AWS.CognitoIdentityProvider (aws-elixir v0.8.0) View Source

Using the Amazon Cognito User Pools API, you can create a user pool to manage directories and users.

You can authenticate a user to obtain tokens related to user identity and access policies.

This API reference provides information about user pools in Amazon Cognito User Pools.

For more information, see the Amazon Cognito Documentation.

Link to this section Summary

Functions

Adds additional user attributes to the user pool schema.

Adds the specified user to the specified group.

Confirms user registration as an admin without using a confirmation code.

Creates a new user in the specified user pool.

Deletes a user as an administrator.

Deletes the user attributes in a user pool as an administrator.

Disables the user from signing in with the specified external (SAML or social) identity provider.

Enables the specified user as an administrator.

Forgets the device, as an administrator.

Gets the device, as an administrator.

Gets the specified user by user name in a user pool as an administrator.

Initiates the authentication flow, as an administrator.

Links an existing user account in a user pool (DestinationUser) to an identity from an external identity provider (SourceUser) based on a specified attribute name and value from the external identity provider.

Lists devices, as an administrator.

Lists the groups that the user belongs to.

Lists a history of user activity and any risks detected as part of Amazon Cognito advanced security.

Removes the specified user from the specified group.

Resets the specified user's password in a user pool as an administrator.

Responds to an authentication challenge, as an administrator.

Sets the user's multi-factor authentication (MFA) preference, including which MFA options are enabled and if any are preferred.

Sets the specified user's password in a user pool as an administrator.

This action is no longer supported. You can use it to configure only SMS MFA.

Provides feedback for an authentication event as to whether it was from a valid user.

Updates the device status as an administrator.

Updates the specified user's attributes, including developer attributes, as an administrator.

Signs out users from all devices, as an administrator.

Returns a unique generated shared secret key code for the user account.

Changes the password for a specified user in a user pool.

Confirms tracking of the device.

Allows a user to enter a confirmation code to reset a forgotten password.

Confirms registration of a user and handles the existing alias from a previous user.

Creates a new group in the specified user pool.

Creates an identity provider for a user pool.

Creates a new OAuth2.0 resource server and defines custom scopes in it.

Creates a new Amazon Cognito user pool and sets the password policy for the pool.

Creates a new domain for a user pool.

Deletes an identity provider for a user pool.

Allows a user to delete himself or herself.

Deletes the attributes for a user.

Deletes the specified Amazon Cognito user pool.

Allows the developer to delete the user pool client.

Deletes a domain for a user pool.

Gets information about a specific identity provider.

Returns the configuration information and metadata of the specified user pool.

Client method for returning the configuration information and metadata of the specified user pool app client.

Forgets the specified device.

Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password.

Gets the header information for the .csv file to be used as input for the user import job.

This method takes a user pool ID, and returns the signing certificate.

Gets the UI Customization information for a particular app client's app UI, if there is something set.

Gets the user attributes and metadata for a user.

Gets the user attribute verification code for the specified attribute name.

Gets the user pool multi-factor authentication (MFA) configuration.

Signs out users from all devices.

Initiates the authentication flow.

Lists the groups associated with a user pool.

Lists information about all identity providers for a user pool.

Lists the resource servers for a user pool.

Lists the tags that are assigned to an Amazon Cognito user pool.

Lists the clients that have been created for the specified user pool.

Lists the user pools associated with an account.

Lists the users in the Amazon Cognito user pool.

Lists the users in the specified group.

Resends the confirmation (for confirmation of registration) to a specific user in the user pool.

Responds to the authentication challenge.

Revokes all of the access tokens generated by the specified refresh token.

Configures actions on detected risks.

Sets the UI customization information for a user pool's built-in app UI.

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are enabled and if any are preferred.

Set the user pool multi-factor authentication (MFA) configuration.

This action is no longer supported. You can use it to configure only SMS MFA.

Registers the user in the specified user pool and creates a user name, password, and user attributes.

Assigns a set of tags to an Amazon Cognito user pool.

Removes the specified tags from an Amazon Cognito user pool.

Provides the feedback for an authentication event whether it was from a valid user or not.

Updates the specified group with the specified attributes.

Updates identity provider information for a user pool.

Updates the name and scopes of resource server.

Allows a user to update a specific attribute (one at a time).

Updates the specified user pool with the specified attributes.

Updates the specified user pool app client with the specified attributes.

Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.

Use this API to register a user's entered TOTP code and mark the user's software token MFA status as "verified" if successful.

Verifies the specified user attributes in the user pool.

