@aws-sdk/client-cognito-identity-provider

import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client"; import { CognitoIdentityProviderServiceException as __BaseException } from "./CognitoIdentityProviderServiceException"; /** * @public * @enum */ export declare const RecoveryOptionNameType: { readonly ADMIN_ONLY: "admin_only"; readonly VERIFIED_EMAIL: "verified_email"; readonly VERIFIED_PHONE_NUMBER: "verified_phone_number"; }; /** * @public */ export type RecoveryOptionNameType = (typeof RecoveryOptionNameType)[keyof typeof RecoveryOptionNameType]; /** * A map containing a priority as a key, and recovery method name as a value. * @public */ export interface RecoveryOptionType { /** * A positive integer specifying priority of a method with 1 being the highest * priority. * @public */ Priority: number | undefined; /** * The recovery method for a user. * @public */ Name: RecoveryOptionNameType | undefined; } /** * The data type for <code>AccountRecoverySetting</code>. * @public */ export interface AccountRecoverySettingType { /** * The list of <code>RecoveryOptionTypes</code>. * @public */ RecoveryMechanisms?: RecoveryOptionType[]; } /** * @public * @enum */ export declare const AccountTakeoverEventActionType: { readonly BLOCK: "BLOCK"; readonly MFA_IF_CONFIGURED: "MFA_IF_CONFIGURED"; readonly MFA_REQUIRED: "MFA_REQUIRED"; readonly NO_ACTION: "NO_ACTION"; }; /** * @public */ export type AccountTakeoverEventActionType = (typeof AccountTakeoverEventActionType)[keyof typeof AccountTakeoverEventActionType]; /** * Account takeover action type. * @public */ export interface AccountTakeoverActionType { /** * Flag specifying whether to send a notification. * @public */ Notify: boolean | undefined; /** * The action to take in response to the account takeover action. Valid values are as * follows: * <ul> * <li> * * <code>BLOCK</code> Choosing this action will block the request. * </li> * <li> * * <code>MFA_IF_CONFIGURED</code> Present an MFA challenge if user has configured * it, else allow the request. * </li> * <li> * * <code>MFA_REQUIRED</code> Present an MFA challenge if user has configured it, * else block the request. * </li> * <li> * * <code>NO_ACTION</code> Allow the user to sign in. * </li> * </ul> * @public */ EventAction: AccountTakeoverEventActionType | undefined; } /** * Account takeover actions type. * @public */ export interface AccountTakeoverActionsType { /** * Action to take for a low risk. * @public */ LowAction?: AccountTakeoverActionType; /** * Action to take for a medium risk. * @public */ MediumAction?: AccountTakeoverActionType; /** * Action to take for a high risk. * @public */ HighAction?: AccountTakeoverActionType; } /** * The notify email type. * @public */ export interface NotifyEmailType { /** * The email subject. * @public */ Subject: string | undefined; /** * The email HTML body. * @public */ HtmlBody?: string; /** * The email text body. * @public */ TextBody?: string; } /** * The notify configuration type. * @public */ export interface NotifyConfigurationType { /** * The email address that is sending the email. The address must be either individually * verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES. * @public */ From?: string; /** * The destination to which the receiver of an email should reply to. * @public */ ReplyTo?: string; /** * The Amazon Resource Name (ARN) of the identity that is associated with the sending * authorization policy. This identity permits Amazon Cognito to send for the email address * specified in the <code>From</code> parameter. * @public */ SourceArn: string | undefined; /** * Email template used when a detected risk event is blocked. * @public */ BlockEmail?: NotifyEmailType; /** * The email template used when a detected risk event is allowed. * @public */ NoActionEmail?: NotifyEmailType; /** * The multi-factor authentication (MFA) email template used when MFA is challenged as * part of a detected risk. * @public */ MfaEmail?: NotifyEmailType; } /** * Configuration for mitigation actions and notification for different levels of risk * detected for a potential account takeover. * @public */ export interface AccountTakeoverRiskConfigurationType { /** * The notify configuration used to construct email notifications. * @public */ NotifyConfiguration?: NotifyConfigurationType; /** * Account takeover risk configuration actions. * @public */ Actions: AccountTakeoverActionsType | undefined; } /** * @public * @enum */ export declare const AttributeDataType: { readonly BOOLEAN: "Boolean"; readonly DATETIME: "DateTime"; readonly NUMBER: "Number"; readonly STRING: "String"; }; /** * @public */ export type AttributeDataType = (typeof AttributeDataType)[keyof typeof AttributeDataType]; /** * The minimum and maximum values of an attribute