@aws-sdk/client-cognito-identity-provider

import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client"; import { DocumentType as __DocumentType } from "@smithy/types"; import { CognitoIdentityProviderServiceException as __BaseException } from "./CognitoIdentityProviderServiceException"; import { AccountRecoverySettingType, AccountTakeoverRiskConfigurationType, AdminCreateUserConfigType, AnalyticsConfigurationType, AnalyticsMetadataType, AssetType, AttributeType, AuthenticationResultType, AuthFlowType, ChallengeNameType, CodeDeliveryDetailsType, CompromisedCredentialsRiskConfigurationType, CustomDomainConfigType, DeletionProtectionType, DeviceConfigurationType, DeviceRememberedStatusType, DeviceType, EmailConfigurationType, EmailMfaConfigType, EmailMfaSettingsType, ExplicitAuthFlowsType, FeedbackValueType, GroupType, IdentityProviderType, IdentityProviderTypeType, LambdaConfigType, LogConfigurationType, LogDeliveryConfigurationType, ManagedLoginBrandingType, MFAOptionType, OAuthFlowType, PreventUserExistenceErrorTypes, ResourceServerScopeType, ResourceServerType, RiskConfigurationType, RiskExceptionConfigurationType, SmsConfigurationType, SmsMfaConfigType, SMSMfaSettingsType, SoftwareTokenMfaConfigType, SoftwareTokenMfaSettingsType, StatusType, TokenValidityUnitsType, UICustomizationType, UserAttributeUpdateSettingsType, UserContextDataType, UserImportJobType, UserPoolAddOnsType, UserPoolClientType, UserPoolMfaType, UserPoolPolicyType, UserPoolTierType, UserType, UserVerificationType, VerificationMessageTemplateType, VerifiedAttributeType } from "./models_0"; /** * Settings for multi-factor authentication (MFA) with passkey, or webauthN, biometric * and security-key devices in a user pool. Configures the following: * <ul> * <li> * Configuration at the user-pool level for whether you want to require passkey * configuration as an MFA factor, or include it as a choice. * </li> * <li> * The user pool relying-party ID. This is the user pool domain that user's * passkey providers should trust as a receiver of passkey authentication. * </li> * <li> * The providers that you want to allow as origins for passkey * authentication. * </li> * </ul> * This data type is a request parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html">SetUserPoolMfaConfig</a> and a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html">GetUserPoolMfaConfig</a>. * @public */ export interface WebAuthnConfigurationType { /** * Sets or displays the authentication domain, typically your user pool domain, that * passkey providers must use as a relying party (RP) in their configuration. * Under the following conditions, the passkey relying party ID must be the * fully-qualified domain name of your custom domain: * <ul> * <li> * The user pool is configured for passkey authentication. * </li> * <li> * The user pool has a custom domain, whether or not it also has a prefix * domain. * </li> * <li> * Your application performs authentication with managed login or the classic * hosted UI. * </li> * </ul> * @public */ RelyingPartyId?: string | undefined; /** * Sets or displays your user-pool treatment for MFA with a passkey. You can override * other MFA options and require passkey MFA, or you can set it as preferred. When passkey * MFA is preferred, the hosted UI encourages users to register a passkey at * sign-in. * @public */ UserVerification?: UserVerificationType | undefined; } /** * @public */ export interface GetUserPoolMfaConfigResponse { /** * Shows user pool SMS message configuration for MFA. Includes the message template and * the SMS message sending configuration for Amazon SNS. * @public */ SmsMfaConfiguration?: SmsMfaConfigType | undefined; /** * Shows user pool configuration for time-based one-time password (TOTP) MFA. Includes * TOTP enabled or disabled state. * @public */ SoftwareTokenMfaConfiguration?: SoftwareTokenMfaConfigType | undefined; /** * Shows user pool email message configuration for MFA. Includes the subject and body of * the email message template for MFA messages. To activate this setting, <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html"> * advanced security features</a> must be active in your user pool. * @public */ EmailMfaConfiguration?: EmailMfaConfigType | undefined; /** * The multi-factor authentication (MFA) configuration. Valid values include: * <ul> * <li> * * <code>OFF</code> MFA won't be used for any users. * </li> * <li> * * <code>ON</code> MFA is required for all users to sign in. * </li> * <li> * * <code>OPTIONAL</code> MFA will be required only for individual users who have * an MFA factor activated. * </li> * </ul> * @public */ MfaConfiguration?: UserPoolMfaType | undefined; /** * Shows user pool configuration for MFA with passkeys from biometric devices and * security keys. * @public */ WebAuthnConfiguration?: WebAuthnConfigurationType | undefined; } /** * Represents the request to sign out all devices. * @public */ export interface GlobalSignOutRequest { /** * A valid access token that Amazon Cognito issued