Link to this section Functions

Link to this function

add_custom_attributes(client, input, options \\ [])

View Source

Adds additional user attributes to the user pool schema.

Link to this function

admin_add_user_to_group(client, input, options \\ [])

View Source

Adds the specified user to the specified group.

Calling this action requires developer credentials.

Link to this function

admin_confirm_sign_up(client, input, options \\ [])

View Source

Confirms user registration as an admin without using a confirmation code.

Works on any user.

Calling this action requires developer credentials.

Link to this function

admin_create_user(client, input, options \\ [])

View Source

Creates a new user in the specified user pool.

If MessageAction is not set, the default is to send a welcome message via email or phone (SMS).

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.

Alternatively, you can call AdminCreateUser with “SUPPRESS” for the MessageAction parameter, and Amazon Cognito will not send any email.

In either case, the user will be in the FORCE_CHANGE_PASSWORD state until they sign in and change their password.

AdminCreateUser requires developer credentials.

Link to this function

admin_delete_user(client, input, options \\ [])

View Source

Deletes a user as an administrator.

Works on any user.

Calling this action requires developer credentials.

Link to this function

admin_delete_user_attributes(client, input, options \\ [])

View Source

Deletes the user attributes in a user pool as an administrator.

Works on any user.

Calling this action requires developer credentials.

Link to this function

admin_disable_provider_for_user(client, input, options \\ [])

View Source

Disables the user from signing in with the specified external (SAML or social) identity provider.

If the user to disable is a Cognito User Pools native username + password user, they are not permitted to use their password to sign-in. If the user to disable is a linked external IdP user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked DestinationUser) signs in, they must create a new user account. See AdminLinkProviderForUser.

This action is enabled only for admin access and requires developer credentials.

The ProviderName must match the value specified when creating an IdP for the pool.

To disable a native username + password user, the ProviderName value must be Cognito and the ProviderAttributeName must be Cognito_Subject, with the ProviderAttributeValue being the name that is used in the user pool for the user.

The ProviderAttributeName must always be Cognito_Subject for social identity providers. The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign-in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked using AdminLinkProviderForUser call. (If the linking was done with ProviderAttributeName set to Cognito_Subject, the same applies here). However, if the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the subject of the SAML assertion.

Link to this function

admin_disable_user(client, input, options \\ [])

View Source

Disables the specified user.

Calling this action requires developer credentials.

Link to this function

admin_enable_user(client, input, options \\ [])

View Source

Enables the specified user as an administrator.

Works on any user.

Calling this action requires developer credentials.

Link to this function

admin_forget_device(client, input, options \\ [])

View Source

Forgets the device, as an administrator.

Calling this action requires developer credentials.

Link to this function

admin_get_device(client, input, options \\ [])

View Source

Gets the device, as an administrator.

Calling this action requires developer credentials.

Link to this function

admin_get_user(client, input, options \\ [])

View Source

Gets the specified user by user name in a user pool as an administrator.

Works on any user.

Calling this action requires developer credentials.

Link to this function

admin_initiate_auth(client, input, options \\ [])

View Source

Initiates the authentication flow, as an administrator.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Calling this action requires developer credentials.

Link to this function

admin_list_devices(client, input, options \\ [])

View Source

Lists devices, as an administrator.

Calling this action requires developer credentials.

Link to this function

admin_list_groups_for_user(client, input, options \\ [])

View Source

Lists the groups that the user belongs to.

Calling this action requires developer credentials.

Link to this function

admin_list_user_auth_events(client, input, options \\ [])

View Source

Lists a history of user activity and any risks detected as part of Amazon Cognito advanced security.

Link to this function

admin_remove_user_from_group(client, input, options \\ [])

View Source

Removes the specified user from the specified group.

Calling this action requires developer credentials.

Link to this function

admin_reset_user_password(client, input, options \\ [])

View Source

Resets the specified user's password in a user pool as an administrator.

Works on any user.

When a developer calls this API, the current password is invalidated, so it must be changed. If a user tries to sign in after the API is called, the app will get a PasswordResetRequiredException exception back and should direct the user down the flow to reset the password, which is the same as the forgot password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Calling this action requires developer credentials.

Link to this function

admin_respond_to_auth_challenge(client, input, options \\ [])

View Source

Responds to an authentication challenge, as an administrator.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Calling this action requires developer credentials.

Link to this function

admin_set_user_mfa_preference(client, input, options \\ [])

View Source

Sets the user's multi-factor authentication (MFA) preference, including which MFA options are enabled and if any are preferred.

Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are enabled. If multiple options are enabled and no preference is set, a challenge to choose an MFA option will be returned during sign in.

