Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
- Service Configuration
- Errors
- AccountTakeoverEventActionType
- AdvancedSecurityModeType
- AliasAttributeType
- AttributeDataType
- AuthFlowType
- ChallengeName
- ChallengeNameType
- ChallengeResponse
- CompromisedCredentialsEventActionType
- CustomEmailSenderLambdaVersionType
- CustomSMSSenderLambdaVersionType
- DefaultEmailOptionType
- DeletionProtectionType
- DeliveryMediumType
- DeviceRememberedStatusType
- DomainStatusType
- EmailSendingAccountType
- EventFilterType
- EventResponseType
- EventType
- ExplicitAuthFlowsType
- FeedbackValueType
- IdentityProviderTypeType
- MessageActionType
- OAuthFlowType
- PreventUserExistenceErrorTypes
- RecoveryOptionNameType
- RiskDecisionType
- RiskLevelType
- StatusType
- TimeUnitsType
- UserImportJobStatusType
- UserPoolMfaType
- UserStatusType
- UsernameAttributeType
- VerifiedAttributeType
- VerifySoftwareTokenResponseType
- AccountRecoverySettingType
- AccountTakeoverActionType
- AccountTakeoverActionsType
- AccountTakeoverRiskConfigurationType
- AdminCreateUserConfigType
- AnalyticsConfigurationType
- AnalyticsMetadataType
- AttributeType
- AuthEventType
- AuthenticationResultType
- ChallengeResponseType
- CodeDeliveryDetailsType
- CompromisedCredentialsActionsType
- CompromisedCredentialsRiskConfigurationType
- ContextDataType
- CustomDomainConfigType
- CustomEmailLambdaVersionConfigType
- CustomSMSLambdaVersionConfigType
- DeviceConfigurationType
- DeviceSecretVerifierConfigType
- DeviceType
- DomainDescriptionType
- EmailConfigurationType
- EventContextDataType
- EventFeedbackType
- EventRiskType
- GroupType
- HttpHeader
- IdentityProviderType
- LambdaConfigType
- MFAOptionType
- MessageTemplateType
- NewDeviceMetadataType
- NotifyConfigurationType
- NotifyEmailType
- NumberAttributeConstraintsType
- PasswordPolicyType
- ProviderDescription
- ProviderUserIdentifierType
- RecoveryOptionType
- ResourceServerScopeType
- ResourceServerType
- RiskConfigurationType
- RiskExceptionConfigurationType
- SMSMfaSettingsType
- SchemaAttributeType
- SmsConfigurationType
- SmsMfaConfigType
- SoftwareTokenMfaConfigType
- SoftwareTokenMfaSettingsType
- StringAttributeConstraintsType
- TokenValidityUnitsType
- UICustomizationType
- UserAttributeUpdateSettingsType
- UserContextDataType
- UserImportJobType
- UserPoolAddOnsType
- UserPoolClientDescription
- UserPoolClientType
- UserPoolDescriptionType
- UserPoolPolicyType
- UserPoolType
- UserType
- UsernameConfigurationType
- VerificationMessageTemplateType
Synopsis
- defaultService :: Service
- _AliasExistsException :: AsError a => Fold a ServiceError
- _CodeDeliveryFailureException :: AsError a => Fold a ServiceError
- _CodeMismatchException :: AsError a => Fold a ServiceError
- _ConcurrentModificationException :: AsError a => Fold a ServiceError
- _DuplicateProviderException :: AsError a => Fold a ServiceError
- _EnableSoftwareTokenMFAException :: AsError a => Fold a ServiceError
- _ExpiredCodeException :: AsError a => Fold a ServiceError
- _ForbiddenException :: AsError a => Fold a ServiceError
- _GroupExistsException :: AsError a => Fold a ServiceError
- _InternalErrorException :: AsError a => Fold a ServiceError
- _InvalidEmailRoleAccessPolicyException :: AsError a => Fold a ServiceError
- _InvalidLambdaResponseException :: AsError a => Fold a ServiceError
- _InvalidOAuthFlowException :: AsError a => Fold a ServiceError
- _InvalidParameterException :: AsError a => Fold a ServiceError
- _InvalidPasswordException :: AsError a => Fold a ServiceError
- _InvalidSmsRoleAccessPolicyException :: AsError a => Fold a ServiceError
- _InvalidSmsRoleTrustRelationshipException :: AsError a => Fold a ServiceError
- _InvalidUserPoolConfigurationException :: AsError a => Fold a ServiceError
- _LimitExceededException :: AsError a => Fold a ServiceError
- _MFAMethodNotFoundException :: AsError a => Fold a ServiceError
- _NotAuthorizedException :: AsError a => Fold a ServiceError
- _PasswordResetRequiredException :: AsError a => Fold a ServiceError
- _PreconditionNotMetException :: AsError a => Fold a ServiceError
- _ResourceNotFoundException :: AsError a => Fold a ServiceError
- _ScopeDoesNotExistException :: AsError a => Fold a ServiceError
- _SoftwareTokenMFANotFoundException :: AsError a => Fold a ServiceError
- _TooManyFailedAttemptsException :: AsError a => Fold a ServiceError
- _TooManyRequestsException :: AsError a => Fold a ServiceError
- _UnauthorizedException :: AsError a => Fold a ServiceError
- _UnexpectedLambdaException :: AsError a => Fold a ServiceError
- _UnsupportedIdentityProviderException :: AsError a => Fold a ServiceError
- _UnsupportedOperationException :: AsError a => Fold a ServiceError
- _UnsupportedTokenTypeException :: AsError a => Fold a ServiceError
- _UnsupportedUserStateException :: AsError a => Fold a ServiceError
- _UserImportInProgressException :: AsError a => Fold a ServiceError
- _UserLambdaValidationException :: AsError a => Fold a ServiceError
- _UserNotConfirmedException :: AsError a => Fold a ServiceError
- _UserNotFoundException :: AsError a => Fold a ServiceError
- _UserPoolAddOnNotEnabledException :: AsError a => Fold a ServiceError
- _UserPoolTaggingException :: AsError a => Fold a ServiceError
- _UsernameExistsException :: AsError a => Fold a ServiceError
- newtype AccountTakeoverEventActionType where
- AccountTakeoverEventActionType' { }
- pattern AccountTakeoverEventActionType_BLOCK :: AccountTakeoverEventActionType
- pattern AccountTakeoverEventActionType_MFA_IF_CONFIGURED :: AccountTakeoverEventActionType
- pattern AccountTakeoverEventActionType_MFA_REQUIRED :: AccountTakeoverEventActionType
- pattern AccountTakeoverEventActionType_NO_ACTION :: AccountTakeoverEventActionType
- newtype AdvancedSecurityModeType where
- newtype AliasAttributeType where
- newtype AttributeDataType where
- AttributeDataType' { }
- pattern AttributeDataType_Boolean :: AttributeDataType
- pattern AttributeDataType_DateTime :: AttributeDataType
- pattern AttributeDataType_Number :: AttributeDataType
- pattern AttributeDataType_String :: AttributeDataType
- newtype AuthFlowType where
- AuthFlowType' { }
- pattern AuthFlowType_ADMIN_NO_SRP_AUTH :: AuthFlowType
- pattern AuthFlowType_ADMIN_USER_PASSWORD_AUTH :: AuthFlowType
- pattern AuthFlowType_CUSTOM_AUTH :: AuthFlowType
- pattern AuthFlowType_REFRESH_TOKEN :: AuthFlowType
- pattern AuthFlowType_REFRESH_TOKEN_AUTH :: AuthFlowType
- pattern AuthFlowType_USER_PASSWORD_AUTH :: AuthFlowType
- pattern AuthFlowType_USER_SRP_AUTH :: AuthFlowType
- newtype ChallengeName where
- ChallengeName' { }
- pattern ChallengeName_Mfa :: ChallengeName
- pattern ChallengeName_Password :: ChallengeName
- newtype ChallengeNameType where
- ChallengeNameType' { }
- pattern ChallengeNameType_ADMIN_NO_SRP_AUTH :: ChallengeNameType
- pattern ChallengeNameType_CUSTOM_CHALLENGE :: ChallengeNameType
- pattern ChallengeNameType_DEVICE_PASSWORD_VERIFIER :: ChallengeNameType
- pattern ChallengeNameType_DEVICE_SRP_AUTH :: ChallengeNameType
- pattern ChallengeNameType_MFA_SETUP :: ChallengeNameType
- pattern ChallengeNameType_NEW_PASSWORD_REQUIRED :: ChallengeNameType
- pattern ChallengeNameType_PASSWORD_VERIFIER :: ChallengeNameType
- pattern ChallengeNameType_SELECT_MFA_TYPE :: ChallengeNameType
- pattern ChallengeNameType_SMS_MFA :: ChallengeNameType
- pattern ChallengeNameType_SOFTWARE_TOKEN_MFA :: ChallengeNameType
- newtype ChallengeResponse where
- ChallengeResponse' { }
- pattern ChallengeResponse_Failure :: ChallengeResponse
- pattern ChallengeResponse_Success :: ChallengeResponse
- newtype CompromisedCredentialsEventActionType where
- newtype CustomEmailSenderLambdaVersionType where
- newtype CustomSMSSenderLambdaVersionType where
- newtype DefaultEmailOptionType where
- newtype DeletionProtectionType where
- newtype DeliveryMediumType where
- DeliveryMediumType' { }
- pattern DeliveryMediumType_EMAIL :: DeliveryMediumType
- pattern DeliveryMediumType_SMS :: DeliveryMediumType
- newtype DeviceRememberedStatusType where
- newtype DomainStatusType where
- DomainStatusType' { }
- pattern DomainStatusType_ACTIVE :: DomainStatusType
- pattern DomainStatusType_CREATING :: DomainStatusType
- pattern DomainStatusType_DELETING :: DomainStatusType
- pattern DomainStatusType_FAILED :: DomainStatusType
- pattern DomainStatusType_UPDATING :: DomainStatusType
- newtype EmailSendingAccountType where
- newtype EventFilterType where
- EventFilterType' { }
- pattern EventFilterType_PASSWORD_CHANGE :: EventFilterType
- pattern EventFilterType_SIGN_IN :: EventFilterType
- pattern EventFilterType_SIGN_UP :: EventFilterType
- newtype EventResponseType where
- EventResponseType' { }
- pattern EventResponseType_Fail :: EventResponseType
- pattern EventResponseType_InProgress :: EventResponseType
- pattern EventResponseType_Pass :: EventResponseType
- newtype EventType where
- EventType' { }
- pattern EventType_ForgotPassword :: EventType
- pattern EventType_PasswordChange :: EventType
- pattern EventType_ResendCode :: EventType
- pattern EventType_SignIn :: EventType
- pattern EventType_SignUp :: EventType
- newtype ExplicitAuthFlowsType where
- ExplicitAuthFlowsType' { }
- pattern ExplicitAuthFlowsType_ADMIN_NO_SRP_AUTH :: ExplicitAuthFlowsType
- pattern ExplicitAuthFlowsType_ALLOW_ADMIN_USER_PASSWORD_AUTH :: ExplicitAuthFlowsType
- pattern ExplicitAuthFlowsType_ALLOW_CUSTOM_AUTH :: ExplicitAuthFlowsType
- pattern ExplicitAuthFlowsType_ALLOW_REFRESH_TOKEN_AUTH :: ExplicitAuthFlowsType
- pattern ExplicitAuthFlowsType_ALLOW_USER_PASSWORD_AUTH :: ExplicitAuthFlowsType
- pattern ExplicitAuthFlowsType_ALLOW_USER_SRP_AUTH :: ExplicitAuthFlowsType
- pattern ExplicitAuthFlowsType_CUSTOM_AUTH_FLOW_ONLY :: ExplicitAuthFlowsType
- pattern ExplicitAuthFlowsType_USER_PASSWORD_AUTH :: ExplicitAuthFlowsType
- newtype FeedbackValueType where
- FeedbackValueType' { }
- pattern FeedbackValueType_Invalid :: FeedbackValueType
- pattern FeedbackValueType_Valid :: FeedbackValueType
- newtype IdentityProviderTypeType where
- IdentityProviderTypeType' { }
- pattern IdentityProviderTypeType_Facebook :: IdentityProviderTypeType
- pattern IdentityProviderTypeType_Google :: IdentityProviderTypeType
- pattern IdentityProviderTypeType_LoginWithAmazon :: IdentityProviderTypeType
- pattern IdentityProviderTypeType_OIDC :: IdentityProviderTypeType
- pattern IdentityProviderTypeType_SAML :: IdentityProviderTypeType
- pattern IdentityProviderTypeType_SignInWithApple :: IdentityProviderTypeType
- newtype MessageActionType where
- MessageActionType' { }
- pattern MessageActionType_RESEND :: MessageActionType
- pattern MessageActionType_SUPPRESS :: MessageActionType
- newtype OAuthFlowType where
- OAuthFlowType' { }
- pattern OAuthFlowType_Client_credentials :: OAuthFlowType
- pattern OAuthFlowType_Code :: OAuthFlowType
- pattern OAuthFlowType_Implicit :: OAuthFlowType
- newtype PreventUserExistenceErrorTypes where
- newtype RecoveryOptionNameType where
- newtype RiskDecisionType where
- RiskDecisionType' { }
- pattern RiskDecisionType_AccountTakeover :: RiskDecisionType
- pattern RiskDecisionType_Block :: RiskDecisionType
- pattern RiskDecisionType_NoRisk :: RiskDecisionType
- newtype RiskLevelType where
- RiskLevelType' { }
- pattern RiskLevelType_High :: RiskLevelType
- pattern RiskLevelType_Low :: RiskLevelType
- pattern RiskLevelType_Medium :: RiskLevelType
- newtype StatusType where
- StatusType' { }
- pattern StatusType_Disabled :: StatusType
- pattern StatusType_Enabled :: StatusType
- newtype TimeUnitsType where
- TimeUnitsType' { }
- pattern TimeUnitsType_Days :: TimeUnitsType
- pattern TimeUnitsType_Hours :: TimeUnitsType
- pattern TimeUnitsType_Minutes :: TimeUnitsType
- pattern TimeUnitsType_Seconds :: TimeUnitsType
- newtype UserImportJobStatusType where
- UserImportJobStatusType' { }
- pattern UserImportJobStatusType_Created :: UserImportJobStatusType
- pattern UserImportJobStatusType_Expired :: UserImportJobStatusType
- pattern UserImportJobStatusType_Failed :: UserImportJobStatusType
- pattern UserImportJobStatusType_InProgress :: UserImportJobStatusType
- pattern UserImportJobStatusType_Pending :: UserImportJobStatusType
- pattern UserImportJobStatusType_Stopped :: UserImportJobStatusType
- pattern UserImportJobStatusType_Stopping :: UserImportJobStatusType
- pattern UserImportJobStatusType_Succeeded :: UserImportJobStatusType
- newtype UserPoolMfaType where
- UserPoolMfaType' { }
- pattern UserPoolMfaType_OFF :: UserPoolMfaType
- pattern UserPoolMfaType_ON :: UserPoolMfaType
- pattern UserPoolMfaType_OPTIONAL :: UserPoolMfaType
- newtype UserStatusType where
- UserStatusType' { }
- pattern UserStatusType_ARCHIVED :: UserStatusType
- pattern UserStatusType_COMPROMISED :: UserStatusType
- pattern UserStatusType_CONFIRMED :: UserStatusType
- pattern UserStatusType_FORCE_CHANGE_PASSWORD :: UserStatusType
- pattern UserStatusType_RESET_REQUIRED :: UserStatusType
- pattern UserStatusType_UNCONFIRMED :: UserStatusType
- pattern UserStatusType_UNKNOWN :: UserStatusType
- newtype UsernameAttributeType where
- newtype VerifiedAttributeType where
- newtype VerifySoftwareTokenResponseType where
- data AccountRecoverySettingType = AccountRecoverySettingType' {}
- newAccountRecoverySettingType :: AccountRecoverySettingType
- accountRecoverySettingType_recoveryMechanisms :: Lens' AccountRecoverySettingType (Maybe (NonEmpty RecoveryOptionType))
- data AccountTakeoverActionType = AccountTakeoverActionType' {}
- newAccountTakeoverActionType :: Bool -> AccountTakeoverEventActionType -> AccountTakeoverActionType
- accountTakeoverActionType_notify :: Lens' AccountTakeoverActionType Bool
- accountTakeoverActionType_eventAction :: Lens' AccountTakeoverActionType AccountTakeoverEventActionType
- data AccountTakeoverActionsType = AccountTakeoverActionsType' {}
- newAccountTakeoverActionsType :: AccountTakeoverActionsType
- accountTakeoverActionsType_highAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType)
- accountTakeoverActionsType_lowAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType)
- accountTakeoverActionsType_mediumAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType)
- data AccountTakeoverRiskConfigurationType = AccountTakeoverRiskConfigurationType' {}
- newAccountTakeoverRiskConfigurationType :: AccountTakeoverActionsType -> AccountTakeoverRiskConfigurationType
- accountTakeoverRiskConfigurationType_notifyConfiguration :: Lens' AccountTakeoverRiskConfigurationType (Maybe NotifyConfigurationType)
- accountTakeoverRiskConfigurationType_actions :: Lens' AccountTakeoverRiskConfigurationType AccountTakeoverActionsType
- data AdminCreateUserConfigType = AdminCreateUserConfigType' {}
- newAdminCreateUserConfigType :: AdminCreateUserConfigType
- adminCreateUserConfigType_allowAdminCreateUserOnly :: Lens' AdminCreateUserConfigType (Maybe Bool)
- adminCreateUserConfigType_inviteMessageTemplate :: Lens' AdminCreateUserConfigType (Maybe MessageTemplateType)
- adminCreateUserConfigType_unusedAccountValidityDays :: Lens' AdminCreateUserConfigType (Maybe Natural)
- data AnalyticsConfigurationType = AnalyticsConfigurationType' {}
- newAnalyticsConfigurationType :: AnalyticsConfigurationType
- analyticsConfigurationType_applicationArn :: Lens' AnalyticsConfigurationType (Maybe Text)
- analyticsConfigurationType_applicationId :: Lens' AnalyticsConfigurationType (Maybe Text)
- analyticsConfigurationType_externalId :: Lens' AnalyticsConfigurationType (Maybe Text)
- analyticsConfigurationType_roleArn :: Lens' AnalyticsConfigurationType (Maybe Text)
- analyticsConfigurationType_userDataShared :: Lens' AnalyticsConfigurationType (Maybe Bool)
- data AnalyticsMetadataType = AnalyticsMetadataType' {}
- newAnalyticsMetadataType :: AnalyticsMetadataType
- analyticsMetadataType_analyticsEndpointId :: Lens' AnalyticsMetadataType (Maybe Text)
- data AttributeType = AttributeType' {}
- newAttributeType :: Text -> AttributeType
- attributeType_value :: Lens' AttributeType (Maybe Text)
- attributeType_name :: Lens' AttributeType Text
- data AuthEventType = AuthEventType' {}
- newAuthEventType :: AuthEventType
- authEventType_challengeResponses :: Lens' AuthEventType (Maybe [ChallengeResponseType])
- authEventType_creationDate :: Lens' AuthEventType (Maybe UTCTime)
- authEventType_eventContextData :: Lens' AuthEventType (Maybe EventContextDataType)
- authEventType_eventFeedback :: Lens' AuthEventType (Maybe EventFeedbackType)
- authEventType_eventId :: Lens' AuthEventType (Maybe Text)
- authEventType_eventResponse :: Lens' AuthEventType (Maybe EventResponseType)
- authEventType_eventRisk :: Lens' AuthEventType (Maybe EventRiskType)
- authEventType_eventType :: Lens' AuthEventType (Maybe EventType)
- data AuthenticationResultType = AuthenticationResultType' {}
- newAuthenticationResultType :: AuthenticationResultType
- authenticationResultType_accessToken :: Lens' AuthenticationResultType (Maybe Text)
- authenticationResultType_expiresIn :: Lens' AuthenticationResultType (Maybe Int)
- authenticationResultType_idToken :: Lens' AuthenticationResultType (Maybe Text)
- authenticationResultType_newDeviceMetadata :: Lens' AuthenticationResultType (Maybe NewDeviceMetadataType)
- authenticationResultType_refreshToken :: Lens' AuthenticationResultType (Maybe Text)
- authenticationResultType_tokenType :: Lens' AuthenticationResultType (Maybe Text)
- data ChallengeResponseType = ChallengeResponseType' {}
- newChallengeResponseType :: ChallengeResponseType
- challengeResponseType_challengeName :: Lens' ChallengeResponseType (Maybe ChallengeName)
- challengeResponseType_challengeResponse :: Lens' ChallengeResponseType (Maybe ChallengeResponse)
- data CodeDeliveryDetailsType = CodeDeliveryDetailsType' {}
- newCodeDeliveryDetailsType :: CodeDeliveryDetailsType
- codeDeliveryDetailsType_attributeName :: Lens' CodeDeliveryDetailsType (Maybe Text)
- codeDeliveryDetailsType_deliveryMedium :: Lens' CodeDeliveryDetailsType (Maybe DeliveryMediumType)
- codeDeliveryDetailsType_destination :: Lens' CodeDeliveryDetailsType (Maybe Text)
- data CompromisedCredentialsActionsType = CompromisedCredentialsActionsType' {}
- newCompromisedCredentialsActionsType :: CompromisedCredentialsEventActionType -> CompromisedCredentialsActionsType
- compromisedCredentialsActionsType_eventAction :: Lens' CompromisedCredentialsActionsType CompromisedCredentialsEventActionType
- data CompromisedCredentialsRiskConfigurationType = CompromisedCredentialsRiskConfigurationType' {}
- newCompromisedCredentialsRiskConfigurationType :: CompromisedCredentialsActionsType -> CompromisedCredentialsRiskConfigurationType
- compromisedCredentialsRiskConfigurationType_eventFilter :: Lens' CompromisedCredentialsRiskConfigurationType (Maybe [EventFilterType])
- compromisedCredentialsRiskConfigurationType_actions :: Lens' CompromisedCredentialsRiskConfigurationType CompromisedCredentialsActionsType
- data ContextDataType = ContextDataType' {
- encodedData :: Maybe Text
- ipAddress :: Text
- serverName :: Text
- serverPath :: Text
- httpHeaders :: [HttpHeader]
- newContextDataType :: Text -> Text -> Text -> ContextDataType
- contextDataType_encodedData :: Lens' ContextDataType (Maybe Text)
- contextDataType_ipAddress :: Lens' ContextDataType Text
- contextDataType_serverName :: Lens' ContextDataType Text
- contextDataType_serverPath :: Lens' ContextDataType Text
- contextDataType_httpHeaders :: Lens' ContextDataType [HttpHeader]
- data CustomDomainConfigType = CustomDomainConfigType' {}
- newCustomDomainConfigType :: Text -> CustomDomainConfigType
- customDomainConfigType_certificateArn :: Lens' CustomDomainConfigType Text
- data CustomEmailLambdaVersionConfigType = CustomEmailLambdaVersionConfigType' {}
- newCustomEmailLambdaVersionConfigType :: CustomEmailSenderLambdaVersionType -> Text -> CustomEmailLambdaVersionConfigType
- customEmailLambdaVersionConfigType_lambdaVersion :: Lens' CustomEmailLambdaVersionConfigType CustomEmailSenderLambdaVersionType
- customEmailLambdaVersionConfigType_lambdaArn :: Lens' CustomEmailLambdaVersionConfigType Text
- data CustomSMSLambdaVersionConfigType = CustomSMSLambdaVersionConfigType' {}
- newCustomSMSLambdaVersionConfigType :: CustomSMSSenderLambdaVersionType -> Text -> CustomSMSLambdaVersionConfigType
- customSMSLambdaVersionConfigType_lambdaVersion :: Lens' CustomSMSLambdaVersionConfigType CustomSMSSenderLambdaVersionType
- customSMSLambdaVersionConfigType_lambdaArn :: Lens' CustomSMSLambdaVersionConfigType Text
- data DeviceConfigurationType = DeviceConfigurationType' {}
- newDeviceConfigurationType :: DeviceConfigurationType
- deviceConfigurationType_challengeRequiredOnNewDevice :: Lens' DeviceConfigurationType (Maybe Bool)
- deviceConfigurationType_deviceOnlyRememberedOnUserPrompt :: Lens' DeviceConfigurationType (Maybe Bool)
- data DeviceSecretVerifierConfigType = DeviceSecretVerifierConfigType' {}
- newDeviceSecretVerifierConfigType :: DeviceSecretVerifierConfigType
- deviceSecretVerifierConfigType_passwordVerifier :: Lens' DeviceSecretVerifierConfigType (Maybe Text)
- deviceSecretVerifierConfigType_salt :: Lens' DeviceSecretVerifierConfigType (Maybe Text)
- data DeviceType = DeviceType' {}
- newDeviceType :: DeviceType
- deviceType_deviceAttributes :: Lens' DeviceType (Maybe [AttributeType])
- deviceType_deviceCreateDate :: Lens' DeviceType (Maybe UTCTime)
- deviceType_deviceKey :: Lens' DeviceType (Maybe Text)