to the user who you want to sign out. * @public */ AccessToken: string | undefined; } /** * The response to the request to sign out all devices. * @public */ export interface GlobalSignOutResponse { } /** * Initiates the authentication request. * @public */ export interface InitiateAuthRequest { /** * The authentication flow that you want to initiate. The <code>AuthParameters</code> * that you must submit are linked to the flow that you submit. For example: * <ul> * <li> * * <code>USER_AUTH</code>: Request a preferred authentication type or review * available authentication types. From the offered authentication types, select * one in a challenge response and then authenticate with that method in an * additional challenge response. * </li> * <li> * * <code>REFRESH_TOKEN_AUTH</code>: Receive new ID and access tokens when you * pass a <code>REFRESH_TOKEN</code> parameter with a valid refresh token as the * value. * </li> * <li> * * <code>USER_SRP_AUTH</code>: Receive secure remote password (SRP) variables for * the next challenge, <code>PASSWORD_VERIFIER</code>, when you pass * <code>USERNAME</code> and <code>SRP_A</code> parameters. * </li> * <li> * * <code>USER_PASSWORD_AUTH</code>: Receive new tokens or the next challenge, for * example <code>SOFTWARE_TOKEN_MFA</code>, when you pass <code>USERNAME</code> and * <code>PASSWORD</code> parameters. * </li> * </ul> * Valid values include the following: * <dl> * <dt>USER_AUTH</dt> * <dd> * The entry point for sign-in with passwords, one-time passwords, biometric * devices, and security keys. * </dd> * <dt>USER_SRP_AUTH</dt> * <dd> * Username-password authentication with the Secure Remote Password (SRP) * protocol. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#Using-SRP-password-verification-in-custom-authentication-flow">Use SRP password verification in custom * authentication flow</a>. * </dd> * <dt>REFRESH_TOKEN_AUTH and REFRESH_TOKEN</dt> * <dd> * Provide a valid refresh token and receive new ID and access tokens. For * more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html">Using the refresh token</a>. * </dd> * <dt>CUSTOM_AUTH</dt> * <dd> * Custom authentication with Lambda triggers. For more information, see * <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html">Custom authentication challenge Lambda * triggers</a>. * </dd> * <dt>USER_PASSWORD_AUTH</dt> * <dd> * Username-password authentication with the password sent directly in the * request. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#Built-in-authentication-flow-and-challenges">Admin authentication flow</a>. * </dd> * </dl> * * <code>ADMIN_USER_PASSWORD_AUTH</code> is a flow type of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html">AdminInitiateAuth</a> and isn't valid for InitiateAuth. * <code>ADMIN_NO_SRP_AUTH</code> is a legacy server-side username-password flow and * isn't valid for InitiateAuth. * @public */ AuthFlow: AuthFlowType | undefined; /** * The authentication parameters. These are inputs corresponding to the * <code>AuthFlow</code> that you're invoking. The required values depend on the value * of <code>AuthFlow</code>: * <ul> * <li> * For <code>USER_AUTH</code>: <code>USERNAME</code> (required), * <code>PREFERRED_CHALLENGE</code>. If you don't provide a value for * <code>PREFERRED_CHALLENGE</code>, Amazon Cognito responds with the * <code>AvailableChallenges</code> parameter that specifies the available * sign-in methods. * </li> * <li> * For <code>USER_SRP_AUTH</code>: <code>USERNAME</code> (required), * <code>SRP_A</code> (required), <code>SECRET_HASH</code> (required if the app * client is configured with a client secret), <code>DEVICE_KEY</code>. * </li> * <li> * For <code>USER_PASSWORD_AUTH</code>: <code>USERNAME</code> (required), * <code>PASSWORD</code> (required), <code>SECRET_HASH</code> (required if the * app client is configured with a client secret), <code>DEVICE_KEY</code>. * </li> * <li> * For <code>REFRESH_TOKEN_AUTH/REFRESH_TOKEN</code>: <code>REFRESH_TOKEN</code> * (required), <code>SECRET_HASH</code> (required if the app client is configured * with a client secret), <code>DEVICE_KEY</code>. * </li> * <li> * For <code>CUSTOM_AUTH</code>: <code>USERNAME</code> (required), * <code>SECRET_HASH</code> (if app client is configured with client secret), * <code>DEVICE_KEY</code>. To start the authentication flow with password * verification, include <code>ChallengeName: SRP_A</code> and <code>SRP_A: (The * SRP_A Value)</code>. * </li> * </ul> * For more information about <code>SECRET_HASH</code>, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash">Computing secret hash values</a>. For information about * <code>DEVICE_KEY</code>, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html">Working with user devices in your user pool</a>. * @public */ AuthParameters?: Record<string, string> | undefined; /** * A map of custom key-value pairs that you can provide as input for certain custom * workflows that this action triggers. * You create custom workflows by assigning