AWS Cognito Identity Provider (User Pools) (version v1.*.*)

$body#

Represents the request to add custom attributes.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to add custom attributes.",
  "CustomAttributes" : [ {
    "DeveloperOnlyAttribute" : "Specifies whether the attribute type is developer only.",
    "Mutable" : "Specifies whether the value of the attribute can be changed. \nFor any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to true. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool.",
    "AttributeDataType" : "The attribute data type.",
    "StringAttributeConstraints" : {
      "MinLength" : "The minimum length.",
      "MaxLength" : "The maximum length."
    },
    "Required" : "Specifies whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.",
    "NumberAttributeConstraints" : {
      "MinValue" : "The minimum value of an attribute that is of the number data type.",
      "MaxValue" : "The maximum value of an attribute that is of the number data type."
    },
    "Name" : "A schema attribute of the name type."
  } ]
}

$body#

Type: object

{
  "GroupName" : "The group name.",
  "UserPoolId" : "The user pool ID for the user pool.",
  "Username" : "The username for the user."
}

$body#

Represents the request to confirm user registration.

Type: object

{
  "UserPoolId" : "The user pool ID for which you want to confirm user registration.",
  "Username" : "The user name for which you want to confirm user registration.",
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nIf your user pool configuration includes triggers, the AdminConfirmSignUp API action invokes the AWS Lambda function that is specified for the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. In this payload, the clientMetadata attribute provides the data that you assigned to the ClientMetadata parameter in your AdminConfirmSignUp request. In your function code in AWS Lambda, you can process the ClientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. "
}

$body#

Represents the request to create a user in the specified user pool.

Type: object

{
  "ValidationData" : [ {
    "Value" : "The value of the attribute.",
    "Name" : "The name of the attribute."
  } ],
  "UserPoolId" : "The user pool ID for the user pool where the user will be created.",
  "Username" : "The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.",
  "MessageAction" : "Set to \"RESEND\" to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to \"SUPPRESS\" to suppress sending the message. Only one value can be specified.",
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the pre sign-up trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "TemporaryPassword" : "The user's temporary password. This password must conform to the password policy that you specified when you created the user pool. \nThe temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary password in the sign-in page along with a new password to be used in all future sign-ins. \nThis parameter is not required. If you do not specify a value, Amazon Cognito generates one for you. \nThe temporary password can only be used until the user account expiration limit that you specified when you created the user pool. To reset the account after that time limit, you must call AdminCreateUser again, specifying \"RESEND\" for the MessageAction parameter.",
  "DesiredDeliveryMediums" : [ "string. Possible values: SMS | EMAIL" ],
  "UserAttributes" : [ {
    "Value" : "The value of the attribute.",
    "Name" : "The name of the attribute."
  } ],
  "ForceAliasCreation" : "This parameter is only used if the phone_number_verified or email_verified attribute is set to True. Otherwise, it is ignored. \nIf this parameter is set to True and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. \nIf this parameter is set to False, the API throws an AliasExistsException error if the alias already exists. The default value is False."
}

$body#

Represents the request to delete a user as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to delete the user.",
  "Username" : "The user name of the user you wish to delete."
}

$body#

Represents the request to delete user attributes as an administrator.

Type: object

{
  "UserAttributeNames" : [ "string" ],
  "UserPoolId" : "The user pool ID for the user pool where you want to delete user attributes.",
  "Username" : "The user name of the user from which you would like to delete attributes."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool.",
  "User" : {
    "ProviderName" : "The name of the provider, for example, Facebook, Google, or Login with Amazon.",
    "ProviderAttributeName" : "The name of the provider attribute to link to, for example, NameID.",
    "ProviderAttributeValue" : "The value of the provider attribute to link to, for example, xxxxx_account."
  }
}

$body#

Represents the request to disable any user as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to disable the user.",
  "Username" : "The user name of the user you wish to disable."
}

$body#

Represents the request that enables the user as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to enable the user.",
  "Username" : "The user name of the user you wish to enable."
}

$body#

Sends the forgot device request, as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "Username" : "The user name.",
  "DeviceKey" : "The device key."
}

$body#

Represents the request to get the device, as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "Username" : "The user name.",
  "DeviceKey" : "The device key."
}

$body#

Represents the request to get the specified user as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to get information about the user.",
  "Username" : "The user name of the user you wish to retrieve."
}

$body#

Initiates the authorization request, as an administrator.

Type: object

{
  "AuthParameters" : "The authentication parameters. These are inputs corresponding to the AuthFlow that you are invoking. The required values depend on the value of AuthFlow:  \n For USER_SRP_AUTH: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY   \n For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY   \n For ADMIN_NO_SRP_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client secret), PASSWORD (required), DEVICE_KEY   \n For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client secret), DEVICE_KEY  ",
  "UserPoolId" : "The ID of the Amazon Cognito user pool.",
  "AuthFlow" : "The authentication flow for this call to execute. The API action will depend on this value. For example:  \n  REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.  \n  USER_SRP_AUTH will take in USERNAME and SRP_A and return the SRP variables to be used for next challenge execution.  \n  USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the next challenge or tokens.   \nValid values include:  \n  USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.  \n  REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.  \n  CUSTOM_AUTH: Custom authentication flow.  \n  ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly if the flow is enabled for calling the app client.  \n  USER_PASSWORD_AUTH: Non-SRP authentication flow; USERNAME and PASSWORD are passed directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambda if the USERNAME is not found in the user pool.  ",
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers. \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the AWS Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:  \n Pre signup  \n Pre authentication  \n User migration   \nWhen Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in AWS Lambda, you can process the validationData value to enhance your workflow for your specific needs. \nWhen you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it does not provide the ClientMetadata value as input:  \n Post authentication  \n Custom message  \n Pre token generation  \n Create auth challenge  \n Define auth challenge  \n Verify auth challenge   \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "ClientId" : "The app client ID.",
  "ContextData" : {
    "HttpHeaders" : [ {
      "headerName" : "The header name",
      "headerValue" : "The header value."
    } ],
    "ServerPath" : "Your server path where this API is invoked. ",
    "ServerName" : "Your server endpoint where this API is invoked.",
    "IpAddress" : "Source IP address of your user.",
    "EncodedData" : "Encoded data containing device fingerprinting details, collected using the Amazon Cognito context data collection library."
  },
  "AnalyticsMetadata" : {
    "AnalyticsEndpointId" : "The endpoint ID."
  }
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool.",
  "SourceUser" : {
    "ProviderName" : "The name of the provider, for example, Facebook, Google, or Login with Amazon.",
    "ProviderAttributeName" : "The name of the provider attribute to link to, for example, NameID.",
    "ProviderAttributeValue" : "The value of the provider attribute to link to, for example, xxxxx_account."
  },
  "DestinationUser" : {
    "ProviderName" : "The name of the provider, for example, Facebook, Google, or Login with Amazon.",
    "ProviderAttributeName" : "The name of the provider attribute to link to, for example, NameID.",
    "ProviderAttributeValue" : "The value of the provider attribute to link to, for example, xxxxx_account."
  }
}