that is of the number data type. * @public */ export interface NumberAttributeConstraintsType { /** * The minimum value of an attribute that is of the number data type. * @public */ MinValue?: string; /** * The maximum length of a number attribute value. Must be a number less than or equal to * <code>2^1023</code>, represented as a string with a length of 131072 characters or * fewer. * @public */ MaxValue?: string; } /** * The constraints associated with a string attribute. * @public */ export interface StringAttributeConstraintsType { /** * The minimum length. * @public */ MinLength?: string; /** * The maximum length of a string attribute value. Must be a number less than or equal to * <code>2^1023</code>, represented as a string with a length of 131072 characters or * fewer. * @public */ MaxLength?: string; } /** * A list of the user attributes and their properties in your user pool. The attribute * schema contains standard attributes, custom attributes with a <code>custom:</code> * prefix, and developer attributes with a <code>dev:</code> prefix. For more information, * see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html">User pool * attributes</a>. * Developer-only attributes are a legacy feature of user pools, are read-only to all app * clients. You can create and update developer-only attributes only with IAM-authenticated * API operations. Use app client read/write permissions instead. * @public */ export interface SchemaAttributeType { /** * The name of your user pool attribute. When you create or update a user pool, adding a * schema attribute creates a custom or developer-only attribute. When you add an attribute * with a <code>Name</code> value of <code>MyAttribute</code>, Amazon Cognito creates the custom * attribute <code>custom:MyAttribute</code>. When <code>DeveloperOnlyAttribute</code> is * <code>true</code>, Amazon Cognito creates your attribute as <code>dev:MyAttribute</code>. In * an operation that describes a user pool, Amazon Cognito returns this value as <code>value</code> * for standard attributes, <code>custom:value</code> for custom attributes, and * <code>dev:value</code> for developer-only attributes.. * @public */ Name?: string; /** * The data format of the values for your attribute. When you choose an * <code>AttributeDataType</code>, Amazon Cognito validates the input against the data type. A * custom attribute value in your user's ID token is always a string, for example * <code>"custom:isMember" : "true"</code> or <code>"custom:YearsAsMember" : * "12"</code>. * @public */ AttributeDataType?: AttributeDataType; /** * <note> * You should use <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserPoolClientType.html#CognitoUserPools-Type-UserPoolClientType-WriteAttributes">WriteAttributes</a> in the user pool client to control how attributes can * be mutated for new use cases instead of using * <code>DeveloperOnlyAttribute</code>. * </note> * Specifies whether the attribute type is developer only. This attribute can only be * modified by an administrator. Users won't be able to modify this attribute using their * access token. For example, <code>DeveloperOnlyAttribute</code> can be modified using * AdminUpdateUserAttributes but can't be updated using UpdateUserAttributes. * @public */ DeveloperOnlyAttribute?: boolean; /** * Specifies whether the value of the attribute can be changed. * Any user pool attribute whose value you map from an IdP attribute must be mutable, * with a parameter value of <code>true</code>. Amazon Cognito updates mapped attributes when users * sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws * an error when it attempts to update the attribute. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html">Specifying Identity Provider Attribute Mappings for Your User * Pool</a>. * @public */ Mutable?: boolean; /** * Specifies whether a user pool attribute is required. If the attribute is required and * the user doesn't provide a value, registration or sign-in will fail. * @public */ Required?: boolean; /** * Specifies the constraints for an attribute of the number type. * @public */ NumberAttributeConstraints?: NumberAttributeConstraintsType; /** * Specifies the constraints for an attribute of the string type. * @public */ StringAttributeConstraints?: StringAttributeConstraintsType; } /** * Represents the request to add custom attributes. * @public */ export interface AddCustomAttributesRequest { /** * The user pool ID for the user pool where you want to add custom attributes. * @public */ UserPoolId: string | undefined; /** * An array of custom attributes, such as Mutable and Name. * @public */ CustomAttributes: SchemaAttributeType[] | undefined; } /** * Represents the response from the server for the request to add