Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
- Operations
- AddCustomAttributes
- AdminAddUserToGroup
- AdminConfirmSignUp
- AdminCreateUser
- AdminDeleteUser
- AdminDeleteUserAttributes
- AdminDisableProviderForUser
- AdminDisableUser
- AdminEnableUser
- AdminForgetDevice
- AdminGetDevice
- AdminGetUser
- AdminInitiateAuth
- AdminLinkProviderForUser
- AdminListDevices
- AdminListGroupsForUser
- AdminListUserAuthEvents
- AdminRemoveUserFromGroup
- AdminResetUserPassword
- AdminRespondToAuthChallenge
- AdminSetUserMFAPreference
- AdminSetUserPassword
- AdminSetUserSettings
- AdminUpdateAuthEventFeedback
- AdminUpdateDeviceStatus
- AdminUpdateUserAttributes
- AdminUserGlobalSignOut
- AssociateSoftwareToken
- ChangePassword
- ConfirmDevice
- ConfirmForgotPassword
- ConfirmSignUp
- CreateGroup
- CreateIdentityProvider
- CreateResourceServer
- CreateUserImportJob
- CreateUserPool
- CreateUserPoolClient
- CreateUserPoolDomain
- DeleteGroup
- DeleteIdentityProvider
- DeleteResourceServer
- DeleteUser
- DeleteUserAttributes
- DeleteUserPool
- DeleteUserPoolClient
- DeleteUserPoolDomain
- DescribeIdentityProvider
- DescribeResourceServer
- DescribeRiskConfiguration
- DescribeUserImportJob
- DescribeUserPool
- DescribeUserPoolClient
- DescribeUserPoolDomain
- ForgetDevice
- ForgotPassword
- GetCSVHeader
- GetDevice
- GetGroup
- GetIdentityProviderByIdentifier
- GetSigningCertificate
- GetUICustomization
- GetUser
- GetUserAttributeVerificationCode
- GetUserPoolMfaConfig
- GlobalSignOut
- InitiateAuth
- ListDevices
- ListGroups
- ListIdentityProviders
- ListResourceServers
- ListTagsForResource
- ListUserImportJobs
- ListUserPoolClients
- ListUserPools
- ListUsers
- ListUsersInGroup
- ResendConfirmationCode
- RespondToAuthChallenge
- RevokeToken
- SetRiskConfiguration
- SetUICustomization
- SetUserMFAPreference
- SetUserPoolMfaConfig
- SetUserSettings
- SignUp
- StartUserImportJob
- StopUserImportJob
- TagResource
- UntagResource
- UpdateAuthEventFeedback
- UpdateDeviceStatus
- UpdateGroup
- UpdateIdentityProvider
- UpdateResourceServer
- UpdateUserAttributes
- UpdateUserPool
- UpdateUserPoolClient
- UpdateUserPoolDomain
- VerifySoftwareToken
- VerifyUserAttribute
- Types
- AccountRecoverySettingType
- AccountTakeoverActionType
- AccountTakeoverActionsType
- AccountTakeoverRiskConfigurationType
- AdminCreateUserConfigType
- AnalyticsConfigurationType
- AnalyticsMetadataType
- AttributeType
- AuthEventType
- AuthenticationResultType
- ChallengeResponseType
- CodeDeliveryDetailsType
- CompromisedCredentialsActionsType
- CompromisedCredentialsRiskConfigurationType
- ContextDataType
- CustomDomainConfigType
- CustomEmailLambdaVersionConfigType
- CustomSMSLambdaVersionConfigType
- DeviceConfigurationType
- DeviceSecretVerifierConfigType
- DeviceType
- DomainDescriptionType
- EmailConfigurationType
- EventContextDataType
- EventFeedbackType
- EventRiskType
- GroupType
- HttpHeader
- IdentityProviderType
- LambdaConfigType
- MFAOptionType
- MessageTemplateType
- NewDeviceMetadataType
- NotifyConfigurationType
- NotifyEmailType
- NumberAttributeConstraintsType
- PasswordPolicyType
- ProviderDescription
- ProviderUserIdentifierType
- RecoveryOptionType
- ResourceServerScopeType
- ResourceServerType
- RiskConfigurationType
- RiskExceptionConfigurationType
- SMSMfaSettingsType
- SchemaAttributeType
- SmsConfigurationType
- SmsMfaConfigType
- SoftwareTokenMfaConfigType
- SoftwareTokenMfaSettingsType
- StringAttributeConstraintsType
- TokenValidityUnitsType
- UICustomizationType
- UserAttributeUpdateSettingsType
- UserContextDataType
- UserImportJobType
- UserPoolAddOnsType
- UserPoolClientDescription
- UserPoolClientType
- UserPoolDescriptionType
- UserPoolPolicyType
- UserPoolType
- UserType
- UsernameConfigurationType
- VerificationMessageTemplateType
Synopsis
- addCustomAttributes_userPoolId :: Lens' AddCustomAttributes Text
- addCustomAttributes_customAttributes :: Lens' AddCustomAttributes (NonEmpty SchemaAttributeType)
- addCustomAttributesResponse_httpStatus :: Lens' AddCustomAttributesResponse Int
- adminAddUserToGroup_userPoolId :: Lens' AdminAddUserToGroup Text
- adminAddUserToGroup_username :: Lens' AdminAddUserToGroup Text
- adminAddUserToGroup_groupName :: Lens' AdminAddUserToGroup Text
- adminConfirmSignUp_clientMetadata :: Lens' AdminConfirmSignUp (Maybe (HashMap Text Text))
- adminConfirmSignUp_userPoolId :: Lens' AdminConfirmSignUp Text
- adminConfirmSignUp_username :: Lens' AdminConfirmSignUp Text
- adminConfirmSignUpResponse_httpStatus :: Lens' AdminConfirmSignUpResponse Int
- adminCreateUser_clientMetadata :: Lens' AdminCreateUser (Maybe (HashMap Text Text))
- adminCreateUser_desiredDeliveryMediums :: Lens' AdminCreateUser (Maybe [DeliveryMediumType])
- adminCreateUser_forceAliasCreation :: Lens' AdminCreateUser (Maybe Bool)
- adminCreateUser_messageAction :: Lens' AdminCreateUser (Maybe MessageActionType)
- adminCreateUser_temporaryPassword :: Lens' AdminCreateUser (Maybe Text)
- adminCreateUser_userAttributes :: Lens' AdminCreateUser (Maybe [AttributeType])
- adminCreateUser_validationData :: Lens' AdminCreateUser (Maybe [AttributeType])
- adminCreateUser_userPoolId :: Lens' AdminCreateUser Text
- adminCreateUser_username :: Lens' AdminCreateUser Text
- adminCreateUserResponse_user :: Lens' AdminCreateUserResponse (Maybe UserType)
- adminCreateUserResponse_httpStatus :: Lens' AdminCreateUserResponse Int
- adminDeleteUser_userPoolId :: Lens' AdminDeleteUser Text
- adminDeleteUser_username :: Lens' AdminDeleteUser Text
- adminDeleteUserAttributes_userPoolId :: Lens' AdminDeleteUserAttributes Text
- adminDeleteUserAttributes_username :: Lens' AdminDeleteUserAttributes Text
- adminDeleteUserAttributes_userAttributeNames :: Lens' AdminDeleteUserAttributes [Text]
- adminDeleteUserAttributesResponse_httpStatus :: Lens' AdminDeleteUserAttributesResponse Int
- adminDisableProviderForUser_userPoolId :: Lens' AdminDisableProviderForUser Text
- adminDisableProviderForUser_user :: Lens' AdminDisableProviderForUser ProviderUserIdentifierType
- adminDisableProviderForUserResponse_httpStatus :: Lens' AdminDisableProviderForUserResponse Int
- adminDisableUser_userPoolId :: Lens' AdminDisableUser Text
- adminDisableUser_username :: Lens' AdminDisableUser Text
- adminDisableUserResponse_httpStatus :: Lens' AdminDisableUserResponse Int
- adminEnableUser_userPoolId :: Lens' AdminEnableUser Text
- adminEnableUser_username :: Lens' AdminEnableUser Text
- adminEnableUserResponse_httpStatus :: Lens' AdminEnableUserResponse Int
- adminForgetDevice_userPoolId :: Lens' AdminForgetDevice Text
- adminForgetDevice_username :: Lens' AdminForgetDevice Text
- adminForgetDevice_deviceKey :: Lens' AdminForgetDevice Text
- adminGetDevice_deviceKey :: Lens' AdminGetDevice Text
- adminGetDevice_userPoolId :: Lens' AdminGetDevice Text
- adminGetDevice_username :: Lens' AdminGetDevice Text
- adminGetDeviceResponse_httpStatus :: Lens' AdminGetDeviceResponse Int
- adminGetDeviceResponse_device :: Lens' AdminGetDeviceResponse DeviceType
- adminGetUser_userPoolId :: Lens' AdminGetUser Text
- adminGetUser_username :: Lens' AdminGetUser Text
- adminGetUserResponse_enabled :: Lens' AdminGetUserResponse (Maybe Bool)
- adminGetUserResponse_mfaOptions :: Lens' AdminGetUserResponse (Maybe [MFAOptionType])
- adminGetUserResponse_preferredMfaSetting :: Lens' AdminGetUserResponse (Maybe Text)
- adminGetUserResponse_userAttributes :: Lens' AdminGetUserResponse (Maybe [AttributeType])
- adminGetUserResponse_userCreateDate :: Lens' AdminGetUserResponse (Maybe UTCTime)
- adminGetUserResponse_userLastModifiedDate :: Lens' AdminGetUserResponse (Maybe UTCTime)
- adminGetUserResponse_userMFASettingList :: Lens' AdminGetUserResponse (Maybe [Text])
- adminGetUserResponse_userStatus :: Lens' AdminGetUserResponse (Maybe UserStatusType)
- adminGetUserResponse_httpStatus :: Lens' AdminGetUserResponse Int
- adminGetUserResponse_username :: Lens' AdminGetUserResponse Text
- adminInitiateAuth_analyticsMetadata :: Lens' AdminInitiateAuth (Maybe AnalyticsMetadataType)
- adminInitiateAuth_authParameters :: Lens' AdminInitiateAuth (Maybe (HashMap Text Text))
- adminInitiateAuth_clientMetadata :: Lens' AdminInitiateAuth (Maybe (HashMap Text Text))
- adminInitiateAuth_contextData :: Lens' AdminInitiateAuth (Maybe ContextDataType)
- adminInitiateAuth_userPoolId :: Lens' AdminInitiateAuth Text
- adminInitiateAuth_clientId :: Lens' AdminInitiateAuth Text
- adminInitiateAuth_authFlow :: Lens' AdminInitiateAuth AuthFlowType
- adminInitiateAuthResponse_authenticationResult :: Lens' AdminInitiateAuthResponse (Maybe AuthenticationResultType)
- adminInitiateAuthResponse_challengeName :: Lens' AdminInitiateAuthResponse (Maybe ChallengeNameType)
- adminInitiateAuthResponse_challengeParameters :: Lens' AdminInitiateAuthResponse (Maybe (HashMap Text Text))
- adminInitiateAuthResponse_session :: Lens' AdminInitiateAuthResponse (Maybe Text)
- adminInitiateAuthResponse_httpStatus :: Lens' AdminInitiateAuthResponse Int
- adminLinkProviderForUser_userPoolId :: Lens' AdminLinkProviderForUser Text
- adminLinkProviderForUser_destinationUser :: Lens' AdminLinkProviderForUser ProviderUserIdentifierType
- adminLinkProviderForUser_sourceUser :: Lens' AdminLinkProviderForUser ProviderUserIdentifierType
- adminLinkProviderForUserResponse_httpStatus :: Lens' AdminLinkProviderForUserResponse Int
- adminListDevices_limit :: Lens' AdminListDevices (Maybe Natural)
- adminListDevices_paginationToken :: Lens' AdminListDevices (Maybe Text)
- adminListDevices_userPoolId :: Lens' AdminListDevices Text
- adminListDevices_username :: Lens' AdminListDevices Text
- adminListDevicesResponse_devices :: Lens' AdminListDevicesResponse (Maybe [DeviceType])
- adminListDevicesResponse_paginationToken :: Lens' AdminListDevicesResponse (Maybe Text)
- adminListDevicesResponse_httpStatus :: Lens' AdminListDevicesResponse Int
- adminListGroupsForUser_limit :: Lens' AdminListGroupsForUser (Maybe Natural)
- adminListGroupsForUser_nextToken :: Lens' AdminListGroupsForUser (Maybe Text)
- adminListGroupsForUser_username :: Lens' AdminListGroupsForUser Text
- adminListGroupsForUser_userPoolId :: Lens' AdminListGroupsForUser Text
- adminListGroupsForUserResponse_groups :: Lens' AdminListGroupsForUserResponse (Maybe [GroupType])
- adminListGroupsForUserResponse_nextToken :: Lens' AdminListGroupsForUserResponse (Maybe Text)
- adminListGroupsForUserResponse_httpStatus :: Lens' AdminListGroupsForUserResponse Int
- adminListUserAuthEvents_maxResults :: Lens' AdminListUserAuthEvents (Maybe Natural)
- adminListUserAuthEvents_nextToken :: Lens' AdminListUserAuthEvents (Maybe Text)
- adminListUserAuthEvents_userPoolId :: Lens' AdminListUserAuthEvents Text
- adminListUserAuthEvents_username :: Lens' AdminListUserAuthEvents Text
- adminListUserAuthEventsResponse_authEvents :: Lens' AdminListUserAuthEventsResponse (Maybe [AuthEventType])
- adminListUserAuthEventsResponse_nextToken :: Lens' AdminListUserAuthEventsResponse (Maybe Text)
- adminListUserAuthEventsResponse_httpStatus :: Lens' AdminListUserAuthEventsResponse Int
- adminRemoveUserFromGroup_userPoolId :: Lens' AdminRemoveUserFromGroup Text
- adminRemoveUserFromGroup_username :: Lens' AdminRemoveUserFromGroup Text
- adminRemoveUserFromGroup_groupName :: Lens' AdminRemoveUserFromGroup Text
- adminResetUserPassword_clientMetadata :: Lens' AdminResetUserPassword (Maybe (HashMap Text Text))
- adminResetUserPassword_userPoolId :: Lens' AdminResetUserPassword Text
- adminResetUserPassword_username :: Lens' AdminResetUserPassword Text
- adminResetUserPasswordResponse_httpStatus :: Lens' AdminResetUserPasswordResponse Int
- adminRespondToAuthChallenge_analyticsMetadata :: Lens' AdminRespondToAuthChallenge (Maybe AnalyticsMetadataType)
- adminRespondToAuthChallenge_challengeResponses :: Lens' AdminRespondToAuthChallenge (Maybe (HashMap Text Text))
- adminRespondToAuthChallenge_clientMetadata :: Lens' AdminRespondToAuthChallenge (Maybe (HashMap Text Text))
- adminRespondToAuthChallenge_contextData :: Lens' AdminRespondToAuthChallenge (Maybe ContextDataType)
- adminRespondToAuthChallenge_session :: Lens' AdminRespondToAuthChallenge (Maybe Text)
- adminRespondToAuthChallenge_userPoolId :: Lens' AdminRespondToAuthChallenge Text
- adminRespondToAuthChallenge_clientId :: Lens' AdminRespondToAuthChallenge Text
- adminRespondToAuthChallenge_challengeName :: Lens' AdminRespondToAuthChallenge ChallengeNameType
- adminRespondToAuthChallengeResponse_authenticationResult :: Lens' AdminRespondToAuthChallengeResponse (Maybe AuthenticationResultType)
- adminRespondToAuthChallengeResponse_challengeName :: Lens' AdminRespondToAuthChallengeResponse (Maybe ChallengeNameType)
- adminRespondToAuthChallengeResponse_challengeParameters :: Lens' AdminRespondToAuthChallengeResponse (Maybe (HashMap Text Text))
- adminRespondToAuthChallengeResponse_session :: Lens' AdminRespondToAuthChallengeResponse (Maybe Text)
- adminRespondToAuthChallengeResponse_httpStatus :: Lens' AdminRespondToAuthChallengeResponse Int
- adminSetUserMFAPreference_sMSMfaSettings :: Lens' AdminSetUserMFAPreference (Maybe SMSMfaSettingsType)
- adminSetUserMFAPreference_softwareTokenMfaSettings :: Lens' AdminSetUserMFAPreference (Maybe SoftwareTokenMfaSettingsType)
- adminSetUserMFAPreference_username :: Lens' AdminSetUserMFAPreference Text
- adminSetUserMFAPreference_userPoolId :: Lens' AdminSetUserMFAPreference Text
- adminSetUserMFAPreferenceResponse_httpStatus :: Lens' AdminSetUserMFAPreferenceResponse Int
- adminSetUserPassword_permanent :: Lens' AdminSetUserPassword (Maybe Bool)
- adminSetUserPassword_userPoolId :: Lens' AdminSetUserPassword Text
- adminSetUserPassword_username :: Lens' AdminSetUserPassword Text
- adminSetUserPassword_password :: Lens' AdminSetUserPassword Text
- adminSetUserPasswordResponse_httpStatus :: Lens' AdminSetUserPasswordResponse Int
- adminSetUserSettings_userPoolId :: Lens' AdminSetUserSettings Text
- adminSetUserSettings_username :: Lens' AdminSetUserSettings Text
- adminSetUserSettings_mfaOptions :: Lens' AdminSetUserSettings [MFAOptionType]
- adminSetUserSettingsResponse_httpStatus :: Lens' AdminSetUserSettingsResponse Int
- adminUpdateAuthEventFeedback_userPoolId :: Lens' AdminUpdateAuthEventFeedback Text
- adminUpdateAuthEventFeedback_username :: Lens' AdminUpdateAuthEventFeedback Text
- adminUpdateAuthEventFeedback_eventId :: Lens' AdminUpdateAuthEventFeedback Text
- adminUpdateAuthEventFeedback_feedbackValue :: Lens' AdminUpdateAuthEventFeedback FeedbackValueType
- adminUpdateAuthEventFeedbackResponse_httpStatus :: Lens' AdminUpdateAuthEventFeedbackResponse Int
- adminUpdateDeviceStatus_deviceRememberedStatus :: Lens' AdminUpdateDeviceStatus (Maybe DeviceRememberedStatusType)
- adminUpdateDeviceStatus_userPoolId :: Lens' AdminUpdateDeviceStatus Text
- adminUpdateDeviceStatus_username :: Lens' AdminUpdateDeviceStatus Text
- adminUpdateDeviceStatus_deviceKey :: Lens' AdminUpdateDeviceStatus Text
- adminUpdateDeviceStatusResponse_httpStatus :: Lens' AdminUpdateDeviceStatusResponse Int
- adminUpdateUserAttributes_clientMetadata :: Lens' AdminUpdateUserAttributes (Maybe (HashMap Text Text))
- adminUpdateUserAttributes_userPoolId :: Lens' AdminUpdateUserAttributes Text
- adminUpdateUserAttributes_username :: Lens' AdminUpdateUserAttributes Text
- adminUpdateUserAttributes_userAttributes :: Lens' AdminUpdateUserAttributes [AttributeType]
- adminUpdateUserAttributesResponse_httpStatus :: Lens' AdminUpdateUserAttributesResponse Int
- adminUserGlobalSignOut_userPoolId :: Lens' AdminUserGlobalSignOut Text
- adminUserGlobalSignOut_username :: Lens' AdminUserGlobalSignOut Text
- adminUserGlobalSignOutResponse_httpStatus :: Lens' AdminUserGlobalSignOutResponse Int
- associateSoftwareToken_accessToken :: Lens' AssociateSoftwareToken (Maybe Text)
- associateSoftwareToken_session :: Lens' AssociateSoftwareToken (Maybe Text)
- associateSoftwareTokenResponse_secretCode :: Lens' AssociateSoftwareTokenResponse (Maybe Text)
- associateSoftwareTokenResponse_session :: Lens' AssociateSoftwareTokenResponse (Maybe Text)
- associateSoftwareTokenResponse_httpStatus :: Lens' AssociateSoftwareTokenResponse Int
- changePassword_previousPassword :: Lens' ChangePassword Text
- changePassword_proposedPassword :: Lens' ChangePassword Text
- changePassword_accessToken :: Lens' ChangePassword Text
- changePasswordResponse_httpStatus :: Lens' ChangePasswordResponse Int
- confirmDevice_deviceName :: Lens' ConfirmDevice (Maybe Text)
- confirmDevice_deviceSecretVerifierConfig :: Lens' ConfirmDevice (Maybe DeviceSecretVerifierConfigType)
- confirmDevice_accessToken :: Lens' ConfirmDevice Text
- confirmDevice_deviceKey :: Lens' ConfirmDevice Text
- confirmDeviceResponse_userConfirmationNecessary :: Lens' ConfirmDeviceResponse (Maybe Bool)
- confirmDeviceResponse_httpStatus :: Lens' ConfirmDeviceResponse Int
- confirmForgotPassword_analyticsMetadata :: Lens' ConfirmForgotPassword (Maybe AnalyticsMetadataType)
- confirmForgotPassword_clientMetadata :: Lens' ConfirmForgotPassword (Maybe (HashMap Text Text))
- confirmForgotPassword_secretHash :: Lens' ConfirmForgotPassword (Maybe Text)
- confirmForgotPassword_userContextData :: Lens' ConfirmForgotPassword (Maybe UserContextDataType)
- confirmForgotPassword_clientId :: Lens' ConfirmForgotPassword Text
- confirmForgotPassword_username :: Lens' ConfirmForgotPassword Text
- confirmForgotPassword_confirmationCode :: Lens' ConfirmForgotPassword Text
- confirmForgotPassword_password :: Lens' ConfirmForgotPassword Text
- confirmForgotPasswordResponse_httpStatus :: Lens' ConfirmForgotPasswordResponse Int
- confirmSignUp_analyticsMetadata :: Lens' ConfirmSignUp (Maybe AnalyticsMetadataType)
- confirmSignUp_clientMetadata :: Lens' ConfirmSignUp (Maybe (HashMap Text Text))
- confirmSignUp_forceAliasCreation :: Lens' ConfirmSignUp (Maybe Bool)
- confirmSignUp_secretHash :: Lens' ConfirmSignUp (Maybe Text)
- confirmSignUp_userContextData :: Lens' ConfirmSignUp (Maybe UserContextDataType)
- confirmSignUp_clientId :: Lens' ConfirmSignUp Text
- confirmSignUp_username :: Lens' ConfirmSignUp Text
- confirmSignUp_confirmationCode :: Lens' ConfirmSignUp Text
- confirmSignUpResponse_httpStatus :: Lens' ConfirmSignUpResponse Int
- createGroup_description :: Lens' CreateGroup (Maybe Text)
- createGroup_precedence :: Lens' CreateGroup (Maybe Natural)
- createGroup_roleArn :: Lens' CreateGroup (Maybe Text)
- createGroup_groupName :: Lens' CreateGroup Text
- createGroup_userPoolId :: Lens' CreateGroup Text
- createGroupResponse_group :: Lens' CreateGroupResponse (Maybe GroupType)
- createGroupResponse_httpStatus :: Lens' CreateGroupResponse Int
- createIdentityProvider_attributeMapping :: Lens' CreateIdentityProvider (Maybe (HashMap Text Text))
- createIdentityProvider_idpIdentifiers :: Lens' CreateIdentityProvider (Maybe [Text])
- createIdentityProvider_userPoolId :: Lens' CreateIdentityProvider Text
- createIdentityProvider_providerName :: Lens' CreateIdentityProvider Text
- createIdentityProvider_providerType :: Lens' CreateIdentityProvider IdentityProviderTypeType
- createIdentityProvider_providerDetails :: Lens' CreateIdentityProvider (HashMap Text Text)
- createIdentityProviderResponse_httpStatus :: Lens' CreateIdentityProviderResponse Int
- createIdentityProviderResponse_identityProvider :: Lens' CreateIdentityProviderResponse IdentityProviderType
- createResourceServer_scopes :: Lens' CreateResourceServer (Maybe [ResourceServerScopeType])
- createResourceServer_userPoolId :: Lens' CreateResourceServer Text
- createResourceServer_identifier :: Lens' CreateResourceServer Text
- createResourceServer_name :: Lens' CreateResourceServer Text
- createResourceServerResponse_httpStatus :: Lens' CreateResourceServerResponse Int
- createResourceServerResponse_resourceServer :: Lens' CreateResourceServerResponse ResourceServerType
- createUserImportJob_jobName :: Lens' CreateUserImportJob Text
- createUserImportJob_userPoolId :: Lens' CreateUserImportJob Text
- createUserImportJob_cloudWatchLogsRoleArn :: Lens' CreateUserImportJob Text
- createUserImportJobResponse_userImportJob :: Lens' CreateUserImportJobResponse (Maybe UserImportJobType)
- createUserImportJobResponse_httpStatus :: Lens' CreateUserImportJobResponse Int
- createUserPool_accountRecoverySetting :: Lens' CreateUserPool (Maybe AccountRecoverySettingType)
- createUserPool_adminCreateUserConfig :: Lens' CreateUserPool (Maybe AdminCreateUserConfigType)
- createUserPool_aliasAttributes :: Lens' CreateUserPool (Maybe [AliasAttributeType])
- createUserPool_autoVerifiedAttributes :: Lens' CreateUserPool (Maybe [VerifiedAttributeType])
- createUserPool_deletionProtection :: Lens' CreateUserPool (Maybe DeletionProtectionType)
- createUserPool_deviceConfiguration :: Lens' CreateUserPool (Maybe DeviceConfigurationType)
- createUserPool_emailConfiguration :: Lens' CreateUserPool (Maybe EmailConfigurationType)
- createUserPool_emailVerificationMessage :: Lens' CreateUserPool (Maybe Text)
- createUserPool_emailVerificationSubject :: Lens' CreateUserPool (Maybe Text)
- createUserPool_lambdaConfig :: Lens' CreateUserPool (Maybe LambdaConfigType)
- createUserPool_mfaConfiguration :: Lens' CreateUserPool (Maybe UserPoolMfaType)
- createUserPool_policies :: Lens' CreateUserPool (Maybe UserPoolPolicyType)
- createUserPool_schema :: Lens' CreateUserPool (Maybe (NonEmpty SchemaAttributeType))
- createUserPool_smsAuthenticationMessage :: Lens' CreateUserPool (Maybe Text)
- createUserPool_smsConfiguration :: Lens' CreateUserPool (Maybe SmsConfigurationType)
- createUserPool_smsVerificationMessage :: Lens' CreateUserPool (Maybe Text)
- createUserPool_userAttributeUpdateSettings :: Lens' CreateUserPool (Maybe UserAttributeUpdateSettingsType)
- createUserPool_userPoolAddOns :: Lens' CreateUserPool (Maybe UserPoolAddOnsType)
- createUserPool_userPoolTags :: Lens' CreateUserPool (Maybe (HashMap Text Text))
- createUserPool_usernameAttributes :: Lens' CreateUserPool (Maybe [UsernameAttributeType])
- createUserPool_usernameConfiguration :: Lens' CreateUserPool (Maybe UsernameConfigurationType)
- createUserPool_verificationMessageTemplate :: Lens' CreateUserPool (Maybe VerificationMessageTemplateType)
- createUserPool_poolName :: Lens' CreateUserPool Text
- createUserPoolResponse_userPool :: Lens' CreateUserPoolResponse (Maybe UserPoolType)
- createUserPoolResponse_httpStatus :: Lens' CreateUserPoolResponse Int
- createUserPoolClient_accessTokenValidity :: Lens' CreateUserPoolClient (Maybe Natural)
- createUserPoolClient_allowedOAuthFlows :: Lens' CreateUserPoolClient (Maybe [OAuthFlowType])
- createUserPoolClient_allowedOAuthFlowsUserPoolClient :: Lens' CreateUserPoolClient (Maybe Bool)
- createUserPoolClient_allowedOAuthScopes :: Lens' CreateUserPoolClient (Maybe [Text])
- createUserPoolClient_analyticsConfiguration :: Lens' CreateUserPoolClient (Maybe AnalyticsConfigurationType)
- createUserPoolClient_authSessionValidity :: Lens' CreateUserPoolClient (Maybe Natural)
- createUserPoolClient_callbackURLs :: Lens' CreateUserPoolClient (Maybe [Text])
- createUserPoolClient_defaultRedirectURI :: Lens' CreateUserPoolClient (Maybe Text)
- createUserPoolClient_enablePropagateAdditionalUserContextData :: Lens' CreateUserPoolClient (Maybe Bool)
- createUserPoolClient_enableTokenRevocation :: Lens' CreateUserPoolClient (Maybe Bool)
- createUserPoolClient_explicitAuthFlows :: Lens' CreateUserPoolClient (Maybe [ExplicitAuthFlowsType])
- createUserPoolClient_generateSecret :: Lens' CreateUserPoolClient (Maybe Bool)
- createUserPoolClient_idTokenValidity :: Lens' CreateUserPoolClient (Maybe Natural)
- createUserPoolClient_logoutURLs :: Lens' CreateUserPoolClient (Maybe [Text])
- createUserPoolClient_preventUserExistenceErrors :: Lens' CreateUserPoolClient (Maybe PreventUserExistenceErrorTypes)
- createUserPoolClient_readAttributes :: Lens' CreateUserPoolClient (Maybe [Text])
- createUserPoolClient_refreshTokenValidity :: Lens' CreateUserPoolClient (Maybe Natural)
- createUserPoolClient_supportedIdentityProviders :: Lens' CreateUserPoolClient (Maybe [Text])
- createUserPoolClient_tokenValidityUnits :: Lens' CreateUserPoolClient (Maybe TokenValidityUnitsType)
- createUserPoolClient_writeAttributes :: Lens' CreateUserPoolClient (Maybe [Text])
- createUserPoolClient_userPoolId :: Lens' CreateUserPoolClient Text
- createUserPoolClient_clientName :: Lens' CreateUserPoolClient Text
- createUserPoolClientResponse_userPoolClient :: Lens' CreateUserPoolClientResponse (Maybe UserPoolClientType)
- createUserPoolClientResponse_httpStatus :: Lens' CreateUserPoolClientResponse Int
- createUserPoolDomain_customDomainConfig :: Lens' CreateUserPoolDomain (Maybe CustomDomainConfigType)
- createUserPoolDomain_domain :: Lens' CreateUserPoolDomain Text
- createUserPoolDomain_userPoolId :: Lens' CreateUserPoolDomain Text
- createUserPoolDomainResponse_cloudFrontDomain :: Lens' CreateUserPoolDomainResponse (Maybe Text)
- createUserPoolDomainResponse_httpStatus :: Lens' CreateUserPoolDomainResponse Int
- deleteGroup_groupName :: Lens' DeleteGroup Text
- deleteGroup_userPoolId :: Lens' DeleteGroup Text
- deleteIdentityProvider_userPoolId :: Lens' DeleteIdentityProvider Text
- deleteIdentityProvider_providerName :: Lens' DeleteIdentityProvider Text
- deleteResourceServer_userPoolId :: Lens' DeleteResourceServer Text
- deleteResourceServer_identifier :: Lens' DeleteResourceServer Text
- deleteUser_accessToken :: Lens' DeleteUser Text
- deleteUserAttributes_userAttributeNames :: Lens' DeleteUserAttributes [Text]
- deleteUserAttributes_accessToken :: Lens' DeleteUserAttributes Text
- deleteUserAttributesResponse_httpStatus :: Lens' DeleteUserAttributesResponse Int
- deleteUserPool_userPoolId :: Lens' DeleteUserPool Text
- deleteUserPoolClient_userPoolId :: Lens' DeleteUserPoolClient Text
- deleteUserPoolClient_clientId :: Lens' DeleteUserPoolClient Text
- deleteUserPoolDomain_domain :: Lens' DeleteUserPoolDomain Text
- deleteUserPoolDomain_userPoolId :: Lens' DeleteUserPoolDomain Text
- deleteUserPoolDomainResponse_httpStatus :: Lens' DeleteUserPoolDomainResponse Int
- describeIdentityProvider_userPoolId :: Lens' DescribeIdentityProvider Text
- describeIdentityProvider_providerName :: Lens' DescribeIdentityProvider Text
- describeIdentityProviderResponse_httpStatus :: Lens' DescribeIdentityProviderResponse Int
- describeIdentityProviderResponse_identityProvider :: Lens' DescribeIdentityProviderResponse IdentityProviderType
- describeResourceServer_userPoolId :: Lens' DescribeResourceServer Text
- describeResourceServer_identifier :: Lens' DescribeResourceServer Text
- describeResourceServerResponse_httpStatus :: Lens' DescribeResourceServerResponse Int
- describeResourceServerResponse_resourceServer :: Lens' DescribeResourceServerResponse ResourceServerType
- describeRiskConfiguration_clientId :: Lens' DescribeRiskConfiguration (Maybe Text)
- describeRiskConfiguration_userPoolId :: Lens' DescribeRiskConfiguration Text
- describeRiskConfigurationResponse_httpStatus :: Lens' DescribeRiskConfigurationResponse Int
- describeRiskConfigurationResponse_riskConfiguration :: Lens' DescribeRiskConfigurationResponse RiskConfigurationType
- describeUserImportJob_userPoolId :: Lens' DescribeUserImportJob Text
- describeUserImportJob_jobId :: Lens' DescribeUserImportJob Text
- describeUserImportJobResponse_userImportJob :: Lens' DescribeUserImportJobResponse (Maybe UserImportJobType)
- describeUserImportJobResponse_httpStatus :: Lens' DescribeUserImportJobResponse Int
- describeUserPool_userPoolId :: Lens' DescribeUserPool Text
- describeUserPoolResponse_userPool :: Lens' DescribeUserPoolResponse (Maybe UserPoolType)
- describeUserPoolResponse_httpStatus :: Lens' DescribeUserPoolResponse Int
- describeUserPoolClient_userPoolId :: Lens' DescribeUserPoolClient Text
- describeUserPoolClient_clientId :: Lens' DescribeUserPoolClient Text
- describeUserPoolClientResponse_userPoolClient :: Lens' DescribeUserPoolClientResponse (Maybe UserPoolClientType)
- describeUserPoolClientResponse_httpStatus :: Lens' DescribeUserPoolClientResponse Int
- describeUserPoolDomain_domain :: Lens' DescribeUserPoolDomain Text
- describeUserPoolDomainResponse_domainDescription :: Lens' DescribeUserPoolDomainResponse (Maybe DomainDescriptionType)
- describeUserPoolDomainResponse_httpStatus :: Lens' DescribeUserPoolDomainResponse Int
- forgetDevice_accessToken :: Lens' ForgetDevice (Maybe Text)
- forgetDevice_deviceKey :: Lens' ForgetDevice Text
- forgotPassword_analyticsMetadata :: Lens' ForgotPassword (Maybe AnalyticsMetadataType)
- forgotPassword_clientMetadata :: Lens' ForgotPassword (Maybe (HashMap Text Text))
- forgotPassword_secretHash :: Lens' ForgotPassword (Maybe Text)
- forgotPassword_userContextData :: Lens' ForgotPassword (Maybe UserContextDataType)
- forgotPassword_clientId :: Lens' ForgotPassword Text
- forgotPassword_username :: Lens' ForgotPassword Text
- forgotPasswordResponse_codeDeliveryDetails :: Lens' ForgotPasswordResponse (Maybe CodeDeliveryDetailsType)
- forgotPasswordResponse_httpStatus :: Lens' ForgotPasswordResponse Int
