baiji v0.6.5 Baiji.CognitoIdentityProvider

Using the Amazon Cognito User Pools API, you can create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.

This API reference provides information about user pools in Amazon Cognito User Pools.

For more information, see the Amazon Cognito Documentation.

Link to this section Summary

Functions

Returns a map containing the input/output shapes for this endpoint

Outputs values common to all actions

Adds additional user attributes to the user pool schema

Adds the specified user to the specified group

Confirms user registration as an admin without using a confirmation code. Works on any user

Creates a new user in the specified user pool and sends a welcome message via email or phone (SMS). This message is based on a template that you configured in your call to CreateUserPool or UpdateUserPool. This template includes your custom sign-up instructions and placeholders for user name and temporary password

Deletes a user as an administrator. Works on any user

Deletes the user attributes in a user pool as an administrator. Works on any user

Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Cognito User Pools native username + password user, they are not permitted to use their password to sign-in. If the user to disable is a linked external IdP user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked DestinationUser) signs in, they must create a new user account. See AdminLinkProviderForUser

Disables the specified user as an administrator. Works on any user

Enables the specified user as an administrator. Works on any user

Forgets the device, as an administrator

Gets the device, as an administrator

Gets the specified user by user name in a user pool as an administrator. Works on any user

Initiates the authentication flow, as an administrator

Links an existing user account in a user pool (DestinationUser) to an identity from an external identity provider (SourceUser) based on a specified attribute name and value from the external identity provider. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in, so that the federated user identity can be used to sign in as the existing user account

Lists devices, as an administrator

Lists the groups that the user belongs to

Removes the specified user from the specified group

Resets the specified user’s password in a user pool as an administrator. Works on any user

Responds to an authentication challenge, as an administrator

Sets all the user settings for a specified user name. Works on any user

Updates the device status as an administrator

Updates the specified user’s attributes, including developer attributes, as an administrator. Works on any user

Signs out users from all devices, as an administrator

Changes the password for a specified user in a user pool

Confirms tracking of the device. This API call is the call that begins device tracking

Allows a user to enter a confirmation code to reset a forgotten password

Confirms registration of a user and handles the existing alias from a previous user

Creates a new group in the specified user pool

Creates an identity provider for a user pool

Creates a new OAuth2.0 resource server and defines custom scopes in it

Creates a new Amazon Cognito user pool and sets the password policy for the pool

Creates a new domain for a user pool

Deletes a group. Currently only groups with no members can be deleted

Deletes an identity provider for a user pool

Allows a user to delete himself or herself

Deletes the attributes for a user

Deletes the specified Amazon Cognito user pool

Allows the developer to delete the user pool client

Deletes a domain for a user pool

Gets information about a specific identity provider

Returns the configuration information and metadata of the specified user pool

Client method for returning the configuration information and metadata of the specified user pool client

Forgets the specified device

Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user’s password. For the Username parameter, you can use the username or user alias. If a verified phone number exists for the user, the confirmation code is sent to the phone number. Otherwise, if a verified email exists, the confirmation code is sent to the email. If neither a verified phone number nor a verified email exists, InvalidParameterException is thrown. To use the confirmation code for resetting the password, call ConfirmForgotPassword

Gets the header information for the .csv file to be used as input for the user import job

Gets the UI Customization information for a particular app client’s app UI, if there is something set. If nothing is set for the particular client, but there is an existing pool level customization (app clientId will be ALL), then that is returned. If nothing is present, then an empty shape is returned

Gets the user attributes and metadata for a user

Gets the user attribute verification code for the specified attribute name

Signs out users from all devices

Initiates the authentication flow

Lists the groups associated with a user pool

Lists information about all identity providers for a user pool

Lists the resource servers for a user pool

Lists the clients that have been created for the specified user pool

Lists the user pools associated with an AWS account

Lists the users in the Amazon Cognito user pool

Lists the users in the specified group

Resends the confirmation (for confirmation of registration) to a specific user in the user pool

Responds to the authentication challenge

Sets the UI customization information for a user pool’s built-in app UI

Sets the user settings like multi-factor authentication (MFA). If MFA is to be removed for a particular attribute pass the attribute with code delivery as null. If null list is passed, all MFA options are removed

Registers the user in the specified user pool and creates a user name, password, and user attributes

Updates the specified group with the specified attributes

Updates identity provider information for a user pool

Updates the name and scopes of resource server. All other fields are read-only

Allows a user to update a specific attribute (one at a time)

Updates the specified user pool with the specified attributes

Allows the developer to update the specified user pool client and password policy

Verifies the specified user attributes in the user pool

Link to this section Functions

Returns a map containing the input/output shapes for this endpoint

Outputs values common to all actions

Link to this function add_custom_attributes(input \\ %{}, options \\ [])

Adds additional user attributes to the user pool schema.

