baiji v0.6.5 Baiji.CognitoIdentityProvider
Using the Amazon Cognito User Pools API, you can create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.
This API reference provides information about user pools in Amazon Cognito User Pools.
For more information, see the Amazon Cognito Documentation.
Link to this section Summary
Functions
Returns a map containing the input/output shapes for this endpoint
Outputs values common to all actions
Adds additional user attributes to the user pool schema
Adds the specified user to the specified group
Confirms user registration as an admin without using a confirmation code. Works on any user
Creates a new user in the specified user pool and sends a welcome message via email or phone (SMS). This message is based on a template that you configured in your call to CreateUserPool or UpdateUserPool. This template includes your custom sign-up instructions and placeholders for user name and temporary password
Deletes a user as an administrator. Works on any user
Deletes the user attributes in a user pool as an administrator. Works on any user
Disables the user from signing in with the specified external (SAML or
social) identity provider. If the user to disable is a Cognito User Pools
native username + password user, they are not permitted to use their
password to sign-in. If the user to disable is a linked external IdP user,
any link between that user and an existing user is removed. The next time
the external user (no longer attached to the previously linked
DestinationUser
) signs in, they must create a new user account. See
AdminLinkProviderForUser
Disables the specified user as an administrator. Works on any user
Enables the specified user as an administrator. Works on any user
Forgets the device, as an administrator
Gets the device, as an administrator
Gets the specified user by user name in a user pool as an administrator. Works on any user
Initiates the authentication flow, as an administrator
Links an existing user account in a user pool (DestinationUser
) to an
identity from an external identity provider (SourceUser
) based on a
specified attribute name and value from the external identity provider.
This allows you to create a link from the existing user account to an
external federated user identity that has not yet been used to sign in, so
that the federated user identity can be used to sign in as the existing
user account
Lists devices, as an administrator
Lists the groups that the user belongs to
Removes the specified user from the specified group
Resets the specified user’s password in a user pool as an administrator. Works on any user
Responds to an authentication challenge, as an administrator
Sets all the user settings for a specified user name. Works on any user
Updates the device status as an administrator
Updates the specified user’s attributes, including developer attributes, as an administrator. Works on any user
Signs out users from all devices, as an administrator
Changes the password for a specified user in a user pool
Confirms tracking of the device. This API call is the call that begins device tracking
Allows a user to enter a confirmation code to reset a forgotten password
Confirms registration of a user and handles the existing alias from a previous user
Creates a new group in the specified user pool
Creates an identity provider for a user pool
Creates a new OAuth2.0 resource server and defines custom scopes in it
Creates the user import job
Creates a new Amazon Cognito user pool and sets the password policy for the pool
Creates the user pool client
Creates a new domain for a user pool
Deletes a group. Currently only groups with no members can be deleted
Deletes an identity provider for a user pool
Deletes a resource server
Allows a user to delete himself or herself
Deletes the attributes for a user
Deletes the specified Amazon Cognito user pool
Allows the developer to delete the user pool client
Deletes a domain for a user pool
Gets information about a specific identity provider
Describes a resource server
Describes the user import job
Returns the configuration information and metadata of the specified user pool
Client method for returning the configuration information and metadata of the specified user pool client
Gets information about a domain
Forgets the specified device
Calling this API causes a message to be sent to the end user with a
confirmation code that is required to change the user’s password. For the
Username
parameter, you can use the username or user alias. If a verified
phone number exists for the user, the confirmation code is sent to the
phone number. Otherwise, if a verified email exists, the confirmation code
is sent to the email. If neither a verified phone number nor a verified
email exists, InvalidParameterException
is thrown. To use the
confirmation code for resetting the password, call
ConfirmForgotPassword
Gets the header information for the .csv file to be used as input for the user import job
Gets the device
Gets a group
Gets the specified identity provider
Gets the UI Customization information for a particular app client’s app UI,
if there is something set. If nothing is set for the particular client, but
there is an existing pool level customization (app clientId
will be
ALL
), then that is returned. If nothing is present, then an empty shape
is returned
Gets the user attributes and metadata for a user
Gets the user attribute verification code for the specified attribute name
Signs out users from all devices
Initiates the authentication flow
Lists the devices
Lists the groups associated with a user pool
Lists information about all identity providers for a user pool
Lists the resource servers for a user pool
Lists the user import jobs
Lists the clients that have been created for the specified user pool
Lists the user pools associated with an AWS account
Lists the users in the Amazon Cognito user pool
Lists the users in the specified group
Resends the confirmation (for confirmation of registration) to a specific user in the user pool
Responds to the authentication challenge
Sets the UI customization information for a user pool’s built-in app UI
Sets the user settings like multi-factor authentication (MFA). If MFA is to be removed for a particular attribute pass the attribute with code delivery as null. If null list is passed, all MFA options are removed
Registers the user in the specified user pool and creates a user name, password, and user attributes
Starts the user import
Stops the user import job
Updates the device status
Updates the specified group with the specified attributes
Updates identity provider information for a user pool
Updates the name and scopes of resource server. All other fields are read-only
Allows a user to update a specific attribute (one at a time)
Updates the specified user pool with the specified attributes
Allows the developer to update the specified user pool client and password policy
Verifies the specified user attributes in the user pool
Link to this section Functions
Returns a map containing the input/output shapes for this endpoint
Outputs values common to all actions
Adds additional user attributes to the user pool schema.