Lambda functions to user pool triggers. * When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are * specified for various triggers. The ClientMetadata value is passed as input to the * functions for only the following triggers: * <ul> * <li> * Pre signup * </li> * <li> * Pre authentication * </li> * <li> * User migration * </li> * </ul> * When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which * the function receives as input. This payload contains a <code>validationData</code> * attribute, which provides the data that you assigned to the ClientMetadata parameter in * your InitiateAuth request. In your function code in Lambda, you can process the * <code>validationData</code> value to enhance your workflow for your specific * needs. * When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the * following triggers, but it doesn't provide the ClientMetadata value as input: * <ul> * <li> * Post authentication * </li> * <li> * Custom message * </li> * <li> * Pre token generation * </li> * <li> * Create auth challenge * </li> * <li> * Define auth challenge * </li> * <li> * Custom email sender * </li> * <li> * Custom SMS sender * </li> * </ul> * For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html"> * Customizing user pool Workflows with Lambda Triggers</a> in the Amazon Cognito Developer Guide. * <note> * When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the * following: * <ul> * <li> * Store the ClientMetadata value. This data is available only to Lambda * triggers that are assigned to a user pool to support custom workflows. If * your user pool configuration doesn't include triggers, the ClientMetadata * parameter serves no purpose. * </li> * <li> * Validate the ClientMetadata value. * </li> * <li> * Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive * information. * </li> * </ul> * </note> * @public */ ClientMetadata?: Record<string, string> | undefined; /** * The app client ID. * @public */ ClientId: string | undefined; /** * The Amazon Pinpoint analytics metadata that contributes to your metrics for * <code>InitiateAuth</code> calls. * @public */ AnalyticsMetadata?: AnalyticsMetadataType | undefined; /** * Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced * security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito * when it makes API requests. * @public */ UserContextData?: UserContextDataType | undefined; /** * The optional session ID from a <code>ConfirmSignUp</code> API request. You can sign in * a user directly from the sign-up process with the <code>USER_AUTH</code> authentication * flow. * @public */ Session?: string | undefined; } /** * Initiates the authentication response. * @public */ export interface InitiateAuthResponse { /** * The name of the challenge that you're responding to with this call. This name is * returned in the <code>InitiateAuth</code> response if you must pass another * challenge. * Valid values include the following: * <note> * All of the following challenges require <code>USERNAME</code> and * <code>SECRET_HASH</code> (if applicable) in the parameters. * </note> * <ul> * <li> * * <code>WEB_AUTHN</code>: Respond to the challenge with the results of a * successful authentication with a passkey, or webauthN, factor. These are * typically biometric devices or security keys. * </li> * <li> * * <code>PASSWORD</code>: Respond with <code>USER_PASSWORD_AUTH</code> * parameters: <code>USERNAME</code> (required), <code>PASSWORD</code> (required), * <code>SECRET_HASH</code> (required if the app client is configured with a * client secret), <code>DEVICE_KEY</code>. * </li> * <li> * * <code>PASSWORD_SRP</code>: Respond with <code>USER_SRP_AUTH</code> parameters: * <code>USERNAME</code> (required), <code>SRP_A</code> (required), * <code>SECRET_HASH</code> (required if the app client is configured with a * client secret), <code>DEVICE_KEY</code>. * </li> * <li> * * <code>SELECT_CHALLENGE</code>: Respond to the challenge with * <code>USERNAME</code> and an <code>ANSWER</code> that matches one of the * challenge types in the <code>AvailableChallenges</code> response * parameter. * </li> * <li> * * <code>SMS_MFA</code>: Next challenge is to supply an * <code>SMS_MFA_CODE</code>that your user pool delivered in an SMS message. * </li> * <li> * * <code>EMAIL_OTP</code>: Next challenge is to supply an * <code>EMAIL_OTP_CODE</code> that your user pool delivered in an email * message. * </li> * <li> * * <code>PASSWORD_VERIFIER</code>: Next challenge is to supply * <code>PASSWORD_CLAIM_SIGNATURE</code>, * <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after * the client-side SRP calculations. * </li> * <li> * * <code>CUSTOM_CHALLENGE</code>: This is returned if your custom authentication * flow determines that the user should pass another challenge before tokens are * issued. * </li> * <li> * * <code>DEVICE_SRP_AUTH</code>: If device tracking was activated on your user * pool and the previous challenges were passed, this challenge is returned so that * Amazon Cognito can