- getCSVHeader_userPoolId :: Lens' GetCSVHeader Text
- getCSVHeaderResponse_cSVHeader :: Lens' GetCSVHeaderResponse (Maybe [Text])
- getCSVHeaderResponse_userPoolId :: Lens' GetCSVHeaderResponse (Maybe Text)
- getCSVHeaderResponse_httpStatus :: Lens' GetCSVHeaderResponse Int
- getDevice_accessToken :: Lens' GetDevice (Maybe Text)
- getDevice_deviceKey :: Lens' GetDevice Text
- getDeviceResponse_httpStatus :: Lens' GetDeviceResponse Int
- getDeviceResponse_device :: Lens' GetDeviceResponse DeviceType
- getGroup_groupName :: Lens' GetGroup Text
- getGroup_userPoolId :: Lens' GetGroup Text
- getGroupResponse_group :: Lens' GetGroupResponse (Maybe GroupType)
- getGroupResponse_httpStatus :: Lens' GetGroupResponse Int
- getIdentityProviderByIdentifier_userPoolId :: Lens' GetIdentityProviderByIdentifier Text
- getIdentityProviderByIdentifier_idpIdentifier :: Lens' GetIdentityProviderByIdentifier Text
- getIdentityProviderByIdentifierResponse_httpStatus :: Lens' GetIdentityProviderByIdentifierResponse Int
- getIdentityProviderByIdentifierResponse_identityProvider :: Lens' GetIdentityProviderByIdentifierResponse IdentityProviderType
- getSigningCertificate_userPoolId :: Lens' GetSigningCertificate Text
- getSigningCertificateResponse_certificate :: Lens' GetSigningCertificateResponse (Maybe Text)
- getSigningCertificateResponse_httpStatus :: Lens' GetSigningCertificateResponse Int
- getUICustomization_clientId :: Lens' GetUICustomization (Maybe Text)
- getUICustomization_userPoolId :: Lens' GetUICustomization Text
- getUICustomizationResponse_httpStatus :: Lens' GetUICustomizationResponse Int
- getUICustomizationResponse_uICustomization :: Lens' GetUICustomizationResponse UICustomizationType
- getUser_accessToken :: Lens' GetUser Text
- getUserResponse_mfaOptions :: Lens' GetUserResponse (Maybe [MFAOptionType])
- getUserResponse_preferredMfaSetting :: Lens' GetUserResponse (Maybe Text)
- getUserResponse_userMFASettingList :: Lens' GetUserResponse (Maybe [Text])
- getUserResponse_httpStatus :: Lens' GetUserResponse Int
- getUserResponse_username :: Lens' GetUserResponse Text
- getUserResponse_userAttributes :: Lens' GetUserResponse [AttributeType]
- getUserAttributeVerificationCode_clientMetadata :: Lens' GetUserAttributeVerificationCode (Maybe (HashMap Text Text))
- getUserAttributeVerificationCode_accessToken :: Lens' GetUserAttributeVerificationCode Text
- getUserAttributeVerificationCode_attributeName :: Lens' GetUserAttributeVerificationCode Text
- getUserAttributeVerificationCodeResponse_codeDeliveryDetails :: Lens' GetUserAttributeVerificationCodeResponse (Maybe CodeDeliveryDetailsType)
- getUserAttributeVerificationCodeResponse_httpStatus :: Lens' GetUserAttributeVerificationCodeResponse Int
- getUserPoolMfaConfig_userPoolId :: Lens' GetUserPoolMfaConfig Text
- getUserPoolMfaConfigResponse_mfaConfiguration :: Lens' GetUserPoolMfaConfigResponse (Maybe UserPoolMfaType)
- getUserPoolMfaConfigResponse_smsMfaConfiguration :: Lens' GetUserPoolMfaConfigResponse (Maybe SmsMfaConfigType)
- getUserPoolMfaConfigResponse_softwareTokenMfaConfiguration :: Lens' GetUserPoolMfaConfigResponse (Maybe SoftwareTokenMfaConfigType)
- getUserPoolMfaConfigResponse_httpStatus :: Lens' GetUserPoolMfaConfigResponse Int
- globalSignOut_accessToken :: Lens' GlobalSignOut Text
- globalSignOutResponse_httpStatus :: Lens' GlobalSignOutResponse Int
- initiateAuth_analyticsMetadata :: Lens' InitiateAuth (Maybe AnalyticsMetadataType)
- initiateAuth_authParameters :: Lens' InitiateAuth (Maybe (HashMap Text Text))
- initiateAuth_clientMetadata :: Lens' InitiateAuth (Maybe (HashMap Text Text))
- initiateAuth_userContextData :: Lens' InitiateAuth (Maybe UserContextDataType)
- initiateAuth_authFlow :: Lens' InitiateAuth AuthFlowType
- initiateAuth_clientId :: Lens' InitiateAuth Text
- initiateAuthResponse_authenticationResult :: Lens' InitiateAuthResponse (Maybe AuthenticationResultType)
- initiateAuthResponse_challengeName :: Lens' InitiateAuthResponse (Maybe ChallengeNameType)
- initiateAuthResponse_challengeParameters :: Lens' InitiateAuthResponse (Maybe (HashMap Text Text))
- initiateAuthResponse_session :: Lens' InitiateAuthResponse (Maybe Text)
- initiateAuthResponse_httpStatus :: Lens' InitiateAuthResponse Int
- listDevices_limit :: Lens' ListDevices (Maybe Natural)
- listDevices_paginationToken :: Lens' ListDevices (Maybe Text)
- listDevices_accessToken :: Lens' ListDevices Text
- listDevicesResponse_devices :: Lens' ListDevicesResponse (Maybe [DeviceType])
- listDevicesResponse_paginationToken :: Lens' ListDevicesResponse (Maybe Text)
- listDevicesResponse_httpStatus :: Lens' ListDevicesResponse Int
- listGroups_limit :: Lens' ListGroups (Maybe Natural)
- listGroups_nextToken :: Lens' ListGroups (Maybe Text)
- listGroups_userPoolId :: Lens' ListGroups Text
- listGroupsResponse_groups :: Lens' ListGroupsResponse (Maybe [GroupType])
- listGroupsResponse_nextToken :: Lens' ListGroupsResponse (Maybe Text)
- listGroupsResponse_httpStatus :: Lens' ListGroupsResponse Int
- listIdentityProviders_maxResults :: Lens' ListIdentityProviders (Maybe Natural)
- listIdentityProviders_nextToken :: Lens' ListIdentityProviders (Maybe Text)
- listIdentityProviders_userPoolId :: Lens' ListIdentityProviders Text
- listIdentityProvidersResponse_nextToken :: Lens' ListIdentityProvidersResponse (Maybe Text)
- listIdentityProvidersResponse_httpStatus :: Lens' ListIdentityProvidersResponse Int
- listIdentityProvidersResponse_providers :: Lens' ListIdentityProvidersResponse [ProviderDescription]
- listResourceServers_maxResults :: Lens' ListResourceServers (Maybe Natural)
- listResourceServers_nextToken :: Lens' ListResourceServers (Maybe Text)
- listResourceServers_userPoolId :: Lens' ListResourceServers Text
- listResourceServersResponse_nextToken :: Lens' ListResourceServersResponse (Maybe Text)
- listResourceServersResponse_httpStatus :: Lens' ListResourceServersResponse Int
- listResourceServersResponse_resourceServers :: Lens' ListResourceServersResponse [ResourceServerType]
- listTagsForResource_resourceArn :: Lens' ListTagsForResource Text
- listTagsForResourceResponse_tags :: Lens' ListTagsForResourceResponse (Maybe (HashMap Text Text))
- listTagsForResourceResponse_httpStatus :: Lens' ListTagsForResourceResponse Int
- listUserImportJobs_paginationToken :: Lens' ListUserImportJobs (Maybe Text)
- listUserImportJobs_userPoolId :: Lens' ListUserImportJobs Text
- listUserImportJobs_maxResults :: Lens' ListUserImportJobs Natural
- listUserImportJobsResponse_paginationToken :: Lens' ListUserImportJobsResponse (Maybe Text)
- listUserImportJobsResponse_userImportJobs :: Lens' ListUserImportJobsResponse (Maybe (NonEmpty UserImportJobType))
- listUserImportJobsResponse_httpStatus :: Lens' ListUserImportJobsResponse Int
- listUserPoolClients_maxResults :: Lens' ListUserPoolClients (Maybe Natural)
- listUserPoolClients_nextToken :: Lens' ListUserPoolClients (Maybe Text)
- listUserPoolClients_userPoolId :: Lens' ListUserPoolClients Text
- listUserPoolClientsResponse_nextToken :: Lens' ListUserPoolClientsResponse (Maybe Text)
- listUserPoolClientsResponse_userPoolClients :: Lens' ListUserPoolClientsResponse (Maybe [UserPoolClientDescription])
- listUserPoolClientsResponse_httpStatus :: Lens' ListUserPoolClientsResponse Int
- listUserPools_nextToken :: Lens' ListUserPools (Maybe Text)
- listUserPools_maxResults :: Lens' ListUserPools Natural
- listUserPoolsResponse_nextToken :: Lens' ListUserPoolsResponse (Maybe Text)
- listUserPoolsResponse_userPools :: Lens' ListUserPoolsResponse (Maybe [UserPoolDescriptionType])
- listUserPoolsResponse_httpStatus :: Lens' ListUserPoolsResponse Int
- listUsers_attributesToGet :: Lens' ListUsers (Maybe [Text])
- listUsers_filter :: Lens' ListUsers (Maybe Text)
- listUsers_limit :: Lens' ListUsers (Maybe Natural)
- listUsers_paginationToken :: Lens' ListUsers (Maybe Text)
- listUsers_userPoolId :: Lens' ListUsers Text
- listUsersResponse_paginationToken :: Lens' ListUsersResponse (Maybe Text)
- listUsersResponse_users :: Lens' ListUsersResponse (Maybe [UserType])
- listUsersResponse_httpStatus :: Lens' ListUsersResponse Int
- listUsersInGroup_limit :: Lens' ListUsersInGroup (Maybe Natural)
- listUsersInGroup_nextToken :: Lens' ListUsersInGroup (Maybe Text)
- listUsersInGroup_userPoolId :: Lens' ListUsersInGroup Text
- listUsersInGroup_groupName :: Lens' ListUsersInGroup Text
- listUsersInGroupResponse_nextToken :: Lens' ListUsersInGroupResponse (Maybe Text)
- listUsersInGroupResponse_users :: Lens' ListUsersInGroupResponse (Maybe [UserType])
- listUsersInGroupResponse_httpStatus :: Lens' ListUsersInGroupResponse Int
- resendConfirmationCode_analyticsMetadata :: Lens' ResendConfirmationCode (Maybe AnalyticsMetadataType)
- resendConfirmationCode_clientMetadata :: Lens' ResendConfirmationCode (Maybe (HashMap Text Text))
- resendConfirmationCode_secretHash :: Lens' ResendConfirmationCode (Maybe Text)
- resendConfirmationCode_userContextData :: Lens' ResendConfirmationCode (Maybe UserContextDataType)
- resendConfirmationCode_clientId :: Lens' ResendConfirmationCode Text
- resendConfirmationCode_username :: Lens' ResendConfirmationCode Text
- resendConfirmationCodeResponse_codeDeliveryDetails :: Lens' ResendConfirmationCodeResponse (Maybe CodeDeliveryDetailsType)
- resendConfirmationCodeResponse_httpStatus :: Lens' ResendConfirmationCodeResponse Int
- respondToAuthChallenge_analyticsMetadata :: Lens' RespondToAuthChallenge (Maybe AnalyticsMetadataType)
- respondToAuthChallenge_challengeResponses :: Lens' RespondToAuthChallenge (Maybe (HashMap Text Text))
- respondToAuthChallenge_clientMetadata :: Lens' RespondToAuthChallenge (Maybe (HashMap Text Text))
- respondToAuthChallenge_session :: Lens' RespondToAuthChallenge (Maybe Text)
- respondToAuthChallenge_userContextData :: Lens' RespondToAuthChallenge (Maybe UserContextDataType)
- respondToAuthChallenge_clientId :: Lens' RespondToAuthChallenge Text
- respondToAuthChallenge_challengeName :: Lens' RespondToAuthChallenge ChallengeNameType
- respondToAuthChallengeResponse_authenticationResult :: Lens' RespondToAuthChallengeResponse (Maybe AuthenticationResultType)
- respondToAuthChallengeResponse_challengeName :: Lens' RespondToAuthChallengeResponse (Maybe ChallengeNameType)
- respondToAuthChallengeResponse_challengeParameters :: Lens' RespondToAuthChallengeResponse (Maybe (HashMap Text Text))
- respondToAuthChallengeResponse_session :: Lens' RespondToAuthChallengeResponse (Maybe Text)
- respondToAuthChallengeResponse_httpStatus :: Lens' RespondToAuthChallengeResponse Int
- revokeToken_clientSecret :: Lens' RevokeToken (Maybe Text)
- revokeToken_token :: Lens' RevokeToken Text
- revokeToken_clientId :: Lens' RevokeToken Text
- revokeTokenResponse_httpStatus :: Lens' RevokeTokenResponse Int
- setRiskConfiguration_accountTakeoverRiskConfiguration :: Lens' SetRiskConfiguration (Maybe AccountTakeoverRiskConfigurationType)
- setRiskConfiguration_clientId :: Lens' SetRiskConfiguration (Maybe Text)
- setRiskConfiguration_compromisedCredentialsRiskConfiguration :: Lens' SetRiskConfiguration (Maybe CompromisedCredentialsRiskConfigurationType)
- setRiskConfiguration_riskExceptionConfiguration :: Lens' SetRiskConfiguration (Maybe RiskExceptionConfigurationType)
- setRiskConfiguration_userPoolId :: Lens' SetRiskConfiguration Text
- setRiskConfigurationResponse_httpStatus :: Lens' SetRiskConfigurationResponse Int
- setRiskConfigurationResponse_riskConfiguration :: Lens' SetRiskConfigurationResponse RiskConfigurationType
- setUICustomization_css :: Lens' SetUICustomization (Maybe Text)
- setUICustomization_clientId :: Lens' SetUICustomization (Maybe Text)
- setUICustomization_imageFile :: Lens' SetUICustomization (Maybe ByteString)
- setUICustomization_userPoolId :: Lens' SetUICustomization Text
- setUICustomizationResponse_httpStatus :: Lens' SetUICustomizationResponse Int
- setUICustomizationResponse_uICustomization :: Lens' SetUICustomizationResponse UICustomizationType
- setUserMFAPreference_sMSMfaSettings :: Lens' SetUserMFAPreference (Maybe SMSMfaSettingsType)
- setUserMFAPreference_softwareTokenMfaSettings :: Lens' SetUserMFAPreference (Maybe SoftwareTokenMfaSettingsType)
- setUserMFAPreference_accessToken :: Lens' SetUserMFAPreference Text
- setUserMFAPreferenceResponse_httpStatus :: Lens' SetUserMFAPreferenceResponse Int
- setUserPoolMfaConfig_mfaConfiguration :: Lens' SetUserPoolMfaConfig (Maybe UserPoolMfaType)
- setUserPoolMfaConfig_smsMfaConfiguration :: Lens' SetUserPoolMfaConfig (Maybe SmsMfaConfigType)
- setUserPoolMfaConfig_softwareTokenMfaConfiguration :: Lens' SetUserPoolMfaConfig (Maybe SoftwareTokenMfaConfigType)
- setUserPoolMfaConfig_userPoolId :: Lens' SetUserPoolMfaConfig Text
- setUserPoolMfaConfigResponse_mfaConfiguration :: Lens' SetUserPoolMfaConfigResponse (Maybe UserPoolMfaType)
- setUserPoolMfaConfigResponse_smsMfaConfiguration :: Lens' SetUserPoolMfaConfigResponse (Maybe SmsMfaConfigType)
- setUserPoolMfaConfigResponse_softwareTokenMfaConfiguration :: Lens' SetUserPoolMfaConfigResponse (Maybe SoftwareTokenMfaConfigType)
- setUserPoolMfaConfigResponse_httpStatus :: Lens' SetUserPoolMfaConfigResponse Int
- setUserSettings_accessToken :: Lens' SetUserSettings Text
- setUserSettings_mfaOptions :: Lens' SetUserSettings [MFAOptionType]
- setUserSettingsResponse_httpStatus :: Lens' SetUserSettingsResponse Int
- signUp_analyticsMetadata :: Lens' SignUp (Maybe AnalyticsMetadataType)
- signUp_clientMetadata :: Lens' SignUp (Maybe (HashMap Text Text))
- signUp_secretHash :: Lens' SignUp (Maybe Text)
- signUp_userAttributes :: Lens' SignUp (Maybe [AttributeType])
- signUp_userContextData :: Lens' SignUp (Maybe UserContextDataType)
- signUp_validationData :: Lens' SignUp (Maybe [AttributeType])
- signUp_clientId :: Lens' SignUp Text
- signUp_username :: Lens' SignUp Text
- signUp_password :: Lens' SignUp Text
- signUpResponse_codeDeliveryDetails :: Lens' SignUpResponse (Maybe CodeDeliveryDetailsType)
- signUpResponse_httpStatus :: Lens' SignUpResponse Int
- signUpResponse_userConfirmed :: Lens' SignUpResponse Bool
- signUpResponse_userSub :: Lens' SignUpResponse Text
- startUserImportJob_userPoolId :: Lens' StartUserImportJob Text
- startUserImportJob_jobId :: Lens' StartUserImportJob Text
- startUserImportJobResponse_userImportJob :: Lens' StartUserImportJobResponse (Maybe UserImportJobType)
- startUserImportJobResponse_httpStatus :: Lens' StartUserImportJobResponse Int
- stopUserImportJob_userPoolId :: Lens' StopUserImportJob Text
- stopUserImportJob_jobId :: Lens' StopUserImportJob Text
- stopUserImportJobResponse_userImportJob :: Lens' StopUserImportJobResponse (Maybe UserImportJobType)
- stopUserImportJobResponse_httpStatus :: Lens' StopUserImportJobResponse Int
- tagResource_resourceArn :: Lens' TagResource Text
- tagResource_tags :: Lens' TagResource (HashMap Text Text)
- tagResourceResponse_httpStatus :: Lens' TagResourceResponse Int
- untagResource_resourceArn :: Lens' UntagResource Text
- untagResource_tagKeys :: Lens' UntagResource [Text]
- untagResourceResponse_httpStatus :: Lens' UntagResourceResponse Int
- updateAuthEventFeedback_userPoolId :: Lens' UpdateAuthEventFeedback Text
- updateAuthEventFeedback_username :: Lens' UpdateAuthEventFeedback Text
- updateAuthEventFeedback_eventId :: Lens' UpdateAuthEventFeedback Text
- updateAuthEventFeedback_feedbackToken :: Lens' UpdateAuthEventFeedback Text
- updateAuthEventFeedback_feedbackValue :: Lens' UpdateAuthEventFeedback FeedbackValueType
- updateAuthEventFeedbackResponse_httpStatus :: Lens' UpdateAuthEventFeedbackResponse Int
- updateDeviceStatus_deviceRememberedStatus :: Lens' UpdateDeviceStatus (Maybe DeviceRememberedStatusType)
- updateDeviceStatus_accessToken :: Lens' UpdateDeviceStatus Text
- updateDeviceStatus_deviceKey :: Lens' UpdateDeviceStatus Text
- updateDeviceStatusResponse_httpStatus :: Lens' UpdateDeviceStatusResponse Int
- updateGroup_description :: Lens' UpdateGroup (Maybe Text)
- updateGroup_precedence :: Lens' UpdateGroup (Maybe Natural)
- updateGroup_roleArn :: Lens' UpdateGroup (Maybe Text)
- updateGroup_groupName :: Lens' UpdateGroup Text
- updateGroup_userPoolId :: Lens' UpdateGroup Text
- updateGroupResponse_group :: Lens' UpdateGroupResponse (Maybe GroupType)
- updateGroupResponse_httpStatus :: Lens' UpdateGroupResponse Int
- updateIdentityProvider_attributeMapping :: Lens' UpdateIdentityProvider (Maybe (HashMap Text Text))
- updateIdentityProvider_idpIdentifiers :: Lens' UpdateIdentityProvider (Maybe [Text])
- updateIdentityProvider_providerDetails :: Lens' UpdateIdentityProvider (Maybe (HashMap Text Text))
- updateIdentityProvider_userPoolId :: Lens' UpdateIdentityProvider Text
- updateIdentityProvider_providerName :: Lens' UpdateIdentityProvider Text
- updateIdentityProviderResponse_httpStatus :: Lens' UpdateIdentityProviderResponse Int
- updateIdentityProviderResponse_identityProvider :: Lens' UpdateIdentityProviderResponse IdentityProviderType
- updateResourceServer_scopes :: Lens' UpdateResourceServer (Maybe [ResourceServerScopeType])
- updateResourceServer_userPoolId :: Lens' UpdateResourceServer Text
- updateResourceServer_identifier :: Lens' UpdateResourceServer Text
- updateResourceServer_name :: Lens' UpdateResourceServer Text
- updateResourceServerResponse_httpStatus :: Lens' UpdateResourceServerResponse Int
- updateResourceServerResponse_resourceServer :: Lens' UpdateResourceServerResponse ResourceServerType
- updateUserAttributes_clientMetadata :: Lens' UpdateUserAttributes (Maybe (HashMap Text Text))
- updateUserAttributes_userAttributes :: Lens' UpdateUserAttributes [AttributeType]
- updateUserAttributes_accessToken :: Lens' UpdateUserAttributes Text
- updateUserAttributesResponse_codeDeliveryDetailsList :: Lens' UpdateUserAttributesResponse (Maybe [CodeDeliveryDetailsType])
- updateUserAttributesResponse_httpStatus :: Lens' UpdateUserAttributesResponse Int
- updateUserPool_accountRecoverySetting :: Lens' UpdateUserPool (Maybe AccountRecoverySettingType)
- updateUserPool_adminCreateUserConfig :: Lens' UpdateUserPool (Maybe AdminCreateUserConfigType)
- updateUserPool_autoVerifiedAttributes :: Lens' UpdateUserPool (Maybe [VerifiedAttributeType])
- updateUserPool_deletionProtection :: Lens' UpdateUserPool (Maybe DeletionProtectionType)
- updateUserPool_deviceConfiguration :: Lens' UpdateUserPool (Maybe DeviceConfigurationType)
- updateUserPool_emailConfiguration :: Lens' UpdateUserPool (Maybe EmailConfigurationType)
- updateUserPool_emailVerificationMessage :: Lens' UpdateUserPool (Maybe Text)
- updateUserPool_emailVerificationSubject :: Lens' UpdateUserPool (Maybe Text)
- updateUserPool_lambdaConfig :: Lens' UpdateUserPool (Maybe LambdaConfigType)
- updateUserPool_mfaConfiguration :: Lens' UpdateUserPool (Maybe UserPoolMfaType)
- updateUserPool_policies :: Lens' UpdateUserPool (Maybe UserPoolPolicyType)
- updateUserPool_smsAuthenticationMessage :: Lens' UpdateUserPool (Maybe Text)
- updateUserPool_smsConfiguration :: Lens' UpdateUserPool (Maybe SmsConfigurationType)
- updateUserPool_smsVerificationMessage :: Lens' UpdateUserPool (Maybe Text)
- updateUserPool_userAttributeUpdateSettings :: Lens' UpdateUserPool (Maybe UserAttributeUpdateSettingsType)
- updateUserPool_userPoolAddOns :: Lens' UpdateUserPool (Maybe UserPoolAddOnsType)
- updateUserPool_userPoolTags :: Lens' UpdateUserPool (Maybe (HashMap Text Text))
- updateUserPool_verificationMessageTemplate :: Lens' UpdateUserPool (Maybe VerificationMessageTemplateType)
- updateUserPool_userPoolId :: Lens' UpdateUserPool Text
- updateUserPoolResponse_httpStatus :: Lens' UpdateUserPoolResponse Int
- updateUserPoolClient_accessTokenValidity :: Lens' UpdateUserPoolClient (Maybe Natural)
- updateUserPoolClient_allowedOAuthFlows :: Lens' UpdateUserPoolClient (Maybe [OAuthFlowType])
- updateUserPoolClient_allowedOAuthFlowsUserPoolClient :: Lens' UpdateUserPoolClient (Maybe Bool)
- updateUserPoolClient_allowedOAuthScopes :: Lens' UpdateUserPoolClient (Maybe [Text])
- updateUserPoolClient_analyticsConfiguration :: Lens' UpdateUserPoolClient (Maybe AnalyticsConfigurationType)
- updateUserPoolClient_authSessionValidity :: Lens' UpdateUserPoolClient (Maybe Natural)
- updateUserPoolClient_callbackURLs :: Lens' UpdateUserPoolClient (Maybe [Text])
- updateUserPoolClient_clientName :: Lens' UpdateUserPoolClient (Maybe Text)
- updateUserPoolClient_defaultRedirectURI :: Lens' UpdateUserPoolClient (Maybe Text)
- updateUserPoolClient_enablePropagateAdditionalUserContextData :: Lens' UpdateUserPoolClient (Maybe Bool)
- updateUserPoolClient_enableTokenRevocation :: Lens' UpdateUserPoolClient (Maybe Bool)
- updateUserPoolClient_explicitAuthFlows :: Lens' UpdateUserPoolClient (Maybe [ExplicitAuthFlowsType])
- updateUserPoolClient_idTokenValidity :: Lens' UpdateUserPoolClient (Maybe Natural)
- updateUserPoolClient_logoutURLs :: Lens' UpdateUserPoolClient (Maybe [Text])
- updateUserPoolClient_preventUserExistenceErrors :: Lens' UpdateUserPoolClient (Maybe PreventUserExistenceErrorTypes)
- updateUserPoolClient_readAttributes :: Lens' UpdateUserPoolClient (Maybe [Text])
- updateUserPoolClient_refreshTokenValidity :: Lens' UpdateUserPoolClient (Maybe Natural)
- updateUserPoolClient_supportedIdentityProviders :: Lens' UpdateUserPoolClient (Maybe [Text])
- updateUserPoolClient_tokenValidityUnits :: Lens' UpdateUserPoolClient (Maybe TokenValidityUnitsType)
- updateUserPoolClient_writeAttributes :: Lens' UpdateUserPoolClient (Maybe [Text])
- updateUserPoolClient_userPoolId :: Lens' UpdateUserPoolClient Text
- updateUserPoolClient_clientId :: Lens' UpdateUserPoolClient Text
- updateUserPoolClientResponse_userPoolClient :: Lens' UpdateUserPoolClientResponse (Maybe UserPoolClientType)
- updateUserPoolClientResponse_httpStatus :: Lens' UpdateUserPoolClientResponse Int
- updateUserPoolDomain_domain :: Lens' UpdateUserPoolDomain Text
- updateUserPoolDomain_userPoolId :: Lens' UpdateUserPoolDomain Text
- updateUserPoolDomain_customDomainConfig :: Lens' UpdateUserPoolDomain CustomDomainConfigType
- updateUserPoolDomainResponse_cloudFrontDomain :: Lens' UpdateUserPoolDomainResponse (Maybe Text)
- updateUserPoolDomainResponse_httpStatus :: Lens' UpdateUserPoolDomainResponse Int
- verifySoftwareToken_accessToken :: Lens' VerifySoftwareToken (Maybe Text)
- verifySoftwareToken_friendlyDeviceName :: Lens' VerifySoftwareToken (Maybe Text)
- verifySoftwareToken_session :: Lens' VerifySoftwareToken (Maybe Text)
- verifySoftwareToken_userCode :: Lens' VerifySoftwareToken Text
- verifySoftwareTokenResponse_session :: Lens' VerifySoftwareTokenResponse (Maybe Text)
- verifySoftwareTokenResponse_status :: Lens' VerifySoftwareTokenResponse (Maybe VerifySoftwareTokenResponseType)
- verifySoftwareTokenResponse_httpStatus :: Lens' VerifySoftwareTokenResponse Int
- verifyUserAttribute_accessToken :: Lens' VerifyUserAttribute Text
- verifyUserAttribute_attributeName :: Lens' VerifyUserAttribute Text
- verifyUserAttribute_code :: Lens' VerifyUserAttribute Text
- verifyUserAttributeResponse_httpStatus :: Lens' VerifyUserAttributeResponse Int
- accountRecoverySettingType_recoveryMechanisms :: Lens' AccountRecoverySettingType (Maybe (NonEmpty RecoveryOptionType))
- accountTakeoverActionType_notify :: Lens' AccountTakeoverActionType Bool
- accountTakeoverActionType_eventAction :: Lens' AccountTakeoverActionType AccountTakeoverEventActionType
- accountTakeoverActionsType_highAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType)
- accountTakeoverActionsType_lowAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType)
- accountTakeoverActionsType_mediumAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType)
- accountTakeoverRiskConfigurationType_notifyConfiguration :: Lens' AccountTakeoverRiskConfigurationType (Maybe NotifyConfigurationType)
- accountTakeoverRiskConfigurationType_actions :: Lens' AccountTakeoverRiskConfigurationType AccountTakeoverActionsType
- adminCreateUserConfigType_allowAdminCreateUserOnly :: Lens' AdminCreateUserConfigType (Maybe Bool)
- adminCreateUserConfigType_inviteMessageTemplate :: Lens' AdminCreateUserConfigType (Maybe MessageTemplateType)
- adminCreateUserConfigType_unusedAccountValidityDays :: Lens' AdminCreateUserConfigType (Maybe Natural)
- analyticsConfigurationType_applicationArn :: Lens' AnalyticsConfigurationType (Maybe Text)
- analyticsConfigurationType_applicationId :: Lens' AnalyticsConfigurationType (Maybe Text)
- analyticsConfigurationType_externalId :: Lens' AnalyticsConfigurationType (Maybe Text)
- analyticsConfigurationType_roleArn :: Lens' AnalyticsConfigurationType (Maybe Text)
- analyticsConfigurationType_userDataShared :: Lens' AnalyticsConfigurationType (Maybe Bool)
- analyticsMetadataType_analyticsEndpointId :: Lens' AnalyticsMetadataType (Maybe Text)
- attributeType_value :: Lens' AttributeType (Maybe Text)
- attributeType_name :: Lens' AttributeType Text
- authEventType_challengeResponses :: Lens' AuthEventType (Maybe [ChallengeResponseType])
- authEventType_creationDate :: Lens' AuthEventType (Maybe UTCTime)
- authEventType_eventContextData :: Lens' AuthEventType (Maybe EventContextDataType)
- authEventType_eventFeedback :: Lens' AuthEventType (Maybe EventFeedbackType)
- authEventType_eventId :: Lens' AuthEventType (Maybe Text)
- authEventType_eventResponse :: Lens' AuthEventType (Maybe EventResponseType)
- authEventType_eventRisk :: Lens' AuthEventType (Maybe EventRiskType)
- authEventType_eventType :: Lens' AuthEventType (Maybe EventType)
- authenticationResultType_accessToken :: Lens' AuthenticationResultType (Maybe Text)
- authenticationResultType_expiresIn :: Lens' AuthenticationResultType (Maybe Int)
- authenticationResultType_idToken :: Lens' AuthenticationResultType (Maybe Text)
- authenticationResultType_newDeviceMetadata :: Lens' AuthenticationResultType (Maybe NewDeviceMetadataType)
- authenticationResultType_refreshToken :: Lens' AuthenticationResultType (Maybe Text)
- authenticationResultType_tokenType :: Lens' AuthenticationResultType (Maybe Text)
- challengeResponseType_challengeName :: Lens' ChallengeResponseType (Maybe ChallengeName)
- challengeResponseType_challengeResponse :: Lens' ChallengeResponseType (Maybe ChallengeResponse)
- codeDeliveryDetailsType_attributeName :: Lens' CodeDeliveryDetailsType (Maybe Text)
- codeDeliveryDetailsType_deliveryMedium :: Lens' CodeDeliveryDetailsType (Maybe DeliveryMediumType)
- codeDeliveryDetailsType_destination :: Lens' CodeDeliveryDetailsType (Maybe Text)
- compromisedCredentialsActionsType_eventAction :: Lens' CompromisedCredentialsActionsType CompromisedCredentialsEventActionType
- compromisedCredentialsRiskConfigurationType_eventFilter :: Lens' CompromisedCredentialsRiskConfigurationType (Maybe [EventFilterType])
- compromisedCredentialsRiskConfigurationType_actions :: Lens' CompromisedCredentialsRiskConfigurationType CompromisedCredentialsActionsType
- contextDataType_encodedData :: Lens' ContextDataType (Maybe Text)
- contextDataType_ipAddress :: Lens' ContextDataType Text
- contextDataType_serverName :: Lens' ContextDataType Text
- contextDataType_serverPath :: Lens' ContextDataType Text
- contextDataType_httpHeaders :: Lens' ContextDataType [HttpHeader]
- customDomainConfigType_certificateArn :: Lens' CustomDomainConfigType Text
- customEmailLambdaVersionConfigType_lambdaVersion :: Lens' CustomEmailLambdaVersionConfigType CustomEmailSenderLambdaVersionType
- customEmailLambdaVersionConfigType_lambdaArn :: Lens' CustomEmailLambdaVersionConfigType Text
- customSMSLambdaVersionConfigType_lambdaVersion :: Lens' CustomSMSLambdaVersionConfigType CustomSMSSenderLambdaVersionType
- customSMSLambdaVersionConfigType_lambdaArn :: Lens' CustomSMSLambdaVersionConfigType Text
- deviceConfigurationType_challengeRequiredOnNewDevice :: Lens' DeviceConfigurationType (Maybe Bool)
- deviceConfigurationType_deviceOnlyRememberedOnUserPrompt :: Lens' DeviceConfigurationType (Maybe Bool)
- deviceSecretVerifierConfigType_passwordVerifier :: Lens' DeviceSecretVerifierConfigType (Maybe Text)
- deviceSecretVerifierConfigType_salt :: Lens' DeviceSecretVerifierConfigType (Maybe Text)
- deviceType_deviceAttributes :: Lens' DeviceType (Maybe [AttributeType])
- deviceType_deviceCreateDate :: Lens' DeviceType (Maybe UTCTime)
- deviceType_deviceKey :: Lens' DeviceType (Maybe Text)
- deviceType_deviceLastAuthenticatedDate :: Lens' DeviceType (Maybe UTCTime)
- deviceType_deviceLastModifiedDate :: Lens' DeviceType (Maybe UTCTime)
- domainDescriptionType_aWSAccountId :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_cloudFrontDistribution :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_customDomainConfig :: Lens' DomainDescriptionType (Maybe CustomDomainConfigType)
- domainDescriptionType_domain :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_s3Bucket :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_status :: Lens' DomainDescriptionType (Maybe DomainStatusType)
- domainDescriptionType_userPoolId :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_version :: Lens' DomainDescriptionType (Maybe Text)
- emailConfigurationType_configurationSet :: Lens' EmailConfigurationType (Maybe Text)