Link to this function

admin_set_user_password(client, input, options \\ [])

View Source

Sets the specified user's password in a user pool as an administrator.

Works on any user.

The password can be temporary or permanent. If it is temporary, the user status will be placed into the FORCE_CHANGE_PASSWORD state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the NEW_PASSWORD_REQUIRED challenge. If the user does not sign in before it expires, the user will not be able to sign in and their password will need to be reset by an administrator.

Once the user has set a new password, or the password is permanent, the user status will be set to Confirmed.

Link to this function

admin_set_user_settings(client, input, options \\ [])

View Source

This action is no longer supported. You can use it to configure only SMS MFA.

You can't use it to configure TOTP software token MFA. To configure either type of MFA, use AdminSetUserMFAPreference instead.

Link to this function

admin_update_auth_event_feedback(client, input, options \\ [])

View Source

Provides feedback for an authentication event as to whether it was from a valid user.

This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.

Link to this function

admin_update_device_status(client, input, options \\ [])

View Source

Updates the device status as an administrator.

Calling this action requires developer credentials.

Link to this function

admin_update_user_attributes(client, input, options \\ [])

View Source

Updates the specified user's attributes, including developer attributes, as an administrator.

Works on any user.

For custom attributes, you must prepend the custom: prefix to the attribute name.

In addition to updating user attributes, this API can also be used to mark phone and email as verified.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Calling this action requires developer credentials.

Link to this function

admin_user_global_sign_out(client, input, options \\ [])

View Source

Signs out users from all devices, as an administrator.

It also invalidates all refresh tokens issued to a user. The user's current access and Id tokens remain valid until their expiry. Access and Id tokens expire one hour after they are issued.

Calling this action requires developer credentials.

Link to this function

associate_software_token(client, input, options \\ [])

View Source

Returns a unique generated shared secret key code for the user account.

The request takes an access token or a session string, but not both.

Calling AssociateSoftwareToken immediately disassociates the existing software token from the user account. If the user doesn't subsequently verify the software token, their account is essentially set up to authenticate without MFA. If MFA config is set to Optional at the user pool level, the user can then login without MFA. However, if MFA is set to Required for the user pool, the user will be asked to setup a new software token MFA during sign in.

Link to this function

change_password(client, input, options \\ [])

View Source

Changes the password for a specified user in a user pool.

Link to this function

confirm_device(client, input, options \\ [])

View Source

Confirms tracking of the device.

This API call is the call that begins device tracking.

Link to this function

confirm_forgot_password(client, input, options \\ [])

View Source

Allows a user to enter a confirmation code to reset a forgotten password.

Link to this function

confirm_sign_up(client, input, options \\ [])

View Source

Confirms registration of a user and handles the existing alias from a previous user.

Link to this function

create_group(client, input, options \\ [])

View Source

Creates a new group in the specified user pool.

Calling this action requires developer credentials.

Link to this function

create_identity_provider(client, input, options \\ [])

View Source

Creates an identity provider for a user pool.

Link to this function

create_resource_server(client, input, options \\ [])

View Source

Creates a new OAuth2.0 resource server and defines custom scopes in it.

Link to this function

create_user_import_job(client, input, options \\ [])

View Source

Creates the user import job.

Link to this function

create_user_pool(client, input, options \\ [])

View Source

Creates a new Amazon Cognito user pool and sets the password policy for the pool.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

create_user_pool_client(client, input, options \\ [])

View Source

Creates the user pool client.

When you create a new user pool client, token revocation is automatically enabled. For more information about revoking tokens, see RevokeToken.

Link to this function

create_user_pool_domain(client, input, options \\ [])

View Source

Creates a new domain for a user pool.

Link to this function

delete_group(client, input, options \\ [])

View Source

Deletes a group.

Calling this action requires developer credentials.

Link to this function

delete_identity_provider(client, input, options \\ [])

View Source

Deletes an identity provider for a user pool.

Link to this function

delete_resource_server(client, input, options \\ [])

View Source

Deletes a resource server.

Link to this function

delete_user(client, input, options \\ [])

View Source

Allows a user to delete himself or herself.

Link to this function

delete_user_attributes(client, input, options \\ [])

View Source

Deletes the attributes for a user.

Link to this function

delete_user_pool(client, input, options \\ [])

View Source

Deletes the specified Amazon Cognito user pool.

Link to this function

delete_user_pool_client(client, input, options \\ [])

View Source

Allows the developer to delete the user pool client.

Link to this function

delete_user_pool_domain(client, input, options \\ [])

View Source

Deletes a domain for a user pool.

