| Copyright | (c) 2013-2018 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
| Language | Haskell2010 |
Network.AWS.CognitoIdentity
Contents
- Service Configuration
- Errors
- InvalidIdentityPoolConfigurationException
- InvalidParameterException
- NotAuthorizedException
- InternalErrorException
- ExternalServiceException
- TooManyRequestsException
- ConcurrentModificationException
- ResourceConflictException
- DeveloperUserAlreadyRegisteredException
- ResourceNotFoundException
- LimitExceededException
- Waiters
- Operations
- GetOpenIdToken
- GetOpenIdTokenForDeveloperIdentity
- DescribeIdentityPool
- GetId
- DeleteIdentityPool
- UpdateIdentityPool
- UnlinkDeveloperIdentity
- GetIdentityPoolRoles
- ListIdentityPools
- GetCredentialsForIdentity
- DeleteIdentities
- SetIdentityPoolRoles
- ListIdentities
- LookupDeveloperIdentity
- UnlinkIdentity
- DescribeIdentity
- CreateIdentityPool
- MergeDeveloperIdentities
- Types
Description
Amazon Cognito
Amazon Cognito is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. Amazon Cognito uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.
Using Amazon Cognito, you can enable authentication with one or more third-party identity providers (Facebook, Google, or Login with Amazon), and you can also choose to support unauthenticated access from your app. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by AWS Security Token Service (STS) to access temporary, limited-privilege AWS credentials.
To provide end-user credentials, first make an unsigned call to GetId . If the end user is authenticated with one of the supported identity providers, set the Logins map with the identity provider token. GetId returns a unique identifier for the user.
Next, make an unsigned call to GetCredentialsForIdentity . This call expects the same Logins map as the GetId call, as well as the IdentityID originally returned by GetId . Assuming your identity pool has been configured via the SetIdentityPoolRoles operation, GetCredentialsForIdentity will return AWS credentials for your use. If your pool has not been configured with SetIdentityPoolRoles , or if you want to follow legacy flow, make an unsigned call to GetOpenIdToken , which returns the OpenID token necessary to call STS and retrieve AWS credentials. This call expects the same Logins map as the GetId call, as well as the IdentityID originally returned by GetId . The token returned by GetOpenIdToken can be passed to the STS operation AssumeRoleWithWebIdentity to retrieve AWS credentials.
If you want to use Amazon Cognito in an Android, iOS, or Unity application, you will probably want to make API calls via the AWS Mobile SDK. To learn more, see the AWS Mobile SDK Developer Guide .
Synopsis
- cognitoIdentity :: Service
- _InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError
- _NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError
- _InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
- _ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError
- _TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError
- _DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- module Network.AWS.CognitoIdentity.GetOpenIdToken
- module Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity
- module Network.AWS.CognitoIdentity.DescribeIdentityPool
- module Network.AWS.CognitoIdentity.GetId
- module Network.AWS.CognitoIdentity.DeleteIdentityPool
- module Network.AWS.CognitoIdentity.UpdateIdentityPool
- module Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity
- module Network.AWS.CognitoIdentity.GetIdentityPoolRoles
- module Network.AWS.CognitoIdentity.ListIdentityPools
- module Network.AWS.CognitoIdentity.GetCredentialsForIdentity
- module Network.AWS.CognitoIdentity.DeleteIdentities
- module Network.AWS.CognitoIdentity.SetIdentityPoolRoles
- module Network.AWS.CognitoIdentity.ListIdentities
- module Network.AWS.CognitoIdentity.LookupDeveloperIdentity
- module Network.AWS.CognitoIdentity.UnlinkIdentity
- module Network.AWS.CognitoIdentity.DescribeIdentity
- module Network.AWS.CognitoIdentity.CreateIdentityPool
- module Network.AWS.CognitoIdentity.MergeDeveloperIdentities
- data AmbiguousRoleResolutionType
- data CognitoErrorCode
- data MappingRuleMatchType
- = Contains
- | Equals
- | NotEqual
- | StartsWith
- data RoleMappingType
- data CognitoIdentityProvider
- cognitoIdentityProvider :: CognitoIdentityProvider
- cipClientId :: Lens' CognitoIdentityProvider (Maybe Text)
- cipServerSideTokenCheck :: Lens' CognitoIdentityProvider (Maybe Bool)
- cipProviderName :: Lens' CognitoIdentityProvider (Maybe Text)
- data Credentials
- credentials :: Credentials
- cSessionToken :: Lens' Credentials (Maybe Text)
- cExpiration :: Lens' Credentials (Maybe UTCTime)
- cSecretKey :: Lens' Credentials (Maybe Text)
- cAccessKeyId :: Lens' Credentials (Maybe Text)
- data IdentityDescription
- identityDescription :: IdentityDescription