- emailConfigurationType_emailSendingAccount :: Lens' EmailConfigurationType (Maybe EmailSendingAccountType)
- emailConfigurationType_from :: Lens' EmailConfigurationType (Maybe Text)
- emailConfigurationType_replyToEmailAddress :: Lens' EmailConfigurationType (Maybe Text)
- emailConfigurationType_sourceArn :: Lens' EmailConfigurationType (Maybe Text)
- eventContextDataType_city :: Lens' EventContextDataType (Maybe Text)
- eventContextDataType_country :: Lens' EventContextDataType (Maybe Text)
- eventContextDataType_deviceName :: Lens' EventContextDataType (Maybe Text)
- eventContextDataType_ipAddress :: Lens' EventContextDataType (Maybe Text)
- eventContextDataType_timezone :: Lens' EventContextDataType (Maybe Text)
- eventFeedbackType_feedbackDate :: Lens' EventFeedbackType (Maybe UTCTime)
- eventFeedbackType_feedbackValue :: Lens' EventFeedbackType FeedbackValueType
- eventFeedbackType_provider :: Lens' EventFeedbackType Text
- eventRiskType_compromisedCredentialsDetected :: Lens' EventRiskType (Maybe Bool)
- eventRiskType_riskDecision :: Lens' EventRiskType (Maybe RiskDecisionType)
- eventRiskType_riskLevel :: Lens' EventRiskType (Maybe RiskLevelType)
- groupType_creationDate :: Lens' GroupType (Maybe UTCTime)
- groupType_description :: Lens' GroupType (Maybe Text)
- groupType_groupName :: Lens' GroupType (Maybe Text)
- groupType_lastModifiedDate :: Lens' GroupType (Maybe UTCTime)
- groupType_precedence :: Lens' GroupType (Maybe Natural)
- groupType_roleArn :: Lens' GroupType (Maybe Text)
- groupType_userPoolId :: Lens' GroupType (Maybe Text)
- httpHeader_headerName :: Lens' HttpHeader (Maybe Text)
- httpHeader_headerValue :: Lens' HttpHeader (Maybe Text)
- identityProviderType_attributeMapping :: Lens' IdentityProviderType (Maybe (HashMap Text Text))
- identityProviderType_creationDate :: Lens' IdentityProviderType (Maybe UTCTime)
- identityProviderType_idpIdentifiers :: Lens' IdentityProviderType (Maybe [Text])
- identityProviderType_lastModifiedDate :: Lens' IdentityProviderType (Maybe UTCTime)
- identityProviderType_providerDetails :: Lens' IdentityProviderType (Maybe (HashMap Text Text))
- identityProviderType_providerName :: Lens' IdentityProviderType (Maybe Text)
- identityProviderType_providerType :: Lens' IdentityProviderType (Maybe IdentityProviderTypeType)
- identityProviderType_userPoolId :: Lens' IdentityProviderType (Maybe Text)
- lambdaConfigType_createAuthChallenge :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_customEmailSender :: Lens' LambdaConfigType (Maybe CustomEmailLambdaVersionConfigType)
- lambdaConfigType_customMessage :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_customSMSSender :: Lens' LambdaConfigType (Maybe CustomSMSLambdaVersionConfigType)
- lambdaConfigType_defineAuthChallenge :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_kmsKeyID :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_postAuthentication :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_postConfirmation :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_preAuthentication :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_preSignUp :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_preTokenGeneration :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_userMigration :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_verifyAuthChallengeResponse :: Lens' LambdaConfigType (Maybe Text)
- mfaOptionType_attributeName :: Lens' MFAOptionType (Maybe Text)
- mfaOptionType_deliveryMedium :: Lens' MFAOptionType (Maybe DeliveryMediumType)
- messageTemplateType_emailMessage :: Lens' MessageTemplateType (Maybe Text)
- messageTemplateType_emailSubject :: Lens' MessageTemplateType (Maybe Text)
- messageTemplateType_sMSMessage :: Lens' MessageTemplateType (Maybe Text)
- newDeviceMetadataType_deviceGroupKey :: Lens' NewDeviceMetadataType (Maybe Text)
- newDeviceMetadataType_deviceKey :: Lens' NewDeviceMetadataType (Maybe Text)
- notifyConfigurationType_blockEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType)
- notifyConfigurationType_from :: Lens' NotifyConfigurationType (Maybe Text)
- notifyConfigurationType_mfaEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType)
- notifyConfigurationType_noActionEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType)
- notifyConfigurationType_replyTo :: Lens' NotifyConfigurationType (Maybe Text)
- notifyConfigurationType_sourceArn :: Lens' NotifyConfigurationType Text
- notifyEmailType_htmlBody :: Lens' NotifyEmailType (Maybe Text)
- notifyEmailType_textBody :: Lens' NotifyEmailType (Maybe Text)
- notifyEmailType_subject :: Lens' NotifyEmailType Text
- numberAttributeConstraintsType_maxValue :: Lens' NumberAttributeConstraintsType (Maybe Text)
- numberAttributeConstraintsType_minValue :: Lens' NumberAttributeConstraintsType (Maybe Text)
- passwordPolicyType_minimumLength :: Lens' PasswordPolicyType (Maybe Natural)
- passwordPolicyType_requireLowercase :: Lens' PasswordPolicyType (Maybe Bool)
- passwordPolicyType_requireNumbers :: Lens' PasswordPolicyType (Maybe Bool)
- passwordPolicyType_requireSymbols :: Lens' PasswordPolicyType (Maybe Bool)
- passwordPolicyType_requireUppercase :: Lens' PasswordPolicyType (Maybe Bool)
- passwordPolicyType_temporaryPasswordValidityDays :: Lens' PasswordPolicyType (Maybe Natural)
- providerDescription_creationDate :: Lens' ProviderDescription (Maybe UTCTime)
- providerDescription_lastModifiedDate :: Lens' ProviderDescription (Maybe UTCTime)
- providerDescription_providerName :: Lens' ProviderDescription (Maybe Text)
- providerDescription_providerType :: Lens' ProviderDescription (Maybe IdentityProviderTypeType)
- providerUserIdentifierType_providerAttributeName :: Lens' ProviderUserIdentifierType (Maybe Text)
- providerUserIdentifierType_providerAttributeValue :: Lens' ProviderUserIdentifierType (Maybe Text)
- providerUserIdentifierType_providerName :: Lens' ProviderUserIdentifierType (Maybe Text)
- recoveryOptionType_priority :: Lens' RecoveryOptionType Natural
- recoveryOptionType_name :: Lens' RecoveryOptionType RecoveryOptionNameType
- resourceServerScopeType_scopeName :: Lens' ResourceServerScopeType Text
- resourceServerScopeType_scopeDescription :: Lens' ResourceServerScopeType Text
- resourceServerType_identifier :: Lens' ResourceServerType (Maybe Text)
- resourceServerType_name :: Lens' ResourceServerType (Maybe Text)
- resourceServerType_scopes :: Lens' ResourceServerType (Maybe [ResourceServerScopeType])
- resourceServerType_userPoolId :: Lens' ResourceServerType (Maybe Text)
- riskConfigurationType_accountTakeoverRiskConfiguration :: Lens' RiskConfigurationType (Maybe AccountTakeoverRiskConfigurationType)
- riskConfigurationType_clientId :: Lens' RiskConfigurationType (Maybe Text)
- riskConfigurationType_compromisedCredentialsRiskConfiguration :: Lens' RiskConfigurationType (Maybe CompromisedCredentialsRiskConfigurationType)
- riskConfigurationType_lastModifiedDate :: Lens' RiskConfigurationType (Maybe UTCTime)
- riskConfigurationType_riskExceptionConfiguration :: Lens' RiskConfigurationType (Maybe RiskExceptionConfigurationType)
- riskConfigurationType_userPoolId :: Lens' RiskConfigurationType (Maybe Text)
- riskExceptionConfigurationType_blockedIPRangeList :: Lens' RiskExceptionConfigurationType (Maybe [Text])
- riskExceptionConfigurationType_skippedIPRangeList :: Lens' RiskExceptionConfigurationType (Maybe [Text])
- sMSMfaSettingsType_enabled :: Lens' SMSMfaSettingsType (Maybe Bool)
- sMSMfaSettingsType_preferredMfa :: Lens' SMSMfaSettingsType (Maybe Bool)
- schemaAttributeType_attributeDataType :: Lens' SchemaAttributeType (Maybe AttributeDataType)
- schemaAttributeType_developerOnlyAttribute :: Lens' SchemaAttributeType (Maybe Bool)
- schemaAttributeType_mutable :: Lens' SchemaAttributeType (Maybe Bool)
- schemaAttributeType_name :: Lens' SchemaAttributeType (Maybe Text)
- schemaAttributeType_numberAttributeConstraints :: Lens' SchemaAttributeType (Maybe NumberAttributeConstraintsType)
- schemaAttributeType_required :: Lens' SchemaAttributeType (Maybe Bool)
- schemaAttributeType_stringAttributeConstraints :: Lens' SchemaAttributeType (Maybe StringAttributeConstraintsType)
- smsConfigurationType_externalId :: Lens' SmsConfigurationType (Maybe Text)
- smsConfigurationType_snsRegion :: Lens' SmsConfigurationType (Maybe Text)
- smsConfigurationType_snsCallerArn :: Lens' SmsConfigurationType Text
- smsMfaConfigType_smsAuthenticationMessage :: Lens' SmsMfaConfigType (Maybe Text)
- smsMfaConfigType_smsConfiguration :: Lens' SmsMfaConfigType (Maybe SmsConfigurationType)
- softwareTokenMfaConfigType_enabled :: Lens' SoftwareTokenMfaConfigType (Maybe Bool)
- softwareTokenMfaSettingsType_enabled :: Lens' SoftwareTokenMfaSettingsType (Maybe Bool)
- softwareTokenMfaSettingsType_preferredMfa :: Lens' SoftwareTokenMfaSettingsType (Maybe Bool)
- stringAttributeConstraintsType_maxLength :: Lens' StringAttributeConstraintsType (Maybe Text)
- stringAttributeConstraintsType_minLength :: Lens' StringAttributeConstraintsType (Maybe Text)
- tokenValidityUnitsType_accessToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType)
- tokenValidityUnitsType_idToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType)
- tokenValidityUnitsType_refreshToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType)
- uICustomizationType_css :: Lens' UICustomizationType (Maybe Text)
- uICustomizationType_cSSVersion :: Lens' UICustomizationType (Maybe Text)
- uICustomizationType_clientId :: Lens' UICustomizationType (Maybe Text)
- uICustomizationType_creationDate :: Lens' UICustomizationType (Maybe UTCTime)
- uICustomizationType_imageUrl :: Lens' UICustomizationType (Maybe Text)
- uICustomizationType_lastModifiedDate :: Lens' UICustomizationType (Maybe UTCTime)
- uICustomizationType_userPoolId :: Lens' UICustomizationType (Maybe Text)
- userAttributeUpdateSettingsType_attributesRequireVerificationBeforeUpdate :: Lens' UserAttributeUpdateSettingsType (Maybe [VerifiedAttributeType])
- userContextDataType_encodedData :: Lens' UserContextDataType (Maybe Text)
- userContextDataType_ipAddress :: Lens' UserContextDataType (Maybe Text)
- userImportJobType_cloudWatchLogsRoleArn :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_completionDate :: Lens' UserImportJobType (Maybe UTCTime)
- userImportJobType_completionMessage :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_creationDate :: Lens' UserImportJobType (Maybe UTCTime)
- userImportJobType_failedUsers :: Lens' UserImportJobType (Maybe Integer)
- userImportJobType_importedUsers :: Lens' UserImportJobType (Maybe Integer)
- userImportJobType_jobId :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_jobName :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_preSignedUrl :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_skippedUsers :: Lens' UserImportJobType (Maybe Integer)
- userImportJobType_startDate :: Lens' UserImportJobType (Maybe UTCTime)
- userImportJobType_status :: Lens' UserImportJobType (Maybe UserImportJobStatusType)
- userImportJobType_userPoolId :: Lens' UserImportJobType (Maybe Text)
- userPoolAddOnsType_advancedSecurityMode :: Lens' UserPoolAddOnsType AdvancedSecurityModeType
- userPoolClientDescription_clientId :: Lens' UserPoolClientDescription (Maybe Text)
- userPoolClientDescription_clientName :: Lens' UserPoolClientDescription (Maybe Text)
- userPoolClientDescription_userPoolId :: Lens' UserPoolClientDescription (Maybe Text)
- userPoolClientType_accessTokenValidity :: Lens' UserPoolClientType (Maybe Natural)
- userPoolClientType_allowedOAuthFlows :: Lens' UserPoolClientType (Maybe [OAuthFlowType])
- userPoolClientType_allowedOAuthFlowsUserPoolClient :: Lens' UserPoolClientType (Maybe Bool)
- userPoolClientType_allowedOAuthScopes :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_analyticsConfiguration :: Lens' UserPoolClientType (Maybe AnalyticsConfigurationType)
- userPoolClientType_authSessionValidity :: Lens' UserPoolClientType (Maybe Natural)
- userPoolClientType_callbackURLs :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_clientId :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_clientName :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_clientSecret :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_creationDate :: Lens' UserPoolClientType (Maybe UTCTime)
- userPoolClientType_defaultRedirectURI :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_enablePropagateAdditionalUserContextData :: Lens' UserPoolClientType (Maybe Bool)
- userPoolClientType_enableTokenRevocation :: Lens' UserPoolClientType (Maybe Bool)
- userPoolClientType_explicitAuthFlows :: Lens' UserPoolClientType (Maybe [ExplicitAuthFlowsType])
- userPoolClientType_idTokenValidity :: Lens' UserPoolClientType (Maybe Natural)
- userPoolClientType_lastModifiedDate :: Lens' UserPoolClientType (Maybe UTCTime)
- userPoolClientType_logoutURLs :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_preventUserExistenceErrors :: Lens' UserPoolClientType (Maybe PreventUserExistenceErrorTypes)
- userPoolClientType_readAttributes :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_refreshTokenValidity :: Lens' UserPoolClientType (Maybe Natural)
- userPoolClientType_supportedIdentityProviders :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_tokenValidityUnits :: Lens' UserPoolClientType (Maybe TokenValidityUnitsType)
- userPoolClientType_userPoolId :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_writeAttributes :: Lens' UserPoolClientType (Maybe [Text])
- userPoolDescriptionType_creationDate :: Lens' UserPoolDescriptionType (Maybe UTCTime)
- userPoolDescriptionType_id :: Lens' UserPoolDescriptionType (Maybe Text)
- userPoolDescriptionType_lambdaConfig :: Lens' UserPoolDescriptionType (Maybe LambdaConfigType)
- userPoolDescriptionType_lastModifiedDate :: Lens' UserPoolDescriptionType (Maybe UTCTime)
- userPoolDescriptionType_name :: Lens' UserPoolDescriptionType (Maybe Text)
- userPoolDescriptionType_status :: Lens' UserPoolDescriptionType (Maybe StatusType)
- userPoolPolicyType_passwordPolicy :: Lens' UserPoolPolicyType (Maybe PasswordPolicyType)
- userPoolType_accountRecoverySetting :: Lens' UserPoolType (Maybe AccountRecoverySettingType)
- userPoolType_adminCreateUserConfig :: Lens' UserPoolType (Maybe AdminCreateUserConfigType)
- userPoolType_aliasAttributes :: Lens' UserPoolType (Maybe [AliasAttributeType])
- userPoolType_arn :: Lens' UserPoolType (Maybe Text)
- userPoolType_autoVerifiedAttributes :: Lens' UserPoolType (Maybe [VerifiedAttributeType])
- userPoolType_creationDate :: Lens' UserPoolType (Maybe UTCTime)
- userPoolType_customDomain :: Lens' UserPoolType (Maybe Text)
- userPoolType_deletionProtection :: Lens' UserPoolType (Maybe DeletionProtectionType)
- userPoolType_deviceConfiguration :: Lens' UserPoolType (Maybe DeviceConfigurationType)
- userPoolType_domain :: Lens' UserPoolType (Maybe Text)
- userPoolType_emailConfiguration :: Lens' UserPoolType (Maybe EmailConfigurationType)
- userPoolType_emailConfigurationFailure :: Lens' UserPoolType (Maybe Text)
- userPoolType_emailVerificationMessage :: Lens' UserPoolType (Maybe Text)
- userPoolType_emailVerificationSubject :: Lens' UserPoolType (Maybe Text)
- userPoolType_estimatedNumberOfUsers :: Lens' UserPoolType (Maybe Int)
- userPoolType_id :: Lens' UserPoolType (Maybe Text)
- userPoolType_lambdaConfig :: Lens' UserPoolType (Maybe LambdaConfigType)
- userPoolType_lastModifiedDate :: Lens' UserPoolType (Maybe UTCTime)
- userPoolType_mfaConfiguration :: Lens' UserPoolType (Maybe UserPoolMfaType)
- userPoolType_name :: Lens' UserPoolType (Maybe Text)
- userPoolType_policies :: Lens' UserPoolType (Maybe UserPoolPolicyType)
- userPoolType_schemaAttributes :: Lens' UserPoolType (Maybe (NonEmpty SchemaAttributeType))
- userPoolType_smsAuthenticationMessage :: Lens' UserPoolType (Maybe Text)
- userPoolType_smsConfiguration :: Lens' UserPoolType (Maybe SmsConfigurationType)
- userPoolType_smsConfigurationFailure :: Lens' UserPoolType (Maybe Text)
- userPoolType_smsVerificationMessage :: Lens' UserPoolType (Maybe Text)
- userPoolType_status :: Lens' UserPoolType (Maybe StatusType)
- userPoolType_userAttributeUpdateSettings :: Lens' UserPoolType (Maybe UserAttributeUpdateSettingsType)
- userPoolType_userPoolAddOns :: Lens' UserPoolType (Maybe UserPoolAddOnsType)
- userPoolType_userPoolTags :: Lens' UserPoolType (Maybe (HashMap Text Text))
- userPoolType_usernameAttributes :: Lens' UserPoolType (Maybe [UsernameAttributeType])
- userPoolType_usernameConfiguration :: Lens' UserPoolType (Maybe UsernameConfigurationType)
- userPoolType_verificationMessageTemplate :: Lens' UserPoolType (Maybe VerificationMessageTemplateType)
- userType_attributes :: Lens' UserType (Maybe [AttributeType])
- userType_enabled :: Lens' UserType (Maybe Bool)
- userType_mfaOptions :: Lens' UserType (Maybe [MFAOptionType])
- userType_userCreateDate :: Lens' UserType (Maybe UTCTime)
- userType_userLastModifiedDate :: Lens' UserType (Maybe UTCTime)
- userType_userStatus :: Lens' UserType (Maybe UserStatusType)
- userType_username :: Lens' UserType (Maybe Text)
- usernameConfigurationType_caseSensitive :: Lens' UsernameConfigurationType Bool
- verificationMessageTemplateType_defaultEmailOption :: Lens' VerificationMessageTemplateType (Maybe DefaultEmailOptionType)
- verificationMessageTemplateType_emailMessage :: Lens' VerificationMessageTemplateType (Maybe Text)
- verificationMessageTemplateType_emailMessageByLink :: Lens' VerificationMessageTemplateType (Maybe Text)
- verificationMessageTemplateType_emailSubject :: Lens' VerificationMessageTemplateType (Maybe Text)
- verificationMessageTemplateType_emailSubjectByLink :: Lens' VerificationMessageTemplateType (Maybe Text)
- verificationMessageTemplateType_smsMessage :: Lens' VerificationMessageTemplateType (Maybe Text)
Operations
AddCustomAttributes
addCustomAttributes_userPoolId :: Lens' AddCustomAttributes Text Source #
The user pool ID for the user pool where you want to add custom attributes.
addCustomAttributes_customAttributes :: Lens' AddCustomAttributes (NonEmpty SchemaAttributeType) Source #
An array of custom attributes, such as Mutable and Name.
addCustomAttributesResponse_httpStatus :: Lens' AddCustomAttributesResponse Int Source #
The response's http status code.
AdminAddUserToGroup
adminAddUserToGroup_userPoolId :: Lens' AdminAddUserToGroup Text Source #
The user pool ID for the user pool.
adminAddUserToGroup_username :: Lens' AdminAddUserToGroup Text Source #
The username for the user.
adminAddUserToGroup_groupName :: Lens' AdminAddUserToGroup Text Source #
The group name.
AdminConfirmSignUp
adminConfirmSignUp_clientMetadata :: Lens' AdminConfirmSignUp (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
If your user pool configuration includes triggers, the
AdminConfirmSignUp API action invokes the Lambda function that is
specified for the post confirmation trigger. When Amazon Cognito
invokes this function, it passes a JSON payload, which the function
receives as input. In this payload, the clientMetadata
attribute
provides the data that you assigned to the ClientMetadata parameter in
your AdminConfirmSignUp request. In your function code in Lambda, you
can process the ClientMetadata value to enhance your workflow for your
specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
adminConfirmSignUp_userPoolId :: Lens' AdminConfirmSignUp Text Source #
The user pool ID for which you want to confirm user registration.
adminConfirmSignUp_username :: Lens' AdminConfirmSignUp Text Source #
The user name for which you want to confirm user registration.
adminConfirmSignUpResponse_httpStatus :: Lens' AdminConfirmSignUpResponse Int Source #
The response's http status code.
AdminCreateUser
adminCreateUser_clientMetadata :: Lens' AdminCreateUser (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the AdminCreateUser API action, Amazon Cognito
invokes the function that is assigned to the pre sign-up trigger. When
Amazon Cognito invokes this function, it passes a JSON payload, which
the function receives as input. This payload contains a clientMetadata
attribute, which provides the data that you assigned to the
ClientMetadata parameter in your AdminCreateUser request. In your
function code in Lambda, you can process the clientMetadata
value to
enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
adminCreateUser_desiredDeliveryMediums :: Lens' AdminCreateUser (Maybe [DeliveryMediumType]) Source #
Specify "EMAIL"
if email will be used to send the welcome message.
Specify "SMS"
if the phone number will be used. The default value is
"SMS"
. You can specify more than one value.
adminCreateUser_forceAliasCreation :: Lens' AdminCreateUser (Maybe Bool) Source #
This parameter is used only if the phone_number_verified
or
email_verified
attribute is set to True
. Otherwise, it is ignored.
If this parameter is set to True
and the phone number or email address
specified in the UserAttributes parameter already exists as an alias
with a different user, the API call will migrate the alias from the
previous user to the newly created user. The previous user will no
longer be able to log in using that alias.
If this parameter is set to False
, the API throws an
AliasExistsException
error if the alias already exists. The default
value is False
.
adminCreateUser_messageAction :: Lens' AdminCreateUser (Maybe MessageActionType) Source #
Set to RESEND
to resend the invitation message to a user that already
exists and reset the expiration limit on the user's account. Set to
SUPPRESS
to suppress sending the message. You can specify only one
value.
adminCreateUser_temporaryPassword :: Lens' AdminCreateUser (Maybe Text) Source #
The user's temporary password. This password must conform to the password policy that you specified when you created the user pool.
The temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary password in the sign-in page, along with a new password to be used in all future sign-ins.
This parameter isn't required. If you don't specify a value, Amazon Cognito generates one for you.
The temporary password can only be used until the user account
expiration limit that you specified when you created the user pool. To
reset the account after that time limit, you must call AdminCreateUser
again, specifying "RESEND"
for the MessageAction
parameter.
adminCreateUser_userAttributes :: Lens' AdminCreateUser (Maybe [AttributeType]) Source #
An array of name-value pairs that contain user attributes and attribute
values to be set for the user to be created. You can create a user
without specifying any attributes other than Username
. However, any
attributes that you specify as required (when creating a user pool or in
the Attributes tab of the console) either you should supply (in your
call to AdminCreateUser
) or the user should supply (when they sign up
in response to your welcome message).
For custom attributes, you must prepend the custom:
prefix to the
attribute name.
To send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.
In your call to AdminCreateUser
, you can set the email_verified
attribute to True
, and you can set the phone_number_verified
attribute to True
. You can also do this by calling
AdminUpdateUserAttributes.
- email: The email address of the user to whom the message that
contains the code and username will be sent. Required if the
email_verified
attribute is set toTrue
, or if"EMAIL"
is specified in theDesiredDeliveryMediums
parameter. - phone_number: The phone number of the user to whom the message
that contains the code and username will be sent. Required if the
phone_number_verified
attribute is set toTrue
, or if"SMS"
is specified in theDesiredDeliveryMediums
parameter.
adminCreateUser_validationData :: Lens' AdminCreateUser (Maybe [AttributeType]) Source #
The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain.
To configure custom validation, you must create a Pre Sign-up Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process.
The user's validation data isn't persisted.
adminCreateUser_userPoolId :: Lens' AdminCreateUser Text Source #
The user pool ID for the user pool where the user will be created.
adminCreateUser_username :: Lens' AdminCreateUser Text Source #
The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username can't be changed.
adminCreateUserResponse_user :: Lens' AdminCreateUserResponse (Maybe UserType) Source #
The newly created user.
adminCreateUserResponse_httpStatus :: Lens' AdminCreateUserResponse Int Source #
The response's http status code.
AdminDeleteUser
adminDeleteUser_userPoolId :: Lens' AdminDeleteUser Text Source #
The user pool ID for the user pool where you want to delete the user.
adminDeleteUser_username :: Lens' AdminDeleteUser Text Source #
The user name of the user you want to delete.
AdminDeleteUserAttributes
adminDeleteUserAttributes_userPoolId :: Lens' AdminDeleteUserAttributes Text Source #
The user pool ID for the user pool where you want to delete user attributes.
adminDeleteUserAttributes_username :: Lens' AdminDeleteUserAttributes Text Source #
The user name of the user from which you would like to delete attributes.
adminDeleteUserAttributes_userAttributeNames :: Lens' AdminDeleteUserAttributes [Text] Source #
An array of strings representing the user attribute names you want to delete.
For custom attributes, you must prepend the custom:
prefix to the
attribute name.
adminDeleteUserAttributesResponse_httpStatus :: Lens' AdminDeleteUserAttributesResponse Int Source #
The response's http status code.
AdminDisableProviderForUser
adminDisableProviderForUser_userPoolId :: Lens' AdminDisableProviderForUser Text Source #
The user pool ID for the user pool.
adminDisableProviderForUser_user :: Lens' AdminDisableProviderForUser ProviderUserIdentifierType Source #
The user to be disabled.
adminDisableProviderForUserResponse_httpStatus :: Lens' AdminDisableProviderForUserResponse Int Source #
The response's http status code.
AdminDisableUser
adminDisableUser_userPoolId :: Lens' AdminDisableUser Text Source #
The user pool ID for the user pool where you want to disable the user.
adminDisableUser_username :: Lens' AdminDisableUser Text Source #
The user name of the user you want to disable.
adminDisableUserResponse_httpStatus :: Lens' AdminDisableUserResponse Int Source #
The response's http status code.
AdminEnableUser
adminEnableUser_userPoolId :: Lens' AdminEnableUser Text Source #
The user pool ID for the user pool where you want to enable the user.
adminEnableUser_username :: Lens' AdminEnableUser Text Source #
The user name of the user you want to enable.
adminEnableUserResponse_httpStatus :: Lens' AdminEnableUserResponse Int Source #
The response's http status code.
AdminForgetDevice
adminForgetDevice_userPoolId :: Lens' AdminForgetDevice Text Source #
The user pool ID.
adminForgetDevice_username :: Lens' AdminForgetDevice Text Source #
The user name.
adminForgetDevice_deviceKey :: Lens' AdminForgetDevice Text Source #
The device key.
AdminGetDevice
adminGetDevice_deviceKey :: Lens' AdminGetDevice Text Source #
The device key.
adminGetDevice_userPoolId :: Lens' AdminGetDevice Text Source #
The user pool ID.
adminGetDevice_username :: Lens' AdminGetDevice Text Source #
The user name.
adminGetDeviceResponse_httpStatus :: Lens' AdminGetDeviceResponse Int Source #
The response's http status code.
adminGetDeviceResponse_device :: Lens' AdminGetDeviceResponse DeviceType Source #
The device.
AdminGetUser
adminGetUser_userPoolId :: Lens' AdminGetUser Text Source #
The user pool ID for the user pool where you want to get information about the user.
adminGetUser_username :: Lens' AdminGetUser Text Source #
The user name of the user you want to retrieve.
adminGetUserResponse_enabled :: Lens' AdminGetUserResponse (Maybe Bool) Source #
Indicates that the status is enabled
.
adminGetUserResponse_mfaOptions :: Lens' AdminGetUserResponse (Maybe [MFAOptionType]) Source #
This response parameter is no longer supported. It provides information only about SMS MFA configurations. It doesn't provide information about time-based one-time password (TOTP) software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.
adminGetUserResponse_preferredMfaSetting :: Lens' AdminGetUserResponse (Maybe Text) Source #
The user's preferred MFA setting.
adminGetUserResponse_userAttributes :: Lens' AdminGetUserResponse (Maybe [AttributeType]) Source #
An array of name-value pairs representing user attributes.
adminGetUserResponse_userCreateDate :: Lens' AdminGetUserResponse (Maybe UTCTime) Source #
The date the user was created.
adminGetUserResponse_userLastModifiedDate :: Lens' AdminGetUserResponse (Maybe UTCTime) Source #
The date the user was last modified.
adminGetUserResponse_userMFASettingList :: Lens' AdminGetUserResponse (Maybe [Text]) Source #
The MFA options that are activated for the user. The possible values in
this list are SMS_MFA
and SOFTWARE_TOKEN_MFA
.
adminGetUserResponse_userStatus :: Lens' AdminGetUserResponse (Maybe UserStatusType) Source #
The user status. Can be one of the following:
- UNCONFIRMED - User has been created but not confirmed.