- deviceType_deviceLastAuthenticatedDate :: Lens' DeviceType (Maybe UTCTime)
- deviceType_deviceLastModifiedDate :: Lens' DeviceType (Maybe UTCTime)
- data DomainDescriptionType = DomainDescriptionType' {}
- newDomainDescriptionType :: DomainDescriptionType
- domainDescriptionType_aWSAccountId :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_cloudFrontDistribution :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_customDomainConfig :: Lens' DomainDescriptionType (Maybe CustomDomainConfigType)
- domainDescriptionType_domain :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_s3Bucket :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_status :: Lens' DomainDescriptionType (Maybe DomainStatusType)
- domainDescriptionType_userPoolId :: Lens' DomainDescriptionType (Maybe Text)
- domainDescriptionType_version :: Lens' DomainDescriptionType (Maybe Text)
- data EmailConfigurationType = EmailConfigurationType' {}
- newEmailConfigurationType :: EmailConfigurationType
- emailConfigurationType_configurationSet :: Lens' EmailConfigurationType (Maybe Text)
- emailConfigurationType_emailSendingAccount :: Lens' EmailConfigurationType (Maybe EmailSendingAccountType)
- emailConfigurationType_from :: Lens' EmailConfigurationType (Maybe Text)
- emailConfigurationType_replyToEmailAddress :: Lens' EmailConfigurationType (Maybe Text)
- emailConfigurationType_sourceArn :: Lens' EmailConfigurationType (Maybe Text)
- data EventContextDataType = EventContextDataType' {}
- newEventContextDataType :: EventContextDataType
- eventContextDataType_city :: Lens' EventContextDataType (Maybe Text)
- eventContextDataType_country :: Lens' EventContextDataType (Maybe Text)
- eventContextDataType_deviceName :: Lens' EventContextDataType (Maybe Text)
- eventContextDataType_ipAddress :: Lens' EventContextDataType (Maybe Text)
- eventContextDataType_timezone :: Lens' EventContextDataType (Maybe Text)
- data EventFeedbackType = EventFeedbackType' {}
- newEventFeedbackType :: FeedbackValueType -> Text -> EventFeedbackType
- eventFeedbackType_feedbackDate :: Lens' EventFeedbackType (Maybe UTCTime)
- eventFeedbackType_feedbackValue :: Lens' EventFeedbackType FeedbackValueType
- eventFeedbackType_provider :: Lens' EventFeedbackType Text
- data EventRiskType = EventRiskType' {}
- newEventRiskType :: EventRiskType
- eventRiskType_compromisedCredentialsDetected :: Lens' EventRiskType (Maybe Bool)
- eventRiskType_riskDecision :: Lens' EventRiskType (Maybe RiskDecisionType)
- eventRiskType_riskLevel :: Lens' EventRiskType (Maybe RiskLevelType)
- data GroupType = GroupType' {}
- newGroupType :: GroupType
- groupType_creationDate :: Lens' GroupType (Maybe UTCTime)
- groupType_description :: Lens' GroupType (Maybe Text)
- groupType_groupName :: Lens' GroupType (Maybe Text)
- groupType_lastModifiedDate :: Lens' GroupType (Maybe UTCTime)
- groupType_precedence :: Lens' GroupType (Maybe Natural)
- groupType_roleArn :: Lens' GroupType (Maybe Text)
- groupType_userPoolId :: Lens' GroupType (Maybe Text)
- data HttpHeader = HttpHeader' {
- headerName :: Maybe Text
- headerValue :: Maybe Text
- newHttpHeader :: HttpHeader
- httpHeader_headerName :: Lens' HttpHeader (Maybe Text)
- httpHeader_headerValue :: Lens' HttpHeader (Maybe Text)
- data IdentityProviderType = IdentityProviderType' {}
- newIdentityProviderType :: IdentityProviderType
- identityProviderType_attributeMapping :: Lens' IdentityProviderType (Maybe (HashMap Text Text))
- identityProviderType_creationDate :: Lens' IdentityProviderType (Maybe UTCTime)
- identityProviderType_idpIdentifiers :: Lens' IdentityProviderType (Maybe [Text])
- identityProviderType_lastModifiedDate :: Lens' IdentityProviderType (Maybe UTCTime)
- identityProviderType_providerDetails :: Lens' IdentityProviderType (Maybe (HashMap Text Text))
- identityProviderType_providerName :: Lens' IdentityProviderType (Maybe Text)
- identityProviderType_providerType :: Lens' IdentityProviderType (Maybe IdentityProviderTypeType)
- identityProviderType_userPoolId :: Lens' IdentityProviderType (Maybe Text)
- data LambdaConfigType = LambdaConfigType' {
- createAuthChallenge :: Maybe Text
- customEmailSender :: Maybe CustomEmailLambdaVersionConfigType
- customMessage :: Maybe Text
- customSMSSender :: Maybe CustomSMSLambdaVersionConfigType
- defineAuthChallenge :: Maybe Text
- kmsKeyID :: Maybe Text
- postAuthentication :: Maybe Text
- postConfirmation :: Maybe Text
- preAuthentication :: Maybe Text
- preSignUp :: Maybe Text
- preTokenGeneration :: Maybe Text
- userMigration :: Maybe Text
- verifyAuthChallengeResponse :: Maybe Text
- newLambdaConfigType :: LambdaConfigType
- lambdaConfigType_createAuthChallenge :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_customEmailSender :: Lens' LambdaConfigType (Maybe CustomEmailLambdaVersionConfigType)
- lambdaConfigType_customMessage :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_customSMSSender :: Lens' LambdaConfigType (Maybe CustomSMSLambdaVersionConfigType)
- lambdaConfigType_defineAuthChallenge :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_kmsKeyID :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_postAuthentication :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_postConfirmation :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_preAuthentication :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_preSignUp :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_preTokenGeneration :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_userMigration :: Lens' LambdaConfigType (Maybe Text)
- lambdaConfigType_verifyAuthChallengeResponse :: Lens' LambdaConfigType (Maybe Text)
- data MFAOptionType = MFAOptionType' {}
- newMFAOptionType :: MFAOptionType
- mfaOptionType_attributeName :: Lens' MFAOptionType (Maybe Text)
- mfaOptionType_deliveryMedium :: Lens' MFAOptionType (Maybe DeliveryMediumType)
- data MessageTemplateType = MessageTemplateType' {}
- newMessageTemplateType :: MessageTemplateType
- messageTemplateType_emailMessage :: Lens' MessageTemplateType (Maybe Text)
- messageTemplateType_emailSubject :: Lens' MessageTemplateType (Maybe Text)
- messageTemplateType_sMSMessage :: Lens' MessageTemplateType (Maybe Text)
- data NewDeviceMetadataType = NewDeviceMetadataType' {}
- newNewDeviceMetadataType :: NewDeviceMetadataType
- newDeviceMetadataType_deviceGroupKey :: Lens' NewDeviceMetadataType (Maybe Text)
- newDeviceMetadataType_deviceKey :: Lens' NewDeviceMetadataType (Maybe Text)
- data NotifyConfigurationType = NotifyConfigurationType' {}
- newNotifyConfigurationType :: Text -> NotifyConfigurationType
- notifyConfigurationType_blockEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType)
- notifyConfigurationType_from :: Lens' NotifyConfigurationType (Maybe Text)
- notifyConfigurationType_mfaEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType)
- notifyConfigurationType_noActionEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType)
- notifyConfigurationType_replyTo :: Lens' NotifyConfigurationType (Maybe Text)
- notifyConfigurationType_sourceArn :: Lens' NotifyConfigurationType Text
- data NotifyEmailType = NotifyEmailType' {}
- newNotifyEmailType :: Text -> NotifyEmailType
- notifyEmailType_htmlBody :: Lens' NotifyEmailType (Maybe Text)
- notifyEmailType_textBody :: Lens' NotifyEmailType (Maybe Text)
- notifyEmailType_subject :: Lens' NotifyEmailType Text
- data NumberAttributeConstraintsType = NumberAttributeConstraintsType' {}
- newNumberAttributeConstraintsType :: NumberAttributeConstraintsType
- numberAttributeConstraintsType_maxValue :: Lens' NumberAttributeConstraintsType (Maybe Text)
- numberAttributeConstraintsType_minValue :: Lens' NumberAttributeConstraintsType (Maybe Text)
- data PasswordPolicyType = PasswordPolicyType' {}
- newPasswordPolicyType :: PasswordPolicyType
- passwordPolicyType_minimumLength :: Lens' PasswordPolicyType (Maybe Natural)
- passwordPolicyType_requireLowercase :: Lens' PasswordPolicyType (Maybe Bool)
- passwordPolicyType_requireNumbers :: Lens' PasswordPolicyType (Maybe Bool)
- passwordPolicyType_requireSymbols :: Lens' PasswordPolicyType (Maybe Bool)
- passwordPolicyType_requireUppercase :: Lens' PasswordPolicyType (Maybe Bool)
- passwordPolicyType_temporaryPasswordValidityDays :: Lens' PasswordPolicyType (Maybe Natural)
- data ProviderDescription = ProviderDescription' {}
- newProviderDescription :: ProviderDescription
- providerDescription_creationDate :: Lens' ProviderDescription (Maybe UTCTime)
- providerDescription_lastModifiedDate :: Lens' ProviderDescription (Maybe UTCTime)
- providerDescription_providerName :: Lens' ProviderDescription (Maybe Text)
- providerDescription_providerType :: Lens' ProviderDescription (Maybe IdentityProviderTypeType)
- data ProviderUserIdentifierType = ProviderUserIdentifierType' {}
- newProviderUserIdentifierType :: ProviderUserIdentifierType
- providerUserIdentifierType_providerAttributeName :: Lens' ProviderUserIdentifierType (Maybe Text)
- providerUserIdentifierType_providerAttributeValue :: Lens' ProviderUserIdentifierType (Maybe Text)
- providerUserIdentifierType_providerName :: Lens' ProviderUserIdentifierType (Maybe Text)
- data RecoveryOptionType = RecoveryOptionType' {}
- newRecoveryOptionType :: Natural -> RecoveryOptionNameType -> RecoveryOptionType
- recoveryOptionType_priority :: Lens' RecoveryOptionType Natural
- recoveryOptionType_name :: Lens' RecoveryOptionType RecoveryOptionNameType
- data ResourceServerScopeType = ResourceServerScopeType' {}
- newResourceServerScopeType :: Text -> Text -> ResourceServerScopeType
- resourceServerScopeType_scopeName :: Lens' ResourceServerScopeType Text
- resourceServerScopeType_scopeDescription :: Lens' ResourceServerScopeType Text
- data ResourceServerType = ResourceServerType' {
- identifier :: Maybe Text
- name :: Maybe Text
- scopes :: Maybe [ResourceServerScopeType]
- userPoolId :: Maybe Text
- newResourceServerType :: ResourceServerType
- resourceServerType_identifier :: Lens' ResourceServerType (Maybe Text)
- resourceServerType_name :: Lens' ResourceServerType (Maybe Text)
- resourceServerType_scopes :: Lens' ResourceServerType (Maybe [ResourceServerScopeType])
- resourceServerType_userPoolId :: Lens' ResourceServerType (Maybe Text)
- data RiskConfigurationType = RiskConfigurationType' {
- accountTakeoverRiskConfiguration :: Maybe AccountTakeoverRiskConfigurationType
- clientId :: Maybe (Sensitive Text)
- compromisedCredentialsRiskConfiguration :: Maybe CompromisedCredentialsRiskConfigurationType
- lastModifiedDate :: Maybe POSIX
- riskExceptionConfiguration :: Maybe RiskExceptionConfigurationType
- userPoolId :: Maybe Text
- newRiskConfigurationType :: RiskConfigurationType
- riskConfigurationType_accountTakeoverRiskConfiguration :: Lens' RiskConfigurationType (Maybe AccountTakeoverRiskConfigurationType)
- riskConfigurationType_clientId :: Lens' RiskConfigurationType (Maybe Text)
- riskConfigurationType_compromisedCredentialsRiskConfiguration :: Lens' RiskConfigurationType (Maybe CompromisedCredentialsRiskConfigurationType)
- riskConfigurationType_lastModifiedDate :: Lens' RiskConfigurationType (Maybe UTCTime)
- riskConfigurationType_riskExceptionConfiguration :: Lens' RiskConfigurationType (Maybe RiskExceptionConfigurationType)
- riskConfigurationType_userPoolId :: Lens' RiskConfigurationType (Maybe Text)
- data RiskExceptionConfigurationType = RiskExceptionConfigurationType' {
- blockedIPRangeList :: Maybe [Text]
- skippedIPRangeList :: Maybe [Text]
- newRiskExceptionConfigurationType :: RiskExceptionConfigurationType
- riskExceptionConfigurationType_blockedIPRangeList :: Lens' RiskExceptionConfigurationType (Maybe [Text])
- riskExceptionConfigurationType_skippedIPRangeList :: Lens' RiskExceptionConfigurationType (Maybe [Text])
- data SMSMfaSettingsType = SMSMfaSettingsType' {}
- newSMSMfaSettingsType :: SMSMfaSettingsType
- sMSMfaSettingsType_enabled :: Lens' SMSMfaSettingsType (Maybe Bool)
- sMSMfaSettingsType_preferredMfa :: Lens' SMSMfaSettingsType (Maybe Bool)
- data SchemaAttributeType = SchemaAttributeType' {}
- newSchemaAttributeType :: SchemaAttributeType
- schemaAttributeType_attributeDataType :: Lens' SchemaAttributeType (Maybe AttributeDataType)
- schemaAttributeType_developerOnlyAttribute :: Lens' SchemaAttributeType (Maybe Bool)
- schemaAttributeType_mutable :: Lens' SchemaAttributeType (Maybe Bool)
- schemaAttributeType_name :: Lens' SchemaAttributeType (Maybe Text)
- schemaAttributeType_numberAttributeConstraints :: Lens' SchemaAttributeType (Maybe NumberAttributeConstraintsType)
- schemaAttributeType_required :: Lens' SchemaAttributeType (Maybe Bool)
- schemaAttributeType_stringAttributeConstraints :: Lens' SchemaAttributeType (Maybe StringAttributeConstraintsType)
- data SmsConfigurationType = SmsConfigurationType' {
- externalId :: Maybe Text
- snsRegion :: Maybe Text
- snsCallerArn :: Text
- newSmsConfigurationType :: Text -> SmsConfigurationType
- smsConfigurationType_externalId :: Lens' SmsConfigurationType (Maybe Text)
- smsConfigurationType_snsRegion :: Lens' SmsConfigurationType (Maybe Text)
- smsConfigurationType_snsCallerArn :: Lens' SmsConfigurationType Text
- data SmsMfaConfigType = SmsMfaConfigType' {}
- newSmsMfaConfigType :: SmsMfaConfigType
- smsMfaConfigType_smsAuthenticationMessage :: Lens' SmsMfaConfigType (Maybe Text)
- smsMfaConfigType_smsConfiguration :: Lens' SmsMfaConfigType (Maybe SmsConfigurationType)
- data SoftwareTokenMfaConfigType = SoftwareTokenMfaConfigType' {}
- newSoftwareTokenMfaConfigType :: SoftwareTokenMfaConfigType
- softwareTokenMfaConfigType_enabled :: Lens' SoftwareTokenMfaConfigType (Maybe Bool)
- data SoftwareTokenMfaSettingsType = SoftwareTokenMfaSettingsType' {}
- newSoftwareTokenMfaSettingsType :: SoftwareTokenMfaSettingsType
- softwareTokenMfaSettingsType_enabled :: Lens' SoftwareTokenMfaSettingsType (Maybe Bool)
- softwareTokenMfaSettingsType_preferredMfa :: Lens' SoftwareTokenMfaSettingsType (Maybe Bool)
- data StringAttributeConstraintsType = StringAttributeConstraintsType' {}
- newStringAttributeConstraintsType :: StringAttributeConstraintsType
- stringAttributeConstraintsType_maxLength :: Lens' StringAttributeConstraintsType (Maybe Text)
- stringAttributeConstraintsType_minLength :: Lens' StringAttributeConstraintsType (Maybe Text)
- data TokenValidityUnitsType = TokenValidityUnitsType' {}
- newTokenValidityUnitsType :: TokenValidityUnitsType
- tokenValidityUnitsType_accessToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType)
- tokenValidityUnitsType_idToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType)
- tokenValidityUnitsType_refreshToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType)
- data UICustomizationType = UICustomizationType' {}
- newUICustomizationType :: UICustomizationType
- uICustomizationType_css :: Lens' UICustomizationType (Maybe Text)
- uICustomizationType_cSSVersion :: Lens' UICustomizationType (Maybe Text)
- uICustomizationType_clientId :: Lens' UICustomizationType (Maybe Text)
- uICustomizationType_creationDate :: Lens' UICustomizationType (Maybe UTCTime)
- uICustomizationType_imageUrl :: Lens' UICustomizationType (Maybe Text)
- uICustomizationType_lastModifiedDate :: Lens' UICustomizationType (Maybe UTCTime)
- uICustomizationType_userPoolId :: Lens' UICustomizationType (Maybe Text)
- data UserAttributeUpdateSettingsType = UserAttributeUpdateSettingsType' {}
- newUserAttributeUpdateSettingsType :: UserAttributeUpdateSettingsType
- userAttributeUpdateSettingsType_attributesRequireVerificationBeforeUpdate :: Lens' UserAttributeUpdateSettingsType (Maybe [VerifiedAttributeType])
- data UserContextDataType = UserContextDataType' {}
- newUserContextDataType :: UserContextDataType
- userContextDataType_encodedData :: Lens' UserContextDataType (Maybe Text)
- userContextDataType_ipAddress :: Lens' UserContextDataType (Maybe Text)
- data UserImportJobType = UserImportJobType' {
- cloudWatchLogsRoleArn :: Maybe Text
- completionDate :: Maybe POSIX
- completionMessage :: Maybe Text
- creationDate :: Maybe POSIX
- failedUsers :: Maybe Integer
- importedUsers :: Maybe Integer
- jobId :: Maybe Text
- jobName :: Maybe Text
- preSignedUrl :: Maybe Text
- skippedUsers :: Maybe Integer
- startDate :: Maybe POSIX
- status :: Maybe UserImportJobStatusType
- userPoolId :: Maybe Text
- newUserImportJobType :: UserImportJobType
- userImportJobType_cloudWatchLogsRoleArn :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_completionDate :: Lens' UserImportJobType (Maybe UTCTime)
- userImportJobType_completionMessage :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_creationDate :: Lens' UserImportJobType (Maybe UTCTime)
- userImportJobType_failedUsers :: Lens' UserImportJobType (Maybe Integer)
- userImportJobType_importedUsers :: Lens' UserImportJobType (Maybe Integer)
- userImportJobType_jobId :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_jobName :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_preSignedUrl :: Lens' UserImportJobType (Maybe Text)
- userImportJobType_skippedUsers :: Lens' UserImportJobType (Maybe Integer)
- userImportJobType_startDate :: Lens' UserImportJobType (Maybe UTCTime)
- userImportJobType_status :: Lens' UserImportJobType (Maybe UserImportJobStatusType)
- userImportJobType_userPoolId :: Lens' UserImportJobType (Maybe Text)
- data UserPoolAddOnsType = UserPoolAddOnsType' {}
- newUserPoolAddOnsType :: AdvancedSecurityModeType -> UserPoolAddOnsType
- userPoolAddOnsType_advancedSecurityMode :: Lens' UserPoolAddOnsType AdvancedSecurityModeType
- data UserPoolClientDescription = UserPoolClientDescription' {
- clientId :: Maybe (Sensitive Text)
- clientName :: Maybe Text
- userPoolId :: Maybe Text
- newUserPoolClientDescription :: UserPoolClientDescription
- userPoolClientDescription_clientId :: Lens' UserPoolClientDescription (Maybe Text)
- userPoolClientDescription_clientName :: Lens' UserPoolClientDescription (Maybe Text)
- userPoolClientDescription_userPoolId :: Lens' UserPoolClientDescription (Maybe Text)
- data UserPoolClientType = UserPoolClientType' {
- accessTokenValidity :: Maybe Natural
- allowedOAuthFlows :: Maybe [OAuthFlowType]
- allowedOAuthFlowsUserPoolClient :: Maybe Bool
- allowedOAuthScopes :: Maybe [Text]
- analyticsConfiguration :: Maybe AnalyticsConfigurationType
- authSessionValidity :: Maybe Natural
- callbackURLs :: Maybe [Text]
- clientId :: Maybe (Sensitive Text)
- clientName :: Maybe Text
- clientSecret :: Maybe (Sensitive Text)
- creationDate :: Maybe POSIX
- defaultRedirectURI :: Maybe Text
- enablePropagateAdditionalUserContextData :: Maybe Bool
- enableTokenRevocation :: Maybe Bool
- explicitAuthFlows :: Maybe [ExplicitAuthFlowsType]
- idTokenValidity :: Maybe Natural
- lastModifiedDate :: Maybe POSIX
- logoutURLs :: Maybe [Text]
- preventUserExistenceErrors :: Maybe PreventUserExistenceErrorTypes
- readAttributes :: Maybe [Text]
- refreshTokenValidity :: Maybe Natural
- supportedIdentityProviders :: Maybe [Text]
- tokenValidityUnits :: Maybe TokenValidityUnitsType
- userPoolId :: Maybe Text
- writeAttributes :: Maybe [Text]
- newUserPoolClientType :: UserPoolClientType
- userPoolClientType_accessTokenValidity :: Lens' UserPoolClientType (Maybe Natural)
- userPoolClientType_allowedOAuthFlows :: Lens' UserPoolClientType (Maybe [OAuthFlowType])
- userPoolClientType_allowedOAuthFlowsUserPoolClient :: Lens' UserPoolClientType (Maybe Bool)
- userPoolClientType_allowedOAuthScopes :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_analyticsConfiguration :: Lens' UserPoolClientType (Maybe AnalyticsConfigurationType)
- userPoolClientType_authSessionValidity :: Lens' UserPoolClientType (Maybe Natural)
- userPoolClientType_callbackURLs :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_clientId :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_clientName :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_clientSecret :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_creationDate :: Lens' UserPoolClientType (Maybe UTCTime)
- userPoolClientType_defaultRedirectURI :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_enablePropagateAdditionalUserContextData :: Lens' UserPoolClientType (Maybe Bool)
- userPoolClientType_enableTokenRevocation :: Lens' UserPoolClientType (Maybe Bool)
- userPoolClientType_explicitAuthFlows :: Lens' UserPoolClientType (Maybe [ExplicitAuthFlowsType])
- userPoolClientType_idTokenValidity :: Lens' UserPoolClientType (Maybe Natural)
- userPoolClientType_lastModifiedDate :: Lens' UserPoolClientType (Maybe UTCTime)
- userPoolClientType_logoutURLs :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_preventUserExistenceErrors :: Lens' UserPoolClientType (Maybe PreventUserExistenceErrorTypes)
- userPoolClientType_readAttributes :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_refreshTokenValidity :: Lens' UserPoolClientType (Maybe Natural)
- userPoolClientType_supportedIdentityProviders :: Lens' UserPoolClientType (Maybe [Text])
- userPoolClientType_tokenValidityUnits :: Lens' UserPoolClientType (Maybe TokenValidityUnitsType)
- userPoolClientType_userPoolId :: Lens' UserPoolClientType (Maybe Text)
- userPoolClientType_writeAttributes :: Lens' UserPoolClientType (Maybe [Text])
- data UserPoolDescriptionType = UserPoolDescriptionType' {}
- newUserPoolDescriptionType :: UserPoolDescriptionType
- userPoolDescriptionType_creationDate :: Lens' UserPoolDescriptionType (Maybe UTCTime)