- idLastModifiedDate :: Lens' IdentityDescription (Maybe UTCTime)
- idCreationDate :: Lens' IdentityDescription (Maybe UTCTime)
- idLogins :: Lens' IdentityDescription [Text]
- idIdentityId :: Lens' IdentityDescription (Maybe Text)
- data IdentityPool
- identityPool :: Text -> Text -> Bool -> IdentityPool
- ipSamlProviderARNs :: Lens' IdentityPool [Text]
- ipSupportedLoginProviders :: Lens' IdentityPool (HashMap Text Text)
- ipDeveloperProviderName :: Lens' IdentityPool (Maybe Text)
- ipOpenIdConnectProviderARNs :: Lens' IdentityPool [Text]
- ipCognitoIdentityProviders :: Lens' IdentityPool [CognitoIdentityProvider]
- ipIdentityPoolId :: Lens' IdentityPool Text
- ipIdentityPoolName :: Lens' IdentityPool Text
- ipAllowUnauthenticatedIdentities :: Lens' IdentityPool Bool
- data IdentityPoolShortDescription
- identityPoolShortDescription :: IdentityPoolShortDescription
- ipsdIdentityPoolId :: Lens' IdentityPoolShortDescription (Maybe Text)
- ipsdIdentityPoolName :: Lens' IdentityPoolShortDescription (Maybe Text)
- data MappingRule
- mappingRule :: Text -> MappingRuleMatchType -> Text -> Text -> MappingRule
- mrClaim :: Lens' MappingRule Text
- mrMatchType :: Lens' MappingRule MappingRuleMatchType
- mrValue :: Lens' MappingRule Text
- mrRoleARN :: Lens' MappingRule Text
- data RoleMapping
- roleMapping :: RoleMappingType -> RoleMapping
- rmRulesConfiguration :: Lens' RoleMapping (Maybe RulesConfigurationType)
- rmAmbiguousRoleResolution :: Lens' RoleMapping (Maybe AmbiguousRoleResolutionType)
- rmType :: Lens' RoleMapping RoleMappingType
- data RulesConfigurationType
- rulesConfigurationType :: NonEmpty MappingRule -> RulesConfigurationType
- rctRules :: Lens' RulesConfigurationType (NonEmpty MappingRule)
- data UnprocessedIdentityId
- unprocessedIdentityId :: UnprocessedIdentityId
- uiiErrorCode :: Lens' UnprocessedIdentityId (Maybe CognitoErrorCode)
- uiiIdentityId :: Lens' UnprocessedIdentityId (Maybe Text)
Service Configuration
cognitoIdentity :: Service Source #
API version 2014-06-30 of the Amazon Cognito Identity SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by CognitoIdentity.
InvalidIdentityPoolConfigurationException
_InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown if the identity pool has no role associated for the given auth type (auth/unauth) or if the AssumeRole fails.
InvalidParameterException
_InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown for missing or bad input parameter(s).
NotAuthorizedException
_NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when a user is not authorized to access the requested resource.
InternalErrorException
_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when the service encounters an error during processing the request.
ExternalServiceException
_ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError Source #
An exception thrown when a dependent service such as Facebook or Twitter is not responding
TooManyRequestsException
_TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when a request is throttled.
ConcurrentModificationException
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown if there are parallel requests to modify a resource.
ResourceConflictException
_ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when a user tries to use a login which is already linked to another account.
DeveloperUserAlreadyRegisteredException
_DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The provided developer user identifier is already registered with Cognito under a different identity ID.
ResourceNotFoundException
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when the requested resource (for example, a dataset or record) does not exist.
LimitExceededException
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when the total number of user pools has exceeded a preset limit.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait specification is fulfilled. The Wait specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
GetOpenIdToken
GetOpenIdTokenForDeveloperIdentity
DescribeIdentityPool
GetId
DeleteIdentityPool
UpdateIdentityPool
UnlinkDeveloperIdentity
GetIdentityPoolRoles
ListIdentityPools
GetCredentialsForIdentity
DeleteIdentities
SetIdentityPoolRoles
ListIdentities
LookupDeveloperIdentity
UnlinkIdentity
DescribeIdentity
CreateIdentityPool
MergeDeveloperIdentities
Types
AmbiguousRoleResolutionType
data AmbiguousRoleResolutionType Source #
Constructors
| AuthenticatedRole | |
| Deny |
Instances
CognitoErrorCode
data CognitoErrorCode Source #
Constructors
| AccessDenied | |
| InternalServerError |
Instances
MappingRuleMatchType
data MappingRuleMatchType Source #
Constructors
| Contains | |
| Equals | |
| NotEqual | |
| StartsWith |
Instances
RoleMappingType
data RoleMappingType Source #
Instances
CognitoIdentityProvider
data CognitoIdentityProvider Source #
A provider representing an Amazon Cognito Identity User Pool and its client ID.