Link to this function

describe_identity_provider(client, input, options \\ [])

View Source

Gets information about a specific identity provider.

Link to this function

describe_resource_server(client, input, options \\ [])

View Source

Describes a resource server.

Link to this function

describe_risk_configuration(client, input, options \\ [])

View Source

Describes the risk configuration.

Link to this function

describe_user_import_job(client, input, options \\ [])

View Source

Describes the user import job.

Link to this function

describe_user_pool(client, input, options \\ [])

View Source

Returns the configuration information and metadata of the specified user pool.

Link to this function

describe_user_pool_client(client, input, options \\ [])

View Source

Client method for returning the configuration information and metadata of the specified user pool app client.

Link to this function

describe_user_pool_domain(client, input, options \\ [])

View Source

Gets information about a domain.

Link to this function

forget_device(client, input, options \\ [])

View Source

Forgets the specified device.

Link to this function

forgot_password(client, input, options \\ [])

View Source

Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password.

For the Username parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see Recovering User Accounts in the Amazon Cognito Developer Guide. If neither a verified phone number nor a verified email exists, an InvalidParameterException is thrown. To use the confirmation code for resetting the password, call ConfirmForgotPassword. This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

get_csv_header(client, input, options \\ [])

View Source

Gets the header information for the .csv file to be used as input for the user import job.

Link to this function

get_device(client, input, options \\ [])

View Source

Gets the device.

Link to this function

get_group(client, input, options \\ [])

View Source

Gets a group.

Calling this action requires developer credentials.

Link to this function

get_identity_provider_by_identifier(client, input, options \\ [])

View Source

Gets the specified identity provider.

Link to this function

get_signing_certificate(client, input, options \\ [])

View Source

This method takes a user pool ID, and returns the signing certificate.

Link to this function

get_ui_customization(client, input, options \\ [])

View Source

Gets the UI Customization information for a particular app client's app UI, if there is something set.

If nothing is set for the particular client, but there is an existing pool level customization (app clientId will be ALL), then that is returned. If nothing is present, then an empty shape is returned.

Link to this function

get_user(client, input, options \\ [])

View Source

Gets the user attributes and metadata for a user.

Link to this function

get_user_attribute_verification_code(client, input, options \\ [])

View Source

Gets the user attribute verification code for the specified attribute name.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

get_user_pool_mfa_config(client, input, options \\ [])

View Source

Gets the user pool multi-factor authentication (MFA) configuration.

Link to this function

global_sign_out(client, input, options \\ [])

View Source

Signs out users from all devices.

It also invalidates all refresh tokens issued to a user. The user's current access and Id tokens remain valid until their expiry. Access and Id tokens expire one hour after they are issued.

Link to this function

initiate_auth(client, input, options \\ [])

View Source

Initiates the authentication flow.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

list_devices(client, input, options \\ [])

View Source

Lists the devices.

Link to this function

list_groups(client, input, options \\ [])

View Source

Lists the groups associated with a user pool.

Calling this action requires developer credentials.

Link to this function

list_identity_providers(client, input, options \\ [])

View Source

Lists information about all identity providers for a user pool.

Link to this function

list_resource_servers(client, input, options \\ [])

View Source

Lists the resource servers for a user pool.

Link to this function

list_tags_for_resource(client, input, options \\ [])

View Source

Lists the tags that are assigned to an Amazon Cognito user pool.

A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.

You can use this action up to 10 times per second, per account.

Link to this function

list_user_import_jobs(client, input, options \\ [])

View Source

Lists the user import jobs.

Link to this function

list_user_pool_clients(client, input, options \\ [])

View Source

Lists the clients that have been created for the specified user pool.

Link to this function

list_user_pools(client, input, options \\ [])

View Source

Lists the user pools associated with an account.

Link to this function

list_users(client, input, options \\ [])

View Source

Lists the users in the Amazon Cognito user pool.

Link to this function

list_users_in_group(client, input, options \\ [])

View Source

Lists the users in the specified group.

Calling this action requires developer credentials.

Link to this function

resend_confirmation_code(client, input, options \\ [])

View Source

Resends the confirmation (for confirmation of registration) to a specific user in the user pool.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

respond_to_auth_challenge(client, input, options \\ [])

View Source

Responds to the authentication challenge.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

revoke_token(client, input, options \\ [])

View Source

Revokes all of the access tokens generated by the specified refresh token.

After the token is revoked, you can not use the revoked token to access Cognito authenticated APIs.

Link to this function

set_risk_configuration(client, input, options \\ [])

View Source

Configures actions on detected risks.