- userPoolDescriptionType_id :: Lens' UserPoolDescriptionType (Maybe Text)
- userPoolDescriptionType_lambdaConfig :: Lens' UserPoolDescriptionType (Maybe LambdaConfigType)
- userPoolDescriptionType_lastModifiedDate :: Lens' UserPoolDescriptionType (Maybe UTCTime)
- userPoolDescriptionType_name :: Lens' UserPoolDescriptionType (Maybe Text)
- userPoolDescriptionType_status :: Lens' UserPoolDescriptionType (Maybe StatusType)
- data UserPoolPolicyType = UserPoolPolicyType' {}
- newUserPoolPolicyType :: UserPoolPolicyType
- userPoolPolicyType_passwordPolicy :: Lens' UserPoolPolicyType (Maybe PasswordPolicyType)
- data UserPoolType = UserPoolType' {
- accountRecoverySetting :: Maybe AccountRecoverySettingType
- adminCreateUserConfig :: Maybe AdminCreateUserConfigType
- aliasAttributes :: Maybe [AliasAttributeType]
- arn :: Maybe Text
- autoVerifiedAttributes :: Maybe [VerifiedAttributeType]
- creationDate :: Maybe POSIX
- customDomain :: Maybe Text
- deletionProtection :: Maybe DeletionProtectionType
- deviceConfiguration :: Maybe DeviceConfigurationType
- domain :: Maybe Text
- emailConfiguration :: Maybe EmailConfigurationType
- emailConfigurationFailure :: Maybe Text
- emailVerificationMessage :: Maybe Text
- emailVerificationSubject :: Maybe Text
- estimatedNumberOfUsers :: Maybe Int
- id :: Maybe Text
- lambdaConfig :: Maybe LambdaConfigType
- lastModifiedDate :: Maybe POSIX
- mfaConfiguration :: Maybe UserPoolMfaType
- name :: Maybe Text
- policies :: Maybe UserPoolPolicyType
- schemaAttributes :: Maybe (NonEmpty SchemaAttributeType)
- smsAuthenticationMessage :: Maybe Text
- smsConfiguration :: Maybe SmsConfigurationType
- smsConfigurationFailure :: Maybe Text
- smsVerificationMessage :: Maybe Text
- status :: Maybe StatusType
- userAttributeUpdateSettings :: Maybe UserAttributeUpdateSettingsType
- userPoolAddOns :: Maybe UserPoolAddOnsType
- userPoolTags :: Maybe (HashMap Text Text)
- usernameAttributes :: Maybe [UsernameAttributeType]
- usernameConfiguration :: Maybe UsernameConfigurationType
- verificationMessageTemplate :: Maybe VerificationMessageTemplateType
- newUserPoolType :: UserPoolType
- userPoolType_accountRecoverySetting :: Lens' UserPoolType (Maybe AccountRecoverySettingType)
- userPoolType_adminCreateUserConfig :: Lens' UserPoolType (Maybe AdminCreateUserConfigType)
- userPoolType_aliasAttributes :: Lens' UserPoolType (Maybe [AliasAttributeType])
- userPoolType_arn :: Lens' UserPoolType (Maybe Text)
- userPoolType_autoVerifiedAttributes :: Lens' UserPoolType (Maybe [VerifiedAttributeType])
- userPoolType_creationDate :: Lens' UserPoolType (Maybe UTCTime)
- userPoolType_customDomain :: Lens' UserPoolType (Maybe Text)
- userPoolType_deletionProtection :: Lens' UserPoolType (Maybe DeletionProtectionType)
- userPoolType_deviceConfiguration :: Lens' UserPoolType (Maybe DeviceConfigurationType)
- userPoolType_domain :: Lens' UserPoolType (Maybe Text)
- userPoolType_emailConfiguration :: Lens' UserPoolType (Maybe EmailConfigurationType)
- userPoolType_emailConfigurationFailure :: Lens' UserPoolType (Maybe Text)
- userPoolType_emailVerificationMessage :: Lens' UserPoolType (Maybe Text)
- userPoolType_emailVerificationSubject :: Lens' UserPoolType (Maybe Text)
- userPoolType_estimatedNumberOfUsers :: Lens' UserPoolType (Maybe Int)
- userPoolType_id :: Lens' UserPoolType (Maybe Text)
- userPoolType_lambdaConfig :: Lens' UserPoolType (Maybe LambdaConfigType)
- userPoolType_lastModifiedDate :: Lens' UserPoolType (Maybe UTCTime)
- userPoolType_mfaConfiguration :: Lens' UserPoolType (Maybe UserPoolMfaType)
- userPoolType_name :: Lens' UserPoolType (Maybe Text)
- userPoolType_policies :: Lens' UserPoolType (Maybe UserPoolPolicyType)
- userPoolType_schemaAttributes :: Lens' UserPoolType (Maybe (NonEmpty SchemaAttributeType))
- userPoolType_smsAuthenticationMessage :: Lens' UserPoolType (Maybe Text)
- userPoolType_smsConfiguration :: Lens' UserPoolType (Maybe SmsConfigurationType)
- userPoolType_smsConfigurationFailure :: Lens' UserPoolType (Maybe Text)
- userPoolType_smsVerificationMessage :: Lens' UserPoolType (Maybe Text)
- userPoolType_status :: Lens' UserPoolType (Maybe StatusType)
- userPoolType_userAttributeUpdateSettings :: Lens' UserPoolType (Maybe UserAttributeUpdateSettingsType)
- userPoolType_userPoolAddOns :: Lens' UserPoolType (Maybe UserPoolAddOnsType)
- userPoolType_userPoolTags :: Lens' UserPoolType (Maybe (HashMap Text Text))
- userPoolType_usernameAttributes :: Lens' UserPoolType (Maybe [UsernameAttributeType])
- userPoolType_usernameConfiguration :: Lens' UserPoolType (Maybe UsernameConfigurationType)
- userPoolType_verificationMessageTemplate :: Lens' UserPoolType (Maybe VerificationMessageTemplateType)
- data UserType = UserType' {}
- newUserType :: UserType
- userType_attributes :: Lens' UserType (Maybe [AttributeType])
- userType_enabled :: Lens' UserType (Maybe Bool)
- userType_mfaOptions :: Lens' UserType (Maybe [MFAOptionType])
- userType_userCreateDate :: Lens' UserType (Maybe UTCTime)
- userType_userLastModifiedDate :: Lens' UserType (Maybe UTCTime)
- userType_userStatus :: Lens' UserType (Maybe UserStatusType)
- userType_username :: Lens' UserType (Maybe Text)
- data UsernameConfigurationType = UsernameConfigurationType' {}
- newUsernameConfigurationType :: Bool -> UsernameConfigurationType
- usernameConfigurationType_caseSensitive :: Lens' UsernameConfigurationType Bool
- data VerificationMessageTemplateType = VerificationMessageTemplateType' {}
- newVerificationMessageTemplateType :: VerificationMessageTemplateType
- verificationMessageTemplateType_defaultEmailOption :: Lens' VerificationMessageTemplateType (Maybe DefaultEmailOptionType)
- verificationMessageTemplateType_emailMessage :: Lens' VerificationMessageTemplateType (Maybe Text)
- verificationMessageTemplateType_emailMessageByLink :: Lens' VerificationMessageTemplateType (Maybe Text)
- verificationMessageTemplateType_emailSubject :: Lens' VerificationMessageTemplateType (Maybe Text)
- verificationMessageTemplateType_emailSubjectByLink :: Lens' VerificationMessageTemplateType (Maybe Text)
- verificationMessageTemplateType_smsMessage :: Lens' VerificationMessageTemplateType (Maybe Text)
Service Configuration
defaultService :: Service Source #
API version 2016-04-18
of the Amazon Cognito Identity Provider SDK configuration.
Errors
_AliasExistsException :: AsError a => Fold a ServiceError Source #
This exception is thrown when a user tries to confirm the account with an email address or phone number that has already been supplied as an alias for a different user profile. This exception indicates that an account with this email address or phone already exists in a user pool that you've configured to use email address or phone number as a sign-in alias.
_CodeDeliveryFailureException :: AsError a => Fold a ServiceError Source #
This exception is thrown when a verification code fails to deliver successfully.
_CodeMismatchException :: AsError a => Fold a ServiceError Source #
This exception is thrown if the provided code doesn't match what the server was expecting.
_ConcurrentModificationException :: AsError a => Fold a ServiceError Source #
This exception is thrown if two or more modifications are happening concurrently.
_DuplicateProviderException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the provider is already supported by the user pool.
_EnableSoftwareTokenMFAException :: AsError a => Fold a ServiceError Source #
This exception is thrown when there is a code mismatch and the service fails to configure the software token TOTP multi-factor authentication (MFA).
_ExpiredCodeException :: AsError a => Fold a ServiceError Source #
This exception is thrown if a code has expired.
_ForbiddenException :: AsError a => Fold a ServiceError Source #
This exception is thrown when WAF doesn't allow your request based on a web ACL that's associated with your user pool.
_GroupExistsException :: AsError a => Fold a ServiceError Source #
This exception is thrown when Amazon Cognito encounters a group that already exists in the user pool.
_InternalErrorException :: AsError a => Fold a ServiceError Source #
This exception is thrown when Amazon Cognito encounters an internal error.
_InvalidEmailRoleAccessPolicyException :: AsError a => Fold a ServiceError Source #
This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: 400.
_InvalidLambdaResponseException :: AsError a => Fold a ServiceError Source #
This exception is thrown when Amazon Cognito encounters an invalid Lambda response.
_InvalidOAuthFlowException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the specified OAuth flow is not valid.
_InvalidParameterException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
_InvalidPasswordException :: AsError a => Fold a ServiceError Source #
This exception is thrown when Amazon Cognito encounters an invalid password.
_InvalidSmsRoleAccessPolicyException :: AsError a => Fold a ServiceError Source #
This exception is returned when the role provided for SMS configuration doesn't have permission to publish using Amazon SNS.
_InvalidSmsRoleTrustRelationshipException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the trust relationship is not valid for
the role provided for SMS configuration. This can happen if you don't
trust cognito-idp.amazonaws.com
or the external ID provided in the
role does not match what is provided in the SMS configuration for the
user pool.
_InvalidUserPoolConfigurationException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the user pool configuration is not valid.
_LimitExceededException :: AsError a => Fold a ServiceError Source #
This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource.
_MFAMethodNotFoundException :: AsError a => Fold a ServiceError Source #
This exception is thrown when Amazon Cognito can't find a multi-factor authentication (MFA) method.
_NotAuthorizedException :: AsError a => Fold a ServiceError Source #
This exception is thrown when a user isn't authorized.
_PasswordResetRequiredException :: AsError a => Fold a ServiceError Source #
This exception is thrown when a password reset is required.
_PreconditionNotMetException :: AsError a => Fold a ServiceError Source #
This exception is thrown when a precondition is not met.
_ResourceNotFoundException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the Amazon Cognito service can't find the requested resource.
_ScopeDoesNotExistException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the specified scope doesn't exist.
_SoftwareTokenMFANotFoundException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the software token time-based one-time password (TOTP) multi-factor authentication (MFA) isn't activated for the user pool.
_TooManyFailedAttemptsException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the user has made too many failed attempts for a given action, such as sign-in.
_TooManyRequestsException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the user has made too many requests for a given operation.
_UnauthorizedException :: AsError a => Fold a ServiceError Source #
Exception that is thrown when the request isn't authorized. This can happen due to an invalid access token in the request.
_UnexpectedLambdaException :: AsError a => Fold a ServiceError Source #
This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda.
_UnsupportedIdentityProviderException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the specified identifier isn't supported.
_UnsupportedOperationException :: AsError a => Fold a ServiceError Source #
Exception that is thrown when you attempt to perform an operation that isn't enabled for the user pool client.
_UnsupportedTokenTypeException :: AsError a => Fold a ServiceError Source #
Exception that is thrown when an unsupported token is passed to an operation.
_UnsupportedUserStateException :: AsError a => Fold a ServiceError Source #
The request failed because the user is in an unsupported state.
_UserImportInProgressException :: AsError a => Fold a ServiceError Source #
This exception is thrown when you're trying to modify a user pool while a user import job is in progress for that pool.
_UserLambdaValidationException :: AsError a => Fold a ServiceError Source #
This exception is thrown when the Amazon Cognito service encounters a user validation exception with the Lambda service.
_UserNotConfirmedException :: AsError a => Fold a ServiceError Source #
This exception is thrown when a user isn't confirmed successfully.
_UserNotFoundException :: AsError a => Fold a ServiceError Source #
This exception is thrown when a user isn't found.
_UserPoolAddOnNotEnabledException :: AsError a => Fold a ServiceError Source #
This exception is thrown when user pool add-ons aren't enabled.
_UserPoolTaggingException :: AsError a => Fold a ServiceError Source #
This exception is thrown when a user pool tag can't be set or updated.
_UsernameExistsException :: AsError a => Fold a ServiceError Source #
This exception is thrown when Amazon Cognito encounters a user name that already exists in the user pool.
AccountTakeoverEventActionType
newtype AccountTakeoverEventActionType Source #
Instances
AdvancedSecurityModeType
newtype AdvancedSecurityModeType Source #
Instances
AliasAttributeType
newtype AliasAttributeType Source #
pattern AliasAttributeType_Email :: AliasAttributeType | |
pattern AliasAttributeType_Phone_number :: AliasAttributeType | |
pattern AliasAttributeType_Preferred_username :: AliasAttributeType |
Instances
AttributeDataType
newtype AttributeDataType Source #
pattern AttributeDataType_Boolean :: AttributeDataType | |
pattern AttributeDataType_DateTime :: AttributeDataType | |
pattern AttributeDataType_Number :: AttributeDataType | |
pattern AttributeDataType_String :: AttributeDataType |
Instances
AuthFlowType
newtype AuthFlowType Source #
pattern AuthFlowType_ADMIN_NO_SRP_AUTH :: AuthFlowType | |
pattern AuthFlowType_ADMIN_USER_PASSWORD_AUTH :: AuthFlowType | |
pattern AuthFlowType_CUSTOM_AUTH :: AuthFlowType | |
pattern AuthFlowType_REFRESH_TOKEN :: AuthFlowType | |
pattern AuthFlowType_REFRESH_TOKEN_AUTH :: AuthFlowType | |
pattern AuthFlowType_USER_PASSWORD_AUTH :: AuthFlowType | |
pattern AuthFlowType_USER_SRP_AUTH :: AuthFlowType |
Instances
ChallengeName
newtype ChallengeName Source #
pattern ChallengeName_Mfa :: ChallengeName | |
pattern ChallengeName_Password :: ChallengeName |
Instances
ChallengeNameType
newtype ChallengeNameType Source #
pattern ChallengeNameType_ADMIN_NO_SRP_AUTH :: ChallengeNameType | |
pattern ChallengeNameType_CUSTOM_CHALLENGE :: ChallengeNameType | |
pattern ChallengeNameType_DEVICE_PASSWORD_VERIFIER :: ChallengeNameType | |
pattern ChallengeNameType_DEVICE_SRP_AUTH :: ChallengeNameType | |
pattern ChallengeNameType_MFA_SETUP :: ChallengeNameType | |
pattern ChallengeNameType_NEW_PASSWORD_REQUIRED :: ChallengeNameType | |
pattern ChallengeNameType_PASSWORD_VERIFIER :: ChallengeNameType | |
pattern ChallengeNameType_SELECT_MFA_TYPE :: ChallengeNameType | |
pattern ChallengeNameType_SMS_MFA :: ChallengeNameType | |
pattern ChallengeNameType_SOFTWARE_TOKEN_MFA :: ChallengeNameType |
Instances
ChallengeResponse
newtype ChallengeResponse Source #
pattern ChallengeResponse_Failure :: ChallengeResponse | |
pattern ChallengeResponse_Success :: ChallengeResponse |
Instances
CompromisedCredentialsEventActionType
newtype CompromisedCredentialsEventActionType Source #
pattern CompromisedCredentialsEventActionType_BLOCK :: CompromisedCredentialsEventActionType | |
pattern CompromisedCredentialsEventActionType_NO_ACTION :: CompromisedCredentialsEventActionType |
Instances
CustomEmailSenderLambdaVersionType
newtype CustomEmailSenderLambdaVersionType Source #
Instances
CustomSMSSenderLambdaVersionType
newtype CustomSMSSenderLambdaVersionType Source #
Instances
DefaultEmailOptionType
newtype DefaultEmailOptionType Source #
pattern DefaultEmailOptionType_CONFIRM_WITH_CODE :: DefaultEmailOptionType | |
pattern DefaultEmailOptionType_CONFIRM_WITH_LINK :: DefaultEmailOptionType |
Instances
DeletionProtectionType
newtype DeletionProtectionType Source #
pattern DeletionProtectionType_ACTIVE :: DeletionProtectionType | |
pattern DeletionProtectionType_INACTIVE :: DeletionProtectionType |
Instances
DeliveryMediumType
newtype DeliveryMediumType Source #
pattern DeliveryMediumType_EMAIL :: DeliveryMediumType | |
pattern DeliveryMediumType_SMS :: DeliveryMediumType |
Instances
DeviceRememberedStatusType
newtype DeviceRememberedStatusType Source #
pattern DeviceRememberedStatusType_Not_remembered :: DeviceRememberedStatusType | |
pattern DeviceRememberedStatusType_Remembered :: DeviceRememberedStatusType |
Instances
DomainStatusType
newtype DomainStatusType Source #
pattern DomainStatusType_ACTIVE :: DomainStatusType | |
pattern DomainStatusType_CREATING :: DomainStatusType | |
pattern DomainStatusType_DELETING :: DomainStatusType | |
pattern DomainStatusType_FAILED :: DomainStatusType | |
pattern DomainStatusType_UPDATING :: DomainStatusType |
Instances
EmailSendingAccountType
newtype EmailSendingAccountType Source #
pattern EmailSendingAccountType_COGNITO_DEFAULT :: EmailSendingAccountType | |
pattern EmailSendingAccountType_DEVELOPER :: EmailSendingAccountType |
Instances
EventFilterType
newtype EventFilterType Source #
pattern EventFilterType_PASSWORD_CHANGE :: EventFilterType | |
pattern EventFilterType_SIGN_IN :: EventFilterType | |
pattern EventFilterType_SIGN_UP :: EventFilterType |
Instances
EventResponseType
newtype EventResponseType Source #
pattern EventResponseType_Fail :: EventResponseType | |
pattern EventResponseType_InProgress :: EventResponseType | |
pattern EventResponseType_Pass :: EventResponseType |
Instances
EventType
pattern EventType_ForgotPassword :: EventType | |
pattern EventType_PasswordChange :: EventType | |
pattern EventType_ResendCode :: EventType | |
pattern EventType_SignIn :: EventType | |
pattern EventType_SignUp :: EventType |
Instances
ExplicitAuthFlowsType
newtype ExplicitAuthFlowsType Source #
Instances
FeedbackValueType
newtype FeedbackValueType Source #
pattern FeedbackValueType_Invalid :: FeedbackValueType | |
pattern FeedbackValueType_Valid :: FeedbackValueType |
Instances
IdentityProviderTypeType
newtype IdentityProviderTypeType Source #
Instances
MessageActionType
newtype MessageActionType Source #
pattern MessageActionType_RESEND :: MessageActionType | |
pattern MessageActionType_SUPPRESS :: MessageActionType |
Instances
OAuthFlowType
newtype OAuthFlowType Source #
pattern OAuthFlowType_Client_credentials :: OAuthFlowType | |
pattern OAuthFlowType_Code :: OAuthFlowType | |
pattern OAuthFlowType_Implicit :: OAuthFlowType |
Instances
PreventUserExistenceErrorTypes
newtype PreventUserExistenceErrorTypes Source #
pattern PreventUserExistenceErrorTypes_ENABLED :: PreventUserExistenceErrorTypes | |
pattern PreventUserExistenceErrorTypes_LEGACY :: PreventUserExistenceErrorTypes |
Instances
RecoveryOptionNameType
newtype RecoveryOptionNameType Source #
Instances
RiskDecisionType
newtype RiskDecisionType Source #
pattern RiskDecisionType_AccountTakeover :: RiskDecisionType | |
pattern RiskDecisionType_Block :: RiskDecisionType | |
pattern RiskDecisionType_NoRisk :: RiskDecisionType |
Instances
RiskLevelType
newtype RiskLevelType Source #
pattern RiskLevelType_High :: RiskLevelType | |
pattern RiskLevelType_Low :: RiskLevelType | |
pattern RiskLevelType_Medium :: RiskLevelType |
Instances
StatusType
newtype StatusType Source #
pattern StatusType_Disabled :: StatusType | |
pattern StatusType_Enabled :: StatusType |
Instances
TimeUnitsType
newtype TimeUnitsType Source #
pattern TimeUnitsType_Days :: TimeUnitsType | |
pattern TimeUnitsType_Hours :: TimeUnitsType | |
pattern TimeUnitsType_Minutes :: TimeUnitsType | |
pattern TimeUnitsType_Seconds :: TimeUnitsType |
Instances
UserImportJobStatusType
newtype UserImportJobStatusType Source #
Instances
UserPoolMfaType
newtype UserPoolMfaType Source #
pattern UserPoolMfaType_OFF :: UserPoolMfaType | |
pattern UserPoolMfaType_ON :: UserPoolMfaType | |
pattern UserPoolMfaType_OPTIONAL :: UserPoolMfaType |
Instances
UserStatusType
newtype UserStatusType Source #
pattern UserStatusType_ARCHIVED :: UserStatusType | |
pattern UserStatusType_COMPROMISED :: UserStatusType | |
pattern UserStatusType_CONFIRMED :: UserStatusType | |
pattern UserStatusType_FORCE_CHANGE_PASSWORD :: UserStatusType | |
pattern UserStatusType_RESET_REQUIRED :: UserStatusType | |
pattern UserStatusType_UNCONFIRMED :: UserStatusType | |
pattern UserStatusType_UNKNOWN :: UserStatusType |
Instances
UsernameAttributeType
newtype UsernameAttributeType Source #
pattern UsernameAttributeType_Email :: UsernameAttributeType | |
pattern UsernameAttributeType_Phone_number :: UsernameAttributeType |
Instances
VerifiedAttributeType
newtype VerifiedAttributeType Source #
pattern VerifiedAttributeType_Email :: VerifiedAttributeType | |
pattern VerifiedAttributeType_Phone_number :: VerifiedAttributeType |
Instances
VerifySoftwareTokenResponseType
newtype VerifySoftwareTokenResponseType Source #
pattern VerifySoftwareTokenResponseType_ERROR :: VerifySoftwareTokenResponseType | |
pattern VerifySoftwareTokenResponseType_SUCCESS :: VerifySoftwareTokenResponseType |
Instances
AccountRecoverySettingType
data AccountRecoverySettingType Source #
The data type for AccountRecoverySetting
.
See: newAccountRecoverySettingType
smart constructor.