See: cognitoIdentityProvider smart constructor.
Instances
cognitoIdentityProvider :: CognitoIdentityProvider Source #
Creates a value of CognitoIdentityProvider with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
cipClientId- The client ID for the Amazon Cognito Identity User Pool.cipServerSideTokenCheck- TRUE if server-side token validation is enabled for the identity provider’s token.cipProviderName- The provider name for an Amazon Cognito Identity User Pool. For example,cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.
cipClientId :: Lens' CognitoIdentityProvider (Maybe Text) Source #
The client ID for the Amazon Cognito Identity User Pool.
cipServerSideTokenCheck :: Lens' CognitoIdentityProvider (Maybe Bool) Source #
TRUE if server-side token validation is enabled for the identity provider’s token.
cipProviderName :: Lens' CognitoIdentityProvider (Maybe Text) Source #
The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .
Credentials
data Credentials Source #
Credentials for the provided identity ID.
See: credentials smart constructor.
Instances
credentials :: Credentials Source #
Creates a value of Credentials with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
cSessionToken- The Session Token portion of the credentialscExpiration- The date at which these credentials will expire.cSecretKey- The Secret Access Key portion of the credentialscAccessKeyId- The Access Key portion of the credentials.
cSessionToken :: Lens' Credentials (Maybe Text) Source #
The Session Token portion of the credentials
cExpiration :: Lens' Credentials (Maybe UTCTime) Source #
The date at which these credentials will expire.
cSecretKey :: Lens' Credentials (Maybe Text) Source #
The Secret Access Key portion of the credentials
cAccessKeyId :: Lens' Credentials (Maybe Text) Source #
The Access Key portion of the credentials.
IdentityDescription
data IdentityDescription Source #
A description of the identity.
See: identityDescription smart constructor.
Instances
identityDescription :: IdentityDescription Source #
Creates a value of IdentityDescription with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
idLastModifiedDate- Date on which the identity was last modified.idCreationDate- Date on which the identity was created.idLogins- A set of optional name-value pairs that map provider names to provider tokens.idIdentityId- A unique identifier in the format REGION:GUID.
idLastModifiedDate :: Lens' IdentityDescription (Maybe UTCTime) Source #
Date on which the identity was last modified.
idCreationDate :: Lens' IdentityDescription (Maybe UTCTime) Source #
Date on which the identity was created.
idLogins :: Lens' IdentityDescription [Text] Source #
A set of optional name-value pairs that map provider names to provider tokens.
idIdentityId :: Lens' IdentityDescription (Maybe Text) Source #
A unique identifier in the format REGION:GUID.
IdentityPool
data IdentityPool Source #
An object representing an Amazon Cognito identity pool.
See: identityPool smart constructor.
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Bool | |
| -> IdentityPool |
Creates a value of IdentityPool with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ipSamlProviderARNs- An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.ipSupportedLoginProviders- Optional key:value pairs mapping provider names to provider app IDs.ipDeveloperProviderName- The "domain" by which Cognito will refer to your users.ipOpenIdConnectProviderARNs- A list of OpendID Connect provider ARNs.ipCognitoIdentityProviders- A list representing an Amazon Cognito Identity User Pool and its client ID.ipIdentityPoolId- An identity pool ID in the format REGION:GUID.ipIdentityPoolName- A string that you provide.ipAllowUnauthenticatedIdentities- TRUE if the identity pool supports unauthenticated logins.
ipSamlProviderARNs :: Lens' IdentityPool [Text] Source #
An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.
ipSupportedLoginProviders :: Lens' IdentityPool (HashMap Text Text) Source #
Optional key:value pairs mapping provider names to provider app IDs.
ipDeveloperProviderName :: Lens' IdentityPool (Maybe Text) Source #
The "domain" by which Cognito will refer to your users.
ipOpenIdConnectProviderARNs :: Lens' IdentityPool [Text] Source #
A list of OpendID Connect provider ARNs.
ipCognitoIdentityProviders :: Lens' IdentityPool [CognitoIdentityProvider] Source #
A list representing an Amazon Cognito Identity User Pool and its client ID.
ipIdentityPoolId :: Lens' IdentityPool Text Source #
An identity pool ID in the format REGION:GUID.
ipIdentityPoolName :: Lens' IdentityPool Text Source #
A string that you provide.
ipAllowUnauthenticatedIdentities :: Lens' IdentityPool Bool Source #
TRUE if the identity pool supports unauthenticated logins.