custom * attributes. * @public */ export interface AddCustomAttributesResponse { } /** * This exception is thrown when Amazon Cognito encounters an internal error. * @public */ export declare class InternalErrorException extends __BaseException { readonly name: "InternalErrorException"; readonly $fault: "server"; /** * @internal */ constructor(opts: __ExceptionOptionType<InternalErrorException, __BaseException>); } /** * This exception is thrown when the Amazon Cognito service encounters an invalid * parameter. * @public */ export declare class InvalidParameterException extends __BaseException { readonly name: "InvalidParameterException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<InvalidParameterException, __BaseException>); } /** * This exception is thrown when a user isn't authorized. * @public */ export declare class NotAuthorizedException extends __BaseException { readonly name: "NotAuthorizedException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<NotAuthorizedException, __BaseException>); } /** * This exception is thrown when the Amazon Cognito service can't find the requested * resource. * @public */ export declare class ResourceNotFoundException extends __BaseException { readonly name: "ResourceNotFoundException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>); } /** * This exception is thrown when the user has made too many requests for a given * operation. * @public */ export declare class TooManyRequestsException extends __BaseException { readonly name: "TooManyRequestsException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<TooManyRequestsException, __BaseException>); } /** * This exception is thrown when you're trying to modify a user pool while a user import * job is in progress for that pool. * @public */ export declare class UserImportInProgressException extends __BaseException { readonly name: "UserImportInProgressException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<UserImportInProgressException, __BaseException>); } /** * @public */ export interface AdminAddUserToGroupRequest { /** * The user pool ID for the user pool. * @public */ UserPoolId: string | undefined; /** * The username of the user that you want to query or modify. The value of this parameter * is typically your user's username, but it can be any of their alias attributes. If * <code>username</code> isn't an alias attribute in your user pool, this value * must be the <code>sub</code> of a local user or the username of a user from a * third-party IdP. * @public */ Username: string | undefined; /** * The name of the group that you want to add your user to. * @public */ GroupName: string | undefined; } /** * This exception is thrown when a user isn't found. * @public */ export declare class UserNotFoundException extends __BaseException { readonly name: "UserNotFoundException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<UserNotFoundException, __BaseException>); } /** * Confirm a user's registration as a user pool administrator. * @public */ export interface AdminConfirmSignUpRequest { /** * The user pool ID for which you want to confirm user registration. * @public */ UserPoolId: string | undefined; /** * The username of the user that you want to query or modify. The value of this parameter * is typically your user's username, but it can be any of their alias attributes. If * <code>username</code> isn't an alias attribute in your user pool, this value * must be the <code>sub</code> of a local user or the username of a user from a * third-party IdP. * @public */ Username: string | undefined; /** * A map of custom key-value pairs that you can provide as input for any custom workflows * that this action triggers. * If your user pool configuration includes triggers, the AdminConfirmSignUp API action * invokes the Lambda function that is specified for the post * confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON * payload, which the function receives as input. In this payload, the * <code>clientMetadata</code> attribute provides the data that you assigned to the * ClientMetadata parameter in your AdminConfirmSignUp request. In your function code in * Lambda, you can process the ClientMetadata value to enhance your workflow for your * specific needs. * For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html"> * Customizing user pool Workflows with Lambda Triggers</a> in the Amazon Cognito Developer Guide. * <note> * When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the * following: * <ul> * <li> * Store the ClientMetadata value. This data is available only to Lambda * triggers that are assigned to a user pool to support custom workflows. If * your user pool configuration doesn't include triggers, the ClientMetadata * parameter serves no