AccountRecoverySettingType' | |
|
Instances
FromJSON AccountRecoverySettingType Source # | |
ToJSON AccountRecoverySettingType Source # | |
Generic AccountRecoverySettingType Source # | |
Read AccountRecoverySettingType Source # | |
Show AccountRecoverySettingType Source # | |
NFData AccountRecoverySettingType Source # | |
Eq AccountRecoverySettingType Source # | |
Hashable AccountRecoverySettingType Source # | |
type Rep AccountRecoverySettingType Source # | |
Defined in Amazonka.CognitoIdentityProvider.Types.AccountRecoverySettingType type Rep AccountRecoverySettingType = D1 ('MetaData "AccountRecoverySettingType" "Amazonka.CognitoIdentityProvider.Types.AccountRecoverySettingType" "amazonka-cognito-idp-2.0-D1ERgMvEVPG9z8cOLXdU2" 'False) (C1 ('MetaCons "AccountRecoverySettingType'" 'PrefixI 'True) (S1 ('MetaSel ('Just "recoveryMechanisms") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (NonEmpty RecoveryOptionType))))) |
newAccountRecoverySettingType :: AccountRecoverySettingType Source #
Create a value of AccountRecoverySettingType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:recoveryMechanisms:AccountRecoverySettingType'
, accountRecoverySettingType_recoveryMechanisms
- The list of RecoveryOptionTypes
.
accountRecoverySettingType_recoveryMechanisms :: Lens' AccountRecoverySettingType (Maybe (NonEmpty RecoveryOptionType)) Source #
The list of RecoveryOptionTypes
.
AccountTakeoverActionType
data AccountTakeoverActionType Source #
Account takeover action type.
See: newAccountTakeoverActionType
smart constructor.
AccountTakeoverActionType' | |
|
Instances
FromJSON AccountTakeoverActionType Source # | |
ToJSON AccountTakeoverActionType Source # | |
Generic AccountTakeoverActionType Source # | |
Read AccountTakeoverActionType Source # | |
Show AccountTakeoverActionType Source # | |
NFData AccountTakeoverActionType Source # | |
Eq AccountTakeoverActionType Source # | |
Hashable AccountTakeoverActionType Source # | |
type Rep AccountTakeoverActionType Source # | |
Defined in Amazonka.CognitoIdentityProvider.Types.AccountTakeoverActionType type Rep AccountTakeoverActionType = D1 ('MetaData "AccountTakeoverActionType" "Amazonka.CognitoIdentityProvider.Types.AccountTakeoverActionType" "amazonka-cognito-idp-2.0-D1ERgMvEVPG9z8cOLXdU2" 'False) (C1 ('MetaCons "AccountTakeoverActionType'" 'PrefixI 'True) (S1 ('MetaSel ('Just "notify") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Bool) :*: S1 ('MetaSel ('Just "eventAction") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 AccountTakeoverEventActionType))) |
newAccountTakeoverActionType Source #
Create a value of AccountTakeoverActionType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:notify:AccountTakeoverActionType'
, accountTakeoverActionType_notify
- Flag specifying whether to send a notification.
$sel:eventAction:AccountTakeoverActionType'
, accountTakeoverActionType_eventAction
- The action to take in response to the account takeover action. Valid
values are as follows:
BLOCK
Choosing this action will block the request.MFA_IF_CONFIGURED
Present an MFA challenge if user has configured it, else allow the request.MFA_REQUIRED
Present an MFA challenge if user has configured it, else block the request.NO_ACTION
Allow the user to sign in.
accountTakeoverActionType_notify :: Lens' AccountTakeoverActionType Bool Source #
Flag specifying whether to send a notification.
accountTakeoverActionType_eventAction :: Lens' AccountTakeoverActionType AccountTakeoverEventActionType Source #
The action to take in response to the account takeover action. Valid values are as follows:
BLOCK
Choosing this action will block the request.MFA_IF_CONFIGURED
Present an MFA challenge if user has configured it, else allow the request.MFA_REQUIRED
Present an MFA challenge if user has configured it, else block the request.NO_ACTION
Allow the user to sign in.
AccountTakeoverActionsType
data AccountTakeoverActionsType Source #
Account takeover actions type.
See: newAccountTakeoverActionsType
smart constructor.
AccountTakeoverActionsType' | |
|
Instances
newAccountTakeoverActionsType :: AccountTakeoverActionsType Source #
Create a value of AccountTakeoverActionsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:highAction:AccountTakeoverActionsType'
, accountTakeoverActionsType_highAction
- Action to take for a high risk.
$sel:lowAction:AccountTakeoverActionsType'
, accountTakeoverActionsType_lowAction
- Action to take for a low risk.
$sel:mediumAction:AccountTakeoverActionsType'
, accountTakeoverActionsType_mediumAction
- Action to take for a medium risk.
accountTakeoverActionsType_highAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType) Source #
Action to take for a high risk.
accountTakeoverActionsType_lowAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType) Source #
Action to take for a low risk.
accountTakeoverActionsType_mediumAction :: Lens' AccountTakeoverActionsType (Maybe AccountTakeoverActionType) Source #
Action to take for a medium risk.
AccountTakeoverRiskConfigurationType
data AccountTakeoverRiskConfigurationType Source #
Configuration for mitigation actions and notification for different levels of risk detected for a potential account takeover.
See: newAccountTakeoverRiskConfigurationType
smart constructor.
AccountTakeoverRiskConfigurationType' | |
|
Instances
newAccountTakeoverRiskConfigurationType Source #
Create a value of AccountTakeoverRiskConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:notifyConfiguration:AccountTakeoverRiskConfigurationType'
, accountTakeoverRiskConfigurationType_notifyConfiguration
- The notify configuration used to construct email notifications.
$sel:actions:AccountTakeoverRiskConfigurationType'
, accountTakeoverRiskConfigurationType_actions
- Account takeover risk configuration actions.
accountTakeoverRiskConfigurationType_notifyConfiguration :: Lens' AccountTakeoverRiskConfigurationType (Maybe NotifyConfigurationType) Source #
The notify configuration used to construct email notifications.
accountTakeoverRiskConfigurationType_actions :: Lens' AccountTakeoverRiskConfigurationType AccountTakeoverActionsType Source #
Account takeover risk configuration actions.
AdminCreateUserConfigType
data AdminCreateUserConfigType Source #
The configuration for creating a new user profile.
See: newAdminCreateUserConfigType
smart constructor.
AdminCreateUserConfigType' | |
|
Instances
newAdminCreateUserConfigType :: AdminCreateUserConfigType Source #
Create a value of AdminCreateUserConfigType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:allowAdminCreateUserOnly:AdminCreateUserConfigType'
, adminCreateUserConfigType_allowAdminCreateUserOnly
- Set to True
if only the administrator is allowed to create user
profiles. Set to False
if users can sign themselves up via an app.
$sel:inviteMessageTemplate:AdminCreateUserConfigType'
, adminCreateUserConfigType_inviteMessageTemplate
- The message template to be used for the welcome message to new users.
See also Customizing User Invitation Messages.
$sel:unusedAccountValidityDays:AdminCreateUserConfigType'
, adminCreateUserConfigType_unusedAccountValidityDays
- The user account expiration limit, in days, after which a new account
that hasn't signed in is no longer usable. To reset the account after
that time limit, you must call AdminCreateUser
again, specifying
"RESEND"
for the MessageAction
parameter. The default value for
this parameter is 7.
If you set a value for TemporaryPasswordValidityDays
in
PasswordPolicy
, that value will be used, and
UnusedAccountValidityDays
will be no longer be an available parameter
for that user pool.
adminCreateUserConfigType_allowAdminCreateUserOnly :: Lens' AdminCreateUserConfigType (Maybe Bool) Source #
Set to True
if only the administrator is allowed to create user
profiles. Set to False
if users can sign themselves up via an app.
adminCreateUserConfigType_inviteMessageTemplate :: Lens' AdminCreateUserConfigType (Maybe MessageTemplateType) Source #
The message template to be used for the welcome message to new users.
See also Customizing User Invitation Messages.
adminCreateUserConfigType_unusedAccountValidityDays :: Lens' AdminCreateUserConfigType (Maybe Natural) Source #
The user account expiration limit, in days, after which a new account
that hasn't signed in is no longer usable. To reset the account after
that time limit, you must call AdminCreateUser
again, specifying
"RESEND"
for the MessageAction
parameter. The default value for
this parameter is 7.
If you set a value for TemporaryPasswordValidityDays
in
PasswordPolicy
, that value will be used, and
UnusedAccountValidityDays
will be no longer be an available parameter
for that user pool.
AnalyticsConfigurationType
data AnalyticsConfigurationType Source #
The Amazon Pinpoint analytics configuration necessary to collect metrics for a user pool.
In Regions where Amazon Pinpointisn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.
See: newAnalyticsConfigurationType
smart constructor.
AnalyticsConfigurationType' | |
|
Instances
newAnalyticsConfigurationType :: AnalyticsConfigurationType Source #
Create a value of AnalyticsConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:applicationArn:AnalyticsConfigurationType'
, analyticsConfigurationType_applicationArn
- The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can
use the Amazon Pinpoint project to integrate with the chosen user pool
Client. Amazon Cognito publishes events to the Amazon Pinpoint project
that the app ARN declares.
$sel:applicationId:AnalyticsConfigurationType'
, analyticsConfigurationType_applicationId
- The application ID for an Amazon Pinpoint application.
$sel:externalId:AnalyticsConfigurationType'
, analyticsConfigurationType_externalId
- The external ID.
$sel:roleArn:AnalyticsConfigurationType'
, analyticsConfigurationType_roleArn
- The ARN of an Identity and Access Management role that authorizes Amazon
Cognito to publish events to Amazon Pinpoint analytics.
$sel:userDataShared:AnalyticsConfigurationType'
, analyticsConfigurationType_userDataShared
- If UserDataShared
is true
, Amazon Cognito includes user data in the
events that it publishes to Amazon Pinpoint analytics.
analyticsConfigurationType_applicationArn :: Lens' AnalyticsConfigurationType (Maybe Text) Source #
The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use the Amazon Pinpoint project to integrate with the chosen user pool Client. Amazon Cognito publishes events to the Amazon Pinpoint project that the app ARN declares.
analyticsConfigurationType_applicationId :: Lens' AnalyticsConfigurationType (Maybe Text) Source #
The application ID for an Amazon Pinpoint application.
analyticsConfigurationType_externalId :: Lens' AnalyticsConfigurationType (Maybe Text) Source #
The external ID.
analyticsConfigurationType_roleArn :: Lens' AnalyticsConfigurationType (Maybe Text) Source #
The ARN of an Identity and Access Management role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics.
analyticsConfigurationType_userDataShared :: Lens' AnalyticsConfigurationType (Maybe Bool) Source #
If UserDataShared
is true
, Amazon Cognito includes user data in the
events that it publishes to Amazon Pinpoint analytics.
AnalyticsMetadataType
data AnalyticsMetadataType Source #
An Amazon Pinpoint analytics endpoint.
An endpoint uniquely identifies a mobile device, email address, or phone number that can receive messages from Amazon Pinpoint analytics. For more information about Amazon Web Services Regions that can contain Amazon Pinpoint resources for use with Amazon Cognito user pools, see Using Amazon Pinpoint analytics with Amazon Cognito user pools.
See: newAnalyticsMetadataType
smart constructor.
AnalyticsMetadataType' | |
|
Instances
newAnalyticsMetadataType :: AnalyticsMetadataType Source #
Create a value of AnalyticsMetadataType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:analyticsEndpointId:AnalyticsMetadataType'
, analyticsMetadataType_analyticsEndpointId
- The endpoint ID.
analyticsMetadataType_analyticsEndpointId :: Lens' AnalyticsMetadataType (Maybe Text) Source #
The endpoint ID.
AttributeType
data AttributeType Source #
Specifies whether the attribute is standard or custom.
See: newAttributeType
smart constructor.
Instances
Create a value of AttributeType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:value:AttributeType'
, attributeType_value
- The value of the attribute.
$sel:name:AttributeType'
, attributeType_name
- The name of the attribute.
attributeType_value :: Lens' AttributeType (Maybe Text) Source #
The value of the attribute.
attributeType_name :: Lens' AttributeType Text Source #
The name of the attribute.
AuthEventType
data AuthEventType Source #
The authentication event type.
See: newAuthEventType
smart constructor.
AuthEventType' | |
|
Instances
newAuthEventType :: AuthEventType Source #
Create a value of AuthEventType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:challengeResponses:AuthEventType'
, authEventType_challengeResponses
- The challenge responses.
$sel:creationDate:AuthEventType'
, authEventType_creationDate
- The creation date
$sel:eventContextData:AuthEventType'
, authEventType_eventContextData
- The user context data captured at the time of an event request. This
value provides additional information about the client from which event
the request is received.
$sel:eventFeedback:AuthEventType'
, authEventType_eventFeedback
- A flag specifying the user feedback captured at the time of an event
request is good or bad.
$sel:eventId:AuthEventType'
, authEventType_eventId
- The event ID.
$sel:eventResponse:AuthEventType'
, authEventType_eventResponse
- The event response.
$sel:eventRisk:AuthEventType'
, authEventType_eventRisk
- The event risk.
$sel:eventType:AuthEventType'
, authEventType_eventType
- The event type.
authEventType_challengeResponses :: Lens' AuthEventType (Maybe [ChallengeResponseType]) Source #
The challenge responses.
authEventType_creationDate :: Lens' AuthEventType (Maybe UTCTime) Source #
The creation date
authEventType_eventContextData :: Lens' AuthEventType (Maybe EventContextDataType) Source #
The user context data captured at the time of an event request. This value provides additional information about the client from which event the request is received.
authEventType_eventFeedback :: Lens' AuthEventType (Maybe EventFeedbackType) Source #
A flag specifying the user feedback captured at the time of an event request is good or bad.
authEventType_eventId :: Lens' AuthEventType (Maybe Text) Source #
The event ID.
authEventType_eventResponse :: Lens' AuthEventType (Maybe EventResponseType) Source #
The event response.
authEventType_eventRisk :: Lens' AuthEventType (Maybe EventRiskType) Source #
The event risk.
authEventType_eventType :: Lens' AuthEventType (Maybe EventType) Source #
The event type.
AuthenticationResultType
data AuthenticationResultType Source #
The authentication result.
See: newAuthenticationResultType
smart constructor.
AuthenticationResultType' | |
|
Instances
newAuthenticationResultType :: AuthenticationResultType Source #
Create a value of AuthenticationResultType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accessToken:AuthenticationResultType'
, authenticationResultType_accessToken
- A valid access token that Amazon Cognito issued to the user who you want
to authenticate.
$sel:expiresIn:AuthenticationResultType'
, authenticationResultType_expiresIn
- The expiration period of the authentication result in seconds.
$sel:idToken:AuthenticationResultType'
, authenticationResultType_idToken
- The ID token.
$sel:newDeviceMetadata':AuthenticationResultType'
, authenticationResultType_newDeviceMetadata
- The new device metadata from an authentication result.
$sel:refreshToken:AuthenticationResultType'
, authenticationResultType_refreshToken
- The refresh token.
$sel:tokenType:AuthenticationResultType'
, authenticationResultType_tokenType
- The token type.
authenticationResultType_accessToken :: Lens' AuthenticationResultType (Maybe Text) Source #
A valid access token that Amazon Cognito issued to the user who you want to authenticate.
authenticationResultType_expiresIn :: Lens' AuthenticationResultType (Maybe Int) Source #
The expiration period of the authentication result in seconds.
authenticationResultType_idToken :: Lens' AuthenticationResultType (Maybe Text) Source #
The ID token.
authenticationResultType_newDeviceMetadata :: Lens' AuthenticationResultType (Maybe NewDeviceMetadataType) Source #
The new device metadata from an authentication result.
authenticationResultType_refreshToken :: Lens' AuthenticationResultType (Maybe Text) Source #
The refresh token.
authenticationResultType_tokenType :: Lens' AuthenticationResultType (Maybe Text) Source #
The token type.
ChallengeResponseType
data ChallengeResponseType Source #
The challenge response type.
See: newChallengeResponseType
smart constructor.
ChallengeResponseType' | |
|
Instances
newChallengeResponseType :: ChallengeResponseType Source #
Create a value of ChallengeResponseType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:challengeName:ChallengeResponseType'
, challengeResponseType_challengeName
- The challenge name.
$sel:challengeResponse:ChallengeResponseType'
, challengeResponseType_challengeResponse
- The challenge response.
challengeResponseType_challengeName :: Lens' ChallengeResponseType (Maybe ChallengeName) Source #
The challenge name.
challengeResponseType_challengeResponse :: Lens' ChallengeResponseType (Maybe ChallengeResponse) Source #
The challenge response.
CodeDeliveryDetailsType
data CodeDeliveryDetailsType Source #
The delivery details for an email or SMS message that Amazon Cognito sent for authentication or verification.
See: newCodeDeliveryDetailsType
smart constructor.
CodeDeliveryDetailsType' | |
|
Instances
newCodeDeliveryDetailsType :: CodeDeliveryDetailsType Source #
Create a value of CodeDeliveryDetailsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:attributeName:CodeDeliveryDetailsType'
, codeDeliveryDetailsType_attributeName
- The name of the attribute that Amazon Cognito verifies with the code.
$sel:deliveryMedium:CodeDeliveryDetailsType'
, codeDeliveryDetailsType_deliveryMedium
- The method that Amazon Cognito used to send the code.
$sel:destination:CodeDeliveryDetailsType'
, codeDeliveryDetailsType_destination
- The email address or phone number destination where Amazon Cognito sent
the code.
codeDeliveryDetailsType_attributeName :: Lens' CodeDeliveryDetailsType (Maybe Text) Source #
The name of the attribute that Amazon Cognito verifies with the code.
codeDeliveryDetailsType_deliveryMedium :: Lens' CodeDeliveryDetailsType (Maybe DeliveryMediumType) Source #
The method that Amazon Cognito used to send the code.
codeDeliveryDetailsType_destination :: Lens' CodeDeliveryDetailsType (Maybe Text) Source #
The email address or phone number destination where Amazon Cognito sent the code.
CompromisedCredentialsActionsType
data CompromisedCredentialsActionsType Source #
The compromised credentials actions type.
See: newCompromisedCredentialsActionsType
smart constructor.
CompromisedCredentialsActionsType' | |
|
Instances
FromJSON CompromisedCredentialsActionsType Source # | |
ToJSON CompromisedCredentialsActionsType Source # | |
Generic CompromisedCredentialsActionsType Source # | |
Read CompromisedCredentialsActionsType Source # | |
Show CompromisedCredentialsActionsType Source # | |
NFData CompromisedCredentialsActionsType Source # | |
Eq CompromisedCredentialsActionsType Source # | |
Hashable CompromisedCredentialsActionsType Source # | |
type Rep CompromisedCredentialsActionsType Source # | |
Defined in Amazonka.CognitoIdentityProvider.Types.CompromisedCredentialsActionsType type Rep CompromisedCredentialsActionsType = D1 ('MetaData "CompromisedCredentialsActionsType" "Amazonka.CognitoIdentityProvider.Types.CompromisedCredentialsActionsType" "amazonka-cognito-idp-2.0-D1ERgMvEVPG9z8cOLXdU2" 'False) (C1 ('MetaCons "CompromisedCredentialsActionsType'" 'PrefixI 'True) (S1 ('MetaSel ('Just "eventAction") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 CompromisedCredentialsEventActionType))) |
newCompromisedCredentialsActionsType Source #
Create a value of CompromisedCredentialsActionsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:eventAction:CompromisedCredentialsActionsType'
, compromisedCredentialsActionsType_eventAction
- The event action.
compromisedCredentialsActionsType_eventAction :: Lens' CompromisedCredentialsActionsType CompromisedCredentialsEventActionType Source #
The event action.
CompromisedCredentialsRiskConfigurationType
data CompromisedCredentialsRiskConfigurationType Source #
The compromised credentials risk configuration type.
See: newCompromisedCredentialsRiskConfigurationType
smart constructor.
CompromisedCredentialsRiskConfigurationType' | |
|
Instances
newCompromisedCredentialsRiskConfigurationType Source #
Create a value of CompromisedCredentialsRiskConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:eventFilter:CompromisedCredentialsRiskConfigurationType'
, compromisedCredentialsRiskConfigurationType_eventFilter
- Perform the action for these events. The default is to perform all
events if no event filter is specified.
$sel:actions:CompromisedCredentialsRiskConfigurationType'
, compromisedCredentialsRiskConfigurationType_actions
- The compromised credentials risk configuration actions.
compromisedCredentialsRiskConfigurationType_eventFilter :: Lens' CompromisedCredentialsRiskConfigurationType (Maybe [EventFilterType]) Source #
Perform the action for these events. The default is to perform all events if no event filter is specified.
compromisedCredentialsRiskConfigurationType_actions :: Lens' CompromisedCredentialsRiskConfigurationType CompromisedCredentialsActionsType Source #
The compromised credentials risk configuration actions.
ContextDataType
data ContextDataType Source #
Contextual user data type used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.
See: newContextDataType
smart constructor.
ContextDataType' | |
|
Instances
:: Text | |
-> Text | |
-> Text | |
-> ContextDataType |
Create a value of ContextDataType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:encodedData:ContextDataType'
, contextDataType_encodedData
- Encoded device-fingerprint details that your app collected with the
Amazon Cognito context data collection library. For more information,
see
Adding user device and session data to API requests.
$sel:ipAddress:ContextDataType'
, contextDataType_ipAddress
- The source IP address of your user's device.
$sel:serverName:ContextDataType'
, contextDataType_serverName
- Your server endpoint where this API is invoked.
$sel:serverPath:ContextDataType'
, contextDataType_serverPath
- Your server path where this API is invoked.
$sel:httpHeaders:ContextDataType'
, contextDataType_httpHeaders
- HttpHeaders received on your server in same order.
contextDataType_encodedData :: Lens' ContextDataType (Maybe Text) Source #
Encoded device-fingerprint details that your app collected with the Amazon Cognito context data collection library. For more information, see Adding user device and session data to API requests.
contextDataType_ipAddress :: Lens' ContextDataType Text Source #
The source IP address of your user's device.
contextDataType_serverName :: Lens' ContextDataType Text Source #
Your server endpoint where this API is invoked.
contextDataType_serverPath :: Lens' ContextDataType Text Source #
Your server path where this API is invoked.
contextDataType_httpHeaders :: Lens' ContextDataType [HttpHeader] Source #
HttpHeaders received on your server in same order.
CustomDomainConfigType
data CustomDomainConfigType Source #
The configuration for a custom domain that hosts the sign-up and sign-in webpages for your application.
See: newCustomDomainConfigType
smart constructor.
CustomDomainConfigType' | |
|
Instances
newCustomDomainConfigType Source #
Create a value of CustomDomainConfigType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:certificateArn:CustomDomainConfigType'
, customDomainConfigType_certificateArn
- The Amazon Resource Name (ARN) of an Certificate Manager SSL
certificate. You use this certificate for the subdomain of your custom
domain.
customDomainConfigType_certificateArn :: Lens' CustomDomainConfigType Text Source #
The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.
CustomEmailLambdaVersionConfigType
data CustomEmailLambdaVersionConfigType Source #
A custom email sender Lambda configuration type.
See: newCustomEmailLambdaVersionConfigType
smart constructor.
CustomEmailLambdaVersionConfigType' | |
|
Instances
newCustomEmailLambdaVersionConfigType Source #
Create a value of CustomEmailLambdaVersionConfigType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lambdaVersion:CustomEmailLambdaVersionConfigType'
, customEmailLambdaVersionConfigType_lambdaVersion
- Signature of the "request" attribute in the "event" information
Amazon Cognito passes to your custom email Lambda function. The only
supported value is V1_0
.
$sel:lambdaArn:CustomEmailLambdaVersionConfigType'
, customEmailLambdaVersionConfigType_lambdaArn
- The Amazon Resource Name (ARN) of the Lambda function that Amazon
Cognito activates to send email notifications to users.
customEmailLambdaVersionConfigType_lambdaVersion :: Lens' CustomEmailLambdaVersionConfigType CustomEmailSenderLambdaVersionType Source #
Signature of the "request" attribute in the "event" information
Amazon Cognito passes to your custom email Lambda function. The only
supported value is V1_0
.
customEmailLambdaVersionConfigType_lambdaArn :: Lens' CustomEmailLambdaVersionConfigType Text Source #
The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito activates to send email notifications to users.