$body#

Represents the request to list devices, as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "Username" : "The user name.",
  "Limit" : "The limit of the devices request.",
  "PaginationToken" : "The pagination token."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool.",
  "Username" : "The username for the user."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "Username" : "The user pool username or an alias."
}

$body#

Type: object

{
  "GroupName" : "The group name.",
  "UserPoolId" : "The user pool ID for the user pool.",
  "Username" : "The username for the user."
}

$body#

Represents the request to reset a user's password as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to reset the user's password.",
  "Username" : "The user name of the user whose password you wish to reset.",
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminResetUserPassword API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminResetUserPassword request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. "
}

$body#

The request to respond to the authentication challenge, as an administrator.

Type: object

{
  "UserPoolId" : "The ID of the Amazon Cognito user pool.",
  "ChallengeResponses" : "The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:  \n  SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH (if app client is configured with client secret).  \n  PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, TIMESTAMP, USERNAME, SECRET_HASH (if app client is configured with client secret).  \n  ADMIN_NO_SRP_AUTH: PASSWORD, USERNAME, SECRET_HASH (if app client is configured with client secret).   \n  NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME, SECRET_HASH (if app client is configured with client secret).    \nThe value of the USERNAME attribute must be the user's actual username, not an alias (such as email address or phone number). To make this easier, the AdminInitiateAuth response includes the actual username value in the USERNAMEUSER_ID_FOR_SRP attribute, even if you specified an alias in your call to AdminInitiateAuth.",
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, post authentication, user migration, pre token generation, define auth challenge, create auth challenge, and verify auth challenge response. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminRespondToAuthChallenge request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "ClientId" : "The app client ID.",
  "ContextData" : {
    "HttpHeaders" : [ {
      "headerName" : "The header name",
      "headerValue" : "The header value."
    } ],
    "ServerPath" : "Your server path where this API is invoked. ",
    "ServerName" : "Your server endpoint where this API is invoked.",
    "IpAddress" : "Source IP address of your user.",
    "EncodedData" : "Encoded data containing device fingerprinting details, collected using the Amazon Cognito context data collection library."
  },
  "AnalyticsMetadata" : {
    "AnalyticsEndpointId" : "The endpoint ID."
  },
  "ChallengeName" : "The challenge name. For more information, see .",
  "Session" : "The session which should be passed both ways in challenge-response calls to the service. If InitiateAuth or RespondToAuthChallenge API call determines that the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge API call."
}

$body#

Type: object

{
  "SMSMfaSettings" : {
    "Enabled" : "Specifies whether SMS text message MFA is enabled.",
    "PreferredMfa" : "Specifies whether SMS is the preferred MFA method."
  },
  "UserPoolId" : "The user pool ID.",
  "Username" : "The user pool username or alias.",
  "SoftwareTokenMfaSettings" : {
    "Enabled" : "Specifies whether software token MFA is enabled.",
    "PreferredMfa" : "Specifies whether software token MFA is the preferred MFA method."
  }
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to set the user's password.",
  "Permanent" : " True if the password is permanent, False if it is temporary.",
  "Username" : "The user name of the user whose password you wish to set.",
  "Password" : "The password for the user."
}

$body#

You can use this parameter to set an MFA configuration that uses the SMS delivery medium.

Type: object

{
  "UserPoolId" : "The ID of the user pool that contains the user that you are setting options for.",
  "Username" : "The user name of the user that you are setting options for.",
  "MFAOptions" : [ {
    "DeliveryMedium" : "The delivery medium to send the MFA code. You can use this parameter to set only the SMS delivery medium value.",
    "AttributeName" : "The attribute name of the MFA option type. The only valid value is phone_number."
  } ]
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "Username" : "The user pool username.",
  "EventId" : "The authentication event ID.",
  "FeedbackValue" : "The authentication event feedback value."
}

$body#

The request to update the device status, as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "Username" : "The user name.",
  "DeviceRememberedStatus" : "The status indicating whether a device has been remembered or not.",
  "DeviceKey" : "The device key."
}

$body#

Represents the request to update the user's attributes as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to update user attributes.",
  "Username" : "The user name of the user for whom you want to update user attributes.",
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminUpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminUpdateUserAttributes request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "UserAttributes" : [ {
    "Value" : "The value of the attribute.",
    "Name" : "The name of the attribute."
  } ]
}

$body#

The request to sign out of all devices, as an administrator.

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "Username" : "The user name."
}

$body#

Type: object

{
  "AccessToken" : "The access token.",
  "Session" : "The session which should be passed both ways in challenge-response calls to the service. This allows authentication of the user as part of the MFA setup process."
}

$body#

Represents the request to change a user password.

Type: object

{
  "ProposedPassword" : "The new password.",
  "AccessToken" : "The access token.",
  "PreviousPassword" : "The old password."
}

$body#

Confirms the device request.

Type: object

{
  "AccessToken" : "The access token.",
  "DeviceKey" : "The device key.",
  "DeviceSecretVerifierConfig" : {
    "Salt" : "The salt.",
    "PasswordVerifier" : "The password verifier."
  },
  "DeviceName" : "The device name."
}

$body#

The request representing the confirmation for a password reset.