IdentityPoolShortDescription
data IdentityPoolShortDescription Source #
A description of the identity pool.
See: identityPoolShortDescription smart constructor.
Instances
identityPoolShortDescription :: IdentityPoolShortDescription Source #
Creates a value of IdentityPoolShortDescription with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ipsdIdentityPoolId- An identity pool ID in the format REGION:GUID.ipsdIdentityPoolName- A string that you provide.
ipsdIdentityPoolId :: Lens' IdentityPoolShortDescription (Maybe Text) Source #
An identity pool ID in the format REGION:GUID.
ipsdIdentityPoolName :: Lens' IdentityPoolShortDescription (Maybe Text) Source #
A string that you provide.
MappingRule
data MappingRule Source #
A rule that maps a claim name, a claim value, and a match type to a role ARN.
See: mappingRule smart constructor.
Instances
Arguments
| :: Text | |
| -> MappingRuleMatchType | |
| -> Text | |
| -> Text | |
| -> MappingRule |
Creates a value of MappingRule with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
mrClaim- The claim name that must be present in the token, for example, "isAdmin" or "paid".mrMatchType- The match condition that specifies how closely the claim value in the IdP token must matchValue.mrValue- A brief string that the claim must match, for example, "paid" or "yes".mrRoleARN- The role ARN.
mrClaim :: Lens' MappingRule Text Source #
The claim name that must be present in the token, for example, "isAdmin" or "paid".
mrMatchType :: Lens' MappingRule MappingRuleMatchType Source #
The match condition that specifies how closely the claim value in the IdP token must match Value .
mrValue :: Lens' MappingRule Text Source #
A brief string that the claim must match, for example, "paid" or "yes".
RoleMapping
data RoleMapping Source #
A role mapping.
See: roleMapping smart constructor.
Instances
Arguments
| :: RoleMappingType | |
| -> RoleMapping |
Creates a value of RoleMapping with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rmRulesConfiguration- The rules to be used for mapping users to roles. If you specify Rules as the role mapping type,RulesConfigurationis required.rmAmbiguousRoleResolution- If you specify Token or Rules as theType,AmbiguousRoleResolutionis required. Specifies the action to be taken if either no rules match the claim value for theRulestype, or there is nocognito:preferred_roleclaim and there are multiplecognito:rolesmatches for theTokentype.rmType- The role mapping type. Token will usecognito:rolesandcognito:preferred_roleclaims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.
rmRulesConfiguration :: Lens' RoleMapping (Maybe RulesConfigurationType) Source #
The rules to be used for mapping users to roles. If you specify Rules as the role mapping type, RulesConfiguration is required.
rmAmbiguousRoleResolution :: Lens' RoleMapping (Maybe AmbiguousRoleResolutionType) Source #
If you specify Token or Rules as the Type , AmbiguousRoleResolution is required. Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.
rmType :: Lens' RoleMapping RoleMappingType Source #
The role mapping type. Token will use cognito:roles and cognito:preferred_role claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.
RulesConfigurationType
data RulesConfigurationType Source #
A container for rules.
See: rulesConfigurationType smart constructor.
Instances
rulesConfigurationType Source #
Arguments
| :: NonEmpty MappingRule | |
| -> RulesConfigurationType |
Creates a value of RulesConfigurationType with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rctRules- An array of rules. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.
rctRules :: Lens' RulesConfigurationType (NonEmpty MappingRule) Source #
An array of rules. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.
UnprocessedIdentityId
data UnprocessedIdentityId Source #
An array of UnprocessedIdentityId objects, each of which contains an ErrorCode and IdentityId.
See: unprocessedIdentityId smart constructor.
Instances
unprocessedIdentityId :: UnprocessedIdentityId Source #
Creates a value of UnprocessedIdentityId with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
uiiErrorCode- The error code indicating the type of error that occurred.uiiIdentityId- A unique identifier in the format REGION:GUID.
uiiErrorCode :: Lens' UnprocessedIdentityId (Maybe CognitoErrorCode) Source #
The error code indicating the type of error that occurred.
uiiIdentityId :: Lens' UnprocessedIdentityId (Maybe Text) Source #
A unique identifier in the format REGION:GUID.