CustomSMSLambdaVersionConfigType
data CustomSMSLambdaVersionConfigType Source #
A custom SMS sender Lambda configuration type.
See: newCustomSMSLambdaVersionConfigType
smart constructor.
CustomSMSLambdaVersionConfigType' | |
|
Instances
newCustomSMSLambdaVersionConfigType Source #
Create a value of CustomSMSLambdaVersionConfigType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lambdaVersion:CustomSMSLambdaVersionConfigType'
, customSMSLambdaVersionConfigType_lambdaVersion
- Signature of the "request" attribute in the "event" information that
Amazon Cognito passes to your custom SMS Lambda function. The only
supported value is V1_0
.
$sel:lambdaArn:CustomSMSLambdaVersionConfigType'
, customSMSLambdaVersionConfigType_lambdaArn
- The Amazon Resource Name (ARN) of the Lambda function that Amazon
Cognito activates to send SMS notifications to users.
customSMSLambdaVersionConfigType_lambdaVersion :: Lens' CustomSMSLambdaVersionConfigType CustomSMSSenderLambdaVersionType Source #
Signature of the "request" attribute in the "event" information that
Amazon Cognito passes to your custom SMS Lambda function. The only
supported value is V1_0
.
customSMSLambdaVersionConfigType_lambdaArn :: Lens' CustomSMSLambdaVersionConfigType Text Source #
The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito activates to send SMS notifications to users.
DeviceConfigurationType
data DeviceConfigurationType Source #
The device-remembering configuration for a user pool. A
DescribeUserPool
request returns a null value for this object when the user pool isn't
configured to remember devices. When device remembering is active, you
can remember a user's device with a
ConfirmDevice
API request. Additionally. when the property
DeviceOnlyRememberedOnUserPrompt
is true
, you must follow
ConfirmDevice
with an
UpdateDeviceStatus
API request that sets the user's device to remembered
or
not_remembered
.
To sign in with a remembered device, include DEVICE_KEY
in the
authentication parameters in your user's
InitiateAuth
request. If your app doesn't include a DEVICE_KEY
parameter, the
response
from Amazon Cognito includes newly-generated DEVICE_KEY
and
DEVICE_GROUP_KEY
values under NewDeviceMetadata
. Store these values
to use in future device-authentication requests.
When you provide a value for any property of DeviceConfiguration
, you
activate the device remembering for the user pool.
See: newDeviceConfigurationType
smart constructor.
DeviceConfigurationType' | |
|
Instances
newDeviceConfigurationType :: DeviceConfigurationType Source #
Create a value of DeviceConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:challengeRequiredOnNewDevice:DeviceConfigurationType'
, deviceConfigurationType_challengeRequiredOnNewDevice
- When true, a remembered device can sign in with device authentication
instead of SMS and time-based one-time password (TOTP) factors for
multi-factor authentication (MFA).
Whether or not ChallengeRequiredOnNewDevice
is true, users who sign in
with devices that have not been confirmed or remembered must still
provide a second factor in a user pool that requires MFA.
$sel:deviceOnlyRememberedOnUserPrompt:DeviceConfigurationType'
, deviceConfigurationType_deviceOnlyRememberedOnUserPrompt
- When true, Amazon Cognito doesn't automatically remember a user's
device when your app sends a
ConfirmDevice
API request. In your app, create a prompt for your user to choose
whether they want to remember their device. Return the user's choice in
an
UpdateDeviceStatus
API request.
When DeviceOnlyRememberedOnUserPrompt
is false
, Amazon Cognito
immediately remembers devices that you register in a ConfirmDevice
API
request.
deviceConfigurationType_challengeRequiredOnNewDevice :: Lens' DeviceConfigurationType (Maybe Bool) Source #
When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).
Whether or not ChallengeRequiredOnNewDevice
is true, users who sign in
with devices that have not been confirmed or remembered must still
provide a second factor in a user pool that requires MFA.
deviceConfigurationType_deviceOnlyRememberedOnUserPrompt :: Lens' DeviceConfigurationType (Maybe Bool) Source #
When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request.
When DeviceOnlyRememberedOnUserPrompt
is false
, Amazon Cognito
immediately remembers devices that you register in a ConfirmDevice
API
request.
DeviceSecretVerifierConfigType
data DeviceSecretVerifierConfigType Source #
The device verifier against which it is authenticated.
See: newDeviceSecretVerifierConfigType
smart constructor.
Instances
ToJSON DeviceSecretVerifierConfigType Source # | |
Generic DeviceSecretVerifierConfigType Source # | |
Read DeviceSecretVerifierConfigType Source # | |
Show DeviceSecretVerifierConfigType Source # | |
NFData DeviceSecretVerifierConfigType Source # | |
Eq DeviceSecretVerifierConfigType Source # | |
Hashable DeviceSecretVerifierConfigType Source # | |
type Rep DeviceSecretVerifierConfigType Source # | |
Defined in Amazonka.CognitoIdentityProvider.Types.DeviceSecretVerifierConfigType type Rep DeviceSecretVerifierConfigType = D1 ('MetaData "DeviceSecretVerifierConfigType" "Amazonka.CognitoIdentityProvider.Types.DeviceSecretVerifierConfigType" "amazonka-cognito-idp-2.0-D1ERgMvEVPG9z8cOLXdU2" 'False) (C1 ('MetaCons "DeviceSecretVerifierConfigType'" 'PrefixI 'True) (S1 ('MetaSel ('Just "passwordVerifier") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "salt") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)))) |
newDeviceSecretVerifierConfigType :: DeviceSecretVerifierConfigType Source #
Create a value of DeviceSecretVerifierConfigType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:passwordVerifier:DeviceSecretVerifierConfigType'
, deviceSecretVerifierConfigType_passwordVerifier
- The password verifier.
$sel:salt:DeviceSecretVerifierConfigType'
, deviceSecretVerifierConfigType_salt
- The salt
deviceSecretVerifierConfigType_passwordVerifier :: Lens' DeviceSecretVerifierConfigType (Maybe Text) Source #
The password verifier.
deviceSecretVerifierConfigType_salt :: Lens' DeviceSecretVerifierConfigType (Maybe Text) Source #
The salt
DeviceType
data DeviceType Source #
The device type.
See: newDeviceType
smart constructor.
DeviceType' | |
|
Instances
newDeviceType :: DeviceType Source #
Create a value of DeviceType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deviceAttributes:DeviceType'
, deviceType_deviceAttributes
- The device attributes.
$sel:deviceCreateDate:DeviceType'
, deviceType_deviceCreateDate
- The creation date of the device.
$sel:deviceKey:DeviceType'
, deviceType_deviceKey
- The device key.
$sel:deviceLastAuthenticatedDate:DeviceType'
, deviceType_deviceLastAuthenticatedDate
- The date when the device was last authenticated.
$sel:deviceLastModifiedDate:DeviceType'
, deviceType_deviceLastModifiedDate
- The last modified date of the device.
deviceType_deviceAttributes :: Lens' DeviceType (Maybe [AttributeType]) Source #
The device attributes.
deviceType_deviceCreateDate :: Lens' DeviceType (Maybe UTCTime) Source #
The creation date of the device.
deviceType_deviceKey :: Lens' DeviceType (Maybe Text) Source #
The device key.
deviceType_deviceLastAuthenticatedDate :: Lens' DeviceType (Maybe UTCTime) Source #
The date when the device was last authenticated.
deviceType_deviceLastModifiedDate :: Lens' DeviceType (Maybe UTCTime) Source #
The last modified date of the device.
DomainDescriptionType
data DomainDescriptionType Source #
A container for information about a domain.
See: newDomainDescriptionType
smart constructor.
DomainDescriptionType' | |
|
Instances
newDomainDescriptionType :: DomainDescriptionType Source #
Create a value of DomainDescriptionType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:aWSAccountId:DomainDescriptionType'
, domainDescriptionType_aWSAccountId
- The Amazon Web Services ID for the user pool owner.
$sel:cloudFrontDistribution:DomainDescriptionType'
, domainDescriptionType_cloudFrontDistribution
- The Amazon Resource Name (ARN) of the Amazon CloudFront distribution.
$sel:customDomainConfig:DomainDescriptionType'
, domainDescriptionType_customDomainConfig
- The configuration for a custom domain that hosts the sign-up and sign-in
webpages for your application.
$sel:domain:DomainDescriptionType'
, domainDescriptionType_domain
- The domain string. For custom domains, this is the fully-qualified
domain name, such as auth.example.com
. For Amazon Cognito prefix
domains, this is the prefix alone, such as auth
.
$sel:s3Bucket:DomainDescriptionType'
, domainDescriptionType_s3Bucket
- The Amazon S3 bucket where the static files for this domain are stored.
$sel:status:DomainDescriptionType'
, domainDescriptionType_status
- The domain status.
$sel:userPoolId:DomainDescriptionType'
, domainDescriptionType_userPoolId
- The user pool ID.
$sel:version:DomainDescriptionType'
, domainDescriptionType_version
- The app version.
domainDescriptionType_aWSAccountId :: Lens' DomainDescriptionType (Maybe Text) Source #
The Amazon Web Services ID for the user pool owner.
domainDescriptionType_cloudFrontDistribution :: Lens' DomainDescriptionType (Maybe Text) Source #
The Amazon Resource Name (ARN) of the Amazon CloudFront distribution.
domainDescriptionType_customDomainConfig :: Lens' DomainDescriptionType (Maybe CustomDomainConfigType) Source #
The configuration for a custom domain that hosts the sign-up and sign-in webpages for your application.
domainDescriptionType_domain :: Lens' DomainDescriptionType (Maybe Text) Source #
The domain string. For custom domains, this is the fully-qualified
domain name, such as auth.example.com
. For Amazon Cognito prefix
domains, this is the prefix alone, such as auth
.
domainDescriptionType_s3Bucket :: Lens' DomainDescriptionType (Maybe Text) Source #
The Amazon S3 bucket where the static files for this domain are stored.
domainDescriptionType_status :: Lens' DomainDescriptionType (Maybe DomainStatusType) Source #
The domain status.
domainDescriptionType_userPoolId :: Lens' DomainDescriptionType (Maybe Text) Source #
The user pool ID.
domainDescriptionType_version :: Lens' DomainDescriptionType (Maybe Text) Source #
The app version.
EmailConfigurationType
data EmailConfigurationType Source #
The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages from your user pool.
Amazon Cognito can send email messages with Amazon Simple Email Service resources in the Amazon Web Services Region where you created your user pool, and in alternate Regions in some cases. For more information on the supported Regions, see Email settings for Amazon Cognito user pools.
See: newEmailConfigurationType
smart constructor.
EmailConfigurationType' | |
|
Instances
newEmailConfigurationType :: EmailConfigurationType Source #
Create a value of EmailConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:configurationSet:EmailConfigurationType'
, emailConfigurationType_configurationSet
- The set of configuration rules that can be applied to emails sent using
Amazon Simple Email Service. A configuration set is applied to an email
by including a reference to the configuration set in the headers of the
email. Once applied, all of the rules in that configuration set are
applied to the email. Configuration sets can be used to apply the
following types of rules to emails:
- Event publishing
- Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other Amazon Web Services services such as and Amazon CloudWatch
- IP pool management
- When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.
$sel:emailSendingAccount:EmailConfigurationType'
, emailConfigurationType_emailSendingAccount
- Specifies whether Amazon Cognito uses its built-in functionality to send
your users email messages, or uses your Amazon Simple Email Service
email configuration. Specify one of the following values:
- COGNITO_DEFAULT
- When Amazon Cognito emails your users, it uses its built-in email
functionality. When you use the default option, Amazon Cognito
allows only a limited number of emails each day for your user pool.
For typical production environments, the default email limit is less
than the required delivery volume. To achieve a higher delivery
volume, specify DEVELOPER to use your Amazon SES email
configuration.
To look up the email delivery limit for the default option, see Limits in the Amazon Cognito Developer Guide.
The default FROM address is
no-reply@verificationemail.com
. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for theSourceArn
parameter. - DEVELOPER
- When Amazon Cognito emails your users, it uses your Amazon SES
configuration. Amazon Cognito calls Amazon SES on your behalf to
send email from your verified email address. When you use this
option, the email delivery limits are the same limits that apply to
your Amazon SES verified email address in your Amazon Web Services
account.
If you use this option, provide the ARN of an Amazon SES verified email address for the
SourceArn
parameter.Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a /service-linked role/, which is a type of role in your Amazon Web Services account. This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide.
$sel:from:EmailConfigurationType'
, emailConfigurationType_from
- Either the sender’s email address or the sender’s name with their email
address. For example, testuser@example.com
or
Test User <testuser@example.com>
. This address appears before the
body of the email.
$sel:replyToEmailAddress:EmailConfigurationType'
, emailConfigurationType_replyToEmailAddress
- The destination to which the receiver of the email should reply.
$sel:sourceArn:EmailConfigurationType'
, emailConfigurationType_sourceArn
- The ARN of a verified email address in Amazon SES. Amazon Cognito uses
this email address in one of the following ways, depending on the value
that you specify for the EmailSendingAccount
parameter:
- If you specify
COGNITO_DEFAULT
, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account. - If you specify
DEVELOPER
, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.
The Region value of the SourceArn
parameter must indicate a supported
Amazon Web Services Region of your user pool. Typically, the Region in
the SourceArn
and the user pool Region are the same. For more
information, see
Amazon SES email configuration regions
in the
Amazon Cognito Developer Guide.
emailConfigurationType_configurationSet :: Lens' EmailConfigurationType (Maybe Text) Source #
The set of configuration rules that can be applied to emails sent using Amazon Simple Email Service. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:
- Event publishing
- Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other Amazon Web Services services such as and Amazon CloudWatch
- IP pool management
- When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.
emailConfigurationType_emailSendingAccount :: Lens' EmailConfigurationType (Maybe EmailSendingAccountType) Source #
Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration. Specify one of the following values:
- COGNITO_DEFAULT
- When Amazon Cognito emails your users, it uses its built-in email
functionality. When you use the default option, Amazon Cognito
allows only a limited number of emails each day for your user pool.
For typical production environments, the default email limit is less
than the required delivery volume. To achieve a higher delivery
volume, specify DEVELOPER to use your Amazon SES email
configuration.
To look up the email delivery limit for the default option, see Limits in the Amazon Cognito Developer Guide.
The default FROM address is
no-reply@verificationemail.com
. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for theSourceArn
parameter. - DEVELOPER
- When Amazon Cognito emails your users, it uses your Amazon SES
configuration. Amazon Cognito calls Amazon SES on your behalf to
send email from your verified email address. When you use this
option, the email delivery limits are the same limits that apply to
your Amazon SES verified email address in your Amazon Web Services
account.
If you use this option, provide the ARN of an Amazon SES verified email address for the
SourceArn
parameter.Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a /service-linked role/, which is a type of role in your Amazon Web Services account. This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide.
emailConfigurationType_from :: Lens' EmailConfigurationType (Maybe Text) Source #
Either the sender’s email address or the sender’s name with their email
address. For example, testuser@example.com
or
Test User <testuser@example.com>
. This address appears before the
body of the email.
emailConfigurationType_replyToEmailAddress :: Lens' EmailConfigurationType (Maybe Text) Source #
The destination to which the receiver of the email should reply.
emailConfigurationType_sourceArn :: Lens' EmailConfigurationType (Maybe Text) Source #
The ARN of a verified email address in Amazon SES. Amazon Cognito uses
this email address in one of the following ways, depending on the value
that you specify for the EmailSendingAccount
parameter:
- If you specify
COGNITO_DEFAULT
, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account. - If you specify
DEVELOPER
, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.
The Region value of the SourceArn
parameter must indicate a supported
Amazon Web Services Region of your user pool. Typically, the Region in
the SourceArn
and the user pool Region are the same. For more
information, see
Amazon SES email configuration regions
in the
Amazon Cognito Developer Guide.
EventContextDataType
data EventContextDataType Source #
Specifies the user context data captured at the time of an event request.
See: newEventContextDataType
smart constructor.
Instances
newEventContextDataType :: EventContextDataType Source #
Create a value of EventContextDataType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:city:EventContextDataType'
, eventContextDataType_city
- The user's city.
$sel:country:EventContextDataType'
, eventContextDataType_country
- The user's country.
$sel:deviceName:EventContextDataType'
, eventContextDataType_deviceName
- The user's device name.
$sel:ipAddress:EventContextDataType'
, eventContextDataType_ipAddress
- The source IP address of your user's device.
$sel:timezone:EventContextDataType'
, eventContextDataType_timezone
- The user's time zone.
eventContextDataType_city :: Lens' EventContextDataType (Maybe Text) Source #
The user's city.
eventContextDataType_country :: Lens' EventContextDataType (Maybe Text) Source #
The user's country.
eventContextDataType_deviceName :: Lens' EventContextDataType (Maybe Text) Source #
The user's device name.
eventContextDataType_ipAddress :: Lens' EventContextDataType (Maybe Text) Source #
The source IP address of your user's device.
eventContextDataType_timezone :: Lens' EventContextDataType (Maybe Text) Source #
The user's time zone.
EventFeedbackType
data EventFeedbackType Source #
Specifies the event feedback type.
See: newEventFeedbackType
smart constructor.
EventFeedbackType' | |
|
Instances
Create a value of EventFeedbackType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:feedbackDate:EventFeedbackType'
, eventFeedbackType_feedbackDate
- The event feedback date.
$sel:feedbackValue:EventFeedbackType'
, eventFeedbackType_feedbackValue
- The event feedback value.
$sel:provider:EventFeedbackType'
, eventFeedbackType_provider
- The provider.
eventFeedbackType_feedbackDate :: Lens' EventFeedbackType (Maybe UTCTime) Source #
The event feedback date.
eventFeedbackType_feedbackValue :: Lens' EventFeedbackType FeedbackValueType Source #
The event feedback value.
eventFeedbackType_provider :: Lens' EventFeedbackType Text Source #
The provider.
EventRiskType
data EventRiskType Source #
The event risk type.
See: newEventRiskType
smart constructor.
EventRiskType' | |
|
Instances
newEventRiskType :: EventRiskType Source #
Create a value of EventRiskType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:compromisedCredentialsDetected:EventRiskType'
, eventRiskType_compromisedCredentialsDetected
- Indicates whether compromised credentials were detected during an
authentication event.
$sel:riskDecision:EventRiskType'
, eventRiskType_riskDecision
- The risk decision.
$sel:riskLevel:EventRiskType'
, eventRiskType_riskLevel
- The risk level.
eventRiskType_compromisedCredentialsDetected :: Lens' EventRiskType (Maybe Bool) Source #
Indicates whether compromised credentials were detected during an authentication event.
eventRiskType_riskDecision :: Lens' EventRiskType (Maybe RiskDecisionType) Source #
The risk decision.
eventRiskType_riskLevel :: Lens' EventRiskType (Maybe RiskLevelType) Source #
The risk level.
GroupType
The group type.
See: newGroupType
smart constructor.
GroupType' | |
|
Instances
newGroupType :: GroupType Source #
Create a value of GroupType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:creationDate:GroupType'
, groupType_creationDate
- The date the group was created.
$sel:description:GroupType'
, groupType_description
- A string containing the description of the group.
$sel:groupName:GroupType'
, groupType_groupName
- The name of the group.
$sel:lastModifiedDate:GroupType'
, groupType_lastModifiedDate
- The date the group was last modified.
$sel:precedence:GroupType'
, groupType_precedence
- A non-negative integer value that specifies the precedence of this group
relative to the other groups that a user can belong to in the user pool.
Zero is the highest precedence value. Groups with lower Precedence
values take precedence over groups with higher ornull Precedence
values. If a user belongs to two or more groups, it is the group with
the lowest precedence value whose role ARN is given in the user's
tokens for the cognito:roles
and cognito:preferred_role
claims.
Two groups can have the same Precedence
value. If this happens,
neither group takes precedence over the other. If two groups with the
same Precedence
have the same role ARN, that role is used in the
cognito:preferred_role
claim in tokens for users in each group. If the
two groups have different role ARNs, the cognito:preferred_role
claim
isn't set in users' tokens.
The default Precedence
value is null.
$sel:roleArn:GroupType'
, groupType_roleArn
- The role Amazon Resource Name (ARN) for the group.
$sel:userPoolId:GroupType'
, groupType_userPoolId
- The user pool ID for the user pool.
groupType_description :: Lens' GroupType (Maybe Text) Source #
A string containing the description of the group.
groupType_lastModifiedDate :: Lens' GroupType (Maybe UTCTime) Source #
The date the group was last modified.
groupType_precedence :: Lens' GroupType (Maybe Natural) Source #
A non-negative integer value that specifies the precedence of this group
relative to the other groups that a user can belong to in the user pool.
Zero is the highest precedence value. Groups with lower Precedence
values take precedence over groups with higher ornull Precedence
values. If a user belongs to two or more groups, it is the group with
the lowest precedence value whose role ARN is given in the user's
tokens for the cognito:roles
and cognito:preferred_role
claims.
Two groups can have the same Precedence
value. If this happens,
neither group takes precedence over the other. If two groups with the
same Precedence
have the same role ARN, that role is used in the
cognito:preferred_role
claim in tokens for users in each group. If the
two groups have different role ARNs, the cognito:preferred_role
claim
isn't set in users' tokens.
The default Precedence
value is null.
groupType_roleArn :: Lens' GroupType (Maybe Text) Source #
The role Amazon Resource Name (ARN) for the group.
HttpHeader
data HttpHeader Source #
The HTTP header.
See: newHttpHeader
smart constructor.
HttpHeader' | |
|
Instances
newHttpHeader :: HttpHeader Source #
Create a value of HttpHeader
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:headerName:HttpHeader'
, httpHeader_headerName
- The header name.
$sel:headerValue:HttpHeader'
, httpHeader_headerValue
- The header value.
httpHeader_headerName :: Lens' HttpHeader (Maybe Text) Source #
The header name.
httpHeader_headerValue :: Lens' HttpHeader (Maybe Text) Source #
The header value.
IdentityProviderType
data IdentityProviderType Source #
A container for information about an IdP.
See: newIdentityProviderType
smart constructor.
IdentityProviderType' | |
|
Instances
newIdentityProviderType :: IdentityProviderType Source #
Create a value of IdentityProviderType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:attributeMapping:IdentityProviderType'
, identityProviderType_attributeMapping
- A mapping of IdP attributes to standard and custom user pool attributes.
$sel:creationDate:IdentityProviderType'
, identityProviderType_creationDate
- The date the IdP was created.
$sel:idpIdentifiers:IdentityProviderType'
, identityProviderType_idpIdentifiers
- A list of IdP identifiers.
$sel:lastModifiedDate:IdentityProviderType'
, identityProviderType_lastModifiedDate
- The date the IdP was last modified.
$sel:providerDetails:IdentityProviderType'
, identityProviderType_providerDetails
- The IdP details. The following list describes the provider detail keys
for each IdP type.
For Google and Login with Amazon:
- client_id
- client_secret
- authorize_scopes
For Facebook:
- client_id
- client_secret
- authorize_scopes
- api_version
For Sign in with Apple:
- client_id
- team_id
- key_id
private_key
/You can submit a private_key when you add or update an IdP. Describe operations don't return the private key./
- authorize_scopes
For OIDC providers:
- client_id
- client_secret
- attributes_request_method
- oidc_issuer
- authorize_scopes
The following keys are only present if Amazon Cognito didn't discover them at the
oidc_issuer
URL.- authorize_url
- token_url
- attributes_url
- jwks_uri
Amazon Cognito sets the value of the following keys automatically. They are read-only.
- attributes_url_add_attributes
For SAML providers:
- MetadataFile or MetadataURL
- IDPSignout optional
$sel:providerName:IdentityProviderType'
, identityProviderType_providerName
- The IdP name.
$sel:providerType:IdentityProviderType'
, identityProviderType_providerType
- The IdP type.