Link to this function admin_add_user_to_group(input \\ %{}, options \\ [])

Adds the specified user to the specified group.

Requires developer credentials.

Link to this function admin_confirm_sign_up(input \\ %{}, options \\ [])

Confirms user registration as an admin without using a confirmation code. Works on any user.

Requires developer credentials.

Link to this function admin_create_user(input \\ %{}, options \\ [])

Creates a new user in the specified user pool and sends a welcome message via email or phone (SMS). This message is based on a template that you configured in your call to CreateUserPool or UpdateUserPool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.

Requires developer credentials.

Link to this function admin_delete_user(input \\ %{}, options \\ [])

Deletes a user as an administrator. Works on any user.

Requires developer credentials.

Link to this function admin_delete_user_attributes(input \\ %{}, options \\ [])

Deletes the user attributes in a user pool as an administrator. Works on any user.

Requires developer credentials.

Link to this function admin_disable_provider_for_user(input \\ %{}, options \\ [])

Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Cognito User Pools native username + password user, they are not permitted to use their password to sign-in. If the user to disable is a linked external IdP user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked DestinationUser) signs in, they must create a new user account. See AdminLinkProviderForUser.

This action is enabled only for admin access and requires developer credentials.

The ProviderName must match the value specified when creating an IdP for the pool.

To disable a native username + password user, the ProviderName value must be Cognito and the ProviderAttributeName must be Cognito_Subject, with the ProviderAttributeValue being the name that is used in the user pool for the user.

The ProviderAttributeName must always be Cognito_Subject for social identity providers. The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign-in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked in the AdminLinkProviderForUser call. (If the linking was done with ProviderAttributeName set to Cognito_Subject, the same applies here). However, if the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the subject of the SAML assertion.

Link to this function admin_disable_user(input \\ %{}, options \\ [])

Disables the specified user as an administrator. Works on any user.

Requires developer credentials.

Link to this function admin_enable_user(input \\ %{}, options \\ [])

Enables the specified user as an administrator. Works on any user.

Requires developer credentials.

Link to this function admin_forget_device(input \\ %{}, options \\ [])

Forgets the device, as an administrator.

Requires developer credentials.

Link to this function admin_get_device(input \\ %{}, options \\ [])

Gets the device, as an administrator.

Requires developer credentials.

Link to this function admin_get_user(input \\ %{}, options \\ [])

Gets the specified user by user name in a user pool as an administrator. Works on any user.

Requires developer credentials.

Link to this function admin_initiate_auth(input \\ %{}, options \\ [])

Initiates the authentication flow, as an administrator.

Requires developer credentials.

Link to this function admin_list_devices(input \\ %{}, options \\ [])

Lists devices, as an administrator.

Requires developer credentials.

Link to this function admin_list_groups_for_user(input \\ %{}, options \\ [])

Lists the groups that the user belongs to.

Requires developer credentials.

Link to this function admin_remove_user_from_group(input \\ %{}, options \\ [])

Removes the specified user from the specified group.

Requires developer credentials.

Link to this function admin_reset_user_password(input \\ %{}, options \\ [])

Resets the specified user’s password in a user pool as an administrator. Works on any user.

When a developer calls this API, the current password is invalidated, so it must be changed. If a user tries to sign in after the API is called, the app will get a PasswordResetRequiredException exception back and should direct the user down the flow to reset the password, which is the same as the forgot password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.

Requires developer credentials.

Link to this function admin_respond_to_auth_challenge(input \\ %{}, options \\ [])

Responds to an authentication challenge, as an administrator.

Requires developer credentials.

Link to this function admin_set_user_settings(input \\ %{}, options \\ [])

Sets all the user settings for a specified user name. Works on any user.