- CONFIRMED - User has been confirmed.
- ARCHIVED - User is no longer active.
- UNKNOWN - User status isn't known.
- RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.
- FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.
adminGetUserResponse_httpStatus :: Lens' AdminGetUserResponse Int Source #
The response's http status code.
adminGetUserResponse_username :: Lens' AdminGetUserResponse Text Source #
The user name of the user about whom you're receiving information.
AdminInitiateAuth
adminInitiateAuth_analyticsMetadata :: Lens' AdminInitiateAuth (Maybe AnalyticsMetadataType) Source #
The analytics metadata for collecting Amazon Pinpoint metrics for
AdminInitiateAuth
calls.
adminInitiateAuth_authParameters :: Lens' AdminInitiateAuth (Maybe (HashMap Text Text)) Source #
The authentication parameters. These are inputs corresponding to the
AuthFlow
that you're invoking. The required values depend on the
value of AuthFlow
:
- For
USER_SRP_AUTH
:USERNAME
(required),SRP_A
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. - For
REFRESH_TOKEN_AUTH/REFRESH_TOKEN
:REFRESH_TOKEN
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. - For
ADMIN_NO_SRP_AUTH
:USERNAME
(required),SECRET_HASH
(if app client is configured with client secret),PASSWORD
(required),DEVICE_KEY
. - For
CUSTOM_AUTH
:USERNAME
(required),SECRET_HASH
(if app client is configured with client secret),DEVICE_KEY
. To start the authentication flow with password verification, includeChallengeName: SRP_A
andSRP_A: (The SRP_A Value)
.
adminInitiateAuth_clientMetadata :: Lens' AdminInitiateAuth (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
- Pre signup
- Pre authentication
- User migration
When Amazon Cognito invokes the functions for these triggers, it passes
a JSON payload, which the function receives as input. This payload
contains a validationData
attribute, which provides the data that you
assigned to the ClientMetadata parameter in your AdminInitiateAuth
request. In your function code in Lambda, you can process the
validationData
value to enhance your workflow for your specific needs.
When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:
- Post authentication
- Custom message
- Pre token generation
- Create auth challenge
- Define auth challenge
- Verify auth challenge
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
adminInitiateAuth_contextData :: Lens' AdminInitiateAuth (Maybe ContextDataType) Source #
Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
adminInitiateAuth_userPoolId :: Lens' AdminInitiateAuth Text Source #
The ID of the Amazon Cognito user pool.
adminInitiateAuth_clientId :: Lens' AdminInitiateAuth Text Source #
The app client ID.
adminInitiateAuth_authFlow :: Lens' AdminInitiateAuth AuthFlowType Source #
The authentication flow for this call to run. The API action will depend on this value. For example:
REFRESH_TOKEN_AUTH
will take in a valid refresh token and return new tokens.USER_SRP_AUTH
will take inUSERNAME
andSRP_A
and return the Secure Remote Password (SRP) protocol variables to be used for next challenge execution.ADMIN_USER_PASSWORD_AUTH
will take inUSERNAME
andPASSWORD
and return the next challenge or tokens.
Valid values include:
USER_SRP_AUTH
: Authentication flow for the Secure Remote Password (SRP) protocol.REFRESH_TOKEN_AUTH
/REFRESH_TOKEN
: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.CUSTOM_AUTH
: Custom authentication flow.ADMIN_NO_SRP_AUTH
: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly if the flow is enabled for calling the app client.ADMIN_USER_PASSWORD_AUTH
: Admin-based user password authentication. This replaces theADMIN_NO_SRP_AUTH
authentication flow. In this flow, Amazon Cognito receives the password in the request instead of using the SRP process to verify passwords.
adminInitiateAuthResponse_authenticationResult :: Lens' AdminInitiateAuthResponse (Maybe AuthenticationResultType) Source #
The result of the authentication response. This is only returned if the
caller doesn't need to pass another challenge. If the caller does need
to pass another challenge before it gets tokens, ChallengeName
,
ChallengeParameters
, and Session
are returned.
adminInitiateAuthResponse_challengeName :: Lens' AdminInitiateAuthResponse (Maybe ChallengeNameType) Source #
The name of the challenge that you're responding to with this call.
This is returned in the AdminInitiateAuth
response if you must pass
another challenge.
MFA_SETUP
: If MFA is required, users who don't have at least one of the MFA methods set up are presented with anMFA_SETUP
challenge. The user must set up at least one MFA type to continue to authenticate.SELECT_MFA_TYPE
: Selects the MFA type. Valid MFA options areSMS_MFA
for text SMS MFA, andSOFTWARE_TOKEN_MFA
for time-based one-time password (TOTP) software token MFA.SMS_MFA
: Next challenge is to supply anSMS_MFA_CODE
, delivered via SMS.PASSWORD_VERIFIER
: Next challenge is to supplyPASSWORD_CLAIM_SIGNATURE
,PASSWORD_CLAIM_SECRET_BLOCK
, andTIMESTAMP
after the client-side SRP calculations.CUSTOM_CHALLENGE
: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.DEVICE_SRP_AUTH
: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.DEVICE_PASSWORD_VERIFIER
: Similar toPASSWORD_VERIFIER
, but for devices only.ADMIN_NO_SRP_AUTH
: This is returned if you must authenticate withUSERNAME
andPASSWORD
directly. An app client must be enabled to use this flow.NEW_PASSWORD_REQUIRED
: For users who are required to change their passwords after successful first login. Respond to this challenge withNEW_PASSWORD
and any required attributes that Amazon Cognito returned in therequiredAttributes
parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.In a
NEW_PASSWORD_REQUIRED
challenge response, you can't modify a required attribute that already has a value. InAdminRespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in therequiredAttributes
parameter, then use theAdminUpdateUserAttributes
API operation to modify the value of any additional attributes.MFA_SETUP
: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parametersMFA_CAN_SETUP
value.To set up software token MFA, use the session returned here from
InitiateAuth
as an input toAssociateSoftwareToken
, and use the session returned byVerifySoftwareToken
as an input toRespondToAuthChallenge
with challenge nameMFA_SETUP
to complete sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their account and then callInitiateAuth
again to restart sign-in.
adminInitiateAuthResponse_challengeParameters :: Lens' AdminInitiateAuthResponse (Maybe (HashMap Text Text)) Source #
The challenge parameters. These are returned to you in the
AdminInitiateAuth
response if you must pass another challenge. The
responses in this parameter should be used to compute inputs to the next
call (AdminRespondToAuthChallenge
).
All challenges require USERNAME
and SECRET_HASH
(if applicable).
The value of the USER_ID_FOR_SRP
attribute is the user's actual
username, not an alias (such as email address or phone number), even if
you specified an alias in your call to AdminInitiateAuth
. This happens
because, in the AdminRespondToAuthChallenge
API ChallengeResponses
,
the USERNAME
attribute can't be an alias.
adminInitiateAuthResponse_session :: Lens' AdminInitiateAuthResponse (Maybe Text) Source #
The session that should be passed both ways in challenge-response calls
to the service. If AdminInitiateAuth
or AdminRespondToAuthChallenge
API call determines that the caller must pass another challenge, they
return a session with other challenge parameters. This session should be
passed as it is to the next AdminRespondToAuthChallenge
API call.
adminInitiateAuthResponse_httpStatus :: Lens' AdminInitiateAuthResponse Int Source #
The response's http status code.
AdminLinkProviderForUser
adminLinkProviderForUser_userPoolId :: Lens' AdminLinkProviderForUser Text Source #
The user pool ID for the user pool.
adminLinkProviderForUser_destinationUser :: Lens' AdminLinkProviderForUser ProviderUserIdentifierType Source #
The existing user in the user pool that you want to assign to the external IdP user account. This user can be a native (Username + Password) Amazon Cognito user pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, Amazon Cognito generates an exception. Amazon Cognito returns this user when the new user (with the linked IdP attribute) signs in.
For a native username + password user, the ProviderAttributeValue
for
the DestinationUser
should be the username in the user pool. For a
federated user, it should be the provider-specific user_id
.
The ProviderAttributeName
of the DestinationUser
is ignored.
The ProviderName
should be set to Cognito
for users in Cognito user
pools.
All attributes in the DestinationUser profile must be mutable. If you have assigned the user any immutable custom attributes, the operation won't succeed.
adminLinkProviderForUser_sourceUser :: Lens' AdminLinkProviderForUser ProviderUserIdentifierType Source #
An external IdP account for a user who doesn't exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser
is using a federated social IdP, such as Facebook,
Google, or Login with Amazon, you must set the ProviderAttributeName
to Cognito_Subject
. For social IdPs, the ProviderName
will be
Facebook
, Google
, or LoginWithAmazon
, and Amazon Cognito will
automatically parse the Facebook, Google, and Login with Amazon tokens
for id
, sub
, and user_id
, respectively. The
ProviderAttributeValue
for the user must be the same value as the
id
, sub
, or user_id
value found in the social IdP token.
For SAML, the ProviderAttributeName
can be any value that matches a
claim in the SAML assertion. If you want to link SAML users based on the
subject of the SAML assertion, you should map the subject to a claim
through the SAML IdP and submit that claim name as the
ProviderAttributeName
. If you set ProviderAttributeName
to
Cognito_Subject
, Amazon Cognito will automatically parse the default
unique identifier found in the subject from the SAML token.
adminLinkProviderForUserResponse_httpStatus :: Lens' AdminLinkProviderForUserResponse Int Source #
The response's http status code.
AdminListDevices
adminListDevices_limit :: Lens' AdminListDevices (Maybe Natural) Source #
The limit of the devices request.
adminListDevices_paginationToken :: Lens' AdminListDevices (Maybe Text) Source #
The pagination token.
adminListDevices_userPoolId :: Lens' AdminListDevices Text Source #
The user pool ID.
adminListDevices_username :: Lens' AdminListDevices Text Source #
The user name.
adminListDevicesResponse_devices :: Lens' AdminListDevicesResponse (Maybe [DeviceType]) Source #
The devices in the list of devices response.
adminListDevicesResponse_paginationToken :: Lens' AdminListDevicesResponse (Maybe Text) Source #
The pagination token.
adminListDevicesResponse_httpStatus :: Lens' AdminListDevicesResponse Int Source #
The response's http status code.
AdminListGroupsForUser
adminListGroupsForUser_limit :: Lens' AdminListGroupsForUser (Maybe Natural) Source #
The limit of the request to list groups.
adminListGroupsForUser_nextToken :: Lens' AdminListGroupsForUser (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
adminListGroupsForUser_username :: Lens' AdminListGroupsForUser Text Source #
The username for the user.
adminListGroupsForUser_userPoolId :: Lens' AdminListGroupsForUser Text Source #
The user pool ID for the user pool.
adminListGroupsForUserResponse_groups :: Lens' AdminListGroupsForUserResponse (Maybe [GroupType]) Source #
The groups that the user belongs to.
adminListGroupsForUserResponse_nextToken :: Lens' AdminListGroupsForUserResponse (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
adminListGroupsForUserResponse_httpStatus :: Lens' AdminListGroupsForUserResponse Int Source #
The response's http status code.
AdminListUserAuthEvents
adminListUserAuthEvents_maxResults :: Lens' AdminListUserAuthEvents (Maybe Natural) Source #
The maximum number of authentication events to return. Returns 60 events
if you set MaxResults
to 0, or if you don't include a MaxResults
parameter.
adminListUserAuthEvents_nextToken :: Lens' AdminListUserAuthEvents (Maybe Text) Source #
A pagination token.
adminListUserAuthEvents_userPoolId :: Lens' AdminListUserAuthEvents Text Source #
The user pool ID.
adminListUserAuthEvents_username :: Lens' AdminListUserAuthEvents Text Source #
The user pool username or an alias.
adminListUserAuthEventsResponse_authEvents :: Lens' AdminListUserAuthEventsResponse (Maybe [AuthEventType]) Source #
The response object. It includes the EventID
, EventType
,
CreationDate
, EventRisk
, and EventResponse
.
adminListUserAuthEventsResponse_nextToken :: Lens' AdminListUserAuthEventsResponse (Maybe Text) Source #
A pagination token.
adminListUserAuthEventsResponse_httpStatus :: Lens' AdminListUserAuthEventsResponse Int Source #
The response's http status code.
AdminRemoveUserFromGroup
adminRemoveUserFromGroup_userPoolId :: Lens' AdminRemoveUserFromGroup Text Source #
The user pool ID for the user pool.
adminRemoveUserFromGroup_username :: Lens' AdminRemoveUserFromGroup Text Source #
The username for the user.
adminRemoveUserFromGroup_groupName :: Lens' AdminRemoveUserFromGroup Text Source #
The group name.
AdminResetUserPassword
adminResetUserPassword_clientMetadata :: Lens' AdminResetUserPassword (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the AdminResetUserPassword API action, Amazon
Cognito invokes the function that is assigned to the custom message
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to
the ClientMetadata parameter in your AdminResetUserPassword request. In
your function code in Lambda, you can process the clientMetadata
value
to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
adminResetUserPassword_userPoolId :: Lens' AdminResetUserPassword Text Source #
The user pool ID for the user pool where you want to reset the user's password.
adminResetUserPassword_username :: Lens' AdminResetUserPassword Text Source #
The user name of the user whose password you want to reset.
adminResetUserPasswordResponse_httpStatus :: Lens' AdminResetUserPasswordResponse Int Source #
The response's http status code.
AdminRespondToAuthChallenge
adminRespondToAuthChallenge_analyticsMetadata :: Lens' AdminRespondToAuthChallenge (Maybe AnalyticsMetadataType) Source #
The analytics metadata for collecting Amazon Pinpoint metrics for
AdminRespondToAuthChallenge
calls.
adminRespondToAuthChallenge_challengeResponses :: Lens' AdminRespondToAuthChallenge (Maybe (HashMap Text Text)) Source #
The challenge responses. These are inputs corresponding to the value of
ChallengeName
, for example:
SMS_MFA
:SMS_MFA_CODE
,USERNAME
,SECRET_HASH
(if app client is configured with client secret).PASSWORD_VERIFIER
:PASSWORD_CLAIM_SIGNATURE
,PASSWORD_CLAIM_SECRET_BLOCK
,TIMESTAMP
,USERNAME
,SECRET_HASH
(if app client is configured with client secret).PASSWORD_VERIFIER
requiresDEVICE_KEY
when signing in with a remembered device.ADMIN_NO_SRP_AUTH
:PASSWORD
,USERNAME
,SECRET_HASH
(if app client is configured with client secret).NEW_PASSWORD_REQUIRED
:NEW_PASSWORD
,USERNAME
,SECRET_HASH
(if app client is configured with client secret). To set any required attributes that Amazon Cognito returned asrequiredAttributes
in theAdminInitiateAuth
response, add auserAttributes.
attributename
In a
NEW_PASSWORD_REQUIRED
challenge response, you can't modify a required attribute that already has a value. InAdminRespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in therequiredAttributes
parameter, then use theAdminUpdateUserAttributes
API operation to modify the value of any additional attributes.MFA_SETUP
requiresUSERNAME
, plus you must use the session value returned byVerifySoftwareToken
in theSession
parameter.
The value of the USERNAME
attribute must be the user's actual
username, not an alias (such as an email address or phone number). To
make this simpler, the AdminInitiateAuth
response includes the actual
username value in the USERNAMEUSER_ID_FOR_SRP
attribute. This happens
even if you specified an alias in your call to AdminInitiateAuth
.
adminRespondToAuthChallenge_clientMetadata :: Lens' AdminRespondToAuthChallenge (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions that you have assigned to the following triggers:
- pre sign-up
- custom message
- post authentication
- user migration
- pre token generation
- define auth challenge
- create auth challenge
- verify auth challenge response
When Amazon Cognito invokes any of these functions, it passes a JSON
payload, which the function receives as input. This payload contains a
clientMetadata
attribute that provides the data that you assigned to
the ClientMetadata parameter in your AdminRespondToAuthChallenge
request. In your function code in Lambda, you can process the
clientMetadata
value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
adminRespondToAuthChallenge_contextData :: Lens' AdminRespondToAuthChallenge (Maybe ContextDataType) Source #
Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
adminRespondToAuthChallenge_session :: Lens' AdminRespondToAuthChallenge (Maybe Text) Source #
The session that should be passed both ways in challenge-response calls
to the service. If an InitiateAuth
or RespondToAuthChallenge
API
call determines that the caller must pass another challenge, it returns
a session with other challenge parameters. This session should be passed
as it is to the next RespondToAuthChallenge
API call.
adminRespondToAuthChallenge_userPoolId :: Lens' AdminRespondToAuthChallenge Text Source #
The ID of the Amazon Cognito user pool.
adminRespondToAuthChallenge_clientId :: Lens' AdminRespondToAuthChallenge Text Source #
The app client ID.
adminRespondToAuthChallenge_challengeName :: Lens' AdminRespondToAuthChallenge ChallengeNameType Source #
The challenge name. For more information, see AdminInitiateAuth.
adminRespondToAuthChallengeResponse_authenticationResult :: Lens' AdminRespondToAuthChallengeResponse (Maybe AuthenticationResultType) Source #
The result returned by the server in response to the authentication request.
adminRespondToAuthChallengeResponse_challengeName :: Lens' AdminRespondToAuthChallengeResponse (Maybe ChallengeNameType) Source #
The name of the challenge. For more information, see AdminInitiateAuth.
adminRespondToAuthChallengeResponse_challengeParameters :: Lens' AdminRespondToAuthChallengeResponse (Maybe (HashMap Text Text)) Source #
The challenge parameters. For more information, see AdminInitiateAuth.
adminRespondToAuthChallengeResponse_session :: Lens' AdminRespondToAuthChallengeResponse (Maybe Text) Source #
The session that should be passed both ways in challenge-response calls
to the service. If the caller must pass another challenge, they return a
session with other challenge parameters. This session should be passed
as it is to the next RespondToAuthChallenge
API call.
adminRespondToAuthChallengeResponse_httpStatus :: Lens' AdminRespondToAuthChallengeResponse Int Source #
The response's http status code.
AdminSetUserMFAPreference
adminSetUserMFAPreference_sMSMfaSettings :: Lens' AdminSetUserMFAPreference (Maybe SMSMfaSettingsType) Source #
The SMS text message MFA settings.
adminSetUserMFAPreference_softwareTokenMfaSettings :: Lens' AdminSetUserMFAPreference (Maybe SoftwareTokenMfaSettingsType) Source #
The time-based one-time password software token MFA settings.
adminSetUserMFAPreference_username :: Lens' AdminSetUserMFAPreference Text Source #
The user pool username or alias.
adminSetUserMFAPreference_userPoolId :: Lens' AdminSetUserMFAPreference Text Source #
The user pool ID.
adminSetUserMFAPreferenceResponse_httpStatus :: Lens' AdminSetUserMFAPreferenceResponse Int Source #
The response's http status code.
AdminSetUserPassword
adminSetUserPassword_permanent :: Lens' AdminSetUserPassword (Maybe Bool) Source #
True
if the password is permanent, False
if it is temporary.
adminSetUserPassword_userPoolId :: Lens' AdminSetUserPassword Text Source #
The user pool ID for the user pool where you want to set the user's password.
adminSetUserPassword_username :: Lens' AdminSetUserPassword Text Source #
The user name of the user whose password you want to set.
adminSetUserPassword_password :: Lens' AdminSetUserPassword Text Source #
The password for the user.
adminSetUserPasswordResponse_httpStatus :: Lens' AdminSetUserPasswordResponse Int Source #
The response's http status code.
AdminSetUserSettings
adminSetUserSettings_userPoolId :: Lens' AdminSetUserSettings Text Source #
The ID of the user pool that contains the user whose options you're setting.
adminSetUserSettings_username :: Lens' AdminSetUserSettings Text Source #
The user name of the user whose options you're setting.
adminSetUserSettings_mfaOptions :: Lens' AdminSetUserSettings [MFAOptionType] Source #
You can use this parameter only to set an SMS configuration that uses SMS for delivery.
adminSetUserSettingsResponse_httpStatus :: Lens' AdminSetUserSettingsResponse Int Source #
The response's http status code.
AdminUpdateAuthEventFeedback
adminUpdateAuthEventFeedback_userPoolId :: Lens' AdminUpdateAuthEventFeedback Text Source #
The user pool ID.
adminUpdateAuthEventFeedback_username :: Lens' AdminUpdateAuthEventFeedback Text Source #
The user pool username.
adminUpdateAuthEventFeedback_eventId :: Lens' AdminUpdateAuthEventFeedback Text Source #
The authentication event ID.
adminUpdateAuthEventFeedback_feedbackValue :: Lens' AdminUpdateAuthEventFeedback FeedbackValueType Source #
The authentication event feedback value.
adminUpdateAuthEventFeedbackResponse_httpStatus :: Lens' AdminUpdateAuthEventFeedbackResponse Int Source #
The response's http status code.
AdminUpdateDeviceStatus
adminUpdateDeviceStatus_deviceRememberedStatus :: Lens' AdminUpdateDeviceStatus (Maybe DeviceRememberedStatusType) Source #
The status indicating whether a device has been remembered or not.
adminUpdateDeviceStatus_userPoolId :: Lens' AdminUpdateDeviceStatus Text Source #
The user pool ID.
adminUpdateDeviceStatus_username :: Lens' AdminUpdateDeviceStatus Text Source #
The user name.
adminUpdateDeviceStatus_deviceKey :: Lens' AdminUpdateDeviceStatus Text Source #
The device key.
adminUpdateDeviceStatusResponse_httpStatus :: Lens' AdminUpdateDeviceStatusResponse Int Source #
The response's http status code.
AdminUpdateUserAttributes
adminUpdateUserAttributes_clientMetadata :: Lens' AdminUpdateUserAttributes (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the AdminUpdateUserAttributes API action, Amazon
Cognito invokes the function that is assigned to the custom message
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to
the ClientMetadata parameter in your AdminUpdateUserAttributes request.
In your function code in Lambda, you can process the clientMetadata
value to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
adminUpdateUserAttributes_userPoolId :: Lens' AdminUpdateUserAttributes Text Source #
The user pool ID for the user pool where you want to update user attributes.
adminUpdateUserAttributes_username :: Lens' AdminUpdateUserAttributes Text Source #
The user name of the user for whom you want to update user attributes.
adminUpdateUserAttributes_userAttributes :: Lens' AdminUpdateUserAttributes [AttributeType] Source #
An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom:
prefix to the
attribute name.
If your user pool requires verification before Amazon Cognito updates an attribute value that you specify in this request, Amazon Cognito doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.
To update the value of an attribute that requires verification in the
same API request, include the email_verified
or
phone_number_verified
attribute, with a value of true
. If you set
the email_verified
or phone_number_verified
value for an email
or
phone_number
attribute that requires verification to true
, Amazon
Cognito doesn’t send a verification message to your user.
adminUpdateUserAttributesResponse_httpStatus :: Lens' AdminUpdateUserAttributesResponse Int Source #
The response's http status code.
AdminUserGlobalSignOut
adminUserGlobalSignOut_userPoolId :: Lens' AdminUserGlobalSignOut Text Source #
The user pool ID.
adminUserGlobalSignOut_username :: Lens' AdminUserGlobalSignOut Text Source #
The user name.
adminUserGlobalSignOutResponse_httpStatus :: Lens' AdminUserGlobalSignOutResponse Int Source #
The response's http status code.
AssociateSoftwareToken
associateSoftwareToken_accessToken :: Lens' AssociateSoftwareToken (Maybe Text) Source #
A valid access token that Amazon Cognito issued to the user whose software token you want to generate.
associateSoftwareToken_session :: Lens' AssociateSoftwareToken (Maybe Text) Source #
The session that should be passed both ways in challenge-response calls to the service. This allows authentication of the user as part of the MFA setup process.
associateSoftwareTokenResponse_secretCode :: Lens' AssociateSoftwareTokenResponse (Maybe Text) Source #
A unique generated shared secret code that is used in the TOTP algorithm to generate a one-time code.
associateSoftwareTokenResponse_session :: Lens' AssociateSoftwareTokenResponse (Maybe Text) Source #
The session that should be passed both ways in challenge-response calls to the service. This allows authentication of the user as part of the MFA setup process.
associateSoftwareTokenResponse_httpStatus :: Lens' AssociateSoftwareTokenResponse Int Source #
The response's http status code.
ChangePassword
changePassword_previousPassword :: Lens' ChangePassword Text Source #
The old password.
changePassword_proposedPassword :: Lens' ChangePassword Text Source #
The new password.
changePassword_accessToken :: Lens' ChangePassword Text Source #
A valid access token that Amazon Cognito issued to the user whose password you want to change.
changePasswordResponse_httpStatus :: Lens' ChangePasswordResponse Int Source #
The response's http status code.
ConfirmDevice
confirmDevice_deviceName :: Lens' ConfirmDevice (Maybe Text) Source #
The device name.
confirmDevice_deviceSecretVerifierConfig :: Lens' ConfirmDevice (Maybe DeviceSecretVerifierConfigType) Source #
The configuration of the device secret verifier.
confirmDevice_accessToken :: Lens' ConfirmDevice Text Source #
A valid access token that Amazon Cognito issued to the user whose device you want to confirm.
confirmDevice_deviceKey :: Lens' ConfirmDevice Text Source #
The device key.
confirmDeviceResponse_userConfirmationNecessary :: Lens' ConfirmDeviceResponse (Maybe Bool) Source #
Indicates whether the user confirmation must confirm the device response.
confirmDeviceResponse_httpStatus :: Lens' ConfirmDeviceResponse Int Source #
The response's http status code.
ConfirmForgotPassword
confirmForgotPassword_analyticsMetadata :: Lens' ConfirmForgotPassword (Maybe AnalyticsMetadataType) Source #
The Amazon Pinpoint analytics metadata for collecting metrics for
ConfirmForgotPassword
calls.
confirmForgotPassword_clientMetadata :: Lens' ConfirmForgotPassword (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the ConfirmForgotPassword API action, Amazon
Cognito invokes the function that is assigned to the post confirmation
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to
the ClientMetadata parameter in your ConfirmForgotPassword request. In
your function code in Lambda, you can process the clientMetadata
value
to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
confirmForgotPassword_secretHash :: Lens' ConfirmForgotPassword (Maybe Text) Source #
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
confirmForgotPassword_userContextData :: Lens' ConfirmForgotPassword (Maybe UserContextDataType) Source #
Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
confirmForgotPassword_clientId :: Lens' ConfirmForgotPassword Text Source #
The app client ID of the app associated with the user pool.
confirmForgotPassword_username :: Lens' ConfirmForgotPassword Text Source #
The user name of the user for whom you want to enter a code to retrieve a forgotten password.
confirmForgotPassword_confirmationCode :: Lens' ConfirmForgotPassword Text Source #
The confirmation code from your user's request to reset their password. For more information, see ForgotPassword.
confirmForgotPassword_password :: Lens' ConfirmForgotPassword Text Source #
The new password that your user wants to set.
confirmForgotPasswordResponse_httpStatus :: Lens' ConfirmForgotPasswordResponse Int Source #
The response's http status code.
ConfirmSignUp
confirmSignUp_analyticsMetadata :: Lens' ConfirmSignUp (Maybe AnalyticsMetadataType) Source #
The Amazon Pinpoint analytics metadata for collecting metrics for
ConfirmSignUp
calls.
confirmSignUp_clientMetadata :: Lens' ConfirmSignUp (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the ConfirmSignUp API action, Amazon Cognito
invokes the function that is assigned to the post confirmation
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to
the ClientMetadata parameter in your ConfirmSignUp request. In your
function code in Lambda, you can process the clientMetadata
value to
enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
confirmSignUp_forceAliasCreation :: Lens' ConfirmSignUp (Maybe Bool) Source #
Boolean to be specified to force user confirmation irrespective of
existing alias. By default set to False
. If this parameter is set to
True
and the phone number/email used for sign up confirmation already
exists as an alias with a different user, the API call will migrate the
alias from the previous user to the newly created user being confirmed.
If set to False
, the API will throw an AliasExistsException error.
confirmSignUp_secretHash :: Lens' ConfirmSignUp (Maybe Text) Source #
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
confirmSignUp_userContextData :: Lens' ConfirmSignUp (Maybe UserContextDataType) Source #
Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
confirmSignUp_clientId :: Lens' ConfirmSignUp Text Source #
The ID of the app client associated with the user pool.
confirmSignUp_username :: Lens' ConfirmSignUp Text Source #
The user name of the user whose registration you want to confirm.
confirmSignUp_confirmationCode :: Lens' ConfirmSignUp Text Source #
The confirmation code sent by a user's request to confirm registration.
confirmSignUpResponse_httpStatus :: Lens' ConfirmSignUpResponse Int Source #
The response's http status code.
CreateGroup
createGroup_description :: Lens' CreateGroup (Maybe Text) Source #
A string containing the description of the group.
createGroup_precedence :: Lens' CreateGroup (Maybe Natural) Source #
A non-negative integer value that specifies the precedence of this group
relative to the other groups that a user can belong to in the user pool.
Zero is the highest precedence value. Groups with lower Precedence
values take precedence over groups with higher or null Precedence
values. If a user belongs to two or more groups, it is the group with
the lowest precedence value whose role ARN is given in the user's
tokens for the cognito:roles
and cognito:preferred_role
claims.
Two groups can have the same Precedence
value. If this happens,
neither group takes precedence over the other. If two groups with the
same Precedence
have the same role ARN, that role is used in the
cognito:preferred_role
claim in tokens for users in each group. If the
two groups have different role ARNs, the cognito:preferred_role
claim
isn't set in users' tokens.
The default Precedence
value is null. The maximum Precedence
value
is 2^31-1
.
createGroup_roleArn :: Lens' CreateGroup (Maybe Text) Source #
The role Amazon Resource Name (ARN) for the group.
createGroup_groupName :: Lens' CreateGroup Text Source #
The name of the group. Must be unique.
createGroup_userPoolId :: Lens' CreateGroup Text Source #
The user pool ID for the user pool.
createGroupResponse_group :: Lens' CreateGroupResponse (Maybe GroupType) Source #
The group object for the group.
createGroupResponse_httpStatus :: Lens' CreateGroupResponse Int Source #
The response's http status code.
CreateIdentityProvider
createIdentityProvider_attributeMapping :: Lens' CreateIdentityProvider (Maybe (HashMap Text Text)) Source #
A mapping of IdP attributes to standard and custom user pool attributes.
createIdentityProvider_idpIdentifiers :: Lens' CreateIdentityProvider (Maybe [Text]) Source #
A list of IdP identifiers.
createIdentityProvider_userPoolId :: Lens' CreateIdentityProvider Text Source #
The user pool ID.
createIdentityProvider_providerName :: Lens' CreateIdentityProvider Text Source #
The IdP name.
createIdentityProvider_providerType :: Lens' CreateIdentityProvider IdentityProviderTypeType Source #
The IdP type.
createIdentityProvider_providerDetails :: Lens' CreateIdentityProvider (HashMap Text Text) Source #
The IdP details. The following list describes the provider detail keys for each IdP type.
For Google and Login with Amazon:
- client_id
- client_secret
- authorize_scopes
For Facebook:
- client_id
- client_secret
- authorize_scopes
- api_version
For Sign in with Apple:
- client_id
- team_id
- key_id
- private_key
- authorize_scopes
For OpenID Connect (OIDC) providers:
- client_id
- client_secret
- attributes_request_method
- oidc_issuer
- authorize_scopes
The following keys are only present if Amazon Cognito didn't discover them at the
oidc_issuer
URL.- authorize_url
- token_url
- attributes_url
- jwks_uri
Amazon Cognito sets the value of the following keys automatically. They are read-only.
- attributes_url_add_attributes
For SAML providers:
- MetadataFile or MetadataURL
- IDPSignout optional
createIdentityProviderResponse_httpStatus :: Lens' CreateIdentityProviderResponse Int Source #
The response's http status code.
createIdentityProviderResponse_identityProvider :: Lens' CreateIdentityProviderResponse IdentityProviderType Source #
The newly created IdP object.
CreateResourceServer
createResourceServer_scopes :: Lens' CreateResourceServer (Maybe [ResourceServerScopeType]) Source #
A list of scopes. Each scope is a key-value map with the keys name
and
description
.
createResourceServer_userPoolId :: Lens' CreateResourceServer Text Source #
The user pool ID for the user pool.
createResourceServer_identifier :: Lens' CreateResourceServer Text Source #
A unique resource server identifier for the resource server. This could
be an HTTPS endpoint where the resource server is located, such as
https://my-weather-api.example.com
.
createResourceServer_name :: Lens' CreateResourceServer Text Source #
A friendly name for the resource server.
createResourceServerResponse_httpStatus :: Lens' CreateResourceServerResponse Int Source #
The response's http status code.
createResourceServerResponse_resourceServer :: Lens' CreateResourceServerResponse ResourceServerType Source #
The newly created resource server.
CreateUserImportJob
createUserImportJob_jobName :: Lens' CreateUserImportJob Text Source #
The job name for the user import job.
createUserImportJob_userPoolId :: Lens' CreateUserImportJob Text Source #
The user pool ID for the user pool that the users are being imported into.
createUserImportJob_cloudWatchLogsRoleArn :: Lens' CreateUserImportJob Text Source #
The role ARN for the Amazon CloudWatch Logs Logging role for the user import job.
createUserImportJobResponse_userImportJob :: Lens' CreateUserImportJobResponse (Maybe UserImportJobType) Source #
The job object that represents the user import job.
createUserImportJobResponse_httpStatus :: Lens' CreateUserImportJobResponse Int Source #
The response's http status code.