Type: object

{
  "Username" : "The user name of the user for whom you want to enter a code to retrieve a forgotten password.",
  "ConfirmationCode" : "The confirmation code sent by a user's request to retrieve a forgotten password. For more information, see ",
  "SecretHash" : "A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.",
  "UserContextData" : {
    "EncodedData" : "Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security."
  },
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the ConfirmForgotPassword API action, Amazon Cognito invokes the functions that are assigned to the post confirmation and pre mutation triggers. When Amazon Cognito invokes either of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmForgotPassword request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "ClientId" : "The app client ID of the app associated with the user pool.",
  "AnalyticsMetadata" : {
    "AnalyticsEndpointId" : "The endpoint ID."
  },
  "Password" : "The password sent by a user's request to retrieve a forgotten password."
}

$body#

Represents the request to confirm registration of a user.

Type: object

{
  "Username" : "The user name of the user whose registration you wish to confirm.",
  "ConfirmationCode" : "The confirmation code sent by a user's request to confirm registration.",
  "SecretHash" : "A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.",
  "UserContextData" : {
    "EncodedData" : "Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security."
  },
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the ConfirmSignUp API action, Amazon Cognito invokes the function that is assigned to the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmSignUp request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "ClientId" : "The ID of the app client associated with the user pool.",
  "AnalyticsMetadata" : {
    "AnalyticsEndpointId" : "The endpoint ID."
  },
  "ForceAliasCreation" : "Boolean to be specified to force user confirmation irrespective of existing alias. By default set to False. If this parameter is set to True and the phone number/email used for sign up confirmation already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user being confirmed. If set to False, the API will throw an AliasExistsException error."
}

$body#

Type: object

{
  "GroupName" : "The name of the group. Must be unique.",
  "UserPoolId" : "The user pool ID for the user pool.",
  "Description" : "A string containing the description of the group.",
  "Precedence" : "A nonnegative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower Precedence values take precedence over groups with higher or null Precedence values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN will be used in the cognito:roles and cognito:preferred_role claims in the user's tokens. \nTwo groups can have the same Precedence value. If this happens, neither group takes precedence over the other. If two groups with the same Precedence have the same role ARN, that role is used in the cognito:preferred_role claim in tokens for users in each group. If the two groups have different role ARNs, the cognito:preferred_role claim is not set in users' tokens. \nThe default Precedence value is null.",
  "RoleArn" : "The role ARN for the group."
}

$body#

Type: object

{
  "ProviderName" : "The identity provider name.",
  "UserPoolId" : "The user pool ID.",
  "AttributeMapping" : "A mapping of identity provider attributes to standard and custom user pool attributes.",
  "ProviderDetails" : "The identity provider details, such as MetadataURL and MetadataFile.",
  "ProviderType" : "The identity provider type.",
  "IdpIdentifiers" : [ "string" ]
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool.",
  "Identifier" : "A unique resource server identifier for the resource server. This could be an HTTPS endpoint where the resource server is located. For example, https://my-weather-api.example.com.",
  "Scopes" : [ {
    "ScopeName" : "The name of the scope.",
    "ScopeDescription" : "A description of the scope."
  } ],
  "Name" : "A friendly name for the resource server."
}

$body#

Represents the request to create the user import job.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool that the users are being imported into.",
  "CloudWatchLogsRoleArn" : "The role ARN for the Amazon CloudWatch Logging role for the user import job.",
  "JobName" : "The job name for the user import job."
}

$body#

Represents the request to create a user pool.