purpose. * </li> * <li> * Validate the ClientMetadata value. * </li> * <li> * Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive * information. * </li> * </ul> * </note> * @public */ ClientMetadata?: Record<string, string>; } /** * Represents the response from the server for the request to confirm * registration. * @public */ export interface AdminConfirmSignUpResponse { } /** * This exception is thrown when Amazon Cognito encounters an invalid Lambda response. * @public */ export declare class InvalidLambdaResponseException extends __BaseException { readonly name: "InvalidLambdaResponseException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<InvalidLambdaResponseException, __BaseException>); } /** * This exception is thrown when a user exceeds the limit for a requested Amazon Web Services * resource. * @public */ export declare class LimitExceededException extends __BaseException { readonly name: "LimitExceededException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<LimitExceededException, __BaseException>); } /** * This exception is thrown when the user has made too many failed attempts for a given * action, such as sign-in. * @public */ export declare class TooManyFailedAttemptsException extends __BaseException { readonly name: "TooManyFailedAttemptsException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<TooManyFailedAttemptsException, __BaseException>); } /** * This exception is thrown when Amazon Cognito encounters an unexpected exception with * Lambda. * @public */ export declare class UnexpectedLambdaException extends __BaseException { readonly name: "UnexpectedLambdaException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<UnexpectedLambdaException, __BaseException>); } /** * This exception is thrown when the Amazon Cognito service encounters a user validation exception * with the Lambda service. * @public */ export declare class UserLambdaValidationException extends __BaseException { readonly name: "UserLambdaValidationException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<UserLambdaValidationException, __BaseException>); } /** * @public * @enum */ export declare const DeliveryMediumType: { readonly EMAIL: "EMAIL"; readonly SMS: "SMS"; }; /** * @public */ export type DeliveryMediumType = (typeof DeliveryMediumType)[keyof typeof DeliveryMediumType]; /** * @public * @enum */ export declare const MessageActionType: { readonly RESEND: "RESEND"; readonly SUPPRESS: "SUPPRESS"; }; /** * @public */ export type MessageActionType = (typeof MessageActionType)[keyof typeof MessageActionType]; /** * Specifies whether the attribute is standard or custom. * @public */ export interface AttributeType { /** * The name of the attribute. * @public */ Name: string | undefined; /** * The value of the attribute. * @public */ Value?: string; } /** * Represents the request to create a user in the specified user pool. * @public */ export interface AdminCreateUserRequest { /** * The user pool ID for the user pool where the user will be created. * @public */ UserPoolId: string | undefined; /** * The value that you want to set as the username sign-in attribute. The following * conditions apply to the username parameter. * <ul> * <li> * The username can't be a duplicate of another username in the same user * pool. * </li> * <li> * You can't change the value of a username after you create it. * </li> * <li> * You can only provide a value if usernames are a valid sign-in attribute for * your user pool. If your user pool only supports phone numbers or email addresses * as sign-in attributes, Amazon Cognito automatically generates a username value. For more * information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases">Customizing sign-in attributes</a>. * </li> * </ul> * @public */ Username: string | undefined; /** * An array of name-value pairs that contain user attributes and attribute values to be * set for the user to be created. You can create a user without specifying any attributes * other than <code>Username</code>. However, any attributes that you specify as required * (when creating a user pool or in the Attributes tab of * the console) either you should supply (in your call to <code>AdminCreateUser</code>) or * the user should supply (when they sign up in response to your welcome message). * For custom attributes, you must prepend the <code>custom:</code> prefix to the * attribute name. * To send a message inviting the user to sign up, you must specify the user's email * address or phone number. You can do this in your call to AdminCreateUser or in the * Users tab of the Amazon Cognito console for managing your * user pools. * In your call to <code>AdminCreateUser</code>, you can set the * <code>email_verified</code> attribute to <code>True</code>, and you can set the * <code>phone_number_verified</code> attribute to <code>True</code>. You can also do * this by calling <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html">AdminUpdateUserAttributes</a>. * <ul> * <li> * * email: The email address of the user to whom * the message that contains the code and username will be sent. Required if the * <code>email_verified</code> attribute is set to <code>True</code>, or if * <code>"EMAIL"</code> is specified in the <code>DesiredDeliveryMediums</code> * parameter. * </li> * <li> * * phone_number: The phone number of the user to * whom the message that contains the code and username will be sent. Required if * the <code>phone_number_verified</code> attribute is set to <code>True</code>, or * if <code>"SMS"</code> is specified in the <code>DesiredDeliveryMediums</code> * parameter. * </li> * </ul> * @public */ UserAttributes?: AttributeType[]; /** * Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda * trigger. This set of key-value pairs are for custom validation of information that you * collect from your users but don't need to retain. * Your Lambda function can analyze this additional data and act on it. Your function * might perform external API operations like logging user attributes and validation data * to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns * to Amazon Cognito, like automatically confirming the user if they sign up from within your * network. * For more information about the pre sign-up Lambda trigger, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html">Pre sign-up Lambda trigger</a>. * @public */ ValidationData?: AttributeType[]; /** * The user's temporary password. This password must conform to the password policy that * you specified when you created the user pool. * The temporary password is valid only once. To complete the Admin Create User flow, the * user must enter the temporary password in the sign-in page, along with a new password to * be used in all future sign-ins. * This parameter isn't required. If you don't specify a value, Amazon Cognito generates one for * you. * The temporary password can only be used until the user account expiration limit that * you set for your user pool. To reset the account after that time limit, you must call * <code>AdminCreateUser</code> again and specify <code>RESEND</code> for the * <code>MessageAction</code> parameter. * @public */ TemporaryPassword?: string; /** * This parameter is used only if the <code>phone_number_verified</code> or * <code>email_verified</code> attribute is set to <code>True</code>. Otherwise, it is * ignored. * If this parameter is set to <code>True</code> and the phone number or email address * specified in the UserAttributes parameter already exists as an alias with a different * user, the API call will migrate the alias from the previous user to the newly created * user. The previous user will no longer be able to log in using that alias. * If this parameter is set to <code>False</code>, the API throws an * <code>AliasExistsException</code> error if the alias already exists. The default * value is <code>False</code>. * @public */ ForceAliasCreation?: boolean; /** * Set to <code>RESEND</code> to resend the invitation message to a user that already * exists and reset the expiration limit on the user's account. Set to * <code>SUPPRESS</code> to suppress sending the message. You can specify only one * value. * @public */ MessageAction?: MessageActionType; /** * Specify <code>"EMAIL"</code> if email will be used to send the welcome message. * Specify <code>"SMS"</code> if the phone number will be used. The default value is * <code>"SMS"</code>. You can specify more than one value. * @public */ DesiredDeliveryMediums?: DeliveryMediumType[]; /** * A map of custom key-value pairs that you can provide as input for any custom workflows * that this action triggers. * You create custom workflows by assigning Lambda functions to user pool triggers. * When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned * to the pre sign-up trigger. When Amazon Cognito invokes this function, it * passes a JSON payload, which the function receives as input. This payload contains a * <code>clientMetadata</code> attribute, which provides the data that you assigned to * the ClientMetadata parameter in your AdminCreateUser request. In your function code in * Lambda, you can process the <code>clientMetadata</code> value to enhance your * workflow for your specific needs. * For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html"> * Customizing user pool Workflows with Lambda Triggers</a> in the Amazon Cognito Developer Guide. * <note> * When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the * following: * <ul> * <li> * Store the ClientMetadata value. This data is