CreateUserPool
createUserPool_accountRecoverySetting :: Lens' CreateUserPool (Maybe AccountRecoverySettingType) Source #
The available verified method a user can use to recover their password
when they call ForgotPassword
. You can use this setting to define a
preferred method when a user has more than one method available. With
this setting, SMS doesn't qualify for a valid password recovery
mechanism if the user also has SMS multi-factor authentication (MFA)
activated. In the absence of this setting, Amazon Cognito uses the
legacy behavior to determine the recovery method where SMS is preferred
through email.
createUserPool_adminCreateUserConfig :: Lens' CreateUserPool (Maybe AdminCreateUserConfigType) Source #
The configuration for AdminCreateUser
requests.
createUserPool_aliasAttributes :: Lens' CreateUserPool (Maybe [AliasAttributeType]) Source #
Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username.
createUserPool_autoVerifiedAttributes :: Lens' CreateUserPool (Maybe [VerifiedAttributeType]) Source #
The attributes to be auto-verified. Possible values: email, phone_number.
createUserPool_deletionProtection :: Lens' CreateUserPool (Maybe DeletionProtectionType) Source #
When active, DeletionProtection
prevents accidental deletion of your
user pool. Before you can delete a user pool that you have protected
against deletion, you must deactivate this feature.
When you try to delete a protected user pool in a DeleteUserPool
API
request, Amazon Cognito returns an InvalidParameterException
error. To
delete a protected user pool, send a new DeleteUserPool
request after
you deactivate deletion protection in an UpdateUserPool
API request.
createUserPool_deviceConfiguration :: Lens' CreateUserPool (Maybe DeviceConfigurationType) Source #
The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.
When you provide a value for any DeviceConfiguration
field, you
activate the Amazon Cognito device-remembering feature.
createUserPool_emailConfiguration :: Lens' CreateUserPool (Maybe EmailConfigurationType) Source #
The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages from your user pool.
createUserPool_emailVerificationMessage :: Lens' CreateUserPool (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
createUserPool_emailVerificationSubject :: Lens' CreateUserPool (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
createUserPool_lambdaConfig :: Lens' CreateUserPool (Maybe LambdaConfigType) Source #
The Lambda trigger configuration information for the new user pool.
In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function.
For more information on using the Lambda API to add permission, see AddPermission .
For adding permission using the CLI, see add-permission .
createUserPool_mfaConfiguration :: Lens' CreateUserPool (Maybe UserPoolMfaType) Source #
Specifies MFA configuration details.
createUserPool_policies :: Lens' CreateUserPool (Maybe UserPoolPolicyType) Source #
The policies associated with the new user pool.
createUserPool_schema :: Lens' CreateUserPool (Maybe (NonEmpty SchemaAttributeType)) Source #
An array of schema attributes for the new user pool. These attributes can be standard or custom attributes.
createUserPool_smsAuthenticationMessage :: Lens' CreateUserPool (Maybe Text) Source #
A string representing the SMS authentication message.
createUserPool_smsConfiguration :: Lens' CreateUserPool (Maybe SmsConfigurationType) Source #
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.
createUserPool_smsVerificationMessage :: Lens' CreateUserPool (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
createUserPool_userAttributeUpdateSettings :: Lens' CreateUserPool (Maybe UserAttributeUpdateSettingsType) Source #
The settings for updates to user attributes. These settings include the
property AttributesRequireVerificationBeforeUpdate
, a user-pool
setting that tells Amazon Cognito how to handle changes to the value of
your users' email address and phone number attributes. For more
information, see
Verifying updates to email addresses and phone numbers.
createUserPool_userPoolAddOns :: Lens' CreateUserPool (Maybe UserPoolAddOnsType) Source #
Enables advanced security risk detection. Set the key
AdvancedSecurityMode
to the value "AUDIT".
createUserPool_userPoolTags :: Lens' CreateUserPool (Maybe (HashMap Text Text)) Source #
The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
createUserPool_usernameAttributes :: Lens' CreateUserPool (Maybe [UsernameAttributeType]) Source #
Specifies whether a user can use an email address or phone number as a username when they sign up.
createUserPool_usernameConfiguration :: Lens' CreateUserPool (Maybe UsernameConfigurationType) Source #
Case sensitivity on the username input for the selected sign-in option.
For example, when case sensitivity is set to False
, users can sign in
using either "username" or "Username". This configuration is
immutable once it has been set. For more information, see
UsernameConfigurationType.
createUserPool_verificationMessageTemplate :: Lens' CreateUserPool (Maybe VerificationMessageTemplateType) Source #
The template for the verification message that the user sees when the app requests permission to access the user's information.
createUserPool_poolName :: Lens' CreateUserPool Text Source #
A string used to name the user pool.
createUserPoolResponse_userPool :: Lens' CreateUserPoolResponse (Maybe UserPoolType) Source #
A container for the user pool details.
createUserPoolResponse_httpStatus :: Lens' CreateUserPoolResponse Int Source #
The response's http status code.
CreateUserPoolClient
createUserPoolClient_accessTokenValidity :: Lens' CreateUserPoolClient (Maybe Natural) Source #
The access token time limit. After this limit expires, your user can't
use their access token. To specify the time unit for
AccessTokenValidity
as seconds
, minutes
, hours
, or days
, set a
TokenValidityUnits
value in your API request.
For example, when you set AccessTokenValidity
to 10
and
TokenValidityUnits
to hours
, your user can authorize access with
their access token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one hour.
createUserPoolClient_allowedOAuthFlows :: Lens' CreateUserPoolClient (Maybe [OAuthFlowType]) Source #
The allowed OAuth flows.
- code
- Use a code grant flow, which provides an authorization code as the
response. This code can be exchanged for access tokens with the
/oauth2/token
endpoint. - implicit
- Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
- client_credentials
- Issue the access token from the
/oauth2/token
endpoint directly to a non-person user using a combination of the client ID and client secret.
createUserPoolClient_allowedOAuthFlowsUserPoolClient :: Lens' CreateUserPoolClient (Maybe Bool) Source #
Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.
createUserPoolClient_allowedOAuthScopes :: Lens' CreateUserPoolClient (Maybe [Text]) Source #
The allowed OAuth scopes. Possible values provided by OAuth are phone
,
email
, openid
, and profile
. Possible values provided by Amazon Web
Services are aws.cognito.signin.user.admin
. Custom scopes created in
Resource Servers are also supported.
createUserPoolClient_analyticsConfiguration :: Lens' CreateUserPoolClient (Maybe AnalyticsConfigurationType) Source #
The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.
In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.
createUserPoolClient_authSessionValidity :: Lens' CreateUserPoolClient (Maybe Natural) Source #
Amazon Cognito creates a session token for each API request in an
authentication flow. AuthSessionValidity
is the duration, in minutes,
of that session token. Your user pool native user must respond to each
authentication challenge before the session expires.
createUserPoolClient_callbackURLs :: Lens' CreateUserPoolClient (Maybe [Text]) Source #
A list of allowed redirect (callback) URLs for the IdPs.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
createUserPoolClient_defaultRedirectURI :: Lens' CreateUserPoolClient (Maybe Text) Source #
The default redirect URI. Must be in the CallbackURLs
list.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
createUserPoolClient_enablePropagateAdditionalUserContextData :: Lens' CreateUserPoolClient (Maybe Bool) Source #
Activates the propagation of additional user context data. For more
information about propagation of user context data, see
Adding advanced security to a user pool.
If you don’t include this parameter, you can't send device fingerprint
information, including source IP address, to Amazon Cognito advanced
security. You can only activate
EnablePropagateAdditionalUserContextData
in an app client that has a
client secret.
createUserPoolClient_enableTokenRevocation :: Lens' CreateUserPoolClient (Maybe Bool) Source #
Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
If you don't include this parameter, token revocation is automatically activated for the new user pool client.
createUserPoolClient_explicitAuthFlows :: Lens' CreateUserPoolClient (Maybe [ExplicitAuthFlowsType]) Source #
The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.
If you don't specify a value for ExplicitAuthFlows
, your user client
supports ALLOW_REFRESH_TOKEN_AUTH
, ALLOW_USER_SRP_AUTH
, and
ALLOW_CUSTOM_AUTH
.
Valid values include:
ALLOW_ADMIN_USER_PASSWORD_AUTH
: Enable admin based user password authentication flowADMIN_USER_PASSWORD_AUTH
. This setting replaces theADMIN_NO_SRP_AUTH
setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.ALLOW_CUSTOM_AUTH
: Enable Lambda trigger based authentication.ALLOW_USER_PASSWORD_AUTH
: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.ALLOW_USER_SRP_AUTH
: Enable SRP-based authentication.ALLOW_REFRESH_TOKEN_AUTH
: Enable authflow to refresh tokens.
In some environments, you will see the values ADMIN_NO_SRP_AUTH
,
CUSTOM_AUTH_FLOW_ONLY
, or USER_PASSWORD_AUTH
. You can't assign
these legacy ExplicitAuthFlows
values to user pool clients at the same
time as values that begin with ALLOW_
, like ALLOW_USER_SRP_AUTH
.
createUserPoolClient_generateSecret :: Lens' CreateUserPoolClient (Maybe Bool) Source #
Boolean to specify whether you want to generate a secret for the user pool client being created.
createUserPoolClient_idTokenValidity :: Lens' CreateUserPoolClient (Maybe Natural) Source #
The ID token time limit. After this limit expires, your user can't use
their ID token. To specify the time unit for IdTokenValidity
as
seconds
, minutes
, hours
, or days
, set a TokenValidityUnits
value in your API request.
For example, when you set IdTokenValidity
as 10
and
TokenValidityUnits
as hours
, your user can authenticate their
session with their ID token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
createUserPoolClient_logoutURLs :: Lens' CreateUserPoolClient (Maybe [Text]) Source #
A list of allowed logout URLs for the IdPs.
createUserPoolClient_preventUserExistenceErrors :: Lens' CreateUserPoolClient (Maybe PreventUserExistenceErrorTypes) Source #
Errors and responses that you want Amazon Cognito APIs to return during
authentication, account confirmation, and password recovery when the
user doesn't exist in the user pool. When set to ENABLED
and the user
doesn't exist, authentication returns an error indicating either the
username or password was incorrect. Account confirmation and password
recovery return a response indicating a code was sent to a simulated
destination. When set to LEGACY
, those APIs return a
UserNotFoundException
exception if the user doesn't exist in the user
pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.LEGACY
- This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.
createUserPoolClient_readAttributes :: Lens' CreateUserPoolClient (Maybe [Text]) Source #
The read attributes.
createUserPoolClient_refreshTokenValidity :: Lens' CreateUserPoolClient (Maybe Natural) Source #
The refresh token time limit. After this limit expires, your user can't
use their refresh token. To specify the time unit for
RefreshTokenValidity
as seconds
, minutes
, hours
, or days
, set
a TokenValidityUnits
value in your API request.
For example, when you set RefreshTokenValidity
as 10
and
TokenValidityUnits
as days
, your user can refresh their session and
retrieve new access and ID tokens for 10 days.
The default time unit for RefreshTokenValidity
in an API request is
days. You can't set RefreshTokenValidity
to 0. If you do, Amazon
Cognito overrides the value with the default value of 30 days. /Valid
range/ is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30 days.
createUserPoolClient_supportedIdentityProviders :: Lens' CreateUserPoolClient (Maybe [Text]) Source #
A list of provider names for the identity providers (IdPs) that are
supported on this client. The following are supported: COGNITO
,
Facebook
, Google
, SignInWithApple
, and LoginWithAmazon
. You can
also specify the names that you configured for the SAML and OIDC IdPs in
your user pool, for example MySAMLIdP
or MyOIDCIdP
.
createUserPoolClient_tokenValidityUnits :: Lens' CreateUserPoolClient (Maybe TokenValidityUnitsType) Source #
The units in which the validity times are represented. The default unit for RefreshToken is days, and default for ID and access tokens are hours.
createUserPoolClient_writeAttributes :: Lens' CreateUserPoolClient (Maybe [Text]) Source #
The user pool attributes that the app client can write to.
If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
createUserPoolClient_userPoolId :: Lens' CreateUserPoolClient Text Source #
The user pool ID for the user pool where you want to create a user pool client.
createUserPoolClient_clientName :: Lens' CreateUserPoolClient Text Source #
The client name for the user pool client you would like to create.
createUserPoolClientResponse_userPoolClient :: Lens' CreateUserPoolClientResponse (Maybe UserPoolClientType) Source #
The user pool client that was just created.
createUserPoolClientResponse_httpStatus :: Lens' CreateUserPoolClientResponse Int Source #
The response's http status code.
CreateUserPoolDomain
createUserPoolDomain_customDomainConfig :: Lens' CreateUserPoolDomain (Maybe CustomDomainConfigType) Source #
The configuration for a custom domain that hosts the sign-up and sign-in webpages for your application.
Provide this parameter only if you want to use a custom domain for your user pool. Otherwise, you can exclude this parameter and use the Amazon Cognito hosted domain instead.
For more information about the hosted domain and custom domains, see Configuring a User Pool Domain.
createUserPoolDomain_domain :: Lens' CreateUserPoolDomain Text Source #
The domain string. For custom domains, this is the fully-qualified
domain name, such as auth.example.com
. For Amazon Cognito prefix
domains, this is the prefix alone, such as auth
.
createUserPoolDomain_userPoolId :: Lens' CreateUserPoolDomain Text Source #
The user pool ID.
createUserPoolDomainResponse_cloudFrontDomain :: Lens' CreateUserPoolDomainResponse (Maybe Text) Source #
The Amazon CloudFront endpoint that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider.
createUserPoolDomainResponse_httpStatus :: Lens' CreateUserPoolDomainResponse Int Source #
The response's http status code.
DeleteGroup
deleteGroup_groupName :: Lens' DeleteGroup Text Source #
The name of the group.
deleteGroup_userPoolId :: Lens' DeleteGroup Text Source #
The user pool ID for the user pool.
DeleteIdentityProvider
deleteIdentityProvider_userPoolId :: Lens' DeleteIdentityProvider Text Source #
The user pool ID.
deleteIdentityProvider_providerName :: Lens' DeleteIdentityProvider Text Source #
The IdP name.
DeleteResourceServer
deleteResourceServer_userPoolId :: Lens' DeleteResourceServer Text Source #
The user pool ID for the user pool that hosts the resource server.
deleteResourceServer_identifier :: Lens' DeleteResourceServer Text Source #
The identifier for the resource server.
DeleteUser
deleteUser_accessToken :: Lens' DeleteUser Text Source #
A valid access token that Amazon Cognito issued to the user whose user profile you want to delete.
DeleteUserAttributes
deleteUserAttributes_userAttributeNames :: Lens' DeleteUserAttributes [Text] Source #
An array of strings representing the user attribute names you want to delete.
For custom attributes, you must prependattach the custom:
prefix to
the front of the attribute name.
deleteUserAttributes_accessToken :: Lens' DeleteUserAttributes Text Source #
A valid access token that Amazon Cognito issued to the user whose attributes you want to delete.
deleteUserAttributesResponse_httpStatus :: Lens' DeleteUserAttributesResponse Int Source #
The response's http status code.
DeleteUserPool
deleteUserPool_userPoolId :: Lens' DeleteUserPool Text Source #
The user pool ID for the user pool you want to delete.
DeleteUserPoolClient
deleteUserPoolClient_userPoolId :: Lens' DeleteUserPoolClient Text Source #
The user pool ID for the user pool where you want to delete the client.
deleteUserPoolClient_clientId :: Lens' DeleteUserPoolClient Text Source #
The app client ID of the app associated with the user pool.
DeleteUserPoolDomain
deleteUserPoolDomain_domain :: Lens' DeleteUserPoolDomain Text Source #
The domain string. For custom domains, this is the fully-qualified
domain name, such as auth.example.com
. For Amazon Cognito prefix
domains, this is the prefix alone, such as auth
.
deleteUserPoolDomain_userPoolId :: Lens' DeleteUserPoolDomain Text Source #
The user pool ID.
deleteUserPoolDomainResponse_httpStatus :: Lens' DeleteUserPoolDomainResponse Int Source #
The response's http status code.
DescribeIdentityProvider
describeIdentityProvider_userPoolId :: Lens' DescribeIdentityProvider Text Source #
The user pool ID.
describeIdentityProvider_providerName :: Lens' DescribeIdentityProvider Text Source #
The IdP name.
describeIdentityProviderResponse_httpStatus :: Lens' DescribeIdentityProviderResponse Int Source #
The response's http status code.
describeIdentityProviderResponse_identityProvider :: Lens' DescribeIdentityProviderResponse IdentityProviderType Source #
The identity provider details.
DescribeResourceServer
describeResourceServer_userPoolId :: Lens' DescribeResourceServer Text Source #
The user pool ID for the user pool that hosts the resource server.
describeResourceServer_identifier :: Lens' DescribeResourceServer Text Source #
The identifier for the resource server
describeResourceServerResponse_httpStatus :: Lens' DescribeResourceServerResponse Int Source #
The response's http status code.
describeResourceServerResponse_resourceServer :: Lens' DescribeResourceServerResponse ResourceServerType Source #
The resource server.
DescribeRiskConfiguration
describeRiskConfiguration_clientId :: Lens' DescribeRiskConfiguration (Maybe Text) Source #
The app client ID.
describeRiskConfiguration_userPoolId :: Lens' DescribeRiskConfiguration Text Source #
The user pool ID.
describeRiskConfigurationResponse_httpStatus :: Lens' DescribeRiskConfigurationResponse Int Source #
The response's http status code.
describeRiskConfigurationResponse_riskConfiguration :: Lens' DescribeRiskConfigurationResponse RiskConfigurationType Source #
The risk configuration.
DescribeUserImportJob
describeUserImportJob_userPoolId :: Lens' DescribeUserImportJob Text Source #
The user pool ID for the user pool that the users are being imported into.
describeUserImportJob_jobId :: Lens' DescribeUserImportJob Text Source #
The job ID for the user import job.
describeUserImportJobResponse_userImportJob :: Lens' DescribeUserImportJobResponse (Maybe UserImportJobType) Source #
The job object that represents the user import job.
describeUserImportJobResponse_httpStatus :: Lens' DescribeUserImportJobResponse Int Source #
The response's http status code.
DescribeUserPool
describeUserPool_userPoolId :: Lens' DescribeUserPool Text Source #
The user pool ID for the user pool you want to describe.
describeUserPoolResponse_userPool :: Lens' DescribeUserPoolResponse (Maybe UserPoolType) Source #
The container of metadata returned by the server to describe the pool.
describeUserPoolResponse_httpStatus :: Lens' DescribeUserPoolResponse Int Source #
The response's http status code.
DescribeUserPoolClient
describeUserPoolClient_userPoolId :: Lens' DescribeUserPoolClient Text Source #
The user pool ID for the user pool you want to describe.
describeUserPoolClient_clientId :: Lens' DescribeUserPoolClient Text Source #
The app client ID of the app associated with the user pool.
describeUserPoolClientResponse_userPoolClient :: Lens' DescribeUserPoolClientResponse (Maybe UserPoolClientType) Source #
The user pool client from a server response to describe the user pool client.
describeUserPoolClientResponse_httpStatus :: Lens' DescribeUserPoolClientResponse Int Source #
The response's http status code.
DescribeUserPoolDomain
describeUserPoolDomain_domain :: Lens' DescribeUserPoolDomain Text Source #
The domain string. For custom domains, this is the fully-qualified
domain name, such as auth.example.com
. For Amazon Cognito prefix
domains, this is the prefix alone, such as auth
.
describeUserPoolDomainResponse_domainDescription :: Lens' DescribeUserPoolDomainResponse (Maybe DomainDescriptionType) Source #
A domain description object containing information about the domain.
describeUserPoolDomainResponse_httpStatus :: Lens' DescribeUserPoolDomainResponse Int Source #
The response's http status code.
ForgetDevice
forgetDevice_accessToken :: Lens' ForgetDevice (Maybe Text) Source #
A valid access token that Amazon Cognito issued to the user whose registered device you want to forget.
forgetDevice_deviceKey :: Lens' ForgetDevice Text Source #
The device key.
ForgotPassword
forgotPassword_analyticsMetadata :: Lens' ForgotPassword (Maybe AnalyticsMetadataType) Source #
The Amazon Pinpoint analytics metadata that contributes to your metrics
for ForgotPassword
calls.
forgotPassword_clientMetadata :: Lens' ForgotPassword (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the ForgotPassword API action, Amazon Cognito
invokes any functions that are assigned to the following triggers: /pre
sign-up, custom message, and user migration/. When Amazon Cognito
invokes any of these functions, it passes a JSON payload, which the
function receives as input. This payload contains a clientMetadata
attribute, which provides the data that you assigned to the
ClientMetadata parameter in your ForgotPassword request. In your
function code in Lambda, you can process the clientMetadata
value to
enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
forgotPassword_secretHash :: Lens' ForgotPassword (Maybe Text) Source #
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
forgotPassword_userContextData :: Lens' ForgotPassword (Maybe UserContextDataType) Source #
Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
forgotPassword_clientId :: Lens' ForgotPassword Text Source #
The ID of the client associated with the user pool.
forgotPassword_username :: Lens' ForgotPassword Text Source #
The user name of the user for whom you want to enter a code to reset a forgotten password.
forgotPasswordResponse_codeDeliveryDetails :: Lens' ForgotPasswordResponse (Maybe CodeDeliveryDetailsType) Source #
The code delivery details returned by the server in response to the request to reset a password.
forgotPasswordResponse_httpStatus :: Lens' ForgotPasswordResponse Int Source #
The response's http status code.
GetCSVHeader
getCSVHeader_userPoolId :: Lens' GetCSVHeader Text Source #
The user pool ID for the user pool that the users are to be imported into.
getCSVHeaderResponse_cSVHeader :: Lens' GetCSVHeaderResponse (Maybe [Text]) Source #
The header information of the CSV file for the user import job.
getCSVHeaderResponse_userPoolId :: Lens' GetCSVHeaderResponse (Maybe Text) Source #
The user pool ID for the user pool that the users are to be imported into.
getCSVHeaderResponse_httpStatus :: Lens' GetCSVHeaderResponse Int Source #
The response's http status code.
GetDevice
getDevice_accessToken :: Lens' GetDevice (Maybe Text) Source #
A valid access token that Amazon Cognito issued to the user whose device information you want to request.
getDeviceResponse_httpStatus :: Lens' GetDeviceResponse Int Source #
The response's http status code.
getDeviceResponse_device :: Lens' GetDeviceResponse DeviceType Source #
The device.
GetGroup
getGroupResponse_group :: Lens' GetGroupResponse (Maybe GroupType) Source #
The group object for the group.
getGroupResponse_httpStatus :: Lens' GetGroupResponse Int Source #
The response's http status code.
GetIdentityProviderByIdentifier
getIdentityProviderByIdentifier_userPoolId :: Lens' GetIdentityProviderByIdentifier Text Source #
The user pool ID.
getIdentityProviderByIdentifier_idpIdentifier :: Lens' GetIdentityProviderByIdentifier Text Source #
The IdP identifier.
getIdentityProviderByIdentifierResponse_httpStatus :: Lens' GetIdentityProviderByIdentifierResponse Int Source #
The response's http status code.
getIdentityProviderByIdentifierResponse_identityProvider :: Lens' GetIdentityProviderByIdentifierResponse IdentityProviderType Source #
The identity provider details.
GetSigningCertificate
getSigningCertificate_userPoolId :: Lens' GetSigningCertificate Text Source #
The user pool ID.
getSigningCertificateResponse_certificate :: Lens' GetSigningCertificateResponse (Maybe Text) Source #
The signing certificate.
getSigningCertificateResponse_httpStatus :: Lens' GetSigningCertificateResponse Int Source #
The response's http status code.
GetUICustomization
getUICustomization_clientId :: Lens' GetUICustomization (Maybe Text) Source #
The client ID for the client app.
getUICustomization_userPoolId :: Lens' GetUICustomization Text Source #
The user pool ID for the user pool.
getUICustomizationResponse_httpStatus :: Lens' GetUICustomizationResponse Int Source #
The response's http status code.
getUICustomizationResponse_uICustomization :: Lens' GetUICustomizationResponse UICustomizationType Source #
The UI customization information.
GetUser
getUser_accessToken :: Lens' GetUser Text Source #
A non-expired access token for the user whose information you want to query.
getUserResponse_mfaOptions :: Lens' GetUserResponse (Maybe [MFAOptionType]) Source #
This response parameter is no longer supported. It provides information only about SMS MFA configurations. It doesn't provide information about time-based one-time password (TOTP) software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.
getUserResponse_preferredMfaSetting :: Lens' GetUserResponse (Maybe Text) Source #
The user's preferred MFA setting.
getUserResponse_userMFASettingList :: Lens' GetUserResponse (Maybe [Text]) Source #
The MFA options that are activated for the user. The possible values in
this list are SMS_MFA
and SOFTWARE_TOKEN_MFA
.
getUserResponse_httpStatus :: Lens' GetUserResponse Int Source #
The response's http status code.
getUserResponse_username :: Lens' GetUserResponse Text Source #
The user name of the user you want to retrieve from the get user request.
getUserResponse_userAttributes :: Lens' GetUserResponse [AttributeType] Source #
An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom:
prefix to the
attribute name.
GetUserAttributeVerificationCode
getUserAttributeVerificationCode_clientMetadata :: Lens' GetUserAttributeVerificationCode (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the GetUserAttributeVerificationCode API action,
Amazon Cognito invokes the function that is assigned to the /custom
message/ trigger. When Amazon Cognito invokes this function, it passes a
JSON payload, which the function receives as input. This payload
contains a clientMetadata
attribute, which provides the data that you
assigned to the ClientMetadata parameter in your
GetUserAttributeVerificationCode request. In your function code in
Lambda, you can process the clientMetadata
value to enhance your
workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
getUserAttributeVerificationCode_accessToken :: Lens' GetUserAttributeVerificationCode Text Source #
A non-expired access token for the user whose attribute verification code you want to generate.
getUserAttributeVerificationCode_attributeName :: Lens' GetUserAttributeVerificationCode Text Source #
The attribute name returned by the server response to get the user attribute verification code.
getUserAttributeVerificationCodeResponse_codeDeliveryDetails :: Lens' GetUserAttributeVerificationCodeResponse (Maybe CodeDeliveryDetailsType) Source #
The code delivery details returned by the server in response to the request to get the user attribute verification code.
getUserAttributeVerificationCodeResponse_httpStatus :: Lens' GetUserAttributeVerificationCodeResponse Int Source #
The response's http status code.
GetUserPoolMfaConfig
getUserPoolMfaConfig_userPoolId :: Lens' GetUserPoolMfaConfig Text Source #
The user pool ID.
getUserPoolMfaConfigResponse_mfaConfiguration :: Lens' GetUserPoolMfaConfigResponse (Maybe UserPoolMfaType) Source #
The multi-factor authentication (MFA) configuration. Valid values include:
OFF
MFA won't be used for any users.ON
MFA is required for all users to sign in.OPTIONAL
MFA will be required only for individual users who have an MFA factor activated.
getUserPoolMfaConfigResponse_smsMfaConfiguration :: Lens' GetUserPoolMfaConfigResponse (Maybe SmsMfaConfigType) Source #
The SMS text message multi-factor authentication (MFA) configuration.
getUserPoolMfaConfigResponse_softwareTokenMfaConfiguration :: Lens' GetUserPoolMfaConfigResponse (Maybe SoftwareTokenMfaConfigType) Source #
The software token multi-factor authentication (MFA) configuration.
getUserPoolMfaConfigResponse_httpStatus :: Lens' GetUserPoolMfaConfigResponse Int Source #
The response's http status code.
GlobalSignOut
globalSignOut_accessToken :: Lens' GlobalSignOut Text Source #
A valid access token that Amazon Cognito issued to the user who you want to sign out.
globalSignOutResponse_httpStatus :: Lens' GlobalSignOutResponse Int Source #
The response's http status code.
InitiateAuth
initiateAuth_analyticsMetadata :: Lens' InitiateAuth (Maybe AnalyticsMetadataType) Source #
The Amazon Pinpoint analytics metadata that contributes to your metrics
for InitiateAuth
calls.
initiateAuth_authParameters :: Lens' InitiateAuth (Maybe (HashMap Text Text)) Source #
The authentication parameters. These are inputs corresponding to the
AuthFlow
that you're invoking. The required values depend on the
value of AuthFlow
:
- For
USER_SRP_AUTH
:USERNAME
(required),SRP_A
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. - For
REFRESH_TOKEN_AUTH/REFRESH_TOKEN
:REFRESH_TOKEN
(required),SECRET_HASH
(required if the app client is configured with a client secret),DEVICE_KEY
. - For
CUSTOM_AUTH
:USERNAME
(required),SECRET_HASH
(if app client is configured with client secret),DEVICE_KEY
. To start the authentication flow with password verification, includeChallengeName: SRP_A
andSRP_A: (The SRP_A Value)
.
initiateAuth_clientMetadata :: Lens' InitiateAuth (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:
- Pre signup
- Pre authentication
- User migration
When Amazon Cognito invokes the functions for these triggers, it passes
a JSON payload, which the function receives as input. This payload
contains a validationData
attribute, which provides the data that you
assigned to the ClientMetadata parameter in your InitiateAuth request.
In your function code in Lambda, you can process the validationData
value to enhance your workflow for your specific needs.
When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:
- Post authentication
- Custom message
- Pre token generation
- Create auth challenge
- Define auth challenge
- Verify auth challenge
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
initiateAuth_userContextData :: Lens' InitiateAuth (Maybe UserContextDataType) Source #
Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
initiateAuth_authFlow :: Lens' InitiateAuth AuthFlowType Source #
The authentication flow for this call to run. The API action will depend on this value. For example:
REFRESH_TOKEN_AUTH
takes in a valid refresh token and returns new tokens.USER_SRP_AUTH
takes inUSERNAME
andSRP_A
and returns the SRP variables to be used for next challenge execution.USER_PASSWORD_AUTH
takes inUSERNAME
andPASSWORD
and returns the next challenge or tokens.
Valid values include:
USER_SRP_AUTH
: Authentication flow for the Secure Remote Password (SRP) protocol.REFRESH_TOKEN_AUTH
/REFRESH_TOKEN
: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.CUSTOM_AUTH
: Custom authentication flow.USER_PASSWORD_AUTH
: Non-SRP authentication flow; user name and password are passed directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambda if it doesn't find the user name in the user pool.
ADMIN_NO_SRP_AUTH
isn't a valid value.
initiateAuth_clientId :: Lens' InitiateAuth Text Source #
The app client ID.
initiateAuthResponse_authenticationResult :: Lens' InitiateAuthResponse (Maybe AuthenticationResultType) Source #
The result of the authentication response. This result is only returned
if the caller doesn't need to pass another challenge. If the caller
does need to pass another challenge before it gets tokens,
ChallengeName
, ChallengeParameters
, and Session
are returned.
initiateAuthResponse_challengeName :: Lens' InitiateAuthResponse (Maybe ChallengeNameType) Source #
The name of the challenge that you're responding to with this call.
This name is returned in the AdminInitiateAuth
response if you must
pass another challenge.
Valid values include the following:
All of the following challenges require USERNAME
and SECRET_HASH
(if
applicable) in the parameters.
SMS_MFA
: Next challenge is to supply anSMS_MFA_CODE
, delivered via SMS.PASSWORD_VERIFIER
: Next challenge is to supplyPASSWORD_CLAIM_SIGNATURE
,PASSWORD_CLAIM_SECRET_BLOCK
, andTIMESTAMP
after the client-side SRP calculations.CUSTOM_CHALLENGE
: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.DEVICE_SRP_AUTH
: If device tracking was activated on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.DEVICE_PASSWORD_VERIFIER
: Similar toPASSWORD_VERIFIER
, but for devices only.NEW_PASSWORD_REQUIRED
: For users who are required to change their passwords after successful first login.Respond to this challenge with
NEW_PASSWORD
and any required attributes that Amazon Cognito returned in therequiredAttributes
parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.In a
NEW_PASSWORD_REQUIRED
challenge response, you can't modify a required attribute that already has a value. InRespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in therequiredAttributes
parameter, then use theUpdateUserAttributes
API operation to modify the value of any additional attributes.MFA_SETUP
: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parametersMFA_CAN_SETUP
value.To set up software token MFA, use the session returned here from
InitiateAuth
as an input toAssociateSoftwareToken
. Use the session returned byVerifySoftwareToken
as an input toRespondToAuthChallenge
with challenge nameMFA_SETUP
to complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user should callInitiateAuth
again to restart sign-in.
initiateAuthResponse_challengeParameters :: Lens' InitiateAuthResponse (Maybe (HashMap Text Text)) Source #
The challenge parameters. These are returned in the InitiateAuth
response if you must pass another challenge. The responses in this
parameter should be used to compute inputs to the next call
(RespondToAuthChallenge
).
All challenges require USERNAME
and SECRET_HASH
(if applicable).
initiateAuthResponse_session :: Lens' InitiateAuthResponse (Maybe Text) Source #
The session that should pass both ways in challenge-response calls to
the service. If the caller must pass another challenge, they return a
session with other challenge parameters. This session should be passed
as it is to the next RespondToAuthChallenge
API call.
initiateAuthResponse_httpStatus :: Lens' InitiateAuthResponse Int Source #
The response's http status code.