To delete the risk configuration for UserPoolId or ClientId, pass null values for all four configuration types.

To enable Amazon Cognito advanced security features, update the user pool to include the UserPoolAddOns keyAdvancedSecurityMode.

Link to this function

set_ui_customization(client, input, options \\ [])

View Source

Sets the UI customization information for a user pool's built-in app UI.

You can specify app UI customization settings for a single client (with a specific clientId) or for all clients (by setting the clientId to ALL). If you specify ALL, the default configuration will be used for every client that has no UI customization set previously. If you specify UI customization settings for a particular client, it will no longer fall back to the ALL configuration.

To use this API, your user pool must have a domain associated with it. Otherwise, there is no place to host the app's pages, and the service will throw an error.

Link to this function

set_user_mfa_preference(client, input, options \\ [])

View Source

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are enabled and if any are preferred.

Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are enabled. If multiple options are enabled and no preference is set, a challenge to choose an MFA option will be returned during sign in. If an MFA type is enabled for a user, the user will be prompted for MFA during all sign in attempts, unless device tracking is turned on and the device has been trusted. If you would like MFA to be applied selectively based on the assessed risk level of sign in attempts, disable MFA for users and turn on Adaptive Authentication for the user pool.

Link to this function

set_user_pool_mfa_config(client, input, options \\ [])

View Source

Set the user pool multi-factor authentication (MFA) configuration.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

set_user_settings(client, input, options \\ [])

View Source

This action is no longer supported. You can use it to configure only SMS MFA.

You can't use it to configure TOTP software token MFA. To configure either type of MFA, use SetUserMFAPreference instead.

Link to this function

sign_up(client, input, options \\ [])

View Source

Registers the user in the specified user pool and creates a user name, password, and user attributes.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

start_user_import_job(client, input, options \\ [])

View Source

Starts the user import.

Link to this function

stop_user_import_job(client, input, options \\ [])

View Source

Stops the user import job.

Link to this function

tag_resource(client, input, options \\ [])

View Source

Assigns a set of tags to an Amazon Cognito user pool.

A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.

Each tag consists of a key and value, both of which you define. A key is a general category for more specific values. For example, if you have two versions of a user pool, one for testing and another for production, you might assign an Environment tag key to both user pools. The value of this key might be Test for one user pool and Production for the other.

Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an IAM policy, you can constrain permissions for user pools based on specific tags or tag values.

You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.

Link to this function

untag_resource(client, input, options \\ [])

View Source

Removes the specified tags from an Amazon Cognito user pool.

You can use this action up to 5 times per second, per account

Link to this function

update_auth_event_feedback(client, input, options \\ [])

View Source

Provides the feedback for an authentication event whether it was from a valid user or not.

This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.

Link to this function

update_device_status(client, input, options \\ [])

View Source

Updates the device status.

Link to this function

update_group(client, input, options \\ [])

View Source

Updates the specified group with the specified attributes.

Calling this action requires developer credentials.

Link to this function

update_identity_provider(client, input, options \\ [])

View Source

Updates identity provider information for a user pool.

Link to this function

update_resource_server(client, input, options \\ [])

View Source

Updates the name and scopes of resource server.

All other fields are read-only.

If you don't provide a value for an attribute, it will be set to the default value.

Link to this function

update_user_attributes(client, input, options \\ [])

View Source

Allows a user to update a specific attribute (one at a time).

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

update_user_pool(client, input, options \\ [])

View Source

Updates the specified user pool with the specified attributes.

You can get a list of the current user pool settings using DescribeUserPool. If you don't provide a value for an attribute, it will be set to the default value.

This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In sandbox mode , you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see SMS message settings for Cognito User Pools in the Amazon Cognito Developer Guide.

Link to this function

update_user_pool_client(client, input, options \\ [])

View Source

Updates the specified user pool app client with the specified attributes.

You can get a list of the current user pool app client settings using DescribeUserPoolClient. If you don't provide a value for an attribute, it will be set to the default value.

You can also use this operation to enable token revocation for user pool clients. For more information about revoking tokens, see RevokeToken.

Link to this function

update_user_pool_domain(client, input, options \\ [])

View Source

Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.

You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You cannot use it to change the domain for a user pool.

A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.

Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.

However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.

When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Region.

After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.

For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.

Link to this function

verify_software_token(client, input, options \\ [])

View Source

Use this API to register a user's entered TOTP code and mark the user's software token MFA status as "verified" if successful.

The request takes an access token or a session string, but not both.

Link to this function

verify_user_attribute(client, input, options \\ [])

View Source

Verifies the specified user attributes in the user pool.