Type: object

{
  "UserPoolTags" : "The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.",
  "Policies" : {
    "PasswordPolicy" : {
      "RequireNumbers" : "In the password policy that you have set, refers to whether you have required users to use at least one number in their password.",
      "MinimumLength" : "The minimum length of the password policy that you have set. Cannot be less than 6.",
      "TemporaryPasswordValidityDays" : "In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.  \nWhen you set TemporaryPasswordValidityDays for a user pool, you will no longer be able to set the deprecated UnusedAccountValidityDays value for that user pool.",
      "RequireUppercase" : "In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.",
      "RequireLowercase" : "In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.",
      "RequireSymbols" : "In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password."
    }
  },
  "VerificationMessageTemplate" : {
    "EmailMessageByLink" : "The email message template for sending a confirmation link to the user.",
    "EmailMessage" : "The email message template.",
    "SmsMessage" : "The SMS message template.",
    "EmailSubject" : "The subject line for the email message template.",
    "DefaultEmailOption" : "The default email option.",
    "EmailSubjectByLink" : "The subject line for the email message template for sending a confirmation link to the user."
  },
  "MfaConfiguration" : "Specifies MFA configuration details.",
  "Schema" : [ {
    "DeveloperOnlyAttribute" : "Specifies whether the attribute type is developer only.",
    "Mutable" : "Specifies whether the value of the attribute can be changed. \nFor any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to true. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool.",
    "AttributeDataType" : "The attribute data type.",
    "StringAttributeConstraints" : {
      "MinLength" : "The minimum length.",
      "MaxLength" : "The maximum length."
    },
    "Required" : "Specifies whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.",
    "NumberAttributeConstraints" : {
      "MinValue" : "The minimum value of an attribute that is of the number data type.",
      "MaxValue" : "The maximum value of an attribute that is of the number data type."
    },
    "Name" : "A schema attribute of the name type."
  } ],
  "AdminCreateUserConfig" : {
    "UnusedAccountValidityDays" : "The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying \"RESEND\" for the MessageAction parameter. The default value for this parameter is 7.   \nIf you set a value for TemporaryPasswordValidityDays in PasswordPolicy, that value will be used and UnusedAccountValidityDays will be deprecated for that user pool. ",
    "InviteMessageTemplate" : {
      "EmailMessage" : "The message template for email messages.",
      "SMSMessage" : "The message template for SMS messages.",
      "EmailSubject" : "The subject line for email messages."
    },
    "AllowAdminCreateUserOnly" : "Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app."
  },
  "SmsAuthenticationMessage" : "A string representing the SMS authentication message.",
  "SmsVerificationMessage" : "A string representing the SMS verification message.",
  "UserPoolAddOns" : {
    "AdvancedSecurityMode" : "The advanced security mode."
  },
  "PoolName" : "A string used to name the user pool.",
  "EmailConfiguration" : {
    "ReplyToEmailAddress" : "The destination to which the receiver of the email should reply to.",
    "EmailSendingAccount" : "Specifies whether Amazon Cognito emails your users by using its built-in email functionality or your Amazon SES email configuration. Specify one of the following values:  COGNITO_DEFAULT  \nWhen Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is below the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration. \nTo look up the email delivery limit for the default option, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide. \nThe default FROM address is no-reply@verificationemail.com. To customize the FROM address, provide the ARN of an Amazon SES verified email address for the SourceArn parameter.  DEVELOPER  \nWhen Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account. \nIf you use this option, you must provide the ARN of an Amazon SES verified email address for the SourceArn parameter. \nBefore Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role, which is a type of IAM role, in your AWS account. This role contains the permissions that allow Amazon Cognito to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide.",
    "SourceArn" : "The Amazon Resource Name (ARN) of a verified email address in Amazon SES. This email address is used in one of the following ways, depending on the value that you specify for the EmailSendingAccount parameter:  \n If you specify COGNITO_DEFAULT, Amazon Cognito uses this address as the custom FROM address when it emails your users by using its built-in email account.  \n If you specify DEVELOPER, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf. "
  },
  "SmsConfiguration" : {
    "ExternalId" : "The external ID is a value that we recommend you use to add security to your IAM role which is used to call Amazon SNS to send SMS messages for your user pool. If you provide an ExternalId, the Cognito User Pool will include it when attempting to assume your IAM role, so that you can set your roles trust policy to require the ExternalID. If you use the Cognito Management Console to create a role for SMS MFA, Cognito will create a role with the required permissions and a trust policy that demonstrates use of the ExternalId.",
    "SnsCallerArn" : "The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller. This is the ARN of the IAM role in your AWS account which Cognito will use to send SMS messages."
  },
  "AliasAttributes" : [ "string. Possible values: phone_number | email | preferred_username" ],
  "EmailVerificationSubject" : "A string representing the email verification subject.",
  "LambdaConfig" : {
    "PreAuthentication" : "A pre-authentication AWS Lambda trigger.",
    "CreateAuthChallenge" : "Creates an authentication challenge.",
    "PreSignUp" : "A pre-registration AWS Lambda trigger.",
    "DefineAuthChallenge" : "Defines the authentication challenge.",
    "PreTokenGeneration" : "A Lambda trigger that is invoked before token generation.",
    "UserMigration" : "The user migration Lambda config type.",
    "PostConfirmation" : "A post-confirmation AWS Lambda trigger.",
    "PostAuthentication" : "A post-authentication AWS Lambda trigger.",
    "CustomMessage" : "A custom Message AWS Lambda trigger.",
    "VerifyAuthChallengeResponse" : "Verifies the authentication challenge response."
  },
  "AutoVerifiedAttributes" : [ "string. Possible values: phone_number | email" ],
  "UsernameAttributes" : [ "string. Possible values: phone_number | email" ],
  "EmailVerificationMessage" : "A string representing the email verification message.",
  "DeviceConfiguration" : {
    "DeviceOnlyRememberedOnUserPrompt" : "If true, a device is only remembered on user prompt.",
    "ChallengeRequiredOnNewDevice" : "Indicates whether a challenge is required on a new device. Only applicable to a new device."
  }
}

$body#

Represents the request to create a user pool client.

Type: object

{
  "AnalyticsConfiguration" : {
    "UserDataShared" : "If UserDataShared is true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.",
    "ExternalId" : "The external ID.",
    "ApplicationId" : "The application ID for an Amazon Pinpoint application.",
    "RoleArn" : "The ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics."
  },
  "GenerateSecret" : "Boolean to specify whether you want to generate a secret for the user pool client being created.",
  "CallbackURLs" : [ "string" ],
  "AllowedOAuthScopes" : [ "string" ],
  "ReadAttributes" : [ "string" ],
  "DefaultRedirectURI" : "The default redirect URI. Must be in the CallbackURLs list. \nA redirect URI must:  \n Be an absolute URI.  \n Be registered with the authorization server.  \n Not include a fragment component.   \nSee OAuth 2.0 - Redirection Endpoint. \nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only. \nApp callback URLs such as myapp://example are also supported.",
  "AllowedOAuthFlowsUserPoolClient" : "Set to True if the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.",
  "SupportedIdentityProviders" : [ "string" ],
  "ClientName" : "The client name for the user pool client you would like to create.",
  "UserPoolId" : "The user pool ID for the user pool where you want to create a user pool client.",
  "AllowedOAuthFlows" : [ "string. Possible values: code | implicit | client_credentials" ],
  "ExplicitAuthFlows" : [ "string. Possible values: ADMIN_NO_SRP_AUTH | CUSTOM_AUTH_FLOW_ONLY | USER_PASSWORD_AUTH" ],
  "LogoutURLs" : [ "string" ],
  "RefreshTokenValidity" : "The time limit, in days, after which the refresh token is no longer valid and cannot be used.",
  "WriteAttributes" : [ "string" ]
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "CustomDomainConfig" : {
    "CertificateArn" : "The Amazon Resource Name (ARN) of an AWS Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain."
  },
  "Domain" : "The domain string."
}

$body#

Type: object

{
  "GroupName" : "The name of the group.",
  "UserPoolId" : "The user pool ID for the user pool."
}

$body#

Type: object

{
  "ProviderName" : "The identity provider name.",
  "UserPoolId" : "The user pool ID."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool that hosts the resource server.",
  "Identifier" : "The identifier for the resource server."
}

$body#

Represents the request to delete a user.

Type: object

{
  "AccessToken" : "The access token from a request to delete a user."
}

$body#

Represents the request to delete user attributes.

Type: object

{
  "UserAttributeNames" : [ "string" ],
  "AccessToken" : "The access token used in the request to delete user attributes."
}

$body#

Represents the request to delete a user pool.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool you want to delete."
}

$body#

Represents the request to delete a user pool client.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to delete the client.",
  "ClientId" : "The app client ID of the app associated with the user pool."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "Domain" : "The domain string."
}

$body#

Type: object

{
  "ProviderName" : "The identity provider name.",
  "UserPoolId" : "The user pool ID."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool that hosts the resource server.",
  "Identifier" : "The identifier for the resource server"
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "ClientId" : "The app client ID."
}

$body#

Represents the request to describe the user import job.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool that the users are being imported into.",
  "JobId" : "The job ID for the user import job."
}

$body#

Represents the request to describe the user pool.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool you want to describe."
}

$body#

Represents the request to describe a user pool client.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool you want to describe.",
  "ClientId" : "The app client ID of the app associated with the user pool."
}

$body#

Type: object

{
  "Domain" : "The domain string."
}

$body#

Represents the request to forget the device.