ListDevices
listDevices_limit :: Lens' ListDevices (Maybe Natural) Source #
The limit of the device request.
listDevices_paginationToken :: Lens' ListDevices (Maybe Text) Source #
The pagination token for the list request.
listDevices_accessToken :: Lens' ListDevices Text Source #
A valid access token that Amazon Cognito issued to the user whose list of devices you want to view.
listDevicesResponse_devices :: Lens' ListDevicesResponse (Maybe [DeviceType]) Source #
The devices returned in the list devices response.
listDevicesResponse_paginationToken :: Lens' ListDevicesResponse (Maybe Text) Source #
The pagination token for the list device response.
listDevicesResponse_httpStatus :: Lens' ListDevicesResponse Int Source #
The response's http status code.
ListGroups
listGroups_limit :: Lens' ListGroups (Maybe Natural) Source #
The limit of the request to list groups.
listGroups_nextToken :: Lens' ListGroups (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
listGroups_userPoolId :: Lens' ListGroups Text Source #
The user pool ID for the user pool.
listGroupsResponse_groups :: Lens' ListGroupsResponse (Maybe [GroupType]) Source #
The group objects for the groups.
listGroupsResponse_nextToken :: Lens' ListGroupsResponse (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
listGroupsResponse_httpStatus :: Lens' ListGroupsResponse Int Source #
The response's http status code.
ListIdentityProviders
listIdentityProviders_maxResults :: Lens' ListIdentityProviders (Maybe Natural) Source #
The maximum number of IdPs to return.
listIdentityProviders_nextToken :: Lens' ListIdentityProviders (Maybe Text) Source #
A pagination token.
listIdentityProviders_userPoolId :: Lens' ListIdentityProviders Text Source #
The user pool ID.
listIdentityProvidersResponse_nextToken :: Lens' ListIdentityProvidersResponse (Maybe Text) Source #
A pagination token.
listIdentityProvidersResponse_httpStatus :: Lens' ListIdentityProvidersResponse Int Source #
The response's http status code.
listIdentityProvidersResponse_providers :: Lens' ListIdentityProvidersResponse [ProviderDescription] Source #
A list of IdP objects.
ListResourceServers
listResourceServers_maxResults :: Lens' ListResourceServers (Maybe Natural) Source #
The maximum number of resource servers to return.
listResourceServers_nextToken :: Lens' ListResourceServers (Maybe Text) Source #
A pagination token.
listResourceServers_userPoolId :: Lens' ListResourceServers Text Source #
The user pool ID for the user pool.
listResourceServersResponse_nextToken :: Lens' ListResourceServersResponse (Maybe Text) Source #
A pagination token.
listResourceServersResponse_httpStatus :: Lens' ListResourceServersResponse Int Source #
The response's http status code.
listResourceServersResponse_resourceServers :: Lens' ListResourceServersResponse [ResourceServerType] Source #
The resource servers.
ListTagsForResource
listTagsForResource_resourceArn :: Lens' ListTagsForResource Text Source #
The Amazon Resource Name (ARN) of the user pool that the tags are assigned to.
listTagsForResourceResponse_tags :: Lens' ListTagsForResourceResponse (Maybe (HashMap Text Text)) Source #
The tags that are assigned to the user pool.
listTagsForResourceResponse_httpStatus :: Lens' ListTagsForResourceResponse Int Source #
The response's http status code.
ListUserImportJobs
listUserImportJobs_paginationToken :: Lens' ListUserImportJobs (Maybe Text) Source #
An identifier that was returned from the previous call to
ListUserImportJobs
, which can be used to return the next set of import
jobs in the list.
listUserImportJobs_userPoolId :: Lens' ListUserImportJobs Text Source #
The user pool ID for the user pool that the users are being imported into.
listUserImportJobs_maxResults :: Lens' ListUserImportJobs Natural Source #
The maximum number of import jobs you want the request to return.
listUserImportJobsResponse_paginationToken :: Lens' ListUserImportJobsResponse (Maybe Text) Source #
An identifier that can be used to return the next set of user import jobs in the list.
listUserImportJobsResponse_userImportJobs :: Lens' ListUserImportJobsResponse (Maybe (NonEmpty UserImportJobType)) Source #
The user import jobs.
listUserImportJobsResponse_httpStatus :: Lens' ListUserImportJobsResponse Int Source #
The response's http status code.
ListUserPoolClients
listUserPoolClients_maxResults :: Lens' ListUserPoolClients (Maybe Natural) Source #
The maximum number of results you want the request to return when listing the user pool clients.
listUserPoolClients_nextToken :: Lens' ListUserPoolClients (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
listUserPoolClients_userPoolId :: Lens' ListUserPoolClients Text Source #
The user pool ID for the user pool where you want to list user pool clients.
listUserPoolClientsResponse_nextToken :: Lens' ListUserPoolClientsResponse (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
listUserPoolClientsResponse_userPoolClients :: Lens' ListUserPoolClientsResponse (Maybe [UserPoolClientDescription]) Source #
The user pool clients in the response that lists user pool clients.
listUserPoolClientsResponse_httpStatus :: Lens' ListUserPoolClientsResponse Int Source #
The response's http status code.
ListUserPools
listUserPools_nextToken :: Lens' ListUserPools (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
listUserPools_maxResults :: Lens' ListUserPools Natural Source #
The maximum number of results you want the request to return when listing the user pools.
listUserPoolsResponse_nextToken :: Lens' ListUserPoolsResponse (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
listUserPoolsResponse_userPools :: Lens' ListUserPoolsResponse (Maybe [UserPoolDescriptionType]) Source #
The user pools from the response to list users.
listUserPoolsResponse_httpStatus :: Lens' ListUserPoolsResponse Int Source #
The response's http status code.
ListUsers
listUsers_attributesToGet :: Lens' ListUsers (Maybe [Text]) Source #
An array of strings, where each string is the name of a user attribute to be returned for each user in the search results. If the array is null, all attributes are returned.
listUsers_filter :: Lens' ListUsers (Maybe Text) Source #
A filter string of the form "AttributeName Filter-Type
"AttributeValue"". Quotation marks within the filter string must be
escaped using the backslash (\) character. For example, "family_name
= \"Reddy\"".
- AttributeName: The name of the attribute to search for. You can only search for one attribute at a time.
- Filter-Type: For an exact match, use =, for example,
"
given_name
= \"Jon\"". For a prefix ("starts with") match, use ^=, for example, "given_name
^= \"Jon\"". - AttributeValue: The attribute value that must be matched for each user.
If the filter string is empty, ListUsers
returns all users in the user
pool.
You can only search for the following standard attributes:
username
(case-sensitive)email
phone_number
name
given_name
family_name
preferred_username
cognito:user_status
(called Status in the Console) (case-insensitive)status (called
Enabled
in the Console) (case-sensitive)
sub
Custom attributes aren't searchable.
You can also list users with a client-side filter. The server-side
filter matches no more than one attribute. For an advanced search, use a
client-side filter with the --query
parameter of the list-users
action in the CLI. When you use a client-side filter, ListUsers returns
a paginated list of zero or more users. You can receive multiple pages
in a row with zero results. Repeat the query with each pagination token
that is returned until you receive a null pagination token value, and
then review the combined result.
For more information about server-side and client-side filtering, see FilteringCLI output in the Command Line Interface User Guide.
For more information, see Searching for Users Using the ListUsers API and Examples of Using the ListUsers API in the Amazon Cognito Developer Guide.
listUsers_paginationToken :: Lens' ListUsers (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
listUsers_userPoolId :: Lens' ListUsers Text Source #
The user pool ID for the user pool on which the search should be performed.
listUsersResponse_paginationToken :: Lens' ListUsersResponse (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
listUsersResponse_users :: Lens' ListUsersResponse (Maybe [UserType]) Source #
The users returned in the request to list users.
listUsersResponse_httpStatus :: Lens' ListUsersResponse Int Source #
The response's http status code.
ListUsersInGroup
listUsersInGroup_limit :: Lens' ListUsersInGroup (Maybe Natural) Source #
The limit of the request to list users.
listUsersInGroup_nextToken :: Lens' ListUsersInGroup (Maybe Text) Source #
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
listUsersInGroup_userPoolId :: Lens' ListUsersInGroup Text Source #
The user pool ID for the user pool.
listUsersInGroup_groupName :: Lens' ListUsersInGroup Text Source #
The name of the group.
listUsersInGroupResponse_nextToken :: Lens' ListUsersInGroupResponse (Maybe Text) Source #
An identifier that you can use in a later request to return the next set of items in the list.
listUsersInGroupResponse_users :: Lens' ListUsersInGroupResponse (Maybe [UserType]) Source #
The users returned in the request to list users.
listUsersInGroupResponse_httpStatus :: Lens' ListUsersInGroupResponse Int Source #
The response's http status code.
ResendConfirmationCode
resendConfirmationCode_analyticsMetadata :: Lens' ResendConfirmationCode (Maybe AnalyticsMetadataType) Source #
The Amazon Pinpoint analytics metadata that contributes to your metrics
for ResendConfirmationCode
calls.
resendConfirmationCode_clientMetadata :: Lens' ResendConfirmationCode (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the ResendConfirmationCode API action, Amazon
Cognito invokes the function that is assigned to the custom message
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to
the ClientMetadata parameter in your ResendConfirmationCode request. In
your function code in Lambda, you can process the clientMetadata
value
to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
resendConfirmationCode_secretHash :: Lens' ResendConfirmationCode (Maybe Text) Source #
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
resendConfirmationCode_userContextData :: Lens' ResendConfirmationCode (Maybe UserContextDataType) Source #
Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
resendConfirmationCode_clientId :: Lens' ResendConfirmationCode Text Source #
The ID of the client associated with the user pool.
resendConfirmationCode_username :: Lens' ResendConfirmationCode Text Source #
The username
attribute of the user to whom you want to resend a
confirmation code.
resendConfirmationCodeResponse_codeDeliveryDetails :: Lens' ResendConfirmationCodeResponse (Maybe CodeDeliveryDetailsType) Source #
The code delivery details returned by the server in response to the request to resend the confirmation code.
resendConfirmationCodeResponse_httpStatus :: Lens' ResendConfirmationCodeResponse Int Source #
The response's http status code.
RespondToAuthChallenge
respondToAuthChallenge_analyticsMetadata :: Lens' RespondToAuthChallenge (Maybe AnalyticsMetadataType) Source #
The Amazon Pinpoint analytics metadata that contributes to your metrics
for RespondToAuthChallenge
calls.
respondToAuthChallenge_challengeResponses :: Lens' RespondToAuthChallenge (Maybe (HashMap Text Text)) Source #
The challenge responses. These are inputs corresponding to the value of
ChallengeName
, for example:
SECRET_HASH
(if app client is configured with client secret) applies
to all of the inputs that follow (including SOFTWARE_TOKEN_MFA
).
SMS_MFA
:SMS_MFA_CODE
,USERNAME
.PASSWORD_VERIFIER
:PASSWORD_CLAIM_SIGNATURE
,PASSWORD_CLAIM_SECRET_BLOCK
,TIMESTAMP
,USERNAME
.PASSWORD_VERIFIER
requiresDEVICE_KEY
when you sign in with a remembered device.NEW_PASSWORD_REQUIRED
:NEW_PASSWORD
,USERNAME
,SECRET_HASH
(if app client is configured with client secret). To set any required attributes that Amazon Cognito returned asrequiredAttributes
in theInitiateAuth
response, add auserAttributes.
attributename
In a
NEW_PASSWORD_REQUIRED
challenge response, you can't modify a required attribute that already has a value. InRespondToAuthChallenge
, set a value for any keys that Amazon Cognito returned in therequiredAttributes
parameter, then use theUpdateUserAttributes
API operation to modify the value of any additional attributes.SOFTWARE_TOKEN_MFA
:USERNAME
andSOFTWARE_TOKEN_MFA_CODE
are required attributes.DEVICE_SRP_AUTH
requiresUSERNAME
,DEVICE_KEY
,SRP_A
(andSECRET_HASH
).DEVICE_PASSWORD_VERIFIER
requires everything thatPASSWORD_VERIFIER
requires, plusDEVICE_KEY
.MFA_SETUP
requiresUSERNAME
, plus you must use the session value returned byVerifySoftwareToken
in theSession
parameter.
respondToAuthChallenge_clientMetadata :: Lens' RespondToAuthChallenge (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the RespondToAuthChallenge API action, Amazon
Cognito invokes any functions that are assigned to the following
triggers: post authentication, pre token generation, /define auth
challenge, create auth challenge, and verify auth challenge/. When
Amazon Cognito invokes any of these functions, it passes a JSON payload,
which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to
the ClientMetadata parameter in your RespondToAuthChallenge request. In
your function code in Lambda, you can process the clientMetadata
value
to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
respondToAuthChallenge_session :: Lens' RespondToAuthChallenge (Maybe Text) Source #
The session that should be passed both ways in challenge-response calls
to the service. If InitiateAuth
or RespondToAuthChallenge
API call
determines that the caller must pass another challenge, they return a
session with other challenge parameters. This session should be passed
as it is to the next RespondToAuthChallenge
API call.
respondToAuthChallenge_userContextData :: Lens' RespondToAuthChallenge (Maybe UserContextDataType) Source #
Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
respondToAuthChallenge_clientId :: Lens' RespondToAuthChallenge Text Source #
The app client ID.
respondToAuthChallenge_challengeName :: Lens' RespondToAuthChallenge ChallengeNameType Source #
The challenge name. For more information, see InitiateAuth.
ADMIN_NO_SRP_AUTH
isn't a valid value.
respondToAuthChallengeResponse_authenticationResult :: Lens' RespondToAuthChallengeResponse (Maybe AuthenticationResultType) Source #
The result returned by the server in response to the request to respond to the authentication challenge.
respondToAuthChallengeResponse_challengeName :: Lens' RespondToAuthChallengeResponse (Maybe ChallengeNameType) Source #
The challenge name. For more information, see InitiateAuth.
respondToAuthChallengeResponse_challengeParameters :: Lens' RespondToAuthChallengeResponse (Maybe (HashMap Text Text)) Source #
The challenge parameters. For more information, see InitiateAuth.
respondToAuthChallengeResponse_session :: Lens' RespondToAuthChallengeResponse (Maybe Text) Source #
The session that should be passed both ways in challenge-response calls
to the service. If the caller must pass another challenge, they return a
session with other challenge parameters. This session should be passed
as it is to the next RespondToAuthChallenge
API call.
respondToAuthChallengeResponse_httpStatus :: Lens' RespondToAuthChallengeResponse Int Source #
The response's http status code.
RevokeToken
revokeToken_clientSecret :: Lens' RevokeToken (Maybe Text) Source #
The secret for the client ID. This is required only if the client ID has a secret.
revokeToken_token :: Lens' RevokeToken Text Source #
The refresh token that you want to revoke.
revokeToken_clientId :: Lens' RevokeToken Text Source #
The client ID for the token that you want to revoke.
revokeTokenResponse_httpStatus :: Lens' RevokeTokenResponse Int Source #
The response's http status code.
SetRiskConfiguration
setRiskConfiguration_accountTakeoverRiskConfiguration :: Lens' SetRiskConfiguration (Maybe AccountTakeoverRiskConfigurationType) Source #
The account takeover risk configuration.
setRiskConfiguration_clientId :: Lens' SetRiskConfiguration (Maybe Text) Source #
The app client ID. If ClientId
is null, then the risk configuration is
mapped to userPoolId
. When the client ID is null, the same risk
configuration is applied to all the clients in the userPool.
Otherwise, ClientId
is mapped to the client. When the client ID isn't
null, the user pool configuration is overridden and the risk
configuration for the client is used instead.
setRiskConfiguration_compromisedCredentialsRiskConfiguration :: Lens' SetRiskConfiguration (Maybe CompromisedCredentialsRiskConfigurationType) Source #
The compromised credentials risk configuration.
setRiskConfiguration_riskExceptionConfiguration :: Lens' SetRiskConfiguration (Maybe RiskExceptionConfigurationType) Source #
The configuration to override the risk decision.
setRiskConfiguration_userPoolId :: Lens' SetRiskConfiguration Text Source #
The user pool ID.
setRiskConfigurationResponse_httpStatus :: Lens' SetRiskConfigurationResponse Int Source #
The response's http status code.
setRiskConfigurationResponse_riskConfiguration :: Lens' SetRiskConfigurationResponse RiskConfigurationType Source #
The risk configuration.
SetUICustomization
setUICustomization_css :: Lens' SetUICustomization (Maybe Text) Source #
The CSS values in the UI customization.
setUICustomization_clientId :: Lens' SetUICustomization (Maybe Text) Source #
The client ID for the client app.
setUICustomization_imageFile :: Lens' SetUICustomization (Maybe ByteString) Source #
The uploaded logo image for the UI customization.--
-- Note: This Lens
automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens
accepts and returns only raw unencoded data.
setUICustomization_userPoolId :: Lens' SetUICustomization Text Source #
The user pool ID for the user pool.
setUICustomizationResponse_httpStatus :: Lens' SetUICustomizationResponse Int Source #
The response's http status code.
setUICustomizationResponse_uICustomization :: Lens' SetUICustomizationResponse UICustomizationType Source #
The UI customization information.
SetUserMFAPreference
setUserMFAPreference_sMSMfaSettings :: Lens' SetUserMFAPreference (Maybe SMSMfaSettingsType) Source #
The SMS text message multi-factor authentication (MFA) settings.
setUserMFAPreference_softwareTokenMfaSettings :: Lens' SetUserMFAPreference (Maybe SoftwareTokenMfaSettingsType) Source #
The time-based one-time password (TOTP) software token MFA settings.
setUserMFAPreference_accessToken :: Lens' SetUserMFAPreference Text Source #
A valid access token that Amazon Cognito issued to the user whose MFA preference you want to set.
setUserMFAPreferenceResponse_httpStatus :: Lens' SetUserMFAPreferenceResponse Int Source #
The response's http status code.
SetUserPoolMfaConfig
setUserPoolMfaConfig_mfaConfiguration :: Lens' SetUserPoolMfaConfig (Maybe UserPoolMfaType) Source #
The MFA configuration. If you set the MfaConfiguration value to ‘ON’, only users who have set up an MFA factor can sign in. To learn more, see Adding Multi-Factor Authentication (MFA) to a user pool. Valid values include:
OFF
MFA won't be used for any users.ON
MFA is required for all users to sign in.OPTIONAL
MFA will be required only for individual users who have an MFA factor activated.
setUserPoolMfaConfig_smsMfaConfiguration :: Lens' SetUserPoolMfaConfig (Maybe SmsMfaConfigType) Source #
The SMS text message MFA configuration.
setUserPoolMfaConfig_softwareTokenMfaConfiguration :: Lens' SetUserPoolMfaConfig (Maybe SoftwareTokenMfaConfigType) Source #
The software token MFA configuration.
setUserPoolMfaConfig_userPoolId :: Lens' SetUserPoolMfaConfig Text Source #
The user pool ID.
setUserPoolMfaConfigResponse_mfaConfiguration :: Lens' SetUserPoolMfaConfigResponse (Maybe UserPoolMfaType) Source #
The MFA configuration. Valid values include:
OFF
MFA won't be used for any users.ON
MFA is required for all users to sign in.OPTIONAL
MFA will be required only for individual users who have an MFA factor enabled.
setUserPoolMfaConfigResponse_smsMfaConfiguration :: Lens' SetUserPoolMfaConfigResponse (Maybe SmsMfaConfigType) Source #
The SMS text message MFA configuration.
setUserPoolMfaConfigResponse_softwareTokenMfaConfiguration :: Lens' SetUserPoolMfaConfigResponse (Maybe SoftwareTokenMfaConfigType) Source #
The software token MFA configuration.
setUserPoolMfaConfigResponse_httpStatus :: Lens' SetUserPoolMfaConfigResponse Int Source #
The response's http status code.
SetUserSettings
setUserSettings_accessToken :: Lens' SetUserSettings Text Source #
A valid access token that Amazon Cognito issued to the user whose user settings you want to configure.
setUserSettings_mfaOptions :: Lens' SetUserSettings [MFAOptionType] Source #
You can use this parameter only to set an SMS configuration that uses SMS for delivery.
setUserSettingsResponse_httpStatus :: Lens' SetUserSettingsResponse Int Source #
The response's http status code.
SignUp
signUp_analyticsMetadata :: Lens' SignUp (Maybe AnalyticsMetadataType) Source #
The Amazon Pinpoint analytics metadata that contributes to your metrics
for SignUp
calls.
signUp_clientMetadata :: Lens' SignUp (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the SignUp API action, Amazon Cognito invokes any
functions that are assigned to the following triggers: pre sign-up,
custom message, and post confirmation. When Amazon Cognito invokes
any of these functions, it passes a JSON payload, which the function
receives as input. This payload contains a clientMetadata
attribute,
which provides the data that you assigned to the ClientMetadata
parameter in your SignUp request. In your function code in Lambda, you
can process the clientMetadata
value to enhance your workflow for your
specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
signUp_secretHash :: Lens' SignUp (Maybe Text) Source #
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
signUp_userAttributes :: Lens' SignUp (Maybe [AttributeType]) Source #
An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom:
prefix to the
attribute name.
signUp_userContextData :: Lens' SignUp (Maybe UserContextDataType) Source #
Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.
signUp_validationData :: Lens' SignUp (Maybe [AttributeType]) Source #
The validation data in the request to register a user.
signUpResponse_codeDeliveryDetails :: Lens' SignUpResponse (Maybe CodeDeliveryDetailsType) Source #
The code delivery details returned by the server response to the user registration request.
signUpResponse_httpStatus :: Lens' SignUpResponse Int Source #
The response's http status code.
signUpResponse_userConfirmed :: Lens' SignUpResponse Bool Source #
A response from the server indicating that a user registration has been confirmed.
signUpResponse_userSub :: Lens' SignUpResponse Text Source #
The UUID of the authenticated user. This isn't the same as username
.
StartUserImportJob
startUserImportJob_userPoolId :: Lens' StartUserImportJob Text Source #
The user pool ID for the user pool that the users are being imported into.
startUserImportJob_jobId :: Lens' StartUserImportJob Text Source #
The job ID for the user import job.
startUserImportJobResponse_userImportJob :: Lens' StartUserImportJobResponse (Maybe UserImportJobType) Source #
The job object that represents the user import job.
startUserImportJobResponse_httpStatus :: Lens' StartUserImportJobResponse Int Source #
The response's http status code.
StopUserImportJob
stopUserImportJob_userPoolId :: Lens' StopUserImportJob Text Source #
The user pool ID for the user pool that the users are being imported into.
stopUserImportJob_jobId :: Lens' StopUserImportJob Text Source #
The job ID for the user import job.
stopUserImportJobResponse_userImportJob :: Lens' StopUserImportJobResponse (Maybe UserImportJobType) Source #
The job object that represents the user import job.
stopUserImportJobResponse_httpStatus :: Lens' StopUserImportJobResponse Int Source #
The response's http status code.
TagResource
tagResource_resourceArn :: Lens' TagResource Text Source #
The Amazon Resource Name (ARN) of the user pool to assign the tags to.
tagResource_tags :: Lens' TagResource (HashMap Text Text) Source #
The tags to assign to the user pool.
tagResourceResponse_httpStatus :: Lens' TagResourceResponse Int Source #
The response's http status code.
UntagResource
untagResource_resourceArn :: Lens' UntagResource Text Source #
The Amazon Resource Name (ARN) of the user pool that the tags are assigned to.
untagResource_tagKeys :: Lens' UntagResource [Text] Source #
The keys of the tags to remove from the user pool.
untagResourceResponse_httpStatus :: Lens' UntagResourceResponse Int Source #
The response's http status code.
UpdateAuthEventFeedback
updateAuthEventFeedback_userPoolId :: Lens' UpdateAuthEventFeedback Text Source #
The user pool ID.
updateAuthEventFeedback_username :: Lens' UpdateAuthEventFeedback Text Source #
The user pool username.
updateAuthEventFeedback_eventId :: Lens' UpdateAuthEventFeedback Text Source #
The event ID.
updateAuthEventFeedback_feedbackToken :: Lens' UpdateAuthEventFeedback Text Source #
The feedback token.
updateAuthEventFeedback_feedbackValue :: Lens' UpdateAuthEventFeedback FeedbackValueType Source #
The authentication event feedback value.
updateAuthEventFeedbackResponse_httpStatus :: Lens' UpdateAuthEventFeedbackResponse Int Source #
The response's http status code.
UpdateDeviceStatus
updateDeviceStatus_deviceRememberedStatus :: Lens' UpdateDeviceStatus (Maybe DeviceRememberedStatusType) Source #
The status of whether a device is remembered.
updateDeviceStatus_accessToken :: Lens' UpdateDeviceStatus Text Source #
A valid access token that Amazon Cognito issued to the user whose device status you want to update.
updateDeviceStatus_deviceKey :: Lens' UpdateDeviceStatus Text Source #
The device key.
updateDeviceStatusResponse_httpStatus :: Lens' UpdateDeviceStatusResponse Int Source #
The response's http status code.
UpdateGroup
updateGroup_description :: Lens' UpdateGroup (Maybe Text) Source #
A string containing the new description of the group.
updateGroup_precedence :: Lens' UpdateGroup (Maybe Natural) Source #
The new precedence value for the group. For more information about this parameter, see CreateGroup.
updateGroup_roleArn :: Lens' UpdateGroup (Maybe Text) Source #
The new role Amazon Resource Name (ARN) for the group. This is used for
setting the cognito:roles
and cognito:preferred_role
claims in the
token.
updateGroup_groupName :: Lens' UpdateGroup Text Source #
The name of the group.
updateGroup_userPoolId :: Lens' UpdateGroup Text Source #
The user pool ID for the user pool.
updateGroupResponse_group :: Lens' UpdateGroupResponse (Maybe GroupType) Source #
The group object for the group.
updateGroupResponse_httpStatus :: Lens' UpdateGroupResponse Int Source #
The response's http status code.
UpdateIdentityProvider
updateIdentityProvider_attributeMapping :: Lens' UpdateIdentityProvider (Maybe (HashMap Text Text)) Source #
The IdP attribute mapping to be changed.
updateIdentityProvider_idpIdentifiers :: Lens' UpdateIdentityProvider (Maybe [Text]) Source #
A list of IdP identifiers.
updateIdentityProvider_providerDetails :: Lens' UpdateIdentityProvider (Maybe (HashMap Text Text)) Source #
The IdP details to be updated, such as MetadataURL
and MetadataFile
.
updateIdentityProvider_userPoolId :: Lens' UpdateIdentityProvider Text Source #
The user pool ID.
updateIdentityProvider_providerName :: Lens' UpdateIdentityProvider Text Source #
The IdP name.
updateIdentityProviderResponse_httpStatus :: Lens' UpdateIdentityProviderResponse Int Source #
The response's http status code.
updateIdentityProviderResponse_identityProvider :: Lens' UpdateIdentityProviderResponse IdentityProviderType Source #
The identity provider details.
UpdateResourceServer
updateResourceServer_scopes :: Lens' UpdateResourceServer (Maybe [ResourceServerScopeType]) Source #
The scope values to be set for the resource server.
updateResourceServer_userPoolId :: Lens' UpdateResourceServer Text Source #
The user pool ID for the user pool.
updateResourceServer_identifier :: Lens' UpdateResourceServer Text Source #
The identifier for the resource server.
updateResourceServer_name :: Lens' UpdateResourceServer Text Source #
The name of the resource server.
updateResourceServerResponse_httpStatus :: Lens' UpdateResourceServerResponse Int Source #
The response's http status code.
updateResourceServerResponse_resourceServer :: Lens' UpdateResourceServerResponse ResourceServerType Source #
The resource server.
UpdateUserAttributes
updateUserAttributes_clientMetadata :: Lens' UpdateUserAttributes (Maybe (HashMap Text Text)) Source #
A map of custom key-value pairs that you can provide as input for any custom workflows that this action initiates.
You create custom workflows by assigning Lambda functions to user pool
triggers. When you use the UpdateUserAttributes API action, Amazon
Cognito invokes the function that is assigned to the custom message
trigger. When Amazon Cognito invokes this function, it passes a JSON
payload, which the function receives as input. This payload contains a
clientMetadata
attribute, which provides the data that you assigned to
the ClientMetadata parameter in your UpdateUserAttributes request. In
your function code in Lambda, you can process the clientMetadata
value
to enhance your workflow for your specific needs.
For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.
When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
- Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
updateUserAttributes_userAttributes :: Lens' UpdateUserAttributes [AttributeType] Source #
An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom:
prefix to the
attribute name.
If you have set an attribute to require verification before Amazon Cognito updates its value, this request doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.
updateUserAttributes_accessToken :: Lens' UpdateUserAttributes Text Source #
A valid access token that Amazon Cognito issued to the user whose user attributes you want to update.
updateUserAttributesResponse_codeDeliveryDetailsList :: Lens' UpdateUserAttributesResponse (Maybe [CodeDeliveryDetailsType]) Source #
The code delivery details list from the server for the request to update user attributes.
updateUserAttributesResponse_httpStatus :: Lens' UpdateUserAttributesResponse Int Source #
The response's http status code.
UpdateUserPool
updateUserPool_accountRecoverySetting :: Lens' UpdateUserPool (Maybe AccountRecoverySettingType) Source #
The available verified method a user can use to recover their password
when they call ForgotPassword
. You can use this setting to define a
preferred method when a user has more than one method available. With
this setting, SMS doesn't qualify for a valid password recovery
mechanism if the user also has SMS multi-factor authentication (MFA)
activated. In the absence of this setting, Amazon Cognito uses the
legacy behavior to determine the recovery method where SMS is preferred
through email.
updateUserPool_adminCreateUserConfig :: Lens' UpdateUserPool (Maybe AdminCreateUserConfigType) Source #
The configuration for AdminCreateUser
requests.
updateUserPool_autoVerifiedAttributes :: Lens' UpdateUserPool (Maybe [VerifiedAttributeType]) Source #
The attributes that are automatically verified when Amazon Cognito requests to update user pools.
updateUserPool_deletionProtection :: Lens' UpdateUserPool (Maybe DeletionProtectionType) Source #
When active, DeletionProtection
prevents accidental deletion of your
user pool. Before you can delete a user pool that you have protected
against deletion, you must deactivate this feature.
When you try to delete a protected user pool in a DeleteUserPool
API
request, Amazon Cognito returns an InvalidParameterException
error. To
delete a protected user pool, send a new DeleteUserPool
request after
you deactivate deletion protection in an UpdateUserPool
API request.
updateUserPool_deviceConfiguration :: Lens' UpdateUserPool (Maybe DeviceConfigurationType) Source #
The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.
When you provide a value for any DeviceConfiguration
field, you
activate the Amazon Cognito device-remembering feature.
updateUserPool_emailConfiguration :: Lens' UpdateUserPool (Maybe EmailConfigurationType) Source #
The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for email invitation and verification messages from your user pool.
updateUserPool_emailVerificationMessage :: Lens' UpdateUserPool (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
updateUserPool_emailVerificationSubject :: Lens' UpdateUserPool (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
updateUserPool_lambdaConfig :: Lens' UpdateUserPool (Maybe LambdaConfigType) Source #
The Lambda configuration information from the request to update the user pool.
updateUserPool_mfaConfiguration :: Lens' UpdateUserPool (Maybe UserPoolMfaType) Source #
Possible values include:
OFF
- MFA tokens aren't required and can't be specified during user registration.ON
- MFA tokens are required for all user registrations. You can only specify ON when you're initially creating a user pool. You can use the SetUserPoolMfaConfig API operation to turn MFA "ON" for existing user pools.OPTIONAL
- Users have the option when registering to create an MFA token.
updateUserPool_policies :: Lens' UpdateUserPool (Maybe UserPoolPolicyType) Source #
A container with the policies you want to update in a user pool.
updateUserPool_smsAuthenticationMessage :: Lens' UpdateUserPool (Maybe Text) Source #
The contents of the SMS authentication message.
updateUserPool_smsConfiguration :: Lens' UpdateUserPool (Maybe SmsConfigurationType) Source #
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.
updateUserPool_smsVerificationMessage :: Lens' UpdateUserPool (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
updateUserPool_userAttributeUpdateSettings :: Lens' UpdateUserPool (Maybe UserAttributeUpdateSettingsType) Source #
The settings for updates to user attributes. These settings include the
property AttributesRequireVerificationBeforeUpdate
, a user-pool
setting that tells Amazon Cognito how to handle changes to the value of
your users' email address and phone number attributes. For more
information, see
Verifying updates to email addresses and phone numbers.
updateUserPool_userPoolAddOns :: Lens' UpdateUserPool (Maybe UserPoolAddOnsType) Source #
Enables advanced security risk detection. Set the key
AdvancedSecurityMode
to the value "AUDIT".
updateUserPool_userPoolTags :: Lens' UpdateUserPool (Maybe (HashMap Text Text)) Source #
The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
updateUserPool_verificationMessageTemplate :: Lens' UpdateUserPool (Maybe VerificationMessageTemplateType) Source #
The template for verification messages.
updateUserPool_userPoolId :: Lens' UpdateUserPool Text Source #
The user pool ID for the user pool you want to update.
updateUserPoolResponse_httpStatus :: Lens' UpdateUserPoolResponse Int Source #
The response's http status code.