$sel:userPoolId:IdentityProviderType'
, identityProviderType_userPoolId
- The user pool ID.
identityProviderType_attributeMapping :: Lens' IdentityProviderType (Maybe (HashMap Text Text)) Source #
A mapping of IdP attributes to standard and custom user pool attributes.
identityProviderType_creationDate :: Lens' IdentityProviderType (Maybe UTCTime) Source #
The date the IdP was created.
identityProviderType_idpIdentifiers :: Lens' IdentityProviderType (Maybe [Text]) Source #
A list of IdP identifiers.
identityProviderType_lastModifiedDate :: Lens' IdentityProviderType (Maybe UTCTime) Source #
The date the IdP was last modified.
identityProviderType_providerDetails :: Lens' IdentityProviderType (Maybe (HashMap Text Text)) Source #
The IdP details. The following list describes the provider detail keys for each IdP type.
For Google and Login with Amazon:
- client_id
- client_secret
- authorize_scopes
For Facebook:
- client_id
- client_secret
- authorize_scopes
- api_version
For Sign in with Apple:
- client_id
- team_id
- key_id
private_key
/You can submit a private_key when you add or update an IdP. Describe operations don't return the private key./
- authorize_scopes
For OIDC providers:
- client_id
- client_secret
- attributes_request_method
- oidc_issuer
- authorize_scopes
The following keys are only present if Amazon Cognito didn't discover them at the
oidc_issuer
URL.- authorize_url
- token_url
- attributes_url
- jwks_uri
Amazon Cognito sets the value of the following keys automatically. They are read-only.
- attributes_url_add_attributes
For SAML providers:
- MetadataFile or MetadataURL
- IDPSignout optional
identityProviderType_providerName :: Lens' IdentityProviderType (Maybe Text) Source #
The IdP name.
identityProviderType_providerType :: Lens' IdentityProviderType (Maybe IdentityProviderTypeType) Source #
The IdP type.
identityProviderType_userPoolId :: Lens' IdentityProviderType (Maybe Text) Source #
The user pool ID.
LambdaConfigType
data LambdaConfigType Source #
Specifies the configuration for Lambda triggers.
See: newLambdaConfigType
smart constructor.
LambdaConfigType' | |
|
Instances
newLambdaConfigType :: LambdaConfigType Source #
Create a value of LambdaConfigType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createAuthChallenge:LambdaConfigType'
, lambdaConfigType_createAuthChallenge
- Creates an authentication challenge.
$sel:customEmailSender:LambdaConfigType'
, lambdaConfigType_customEmailSender
- A custom email sender Lambda trigger.
$sel:customMessage:LambdaConfigType'
, lambdaConfigType_customMessage
- A custom Message Lambda trigger.
$sel:customSMSSender:LambdaConfigType'
, lambdaConfigType_customSMSSender
- A custom SMS sender Lambda trigger.
$sel:defineAuthChallenge:LambdaConfigType'
, lambdaConfigType_defineAuthChallenge
- Defines the authentication challenge.
$sel:kmsKeyID:LambdaConfigType'
, lambdaConfigType_kmsKeyID
- The Amazon Resource Name (ARN) of an
KMS key. Amazon
Cognito uses the key to encrypt codes and temporary passwords sent to
CustomEmailSender
and CustomSMSSender
.
$sel:postAuthentication:LambdaConfigType'
, lambdaConfigType_postAuthentication
- A post-authentication Lambda trigger.
$sel:postConfirmation:LambdaConfigType'
, lambdaConfigType_postConfirmation
- A post-confirmation Lambda trigger.
$sel:preAuthentication:LambdaConfigType'
, lambdaConfigType_preAuthentication
- A pre-authentication Lambda trigger.
$sel:preSignUp:LambdaConfigType'
, lambdaConfigType_preSignUp
- A pre-registration Lambda trigger.
$sel:preTokenGeneration:LambdaConfigType'
, lambdaConfigType_preTokenGeneration
- A Lambda trigger that is invoked before token generation.
$sel:userMigration:LambdaConfigType'
, lambdaConfigType_userMigration
- The user migration Lambda config type.
$sel:verifyAuthChallengeResponse:LambdaConfigType'
, lambdaConfigType_verifyAuthChallengeResponse
- Verifies the authentication challenge response.
lambdaConfigType_createAuthChallenge :: Lens' LambdaConfigType (Maybe Text) Source #
Creates an authentication challenge.
lambdaConfigType_customEmailSender :: Lens' LambdaConfigType (Maybe CustomEmailLambdaVersionConfigType) Source #
A custom email sender Lambda trigger.
lambdaConfigType_customMessage :: Lens' LambdaConfigType (Maybe Text) Source #
A custom Message Lambda trigger.
lambdaConfigType_customSMSSender :: Lens' LambdaConfigType (Maybe CustomSMSLambdaVersionConfigType) Source #
A custom SMS sender Lambda trigger.
lambdaConfigType_defineAuthChallenge :: Lens' LambdaConfigType (Maybe Text) Source #
Defines the authentication challenge.
lambdaConfigType_kmsKeyID :: Lens' LambdaConfigType (Maybe Text) Source #
The Amazon Resource Name (ARN) of an
KMS key. Amazon
Cognito uses the key to encrypt codes and temporary passwords sent to
CustomEmailSender
and CustomSMSSender
.
lambdaConfigType_postAuthentication :: Lens' LambdaConfigType (Maybe Text) Source #
A post-authentication Lambda trigger.
lambdaConfigType_postConfirmation :: Lens' LambdaConfigType (Maybe Text) Source #
A post-confirmation Lambda trigger.
lambdaConfigType_preAuthentication :: Lens' LambdaConfigType (Maybe Text) Source #
A pre-authentication Lambda trigger.
lambdaConfigType_preSignUp :: Lens' LambdaConfigType (Maybe Text) Source #
A pre-registration Lambda trigger.
lambdaConfigType_preTokenGeneration :: Lens' LambdaConfigType (Maybe Text) Source #
A Lambda trigger that is invoked before token generation.
lambdaConfigType_userMigration :: Lens' LambdaConfigType (Maybe Text) Source #
The user migration Lambda config type.
lambdaConfigType_verifyAuthChallengeResponse :: Lens' LambdaConfigType (Maybe Text) Source #
Verifies the authentication challenge response.
MFAOptionType
data MFAOptionType Source #
This data type is no longer supported. Applies only to SMS multi-factor authentication (MFA) configurations. Does not apply to time-based one-time password (TOTP) software token MFA configurations.
See: newMFAOptionType
smart constructor.
MFAOptionType' | |
|
Instances
newMFAOptionType :: MFAOptionType Source #
Create a value of MFAOptionType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:attributeName:MFAOptionType'
, mfaOptionType_attributeName
- The attribute name of the MFA option type. The only valid value is
phone_number
.
$sel:deliveryMedium:MFAOptionType'
, mfaOptionType_deliveryMedium
- The delivery medium to send the MFA code. You can use this parameter to
set only the SMS
delivery medium value.
mfaOptionType_attributeName :: Lens' MFAOptionType (Maybe Text) Source #
The attribute name of the MFA option type. The only valid value is
phone_number
.
mfaOptionType_deliveryMedium :: Lens' MFAOptionType (Maybe DeliveryMediumType) Source #
The delivery medium to send the MFA code. You can use this parameter to
set only the SMS
delivery medium value.
MessageTemplateType
data MessageTemplateType Source #
The message template structure.
See: newMessageTemplateType
smart constructor.
MessageTemplateType' | |
|
Instances
newMessageTemplateType :: MessageTemplateType Source #
Create a value of MessageTemplateType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:emailMessage:MessageTemplateType'
, messageTemplateType_emailMessage
- The message template for email messages. EmailMessage is allowed only if
EmailSendingAccount
is DEVELOPER.
$sel:emailSubject:MessageTemplateType'
, messageTemplateType_emailSubject
- The subject line for email messages. EmailSubject is allowed only if
EmailSendingAccount
is DEVELOPER.
$sel:sMSMessage:MessageTemplateType'
, messageTemplateType_sMSMessage
- The message template for SMS messages.
messageTemplateType_emailMessage :: Lens' MessageTemplateType (Maybe Text) Source #
The message template for email messages. EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.
messageTemplateType_emailSubject :: Lens' MessageTemplateType (Maybe Text) Source #
The subject line for email messages. EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.
messageTemplateType_sMSMessage :: Lens' MessageTemplateType (Maybe Text) Source #
The message template for SMS messages.
NewDeviceMetadataType
data NewDeviceMetadataType Source #
The new device metadata type.
See: newNewDeviceMetadataType
smart constructor.
Instances
newNewDeviceMetadataType :: NewDeviceMetadataType Source #
Create a value of NewDeviceMetadataType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deviceGroupKey:NewDeviceMetadataType'
, newDeviceMetadataType_deviceGroupKey
- The device group key.
$sel:deviceKey:NewDeviceMetadataType'
, newDeviceMetadataType_deviceKey
- The device key.
newDeviceMetadataType_deviceGroupKey :: Lens' NewDeviceMetadataType (Maybe Text) Source #
The device group key.
newDeviceMetadataType_deviceKey :: Lens' NewDeviceMetadataType (Maybe Text) Source #
The device key.
NotifyConfigurationType
data NotifyConfigurationType Source #
The notify configuration type.
See: newNotifyConfigurationType
smart constructor.
NotifyConfigurationType' | |
|
Instances
newNotifyConfigurationType Source #
Create a value of NotifyConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:blockEmail:NotifyConfigurationType'
, notifyConfigurationType_blockEmail
- Email template used when a detected risk event is blocked.
$sel:from:NotifyConfigurationType'
, notifyConfigurationType_from
- The email address that is sending the email. The address must be either
individually verified with Amazon Simple Email Service, or from a domain
that has been verified with Amazon SES.
$sel:mfaEmail:NotifyConfigurationType'
, notifyConfigurationType_mfaEmail
- The multi-factor authentication (MFA) email template used when MFA is
challenged as part of a detected risk.
$sel:noActionEmail:NotifyConfigurationType'
, notifyConfigurationType_noActionEmail
- The email template used when a detected risk event is allowed.
$sel:replyTo:NotifyConfigurationType'
, notifyConfigurationType_replyTo
- The destination to which the receiver of an email should reply to.
$sel:sourceArn:NotifyConfigurationType'
, notifyConfigurationType_sourceArn
- The Amazon Resource Name (ARN) of the identity that is associated with
the sending authorization policy. This identity permits Amazon Cognito
to send for the email address specified in the From
parameter.
notifyConfigurationType_blockEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType) Source #
Email template used when a detected risk event is blocked.
notifyConfigurationType_from :: Lens' NotifyConfigurationType (Maybe Text) Source #
The email address that is sending the email. The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES.
notifyConfigurationType_mfaEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType) Source #
The multi-factor authentication (MFA) email template used when MFA is challenged as part of a detected risk.
notifyConfigurationType_noActionEmail :: Lens' NotifyConfigurationType (Maybe NotifyEmailType) Source #
The email template used when a detected risk event is allowed.
notifyConfigurationType_replyTo :: Lens' NotifyConfigurationType (Maybe Text) Source #
The destination to which the receiver of an email should reply to.
notifyConfigurationType_sourceArn :: Lens' NotifyConfigurationType Text Source #
The Amazon Resource Name (ARN) of the identity that is associated with
the sending authorization policy. This identity permits Amazon Cognito
to send for the email address specified in the From
parameter.
NotifyEmailType
data NotifyEmailType Source #
The notify email type.
See: newNotifyEmailType
smart constructor.
Instances
Create a value of NotifyEmailType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:htmlBody:NotifyEmailType'
, notifyEmailType_htmlBody
- The email HTML body.
$sel:textBody:NotifyEmailType'
, notifyEmailType_textBody
- The email text body.
$sel:subject:NotifyEmailType'
, notifyEmailType_subject
- The email subject.
notifyEmailType_htmlBody :: Lens' NotifyEmailType (Maybe Text) Source #
The email HTML body.
notifyEmailType_textBody :: Lens' NotifyEmailType (Maybe Text) Source #
The email text body.
notifyEmailType_subject :: Lens' NotifyEmailType Text Source #
The email subject.
NumberAttributeConstraintsType
data NumberAttributeConstraintsType Source #
The minimum and maximum values of an attribute that is of the number data type.
See: newNumberAttributeConstraintsType
smart constructor.
Instances
newNumberAttributeConstraintsType :: NumberAttributeConstraintsType Source #
Create a value of NumberAttributeConstraintsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxValue:NumberAttributeConstraintsType'
, numberAttributeConstraintsType_maxValue
- The maximum value of an attribute that is of the number data type.
$sel:minValue:NumberAttributeConstraintsType'
, numberAttributeConstraintsType_minValue
- The minimum value of an attribute that is of the number data type.
numberAttributeConstraintsType_maxValue :: Lens' NumberAttributeConstraintsType (Maybe Text) Source #
The maximum value of an attribute that is of the number data type.
numberAttributeConstraintsType_minValue :: Lens' NumberAttributeConstraintsType (Maybe Text) Source #
The minimum value of an attribute that is of the number data type.
PasswordPolicyType
data PasswordPolicyType Source #
The password policy type.
See: newPasswordPolicyType
smart constructor.
PasswordPolicyType' | |
|
Instances
newPasswordPolicyType :: PasswordPolicyType Source #
Create a value of PasswordPolicyType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:minimumLength:PasswordPolicyType'
, passwordPolicyType_minimumLength
- The minimum length of the password in the policy that you have set. This
value can't be less than 6.
$sel:requireLowercase:PasswordPolicyType'
, passwordPolicyType_requireLowercase
- In the password policy that you have set, refers to whether you have
required users to use at least one lowercase letter in their password.
$sel:requireNumbers:PasswordPolicyType'
, passwordPolicyType_requireNumbers
- In the password policy that you have set, refers to whether you have
required users to use at least one number in their password.
$sel:requireSymbols:PasswordPolicyType'
, passwordPolicyType_requireSymbols
- In the password policy that you have set, refers to whether you have
required users to use at least one symbol in their password.
$sel:requireUppercase:PasswordPolicyType'
, passwordPolicyType_requireUppercase
- In the password policy that you have set, refers to whether you have
required users to use at least one uppercase letter in their password.
$sel:temporaryPasswordValidityDays:PasswordPolicyType'
, passwordPolicyType_temporaryPasswordValidityDays
- The number of days a temporary password is valid in the password policy.
If the user doesn't sign in during this time, an administrator must
reset their password.
When you set TemporaryPasswordValidityDays
for a user pool, you can no
longer set a value for the legacy UnusedAccountValidityDays
parameter
in that user pool.
passwordPolicyType_minimumLength :: Lens' PasswordPolicyType (Maybe Natural) Source #
The minimum length of the password in the policy that you have set. This value can't be less than 6.
passwordPolicyType_requireLowercase :: Lens' PasswordPolicyType (Maybe Bool) Source #
In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.
passwordPolicyType_requireNumbers :: Lens' PasswordPolicyType (Maybe Bool) Source #
In the password policy that you have set, refers to whether you have required users to use at least one number in their password.
passwordPolicyType_requireSymbols :: Lens' PasswordPolicyType (Maybe Bool) Source #
In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.
passwordPolicyType_requireUppercase :: Lens' PasswordPolicyType (Maybe Bool) Source #
In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.
passwordPolicyType_temporaryPasswordValidityDays :: Lens' PasswordPolicyType (Maybe Natural) Source #
The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password.
When you set TemporaryPasswordValidityDays
for a user pool, you can no
longer set a value for the legacy UnusedAccountValidityDays
parameter
in that user pool.
ProviderDescription
data ProviderDescription Source #
A container for IdP details.
See: newProviderDescription
smart constructor.
ProviderDescription' | |
|
Instances
newProviderDescription :: ProviderDescription Source #
Create a value of ProviderDescription
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:creationDate:ProviderDescription'
, providerDescription_creationDate
- The date the provider was added to the user pool.
$sel:lastModifiedDate:ProviderDescription'
, providerDescription_lastModifiedDate
- The date the provider was last modified.
$sel:providerName:ProviderDescription'
, providerDescription_providerName
- The IdP name.
$sel:providerType:ProviderDescription'
, providerDescription_providerType
- The IdP type.
providerDescription_creationDate :: Lens' ProviderDescription (Maybe UTCTime) Source #
The date the provider was added to the user pool.
providerDescription_lastModifiedDate :: Lens' ProviderDescription (Maybe UTCTime) Source #
The date the provider was last modified.
providerDescription_providerName :: Lens' ProviderDescription (Maybe Text) Source #
The IdP name.
providerDescription_providerType :: Lens' ProviderDescription (Maybe IdentityProviderTypeType) Source #
The IdP type.
ProviderUserIdentifierType
data ProviderUserIdentifierType Source #
A container for information about an IdP for a user pool.
See: newProviderUserIdentifierType
smart constructor.
ProviderUserIdentifierType' | |
|
Instances
newProviderUserIdentifierType :: ProviderUserIdentifierType Source #
Create a value of ProviderUserIdentifierType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:providerAttributeName:ProviderUserIdentifierType'
, providerUserIdentifierType_providerAttributeName
- The name of the provider attribute to link to, such as NameID
.
$sel:providerAttributeValue:ProviderUserIdentifierType'
, providerUserIdentifierType_providerAttributeValue
- The value of the provider attribute to link to, such as xxxxx_account
.
$sel:providerName:ProviderUserIdentifierType'
, providerUserIdentifierType_providerName
- The name of the provider, such as Facebook, Google, or Login with
Amazon.
providerUserIdentifierType_providerAttributeName :: Lens' ProviderUserIdentifierType (Maybe Text) Source #
The name of the provider attribute to link to, such as NameID
.
providerUserIdentifierType_providerAttributeValue :: Lens' ProviderUserIdentifierType (Maybe Text) Source #
The value of the provider attribute to link to, such as xxxxx_account
.
providerUserIdentifierType_providerName :: Lens' ProviderUserIdentifierType (Maybe Text) Source #
The name of the provider, such as Facebook, Google, or Login with Amazon.
RecoveryOptionType
data RecoveryOptionType Source #
A map containing a priority as a key, and recovery method name as a value.
See: newRecoveryOptionType
smart constructor.
RecoveryOptionType' | |
|
Instances
newRecoveryOptionType Source #
Create a value of RecoveryOptionType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:priority:RecoveryOptionType'
, recoveryOptionType_priority
- A positive integer specifying priority of a method with 1 being the
highest priority.
$sel:name:RecoveryOptionType'
, recoveryOptionType_name
- The recovery method for a user.
recoveryOptionType_priority :: Lens' RecoveryOptionType Natural Source #
A positive integer specifying priority of a method with 1 being the highest priority.
recoveryOptionType_name :: Lens' RecoveryOptionType RecoveryOptionNameType Source #
The recovery method for a user.
ResourceServerScopeType
data ResourceServerScopeType Source #
A resource server scope.
See: newResourceServerScopeType
smart constructor.
ResourceServerScopeType' | |
|
Instances
newResourceServerScopeType Source #
:: Text | |
-> Text | |
-> ResourceServerScopeType |
Create a value of ResourceServerScopeType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:scopeName:ResourceServerScopeType'
, resourceServerScopeType_scopeName
- The name of the scope.
$sel:scopeDescription:ResourceServerScopeType'
, resourceServerScopeType_scopeDescription
- A description of the scope.
resourceServerScopeType_scopeName :: Lens' ResourceServerScopeType Text Source #
The name of the scope.
resourceServerScopeType_scopeDescription :: Lens' ResourceServerScopeType Text Source #
A description of the scope.
ResourceServerType
data ResourceServerType Source #
A container for information about a resource server for a user pool.
See: newResourceServerType
smart constructor.
ResourceServerType' | |
|
Instances
newResourceServerType :: ResourceServerType Source #
Create a value of ResourceServerType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identifier:ResourceServerType'
, resourceServerType_identifier
- The identifier for the resource server.
$sel:name:ResourceServerType'
, resourceServerType_name
- The name of the resource server.
$sel:scopes:ResourceServerType'
, resourceServerType_scopes
- A list of scopes that are defined for the resource server.
$sel:userPoolId:ResourceServerType'
, resourceServerType_userPoolId
- The user pool ID for the user pool that hosts the resource server.
resourceServerType_identifier :: Lens' ResourceServerType (Maybe Text) Source #
The identifier for the resource server.
resourceServerType_name :: Lens' ResourceServerType (Maybe Text) Source #
The name of the resource server.
resourceServerType_scopes :: Lens' ResourceServerType (Maybe [ResourceServerScopeType]) Source #
A list of scopes that are defined for the resource server.
resourceServerType_userPoolId :: Lens' ResourceServerType (Maybe Text) Source #
The user pool ID for the user pool that hosts the resource server.
RiskConfigurationType
data RiskConfigurationType Source #
The risk configuration type.
See: newRiskConfigurationType
smart constructor.
RiskConfigurationType' | |
|
Instances
newRiskConfigurationType :: RiskConfigurationType Source #
Create a value of RiskConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountTakeoverRiskConfiguration:RiskConfigurationType'
, riskConfigurationType_accountTakeoverRiskConfiguration
- The account takeover risk configuration object, including the
NotifyConfiguration
object and Actions
to take if there is an
account takeover.
$sel:clientId:RiskConfigurationType'
, riskConfigurationType_clientId
- The app client ID.
$sel:compromisedCredentialsRiskConfiguration:RiskConfigurationType'
, riskConfigurationType_compromisedCredentialsRiskConfiguration
- The compromised credentials risk configuration object, including the
EventFilter
and the EventAction
.
$sel:lastModifiedDate:RiskConfigurationType'
, riskConfigurationType_lastModifiedDate
- The last modified date.
$sel:riskExceptionConfiguration:RiskConfigurationType'
, riskConfigurationType_riskExceptionConfiguration
- The configuration to override the risk decision.
$sel:userPoolId:RiskConfigurationType'
, riskConfigurationType_userPoolId
- The user pool ID.
riskConfigurationType_accountTakeoverRiskConfiguration :: Lens' RiskConfigurationType (Maybe AccountTakeoverRiskConfigurationType) Source #
The account takeover risk configuration object, including the
NotifyConfiguration
object and Actions
to take if there is an
account takeover.
riskConfigurationType_clientId :: Lens' RiskConfigurationType (Maybe Text) Source #
The app client ID.
riskConfigurationType_compromisedCredentialsRiskConfiguration :: Lens' RiskConfigurationType (Maybe CompromisedCredentialsRiskConfigurationType) Source #
The compromised credentials risk configuration object, including the
EventFilter
and the EventAction
.
riskConfigurationType_lastModifiedDate :: Lens' RiskConfigurationType (Maybe UTCTime) Source #
The last modified date.
riskConfigurationType_riskExceptionConfiguration :: Lens' RiskConfigurationType (Maybe RiskExceptionConfigurationType) Source #
The configuration to override the risk decision.
riskConfigurationType_userPoolId :: Lens' RiskConfigurationType (Maybe Text) Source #
The user pool ID.
RiskExceptionConfigurationType
data RiskExceptionConfigurationType Source #
The type of the configuration to override the risk decision.
See: newRiskExceptionConfigurationType
smart constructor.
RiskExceptionConfigurationType' | |
|
Instances
newRiskExceptionConfigurationType :: RiskExceptionConfigurationType Source #
Create a value of RiskExceptionConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:blockedIPRangeList:RiskExceptionConfigurationType'
, riskExceptionConfigurationType_blockedIPRangeList
- Overrides the risk decision to always block the pre-authentication
requests. The IP range is in CIDR notation, a compact representation of
an IP address and its routing prefix.
$sel:skippedIPRangeList:RiskExceptionConfigurationType'
, riskExceptionConfigurationType_skippedIPRangeList
- Risk detection isn't performed on the IP addresses in this range list.
The IP range is in CIDR notation.
riskExceptionConfigurationType_blockedIPRangeList :: Lens' RiskExceptionConfigurationType (Maybe [Text]) Source #
Overrides the risk decision to always block the pre-authentication requests. The IP range is in CIDR notation, a compact representation of an IP address and its routing prefix.
riskExceptionConfigurationType_skippedIPRangeList :: Lens' RiskExceptionConfigurationType (Maybe [Text]) Source #
Risk detection isn't performed on the IP addresses in this range list. The IP range is in CIDR notation.