start tracking this device. * </li> * <li> * * <code>DEVICE_PASSWORD_VERIFIER</code>: Similar to * <code>PASSWORD_VERIFIER</code>, but for devices only. * </li> * <li> * * <code>NEW_PASSWORD_REQUIRED</code>: For users who are required to change their * passwords after successful first login. * Respond to this challenge with <code>NEW_PASSWORD</code> and any required * attributes that Amazon Cognito returned in the <code>requiredAttributes</code> parameter. * You can also set values for attributes that aren't required by your user pool * and that your app client can write. For more information, see <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html">RespondToAuthChallenge</a>. * Amazon Cognito only returns this challenge for users who have temporary passwords. * Because of this, and because in some cases you can create users who don't have * values for required attributes, take care to collect and submit * required-attribute values for all users who don't have passwords. You can create * a user in the Amazon Cognito console without, for example, a required * <code>birthdate</code> attribute. The API response from Amazon Cognito won't prompt * you to submit a birthdate for the user if they don't have a password. * <note> * In a <code>NEW_PASSWORD_REQUIRED</code> challenge response, you can't modify a required attribute that already has a value. * In <code>RespondToAuthChallenge</code>, set a value for any keys that Amazon Cognito returned in the <code>requiredAttributes</code> parameter, * then use the <code>UpdateUserAttributes</code> API operation to modify the value of any additional attributes. * </note> * </li> * <li> * * <code>MFA_SETUP</code>: For users who are required to setup an MFA factor * before they can sign in. The MFA types activated for the user pool will be * listed in the challenge parameters <code>MFAS_CAN_SETUP</code> value. * To set up software token MFA, use the session returned here from * <code>InitiateAuth</code> as an input to * <code>AssociateSoftwareToken</code>. Use the session returned by * <code>VerifySoftwareToken</code> as an input to * <code>RespondToAuthChallenge</code> with challenge name * <code>MFA_SETUP</code> to complete sign-in. To set up SMS MFA, an * administrator should help the user to add a phone number to their account, and * then the user should call <code>InitiateAuth</code> again to restart * sign-in. * </li> * </ul> * @public */ ChallengeName?: ChallengeNameType | undefined; /** * The session that should pass both ways in challenge-response calls to the service. If * the caller must pass another challenge, they return a session with other challenge * parameters. Include this session identifier in a <code>RespondToAuthChallenge</code> API * request. * @public */ Session?: string | undefined; /** * The challenge parameters. These are returned in the <code>InitiateAuth</code> response * if you must pass another challenge. The responses in this parameter should be used to * compute inputs to the next call (<code>RespondToAuthChallenge</code>). * All challenges require <code>USERNAME</code>. They also require * <code>SECRET_HASH</code> if your app client has a client secret. * @public */ ChallengeParameters?: Record<string, string> | undefined; /** * The result of the authentication response. This result is only returned if the caller * doesn't need to pass another challenge. If the caller does need to pass another * challenge before it gets tokens, <code>ChallengeName</code>, * <code>ChallengeParameters</code>, and <code>Session</code> are returned. * @public */ AuthenticationResult?: AuthenticationResultType | undefined; /** * This response parameter prompts a user to select from multiple available challenges * that they can complete authentication with. For example, they might be able to continue * with passwordless authentication or with a one-time password from an SMS message. * @public */ AvailableChallenges?: ChallengeNameType[] | undefined; } /** * Represents the request to list the devices. * @public */ export interface ListDevicesRequest { /** * A valid access token that Amazon Cognito issued to the user whose list of devices you want to * view. * @public */ AccessToken: string | undefined; /** * The limit of the device request. * @public */ Limit?: number | undefined; /** * This API operation returns a limited number of results. The pagination token is * an identifier that you can present in an additional API request with the same parameters. When * you include the pagination token, Amazon Cognito returns the next set of items after the current list. * Subsequent requests return a new pagination token. By use of this token, you can paginate * through the full list of items. * @public */ PaginationToken?: string | undefined; } /** * Represents the response to list devices. * @public */ export interface ListDevicesResponse { /** * The devices returned in the list devices response. * @public */ Devices?: DeviceType[] | undefined; /** * The identifier that Amazon Cognito