminSetUserSettings operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminSetUserSettings * @see AWS API Documentation */ AdminSetUserSettingsResult adminSetUserSettings(AdminSetUserSettingsRequest adminSetUserSettingsRequest); /** * * Provides feedback for an authentication event indicating if it was from a valid user. This feedback is used for * improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminUpdateAuthEventFeedbackRequest * @return Result of the AdminUpdateAuthEventFeedback operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserPoolAddOnNotEnabledException * This exception is thrown when user pool add-ons aren't enabled. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminUpdateAuthEventFeedback * @see AWS API Documentation */ AdminUpdateAuthEventFeedbackResult adminUpdateAuthEventFeedback(AdminUpdateAuthEventFeedbackRequest adminUpdateAuthEventFeedbackRequest); /** * * Updates the device status as an administrator. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminUpdateDeviceStatusRequest * The request to update the device status, as an administrator. * @return Result of the AdminUpdateDeviceStatus operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminUpdateDeviceStatus * @see AWS API Documentation */ AdminUpdateDeviceStatusResult adminUpdateDeviceStatus(AdminUpdateDeviceStatusRequest adminUpdateDeviceStatusRequest); /** * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user. * To delete an attribute from your user, submit the attribute in your API request with a blank value. * * * For custom attributes, you must prepend the custom: prefix to the attribute name. * * * In addition to updating user attributes, this API can also be used to mark phone and email as verified. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminUpdateUserAttributesRequest * Represents the request to update the user's attributes as an administrator. * @return Result of the AdminUpdateUserAttributes operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws AliasExistsException * This exception is thrown when a user tries to confirm the account with an email address or phone number * that has already been supplied as an alias for a different user profile. This exception indicates that an * account with this email address or phone already exists in a user pool that you've configured to use * email address or phone number as a sign-in alias. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @sample AWSCognitoIdentityProvider.AdminUpdateUserAttributes * @see AWS API Documentation */ AdminUpdateUserAttributesResult adminUpdateUserAttributes(AdminUpdateUserAttributesRequest adminUpdateUserAttributesRequest); /** * * Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation * with your administrative credentials when your user signs out of your app. This results in the following * behavior. * * * * * Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out * user's access tokens. For more information, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a * user pools API request with a revoked access token that contains the scope * aws.cognito.signin.user.admin. * * * * * Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an * identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider. * * * * * Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests. * * * * * Other requests might be valid until your user's token expires. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param adminUserGlobalSignOutRequest * The request to sign out of all devices, as an administrator. * @return Result of the AdminUserGlobalSignOut operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.AdminUserGlobalSignOut * @see AWS API Documentation */ AdminUserGlobalSignOutResult adminUserGlobalSignOut(AdminUserGlobalSignOutRequest adminUserGlobalSignOutRequest); /** * * Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique * private key that Amazon Cognito generates and returns in the API response. You can authorize an * AssociateSoftwareToken request with either the user's access token, or a session string from a * challenge response that you received from Amazon Cognito. * * * * Amazon Cognito disassociates an existing software token when you verify the new token in a * VerifySoftwareToken API request. If you don't verify the software token and your user pool doesn't require * MFA, the user can then authenticate with user name and password credentials alone. If your user pool requires * TOTP MFA, Amazon Cognito generates an MFA_SETUP or SOFTWARE_TOKEN_SETUP challenge each * time your user signs. Complete setup with AssociateSoftwareToken and * VerifySoftwareToken. * * * After you set up software token MFA for your user, Amazon Cognito generates a SOFTWARE_TOKEN_MFA * challenge when they authenticate. Respond to this challenge with your user's TOTP. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param associateSoftwareTokenRequest * @return Result of the AssociateSoftwareToken operation returned by the service. * @throws ConcurrentModificationException * This exception is thrown if two or more modifications are happening concurrently. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws SoftwareTokenMFANotFoundException * This exception is thrown when the software token time-based one-time password (TOTP) multi-factor * authentication (MFA) isn't activated for the user pool. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.AssociateSoftwareToken * @see AWS API Documentation */ AssociateSoftwareTokenResult associateSoftwareToken(AssociateSoftwareTokenRequest associateSoftwareTokenRequest); /** * * Changes the password for a specified user in a user pool. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param changePasswordRequest * Represents the request to change a user password. * @return Result of the ChangePassword operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InvalidPasswordException * This exception is thrown when Amazon Cognito encounters an invalid password. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.ChangePassword * @see AWS API * Documentation */ ChangePasswordResult changePassword(ChangePasswordRequest changePasswordRequest); /** * * Confirms tracking of the device. This API call is the call that begins device tracking. For more information * about device authentication, see Working with user devices in your user pool. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param confirmDeviceRequest * Confirms the device request. * @return Result of the ConfirmDevice operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InvalidPasswordException * This exception is thrown when Amazon Cognito encounters an invalid password. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws UsernameExistsException * This exception is thrown when Amazon Cognito encounters a user name that already exists in the user pool. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.ConfirmDevice * @see AWS API * Documentation */ ConfirmDeviceResult confirmDevice(ConfirmDeviceRequest confirmDeviceRequest); /** * * Allows a user to enter a confirmation code to reset a forgotten password. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param confirmForgotPasswordRequest * The request representing the confirmation for a password reset. * @return Result of the ConfirmForgotPassword operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InvalidPasswordException * This exception is thrown when Amazon Cognito encounters an invalid password. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws CodeMismatchException * This exception is thrown if the provided code doesn't match what the server was expecting. * @throws ExpiredCodeException * This exception is thrown if a code has expired. * @throws TooManyFailedAttemptsException * This exception is thrown when the user has made too many failed attempts for a given action, such as * sign-in. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.ConfirmForgotPassword * @see AWS API Documentation */ ConfirmForgotPasswordResult confirmForgotPassword(ConfirmForgotPasswordRequest confirmForgotPasswordRequest); /** * * This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user * pool via the SignUp API * operation. After your user enters their code, they confirm ownership of the email address or phone number that * they provided, and their user account becomes active. Depending on your user pool configuration, your users will * receive their confirmation code in an email or SMS message. * * * Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users * who federate through an external identity provider (IdP) have already been confirmed by their IdP. * Administrator-created users, users created with the AdminCreateUser API operation, confirm their accounts when they respond to their invitation email message * and choose a password. They do not receive a confirmation code. Instead, they receive a temporary password. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param confirmSignUpRequest * Represents the request to confirm registration of a user. * @return Result of the ConfirmSignUp operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyFailedAttemptsException * This exception is thrown when the user has made too many failed attempts for a given action, such as * sign-in. * @throws CodeMismatchException * This exception is thrown if the provided code doesn't match what the server was expecting. * @throws ExpiredCodeException * This exception is thrown if a code has expired. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws AliasExistsException * This exception is thrown when a user tries to confirm the account with an email address or phone number * that has already been supplied as an alias for a different user profile. This exception indicates that an * account with this email address or phone already exists in a user pool that you've configured to use * email address or phone number as a sign-in alias. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.ConfirmSignUp * @see AWS API * Documentation */ ConfirmSignUpResult confirmSignUp(ConfirmSignUpRequest confirmSignUpRequest); /** * * Creates a new group in the specified user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param createGroupRequest * @return Result of the CreateGroup operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws GroupExistsException * This exception is thrown when Amazon Cognito encounters a group that already exists in the user pool. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.CreateGroup * @see AWS API * Documentation */ CreateGroupResult createGroup(CreateGroupRequest createGroupRequest); /** * * Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param createIdentityProviderRequest * @return Result of the CreateIdentityProvider operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws DuplicateProviderException * This exception is thrown when the provider is already supported by the user pool. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.CreateIdentityProvider * @see AWS API Documentation */ CreateIdentityProviderResult createIdentityProvider(CreateIdentityProviderRequest createIdentityProviderRequest); /** * * Creates a new OAuth2.0 resource server and defines custom scopes within it. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param createResourceServerRequest * @return Result of the CreateResourceServer operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.CreateResourceServer * @see AWS API Documentation */ CreateResourceServerResult createResourceServer(CreateResourceServerRequest createResourceServerRequest); /** * * Creates a user import job. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param createUserImportJobRequest * Represents the request to create the user import job. * @return Result of the CreateUserImportJob operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PreconditionNotMetException * This exception is thrown when a precondition is not met. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.CreateUserImportJob * @see AWS API Documentation */ CreateUserImportJobResult createUserImportJob(CreateUserImportJobRequest createUserImportJobRequest); /** * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * Creates a new Amazon Cognito user pool and sets the password policy for the pool. * * * * If you don't provide a value for an attribute, Amazon Cognito sets it to its default value. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param createUserPoolRequest * Represents the request to create a user pool. * @return Result of the CreateUserPool operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserPoolTaggingException * This exception is thrown when a user pool tag can't be set or updated. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.CreateUserPool * @see AWS API * Documentation */ CreateUserPoolResult createUserPool(CreateUserPoolRequest createUserPoolRequest); /** * * Creates the user pool client. * * * When you create a new user pool client, token revocation is automatically activated. For more information about * revoking tokens, see RevokeToken. * * * * If you don't provide a value for an attribute, Amazon Cognito sets it to its default value. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param createUserPoolClientRequest * Represents the request to create a user pool client. * @return Result of the CreateUserPoolClient operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws ScopeDoesNotExistException * This exception is thrown when the specified scope doesn't exist. * @throws InvalidOAuthFlowException * This exception is thrown when the specified OAuth flow is not valid. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.CreateUserPoolClient * @see AWS API Documentation */ CreateUserPoolClientResult createUserPoolClient(CreateUserPoolClientRequest createUserPoolClientRequest); /** * * Creates a new domain for a user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param createUserPoolDomainRequest * @return Result of the CreateUserPoolDomain operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.CreateUserPoolDomain * @see AWS API Documentation */ CreateUserPoolDomainResult createUserPoolDomain(CreateUserPoolDomainRequest createUserPoolDomainRequest); /** * * Deletes a group. * * * Calling this action requires developer credentials. * * * @param deleteGroupRequest * @return Result of the DeleteGroup operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DeleteGroup * @see AWS API * Documentation */ DeleteGroupResult deleteGroup(DeleteGroupRequest deleteGroupRequest); /** * * Deletes an IdP for a user pool. * * * @param deleteIdentityProviderRequest * @return Result of the DeleteIdentityProvider operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnsupportedIdentityProviderException * This exception is thrown when the specified identifier isn't supported. * @throws ConcurrentModificationException * This exception is thrown if two or more modifications are happening concurrently. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DeleteIdentityProvider * @see AWS API Documentation */ DeleteIdentityProviderResult deleteIdentityProvider(DeleteIdentityProviderRequest deleteIdentityProviderRequest); /** * * Deletes a resource server. * * * @param deleteResourceServerRequest * @return Result of the DeleteResourceServer operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DeleteResourceServer * @see AWS API Documentation */ DeleteResourceServerResult deleteResourceServer(DeleteResourceServerRequest deleteResourceServerRequest); /** * * Allows a user to delete their own user profile. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param deleteUserRequest * Represents the request to delete a user. * @return Result of the DeleteUser operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.DeleteUser * @see AWS API * Documentation */ DeleteUserResult deleteUser(DeleteUserRequest deleteUserRequest); /** * * Deletes the attributes for a user. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param deleteUserAttributesRequest * Represents the request to delete user attributes. * @return Result of the DeleteUserAttributes operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.DeleteUserAttributes * @see AWS API Documentation */ DeleteUserAttributesResult deleteUserAttributes(DeleteUserAttributesRequest deleteUserAttributesRequest); /** * * Deletes the specified Amazon Cognito user pool. * * * @param deleteUserPoolRequest * Represents the request to delete a user pool. * @return Result of the DeleteUserPool operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserImportInProgressException * This exception is thrown when you're trying to modify a user pool while a user import job is in progress * for that pool. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DeleteUserPool * @see AWS API * Documentation */ DeleteUserPoolResult deleteUserPool(DeleteUserPoolRequest deleteUserPoolRequest); /** * * Allows the developer to delete the user pool client. * * * @param deleteUserPoolClientRequest * Represents the request to delete a user pool client. * @return Result of the DeleteUserPoolClient operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws ConcurrentModificationException * This exception is thrown if two or more modifications are happening concurrently. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DeleteUserPoolClient * @see AWS API Documentation */ DeleteUserPoolClientResult deleteUserPoolClient(DeleteUserPoolClientRequest deleteUserPoolClientRequest); /** * * Deletes a domain for a user pool. * * * @param deleteUserPoolDomainRequest * @return Result of the DeleteUserPoolDomain operation returned by the service. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DeleteUserPoolDomain * @see AWS API Documentation */ DeleteUserPoolDomainResult deleteUserPoolDomain(DeleteUserPoolDomainRequest deleteUserPoolDomainRequest); /** * * Gets information about a specific IdP. * * * @param describeIdentityProviderRequest * @return Result of the DescribeIdentityProvider operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DescribeIdentityProvider * @see AWS API Documentation */ DescribeIdentityProviderResult describeIdentityProvider(DescribeIdentityProviderRequest describeIdentityProviderRequest); /** * * Describes a resource server. * * * @param describeResourceServerRequest * @return Result of the DescribeResourceServer operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DescribeResourceServer * @see AWS API Documentation */ DescribeResourceServerResult describeResourceServer(DescribeResourceServerRequest describeResourceServerRequest); /** * * Describes the risk configuration. * * * @param describeRiskConfigurationRequest * @return Result of the DescribeRiskConfiguration operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserPoolAddOnNotEnabledException * This exception is thrown when user pool add-ons aren't enabled. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DescribeRiskConfiguration * @see AWS API Documentation */ DescribeRiskConfigurationResult describeRiskConfiguration(DescribeRiskConfigurationRequest describeRiskConfigurationRequest); /** * * Describes the user import job. * * * @param describeUserImportJobRequest * Represents the request to describe the user import job. * @return Result of the DescribeUserImportJob operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DescribeUserImportJob * @see AWS API Documentation */ DescribeUserImportJobResult describeUserImportJob(DescribeUserImportJobRequest describeUserImportJobRequest); /** * * Returns the configuration information and metadata of the specified user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param describeUserPoolRequest * Represents the request to describe the user pool. * @return Result of the DescribeUserPool operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserPoolTaggingException * This exception is thrown when a user pool tag can't be set or updated. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DescribeUserPool * @see AWS * API Documentation */ DescribeUserPoolResult describeUserPool(DescribeUserPoolRequest describeUserPoolRequest); /** * * Client method for returning the configuration information and metadata of the specified user pool app client. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param describeUserPoolClientRequest * Represents the request to describe a user pool client. * @return Result of the DescribeUserPoolClient operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DescribeUserPoolClient * @see AWS API Documentation */ DescribeUserPoolClientResult describeUserPoolClient(DescribeUserPoolClientRequest describeUserPoolClientRequest); /** * * Gets information about a domain. * * * @param describeUserPoolDomainRequest * @return Result of the DescribeUserPoolDomain operation returned by the service. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.DescribeUserPoolDomain * @see AWS API Documentation */ DescribeUserPoolDomainResult describeUserPoolDomain(DescribeUserPoolDomainRequest describeUserPoolDomainRequest); /** * * Forgets the specified device. For more information about device authentication, see Working with user devices in your user pool. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param forgetDeviceRequest * Represents the request to forget the device. * @return Result of the ForgetDevice operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.ForgetDevice * @see AWS API * Documentation */ ForgetDeviceResult forgetDevice(ForgetDeviceRequest forgetDeviceRequest); /** * * Calling this API causes a message to be sent to the end user with a confirmation code that is required to change * the user's password. For the Username parameter, you can use the username or user alias. The method * used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more * information, see Recovering * User Accounts in the Amazon Cognito Developer Guide. To use the confirmation code for resetting the * password, call ConfirmForgotPassword. * * * If neither a verified phone number nor a verified email exists, this API returns * InvalidParameterException. If your app client has a client secret and you don't provide a * SECRET_HASH parameter, this API returns NotAuthorizedException. * * * To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * @param forgotPasswordRequest * Represents the request to reset a user's password. * @return Result of the ForgotPassword operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @throws CodeDeliveryFailureException * This exception is thrown when a verification code fails to deliver successfully. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.ForgotPassword * @see AWS API * Documentation */ ForgotPasswordResult forgotPassword(ForgotPasswordRequest forgotPasswordRequest); /** * * Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job. * * * @param getCSVHeaderRequest * Represents the request to get the header information of the CSV file for the user import job. * @return Result of the GetCSVHeader operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.GetCSVHeader * @see AWS API * Documentation */ GetCSVHeaderResult getCSVHeader(GetCSVHeaderRequest getCSVHeaderRequest); /** * * Gets the device. For more information about device authentication, see Working with user devices in your user pool. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param getDeviceRequest * Represents the request to get the device. * @return Result of the GetDevice operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.GetDevice * @see AWS API * Documentation */ GetDeviceResult getDevice(GetDeviceRequest getDeviceRequest); /** * * Gets a group. * * * Calling this action requires developer credentials. * * * @param getGroupRequest * @return Result of the GetGroup operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.GetGroup * @see AWS API * Documentation */ GetGroupResult getGroup(GetGroupRequest getGroupRequest); /** * * Gets the specified IdP. * * * @param getIdentityProviderByIdentifierRequest * @return Result of the GetIdentityProviderByIdentifier operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.GetIdentityProviderByIdentifier * @see AWS API Documentation */ GetIdentityProviderByIdentifierResult getIdentityProviderByIdentifier(GetIdentityProviderByIdentifierRequest getIdentityProviderByIdentifierRequest); /** * * Gets the detailed activity logging configuration for a user pool. * * * @param getLogDeliveryConfigurationRequest * @return Result of the GetLogDeliveryConfiguration operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @sample AWSCognitoIdentityProvider.GetLogDeliveryConfiguration * @see AWS API Documentation */ GetLogDeliveryConfigurationResult getLogDeliveryConfiguration(GetLogDeliveryConfigurationRequest getLogDeliveryConfigurationRequest); /** * * This method takes a user pool ID, and returns the signing certificate. The issued certificate is valid for 10 * years from the date of issue. * * * Amazon Cognito issues and assigns a new signing certificate annually. This process returns a new value in the * response to GetSigningCertificate, but doesn't invalidate the original certificate. * * * @param getSigningCertificateRequest * Request to get a signing certificate from Amazon Cognito. * @return Result of the GetSigningCertificate operation returned by the service. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @sample AWSCognitoIdentityProvider.GetSigningCertificate * @see AWS API Documentation */ GetSigningCertificateResult getSigningCertificate(GetSigningCertificateRequest getSigningCertificateRequest); /** * * Gets the user interface (UI) Customization information for a particular app client's app UI, if any such * information exists for the client. If nothing is set for the particular client, but there is an existing pool * level customization (the app clientId is ALL), then that information is returned. If * nothing is present, then an empty shape is returned. * * * @param getUICustomizationRequest * @return Result of the GetUICustomization operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.GetUICustomization * @see AWS * API Documentation */ GetUICustomizationResult getUICustomization(GetUICustomizationRequest getUICustomizationRequest); /** * * Gets the user attributes and metadata for a user. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param getUserRequest * Represents the request to get information about the user. * @return Result of the GetUser operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.GetUser * @see AWS API * Documentation */ GetUserResult getUser(GetUserRequest getUserRequest); /** * * Generates a user attribute verification code for the specified attribute name. Sends a message to a user with a * code that they must return in a VerifyUserAttribute request. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * @param getUserAttributeVerificationCodeRequest * Represents the request to get user attribute verification. * @return Result of the GetUserAttributeVerificationCode operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @throws CodeDeliveryFailureException * This exception is thrown when a verification code fails to deliver successfully. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.GetUserAttributeVerificationCode * @see AWS API Documentation */ GetUserAttributeVerificationCodeResult getUserAttributeVerificationCode(GetUserAttributeVerificationCodeRequest getUserAttributeVerificationCodeRequest); /** * * Gets the user pool multi-factor authentication (MFA) configuration. * * * @param getUserPoolMfaConfigRequest * @return Result of the GetUserPoolMfaConfig operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.GetUserPoolMfaConfig * @see AWS API Documentation */ GetUserPoolMfaConfigResult getUserPoolMfaConfig(GetUserPoolMfaConfigRequest getUserPoolMfaConfigRequest); /** * * Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation * when your user signs out of your app. This results in the following behavior. * * * * * Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out * user's access tokens. For more information, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a * user pools API request with a revoked access token that contains the scope * aws.cognito.signin.user.admin. * * * * * Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an * identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider. * * * * * Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests. * * * * * Other requests might be valid until your user's token expires. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param globalSignOutRequest * Represents the request to sign out all devices. * @return Result of the GlobalSignOut operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.GlobalSignOut * @see AWS API * Documentation */ GlobalSignOutResult globalSignOut(GlobalSignOutRequest globalSignOutRequest); /** * * Initiates sign-in for a user in the Amazon Cognito user directory. You can't sign in a user with a federated IdP * with InitiateAuth. For more information, see * Adding user pool sign-in through a third party. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * @param initiateAuthRequest * Initiates the authentication request. * @return Result of the InitiateAuth operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.InitiateAuth * @see AWS API * Documentation */ InitiateAuthResult initiateAuth(InitiateAuthRequest initiateAuthRequest); /** * * Lists the sign-in devices that Amazon Cognito has registered to the current user. For more information about * device authentication, see Working with user devices in your user pool. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param listDevicesRequest * Represents the request to list the devices. * @return Result of the ListDevices operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.ListDevices * @see AWS API * Documentation */ ListDevicesResult listDevices(ListDevicesRequest listDevicesRequest); /** * * Lists the groups associated with a user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param listGroupsRequest * @return Result of the ListGroups operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.ListGroups * @see AWS API * Documentation */ ListGroupsResult listGroups(ListGroupsRequest listGroupsRequest); /** * * Lists information about all IdPs for a user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param listIdentityProvidersRequest * @return Result of the ListIdentityProviders operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.ListIdentityProviders * @see AWS API Documentation */ ListIdentityProvidersResult listIdentityProviders(ListIdentityProvidersRequest listIdentityProvidersRequest); /** * * Lists the resource servers for a user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param listResourceServersRequest * @return Result of the ListResourceServers operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.ListResourceServers * @see AWS API Documentation */ ListResourceServersResult listResourceServers(ListResourceServersRequest listResourceServersRequest); /** * * Lists the tags that are assigned to an Amazon Cognito user pool. * * * A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by * purpose, owner, environment, or other criteria. * * * You can use this action up to 10 times per second, per account. * * * @param listTagsForResourceRequest * @return Result of the ListTagsForResource operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.ListTagsForResource * @see AWS API Documentation */ ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest); /** * * Lists user import jobs for a user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param listUserImportJobsRequest * Represents the request to list the user import jobs. * @return Result of the ListUserImportJobs operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.ListUserImportJobs * @see AWS * API Documentation */ ListUserImportJobsResult listUserImportJobs(ListUserImportJobsRequest listUserImportJobsRequest); /** * * Lists the clients that have been created for the specified user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param listUserPoolClientsRequest * Represents the request to list the user pool clients. * @return Result of the ListUserPoolClients operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.ListUserPoolClients * @see AWS API Documentation */ ListUserPoolClientsResult listUserPoolClients(ListUserPoolClientsRequest listUserPoolClientsRequest); /** * * Lists the user pools associated with an Amazon Web Services account. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param listUserPoolsRequest * Represents the request to list user pools. * @return Result of the ListUserPools operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.ListUserPools * @see AWS API * Documentation */ ListUserPoolsResult listUserPools(ListUserPoolsRequest listUserPoolsRequest); /** * * Lists users and their basic details in a user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param listUsersRequest * Represents the request to list users. * @return Result of the ListUsers operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.ListUsers * @see AWS API * Documentation */ ListUsersResult listUsers(ListUsersRequest listUsersRequest); /** * * Lists the users in the specified group. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param listUsersInGroupRequest * @return Result of the ListUsersInGroup operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.ListUsersInGroup * @see AWS * API Documentation */ ListUsersInGroupResult listUsersInGroup(ListUsersInGroupRequest listUsersInGroupRequest); /** * * Resends the confirmation (for confirmation of registration) to a specific user in the user pool. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * @param resendConfirmationCodeRequest * Represents the request to resend the confirmation code. * @return Result of the ResendConfirmationCode operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @throws CodeDeliveryFailureException * This exception is thrown when a verification code fails to deliver successfully. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.ResendConfirmationCode * @see AWS API Documentation */ ResendConfirmationCodeResult resendConfirmationCode(ResendConfirmationCodeRequest resendConfirmationCodeRequest); /** * * Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication * that bypasses MFA, or for a custom authentication challenge. A RespondToAuthChallenge API request * provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a * response to an authentication challenge vary with the type of challenge. * * * For more information about custom authentication challenges, see Custom * authentication challenge Lambda triggers. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * @param respondToAuthChallengeRequest * The request to respond to an authentication challenge. * @return Result of the RespondToAuthChallenge operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws CodeMismatchException * This exception is thrown if the provided code doesn't match what the server was expecting. * @throws ExpiredCodeException * This exception is thrown if a code has expired. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws InvalidPasswordException * This exception is thrown when Amazon Cognito encounters an invalid password. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws MFAMethodNotFoundException * This exception is thrown when Amazon Cognito can't find a multi-factor authentication (MFA) method. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws AliasExistsException * This exception is thrown when a user tries to confirm the account with an email address or phone number * that has already been supplied as an alias for a different user profile. This exception indicates that an * account with this email address or phone already exists in a user pool that you've configured to use * email address or phone number as a sign-in alias. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws SoftwareTokenMFANotFoundException * This exception is thrown when the software token time-based one-time password (TOTP) multi-factor * authentication (MFA) isn't activated for the user pool. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.RespondToAuthChallenge * @see AWS API Documentation */ RespondToAuthChallengeResult respondToAuthChallenge(RespondToAuthChallengeRequest respondToAuthChallengeRequest); /** * * Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a * token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to * your resource server. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param revokeTokenRequest * @return Result of the RevokeToken operation returned by the service. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws UnauthorizedException * Exception that is thrown when the request isn't authorized. This can happen due to an invalid access * token in the request. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnsupportedOperationException * Exception that is thrown when you attempt to perform an operation that isn't enabled for the user pool * client. * @throws UnsupportedTokenTypeException * Exception that is thrown when an unsupported token is passed to an operation. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.RevokeToken * @see AWS API * Documentation */ RevokeTokenResult revokeToken(RevokeTokenRequest revokeTokenRequest); /** * * Sets up or modifies the detailed activity logging configuration of a user pool. * * * @param setLogDeliveryConfigurationRequest * @return Result of the SetLogDeliveryConfiguration operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @sample AWSCognitoIdentityProvider.SetLogDeliveryConfiguration * @see AWS API Documentation */ SetLogDeliveryConfigurationResult setLogDeliveryConfiguration(SetLogDeliveryConfigurationRequest setLogDeliveryConfigurationRequest); /** * * Configures actions on detected risks. To delete the risk configuration for UserPoolId or * ClientId, pass null values for all four configuration types. * * * To activate Amazon Cognito advanced security features, update the user pool to include the * UserPoolAddOns keyAdvancedSecurityMode. * * * @param setRiskConfigurationRequest * @return Result of the SetRiskConfiguration operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserPoolAddOnNotEnabledException * This exception is thrown when user pool add-ons aren't enabled. * @throws CodeDeliveryFailureException * This exception is thrown when a verification code fails to deliver successfully. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.SetRiskConfiguration * @see AWS API Documentation */ SetRiskConfigurationResult setRiskConfiguration(SetRiskConfigurationRequest setRiskConfigurationRequest); /** * * Sets the user interface (UI) customization information for a user pool's built-in app UI. * * * You can specify app UI customization settings for a single client (with a specific clientId) or for * all clients (by setting the clientId to ALL). If you specify ALL, the * default configuration is used for every client that has no previously set UI customization. If you specify UI * customization settings for a particular client, it will no longer return to the ALL configuration. * * * * To use this API, your user pool must have a domain associated with it. Otherwise, there is no place to host the * app's pages, and the service will throw an error. * * * * @param setUICustomizationRequest * @return Result of the SetUICustomization operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.SetUICustomization * @see AWS * API Documentation */ SetUICustomizationResult setUICustomization(SetUICustomizationRequest setUICustomizationRequest); /** * * Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and * if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to * authenticate a user if multiple factors are activated. If multiple options are activated and no preference is * set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, * the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device * has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, * deactivate MFA for users and turn on Adaptive Authentication for the user pool. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param setUserMFAPreferenceRequest * @return Result of the SetUserMFAPreference operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.SetUserMFAPreference * @see AWS API Documentation */ SetUserMFAPreferenceResult setUserMFAPreference(SetUserMFAPreferenceRequest setUserMFAPreferenceRequest); /** * * Sets the user pool multi-factor authentication (MFA) configuration. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * @param setUserPoolMfaConfigRequest * @return Result of the SetUserPoolMfaConfig operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws ConcurrentModificationException * This exception is thrown if two or more modifications are happening concurrently. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.SetUserPoolMfaConfig * @see AWS API Documentation */ SetUserPoolMfaConfigResult setUserPoolMfaConfig(SetUserPoolMfaConfigRequest setUserPoolMfaConfigRequest); /** * * This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to * configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use SetUserMFAPreference instead. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param setUserSettingsRequest * Represents the request to set user settings. * @return Result of the SetUserSettings operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.SetUserSettings * @see AWS * API Documentation */ SetUserSettingsResult setUserSettings(SetUserSettingsRequest setUserSettingsRequest); /** * * Registers the user in the specified user pool and creates a user name, password, and user attributes. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * @param signUpRequest * Represents the request to register a user. * @return Result of the SignUp operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InvalidPasswordException * This exception is thrown when Amazon Cognito encounters an invalid password. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws UsernameExistsException * This exception is thrown when Amazon Cognito encounters a user name that already exists in the user pool. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @throws CodeDeliveryFailureException * This exception is thrown when a verification code fails to deliver successfully. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.SignUp * @see AWS API * Documentation */ SignUpResult signUp(SignUpRequest signUpRequest); /** * * Starts the user import. * * * @param startUserImportJobRequest * Represents the request to start the user import job. * @return Result of the StartUserImportJob operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws PreconditionNotMetException * This exception is thrown when a precondition is not met. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @sample AWSCognitoIdentityProvider.StartUserImportJob * @see AWS * API Documentation */ StartUserImportJobResult startUserImportJob(StartUserImportJobRequest startUserImportJobRequest); /** * * Stops the user import job. * * * @param stopUserImportJobRequest * Represents the request to stop the user import job. * @return Result of the StopUserImportJob operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws PreconditionNotMetException * This exception is thrown when a precondition is not met. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @sample AWSCognitoIdentityProvider.StopUserImportJob * @see AWS * API Documentation */ StopUserImportJobResult stopUserImportJob(StopUserImportJobRequest stopUserImportJobRequest); /** * * Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage * user pools in different ways, such as by purpose, owner, environment, or other criteria. * * * Each tag consists of a key and value, both of which you define. A key is a general category for more specific * values. For example, if you have two versions of a user pool, one for testing and another for production, you * might assign an Environment tag key to both user pools. The value of this key might be * Test for one user pool, and Production for the other. * * * Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the * Billing and Cost Management console, where you can track the costs associated with your user pools. In an * Identity and Access Management policy, you can constrain permissions for user pools based on specific tags or tag * values. * * * You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags. * * * @param tagResourceRequest * @return Result of the TagResource operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.TagResource * @see AWS API * Documentation */ TagResourceResult tagResource(TagResourceRequest tagResourceRequest); /** * * Removes the specified tags from an Amazon Cognito user pool. You can use this action up to 5 times per second, * per account. * * * @param untagResourceRequest * @return Result of the UntagResource operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.UntagResource * @see AWS API * Documentation */ UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest); /** * * Provides the feedback for an authentication event, whether it was from a valid user or not. This feedback is used * for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param updateAuthEventFeedbackRequest * @return Result of the UpdateAuthEventFeedback operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserPoolAddOnNotEnabledException * This exception is thrown when user pool add-ons aren't enabled. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.UpdateAuthEventFeedback * @see AWS API Documentation */ UpdateAuthEventFeedbackResult updateAuthEventFeedback(UpdateAuthEventFeedbackRequest updateAuthEventFeedbackRequest); /** * * Updates the device status. For more information about device authentication, see Working with user devices in your user pool. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param updateDeviceStatusRequest * Represents the request to update the device status. * @return Result of the UpdateDeviceStatus operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.UpdateDeviceStatus * @see AWS * API Documentation */ UpdateDeviceStatusResult updateDeviceStatus(UpdateDeviceStatusRequest updateDeviceStatusRequest); /** * * Updates the specified group with the specified attributes. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param updateGroupRequest * @return Result of the UpdateGroup operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.UpdateGroup * @see AWS API * Documentation */ UpdateGroupResult updateGroup(UpdateGroupRequest updateGroupRequest); /** * * Updates IdP information for a user pool. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param updateIdentityProviderRequest * @return Result of the UpdateIdentityProvider operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws UnsupportedIdentityProviderException * This exception is thrown when the specified identifier isn't supported. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws ConcurrentModificationException * This exception is thrown if two or more modifications are happening concurrently. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.UpdateIdentityProvider * @see AWS API Documentation */ UpdateIdentityProviderResult updateIdentityProvider(UpdateIdentityProviderRequest updateIdentityProviderRequest); /** * * Updates the name and scopes of resource server. All other fields are read-only. * * * * If you don't provide a value for an attribute, it is set to the default value. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param updateResourceServerRequest * @return Result of the UpdateResourceServer operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.UpdateResourceServer * @see AWS API Documentation */ UpdateResourceServerResult updateResourceServer(UpdateResourceServerRequest updateResourceServerRequest); /** * * With this operation, your users can update one or more of their attributes with their own credentials. You * authorize this API request with the user's access token. To delete an attribute from your user, submit the * attribute in your API request with a blank value. Custom attribute values in this request must include the * custom: prefix. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * @param updateUserAttributesRequest * Represents the request to update user attributes. * @return Result of the UpdateUserAttributes operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws CodeMismatchException * This exception is thrown if the provided code doesn't match what the server was expecting. * @throws ExpiredCodeException * This exception is thrown if a code has expired. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UnexpectedLambdaException * This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda. * @throws UserLambdaValidationException * This exception is thrown when the Amazon Cognito service encounters a user validation exception with the * Lambda service. * @throws InvalidLambdaResponseException * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws AliasExistsException * This exception is thrown when a user tries to confirm the account with an email address or phone number * that has already been supplied as an alias for a different user profile. This exception indicates that an * account with this email address or phone already exists in a user pool that you've configured to use * email address or phone number as a sign-in alias. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @throws CodeDeliveryFailureException * This exception is thrown when a verification code fails to deliver successfully. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.UpdateUserAttributes * @see AWS API Documentation */ UpdateUserAttributesResult updateUserAttributes(UpdateUserAttributesRequest updateUserAttributesRequest); /** * * * This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to * register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text * messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered * number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * activate their accounts, or sign in. * * * If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple * Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send * messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move * out of the sandbox and into production. For more information, see SMS message * settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. * * * * Updates the specified user pool with the specified attributes. You can get a list of the current user pool * settings using DescribeUserPool. * * * * If you don't provide a value for an attribute, Amazon Cognito sets it to its default value. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param updateUserPoolRequest * Represents the request to update the user pool. * @return Result of the UpdateUserPool operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ConcurrentModificationException * This exception is thrown if two or more modifications are happening concurrently. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws UserImportInProgressException * This exception is thrown when you're trying to modify a user pool while a user import job is in progress * for that pool. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws InvalidSmsRoleAccessPolicyException * This exception is returned when the role provided for SMS configuration doesn't have permission to * publish using Amazon SNS. * @throws InvalidSmsRoleTrustRelationshipException * This exception is thrown when the trust relationship is not valid for the role provided for SMS * configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external * ID provided in the role does not match what is provided in the SMS configuration for the user pool. * @throws UserPoolTaggingException * This exception is thrown when a user pool tag can't be set or updated. * @throws InvalidEmailRoleAccessPolicyException * This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: * 400. * @sample AWSCognitoIdentityProvider.UpdateUserPool * @see AWS API * Documentation */ UpdateUserPoolResult updateUserPool(UpdateUserPoolRequest updateUserPoolRequest); /** * * Updates the specified user pool app client with the specified attributes. You can get a list of the current user * pool app client settings using DescribeUserPoolClient. * * * * If you don't provide a value for an attribute, Amazon Cognito sets it to its default value. * * * * You can also use this operation to enable token revocation for user pool clients. For more information about * revoking tokens, see RevokeToken. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param updateUserPoolClientRequest * Represents the request to update the user pool client. * @return Result of the UpdateUserPoolClient operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ConcurrentModificationException * This exception is thrown if two or more modifications are happening concurrently. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws ScopeDoesNotExistException * This exception is thrown when the specified scope doesn't exist. * @throws InvalidOAuthFlowException * This exception is thrown when the specified OAuth flow is not valid. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.UpdateUserPoolClient * @see AWS API Documentation */ UpdateUserPoolClientResult updateUserPoolClient(UpdateUserPoolClientRequest updateUserPoolClientRequest); /** * * Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool. * * * You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You * can't use it to change the domain for a user pool. * * * A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your * application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager * (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom * domain. * * * Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing * certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new * certificate automatically. * * * However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To * apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito. * * * When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Amazon Web Services * Region. * * * After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your * custom domain. * * * For more information about adding a custom domain to your user pool, see Using * Your Own Domain for the Hosted UI. * * * * Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding * IAM permission in a policy. * * * Learn more * * * * * Signing Amazon Web Services * API Requests * * * * * Using the * Amazon Cognito user pools API and user pool endpoints * * * * * * @param updateUserPoolDomainRequest * The UpdateUserPoolDomain request input. * @return Result of the UpdateUserPoolDomain operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @sample AWSCognitoIdentityProvider.UpdateUserPoolDomain * @see AWS API Documentation */ UpdateUserPoolDomainResult updateUserPoolDomain(UpdateUserPoolDomainRequest updateUserPoolDomainRequest); /** * * Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software * token MFA status as "verified" if successful. The request takes an access token or a session string, but not * both. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param verifySoftwareTokenRequest * @return Result of the VerifySoftwareToken operation returned by the service. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidUserPoolConfigurationException * This exception is thrown when the user pool configuration is not valid. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws EnableSoftwareTokenMFAException * This exception is thrown when there is a code mismatch and the service fails to configure the software * token TOTP multi-factor authentication (MFA). * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws SoftwareTokenMFANotFoundException * This exception is thrown when the software token time-based one-time password (TOTP) multi-factor * authentication (MFA) isn't activated for the user pool. * @throws CodeMismatchException * This exception is thrown if the provided code doesn't match what the server was expecting. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.VerifySoftwareToken * @see AWS API Documentation */ VerifySoftwareTokenResult verifySoftwareToken(VerifySoftwareTokenRequest verifySoftwareTokenRequest); /** * * Verifies the specified user attributes in the user pool. * * * If your user pool requires verification before Amazon Cognito updates the attribute value, VerifyUserAttribute * updates the affected attribute to its pending value. For more information, see UserAttributeUpdateSettingsType. * * * Authorize this action with a signed-in user's access token. It must include the scope * aws.cognito.signin.user.admin. * * * * Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * policies. For more information about authorization models in Amazon Cognito, see Using the Amazon * Cognito user pools API and user pool endpoints. * * * * @param verifyUserAttributeRequest * Represents the request to verify user attributes. * @return Result of the VerifyUserAttribute operation returned by the service. * @throws ResourceNotFoundException * This exception is thrown when the Amazon Cognito service can't find the requested resource. * @throws InvalidParameterException * This exception is thrown when the Amazon Cognito service encounters an invalid parameter. * @throws CodeMismatchException * This exception is thrown if the provided code doesn't match what the server was expecting. * @throws ExpiredCodeException * This exception is thrown if a code has expired. * @throws NotAuthorizedException * This exception is thrown when a user isn't authorized. * @throws TooManyRequestsException * This exception is thrown when the user has made too many requests for a given operation. * @throws LimitExceededException * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. * @throws PasswordResetRequiredException * This exception is thrown when a password reset is required. * @throws UserNotFoundException * This exception is thrown when a user isn't found. * @throws UserNotConfirmedException * This exception is thrown when a user isn't confirmed successfully. * @throws InternalErrorException * This exception is thrown when Amazon Cognito encounters an internal error. * @throws AliasExistsException * This exception is thrown when a user tries to confirm the account with an email address or phone number * that has already been supplied as an alias for a different user profile. This exception indicates that an * account with this email address or phone already exists in a user pool that you've configured to use * email address or phone number as a sign-in alias. * @throws ForbiddenException * This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with * your user pool. * @sample AWSCognitoIdentityProvider.VerifyUserAttribute * @see AWS API Documentation */ VerifyUserAttributeResult verifyUserAttribute(VerifyUserAttributeRequest verifyUserAttributeRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. *

* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); }