Adds the specified user to the specified group.
Requires developer credentials.
Confirms user registration as an admin without using a confirmation code. Works on any user.
Requires developer credentials.
Creates a new user in the specified user pool and sends a welcome message via email or phone (SMS). This message is based on a template that you configured in your call to CreateUserPool or UpdateUserPool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Requires developer credentials.
Deletes a user as an administrator. Works on any user.
Requires developer credentials.
Deletes the user attributes in a user pool as an administrator. Works on any user.
Requires developer credentials.
Disables the user from signing in with the specified external (SAML or
social) identity provider. If the user to disable is a Cognito User Pools
native username + password user, they are not permitted to use their
password to sign-in. If the user to disable is a linked external IdP user,
any link between that user and an existing user is removed. The next time
the external user (no longer attached to the previously linked
DestinationUser
) signs in, they must create a new user account. See
AdminLinkProviderForUser.
This action is enabled only for admin access and requires developer credentials.
The ProviderName
must match the value specified when creating an IdP for
the pool.
To disable a native username + password user, the ProviderName
value must
be Cognito
and the ProviderAttributeName
must be Cognito_Subject
,
with the ProviderAttributeValue
being the name that is used in the user
pool for the user.
The ProviderAttributeName
must always be Cognito_Subject
for social
identity providers. The ProviderAttributeValue
must always be the exact
subject that was used when the user was originally linked as a source user.
For de-linking a SAML identity, there are two scenarios. If the linked
identity has not yet been used to sign-in, the ProviderAttributeName
and
ProviderAttributeValue
must be the same values that were used for the
SourceUser
when the identities were originally linked in the
AdminLinkProviderForUser call. (If the
linking was done with ProviderAttributeName
set to Cognito_Subject
, the
same applies here). However, if the user has already signed in, the
ProviderAttributeName
must be Cognito_Subject
and
ProviderAttributeValue
must be the subject of the SAML assertion.
Disables the specified user as an administrator. Works on any user.
Requires developer credentials.
Enables the specified user as an administrator. Works on any user.
Requires developer credentials.
Forgets the device, as an administrator.
Requires developer credentials.
Gets the device, as an administrator.
Requires developer credentials.
Gets the specified user by user name in a user pool as an administrator. Works on any user.
Requires developer credentials.
Initiates the authentication flow, as an administrator.
Requires developer credentials.
Links an existing user account in a user pool (DestinationUser
) to an
identity from an external identity provider (SourceUser
) based on a
specified attribute name and value from the external identity provider.
This allows you to create a link from the existing user account to an
external federated user identity that has not yet been used to sign in, so
that the federated user identity can be used to sign in as the existing
user account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity, so that when the federated user identity is used, the user signs in as the existing user account.
This action is enabled only for admin access and requires developer credentials.
Lists devices, as an administrator.
Requires developer credentials.
Lists the groups that the user belongs to.
Requires developer credentials.
Removes the specified user from the specified group.
Requires developer credentials.
Resets the specified user’s password in a user pool as an administrator. Works on any user.