SMSMfaSettingsType
data SMSMfaSettingsType Source #
The type used for enabling SMS multi-factor authentication (MFA) at the user level. Phone numbers don't need to be verified to be used for SMS MFA. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted. If you would like MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.
See: newSMSMfaSettingsType
smart constructor.
SMSMfaSettingsType' | |
|
Instances
newSMSMfaSettingsType :: SMSMfaSettingsType Source #
Create a value of SMSMfaSettingsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:enabled:SMSMfaSettingsType'
, sMSMfaSettingsType_enabled
- Specifies whether SMS text message MFA is activated. If an MFA type is
activated for a user, the user will be prompted for MFA during all
sign-in attempts, unless device tracking is turned on and the device has
been trusted.
$sel:preferredMfa:SMSMfaSettingsType'
, sMSMfaSettingsType_preferredMfa
- Specifies whether SMS is the preferred MFA method.
sMSMfaSettingsType_enabled :: Lens' SMSMfaSettingsType (Maybe Bool) Source #
Specifies whether SMS text message MFA is activated. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.
sMSMfaSettingsType_preferredMfa :: Lens' SMSMfaSettingsType (Maybe Bool) Source #
Specifies whether SMS is the preferred MFA method.
SchemaAttributeType
data SchemaAttributeType Source #
Contains information about the schema attribute.
See: newSchemaAttributeType
smart constructor.
SchemaAttributeType' | |
|
Instances
newSchemaAttributeType :: SchemaAttributeType Source #
Create a value of SchemaAttributeType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:attributeDataType:SchemaAttributeType'
, schemaAttributeType_attributeDataType
- The attribute data type.
$sel:developerOnlyAttribute:SchemaAttributeType'
, schemaAttributeType_developerOnlyAttribute
- You should use
WriteAttributes
in the user pool client to control how attributes can be mutated for new
use cases instead of using DeveloperOnlyAttribute
.
Specifies whether the attribute type is developer only. This attribute
can only be modified by an administrator. Users won't be able to modify
this attribute using their access token. For example,
DeveloperOnlyAttribute
can be modified using AdminUpdateUserAttributes
but can't be updated using UpdateUserAttributes.
$sel:mutable:SchemaAttributeType'
, schemaAttributeType_mutable
- Specifies whether the value of the attribute can be changed.
For any user pool attribute that is mapped to an IdP attribute, you must
set this parameter to true
. Amazon Cognito updates mapped attributes
when users sign in to your application through an IdP. If an attribute
is immutable, Amazon Cognito throws an error when it attempts to update
the attribute. For more information, see
Specifying Identity Provider Attribute Mappings for Your User Pool.
$sel:name:SchemaAttributeType'
, schemaAttributeType_name
- A schema attribute of the name type.
$sel:numberAttributeConstraints:SchemaAttributeType'
, schemaAttributeType_numberAttributeConstraints
- Specifies the constraints for an attribute of the number type.
$sel:required:SchemaAttributeType'
, schemaAttributeType_required
- Specifies whether a user pool attribute is required. If the attribute is
required and the user doesn't provide a value, registration or sign-in
will fail.
$sel:stringAttributeConstraints:SchemaAttributeType'
, schemaAttributeType_stringAttributeConstraints
- Specifies the constraints for an attribute of the string type.
schemaAttributeType_attributeDataType :: Lens' SchemaAttributeType (Maybe AttributeDataType) Source #
The attribute data type.
schemaAttributeType_developerOnlyAttribute :: Lens' SchemaAttributeType (Maybe Bool) Source #
You should use
WriteAttributes
in the user pool client to control how attributes can be mutated for new
use cases instead of using DeveloperOnlyAttribute
.
Specifies whether the attribute type is developer only. This attribute
can only be modified by an administrator. Users won't be able to modify
this attribute using their access token. For example,
DeveloperOnlyAttribute
can be modified using AdminUpdateUserAttributes
but can't be updated using UpdateUserAttributes.
schemaAttributeType_mutable :: Lens' SchemaAttributeType (Maybe Bool) Source #
Specifies whether the value of the attribute can be changed.
For any user pool attribute that is mapped to an IdP attribute, you must
set this parameter to true
. Amazon Cognito updates mapped attributes
when users sign in to your application through an IdP. If an attribute
is immutable, Amazon Cognito throws an error when it attempts to update
the attribute. For more information, see
Specifying Identity Provider Attribute Mappings for Your User Pool.
schemaAttributeType_name :: Lens' SchemaAttributeType (Maybe Text) Source #
A schema attribute of the name type.
schemaAttributeType_numberAttributeConstraints :: Lens' SchemaAttributeType (Maybe NumberAttributeConstraintsType) Source #
Specifies the constraints for an attribute of the number type.
schemaAttributeType_required :: Lens' SchemaAttributeType (Maybe Bool) Source #
Specifies whether a user pool attribute is required. If the attribute is required and the user doesn't provide a value, registration or sign-in will fail.
schemaAttributeType_stringAttributeConstraints :: Lens' SchemaAttributeType (Maybe StringAttributeConstraintsType) Source #
Specifies the constraints for an attribute of the string type.
SmsConfigurationType
data SmsConfigurationType Source #
The SMS configuration type is the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.
See: newSmsConfigurationType
smart constructor.
SmsConfigurationType' | |
|
Instances
newSmsConfigurationType Source #
Create a value of SmsConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:externalId:SmsConfigurationType'
, smsConfigurationType_externalId
- The external ID provides additional security for your IAM role. You can
use an ExternalId
with the IAM role that you use with Amazon SNS to
send SMS messages for your user pool. If you provide an ExternalId
,
your Amazon Cognito user pool includes it in the request to assume your
IAM role. You can configure the role trust policy to require that Amazon
Cognito, and any principal, provide the ExternalID
. If you use the
Amazon Cognito Management Console to create a role for SMS multi-factor
authentication (MFA), Amazon Cognito creates a role with the required
permissions and a trust policy that demonstrates use of the
ExternalId
.
For more information about the ExternalId
of a role, see
How to use an external ID when granting access to your Amazon Web Services resources to a third party
$sel:snsRegion:SmsConfigurationType'
, smsConfigurationType_snsRegion
- The Amazon Web Services Region to use with Amazon SNS integration. You
can choose the same Region as your user pool, or a supported __Legacy
Amazon SNS alternate Region__.
Amazon Cognito resources in the Asia Pacific (Seoul) Amazon Web Services Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
$sel:snsCallerArn:SmsConfigurationType'
, smsConfigurationType_snsCallerArn
- The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the ARN
of the IAM role in your Amazon Web Services account that Amazon Cognito
will use to send SMS messages. SMS messages are subject to a
spending limit.
smsConfigurationType_externalId :: Lens' SmsConfigurationType (Maybe Text) Source #
The external ID provides additional security for your IAM role. You can
use an ExternalId
with the IAM role that you use with Amazon SNS to
send SMS messages for your user pool. If you provide an ExternalId
,
your Amazon Cognito user pool includes it in the request to assume your
IAM role. You can configure the role trust policy to require that Amazon
Cognito, and any principal, provide the ExternalID
. If you use the
Amazon Cognito Management Console to create a role for SMS multi-factor
authentication (MFA), Amazon Cognito creates a role with the required
permissions and a trust policy that demonstrates use of the
ExternalId
.
For more information about the ExternalId
of a role, see
How to use an external ID when granting access to your Amazon Web Services resources to a third party
smsConfigurationType_snsRegion :: Lens' SmsConfigurationType (Maybe Text) Source #
The Amazon Web Services Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported __Legacy Amazon SNS alternate Region__.
Amazon Cognito resources in the Asia Pacific (Seoul) Amazon Web Services Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
smsConfigurationType_snsCallerArn :: Lens' SmsConfigurationType Text Source #
The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the ARN of the IAM role in your Amazon Web Services account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a spending limit.
SmsMfaConfigType
data SmsMfaConfigType Source #
The SMS text message multi-factor authentication (MFA) configuration type.
See: newSmsMfaConfigType
smart constructor.
SmsMfaConfigType' | |
|
Instances
newSmsMfaConfigType :: SmsMfaConfigType Source #
Create a value of SmsMfaConfigType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:smsAuthenticationMessage:SmsMfaConfigType'
, smsMfaConfigType_smsAuthenticationMessage
- The SMS authentication message that will be sent to users with the code
they must sign in. The message must contain the ‘{####}’ placeholder,
which is replaced with the code. If the message isn't included, and
default message will be used.
$sel:smsConfiguration:SmsMfaConfigType'
, smsMfaConfigType_smsConfiguration
- The SMS configuration with the settings that your Amazon Cognito user
pool must use to send an SMS message from your Amazon Web Services
account through Amazon Simple Notification Service. To request Amazon
SNS in the Amazon Web Services Region that you want, the Amazon Cognito
user pool uses an Identity and Access Management (IAM) role that you
provide for your Amazon Web Services account.
smsMfaConfigType_smsAuthenticationMessage :: Lens' SmsMfaConfigType (Maybe Text) Source #
The SMS authentication message that will be sent to users with the code they must sign in. The message must contain the ‘{####}’ placeholder, which is replaced with the code. If the message isn't included, and default message will be used.
smsMfaConfigType_smsConfiguration :: Lens' SmsMfaConfigType (Maybe SmsConfigurationType) Source #
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To request Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role that you provide for your Amazon Web Services account.
SoftwareTokenMfaConfigType
data SoftwareTokenMfaConfigType Source #
The type used for enabling software token MFA at the user pool level.
See: newSoftwareTokenMfaConfigType
smart constructor.
Instances
FromJSON SoftwareTokenMfaConfigType Source # | |
ToJSON SoftwareTokenMfaConfigType Source # | |
Generic SoftwareTokenMfaConfigType Source # | |
Read SoftwareTokenMfaConfigType Source # | |
Show SoftwareTokenMfaConfigType Source # | |
NFData SoftwareTokenMfaConfigType Source # | |
Eq SoftwareTokenMfaConfigType Source # | |
Hashable SoftwareTokenMfaConfigType Source # | |
type Rep SoftwareTokenMfaConfigType Source # | |
Defined in Amazonka.CognitoIdentityProvider.Types.SoftwareTokenMfaConfigType type Rep SoftwareTokenMfaConfigType = D1 ('MetaData "SoftwareTokenMfaConfigType" "Amazonka.CognitoIdentityProvider.Types.SoftwareTokenMfaConfigType" "amazonka-cognito-idp-2.0-D1ERgMvEVPG9z8cOLXdU2" 'False) (C1 ('MetaCons "SoftwareTokenMfaConfigType'" 'PrefixI 'True) (S1 ('MetaSel ('Just "enabled") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)))) |
newSoftwareTokenMfaConfigType :: SoftwareTokenMfaConfigType Source #
Create a value of SoftwareTokenMfaConfigType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:enabled:SoftwareTokenMfaConfigType'
, softwareTokenMfaConfigType_enabled
- Specifies whether software token MFA is activated.
softwareTokenMfaConfigType_enabled :: Lens' SoftwareTokenMfaConfigType (Maybe Bool) Source #
Specifies whether software token MFA is activated.
SoftwareTokenMfaSettingsType
data SoftwareTokenMfaSettingsType Source #
The type used for enabling software token MFA at the user level. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.
See: newSoftwareTokenMfaSettingsType
smart constructor.
SoftwareTokenMfaSettingsType' | |
|
Instances
ToJSON SoftwareTokenMfaSettingsType Source # | |
Generic SoftwareTokenMfaSettingsType Source # | |
Read SoftwareTokenMfaSettingsType Source # | |
Show SoftwareTokenMfaSettingsType Source # | |
NFData SoftwareTokenMfaSettingsType Source # | |
Eq SoftwareTokenMfaSettingsType Source # | |
Hashable SoftwareTokenMfaSettingsType Source # | |
type Rep SoftwareTokenMfaSettingsType Source # | |
Defined in Amazonka.CognitoIdentityProvider.Types.SoftwareTokenMfaSettingsType type Rep SoftwareTokenMfaSettingsType = D1 ('MetaData "SoftwareTokenMfaSettingsType" "Amazonka.CognitoIdentityProvider.Types.SoftwareTokenMfaSettingsType" "amazonka-cognito-idp-2.0-D1ERgMvEVPG9z8cOLXdU2" 'False) (C1 ('MetaCons "SoftwareTokenMfaSettingsType'" 'PrefixI 'True) (S1 ('MetaSel ('Just "enabled") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :*: S1 ('MetaSel ('Just "preferredMfa") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)))) |
newSoftwareTokenMfaSettingsType :: SoftwareTokenMfaSettingsType Source #
Create a value of SoftwareTokenMfaSettingsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:enabled:SoftwareTokenMfaSettingsType'
, softwareTokenMfaSettingsType_enabled
- Specifies whether software token MFA is activated. If an MFA type is
activated for a user, the user will be prompted for MFA during all
sign-in attempts, unless device tracking is turned on and the device has
been trusted.
$sel:preferredMfa:SoftwareTokenMfaSettingsType'
, softwareTokenMfaSettingsType_preferredMfa
- Specifies whether software token MFA is the preferred MFA method.
softwareTokenMfaSettingsType_enabled :: Lens' SoftwareTokenMfaSettingsType (Maybe Bool) Source #
Specifies whether software token MFA is activated. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.
softwareTokenMfaSettingsType_preferredMfa :: Lens' SoftwareTokenMfaSettingsType (Maybe Bool) Source #
Specifies whether software token MFA is the preferred MFA method.
StringAttributeConstraintsType
data StringAttributeConstraintsType Source #
The constraints associated with a string attribute.
See: newStringAttributeConstraintsType
smart constructor.
Instances
newStringAttributeConstraintsType :: StringAttributeConstraintsType Source #
Create a value of StringAttributeConstraintsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxLength:StringAttributeConstraintsType'
, stringAttributeConstraintsType_maxLength
- The maximum length.
$sel:minLength:StringAttributeConstraintsType'
, stringAttributeConstraintsType_minLength
- The minimum length.
stringAttributeConstraintsType_maxLength :: Lens' StringAttributeConstraintsType (Maybe Text) Source #
The maximum length.
stringAttributeConstraintsType_minLength :: Lens' StringAttributeConstraintsType (Maybe Text) Source #
The minimum length.
TokenValidityUnitsType
data TokenValidityUnitsType Source #
The data type TokenValidityUnits specifies the time units you use when you set the duration of ID, access, and refresh tokens.
See: newTokenValidityUnitsType
smart constructor.
TokenValidityUnitsType' | |
|
Instances
newTokenValidityUnitsType :: TokenValidityUnitsType Source #
Create a value of TokenValidityUnitsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accessToken:TokenValidityUnitsType'
, tokenValidityUnitsType_accessToken
- A time unit of seconds
, minutes
, hours
, or days
for the value
that you set in the AccessTokenValidity
parameter. The default
AccessTokenValidity
time unit is hours.
$sel:idToken:TokenValidityUnitsType'
, tokenValidityUnitsType_idToken
- A time unit of seconds
, minutes
, hours
, or days
for the value
that you set in the IdTokenValidity
parameter. The default
IdTokenValidity
time unit is hours.
$sel:refreshToken:TokenValidityUnitsType'
, tokenValidityUnitsType_refreshToken
- A time unit of seconds
, minutes
, hours
, or days
for the value
that you set in the RefreshTokenValidity
parameter. The default
RefreshTokenValidity
time unit is days.
tokenValidityUnitsType_accessToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType) Source #
A time unit of seconds
, minutes
, hours
, or days
for the value
that you set in the AccessTokenValidity
parameter. The default
AccessTokenValidity
time unit is hours.
tokenValidityUnitsType_idToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType) Source #
A time unit of seconds
, minutes
, hours
, or days
for the value
that you set in the IdTokenValidity
parameter. The default
IdTokenValidity
time unit is hours.
tokenValidityUnitsType_refreshToken :: Lens' TokenValidityUnitsType (Maybe TimeUnitsType) Source #
A time unit of seconds
, minutes
, hours
, or days
for the value
that you set in the RefreshTokenValidity
parameter. The default
RefreshTokenValidity
time unit is days.
UICustomizationType
data UICustomizationType Source #
A container for the UI customization information for a user pool's built-in app UI.
See: newUICustomizationType
smart constructor.
UICustomizationType' | |
|
Instances
newUICustomizationType :: UICustomizationType Source #
Create a value of UICustomizationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:css:UICustomizationType'
, uICustomizationType_css
- The CSS values in the UI customization.
$sel:cSSVersion:UICustomizationType'
, uICustomizationType_cSSVersion
- The CSS version number.
$sel:clientId:UICustomizationType'
, uICustomizationType_clientId
- The client ID for the client app.
$sel:creationDate:UICustomizationType'
, uICustomizationType_creationDate
- The creation date for the UI customization.
$sel:imageUrl:UICustomizationType'
, uICustomizationType_imageUrl
- The logo image for the UI customization.
$sel:lastModifiedDate:UICustomizationType'
, uICustomizationType_lastModifiedDate
- The last-modified date for the UI customization.
$sel:userPoolId:UICustomizationType'
, uICustomizationType_userPoolId
- The user pool ID for the user pool.
uICustomizationType_css :: Lens' UICustomizationType (Maybe Text) Source #
The CSS values in the UI customization.
uICustomizationType_cSSVersion :: Lens' UICustomizationType (Maybe Text) Source #
The CSS version number.
uICustomizationType_clientId :: Lens' UICustomizationType (Maybe Text) Source #
The client ID for the client app.
uICustomizationType_creationDate :: Lens' UICustomizationType (Maybe UTCTime) Source #
The creation date for the UI customization.
uICustomizationType_imageUrl :: Lens' UICustomizationType (Maybe Text) Source #
The logo image for the UI customization.
uICustomizationType_lastModifiedDate :: Lens' UICustomizationType (Maybe UTCTime) Source #
The last-modified date for the UI customization.
uICustomizationType_userPoolId :: Lens' UICustomizationType (Maybe Text) Source #
The user pool ID for the user pool.
UserAttributeUpdateSettingsType
data UserAttributeUpdateSettingsType Source #
The settings for updates to user attributes. These settings include the
property AttributesRequireVerificationBeforeUpdate
, a user-pool
setting that tells Amazon Cognito how to handle changes to the value of
your users' email address and phone number attributes. For more
information, see
Verifying updates to email addresses and phone numbers.
See: newUserAttributeUpdateSettingsType
smart constructor.
UserAttributeUpdateSettingsType' | |
|
Instances
FromJSON UserAttributeUpdateSettingsType Source # | |
ToJSON UserAttributeUpdateSettingsType Source # | |
Generic UserAttributeUpdateSettingsType Source # | |
Read UserAttributeUpdateSettingsType Source # | |
Show UserAttributeUpdateSettingsType Source # | |
NFData UserAttributeUpdateSettingsType Source # | |
Eq UserAttributeUpdateSettingsType Source # | |
Hashable UserAttributeUpdateSettingsType Source # | |
type Rep UserAttributeUpdateSettingsType Source # | |
Defined in Amazonka.CognitoIdentityProvider.Types.UserAttributeUpdateSettingsType type Rep UserAttributeUpdateSettingsType = D1 ('MetaData "UserAttributeUpdateSettingsType" "Amazonka.CognitoIdentityProvider.Types.UserAttributeUpdateSettingsType" "amazonka-cognito-idp-2.0-D1ERgMvEVPG9z8cOLXdU2" 'False) (C1 ('MetaCons "UserAttributeUpdateSettingsType'" 'PrefixI 'True) (S1 ('MetaSel ('Just "attributesRequireVerificationBeforeUpdate") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [VerifiedAttributeType])))) |
newUserAttributeUpdateSettingsType :: UserAttributeUpdateSettingsType Source #
Create a value of UserAttributeUpdateSettingsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:attributesRequireVerificationBeforeUpdate:UserAttributeUpdateSettingsType'
, userAttributeUpdateSettingsType_attributesRequireVerificationBeforeUpdate
- Requires that your user verifies their email address, phone number, or
both before Amazon Cognito updates the value of that attribute. When you
update a user attribute that has this option activated, Amazon Cognito
sends a verification message to the new phone number or email address.
Amazon Cognito doesn’t change the value of the attribute until your user
responds to the verification message and confirms the new value.
You can verify an updated email address or phone number with a
VerifyUserAttribute
API request. You can also call the
UpdateUserAttributes
or
AdminUpdateUserAttributes
API and set email_verified
or phone_number_verified
to true.
When AttributesRequireVerificationBeforeUpdate
is false, your user
pool doesn't require that your users verify attribute changes before
Amazon Cognito updates them. In a user pool where
AttributesRequireVerificationBeforeUpdate
is false, API operations
that change attribute values can immediately update a user’s email
or
phone_number
attribute.
userAttributeUpdateSettingsType_attributesRequireVerificationBeforeUpdate :: Lens' UserAttributeUpdateSettingsType (Maybe [VerifiedAttributeType]) Source #
Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.
You can verify an updated email address or phone number with a
VerifyUserAttribute
API request. You can also call the
UpdateUserAttributes
or
AdminUpdateUserAttributes
API and set email_verified
or phone_number_verified
to true.
When AttributesRequireVerificationBeforeUpdate
is false, your user
pool doesn't require that your users verify attribute changes before
Amazon Cognito updates them. In a user pool where
AttributesRequireVerificationBeforeUpdate
is false, API operations
that change attribute values can immediately update a user’s email
or
phone_number
attribute.
UserContextDataType
data UserContextDataType Source #
Contextual data, such as the user's device fingerprint, IP address, or location, used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.
See: newUserContextDataType
smart constructor.
UserContextDataType' | |
|
Instances
newUserContextDataType :: UserContextDataType Source #
Create a value of UserContextDataType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:encodedData:UserContextDataType'
, userContextDataType_encodedData
- Encoded device-fingerprint details that your app collected with the
Amazon Cognito context data collection library. For more information,
see
Adding user device and session data to API requests.
$sel:ipAddress:UserContextDataType'
, userContextDataType_ipAddress
- The source IP address of your user's device.
userContextDataType_encodedData :: Lens' UserContextDataType (Maybe Text) Source #
Encoded device-fingerprint details that your app collected with the Amazon Cognito context data collection library. For more information, see Adding user device and session data to API requests.
userContextDataType_ipAddress :: Lens' UserContextDataType (Maybe Text) Source #
The source IP address of your user's device.
UserImportJobType
data UserImportJobType Source #
The user import job type.
See: newUserImportJobType
smart constructor.
UserImportJobType' | |
|
Instances
newUserImportJobType :: UserImportJobType Source #
Create a value of UserImportJobType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:cloudWatchLogsRoleArn:UserImportJobType'
, userImportJobType_cloudWatchLogsRoleArn
- The role Amazon Resource Name (ARN) for the Amazon CloudWatch Logging
role for the user import job. For more information, see "Creating the
CloudWatch Logs IAM Role" in the Amazon Cognito Developer Guide.
$sel:completionDate:UserImportJobType'
, userImportJobType_completionDate
- The date when the user import job was completed.
$sel:completionMessage:UserImportJobType'
, userImportJobType_completionMessage
- The message returned when the user import job is completed.
$sel:creationDate:UserImportJobType'
, userImportJobType_creationDate
- The date the user import job was created.
$sel:failedUsers:UserImportJobType'
, userImportJobType_failedUsers
- The number of users that couldn't be imported.
$sel:importedUsers:UserImportJobType'
, userImportJobType_importedUsers
- The number of users that were successfully imported.
$sel:jobId:UserImportJobType'
, userImportJobType_jobId
- The job ID for the user import job.
$sel:jobName:UserImportJobType'
, userImportJobType_jobName
- The job name for the user import job.
$sel:preSignedUrl:UserImportJobType'
, userImportJobType_preSignedUrl
- The pre-signed URL to be used to upload the .csv
file.