available only to Lambda * triggers that are assigned to a user pool to support custom workflows. If * your user pool configuration doesn't include triggers, the ClientMetadata * parameter serves no purpose. * </li> * <li> * Validate the ClientMetadata value. * </li> * <li> * Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive * information. * </li> * </ul> * </note> * @public */ ClientMetadata?: Record<string, string>; } /** * * This data type is no longer supported. Applies only to SMS * multi-factor authentication (MFA) configurations. Does not apply to time-based one-time * password (TOTP) software token MFA configurations. * @public */ export interface MFAOptionType { /** * The delivery medium to send the MFA code. You can use this parameter to set only the * <code>SMS</code> delivery medium value. * @public */ DeliveryMedium?: DeliveryMediumType; /** * The attribute name of the MFA option type. The only valid value is * <code>phone_number</code>. * @public */ AttributeName?: string; } /** * @public * @enum */ export declare const UserStatusType: { readonly ARCHIVED: "ARCHIVED"; readonly COMPROMISED: "COMPROMISED"; readonly CONFIRMED: "CONFIRMED"; readonly EXTERNAL_PROVIDER: "EXTERNAL_PROVIDER"; readonly FORCE_CHANGE_PASSWORD: "FORCE_CHANGE_PASSWORD"; readonly RESET_REQUIRED: "RESET_REQUIRED"; readonly UNCONFIRMED: "UNCONFIRMED"; readonly UNKNOWN: "UNKNOWN"; }; /** * @public */ export type UserStatusType = (typeof UserStatusType)[keyof typeof UserStatusType]; /** * A user profile in a Amazon Cognito user pool. * @public */ export interface UserType { /** * The user name of the user you want to describe. * @public */ Username?: string; /** * A container with information about the user type attributes. * @public */ Attributes?: AttributeType[]; /** * The creation date of the user. * @public */ UserCreateDate?: Date; /** * The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a * human-readable format like ISO 8601 or a Java <code>Date</code> object. * @public */ UserLastModifiedDate?: Date; /** * Specifies whether the user is enabled. * @public */ Enabled?: boolean; /** * The user status. This can be one of the following: * <ul> * <li> * UNCONFIRMED - User has been created but not confirmed. * </li> * <li> * CONFIRMED - User has been confirmed. * </li> * <li> * EXTERNAL_PROVIDER - User signed in with a third-party IdP. * </li> * <li> * UNKNOWN - User status isn't known. * </li> * <li> * RESET_REQUIRED - User is confirmed, but the user must request a code and reset * their password before they can sign in. * </li> * <li> * FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a * temporary password, but on first sign-in, the user must change their password to * a new value before doing anything else. * </li> * </ul> * @public */ UserStatus?: UserStatusType; /** * The MFA options for the user. * @public */ MFAOptions?: MFAOptionType[]; } /** * Represents the response from the server to the request to create the user. * @public */ export interface AdminCreateUserResponse { /** * The newly created user. * @public */ User?: UserType; } /** * This exception is thrown when a verification code fails to deliver * successfully. * @public */ export declare class CodeDeliveryFailureException extends __BaseException { readonly name: "CodeDeliveryFailureException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<CodeDeliveryFailureException, __BaseException>); } /** * This exception is thrown when Amazon Cognito encounters an invalid password. * @public */ export declare class InvalidPasswordException extends __BaseException { readonly name: "InvalidPasswordException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<InvalidPasswordException, __BaseException>); } /** * This exception is returned when the role provided for SMS configuration doesn't have * permission to publish using Amazon SNS. * @public */ export declare class InvalidSmsRoleAccessPolicyException extends __BaseException { readonly name: "InvalidSmsRoleAccessPolicyException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<InvalidSmsRoleAccessPolicyException, __BaseException>); } /** * This exception is thrown when the trust relationship is not valid for the role * provided for SMS configuration. This can happen if you don't trust * <code>cognito-idp.amazonaws.com</code> or the external ID provided in the role does * not match what is provided in the SMS configuration for the user pool. * @public */ export declare class InvalidSmsRoleTrustRelationshipException extends __BaseException { readonly name: "InvalidSmsRoleTrustRelationshipException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<InvalidSmsRoleTrustRelationshipException, __BaseException>); } /** * This exception is thrown when a precondition is not