Copyright | (c) 2013-2018 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Cognito User Pools native username + password user, they are not permitted to use their password to sign-in. If the user to disable is a linked external IdP user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked DestinationUser
) signs in, they must create a new user account. See .
This action is enabled only for admin access and requires developer credentials.
The ProviderName
must match the value specified when creating an IdP for the pool.
To disable a native username + password user, the ProviderName
value must be Cognito
and the ProviderAttributeName
must be Cognito_Subject
, with the ProviderAttributeValue
being the name that is used in the user pool for the user.
The ProviderAttributeName
must always be Cognito_Subject
for social identity providers. The ProviderAttributeValue
must always be the exact subject that was used when the user was originally linked as a source user.
For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign-in, the ProviderAttributeName
and ProviderAttributeValue
must be the same values that were used for the SourceUser
when the identities were originally linked in the call. (If the linking was done with ProviderAttributeName
set to Cognito_Subject
, the same applies here). However, if the user has already signed in, the ProviderAttributeName
must be Cognito_Subject
and ProviderAttributeValue
must be the subject of the SAML assertion.
- adminDisableProviderForUser :: Text -> ProviderUserIdentifierType -> AdminDisableProviderForUser
- data AdminDisableProviderForUser
- adpfuUserPoolId :: Lens' AdminDisableProviderForUser Text
- adpfuUser :: Lens' AdminDisableProviderForUser ProviderUserIdentifierType
- adminDisableProviderForUserResponse :: Int -> AdminDisableProviderForUserResponse
- data AdminDisableProviderForUserResponse
- adpfursResponseStatus :: Lens' AdminDisableProviderForUserResponse Int
Creating a Request
adminDisableProviderForUser Source #
Creates a value of AdminDisableProviderForUser
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
adpfuUserPoolId
- The user pool ID for the user pool.adpfuUser
- The user to be disabled.
data AdminDisableProviderForUser Source #
See: adminDisableProviderForUser
smart constructor.
Request Lenses
adpfuUserPoolId :: Lens' AdminDisableProviderForUser Text Source #
The user pool ID for the user pool.
adpfuUser :: Lens' AdminDisableProviderForUser ProviderUserIdentifierType Source #
The user to be disabled.
Destructuring the Response
adminDisableProviderForUserResponse Source #
Creates a value of AdminDisableProviderForUserResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
adpfursResponseStatus
- -- | The response status code.
data AdminDisableProviderForUserResponse Source #
See: adminDisableProviderForUserResponse
smart constructor.
Response Lenses
adpfursResponseStatus :: Lens' AdminDisableProviderForUserResponse Int Source #
- - | The response status code.