Type: object

{
  "AccessToken" : "The access token for the forgotten device request.",
  "DeviceKey" : "The device key."
}

$body#

Represents the request to reset a user's password.

Type: object

{
  "Username" : "The user name of the user for whom you want to enter a code to reset a forgotten password.",
  "SecretHash" : "A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.",
  "UserContextData" : {
    "EncodedData" : "Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security."
  },
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the ForgotPassword API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and user migration. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ForgotPassword request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "ClientId" : "The ID of the client associated with the user pool.",
  "AnalyticsMetadata" : {
    "AnalyticsEndpointId" : "The endpoint ID."
  }
}

$body#

Represents the request to get the header information for the .csv file for the user import job.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool that the users are to be imported into."
}

$body#

Represents the request to get the device.

Type: object

{
  "AccessToken" : "The access token.",
  "DeviceKey" : "The device key."
}

$body#

Type: object

{
  "GroupName" : "The name of the group.",
  "UserPoolId" : "The user pool ID for the user pool."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "IdpIdentifier" : "The identity provider ID."
}

$body#

Request to get a signing certificate from Cognito.

Type: object

{
  "UserPoolId" : "The user pool ID."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool.",
  "ClientId" : "The client ID for the client app."
}

$body#

Represents the request to get information about the user.

Type: object

{
  "AccessToken" : "The access token returned by the server response to get information about the user."
}

$body#

Represents the request to get user attribute verification.

Type: object

{
  "AccessToken" : "The access token returned by the server response to get the user attribute verification code.",
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the GetUserAttributeVerificationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your GetUserAttributeVerificationCode request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "AttributeName" : "The attribute name returned by the server response to get the user attribute verification code."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID."
}

$body#

Represents the request to sign out all devices.

Type: object

{
  "AccessToken" : "The access token."
}

$body#

Initiates the authentication request.

Type: object

{
  "AuthParameters" : "The authentication parameters. These are inputs corresponding to the AuthFlow that you are invoking. The required values depend on the value of AuthFlow:  \n For USER_SRP_AUTH: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY   \n For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY   \n For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client secret), DEVICE_KEY  ",
  "AuthFlow" : "The authentication flow for this call to execute. The API action will depend on this value. For example:   \n  REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.  \n  USER_SRP_AUTH will take in USERNAME and SRP_A and return the SRP variables to be used for next challenge execution.  \n  USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the next challenge or tokens.   \nValid values include:  \n  USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.  \n  REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.  \n  CUSTOM_AUTH: Custom authentication flow.  \n  USER_PASSWORD_AUTH: Non-SRP authentication flow; USERNAME and PASSWORD are passed directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambda if the USERNAME is not found in the user pool.    \n ADMIN_NO_SRP_AUTH is not a valid value.",
  "UserContextData" : {
    "EncodedData" : "Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security."
  },
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers. \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the AWS Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:  \n Pre signup  \n Pre authentication  \n User migration   \nWhen Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function code in AWS Lambda, you can process the validationData value to enhance your workflow for your specific needs. \nWhen you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it does not provide the ClientMetadata value as input:  \n Post authentication  \n Custom message  \n Pre token generation  \n Create auth challenge  \n Define auth challenge  \n Verify auth challenge   \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "ClientId" : "The app client ID.",
  "AnalyticsMetadata" : {
    "AnalyticsEndpointId" : "The endpoint ID."
  }
}

$body#

Represents the request to list the devices.

Type: object

{
  "AccessToken" : "The access tokens for the request to list devices.",
  "Limit" : "The limit of the device request.",
  "PaginationToken" : "The pagination token for the list request."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID."
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool."
}

$body#

Type: object

{
  "ResourceArn" : "The Amazon Resource Name (ARN) of the user pool that the tags are assigned to."
}

$body#

Represents the request to list the user import jobs.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool that the users are being imported into.",
  "MaxResults" : "The maximum number of import jobs you want the request to return.",
  "PaginationToken" : "An identifier that was returned from the previous call to ListUserImportJobs, which can be used to return the next set of import jobs in the list."
}

$body#

Represents the request to list the user pool clients.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool where you want to list user pool clients."
}

$body#

Represents the request to list users.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool on which the search should be performed.",
  "Filter" : "A filter string of the form \"AttributeName Filter-Type \"AttributeValue\"\". Quotation marks within the filter string must be escaped using the backslash (\\) character. For example, \"family_name = \\\"Reddy\\\"\".  \n  AttributeName: The name of the attribute to search for. You can only search for one attribute at a time.  \n  Filter-Type: For an exact match, use =, for example, \"given_name = \\\"Jon\\\"\". For a prefix (\"starts with\") match, use ^=, for example, \"given_name ^= \\\"Jon\\\"\".   \n  AttributeValue: The attribute value that must be matched for each user.   \nIf the filter string is empty, ListUsers returns all users in the user pool. \nYou can only search for the following standard attributes:  \n  username (case-sensitive)  \n  email   \n  phone_number   \n  name   \n  given_name   \n  family_name   \n  preferred_username   \n  cognito:user_status (called Status in the Console) (case-insensitive)  \n  status (called Enabled in the Console) (case-sensitive)   \n  sub    \nCustom attributes are not searchable. \nFor more information, see Searching for Users Using the ListUsers API and Examples of Using the ListUsers API in the Amazon Cognito Developer Guide.",
  "AttributesToGet" : [ "string" ]
}

$body#

Type: object

{
  "GroupName" : "The name of the group.",
  "UserPoolId" : "The user pool ID for the user pool."
}

$body#

Represents the request to resend the confirmation code.

Type: object

{
  "Username" : "The user name of the user to whom you wish to resend a confirmation code.",
  "SecretHash" : "A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.",
  "UserContextData" : {
    "EncodedData" : "Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security."
  },
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the ResendConfirmationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ResendConfirmationCode request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "ClientId" : "The ID of the client associated with the user pool.",
  "AnalyticsMetadata" : {
    "AnalyticsEndpointId" : "The endpoint ID."
  }
}

$body#

The request to respond to an authentication challenge.