Requires developer credentials.

Link to this function admin_update_device_status(input \\ %{}, options \\ [])

Updates the device status as an administrator.

Requires developer credentials.

Link to this function admin_update_user_attributes(input \\ %{}, options \\ [])

Updates the specified user’s attributes, including developer attributes, as an administrator. Works on any user.

For custom attributes, you must prepend the custom: prefix to the attribute name.

In addition to updating user attributes, this API can also be used to mark phone and email as verified.

Requires developer credentials.

Link to this function admin_user_global_sign_out(input \\ %{}, options \\ [])

Signs out users from all devices, as an administrator.

Requires developer credentials.

Link to this function change_password(input \\ %{}, options \\ [])

Changes the password for a specified user in a user pool.

Link to this function confirm_device(input \\ %{}, options \\ [])

Confirms tracking of the device. This API call is the call that begins device tracking.

Link to this function confirm_forgot_password(input \\ %{}, options \\ [])

Allows a user to enter a confirmation code to reset a forgotten password.

Link to this function confirm_sign_up(input \\ %{}, options \\ [])

Confirms registration of a user and handles the existing alias from a previous user.

Link to this function create_group(input \\ %{}, options \\ [])

Creates a new group in the specified user pool.

Requires developer credentials.

Link to this function create_identity_provider(input \\ %{}, options \\ [])

Creates an identity provider for a user pool.

Link to this function create_resource_server(input \\ %{}, options \\ [])

Creates a new OAuth2.0 resource server and defines custom scopes in it.

Link to this function create_user_import_job(input \\ %{}, options \\ [])

Creates the user import job.

Link to this function create_user_pool(input \\ %{}, options \\ [])

Creates a new Amazon Cognito user pool and sets the password policy for the pool.

Link to this function create_user_pool_client(input \\ %{}, options \\ [])

Creates the user pool client.

Link to this function create_user_pool_domain(input \\ %{}, options \\ [])

Creates a new domain for a user pool.

Link to this function delete_group(input \\ %{}, options \\ [])

Deletes a group. Currently only groups with no members can be deleted.

Requires developer credentials.

Link to this function delete_identity_provider(input \\ %{}, options \\ [])

Deletes an identity provider for a user pool.

Link to this function delete_resource_server(input \\ %{}, options \\ [])

Deletes a resource server.

Link to this function delete_user(input \\ %{}, options \\ [])

Allows a user to delete himself or herself.

Link to this function delete_user_attributes(input \\ %{}, options \\ [])

Deletes the attributes for a user.

Link to this function delete_user_pool(input \\ %{}, options \\ [])

Deletes the specified Amazon Cognito user pool.

Link to this function delete_user_pool_client(input \\ %{}, options \\ [])

Allows the developer to delete the user pool client.

Link to this function delete_user_pool_domain(input \\ %{}, options \\ [])

Deletes a domain for a user pool.

Link to this function describe_identity_provider(input \\ %{}, options \\ [])

Gets information about a specific identity provider.

Link to this function describe_resource_server(input \\ %{}, options \\ [])

Describes a resource server.

Link to this function describe_user_import_job(input \\ %{}, options \\ [])

Describes the user import job.

Link to this function describe_user_pool(input \\ %{}, options \\ [])

Returns the configuration information and metadata of the specified user pool.

Link to this function describe_user_pool_client(input \\ %{}, options \\ [])

Client method for returning the configuration information and metadata of the specified user pool client.

Link to this function describe_user_pool_domain(input \\ %{}, options \\ [])

Gets information about a domain.

Link to this function forget_device(input \\ %{}, options \\ [])

Forgets the specified device.

Link to this function forgot_password(input \\ %{}, options \\ [])

Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user’s password. For the Username parameter, you can use the username or user alias. If a verified phone number exists for the user, the confirmation code is sent to the phone number. Otherwise, if a verified email exists, the confirmation code is sent to the email. If neither a verified phone number nor a verified email exists, InvalidParameterException is thrown. To use the confirmation code for resetting the password, call ConfirmForgotPassword.

Link to this function get_c_s_v_header(input \\ %{}, options \\ [])

Gets the header information for the .csv file to be used as input for the user import job.

Link to this function get_device(input \\ %{}, options \\ [])

Gets the device.