UpdateUserPoolClient
updateUserPoolClient_accessTokenValidity :: Lens' UpdateUserPoolClient (Maybe Natural) Source #
The access token time limit. After this limit expires, your user can't
use their access token. To specify the time unit for
AccessTokenValidity
as seconds
, minutes
, hours
, or days
, set a
TokenValidityUnits
value in your API request.
For example, when you set AccessTokenValidity
to 10
and
TokenValidityUnits
to hours
, your user can authorize access with
their access token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one hour.
updateUserPoolClient_allowedOAuthFlows :: Lens' UpdateUserPoolClient (Maybe [OAuthFlowType]) Source #
The allowed OAuth flows.
- code
- Use a code grant flow, which provides an authorization code as the
response. This code can be exchanged for access tokens with the
/oauth2/token
endpoint. - implicit
- Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
- client_credentials
- Issue the access token from the
/oauth2/token
endpoint directly to a non-person user using a combination of the client ID and client secret.
updateUserPoolClient_allowedOAuthFlowsUserPoolClient :: Lens' UpdateUserPoolClient (Maybe Bool) Source #
Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.
updateUserPoolClient_allowedOAuthScopes :: Lens' UpdateUserPoolClient (Maybe [Text]) Source #
The allowed OAuth scopes. Possible values provided by OAuth are phone
,
email
, openid
, and profile
. Possible values provided by Amazon Web
Services are aws.cognito.signin.user.admin
. Custom scopes created in
Resource Servers are also supported.
updateUserPoolClient_analyticsConfiguration :: Lens' UpdateUserPoolClient (Maybe AnalyticsConfigurationType) Source #
The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.
In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.
updateUserPoolClient_authSessionValidity :: Lens' UpdateUserPoolClient (Maybe Natural) Source #
Amazon Cognito creates a session token for each API request in an
authentication flow. AuthSessionValidity
is the duration, in minutes,
of that session token. Your user pool native user must respond to each
authentication challenge before the session expires.
updateUserPoolClient_callbackURLs :: Lens' UpdateUserPoolClient (Maybe [Text]) Source #
A list of allowed redirect (callback) URLs for the IdPs.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example
are also supported.
updateUserPoolClient_clientName :: Lens' UpdateUserPoolClient (Maybe Text) Source #
The client name from the update user pool client request.
updateUserPoolClient_defaultRedirectURI :: Lens' UpdateUserPoolClient (Maybe Text) Source #
The default redirect URI. Must be in the CallbackURLs
list.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost
for testing purposes only.
App callback URLs such as myapp://example
are also supported.
updateUserPoolClient_enablePropagateAdditionalUserContextData :: Lens' UpdateUserPoolClient (Maybe Bool) Source #
Activates the propagation of additional user context data. For more
information about propagation of user context data, see
Adding advanced security to a user pool.
If you don’t include this parameter, you can't send device fingerprint
information, including source IP address, to Amazon Cognito advanced
security. You can only activate
EnablePropagateAdditionalUserContextData
in an app client that has a
client secret.
updateUserPoolClient_enableTokenRevocation :: Lens' UpdateUserPoolClient (Maybe Bool) Source #
Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
updateUserPoolClient_explicitAuthFlows :: Lens' UpdateUserPoolClient (Maybe [ExplicitAuthFlowsType]) Source #
The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.
If you don't specify a value for ExplicitAuthFlows
, your user client
supports ALLOW_REFRESH_TOKEN_AUTH
, ALLOW_USER_SRP_AUTH
, and
ALLOW_CUSTOM_AUTH
.
Valid values include:
ALLOW_ADMIN_USER_PASSWORD_AUTH
: Enable admin based user password authentication flowADMIN_USER_PASSWORD_AUTH
. This setting replaces theADMIN_NO_SRP_AUTH
setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.ALLOW_CUSTOM_AUTH
: Enable Lambda trigger based authentication.ALLOW_USER_PASSWORD_AUTH
: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.ALLOW_USER_SRP_AUTH
: Enable SRP-based authentication.ALLOW_REFRESH_TOKEN_AUTH
: Enable authflow to refresh tokens.
In some environments, you will see the values ADMIN_NO_SRP_AUTH
,
CUSTOM_AUTH_FLOW_ONLY
, or USER_PASSWORD_AUTH
. You can't assign
these legacy ExplicitAuthFlows
values to user pool clients at the same
time as values that begin with ALLOW_
, like ALLOW_USER_SRP_AUTH
.
updateUserPoolClient_idTokenValidity :: Lens' UpdateUserPoolClient (Maybe Natural) Source #
The ID token time limit. After this limit expires, your user can't use
their ID token. To specify the time unit for IdTokenValidity
as
seconds
, minutes
, hours
, or days
, set a TokenValidityUnits
value in your API request.
For example, when you set IdTokenValidity
as 10
and
TokenValidityUnits
as hours
, your user can authenticate their
session with their ID token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
updateUserPoolClient_logoutURLs :: Lens' UpdateUserPoolClient (Maybe [Text]) Source #
A list of allowed logout URLs for the IdPs.
updateUserPoolClient_preventUserExistenceErrors :: Lens' UpdateUserPoolClient (Maybe PreventUserExistenceErrorTypes) Source #
Errors and responses that you want Amazon Cognito APIs to return during
authentication, account confirmation, and password recovery when the
user doesn't exist in the user pool. When set to ENABLED
and the user
doesn't exist, authentication returns an error indicating either the
username or password was incorrect. Account confirmation and password
recovery return a response indicating a code was sent to a simulated
destination. When set to LEGACY
, those APIs return a
UserNotFoundException
exception if the user doesn't exist in the user
pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.LEGACY
- This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.
updateUserPoolClient_readAttributes :: Lens' UpdateUserPoolClient (Maybe [Text]) Source #
The read-only attributes of the user pool.
updateUserPoolClient_refreshTokenValidity :: Lens' UpdateUserPoolClient (Maybe Natural) Source #
The refresh token time limit. After this limit expires, your user can't
use their refresh token. To specify the time unit for
RefreshTokenValidity
as seconds
, minutes
, hours
, or days
, set
a TokenValidityUnits
value in your API request.
For example, when you set RefreshTokenValidity
as 10
and
TokenValidityUnits
as days
, your user can refresh their session and
retrieve new access and ID tokens for 10 days.
The default time unit for RefreshTokenValidity
in an API request is
days. You can't set RefreshTokenValidity
to 0. If you do, Amazon
Cognito overrides the value with the default value of 30 days. /Valid
range/ is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30 days.
updateUserPoolClient_supportedIdentityProviders :: Lens' UpdateUserPoolClient (Maybe [Text]) Source #
A list of provider names for the IdPs that this client supports. The
following are supported: COGNITO
, Facebook
, Google
,
SignInWithApple
, LoginWithAmazon
, and the names of your own SAML and
OIDC providers.
updateUserPoolClient_tokenValidityUnits :: Lens' UpdateUserPoolClient (Maybe TokenValidityUnitsType) Source #
The units in which the validity times are represented. The default unit for RefreshToken is days, and the default for ID and access tokens is hours.
updateUserPoolClient_writeAttributes :: Lens' UpdateUserPoolClient (Maybe [Text]) Source #
The writeable attributes of the user pool.
updateUserPoolClient_userPoolId :: Lens' UpdateUserPoolClient Text Source #
The user pool ID for the user pool where you want to update the user pool client.
updateUserPoolClient_clientId :: Lens' UpdateUserPoolClient Text Source #
The ID of the client associated with the user pool.
updateUserPoolClientResponse_userPoolClient :: Lens' UpdateUserPoolClientResponse (Maybe UserPoolClientType) Source #
The user pool client value from the response from the server when you request to update the user pool client.
updateUserPoolClientResponse_httpStatus :: Lens' UpdateUserPoolClientResponse Int Source #
The response's http status code.
UpdateUserPoolDomain
updateUserPoolDomain_domain :: Lens' UpdateUserPoolDomain Text Source #
The domain name for the custom domain that hosts the sign-up and sign-in
pages for your application. One example might be auth.example.com
.
This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.
updateUserPoolDomain_userPoolId :: Lens' UpdateUserPoolDomain Text Source #
The ID of the user pool that is associated with the custom domain whose certificate you're updating.
updateUserPoolDomain_customDomainConfig :: Lens' UpdateUserPoolDomain CustomDomainConfigType Source #
The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.
updateUserPoolDomainResponse_cloudFrontDomain :: Lens' UpdateUserPoolDomainResponse (Maybe Text) Source #
The Amazon CloudFront endpoint that Amazon Cognito set up when you added the custom domain to your user pool.
updateUserPoolDomainResponse_httpStatus :: Lens' UpdateUserPoolDomainResponse Int Source #
The response's http status code.
VerifySoftwareToken
verifySoftwareToken_accessToken :: Lens' VerifySoftwareToken (Maybe Text) Source #
A valid access token that Amazon Cognito issued to the user whose software token you want to verify.
verifySoftwareToken_friendlyDeviceName :: Lens' VerifySoftwareToken (Maybe Text) Source #
The friendly device name.
verifySoftwareToken_session :: Lens' VerifySoftwareToken (Maybe Text) Source #
The session that should be passed both ways in challenge-response calls to the service.
verifySoftwareToken_userCode :: Lens' VerifySoftwareToken Text Source #
The one- time password computed using the secret code returned by AssociateSoftwareToken.
verifySoftwareTokenResponse_session :: Lens' VerifySoftwareTokenResponse (Maybe Text) Source #
The session that should be passed both ways in challenge-response calls to the service.
verifySoftwareTokenResponse_status :: Lens' VerifySoftwareTokenResponse (Maybe VerifySoftwareTokenResponseType) Source #
The status of the verify software token.
verifySoftwareTokenResponse_httpStatus :: Lens' VerifySoftwareTokenResponse Int Source #
The response's http status code.
VerifyUserAttribute
verifyUserAttribute_accessToken :: Lens' VerifyUserAttribute Text Source #
A valid access token that Amazon Cognito issued to the user whose user attributes you want to verify.
verifyUserAttribute_attributeName :: Lens' VerifyUserAttribute Text Source #
The attribute name in the request to verify user attributes.
verifyUserAttribute_code :: Lens' VerifyUserAttribute Text Source #
The verification code in the request to verify user attributes.
verifyUserAttributeResponse_httpStatus :: Lens' VerifyUserAttributeResponse Int Source #
The response's http status code.
Types
AccountRecoverySettingType
accountRecoverySettingType_recoveryMechanisms :: Lens' AccountRecoverySettingType (Maybe (NonEmpty RecoveryOptionType)) Source #
The list of RecoveryOptionTypes
.
AccountTakeoverActionType
accountTakeoverActionType_notify :: Lens' AccountTakeoverActionType Bool Source #
Flag specifying whether to send a notification.
accountTakeoverActionType_eventAction :: Lens' AccountTakeoverActionType AccountTakeoverEventActionType Source #
The action to take in response to the account takeover action. Valid values are as follows:
BLOCK
Choosing this action will block the request.MFA_IF_CONFIGURED
Present an MFA challenge if user has configured it, else allow the request.MFA_REQUIRED
Present an MFA challenge if user has configured it, else block the request.NO_ACTION
Allow the user to sign in.
AccountTakeoverActionsType
accountTakeoverActionsType_highAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType) Source #
Action to take for a high risk.
accountTakeoverActionsType_lowAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType) Source #
Action to take for a low risk.
accountTakeoverActionsType_mediumAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType) Source #
Action to take for a medium risk.
AccountTakeoverRiskConfigurationType
accountTakeoverRiskConfigurationType_notifyConfiguration :: Lens' AccountTakeoverRiskConfigurationType (Maybe NotifyConfigurationType) Source #
The notify configuration used to construct email notifications.
accountTakeoverRiskConfigurationType_actions :: Lens' AccountTakeoverRiskConfigurationType AccountTakeoverActionsType Source #
Account takeover risk configuration actions.
AdminCreateUserConfigType
adminCreateUserConfigType_allowAdminCreateUserOnly :: Lens' AdminCreateUserConfigType (Maybe Bool) Source #
Set to True
if only the administrator is allowed to create user
profiles. Set to False
if users can sign themselves up via an app.
adminCreateUserConfigType_inviteMessageTemplate :: Lens' AdminCreateUserConfigType (Maybe MessageTemplateType) Source #
The message template to be used for the welcome message to new users.
See also Customizing User Invitation Messages.
adminCreateUserConfigType_unusedAccountValidityDays :: Lens' AdminCreateUserConfigType (Maybe Natural) Source #
The user account expiration limit, in days, after which a new account
that hasn't signed in is no longer usable. To reset the account after
that time limit, you must call AdminCreateUser
again, specifying
"RESEND"
for the MessageAction
parameter. The default value for
this parameter is 7.
If you set a value for TemporaryPasswordValidityDays
in
PasswordPolicy
, that value will be used, and
UnusedAccountValidityDays
will be no longer be an available parameter
for that user pool.
AnalyticsConfigurationType
analyticsConfigurationType_applicationArn :: Lens' AnalyticsConfigurationType (Maybe Text) Source #
The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use the Amazon Pinpoint project to integrate with the chosen user pool Client. Amazon Cognito publishes events to the Amazon Pinpoint project that the app ARN declares.
analyticsConfigurationType_applicationId :: Lens' AnalyticsConfigurationType (Maybe Text) Source #
The application ID for an Amazon Pinpoint application.
analyticsConfigurationType_externalId :: Lens' AnalyticsConfigurationType (Maybe Text) Source #
The external ID.
analyticsConfigurationType_roleArn :: Lens' AnalyticsConfigurationType (Maybe Text) Source #
The ARN of an Identity and Access Management role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics.
analyticsConfigurationType_userDataShared :: Lens' AnalyticsConfigurationType (Maybe Bool) Source #
If UserDataShared
is true
, Amazon Cognito includes user data in the
events that it publishes to Amazon Pinpoint analytics.
AnalyticsMetadataType
analyticsMetadataType_analyticsEndpointId :: Lens' AnalyticsMetadataType (Maybe Text) Source #
The endpoint ID.
AttributeType
attributeType_value :: Lens' AttributeType (Maybe Text) Source #
The value of the attribute.
attributeType_name :: Lens' AttributeType Text Source #
The name of the attribute.
AuthEventType
authEventType_challengeResponses :: Lens' AuthEventType (Maybe [ChallengeResponseType]) Source #
The challenge responses.
authEventType_creationDate :: Lens' AuthEventType (Maybe UTCTime) Source #
The creation date
authEventType_eventContextData :: Lens' AuthEventType (Maybe EventContextDataType) Source #
The user context data captured at the time of an event request. This value provides additional information about the client from which event the request is received.
authEventType_eventFeedback :: Lens' AuthEventType (Maybe EventFeedbackType) Source #
A flag specifying the user feedback captured at the time of an event request is good or bad.
authEventType_eventId :: Lens' AuthEventType (Maybe Text) Source #
The event ID.
authEventType_eventResponse :: Lens' AuthEventType (Maybe EventResponseType) Source #
The event response.
authEventType_eventRisk :: Lens' AuthEventType (Maybe EventRiskType) Source #
The event risk.
authEventType_eventType :: Lens' AuthEventType (Maybe EventType) Source #
The event type.
AuthenticationResultType
authenticationResultType_accessToken :: Lens' AuthenticationResultType (Maybe Text) Source #
A valid access token that Amazon Cognito issued to the user who you want to authenticate.
authenticationResultType_expiresIn :: Lens' AuthenticationResultType (Maybe Int) Source #
The expiration period of the authentication result in seconds.
authenticationResultType_idToken :: Lens' AuthenticationResultType (Maybe Text) Source #
The ID token.
authenticationResultType_newDeviceMetadata :: Lens' AuthenticationResultType (Maybe NewDeviceMetadataType) Source #
The new device metadata from an authentication result.
authenticationResultType_refreshToken :: Lens' AuthenticationResultType (Maybe Text) Source #
The refresh token.
authenticationResultType_tokenType :: Lens' AuthenticationResultType (Maybe Text) Source #
The token type.
ChallengeResponseType
challengeResponseType_challengeName :: Lens' ChallengeResponseType (Maybe ChallengeName) Source #
The challenge name.
challengeResponseType_challengeResponse :: Lens' ChallengeResponseType (Maybe ChallengeResponse) Source #
The challenge response.
CodeDeliveryDetailsType
codeDeliveryDetailsType_attributeName :: Lens' CodeDeliveryDetailsType (Maybe Text) Source #
The name of the attribute that Amazon Cognito verifies with the code.
codeDeliveryDetailsType_deliveryMedium :: Lens' CodeDeliveryDetailsType (Maybe DeliveryMediumType) Source #
The method that Amazon Cognito used to send the code.
codeDeliveryDetailsType_destination :: Lens' CodeDeliveryDetailsType (Maybe Text) Source #
The email address or phone number destination where Amazon Cognito sent the code.
CompromisedCredentialsActionsType
compromisedCredentialsActionsType_eventAction :: Lens' CompromisedCredentialsActionsType CompromisedCredentialsEventActionType Source #
The event action.
CompromisedCredentialsRiskConfigurationType
compromisedCredentialsRiskConfigurationType_eventFilter :: Lens' CompromisedCredentialsRiskConfigurationType (Maybe [EventFilterType]) Source #
Perform the action for these events. The default is to perform all events if no event filter is specified.
compromisedCredentialsRiskConfigurationType_actions :: Lens' CompromisedCredentialsRiskConfigurationType CompromisedCredentialsActionsType Source #
The compromised credentials risk configuration actions.
ContextDataType
contextDataType_encodedData :: Lens' ContextDataType (Maybe Text) Source #
Encoded device-fingerprint details that your app collected with the Amazon Cognito context data collection library. For more information, see Adding user device and session data to API requests.
contextDataType_ipAddress :: Lens' ContextDataType Text Source #
The source IP address of your user's device.
contextDataType_serverName :: Lens' ContextDataType Text Source #
Your server endpoint where this API is invoked.
contextDataType_serverPath :: Lens' ContextDataType Text Source #
Your server path where this API is invoked.
contextDataType_httpHeaders :: Lens' ContextDataType [HttpHeader] Source #
HttpHeaders received on your server in same order.
CustomDomainConfigType
customDomainConfigType_certificateArn :: Lens' CustomDomainConfigType Text Source #
The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.
CustomEmailLambdaVersionConfigType
customEmailLambdaVersionConfigType_lambdaVersion :: Lens' CustomEmailLambdaVersionConfigType CustomEmailSenderLambdaVersionType Source #
Signature of the "request" attribute in the "event" information
Amazon Cognito passes to your custom email Lambda function. The only
supported value is V1_0
.
customEmailLambdaVersionConfigType_lambdaArn :: Lens' CustomEmailLambdaVersionConfigType Text Source #
The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito activates to send email notifications to users.
CustomSMSLambdaVersionConfigType
customSMSLambdaVersionConfigType_lambdaVersion :: Lens' CustomSMSLambdaVersionConfigType CustomSMSSenderLambdaVersionType Source #
Signature of the "request" attribute in the "event" information that
Amazon Cognito passes to your custom SMS Lambda function. The only
supported value is V1_0
.
customSMSLambdaVersionConfigType_lambdaArn :: Lens' CustomSMSLambdaVersionConfigType Text Source #
The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito activates to send SMS notifications to users.
DeviceConfigurationType
deviceConfigurationType_challengeRequiredOnNewDevice :: Lens' DeviceConfigurationType (Maybe Bool) Source #
When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).
Whether or not ChallengeRequiredOnNewDevice
is true, users who sign in
with devices that have not been confirmed or remembered must still
provide a second factor in a user pool that requires MFA.
deviceConfigurationType_deviceOnlyRememberedOnUserPrompt :: Lens' DeviceConfigurationType (Maybe Bool) Source #
When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request.
When DeviceOnlyRememberedOnUserPrompt
is false
, Amazon Cognito
immediately remembers devices that you register in a ConfirmDevice
API
request.
DeviceSecretVerifierConfigType
deviceSecretVerifierConfigType_passwordVerifier :: Lens' DeviceSecretVerifierConfigType (Maybe Text) Source #
The password verifier.
deviceSecretVerifierConfigType_salt :: Lens' DeviceSecretVerifierConfigType (Maybe Text) Source #
The salt
DeviceType
deviceType_deviceAttributes :: Lens' DeviceType (Maybe [AttributeType]) Source #
The device attributes.
deviceType_deviceCreateDate :: Lens' DeviceType (Maybe UTCTime) Source #
The creation date of the device.
deviceType_deviceKey :: Lens' DeviceType (Maybe Text) Source #
The device key.
deviceType_deviceLastAuthenticatedDate :: Lens' DeviceType (Maybe UTCTime) Source #
The date when the device was last authenticated.
deviceType_deviceLastModifiedDate :: Lens' DeviceType (Maybe UTCTime) Source #
The last modified date of the device.
DomainDescriptionType
domainDescriptionType_aWSAccountId :: Lens' DomainDescriptionType (Maybe Text) Source #
The Amazon Web Services ID for the user pool owner.
domainDescriptionType_cloudFrontDistribution :: Lens' DomainDescriptionType (Maybe Text) Source #
The Amazon Resource Name (ARN) of the Amazon CloudFront distribution.
domainDescriptionType_customDomainConfig :: Lens' DomainDescriptionType (Maybe CustomDomainConfigType) Source #
The configuration for a custom domain that hosts the sign-up and sign-in webpages for your application.
domainDescriptionType_domain :: Lens' DomainDescriptionType (Maybe Text) Source #
The domain string. For custom domains, this is the fully-qualified
domain name, such as auth.example.com
. For Amazon Cognito prefix
domains, this is the prefix alone, such as auth
.
domainDescriptionType_s3Bucket :: Lens' DomainDescriptionType (Maybe Text) Source #
The Amazon S3 bucket where the static files for this domain are stored.
domainDescriptionType_status :: Lens' DomainDescriptionType (Maybe DomainStatusType) Source #
The domain status.
domainDescriptionType_userPoolId :: Lens' DomainDescriptionType (Maybe Text) Source #
The user pool ID.
domainDescriptionType_version :: Lens' DomainDescriptionType (Maybe Text) Source #
The app version.
EmailConfigurationType
emailConfigurationType_configurationSet :: Lens' EmailConfigurationType (Maybe Text) Source #
The set of configuration rules that can be applied to emails sent using Amazon Simple Email Service. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:
- Event publishing
- Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other Amazon Web Services services such as and Amazon CloudWatch
- IP pool management
- When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.
emailConfigurationType_emailSendingAccount :: Lens' EmailConfigurationType (Maybe EmailSendingAccountType) Source #
Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration. Specify one of the following values:
- COGNITO_DEFAULT
- When Amazon Cognito emails your users, it uses its built-in email
functionality. When you use the default option, Amazon Cognito
allows only a limited number of emails each day for your user pool.
For typical production environments, the default email limit is less
than the required delivery volume. To achieve a higher delivery
volume, specify DEVELOPER to use your Amazon SES email
configuration.
To look up the email delivery limit for the default option, see Limits in the Amazon Cognito Developer Guide.
The default FROM address is
no-reply@verificationemail.com
. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for theSourceArn
parameter. - DEVELOPER
- When Amazon Cognito emails your users, it uses your Amazon SES
configuration. Amazon Cognito calls Amazon SES on your behalf to
send email from your verified email address. When you use this
option, the email delivery limits are the same limits that apply to
your Amazon SES verified email address in your Amazon Web Services
account.
If you use this option, provide the ARN of an Amazon SES verified email address for the
SourceArn
parameter.Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a /service-linked role/, which is a type of role in your Amazon Web Services account. This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide.
emailConfigurationType_from :: Lens' EmailConfigurationType (Maybe Text) Source #
Either the sender’s email address or the sender’s name with their email
address. For example, testuser@example.com
or
Test User <testuser@example.com>
. This address appears before the
body of the email.
emailConfigurationType_replyToEmailAddress :: Lens' EmailConfigurationType (Maybe Text) Source #
The destination to which the receiver of the email should reply.
emailConfigurationType_sourceArn :: Lens' EmailConfigurationType (Maybe Text) Source #
The ARN of a verified email address in Amazon SES. Amazon Cognito uses
this email address in one of the following ways, depending on the value
that you specify for the EmailSendingAccount
parameter:
- If you specify
COGNITO_DEFAULT
, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account. - If you specify
DEVELOPER
, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.
The Region value of the SourceArn
parameter must indicate a supported
Amazon Web Services Region of your user pool. Typically, the Region in
the SourceArn
and the user pool Region are the same. For more
information, see
Amazon SES email configuration regions
in the
Amazon Cognito Developer Guide.
EventContextDataType
eventContextDataType_city :: Lens' EventContextDataType (Maybe Text) Source #
The user's city.
eventContextDataType_country :: Lens' EventContextDataType (Maybe Text) Source #
The user's country.
eventContextDataType_deviceName :: Lens' EventContextDataType (Maybe Text) Source #
The user's device name.
eventContextDataType_ipAddress :: Lens' EventContextDataType (Maybe Text) Source #
The source IP address of your user's device.
eventContextDataType_timezone :: Lens' EventContextDataType (Maybe Text) Source #
The user's time zone.
EventFeedbackType
eventFeedbackType_feedbackDate :: Lens' EventFeedbackType (Maybe UTCTime) Source #
The event feedback date.
eventFeedbackType_feedbackValue :: Lens' EventFeedbackType FeedbackValueType Source #
The event feedback value.
eventFeedbackType_provider :: Lens' EventFeedbackType Text Source #
The provider.
EventRiskType
eventRiskType_compromisedCredentialsDetected :: Lens' EventRiskType (Maybe Bool) Source #
Indicates whether compromised credentials were detected during an authentication event.
eventRiskType_riskDecision :: Lens' EventRiskType (Maybe RiskDecisionType) Source #
The risk decision.
eventRiskType_riskLevel :: Lens' EventRiskType (Maybe RiskLevelType) Source #
The risk level.
GroupType
groupType_description :: Lens' GroupType (Maybe Text) Source #
A string containing the description of the group.
groupType_lastModifiedDate :: Lens' GroupType (Maybe UTCTime) Source #
The date the group was last modified.
groupType_precedence :: Lens' GroupType (Maybe Natural) Source #
A non-negative integer value that specifies the precedence of this group
relative to the other groups that a user can belong to in the user pool.
Zero is the highest precedence value. Groups with lower Precedence
values take precedence over groups with higher ornull Precedence
values. If a user belongs to two or more groups, it is the group with
the lowest precedence value whose role ARN is given in the user's
tokens for the cognito:roles
and cognito:preferred_role
claims.
Two groups can have the same Precedence
value. If this happens,
neither group takes precedence over the other. If two groups with the
same Precedence
have the same role ARN, that role is used in the
cognito:preferred_role
claim in tokens for users in each group. If the
two groups have different role ARNs, the cognito:preferred_role
claim
isn't set in users' tokens.
The default Precedence
value is null.
groupType_roleArn :: Lens' GroupType (Maybe Text) Source #
The role Amazon Resource Name (ARN) for the group.
HttpHeader
httpHeader_headerName :: Lens' HttpHeader (Maybe Text) Source #
The header name.
httpHeader_headerValue :: Lens' HttpHeader (Maybe Text) Source #
The header value.
IdentityProviderType
identityProviderType_attributeMapping :: Lens' IdentityProviderType (Maybe (HashMap Text Text)) Source #
A mapping of IdP attributes to standard and custom user pool attributes.
identityProviderType_creationDate :: Lens' IdentityProviderType (Maybe UTCTime) Source #
The date the IdP was created.
identityProviderType_idpIdentifiers :: Lens' IdentityProviderType (Maybe [Text]) Source #
A list of IdP identifiers.
identityProviderType_lastModifiedDate :: Lens' IdentityProviderType (Maybe UTCTime) Source #
The date the IdP was last modified.
identityProviderType_providerDetails :: Lens' IdentityProviderType (Maybe (HashMap Text Text)) Source #
The IdP details. The following list describes the provider detail keys for each IdP type.
For Google and Login with Amazon:
- client_id
- client_secret
- authorize_scopes
For Facebook:
- client_id
- client_secret
- authorize_scopes
- api_version
For Sign in with Apple:
- client_id
- team_id
- key_id
private_key
/You can submit a private_key when you add or update an IdP. Describe operations don't return the private key./
- authorize_scopes
For OIDC providers:
- client_id
- client_secret
- attributes_request_method
- oidc_issuer
- authorize_scopes
The following keys are only present if Amazon Cognito didn't discover them at the
oidc_issuer
URL.- authorize_url
- token_url
- attributes_url
- jwks_uri
Amazon Cognito sets the value of the following keys automatically. They are read-only.
- attributes_url_add_attributes
For SAML providers:
- MetadataFile or MetadataURL
- IDPSignout optional
identityProviderType_providerName :: Lens' IdentityProviderType (Maybe Text) Source #
The IdP name.
identityProviderType_providerType :: Lens' IdentityProviderType (Maybe IdentityProviderTypeType) Source #
The IdP type.
identityProviderType_userPoolId :: Lens' IdentityProviderType (Maybe Text) Source #
The user pool ID.
LambdaConfigType
lambdaConfigType_createAuthChallenge :: Lens' LambdaConfigType (Maybe Text) Source #
Creates an authentication challenge.
lambdaConfigType_customEmailSender :: Lens' LambdaConfigType (Maybe CustomEmailLambdaVersionConfigType) Source #
A custom email sender Lambda trigger.
lambdaConfigType_customMessage :: Lens' LambdaConfigType (Maybe Text) Source #
A custom Message Lambda trigger.
lambdaConfigType_customSMSSender :: Lens' LambdaConfigType (Maybe CustomSMSLambdaVersionConfigType) Source #
A custom SMS sender Lambda trigger.
lambdaConfigType_defineAuthChallenge :: Lens' LambdaConfigType (Maybe Text) Source #
Defines the authentication challenge.
lambdaConfigType_kmsKeyID :: Lens' LambdaConfigType (Maybe Text) Source #
The Amazon Resource Name (ARN) of an
KMS key. Amazon
Cognito uses the key to encrypt codes and temporary passwords sent to
CustomEmailSender
and CustomSMSSender
.
lambdaConfigType_postAuthentication :: Lens' LambdaConfigType (Maybe Text) Source #
A post-authentication Lambda trigger.
lambdaConfigType_postConfirmation :: Lens' LambdaConfigType (Maybe Text) Source #
A post-confirmation Lambda trigger.
lambdaConfigType_preAuthentication :: Lens' LambdaConfigType (Maybe Text) Source #
A pre-authentication Lambda trigger.
lambdaConfigType_preSignUp :: Lens' LambdaConfigType (Maybe Text) Source #
A pre-registration Lambda trigger.
lambdaConfigType_preTokenGeneration :: Lens' LambdaConfigType (Maybe Text) Source #
A Lambda trigger that is invoked before token generation.
lambdaConfigType_userMigration :: Lens' LambdaConfigType (Maybe Text) Source #
The user migration Lambda config type.
lambdaConfigType_verifyAuthChallengeResponse :: Lens' LambdaConfigType (Maybe Text) Source #
Verifies the authentication challenge response.
MFAOptionType
mfaOptionType_attributeName :: Lens' MFAOptionType (Maybe Text) Source #
The attribute name of the MFA option type. The only valid value is
phone_number
.
mfaOptionType_deliveryMedium :: Lens' MFAOptionType (Maybe DeliveryMediumType) Source #
The delivery medium to send the MFA code. You can use this parameter to
set only the SMS
delivery medium value.
MessageTemplateType
messageTemplateType_emailMessage :: Lens' MessageTemplateType (Maybe Text) Source #
The message template for email messages. EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.
messageTemplateType_emailSubject :: Lens' MessageTemplateType (Maybe Text) Source #
The subject line for email messages. EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.
messageTemplateType_sMSMessage :: Lens' MessageTemplateType (Maybe Text) Source #
The message template for SMS messages.
NewDeviceMetadataType
newDeviceMetadataType_deviceGroupKey :: Lens' NewDeviceMetadataType (Maybe Text) Source #
The device group key.
newDeviceMetadataType_deviceKey :: Lens' NewDeviceMetadataType (Maybe Text) Source #
The device key.
NotifyConfigurationType
notifyConfigurationType_blockEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType) Source #
Email template used when a detected risk event is blocked.
notifyConfigurationType_from :: Lens' NotifyConfigurationType (Maybe Text) Source #
The email address that is sending the email. The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES.
notifyConfigurationType_mfaEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType) Source #
The multi-factor authentication (MFA) email template used when MFA is challenged as part of a detected risk.
notifyConfigurationType_noActionEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType) Source #
The email template used when a detected risk event is allowed.
notifyConfigurationType_replyTo :: Lens' NotifyConfigurationType (Maybe Text) Source #
The destination to which the receiver of an email should reply to.
notifyConfigurationType_sourceArn :: Lens' NotifyConfigurationType Text Source #
The Amazon Resource Name (ARN) of the identity that is associated with
the sending authorization policy. This identity permits Amazon Cognito
to send for the email address specified in the From
parameter.
NotifyEmailType
notifyEmailType_htmlBody :: Lens' NotifyEmailType (Maybe Text) Source #
The email HTML body.
notifyEmailType_textBody :: Lens' NotifyEmailType (Maybe Text) Source #
The email text body.
notifyEmailType_subject :: Lens' NotifyEmailType Text Source #
The email subject.