Type: object

{
  "ChallengeResponses" : "The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:  \n SECRET_HASH (if app client is configured with client secret) applies to all inputs below (including SOFTWARE_TOKEN_MFA).   \n  SMS_MFA: SMS_MFA_CODE, USERNAME.  \n  PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, TIMESTAMP, USERNAME.  \n  NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME.   \n  SOFTWARE_TOKEN_MFA: USERNAME and SOFTWARE_TOKEN_MFA_CODE are required attributes.  \n  DEVICE_SRP_AUTH requires USERNAME, DEVICE_KEY, SRP_A (and SECRET_HASH).  \n  DEVICE_PASSWORD_VERIFIER requires everything that PASSWORD_VERIFIER requires plus DEVICE_KEY. ",
  "UserContextData" : {
    "EncodedData" : "Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security."
  },
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: post authentication, pre token generation, define auth challenge, create auth challenge, and verify auth challenge. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "ClientId" : "The app client ID.",
  "AnalyticsMetadata" : {
    "AnalyticsEndpointId" : "The endpoint ID."
  },
  "ChallengeName" : "The challenge name. For more information, see . \n ADMIN_NO_SRP_AUTH is not a valid value.",
  "Session" : "The session which should be passed both ways in challenge-response calls to the service. If InitiateAuth or RespondToAuthChallenge API call determines that the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge API call."
}

$body#

Type: object

{
  "CompromisedCredentialsRiskConfiguration" : {
    "Actions" : {
      "EventAction" : "The event action."
    },
    "EventFilter" : [ "string. Possible values: SIGN_IN | PASSWORD_CHANGE | SIGN_UP" ]
  },
  "UserPoolId" : "The user pool ID. ",
  "ClientId" : "The app client ID. If ClientId is null, then the risk configuration is mapped to userPoolId. When the client ID is null, the same risk configuration is applied to all the clients in the userPool. \nOtherwise, ClientId is mapped to the client. When the client ID is not null, the user pool configuration is overridden and the risk configuration for the client is used instead.",
  "AccountTakeoverRiskConfiguration" : {
    "Actions" : {
      "HighAction" : {
        "Notify" : "Flag specifying whether to send a notification.",
        "EventAction" : "The event action.  \n  BLOCK Choosing this action will block the request.  \n  MFA_IF_CONFIGURED Throw MFA challenge if user has configured it, else allow the request.  \n  MFA_REQUIRED Throw MFA challenge if user has configured it, else block the request.  \n  NO_ACTION Allow the user sign-in. "
      },
      "LowAction" : {
        "Notify" : "Flag specifying whether to send a notification.",
        "EventAction" : "The event action.  \n  BLOCK Choosing this action will block the request.  \n  MFA_IF_CONFIGURED Throw MFA challenge if user has configured it, else allow the request.  \n  MFA_REQUIRED Throw MFA challenge if user has configured it, else block the request.  \n  NO_ACTION Allow the user sign-in. "
      },
      "MediumAction" : {
        "Notify" : "Flag specifying whether to send a notification.",
        "EventAction" : "The event action.  \n  BLOCK Choosing this action will block the request.  \n  MFA_IF_CONFIGURED Throw MFA challenge if user has configured it, else allow the request.  \n  MFA_REQUIRED Throw MFA challenge if user has configured it, else block the request.  \n  NO_ACTION Allow the user sign-in. "
      }
    },
    "NotifyConfiguration" : {
      "ReplyTo" : "The destination to which the receiver of an email should reply to.",
      "BlockEmail" : {
        "TextBody" : "The text body.",
        "HtmlBody" : "The HTML body.",
        "Subject" : "The subject."
      },
      "SourceArn" : "The Amazon Resource Name (ARN) of the identity that is associated with the sending authorization policy. It permits Amazon Cognito to send for the email address specified in the From parameter.",
      "NoActionEmail" : {
        "TextBody" : "The text body.",
        "HtmlBody" : "The HTML body.",
        "Subject" : "The subject."
      },
      "From" : "The email address that is sending the email. It must be either individually verified with Amazon SES, or from a domain that has been verified with Amazon SES.",
      "MfaEmail" : {
        "TextBody" : "The text body.",
        "HtmlBody" : "The HTML body.",
        "Subject" : "The subject."
      }
    }
  },
  "RiskExceptionConfiguration" : {
    "BlockedIPRangeList" : [ "string" ],
    "SkippedIPRangeList" : [ "string" ]
  }
}

$body#

Type: object

{
  "CSS" : "The CSS values in the UI customization.",
  "UserPoolId" : "The user pool ID for the user pool.",
  "ImageFile" : "The uploaded logo image for the UI customization.",
  "ClientId" : "The client ID for the client app."
}

$body#

Type: object

{
  "SMSMfaSettings" : {
    "Enabled" : "Specifies whether SMS text message MFA is enabled.",
    "PreferredMfa" : "Specifies whether SMS is the preferred MFA method."
  },
  "AccessToken" : "The access token for the user.",
  "SoftwareTokenMfaSettings" : {
    "Enabled" : "Specifies whether software token MFA is enabled.",
    "PreferredMfa" : "Specifies whether software token MFA is the preferred MFA method."
  }
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "SmsMfaConfiguration" : {
    "SmsConfiguration" : {
      "ExternalId" : "The external ID is a value that we recommend you use to add security to your IAM role which is used to call Amazon SNS to send SMS messages for your user pool. If you provide an ExternalId, the Cognito User Pool will include it when attempting to assume your IAM role, so that you can set your roles trust policy to require the ExternalID. If you use the Cognito Management Console to create a role for SMS MFA, Cognito will create a role with the required permissions and a trust policy that demonstrates use of the ExternalId.",
      "SnsCallerArn" : "The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller. This is the ARN of the IAM role in your AWS account which Cognito will use to send SMS messages."
    },
    "SmsAuthenticationMessage" : "The SMS authentication message that will be sent to users with the code they need to sign in. The message must contain the ‘{####}’ placeholder, which will be replaced with the code. If the message is not included, and default message will be used."
  },
  "MfaConfiguration" : "The MFA configuration. Valid values include:  \n  OFF MFA will not be used for any users.  \n  ON MFA is required for all users to sign in.  \n  OPTIONAL MFA will be required only for individual users who have an MFA factor enabled. ",
  "SoftwareTokenMfaConfiguration" : {
    "Enabled" : "Specifies whether software token MFA is enabled."
  }
}

$body#

Represents the request to set user settings.