returned with the previous request to this operation. When * you include a pagination token in your request, Amazon Cognito returns the next set of items in * the list. By use of this token, you can paginate through the full list of items. * @public */ PaginationToken?: string | undefined; } /** * @public */ export interface ListGroupsRequest { /** * The user pool ID for the user pool. * @public */ UserPoolId: string | undefined; /** * The limit of the request to list groups. * @public */ Limit?: number | undefined; /** * An identifier that was returned from the previous call to this operation, which can be * used to return the next set of items in the list. * @public */ NextToken?: string | undefined; } /** * @public */ export interface ListGroupsResponse { /** * The group objects for the groups. * @public */ Groups?: GroupType[] | undefined; /** * An identifier that was returned from the previous call to this operation, which can be * used to return the next set of items in the list. * @public */ NextToken?: string | undefined; } /** * @public */ export interface ListIdentityProvidersRequest { /** * The user pool ID. * @public */ UserPoolId: string | undefined; /** * The maximum number of IdPs to return. * @public */ MaxResults?: number | undefined; /** * A pagination token. * @public */ NextToken?: string | undefined; } /** * The details of a user pool identity provider (IdP), including name and type. * This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListIdentityProviders.html">ListIdentityProviders</a>. * @public */ export interface ProviderDescription { /** * The name of the IdP, for example <code>MySAMLProvider</code>. * @public */ ProviderName?: string | undefined; /** * The type of the provider, for example <code>SAML</code>. Amazon Cognito supports SAML 2.0, * OIDC, and social IdPs. User pools list supported social IdPs by name in this response * parameter: Facebook, Google, Login with Amazon, and Sign in with Apple. * @public */ ProviderType?: IdentityProviderTypeType | undefined; /** * The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a * human-readable format like ISO 8601 or a Java <code>Date</code> object. * @public */ LastModifiedDate?: Date | undefined; /** * The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a * human-readable format like ISO 8601 or a Java <code>Date</code> object. * @public */ CreationDate?: Date | undefined; } /** * @public */ export interface ListIdentityProvidersResponse { /** * A list of IdP objects. * @public */ Providers: ProviderDescription[] | undefined; /** * A pagination token. * @public */ NextToken?: string | undefined; } /** * @public */ export interface ListResourceServersRequest { /** * The user pool ID for the user pool. * @public */ UserPoolId: string | undefined; /** * The maximum number of resource servers to return. * @public */ MaxResults?: number | undefined; /** * A pagination token. * @public */ NextToken?: string | undefined; } /** * @public */ export interface ListResourceServersResponse { /** * The resource servers. * @public */ ResourceServers: ResourceServerType[] | undefined; /** * A pagination token. * @public */ NextToken?: string | undefined; } /** * @public */ export interface ListTagsForResourceRequest { /** * The Amazon Resource Name (ARN) of the user pool that the tags are assigned to. * @public */ ResourceArn: string | undefined; } /** * @public */ export interface ListTagsForResourceResponse { /** * The tags that are assigned to the user pool. * @public */ Tags?: Record<string, string> | undefined; } /** * Represents the request to list the user import jobs. * @public */ export interface ListUserImportJobsRequest { /** * The user pool ID for the user pool that the users are being imported into. * @public */ UserPoolId: string | undefined; /** * The maximum number of import jobs you want the request to return. * @public */ MaxResults: number | undefined; /** * This API operation returns a limited number of results. The pagination token is * an identifier that you can present in an additional API request with the same parameters. When * you include the pagination token, Amazon Cognito returns the next set of items after the current list. * Subsequent requests return a new pagination token. By use of this token, you can paginate * through the full list of items. * @public */ PaginationToken?: string | undefined; } /** * Represents the response from the server to the request to list the user import * jobs. * @public */ export interface ListUserImportJobsResponse { /** * The user import jobs. * @public */ UserImportJobs?: UserImportJobType[] | undefined; /** * The identifier that Amazon Cognito returned with the previous request to this operation. When * you include a pagination token in your request, Amazon Cognito returns the next set of items in * the list. By use of this token, you can paginate through the full list of items. * @public */ PaginationToken?: string | undefined; } /** * Represents the request to list the user pool clients. * @public */ export interface ListUserPoolClientsRequest { /** * The user pool ID for the user pool where you want to list user pool clients. * @public */ UserPoolId: string | undefined; /** * The maximum number of results you want the request to return when listing the user * pool clients. * @public */ MaxResults?: number | undefined; /** * An identifier that was returned from the previous call to this operation, which can be * used to return the next set of items in the list. * @public */ NextToken?: string | undefined; } /** * A short description of a user pool app client. * This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPoolClients.html">ListUserPoolClients</a>. * @public */ export interface UserPoolClientDescription { /** * The app client ID. * @public */ ClientId?: string | undefined; /** * The ID of the user pool that's associated with the app client. * @public */ UserPoolId?: string | undefined; /** * The app client name. * @public */ ClientName?: string | undefined; } /** * Represents the response from the server that lists user pool clients. * @public */ export interface ListUserPoolClientsResponse { /** * The user pool clients in the response that lists user pool clients. * @public */ UserPoolClients?: UserPoolClientDescription[] | undefined; /** * An identifier that was returned from the previous call to this operation, which can be * used to return the next set of items in the list. * @public */ NextToken?: string | undefined; } /** * Represents the request to list user pools. * @public */ export interface ListUserPoolsRequest { /** * An identifier that was returned from the previous call to this operation, which can be * used to return the next set of items in the list. * @public */ NextToken?: string | undefined; /** * The maximum number of results you want the request to return when listing the user * pools. * @public */ MaxResults: number | undefined; } /** * A short description of a user pool. * This data type is a response parameter of <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPools.html">ListUserPools</a>. * @public */ export interface UserPoolDescriptionType { /** * The user pool ID. * @public */ Id?: string | undefined; /** * The user pool name. * @public */ Name?: string | undefined; /** * A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible * stages of user pool operations. Triggers can modify the outcome of the operations that * invoked them. * @public */ LambdaConfig?: LambdaConfigType | undefined; /** * @deprecated * * The user pool status. * @public */ Status?: StatusType | undefined; /** * The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a * human-readable format like ISO 8601 or a Java <code>Date</code> object. * @public */ LastModifiedDate?: Date | undefined; /** * The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a * human-readable format like ISO 8601 or a Java <code>Date</code> object. * @public */ CreationDate?: Date | undefined; } /** * Represents the response to list user pools. * @public */ export interface ListUserPoolsResponse { /** * The user pools from the response to list users. * @public */ UserPools?: UserPoolDescriptionType[] | undefined; /** * An identifier that was returned from the previous call to this operation, which can be * used to return the next set of items in the list. * @public */ NextToken?: string | undefined; } /** * Represents the request to list users. * @public */ export interface ListUsersRequest { /** * The user pool ID for the user pool on which the search should be performed. * @public */ UserPoolId: string | undefined; /** * A JSON array of user attribute names, for example <code>given_name</code>, that you * want Amazon Cognito to include in the response for each user. When you don't provide an * <code>AttributesToGet</code> parameter, Amazon Cognito returns all attributes for each * user. * Use <code>AttributesToGet</code> with required attributes in your user pool, or in * conjunction with <code>Filter</code>. Amazon Cognito returns an error if not all users in the * results have set a value for the attribute you request. Attributes that you can't * filter on, including custom attributes, must have a value set in every user profile * before an <code>AttributesToGet</code> parameter returns results. * @public */ AttributesToGet?: string[] | undefined; /** * Maximum number of users to be returned. * @public */ Limit?: number | undefined; /** * This API operation returns a limited number of results. The pagination token is * an identifier that you can present in an additional API request with the same parameters. When * you include the pagination token, Amazon Cognito returns the next set of items after the current list. * Subsequent requests return a new pagination token. By use of this token, you can paginate * through the full list of items. * @public */ PaginationToken?: string | undefined; /** * A filter string of the form <code>"AttributeName Filter-Type "AttributeValue"</code>. * Quotation marks within the filter string must