NumberAttributeConstraintsType
numberAttributeConstraintsType_maxValue :: Lens' NumberAttributeConstraintsType (Maybe Text) Source #
The maximum value of an attribute that is of the number data type.
numberAttributeConstraintsType_minValue :: Lens' NumberAttributeConstraintsType (Maybe Text) Source #
The minimum value of an attribute that is of the number data type.
PasswordPolicyType
passwordPolicyType_minimumLength :: Lens' PasswordPolicyType (Maybe Natural) Source #
The minimum length of the password in the policy that you have set. This value can't be less than 6.
passwordPolicyType_requireLowercase :: Lens' PasswordPolicyType (Maybe Bool) Source #
In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.
passwordPolicyType_requireNumbers :: Lens' PasswordPolicyType (Maybe Bool) Source #
In the password policy that you have set, refers to whether you have required users to use at least one number in their password.
passwordPolicyType_requireSymbols :: Lens' PasswordPolicyType (Maybe Bool) Source #
In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.
passwordPolicyType_requireUppercase :: Lens' PasswordPolicyType (Maybe Bool) Source #
In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.
passwordPolicyType_temporaryPasswordValidityDays :: Lens' PasswordPolicyType (Maybe Natural) Source #
The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password.
When you set TemporaryPasswordValidityDays
for a user pool, you can no
longer set a value for the legacy UnusedAccountValidityDays
parameter
in that user pool.
ProviderDescription
providerDescription_creationDate :: Lens' ProviderDescription (Maybe UTCTime) Source #
The date the provider was added to the user pool.
providerDescription_lastModifiedDate :: Lens' ProviderDescription (Maybe UTCTime) Source #
The date the provider was last modified.
providerDescription_providerName :: Lens' ProviderDescription (Maybe Text) Source #
The IdP name.
providerDescription_providerType :: Lens' ProviderDescription (Maybe IdentityProviderTypeType) Source #
The IdP type.
ProviderUserIdentifierType
providerUserIdentifierType_providerAttributeName :: Lens' ProviderUserIdentifierType (Maybe Text) Source #
The name of the provider attribute to link to, such as NameID
.
providerUserIdentifierType_providerAttributeValue :: Lens' ProviderUserIdentifierType (Maybe Text) Source #
The value of the provider attribute to link to, such as xxxxx_account
.
providerUserIdentifierType_providerName :: Lens' ProviderUserIdentifierType (Maybe Text) Source #
The name of the provider, such as Facebook, Google, or Login with Amazon.
RecoveryOptionType
recoveryOptionType_priority :: Lens' RecoveryOptionType Natural Source #
A positive integer specifying priority of a method with 1 being the highest priority.
recoveryOptionType_name :: Lens' RecoveryOptionType RecoveryOptionNameType Source #
The recovery method for a user.
ResourceServerScopeType
resourceServerScopeType_scopeName :: Lens' ResourceServerScopeType Text Source #
The name of the scope.
resourceServerScopeType_scopeDescription :: Lens' ResourceServerScopeType Text Source #
A description of the scope.
ResourceServerType
resourceServerType_identifier :: Lens' ResourceServerType (Maybe Text) Source #
The identifier for the resource server.
resourceServerType_name :: Lens' ResourceServerType (Maybe Text) Source #
The name of the resource server.
resourceServerType_scopes :: Lens' ResourceServerType (Maybe [ResourceServerScopeType]) Source #
A list of scopes that are defined for the resource server.
resourceServerType_userPoolId :: Lens' ResourceServerType (Maybe Text) Source #
The user pool ID for the user pool that hosts the resource server.
RiskConfigurationType
riskConfigurationType_accountTakeoverRiskConfiguration :: Lens' RiskConfigurationType (Maybe AccountTakeoverRiskConfigurationType) Source #
The account takeover risk configuration object, including the
NotifyConfiguration
object and Actions
to take if there is an
account takeover.
riskConfigurationType_clientId :: Lens' RiskConfigurationType (Maybe Text) Source #
The app client ID.
riskConfigurationType_compromisedCredentialsRiskConfiguration :: Lens' RiskConfigurationType (Maybe CompromisedCredentialsRiskConfigurationType) Source #
The compromised credentials risk configuration object, including the
EventFilter
and the EventAction
.
riskConfigurationType_lastModifiedDate :: Lens' RiskConfigurationType (Maybe UTCTime) Source #
The last modified date.
riskConfigurationType_riskExceptionConfiguration :: Lens' RiskConfigurationType (Maybe RiskExceptionConfigurationType) Source #
The configuration to override the risk decision.
riskConfigurationType_userPoolId :: Lens' RiskConfigurationType (Maybe Text) Source #
The user pool ID.
RiskExceptionConfigurationType
riskExceptionConfigurationType_blockedIPRangeList :: Lens' RiskExceptionConfigurationType (Maybe [Text]) Source #
Overrides the risk decision to always block the pre-authentication requests. The IP range is in CIDR notation, a compact representation of an IP address and its routing prefix.
riskExceptionConfigurationType_skippedIPRangeList :: Lens' RiskExceptionConfigurationType (Maybe [Text]) Source #
Risk detection isn't performed on the IP addresses in this range list. The IP range is in CIDR notation.
SMSMfaSettingsType
sMSMfaSettingsType_enabled :: Lens' SMSMfaSettingsType (Maybe Bool) Source #
Specifies whether SMS text message MFA is activated. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.
sMSMfaSettingsType_preferredMfa :: Lens' SMSMfaSettingsType (Maybe Bool) Source #
Specifies whether SMS is the preferred MFA method.
SchemaAttributeType
schemaAttributeType_attributeDataType :: Lens' SchemaAttributeType (Maybe AttributeDataType) Source #
The attribute data type.
schemaAttributeType_developerOnlyAttribute :: Lens' SchemaAttributeType (Maybe Bool) Source #
You should use
WriteAttributes
in the user pool client to control how attributes can be mutated for new
use cases instead of using DeveloperOnlyAttribute
.
Specifies whether the attribute type is developer only. This attribute
can only be modified by an administrator. Users won't be able to modify
this attribute using their access token. For example,
DeveloperOnlyAttribute
can be modified using AdminUpdateUserAttributes
but can't be updated using UpdateUserAttributes.
schemaAttributeType_mutable :: Lens' SchemaAttributeType (Maybe Bool) Source #
Specifies whether the value of the attribute can be changed.
For any user pool attribute that is mapped to an IdP attribute, you must
set this parameter to true
. Amazon Cognito updates mapped attributes
when users sign in to your application through an IdP. If an attribute
is immutable, Amazon Cognito throws an error when it attempts to update
the attribute. For more information, see
Specifying Identity Provider Attribute Mappings for Your User Pool.
schemaAttributeType_name :: Lens' SchemaAttributeType (Maybe Text) Source #
A schema attribute of the name type.
schemaAttributeType_numberAttributeConstraints :: Lens' SchemaAttributeType (Maybe NumberAttributeConstraintsType) Source #
Specifies the constraints for an attribute of the number type.
schemaAttributeType_required :: Lens' SchemaAttributeType (Maybe Bool) Source #
Specifies whether a user pool attribute is required. If the attribute is required and the user doesn't provide a value, registration or sign-in will fail.
schemaAttributeType_stringAttributeConstraints :: Lens' SchemaAttributeType (Maybe StringAttributeConstraintsType) Source #
Specifies the constraints for an attribute of the string type.
SmsConfigurationType
smsConfigurationType_externalId :: Lens' SmsConfigurationType (Maybe Text) Source #
The external ID provides additional security for your IAM role. You can
use an ExternalId
with the IAM role that you use with Amazon SNS to
send SMS messages for your user pool. If you provide an ExternalId
,
your Amazon Cognito user pool includes it in the request to assume your
IAM role. You can configure the role trust policy to require that Amazon
Cognito, and any principal, provide the ExternalID
. If you use the
Amazon Cognito Management Console to create a role for SMS multi-factor
authentication (MFA), Amazon Cognito creates a role with the required
permissions and a trust policy that demonstrates use of the
ExternalId
.
For more information about the ExternalId
of a role, see
How to use an external ID when granting access to your Amazon Web Services resources to a third party
smsConfigurationType_snsRegion :: Lens' SmsConfigurationType (Maybe Text) Source #
The Amazon Web Services Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported __Legacy Amazon SNS alternate Region__.
Amazon Cognito resources in the Asia Pacific (Seoul) Amazon Web Services Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
smsConfigurationType_snsCallerArn :: Lens' SmsConfigurationType Text Source #
The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the ARN of the IAM role in your Amazon Web Services account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a spending limit.
SmsMfaConfigType
smsMfaConfigType_smsAuthenticationMessage :: Lens' SmsMfaConfigType (Maybe Text) Source #
The SMS authentication message that will be sent to users with the code they must sign in. The message must contain the ‘{####}’ placeholder, which is replaced with the code. If the message isn't included, and default message will be used.
smsMfaConfigType_smsConfiguration :: Lens' SmsMfaConfigType (Maybe SmsConfigurationType) Source #
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To request Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role that you provide for your Amazon Web Services account.
SoftwareTokenMfaConfigType
softwareTokenMfaConfigType_enabled :: Lens' SoftwareTokenMfaConfigType (Maybe Bool) Source #
Specifies whether software token MFA is activated.
SoftwareTokenMfaSettingsType
softwareTokenMfaSettingsType_enabled :: Lens' SoftwareTokenMfaSettingsType (Maybe Bool) Source #
Specifies whether software token MFA is activated. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.
softwareTokenMfaSettingsType_preferredMfa :: Lens' SoftwareTokenMfaSettingsType (Maybe Bool) Source #
Specifies whether software token MFA is the preferred MFA method.
StringAttributeConstraintsType
stringAttributeConstraintsType_maxLength :: Lens' StringAttributeConstraintsType (Maybe Text) Source #
The maximum length.
stringAttributeConstraintsType_minLength :: Lens' StringAttributeConstraintsType (Maybe Text) Source #
The minimum length.
TokenValidityUnitsType
tokenValidityUnitsType_accessToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType) Source #
A time unit of seconds
, minutes
, hours
, or days
for the value
that you set in the AccessTokenValidity
parameter. The default
AccessTokenValidity
time unit is hours.
tokenValidityUnitsType_idToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType) Source #
A time unit of seconds
, minutes
, hours
, or days
for the value
that you set in the IdTokenValidity
parameter. The default
IdTokenValidity
time unit is hours.
tokenValidityUnitsType_refreshToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType) Source #
A time unit of seconds
, minutes
, hours
, or days
for the value
that you set in the RefreshTokenValidity
parameter. The default
RefreshTokenValidity
time unit is days.
UICustomizationType
uICustomizationType_css :: Lens' UICustomizationType (Maybe Text) Source #
The CSS values in the UI customization.
uICustomizationType_cSSVersion :: Lens' UICustomizationType (Maybe Text) Source #
The CSS version number.
uICustomizationType_clientId :: Lens' UICustomizationType (Maybe Text) Source #
The client ID for the client app.
uICustomizationType_creationDate :: Lens' UICustomizationType (Maybe UTCTime) Source #
The creation date for the UI customization.
uICustomizationType_imageUrl :: Lens' UICustomizationType (Maybe Text) Source #
The logo image for the UI customization.
uICustomizationType_lastModifiedDate :: Lens' UICustomizationType (Maybe UTCTime) Source #
The last-modified date for the UI customization.
uICustomizationType_userPoolId :: Lens' UICustomizationType (Maybe Text) Source #
The user pool ID for the user pool.
UserAttributeUpdateSettingsType
userAttributeUpdateSettingsType_attributesRequireVerificationBeforeUpdate :: Lens' UserAttributeUpdateSettingsType (Maybe [VerifiedAttributeType]) Source #
Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.
You can verify an updated email address or phone number with a
VerifyUserAttribute
API request. You can also call the
UpdateUserAttributes
or
AdminUpdateUserAttributes
API and set email_verified
or phone_number_verified
to true.
When AttributesRequireVerificationBeforeUpdate
is false, your user
pool doesn't require that your users verify attribute changes before
Amazon Cognito updates them. In a user pool where
AttributesRequireVerificationBeforeUpdate
is false, API operations
that change attribute values can immediately update a user’s email
or
phone_number
attribute.
UserContextDataType
userContextDataType_encodedData :: Lens' UserContextDataType (Maybe Text) Source #
Encoded device-fingerprint details that your app collected with the Amazon Cognito context data collection library. For more information, see Adding user device and session data to API requests.
userContextDataType_ipAddress :: Lens' UserContextDataType (Maybe Text) Source #
The source IP address of your user's device.
UserImportJobType
userImportJobType_cloudWatchLogsRoleArn :: Lens' UserImportJobType (Maybe Text) Source #
The role Amazon Resource Name (ARN) for the Amazon CloudWatch Logging role for the user import job. For more information, see "Creating the CloudWatch Logs IAM Role" in the Amazon Cognito Developer Guide.
userImportJobType_completionDate :: Lens' UserImportJobType (Maybe UTCTime) Source #
The date when the user import job was completed.
userImportJobType_completionMessage :: Lens' UserImportJobType (Maybe Text) Source #
The message returned when the user import job is completed.
userImportJobType_creationDate :: Lens' UserImportJobType (Maybe UTCTime) Source #
The date the user import job was created.
userImportJobType_failedUsers :: Lens' UserImportJobType (Maybe Integer) Source #
The number of users that couldn't be imported.
userImportJobType_importedUsers :: Lens' UserImportJobType (Maybe Integer) Source #
The number of users that were successfully imported.
userImportJobType_jobId :: Lens' UserImportJobType (Maybe Text) Source #
The job ID for the user import job.
userImportJobType_jobName :: Lens' UserImportJobType (Maybe Text) Source #
The job name for the user import job.
userImportJobType_preSignedUrl :: Lens' UserImportJobType (Maybe Text) Source #
The pre-signed URL to be used to upload the .csv
file.
userImportJobType_skippedUsers :: Lens' UserImportJobType (Maybe Integer) Source #
The number of users that were skipped.
userImportJobType_startDate :: Lens' UserImportJobType (Maybe UTCTime) Source #
The date when the user import job was started.
userImportJobType_status :: Lens' UserImportJobType (Maybe UserImportJobStatusType) Source #
The status of the user import job. One of the following:
Created
- The job was created but not started.Pending
- A transition state. You have started the job, but it has not begun importing users yet.InProgress
- The job has started, and users are being imported.Stopping
- You have stopped the job, but the job has not stopped importing users yet.Stopped
- You have stopped the job, and the job has stopped importing users.Succeeded
- The job has completed successfully.Failed
- The job has stopped due to an error.Expired
- You created a job, but did not start the job within 24-48 hours. All data associated with the job was deleted, and the job can't be started.
userImportJobType_userPoolId :: Lens' UserImportJobType (Maybe Text) Source #
The user pool ID for the user pool that the users are being imported into.
UserPoolAddOnsType
userPoolAddOnsType_advancedSecurityMode :: Lens' UserPoolAddOnsType AdvancedSecurityModeType Source #
The advanced security mode.
UserPoolClientDescription
userPoolClientDescription_clientId :: Lens' UserPoolClientDescription (Maybe Text) Source #
The ID of the client associated with the user pool.
userPoolClientDescription_clientName :: Lens' UserPoolClientDescription (Maybe Text) Source #
The client name from the user pool client description.
userPoolClientDescription_userPoolId :: Lens' UserPoolClientDescription (Maybe Text) Source #
The user pool ID for the user pool where you want to describe the user pool client.
UserPoolClientType
userPoolClientType_accessTokenValidity :: Lens' UserPoolClientType (Maybe Natural) Source #
The access token time limit. After this limit expires, your user can't
use their access token. To specify the time unit for
AccessTokenValidity
as seconds
, minutes
, hours
, or days
, set a
TokenValidityUnits
value in your API request.
For example, when you set AccessTokenValidity
to 10
and
TokenValidityUnits
to hours
, your user can authorize access with
their access token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one hour.
userPoolClientType_allowedOAuthFlows :: Lens' UserPoolClientType (Maybe [OAuthFlowType]) Source #
The allowed OAuth flows.
- code
- Use a code grant flow, which provides an authorization code as the
response. This code can be exchanged for access tokens with the
/oauth2/token
endpoint. - implicit
- Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
- client_credentials
- Issue the access token from the
/oauth2/token
endpoint directly to a non-person user using a combination of the client ID and client secret.
userPoolClientType_allowedOAuthFlowsUserPoolClient :: Lens' UserPoolClientType (Maybe Bool) Source #
Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.
userPoolClientType_allowedOAuthScopes :: Lens' UserPoolClientType (Maybe [Text]) Source #
The OAuth scopes that your app client supports. Possible values that
OAuth provides are phone
, email
, openid
, and profile
. Possible
values that Amazon Web Services provides are
aws.cognito.signin.user.admin
. Amazon Cognito also supports custom
scopes that you create in Resource Servers.
userPoolClientType_analyticsConfiguration :: Lens' UserPoolClientType (Maybe AnalyticsConfigurationType) Source #
The Amazon Pinpoint analytics configuration for the user pool client.
Amazon Cognito user pools only support sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the Region where the user pool resides.
userPoolClientType_authSessionValidity :: Lens' UserPoolClientType (Maybe Natural) Source #
Amazon Cognito creates a session token for each API request in an
authentication flow. AuthSessionValidity
is the duration, in minutes,
of that session token. Your user pool native user must respond to each
authentication challenge before the session expires.
userPoolClientType_callbackURLs :: Lens' UserPoolClientType (Maybe [Text]) Source #
A list of allowed redirect (callback) URLs for the IdPs.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
userPoolClientType_clientId :: Lens' UserPoolClientType (Maybe Text) Source #
The ID of the client associated with the user pool.
userPoolClientType_clientName :: Lens' UserPoolClientType (Maybe Text) Source #
The client name from the user pool request of the client type.
userPoolClientType_clientSecret :: Lens' UserPoolClientType (Maybe Text) Source #
The client secret from the user pool request of the client type.
userPoolClientType_creationDate :: Lens' UserPoolClientType (Maybe UTCTime) Source #
The date the user pool client was created.
userPoolClientType_defaultRedirectURI :: Lens' UserPoolClientType (Maybe Text) Source #
The default redirect URI. Must be in the CallbackURLs
list.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
userPoolClientType_enablePropagateAdditionalUserContextData :: Lens' UserPoolClientType (Maybe Bool) Source #
When EnablePropagateAdditionalUserContextData
is true, Amazon Cognito
accepts an IpAddress
value that you send in the UserContextData
parameter. The UserContextData
parameter sends information to Amazon
Cognito advanced security for risk analysis. You can send
UserContextData
when you sign in Amazon Cognito native users with the
InitiateAuth
and RespondToAuthChallenge
API operations.
When EnablePropagateAdditionalUserContextData
is false, you can't
send your user's source IP address to Amazon Cognito advanced security
with unauthenticated API operations.
EnablePropagateAdditionalUserContextData
doesn't affect whether you
can send a source IP address in a ContextData
parameter with the
authenticated API operations AdminInitiateAuth
and
AdminRespondToAuthChallenge
.
You can only activate EnablePropagateAdditionalUserContextData
in an
app client that has a client secret. For more information about
propagation of user context data, see
Adding user device and session data to API requests.
userPoolClientType_enableTokenRevocation :: Lens' UserPoolClientType (Maybe Bool) Source #
Indicates whether token revocation is activated for the user pool client. When you create a new user pool client, token revocation is activated by default. For more information about revoking tokens, see RevokeToken.
userPoolClientType_explicitAuthFlows :: Lens' UserPoolClientType (Maybe [ExplicitAuthFlowsType]) Source #
The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.
If you don't specify a value for ExplicitAuthFlows
, your user client
supports ALLOW_REFRESH_TOKEN_AUTH
, ALLOW_USER_SRP_AUTH
, and
ALLOW_CUSTOM_AUTH
.
Valid values include:
ALLOW_ADMIN_USER_PASSWORD_AUTH
: Enable admin based user password authentication flowADMIN_USER_PASSWORD_AUTH
. This setting replaces theADMIN_NO_SRP_AUTH
setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.ALLOW_CUSTOM_AUTH
: Enable Lambda trigger based authentication.ALLOW_USER_PASSWORD_AUTH
: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.ALLOW_USER_SRP_AUTH
: Enable SRP-based authentication.ALLOW_REFRESH_TOKEN_AUTH
: Enable authflow to refresh tokens.
In some environments, you will see the values ADMIN_NO_SRP_AUTH
,
CUSTOM_AUTH_FLOW_ONLY
, or USER_PASSWORD_AUTH
. You can't assign
these legacy ExplicitAuthFlows
values to user pool clients at the same
time as values that begin with ALLOW_
, like ALLOW_USER_SRP_AUTH
.
userPoolClientType_idTokenValidity :: Lens' UserPoolClientType (Maybe Natural) Source #
The ID token time limit. After this limit expires, your user can't use
their ID token. To specify the time unit for IdTokenValidity
as
seconds
, minutes
, hours
, or days
, set a TokenValidityUnits
value in your API request.
For example, when you set IdTokenValidity
as 10
and
TokenValidityUnits
as hours
, your user can authenticate their
session with their ID token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
userPoolClientType_lastModifiedDate :: Lens' UserPoolClientType (Maybe UTCTime) Source #
The date the user pool client was last modified.
userPoolClientType_logoutURLs :: Lens' UserPoolClientType (Maybe [Text]) Source #
A list of allowed logout URLs for the IdPs.
userPoolClientType_preventUserExistenceErrors :: Lens' UserPoolClientType (Maybe PreventUserExistenceErrorTypes) Source #
Errors and responses that you want Amazon Cognito APIs to return during
authentication, account confirmation, and password recovery when the
user doesn't exist in the user pool. When set to ENABLED
and the user
doesn't exist, authentication returns an error indicating either the
username or password was incorrect. Account confirmation and password
recovery return a response indicating a code was sent to a simulated
destination. When set to LEGACY
, those APIs return a
UserNotFoundException
exception if the user doesn't exist in the user
pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.LEGACY
- This represents the old behavior of Amazon Cognito where user existence related errors aren't prevented.
userPoolClientType_readAttributes :: Lens' UserPoolClientType (Maybe [Text]) Source #
The Read-only attributes.
userPoolClientType_refreshTokenValidity :: Lens' UserPoolClientType (Maybe Natural) Source #
The refresh token time limit. After this limit expires, your user can't
use their refresh token. To specify the time unit for
RefreshTokenValidity
as seconds
, minutes
, hours
, or days
, set
a TokenValidityUnits
value in your API request.
For example, when you set RefreshTokenValidity
as 10
and
TokenValidityUnits
as days
, your user can refresh their session and
retrieve new access and ID tokens for 10 days.
The default time unit for RefreshTokenValidity
in an API request is
days. You can't set RefreshTokenValidity
to 0. If you do, Amazon
Cognito overrides the value with the default value of 30 days. /Valid
range/ is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30 days.
userPoolClientType_supportedIdentityProviders :: Lens' UserPoolClientType (Maybe [Text]) Source #
A list of provider names for the IdPs that this client supports. The
following are supported: COGNITO
, Facebook
, Google
,
SignInWithApple
, LoginWithAmazon
, and the names of your own SAML and
OIDC providers.
userPoolClientType_tokenValidityUnits :: Lens' UserPoolClientType (Maybe TokenValidityUnitsType) Source #
The time units used to specify the token validity times of each token type: ID, access, and refresh.
userPoolClientType_userPoolId :: Lens' UserPoolClientType (Maybe Text) Source #
The user pool ID for the user pool client.
userPoolClientType_writeAttributes :: Lens' UserPoolClientType (Maybe [Text]) Source #
The writeable attributes.
UserPoolDescriptionType
userPoolDescriptionType_creationDate :: Lens' UserPoolDescriptionType (Maybe UTCTime) Source #
The date the user pool description was created.
userPoolDescriptionType_id :: Lens' UserPoolDescriptionType (Maybe Text) Source #
The ID in a user pool description.
userPoolDescriptionType_lambdaConfig :: Lens' UserPoolDescriptionType (Maybe LambdaConfigType) Source #
The Lambda configuration information in a user pool description.
userPoolDescriptionType_lastModifiedDate :: Lens' UserPoolDescriptionType (Maybe UTCTime) Source #
The date the user pool description was last modified.
userPoolDescriptionType_name :: Lens' UserPoolDescriptionType (Maybe Text) Source #
The name in a user pool description.
userPoolDescriptionType_status :: Lens' UserPoolDescriptionType (Maybe StatusType) Source #
The user pool status in a user pool description.
UserPoolPolicyType
userPoolPolicyType_passwordPolicy :: Lens' UserPoolPolicyType (Maybe PasswordPolicyType) Source #
The password policy.
UserPoolType
userPoolType_accountRecoverySetting :: Lens' UserPoolType (Maybe AccountRecoverySettingType) Source #
The available verified method a user can use to recover their password
when they call ForgotPassword
. You can use this setting to define a
preferred method when a user has more than one method available. With
this setting, SMS doesn't qualify for a valid password recovery
mechanism if the user also has SMS multi-factor authentication (MFA)
activated. In the absence of this setting, Amazon Cognito uses the
legacy behavior to determine the recovery method where SMS is preferred
through email.
userPoolType_adminCreateUserConfig :: Lens' UserPoolType (Maybe AdminCreateUserConfigType) Source #
The configuration for AdminCreateUser
requests.
userPoolType_aliasAttributes :: Lens' UserPoolType (Maybe [AliasAttributeType]) Source #
The attributes that are aliased in a user pool.
userPoolType_arn :: Lens' UserPoolType (Maybe Text) Source #
The Amazon Resource Name (ARN) for the user pool.
userPoolType_autoVerifiedAttributes :: Lens' UserPoolType (Maybe [VerifiedAttributeType]) Source #
The attributes that are auto-verified in a user pool.
userPoolType_creationDate :: Lens' UserPoolType (Maybe UTCTime) Source #
The date the user pool was created.
userPoolType_customDomain :: Lens' UserPoolType (Maybe Text) Source #
A custom domain name that you provide to Amazon Cognito. This parameter
applies only if you use a custom domain to host the sign-up and sign-in
pages for your application. An example of a custom domain name might be
auth.example.com
.
For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.
userPoolType_deletionProtection :: Lens' UserPoolType (Maybe DeletionProtectionType) Source #
When active, DeletionProtection
prevents accidental deletion of your
user pool. Before you can delete a user pool that you have protected
against deletion, you must deactivate this feature.
When you try to delete a protected user pool in a DeleteUserPool
API
request, Amazon Cognito returns an InvalidParameterException
error. To
delete a protected user pool, send a new DeleteUserPool
request after
you deactivate deletion protection in an UpdateUserPool
API request.
userPoolType_deviceConfiguration :: Lens' UserPoolType (Maybe DeviceConfigurationType) Source #
The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.
When you provide a value for any DeviceConfiguration
field, you
activate the Amazon Cognito device-remembering feature.
userPoolType_domain :: Lens' UserPoolType (Maybe Text) Source #
The domain prefix, if the user pool has a domain associated with it.
userPoolType_emailConfiguration :: Lens' UserPoolType (Maybe EmailConfigurationType) Source #
The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages tfrom your user pool.
userPoolType_emailConfigurationFailure :: Lens' UserPoolType (Maybe Text) Source #
Deprecated. Review error codes from API requests with
EventSource:cognito-idp.amazonaws.com
in CloudTrail for information
about problems with user pool email configuration.
userPoolType_emailVerificationMessage :: Lens' UserPoolType (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
userPoolType_emailVerificationSubject :: Lens' UserPoolType (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
userPoolType_estimatedNumberOfUsers :: Lens' UserPoolType (Maybe Int) Source #
A number estimating the size of the user pool.
userPoolType_id :: Lens' UserPoolType (Maybe Text) Source #
The ID of the user pool.
userPoolType_lambdaConfig :: Lens' UserPoolType (Maybe LambdaConfigType) Source #
The Lambda triggers associated with the user pool.
userPoolType_lastModifiedDate :: Lens' UserPoolType (Maybe UTCTime) Source #
The date the user pool was last modified.
userPoolType_mfaConfiguration :: Lens' UserPoolType (Maybe UserPoolMfaType) Source #
Can be one of the following values:
OFF
- MFA tokens aren't required and can't be specified during user registration.ON
- MFA tokens are required for all user registrations. You can only specify required when you're initially creating a user pool.OPTIONAL
- Users have the option when registering to create an MFA token.
userPoolType_name :: Lens' UserPoolType (Maybe Text) Source #
The name of the user pool.
userPoolType_policies :: Lens' UserPoolType (Maybe UserPoolPolicyType) Source #
The policies associated with the user pool.
userPoolType_schemaAttributes :: Lens' UserPoolType (Maybe (NonEmpty SchemaAttributeType)) Source #
A container with the schema attributes of a user pool.
userPoolType_smsAuthenticationMessage :: Lens' UserPoolType (Maybe Text) Source #
The contents of the SMS authentication message.
userPoolType_smsConfiguration :: Lens' UserPoolType (Maybe SmsConfigurationType) Source #
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.
userPoolType_smsConfigurationFailure :: Lens' UserPoolType (Maybe Text) Source #
The reason why the SMS configuration can't send the messages to your users.
This message might include comma-separated values to describe why your SMS configuration can't send messages to user pool end users.
- InvalidSmsRoleAccessPolicyException
- The Identity and Access Management role that Amazon Cognito uses to send SMS messages isn't properly configured. For more information, see SmsConfigurationType.
- SNSSandbox
- The Amazon Web Services account is in the SNS SMS Sandbox and messages will only reach verified end users. This parameter won’t get populated with SNSSandbox if the IAM user creating the user pool doesn’t have SNS permissions. To learn how to move your Amazon Web Services account out of the sandbox, see Moving out of the SMS sandbox.
userPoolType_smsVerificationMessage :: Lens' UserPoolType (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
userPoolType_status :: Lens' UserPoolType (Maybe StatusType) Source #
The status of a user pool.
userPoolType_userAttributeUpdateSettings :: Lens' UserPoolType (Maybe UserAttributeUpdateSettingsType) Source #
The settings for updates to user attributes. These settings include the
property AttributesRequireVerificationBeforeUpdate
, a user-pool
setting that tells Amazon Cognito how to handle changes to the value of
your users' email address and phone number attributes. For more
information, see
Verifying updates to email addresses and phone numbers.
userPoolType_userPoolAddOns :: Lens' UserPoolType (Maybe UserPoolAddOnsType) Source #
The user pool add-ons.
userPoolType_userPoolTags :: Lens' UserPoolType (Maybe (HashMap Text Text)) Source #
The tags that are assigned to the user pool. A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
userPoolType_usernameAttributes :: Lens' UserPoolType (Maybe [UsernameAttributeType]) Source #
Specifies whether a user can use an email address or phone number as a username when they sign up.
userPoolType_usernameConfiguration :: Lens' UserPoolType (Maybe UsernameConfigurationType) Source #
Case sensitivity of the username input for the selected sign-in option.
For example, when case sensitivity is set to False
, users can sign in
using either "username" or "Username". This configuration is
immutable once it has been set. For more information, see
UsernameConfigurationType.
userPoolType_verificationMessageTemplate :: Lens' UserPoolType (Maybe VerificationMessageTemplateType) Source #
The template for verification messages.
UserType
userType_attributes :: Lens' UserType (Maybe [AttributeType]) Source #
A container with information about the user type attributes.
userType_mfaOptions :: Lens' UserType (Maybe [MFAOptionType]) Source #
The MFA options for the user.
userType_userLastModifiedDate :: Lens' UserType (Maybe UTCTime) Source #
The last modified date of the user.
userType_userStatus :: Lens' UserType (Maybe UserStatusType) Source #
The user status. This can be one of the following:
- UNCONFIRMED - User has been created but not confirmed.
- CONFIRMED - User has been confirmed.
- EXTERNAL_PROVIDER - User signed in with a third-party IdP.
- ARCHIVED - User is no longer active.
- UNKNOWN - User status isn't known.
- RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.
- FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.
userType_username :: Lens' UserType (Maybe Text) Source #
The user name of the user you want to describe.
UsernameConfigurationType
usernameConfigurationType_caseSensitive :: Lens' UsernameConfigurationType Bool Source #
Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.
Valid values include:
- True
- Enables case sensitivity for all username input. When this option is
set to
True
, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value. - False
- Enables case insensitivity for all username input. For example, when
this option is set to
False
, users can sign in using either "username" or "Username". This option also enables bothpreferred_username
andemail
alias to be case insensitive, in addition to theusername
attribute.
VerificationMessageTemplateType
verificationMessageTemplateType_defaultEmailOption :: Lens' VerificationMessageTemplateType (Maybe DefaultEmailOptionType) Source #
The default email option.
verificationMessageTemplateType_emailMessage :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The template for email messages that Amazon Cognito sends to your users.
You can set an EmailMessage
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
verificationMessageTemplateType_emailMessageByLink :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The email message template for sending a confirmation link to the user.
You can set an EmailMessageByLink
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
verificationMessageTemplateType_emailSubject :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The subject line for the email message template. You can set an
EmailSubject
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
verificationMessageTemplateType_emailSubjectByLink :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The subject line for the email message template for sending a
confirmation link to the user. You can set an EmailSubjectByLink
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
verificationMessageTemplateType_smsMessage :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The template for SMS messages that Amazon Cognito sends to your users.