met. * @public */ export declare class PreconditionNotMetException extends __BaseException { readonly name: "PreconditionNotMetException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<PreconditionNotMetException, __BaseException>); } /** * The request failed because the user is in an unsupported state. * @public */ export declare class UnsupportedUserStateException extends __BaseException { readonly name: "UnsupportedUserStateException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<UnsupportedUserStateException, __BaseException>); } /** * This exception is thrown when Amazon Cognito encounters a user name that already * exists in the user pool. * @public */ export declare class UsernameExistsException extends __BaseException { readonly name: "UsernameExistsException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<UsernameExistsException, __BaseException>); } /** * The message template structure. * @public */ export interface MessageTemplateType { /** * The message template for SMS messages. * @public */ SMSMessage?: string; /** * The message template for email messages. EmailMessage is allowed only if <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount">EmailSendingAccount</a> is DEVELOPER. * @public */ EmailMessage?: string; /** * The subject line for email messages. EmailSubject is allowed only if <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount">EmailSendingAccount</a> is DEVELOPER. * @public */ EmailSubject?: string; } /** * The configuration for creating a new user profile. * @public */ export interface AdminCreateUserConfigType { /** * Set to <code>True</code> if only the administrator is allowed to create user profiles. * Set to <code>False</code> if users can sign themselves up via an app. * @public */ AllowAdminCreateUserOnly?: boolean; /** * The user account expiration limit, in days, after which a new account that hasn't * signed in is no longer usable. To reset the account after that time limit, you must call * <code>AdminCreateUser</code> again, specifying <code>"RESEND"</code> for the * <code>MessageAction</code> parameter. The default value for this parameter is * 7. * <note> * If you set a value for <code>TemporaryPasswordValidityDays</code> in * <code>PasswordPolicy</code>, that value will be used, and * <code>UnusedAccountValidityDays</code> will be no longer be an available * parameter for that user pool. * </note> * @public */ UnusedAccountValidityDays?: number; /** * The message template to be used for the welcome message to new users. * See also <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization">Customizing User Invitation Messages</a>. * @public */ InviteMessageTemplate?: MessageTemplateType; } /** * Represents the request to delete a user as an administrator. * @public */ export interface AdminDeleteUserRequest { /** * The user pool ID for the user pool where you want to delete the user. * @public */ UserPoolId: string | undefined; /** * The username of the user that you want to query or modify. The value of this parameter * is typically your user's username, but it can be any of their alias attributes. If * <code>username</code> isn't an alias attribute in your user pool, this value * must be the <code>sub</code> of a local user or the username of a user from a * third-party IdP. * @public */ Username: string | undefined; } /** * Represents the request to delete user attributes as an administrator. * @public */ export interface AdminDeleteUserAttributesRequest { /** * The user pool ID for the user pool where you want to delete user attributes. * @public */ UserPoolId: string | undefined; /** * The username of the user that you want to query or modify. The value of this parameter * is typically your user's username, but it can be any of their alias attributes. If * <code>username</code> isn't an alias attribute in your user pool, this value * must be the <code>sub</code> of a local user or the username of a user from a * third-party IdP. * @public */ Username: string | undefined; /** * An array of strings representing the user attribute names you want to delete. * For custom attributes, you must prepend the <code>custom:</code> prefix to the * attribute name. * @public */ UserAttributeNames: string[] | undefined; } /** * Represents the response received from the server for a request to delete user * attributes. * @public */ export interface AdminDeleteUserAttributesResponse { } /** * A container for information about an IdP for a user pool. * @public */ export interface ProviderUserIdentifierType { /** * The name of the provider, such as Facebook, Google, or Login with Amazon. * @public */ ProviderName?: string; /** * The name of the provider attribute to link to, such as <code>NameID</code>. * @public */ ProviderAttributeName?: string; /** * The value of the provider attribute to link to, such as * <code>xxxxx_account</code>. * @public */ ProviderAttributeValue?: string; } /** * @public */ export interface AdminDisableProviderForUserRequest { /** * The user pool ID for the user pool. * @public */ UserPoolId: string | undefined; /** * The user to be disabled. * @public */ User: ProviderUserIdentifierType | undefined; } /** * @public */ export interface AdminDisableProviderForUserResponse { } /** * This exception is thrown when a user tries to confirm the account with an email * address or phone number that has already been supplied as an alias for a different user * profile. This exception indicates that an account with this email address or phone * already exists in a user pool that you've configured to use email address or phone * number as a sign-in alias. * @public */ export declare class AliasExistsException extends __BaseException { readonly name: "AliasExistsException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<AliasExistsException, __BaseException>); } /** * Represents the request to disable the user as an administrator. * @public */ export interface AdminDisableUserRequest { /** * The user pool ID for the user pool where you want to disable the user. * @public */ UserPoolId: string | undefined; /** * The username of the user that you want to query or modify. The value of this parameter * is typically your user's username, but it can be any of their alias attributes. If * <code>username</code> isn't an alias attribute in your user pool, this value * must be the <code>sub</code> of a local user or the username of a user from a * third-party IdP. * @public */ Username: string | undefined; } /** * Represents the response received from the server to disable the user as an * administrator. * @public */ export interface AdminDisableUserResponse { } /** * Represents the request that enables the user as an administrator. * @public */ export interface AdminEnableUserRequest { /** * The user pool ID for the user pool where you want to enable the user. * @public */ UserPoolId: string | undefined; /** * The username of the user that you want to query or modify. The value of this parameter * is typically your user's username, but it can be any of their alias attributes. If * <code>username</code> isn't an alias attribute in your user pool, this value * must be the <code>sub</code> of a local user or the username of a user from a * third-party IdP. * @public */ Username: string | undefined; } /** * Represents the response from the server for the request to enable a user as an * administrator. * @public */ export interface AdminEnableUserResponse { } /** * Sends the forgot device request, as an administrator. * @public */ export interface AdminForgetDeviceRequest { /** * The user pool ID. * @public */ UserPoolId: string | undefined; /** * The username of the user that you want to query or modify. The value of this parameter * is typically your user's username, but it can be any of their alias attributes. If * <code>username</code> isn't an alias attribute in your user pool, this value * must be the <code>sub</code> of a local user or the username of a user from a * third-party IdP. * @public */ Username: string | undefined; /** * The device key. * @public */ DeviceKey: string | undefined; } /** * This exception is thrown when the user pool configuration is not valid. * @public */ export declare class InvalidUserPoolConfigurationException extends __BaseException { readonly name: "InvalidUserPoolConfigurationException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<InvalidUserPoolConfigurationException, __BaseException>); } /** * Represents the request to get the device, as an administrator. * @public */ export interface AdminGetDeviceRequest { /** * The device key. * @public */ DeviceKey: string | undefined; /** * The user pool ID. * @public */ UserPoolId: string | undefined; /** * The username of the user that you want to query or modify. The value of this parameter * is typically your user's username, but it can be any of their alias attributes. If * <code>username</code> isn't an alias attribute in your user pool, this value * must be the <code>sub</code> of a local user or the username of a user from a * third-party IdP. * @public */ Username: string | undefined; } /** * The device type. * @public */ export interface DeviceType { /** * The device key. * @public */ DeviceKey?: string; /** * The device attributes. * @public */ DeviceAttributes?: AttributeType[]; /** * The creation date of the device. * @public */ DeviceCreateDate?: Date; /** * The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a * human-readable format like ISO 8601 or a Java <code>Date</code> object. * @public */ DeviceLastMod