Type: object

{
  "AccessToken" : "The access token for the set user settings request.",
  "MFAOptions" : [ {
    "DeliveryMedium" : "The delivery medium to send the MFA code. You can use this parameter to set only the SMS delivery medium value.",
    "AttributeName" : "The attribute name of the MFA option type. The only valid value is phone_number."
  } ]
}

$body#

Represents the request to register a user.

Type: object

{
  "ValidationData" : [ {
    "Value" : "The value of the attribute.",
    "Name" : "The name of the attribute."
  } ],
  "Username" : "The user name of the user you wish to register.",
  "SecretHash" : "A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.",
  "UserContextData" : {
    "EncodedData" : "Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security."
  },
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the SignUp API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and post confirmation. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your SignUp request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "ClientId" : "The ID of the client associated with the user pool.",
  "AnalyticsMetadata" : {
    "AnalyticsEndpointId" : "The endpoint ID."
  },
  "Password" : "The password of the user you wish to register.",
  "UserAttributes" : [ {
    "Value" : "The value of the attribute.",
    "Name" : "The name of the attribute."
  } ]
}

$body#

Represents the request to start the user import job.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool that the users are being imported into.",
  "JobId" : "The job ID for the user import job."
}

$body#

Represents the request to stop the user import job.

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool that the users are being imported into.",
  "JobId" : "The job ID for the user import job."
}

$body#

Type: object

{
  "ResourceArn" : "The Amazon Resource Name (ARN) of the user pool to assign the tags to.",
  "Tags" : "The tags to assign to the user pool."
}

$body#

Type: object

{
  "ResourceArn" : "The Amazon Resource Name (ARN) of the user pool that the tags are assigned to.",
  "TagKeys" : [ "string" ]
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID.",
  "Username" : "The user pool username.",
  "FeedbackToken" : "The feedback token.",
  "EventId" : "The event ID.",
  "FeedbackValue" : "The authentication event feedback value."
}

$body#

Represents the request to update the device status.

Type: object

{
  "AccessToken" : "The access token.",
  "DeviceRememberedStatus" : "The status of whether a device is remembered.",
  "DeviceKey" : "The device key."
}

$body#

Type: object

{
  "GroupName" : "The name of the group.",
  "UserPoolId" : "The user pool ID for the user pool.",
  "Description" : "A string containing the new description of the group.",
  "Precedence" : "The new precedence value for the group. For more information about this parameter, see .",
  "RoleArn" : "The new role ARN for the group. This is used for setting the cognito:roles and cognito:preferred_role claims in the token."
}

$body#

Type: object

{
  "ProviderName" : "The identity provider name.",
  "UserPoolId" : "The user pool ID.",
  "AttributeMapping" : "The identity provider attribute mapping to be changed.",
  "ProviderDetails" : "The identity provider details to be updated, such as MetadataURL and MetadataFile.",
  "IdpIdentifiers" : [ "string" ]
}

$body#

Type: object

{
  "UserPoolId" : "The user pool ID for the user pool.",
  "Identifier" : "The identifier for the resource server.",
  "Scopes" : [ {
    "ScopeName" : "The name of the scope.",
    "ScopeDescription" : "A description of the scope."
  } ],
  "Name" : "The name of the resource server."
}

$body#

Represents the request to update user attributes.

Type: object

{
  "AccessToken" : "The access token for the request to update user attributes.",
  "ClientMetadata" : "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.  \nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the UpdateUserAttributes API action, Amazon Cognito invokes the functions that are assigned to the custom message and pre mutation triggers. When Amazon Cognito invokes either of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your UpdateUserAttributes request. In your function code in AWS Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs. \nFor more information, see Customizing User Pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.  \nTake the following limitations into consideration when you use the ClientMetadata parameter:  \n Amazon Cognito does not store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.  \n Amazon Cognito does not validate the ClientMetadata value.  \n Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information. ",
  "UserAttributes" : [ {
    "Value" : "The value of the attribute.",
    "Name" : "The name of the attribute."
  } ]
}

$body#

Represents the request to update the user pool.