be escaped using the backslash * (<code>\</code>) character. For example, <code>"family_name = * \"Reddy\""</code>. * <ul> * <li> * * AttributeName: The name of the attribute to search for. * You can only search for one attribute at a time. * </li> * <li> * * Filter-Type: For an exact match, use <code>=</code>, for * example, "<code>given_name = \"Jon\"</code>". For a prefix ("starts with") * match, use <code>^=</code>, for example, "<code>given_name ^= \"Jon\"</code>". * * </li> * <li> * * AttributeValue: The attribute value that must be matched * for each user. * </li> * </ul> * If the filter string is empty, <code>ListUsers</code> returns all users in the user * pool. * You can only search for the following standard attributes: * <ul> * <li> * * <code>username</code> (case-sensitive) * </li> * <li> * * <code>email</code> * * </li> * <li> * * <code>phone_number</code> * * </li> * <li> * * <code>name</code> * * </li> * <li> * * <code>given_name</code> * * </li> * <li> * * <code>family_name</code> * * </li> * <li> * * <code>preferred_username</code> * * </li> * <li> * * <code>cognito:user_status</code> (called Status in the Console) (case-insensitive) * </li> * <li> * * <code>status (called Enabled in the Console) * (case-sensitive)</code> * * </li> * <li> * * <code>sub</code> * * </li> * </ul> * Custom attributes aren't searchable. * <note> * You can also list users with a client-side filter. The server-side filter matches * no more than one attribute. For an advanced search, use a client-side filter with * the <code>--query</code> parameter of the <code>list-users</code> action in the * CLI. When you use a client-side filter, ListUsers returns a paginated list of zero * or more users. You can receive multiple pages in a row with zero results. Repeat the * query with each pagination token that is returned until you receive a null * pagination token value, and then review the combined result. * For more information about server-side and client-side filtering, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html">FilteringCLI output</a> in the <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html">Command Line Interface * User Guide</a>. * </note> * For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api">Searching for Users Using the ListUsers API</a> and <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples">Examples of Using the ListUsers API</a> in the Amazon Cognito Developer * Guide. * @public */ Filter?: string | undefined; } /** * The response from the request to list users. * @public */ export interface ListUsersResponse { /** * A list of the user pool users, and their attributes, that match your query. * <note> * Amazon Cognito creates a profile in your user pool for each native user in your user pool, * and each unique user ID from your third-party identity providers (IdPs). When you * link users with the <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html">AdminLinkProviderForUser</a> API operation, the output of * <code>ListUsers</code> displays both the IdP user and the native user that you * linked. You can identify IdP users in the <code>Users</code> object of this API * response by the IdP prefix that Amazon Cognito appends to <code>Username</code>. * </note> * @public */ Users?: UserType[] | undefined; /** * The identifier that Amazon Cognito returned with the previous request to this operation. When * you include a pagination token in your request, Amazon Cognito returns the next set of items in * the list. By use of this token, you can paginate through the full list of items. * @public */ PaginationToken?: string | undefined; } /** * @public */ export interface ListUsersInGroupRequest { /** * The user pool ID for the user pool. * @public */ UserPoolId: string | undefined; /** * The name of the group. * @public */ GroupName: string | undefined; /** * The maximum number of users that you want to retrieve before pagination. * @public */ Limit?: number | undefined; /** * An identifier that was returned from the previous call to this operation, which can be * used to return the next set of items in the list. * @public */ NextToken?: string | undefined; } /** * @public */ export interface ListUsersInGroupResponse { /** * A list of users in the group, and their attributes. * @public */ Users?: UserType[] | undefined; /** * An identifier that you can use in a later request to return the next set of items in * the list. * @public */ NextToken?: string | undefined; } /** * @public */ export interface ListWebAuthnCredentialsRequest { /** * A valid access token that Amazon Cognito issued to the user whose registered passkeys you want * to list. * @public */ AccessToken: string | undefined; /** * An identifier that was returned from the previous call to this operation, which can be * used to return the next set of items in the list. * @public */ NextToken?: string | undefined; /** * The maximum number of the user's passkey credentials that you want to * return. * @public */ MaxResults?: number | undefi