When a developer calls this API, the current password is invalidated, so it must be changed. If a user tries to sign in after the API is called, the app will get a PasswordResetRequiredException exception back and should direct the user down the flow to reset the password, which is the same as the forgot password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.
Requires developer credentials.
Responds to an authentication challenge, as an administrator.
Requires developer credentials.
Sets all the user settings for a specified user name. Works on any user.
Requires developer credentials.
Updates the device status as an administrator.
Requires developer credentials.
Updates the specified user’s attributes, including developer attributes, as an administrator. Works on any user.
For custom attributes, you must prepend the custom:
prefix to the
attribute name.
In addition to updating user attributes, this API can also be used to mark phone and email as verified.
Requires developer credentials.
Signs out users from all devices, as an administrator.
Requires developer credentials.
Changes the password for a specified user in a user pool.
Confirms tracking of the device. This API call is the call that begins device tracking.
Allows a user to enter a confirmation code to reset a forgotten password.
Confirms registration of a user and handles the existing alias from a previous user.
Creates a new group in the specified user pool.
Requires developer credentials.
Creates an identity provider for a user pool.
Creates a new OAuth2.0 resource server and defines custom scopes in it.
Creates the user import job.
Creates a new Amazon Cognito user pool and sets the password policy for the pool.
Creates the user pool client.
Creates a new domain for a user pool.
Deletes a group. Currently only groups with no members can be deleted.
Requires developer credentials.
Deletes an identity provider for a user pool.
Deletes a resource server.
Allows a user to delete himself or herself.
Deletes the attributes for a user.
Deletes the specified Amazon Cognito user pool.
Allows the developer to delete the user pool client.
Deletes a domain for a user pool.
Gets information about a specific identity provider.
Describes a resource server.
Describes the user import job.
Returns the configuration information and metadata of the specified user pool.
Client method for returning the configuration information and metadata of the specified user pool client.
Gets information about a domain.
Forgets the specified device.
Calling this API causes a message to be sent to the end user with a
confirmation code that is required to change the user’s password. For the
Username
parameter, you can use the username or user alias. If a verified
phone number exists for the user, the confirmation code is sent to the
phone number. Otherwise, if a verified email exists, the confirmation code
is sent to the email. If neither a verified phone number nor a verified
email exists, InvalidParameterException
is thrown. To use the
confirmation code for resetting the password, call
ConfirmForgotPassword.
Gets the header information for the .csv file to be used as input for the user import job.
Gets the device.
Gets a group.
Requires developer credentials.
Gets the specified identity provider.
Gets the UI Customization information for a particular app client’s app UI,
if there is something set. If nothing is set for the particular client, but
there is an existing pool level customization (app clientId
will be
ALL
), then that is returned. If nothing is present, then an empty shape
is returned.
Gets the user attributes and metadata for a user.
Gets the user attribute verification code for the specified attribute name.
Signs out users from all devices.
Initiates the authentication flow.
Lists the devices.
Lists the groups associated with a user pool.
Requires developer credentials.
Lists information about all identity providers for a user pool.
Lists the resource servers for a user pool.
Lists the user import jobs.
Lists the clients that have been created for the specified user pool.
Lists the user pools associated with an AWS account.
Lists the users in the Amazon Cognito user pool.
Lists the users in the specified group.
Requires developer credentials.
Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
Responds to the authentication challenge.
Sets the UI customization information for a user pool’s built-in app UI.
You can specify app UI customization settings for a single client (with a
specific clientId
) or for all clients (by setting the clientId
to
ALL
). If you specify ALL
, the default configuration will be used for
every client that has no UI customization set previously. If you specify UI
customization settings for a particular client, it will no longer fall back
to the ALL
configuration.
Sets the user settings like multi-factor authentication (MFA). If MFA is to be removed for a particular attribute pass the attribute with code delivery as null. If null list is passed, all MFA options are removed.
Registers the user in the specified user pool and creates a user name, password, and user attributes.
Starts the user import.
Stops the user import job.
Updates the device status.
Updates the specified group with the specified attributes.
Requires developer credentials.
Updates identity provider information for a user pool.
Updates the name and scopes of resource server. All other fields are read-only.
Allows a user to update a specific attribute (one at a time).
Updates the specified user pool with the specified attributes.
Allows the developer to update the specified user pool client and password policy.
Verifies the specified user attributes in the user pool.