Type: object

{
  "UserPoolTags" : "The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.",
  "Policies" : {
    "PasswordPolicy" : {
      "RequireNumbers" : "In the password policy that you have set, refers to whether you have required users to use at least one number in their password.",
      "MinimumLength" : "The minimum length of the password policy that you have set. Cannot be less than 6.",
      "TemporaryPasswordValidityDays" : "In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.  \nWhen you set TemporaryPasswordValidityDays for a user pool, you will no longer be able to set the deprecated UnusedAccountValidityDays value for that user pool.",
      "RequireUppercase" : "In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.",
      "RequireLowercase" : "In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.",
      "RequireSymbols" : "In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password."
    }
  },
  "VerificationMessageTemplate" : {
    "EmailMessageByLink" : "The email message template for sending a confirmation link to the user.",
    "EmailMessage" : "The email message template.",
    "SmsMessage" : "The SMS message template.",
    "EmailSubject" : "The subject line for the email message template.",
    "DefaultEmailOption" : "The default email option.",
    "EmailSubjectByLink" : "The subject line for the email message template for sending a confirmation link to the user."
  },
  "MfaConfiguration" : "Can be one of the following values:  \n  OFF - MFA tokens are not required and cannot be specified during user registration.  \n  ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.  \n  OPTIONAL - Users have the option when registering to create an MFA token. ",
  "AdminCreateUserConfig" : {
    "UnusedAccountValidityDays" : "The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying \"RESEND\" for the MessageAction parameter. The default value for this parameter is 7.   \nIf you set a value for TemporaryPasswordValidityDays in PasswordPolicy, that value will be used and UnusedAccountValidityDays will be deprecated for that user pool. ",
    "InviteMessageTemplate" : {
      "EmailMessage" : "The message template for email messages.",
      "SMSMessage" : "The message template for SMS messages.",
      "EmailSubject" : "The subject line for email messages."
    },
    "AllowAdminCreateUserOnly" : "Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app."
  },
  "SmsAuthenticationMessage" : "The contents of the SMS authentication message.",
  "SmsVerificationMessage" : "A container with information about the SMS verification message.",
  "UserPoolAddOns" : {
    "AdvancedSecurityMode" : "The advanced security mode."
  },
  "UserPoolId" : "The user pool ID for the user pool you want to update.",
  "EmailConfiguration" : {
    "ReplyToEmailAddress" : "The destination to which the receiver of the email should reply to.",
    "EmailSendingAccount" : "Specifies whether Amazon Cognito emails your users by using its built-in email functionality or your Amazon SES email configuration. Specify one of the following values:  COGNITO_DEFAULT  \nWhen Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is below the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration. \nTo look up the email delivery limit for the default option, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide. \nThe default FROM address is no-reply@verificationemail.com. To customize the FROM address, provide the ARN of an Amazon SES verified email address for the SourceArn parameter.  DEVELOPER  \nWhen Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account. \nIf you use this option, you must provide the ARN of an Amazon SES verified email address for the SourceArn parameter. \nBefore Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role, which is a type of IAM role, in your AWS account. This role contains the permissions that allow Amazon Cognito to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide.",
    "SourceArn" : "The Amazon Resource Name (ARN) of a verified email address in Amazon SES. This email address is used in one of the following ways, depending on the value that you specify for the EmailSendingAccount parameter:  \n If you specify COGNITO_DEFAULT, Amazon Cognito uses this address as the custom FROM address when it emails your users by using its built-in email account.  \n If you specify DEVELOPER, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf. "
  },
  "SmsConfiguration" : {
    "ExternalId" : "The external ID is a value that we recommend you use to add security to your IAM role which is used to call Amazon SNS to send SMS messages for your user pool. If you provide an ExternalId, the Cognito User Pool will include it when attempting to assume your IAM role, so that you can set your roles trust policy to require the ExternalID. If you use the Cognito Management Console to create a role for SMS MFA, Cognito will create a role with the required permissions and a trust policy that demonstrates use of the ExternalId.",
    "SnsCallerArn" : "The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller. This is the ARN of the IAM role in your AWS account which Cognito will use to send SMS messages."
  },
  "EmailVerificationSubject" : "The subject of the email verification message.",
  "LambdaConfig" : {
    "PreAuthentication" : "A pre-authentication AWS Lambda trigger.",
    "CreateAuthChallenge" : "Creates an authentication challenge.",
    "PreSignUp" : "A pre-registration AWS Lambda trigger.",
    "DefineAuthChallenge" : "Defines the authentication challenge.",
    "PreTokenGeneration" : "A Lambda trigger that is invoked before token generation.",
    "UserMigration" : "The user migration Lambda config type.",
    "PostConfirmation" : "A post-confirmation AWS Lambda trigger.",
    "PostAuthentication" : "A post-authentication AWS Lambda trigger.",
    "CustomMessage" : "A custom Message AWS Lambda trigger.",
    "VerifyAuthChallengeResponse" : "Verifies the authentication challenge response."
  },
  "AutoVerifiedAttributes" : [ "string. Possible values: phone_number | email" ],
  "EmailVerificationMessage" : "The contents of the email verification message.",
  "DeviceConfiguration" : {
    "DeviceOnlyRememberedOnUserPrompt" : "If true, a device is only remembered on user prompt.",
    "ChallengeRequiredOnNewDevice" : "Indicates whether a challenge is required on a new device. Only applicable to a new device."
  }
}

$body#

Represents the request to update the user pool client.

Type: object

{
  "AnalyticsConfiguration" : {
    "UserDataShared" : "If UserDataShared is true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.",
    "ExternalId" : "The external ID.",
    "ApplicationId" : "The application ID for an Amazon Pinpoint application.",
    "RoleArn" : "The ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics."
  },
  "CallbackURLs" : [ "string" ],
  "AllowedOAuthScopes" : [ "string" ],
  "ReadAttributes" : [ "string" ],
  "DefaultRedirectURI" : "The default redirect URI. Must be in the CallbackURLs list. \nA redirect URI must:  \n Be an absolute URI.  \n Be registered with the authorization server.  \n Not include a fragment component.   \nSee OAuth 2.0 - Redirection Endpoint. \nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only. \nApp callback URLs such as myapp://example are also supported.",
  "AllowedOAuthFlowsUserPoolClient" : "Set to TRUE if the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.",
  "SupportedIdentityProviders" : [ "string" ],
  "ClientName" : "The client name from the update user pool client request.",
  "UserPoolId" : "The user pool ID for the user pool where you want to update the user pool client.",
  "AllowedOAuthFlows" : [ "string. Possible values: code | implicit | client_credentials" ],
  "ExplicitAuthFlows" : [ "string. Possible values: ADMIN_NO_SRP_AUTH | CUSTOM_AUTH_FLOW_ONLY | USER_PASSWORD_AUTH" ],
  "ClientId" : "The ID of the client associated with the user pool.",
  "LogoutURLs" : [ "string" ],
  "RefreshTokenValidity" : "The time limit, in days, after which the refresh token is no longer valid and cannot be used.",
  "WriteAttributes" : [ "string" ]
}

$body#

The UpdateUserPoolDomain request input.

Type: object

{
  "UserPoolId" : "The ID of the user pool that is associated with the custom domain that you are updating the certificate for.",
  "CustomDomainConfig" : {
    "CertificateArn" : "The Amazon Resource Name (ARN) of an AWS Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain."
  },
  "Domain" : "The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. For example: auth.example.com.  \nThis string can include only lowercase letters, numbers, and hyphens. Do not use a hyphen for the first or last character. Use periods to separate subdomain names."
}

$body#

Type: object

{
  "AccessToken" : "The access token.",
  "UserCode" : "The one time password computed using the secret code returned by ",
  "FriendlyDeviceName" : "The friendly device name.",
  "Session" : "The session which should be passed both ways in challenge-response calls to the service."
}

$body#

Represents the request to verify user attributes.

Type: object

{
  "AccessToken" : "Represents the access token of the request to verify user attributes.",
  "AttributeName" : "The attribute name in the request to verify user attributes.",
  "Code" : "The verification code in the request to verify user attributes."
}