Link to this function get_group(input \\ %{}, options \\ [])

Gets a group.

Requires developer credentials.

Link to this function get_identity_provider_by_identifier(input \\ %{}, options \\ [])

Gets the specified identity provider.

Link to this function get_u_i_customization(input \\ %{}, options \\ [])

Gets the UI Customization information for a particular app client’s app UI, if there is something set. If nothing is set for the particular client, but there is an existing pool level customization (app clientId will be ALL), then that is returned. If nothing is present, then an empty shape is returned.

Link to this function get_user(input \\ %{}, options \\ [])

Gets the user attributes and metadata for a user.

Link to this function get_user_attribute_verification_code(input \\ %{}, options \\ [])

Gets the user attribute verification code for the specified attribute name.

Link to this function global_sign_out(input \\ %{}, options \\ [])

Signs out users from all devices.

Link to this function initiate_auth(input \\ %{}, options \\ [])

Initiates the authentication flow.

Link to this function list_devices(input \\ %{}, options \\ [])

Lists the devices.

Link to this function list_groups(input \\ %{}, options \\ [])

Lists the groups associated with a user pool.

Requires developer credentials.

Link to this function list_identity_providers(input \\ %{}, options \\ [])

Lists information about all identity providers for a user pool.

Link to this function list_resource_servers(input \\ %{}, options \\ [])

Lists the resource servers for a user pool.

Link to this function list_user_import_jobs(input \\ %{}, options \\ [])

Lists the user import jobs.

Link to this function list_user_pool_clients(input \\ %{}, options \\ [])

Lists the clients that have been created for the specified user pool.

Link to this function list_user_pools(input \\ %{}, options \\ [])

Lists the user pools associated with an AWS account.

Link to this function list_users(input \\ %{}, options \\ [])

Lists the users in the Amazon Cognito user pool.

Link to this function list_users_in_group(input \\ %{}, options \\ [])

Lists the users in the specified group.

Requires developer credentials.

Link to this function resend_confirmation_code(input \\ %{}, options \\ [])

Resends the confirmation (for confirmation of registration) to a specific user in the user pool.

Link to this function respond_to_auth_challenge(input \\ %{}, options \\ [])

Responds to the authentication challenge.

Link to this function set_u_i_customization(input \\ %{}, options \\ [])

Sets the UI customization information for a user pool’s built-in app UI.

You can specify app UI customization settings for a single client (with a specific clientId) or for all clients (by setting the clientId to ALL). If you specify ALL, the default configuration will be used for every client that has no UI customization set previously. If you specify UI customization settings for a particular client, it will no longer fall back to the ALL configuration.

To use this API, your user pool must have a domain associated with it. Otherwise, there is no place to host the app's pages, and the service will throw an error.
Link to this function set_user_settings(input \\ %{}, options \\ [])

Sets the user settings like multi-factor authentication (MFA). If MFA is to be removed for a particular attribute pass the attribute with code delivery as null. If null list is passed, all MFA options are removed.

Link to this function sign_up(input \\ %{}, options \\ [])

Registers the user in the specified user pool and creates a user name, password, and user attributes.

Link to this function start_user_import_job(input \\ %{}, options \\ [])

Starts the user import.

Link to this function stop_user_import_job(input \\ %{}, options \\ [])

Stops the user import job.

Link to this function update_device_status(input \\ %{}, options \\ [])

Updates the device status.

Link to this function update_group(input \\ %{}, options \\ [])

Updates the specified group with the specified attributes.

Requires developer credentials.

Link to this function update_identity_provider(input \\ %{}, options \\ [])

Updates identity provider information for a user pool.

Link to this function update_resource_server(input \\ %{}, options \\ [])

Updates the name and scopes of resource server. All other fields are read-only.

Link to this function update_user_attributes(input \\ %{}, options \\ [])

Allows a user to update a specific attribute (one at a time).

Link to this function update_user_pool(input \\ %{}, options \\ [])

Updates the specified user pool with the specified attributes.

Link to this function update_user_pool_client(input \\ %{}, options \\ [])

Allows the developer to update the specified user pool client and password policy.

Link to this function verify_user_attribute(input \\ %{}, options \\ [])

Verifies the specified user attributes in the user pool.