$sel:skippedUsers:UserImportJobType'
, userImportJobType_skippedUsers
- The number of users that were skipped.
$sel:startDate:UserImportJobType'
, userImportJobType_startDate
- The date when the user import job was started.
$sel:status:UserImportJobType'
, userImportJobType_status
- The status of the user import job. One of the following:
Created
- The job was created but not started.Pending
- A transition state. You have started the job, but it has not begun importing users yet.InProgress
- The job has started, and users are being imported.Stopping
- You have stopped the job, but the job has not stopped importing users yet.Stopped
- You have stopped the job, and the job has stopped importing users.Succeeded
- The job has completed successfully.Failed
- The job has stopped due to an error.Expired
- You created a job, but did not start the job within 24-48 hours. All data associated with the job was deleted, and the job can't be started.
$sel:userPoolId:UserImportJobType'
, userImportJobType_userPoolId
- The user pool ID for the user pool that the users are being imported
into.
userImportJobType_cloudWatchLogsRoleArn :: Lens' UserImportJobType (Maybe Text) Source #
The role Amazon Resource Name (ARN) for the Amazon CloudWatch Logging role for the user import job. For more information, see "Creating the CloudWatch Logs IAM Role" in the Amazon Cognito Developer Guide.
userImportJobType_completionDate :: Lens' UserImportJobType (Maybe UTCTime) Source #
The date when the user import job was completed.
userImportJobType_completionMessage :: Lens' UserImportJobType (Maybe Text) Source #
The message returned when the user import job is completed.
userImportJobType_creationDate :: Lens' UserImportJobType (Maybe UTCTime) Source #
The date the user import job was created.
userImportJobType_failedUsers :: Lens' UserImportJobType (Maybe Integer) Source #
The number of users that couldn't be imported.
userImportJobType_importedUsers :: Lens' UserImportJobType (Maybe Integer) Source #
The number of users that were successfully imported.
userImportJobType_jobId :: Lens' UserImportJobType (Maybe Text) Source #
The job ID for the user import job.
userImportJobType_jobName :: Lens' UserImportJobType (Maybe Text) Source #
The job name for the user import job.
userImportJobType_preSignedUrl :: Lens' UserImportJobType (Maybe Text) Source #
The pre-signed URL to be used to upload the .csv
file.
userImportJobType_skippedUsers :: Lens' UserImportJobType (Maybe Integer) Source #
The number of users that were skipped.
userImportJobType_startDate :: Lens' UserImportJobType (Maybe UTCTime) Source #
The date when the user import job was started.
userImportJobType_status :: Lens' UserImportJobType (Maybe UserImportJobStatusType) Source #
The status of the user import job. One of the following:
Created
- The job was created but not started.Pending
- A transition state. You have started the job, but it has not begun importing users yet.InProgress
- The job has started, and users are being imported.Stopping
- You have stopped the job, but the job has not stopped importing users yet.Stopped
- You have stopped the job, and the job has stopped importing users.Succeeded
- The job has completed successfully.Failed
- The job has stopped due to an error.Expired
- You created a job, but did not start the job within 24-48 hours. All data associated with the job was deleted, and the job can't be started.
userImportJobType_userPoolId :: Lens' UserImportJobType (Maybe Text) Source #
The user pool ID for the user pool that the users are being imported into.
UserPoolAddOnsType
data UserPoolAddOnsType Source #
The user pool add-ons type.
See: newUserPoolAddOnsType
smart constructor.
UserPoolAddOnsType' | |
|
Instances
newUserPoolAddOnsType Source #
Create a value of UserPoolAddOnsType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:advancedSecurityMode:UserPoolAddOnsType'
, userPoolAddOnsType_advancedSecurityMode
- The advanced security mode.
userPoolAddOnsType_advancedSecurityMode :: Lens' UserPoolAddOnsType AdvancedSecurityModeType Source #
The advanced security mode.
UserPoolClientDescription
data UserPoolClientDescription Source #
The description of the user pool client.
See: newUserPoolClientDescription
smart constructor.
UserPoolClientDescription' | |
|
Instances
FromJSON UserPoolClientDescription Source # | |
Generic UserPoolClientDescription Source # | |
Show UserPoolClientDescription Source # | |
NFData UserPoolClientDescription Source # | |
Eq UserPoolClientDescription Source # | |
Hashable UserPoolClientDescription Source # | |
type Rep UserPoolClientDescription Source # | |
Defined in Amazonka.CognitoIdentityProvider.Types.UserPoolClientDescription type Rep UserPoolClientDescription = D1 ('MetaData "UserPoolClientDescription" "Amazonka.CognitoIdentityProvider.Types.UserPoolClientDescription" "amazonka-cognito-idp-2.0-D1ERgMvEVPG9z8cOLXdU2" 'False) (C1 ('MetaCons "UserPoolClientDescription'" 'PrefixI 'True) (S1 ('MetaSel ('Just "clientId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (Sensitive Text))) :*: (S1 ('MetaSel ('Just "clientName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "userPoolId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))))) |
newUserPoolClientDescription :: UserPoolClientDescription Source #
Create a value of UserPoolClientDescription
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:clientId:UserPoolClientDescription'
, userPoolClientDescription_clientId
- The ID of the client associated with the user pool.
$sel:clientName:UserPoolClientDescription'
, userPoolClientDescription_clientName
- The client name from the user pool client description.
$sel:userPoolId:UserPoolClientDescription'
, userPoolClientDescription_userPoolId
- The user pool ID for the user pool where you want to describe the user
pool client.
userPoolClientDescription_clientId :: Lens' UserPoolClientDescription (Maybe Text) Source #
The ID of the client associated with the user pool.
userPoolClientDescription_clientName :: Lens' UserPoolClientDescription (Maybe Text) Source #
The client name from the user pool client description.
userPoolClientDescription_userPoolId :: Lens' UserPoolClientDescription (Maybe Text) Source #
The user pool ID for the user pool where you want to describe the user pool client.
UserPoolClientType
data UserPoolClientType Source #
Contains information about a user pool client.
See: newUserPoolClientType
smart constructor.
UserPoolClientType' | |
|
Instances
newUserPoolClientType :: UserPoolClientType Source #
Create a value of UserPoolClientType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accessTokenValidity:UserPoolClientType'
, userPoolClientType_accessTokenValidity
- The access token time limit. After this limit expires, your user can't
use their access token. To specify the time unit for
AccessTokenValidity
as seconds
, minutes
, hours
, or days
, set a
TokenValidityUnits
value in your API request.
For example, when you set AccessTokenValidity
to 10
and
TokenValidityUnits
to hours
, your user can authorize access with
their access token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one hour.
$sel:allowedOAuthFlows:UserPoolClientType'
, userPoolClientType_allowedOAuthFlows
- The allowed OAuth flows.
- code
- Use a code grant flow, which provides an authorization code as the
response. This code can be exchanged for access tokens with the
/oauth2/token
endpoint. - implicit
- Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
- client_credentials
- Issue the access token from the
/oauth2/token
endpoint directly to a non-person user using a combination of the client ID and client secret.
$sel:allowedOAuthFlowsUserPoolClient:UserPoolClientType'
, userPoolClientType_allowedOAuthFlowsUserPoolClient
- Set to true if the client is allowed to follow the OAuth protocol when
interacting with Amazon Cognito user pools.
$sel:allowedOAuthScopes:UserPoolClientType'
, userPoolClientType_allowedOAuthScopes
- The OAuth scopes that your app client supports. Possible values that
OAuth provides are phone
, email
, openid
, and profile
. Possible
values that Amazon Web Services provides are
aws.cognito.signin.user.admin
. Amazon Cognito also supports custom
scopes that you create in Resource Servers.
$sel:analyticsConfiguration:UserPoolClientType'
, userPoolClientType_analyticsConfiguration
- The Amazon Pinpoint analytics configuration for the user pool client.
Amazon Cognito user pools only support sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the Region where the user pool resides.
$sel:authSessionValidity:UserPoolClientType'
, userPoolClientType_authSessionValidity
- Amazon Cognito creates a session token for each API request in an
authentication flow. AuthSessionValidity
is the duration, in minutes,
of that session token. Your user pool native user must respond to each
authentication challenge before the session expires.
$sel:callbackURLs:UserPoolClientType'
, userPoolClientType_callbackURLs
- A list of allowed redirect (callback) URLs for the IdPs.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
$sel:clientId:UserPoolClientType'
, userPoolClientType_clientId
- The ID of the client associated with the user pool.
$sel:clientName:UserPoolClientType'
, userPoolClientType_clientName
- The client name from the user pool request of the client type.
$sel:clientSecret:UserPoolClientType'
, userPoolClientType_clientSecret
- The client secret from the user pool request of the client type.
$sel:creationDate:UserPoolClientType'
, userPoolClientType_creationDate
- The date the user pool client was created.
$sel:defaultRedirectURI:UserPoolClientType'
, userPoolClientType_defaultRedirectURI
- The default redirect URI. Must be in the CallbackURLs
list.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
$sel:enablePropagateAdditionalUserContextData:UserPoolClientType'
, userPoolClientType_enablePropagateAdditionalUserContextData
- When EnablePropagateAdditionalUserContextData
is true, Amazon Cognito
accepts an IpAddress
value that you send in the UserContextData
parameter. The UserContextData
parameter sends information to Amazon
Cognito advanced security for risk analysis. You can send
UserContextData
when you sign in Amazon Cognito native users with the
InitiateAuth
and RespondToAuthChallenge
API operations.
When EnablePropagateAdditionalUserContextData
is false, you can't
send your user's source IP address to Amazon Cognito advanced security
with unauthenticated API operations.
EnablePropagateAdditionalUserContextData
doesn't affect whether you
can send a source IP address in a ContextData
parameter with the
authenticated API operations AdminInitiateAuth
and
AdminRespondToAuthChallenge
.
You can only activate EnablePropagateAdditionalUserContextData
in an
app client that has a client secret. For more information about
propagation of user context data, see
Adding user device and session data to API requests.
$sel:enableTokenRevocation:UserPoolClientType'
, userPoolClientType_enableTokenRevocation
- Indicates whether token revocation is activated for the user pool
client. When you create a new user pool client, token revocation is
activated by default. For more information about revoking tokens, see
RevokeToken.
$sel:explicitAuthFlows:UserPoolClientType'
, userPoolClientType_explicitAuthFlows
- The authentication flows that you want your user pool client to support.
For each app client in your user pool, you can sign in your users with
any combination of one or more flows, including with a user name and
Secure Remote Password (SRP), a user name and password, or a custom
authentication process that you define with Lambda functions.
If you don't specify a value for ExplicitAuthFlows
, your user client
supports ALLOW_REFRESH_TOKEN_AUTH
, ALLOW_USER_SRP_AUTH
, and
ALLOW_CUSTOM_AUTH
.
Valid values include:
ALLOW_ADMIN_USER_PASSWORD_AUTH
: Enable admin based user password authentication flowADMIN_USER_PASSWORD_AUTH
. This setting replaces theADMIN_NO_SRP_AUTH
setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.ALLOW_CUSTOM_AUTH
: Enable Lambda trigger based authentication.ALLOW_USER_PASSWORD_AUTH
: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.ALLOW_USER_SRP_AUTH
: Enable SRP-based authentication.ALLOW_REFRESH_TOKEN_AUTH
: Enable authflow to refresh tokens.
In some environments, you will see the values ADMIN_NO_SRP_AUTH
,
CUSTOM_AUTH_FLOW_ONLY
, or USER_PASSWORD_AUTH
. You can't assign
these legacy ExplicitAuthFlows
values to user pool clients at the same
time as values that begin with ALLOW_
, like ALLOW_USER_SRP_AUTH
.
$sel:idTokenValidity:UserPoolClientType'
, userPoolClientType_idTokenValidity
- The ID token time limit. After this limit expires, your user can't use
their ID token. To specify the time unit for IdTokenValidity
as
seconds
, minutes
, hours
, or days
, set a TokenValidityUnits
value in your API request.
For example, when you set IdTokenValidity
as 10
and
TokenValidityUnits
as hours
, your user can authenticate their
session with their ID token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
$sel:lastModifiedDate:UserPoolClientType'
, userPoolClientType_lastModifiedDate
- The date the user pool client was last modified.
$sel:logoutURLs:UserPoolClientType'
, userPoolClientType_logoutURLs
- A list of allowed logout URLs for the IdPs.
$sel:preventUserExistenceErrors:UserPoolClientType'
, userPoolClientType_preventUserExistenceErrors
- Errors and responses that you want Amazon Cognito APIs to return during
authentication, account confirmation, and password recovery when the
user doesn't exist in the user pool. When set to ENABLED
and the user
doesn't exist, authentication returns an error indicating either the
username or password was incorrect. Account confirmation and password
recovery return a response indicating a code was sent to a simulated
destination. When set to LEGACY
, those APIs return a
UserNotFoundException
exception if the user doesn't exist in the user
pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.LEGACY
- This represents the old behavior of Amazon Cognito where user existence related errors aren't prevented.
$sel:readAttributes:UserPoolClientType'
, userPoolClientType_readAttributes
- The Read-only attributes.
$sel:refreshTokenValidity:UserPoolClientType'
, userPoolClientType_refreshTokenValidity
- The refresh token time limit. After this limit expires, your user can't
use their refresh token. To specify the time unit for
RefreshTokenValidity
as seconds
, minutes
, hours
, or days
, set
a TokenValidityUnits
value in your API request.
For example, when you set RefreshTokenValidity
as 10
and
TokenValidityUnits
as days
, your user can refresh their session and
retrieve new access and ID tokens for 10 days.
The default time unit for RefreshTokenValidity
in an API request is
days. You can't set RefreshTokenValidity
to 0. If you do, Amazon
Cognito overrides the value with the default value of 30 days. /Valid
range/ is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30 days.
$sel:supportedIdentityProviders:UserPoolClientType'
, userPoolClientType_supportedIdentityProviders
- A list of provider names for the IdPs that this client supports. The
following are supported: COGNITO
, Facebook
, Google
,
SignInWithApple
, LoginWithAmazon
, and the names of your own SAML and
OIDC providers.
$sel:tokenValidityUnits:UserPoolClientType'
, userPoolClientType_tokenValidityUnits
- The time units used to specify the token validity times of each token
type: ID, access, and refresh.
$sel:userPoolId:UserPoolClientType'
, userPoolClientType_userPoolId
- The user pool ID for the user pool client.
$sel:writeAttributes:UserPoolClientType'
, userPoolClientType_writeAttributes
- The writeable attributes.
userPoolClientType_accessTokenValidity :: Lens' UserPoolClientType (Maybe Natural) Source #
The access token time limit. After this limit expires, your user can't
use their access token. To specify the time unit for
AccessTokenValidity
as seconds
, minutes
, hours
, or days
, set a
TokenValidityUnits
value in your API request.
For example, when you set AccessTokenValidity
to 10
and
TokenValidityUnits
to hours
, your user can authorize access with
their access token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one hour.
userPoolClientType_allowedOAuthFlows :: Lens' UserPoolClientType (Maybe [OAuthFlowType]) Source #
The allowed OAuth flows.
- code
- Use a code grant flow, which provides an authorization code as the
response. This code can be exchanged for access tokens with the
/oauth2/token
endpoint. - implicit
- Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
- client_credentials
- Issue the access token from the
/oauth2/token
endpoint directly to a non-person user using a combination of the client ID and client secret.
userPoolClientType_allowedOAuthFlowsUserPoolClient :: Lens' UserPoolClientType (Maybe Bool) Source #
Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.
userPoolClientType_allowedOAuthScopes :: Lens' UserPoolClientType (Maybe [Text]) Source #
The OAuth scopes that your app client supports. Possible values that
OAuth provides are phone
, email
, openid
, and profile
. Possible
values that Amazon Web Services provides are
aws.cognito.signin.user.admin
. Amazon Cognito also supports custom
scopes that you create in Resource Servers.
userPoolClientType_analyticsConfiguration :: Lens' UserPoolClientType (Maybe AnalyticsConfigurationType) Source #
The Amazon Pinpoint analytics configuration for the user pool client.
Amazon Cognito user pools only support sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the Region where the user pool resides.
userPoolClientType_authSessionValidity :: Lens' UserPoolClientType (Maybe Natural) Source #
Amazon Cognito creates a session token for each API request in an
authentication flow. AuthSessionValidity
is the duration, in minutes,
of that session token. Your user pool native user must respond to each
authentication challenge before the session expires.
userPoolClientType_callbackURLs :: Lens' UserPoolClientType (Maybe [Text]) Source #
A list of allowed redirect (callback) URLs for the IdPs.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
userPoolClientType_clientId :: Lens' UserPoolClientType (Maybe Text) Source #
The ID of the client associated with the user pool.
userPoolClientType_clientName :: Lens' UserPoolClientType (Maybe Text) Source #
The client name from the user pool request of the client type.
userPoolClientType_clientSecret :: Lens' UserPoolClientType (Maybe Text) Source #
The client secret from the user pool request of the client type.
userPoolClientType_creationDate :: Lens' UserPoolClientType (Maybe UTCTime) Source #
The date the user pool client was created.
userPoolClientType_defaultRedirectURI :: Lens' UserPoolClientType (Maybe Text) Source #
The default redirect URI. Must be in the CallbackURLs
list.
A redirect URI must:
- Be an absolute URI.
- Be registered with the authorization server.
- Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
userPoolClientType_enablePropagateAdditionalUserContextData :: Lens' UserPoolClientType (Maybe Bool) Source #
When EnablePropagateAdditionalUserContextData
is true, Amazon Cognito
accepts an IpAddress
value that you send in the UserContextData
parameter. The UserContextData
parameter sends information to Amazon
Cognito advanced security for risk analysis. You can send
UserContextData
when you sign in Amazon Cognito native users with the
InitiateAuth
and RespondToAuthChallenge
API operations.
When EnablePropagateAdditionalUserContextData
is false, you can't
send your user's source IP address to Amazon Cognito advanced security
with unauthenticated API operations.
EnablePropagateAdditionalUserContextData
doesn't affect whether you
can send a source IP address in a ContextData
parameter with the
authenticated API operations AdminInitiateAuth
and
AdminRespondToAuthChallenge
.
You can only activate EnablePropagateAdditionalUserContextData
in an
app client that has a client secret. For more information about
propagation of user context data, see
Adding user device and session data to API requests.
userPoolClientType_enableTokenRevocation :: Lens' UserPoolClientType (Maybe Bool) Source #
Indicates whether token revocation is activated for the user pool client. When you create a new user pool client, token revocation is activated by default. For more information about revoking tokens, see RevokeToken.
userPoolClientType_explicitAuthFlows :: Lens' UserPoolClientType (Maybe [ExplicitAuthFlowsType]) Source #
The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.
If you don't specify a value for ExplicitAuthFlows
, your user client
supports ALLOW_REFRESH_TOKEN_AUTH
, ALLOW_USER_SRP_AUTH
, and
ALLOW_CUSTOM_AUTH
.
Valid values include:
ALLOW_ADMIN_USER_PASSWORD_AUTH
: Enable admin based user password authentication flowADMIN_USER_PASSWORD_AUTH
. This setting replaces theADMIN_NO_SRP_AUTH
setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.ALLOW_CUSTOM_AUTH
: Enable Lambda trigger based authentication.ALLOW_USER_PASSWORD_AUTH
: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.ALLOW_USER_SRP_AUTH
: Enable SRP-based authentication.ALLOW_REFRESH_TOKEN_AUTH
: Enable authflow to refresh tokens.
In some environments, you will see the values ADMIN_NO_SRP_AUTH
,
CUSTOM_AUTH_FLOW_ONLY
, or USER_PASSWORD_AUTH
. You can't assign
these legacy ExplicitAuthFlows
values to user pool clients at the same
time as values that begin with ALLOW_
, like ALLOW_USER_SRP_AUTH
.
userPoolClientType_idTokenValidity :: Lens' UserPoolClientType (Maybe Natural) Source #
The ID token time limit. After this limit expires, your user can't use
their ID token. To specify the time unit for IdTokenValidity
as
seconds
, minutes
, hours
, or days
, set a TokenValidityUnits
value in your API request.
For example, when you set IdTokenValidity
as 10
and
TokenValidityUnits
as hours
, your user can authenticate their
session with their ID token for 10 hours.
The default time unit for AccessTokenValidity
in an API request is
hours. Valid range is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
userPoolClientType_lastModifiedDate :: Lens' UserPoolClientType (Maybe UTCTime) Source #
The date the user pool client was last modified.
userPoolClientType_logoutURLs :: Lens' UserPoolClientType (Maybe [Text]) Source #
A list of allowed logout URLs for the IdPs.
userPoolClientType_preventUserExistenceErrors :: Lens' UserPoolClientType (Maybe PreventUserExistenceErrorTypes) Source #
Errors and responses that you want Amazon Cognito APIs to return during
authentication, account confirmation, and password recovery when the
user doesn't exist in the user pool. When set to ENABLED
and the user
doesn't exist, authentication returns an error indicating either the
username or password was incorrect. Account confirmation and password
recovery return a response indicating a code was sent to a simulated
destination. When set to LEGACY
, those APIs return a
UserNotFoundException
exception if the user doesn't exist in the user
pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.LEGACY
- This represents the old behavior of Amazon Cognito where user existence related errors aren't prevented.
userPoolClientType_readAttributes :: Lens' UserPoolClientType (Maybe [Text]) Source #
The Read-only attributes.
userPoolClientType_refreshTokenValidity :: Lens' UserPoolClientType (Maybe Natural) Source #
The refresh token time limit. After this limit expires, your user can't
use their refresh token. To specify the time unit for
RefreshTokenValidity
as seconds
, minutes
, hours
, or days
, set
a TokenValidityUnits
value in your API request.
For example, when you set RefreshTokenValidity
as 10
and
TokenValidityUnits
as days
, your user can refresh their session and
retrieve new access and ID tokens for 10 days.
The default time unit for RefreshTokenValidity
in an API request is
days. You can't set RefreshTokenValidity
to 0. If you do, Amazon
Cognito overrides the value with the default value of 30 days. /Valid
range/ is displayed below in seconds.
If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30 days.
userPoolClientType_supportedIdentityProviders :: Lens' UserPoolClientType (Maybe [Text]) Source #
A list of provider names for the IdPs that this client supports. The
following are supported: COGNITO
, Facebook
, Google
,
SignInWithApple
, LoginWithAmazon
, and the names of your own SAML and
OIDC providers.
userPoolClientType_tokenValidityUnits :: Lens' UserPoolClientType (Maybe TokenValidityUnitsType) Source #
The time units used to specify the token validity times of each token type: ID, access, and refresh.
userPoolClientType_userPoolId :: Lens' UserPoolClientType (Maybe Text) Source #
The user pool ID for the user pool client.
userPoolClientType_writeAttributes :: Lens' UserPoolClientType (Maybe [Text]) Source #
The writeable attributes.
UserPoolDescriptionType
data UserPoolDescriptionType Source #
A user pool description.
See: newUserPoolDescriptionType
smart constructor.
UserPoolDescriptionType' | |
|
Instances
newUserPoolDescriptionType :: UserPoolDescriptionType Source #
Create a value of UserPoolDescriptionType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:creationDate:UserPoolDescriptionType'
, userPoolDescriptionType_creationDate
- The date the user pool description was created.
$sel:id:UserPoolDescriptionType'
, userPoolDescriptionType_id
- The ID in a user pool description.
$sel:lambdaConfig:UserPoolDescriptionType'
, userPoolDescriptionType_lambdaConfig
- The Lambda configuration information in a user pool description.
$sel:lastModifiedDate:UserPoolDescriptionType'
, userPoolDescriptionType_lastModifiedDate
- The date the user pool description was last modified.
$sel:name:UserPoolDescriptionType'
, userPoolDescriptionType_name
- The name in a user pool description.
$sel:status:UserPoolDescriptionType'
, userPoolDescriptionType_status
- The user pool status in a user pool description.
userPoolDescriptionType_creationDate :: Lens' UserPoolDescriptionType (Maybe UTCTime) Source #
The date the user pool description was created.
userPoolDescriptionType_id :: Lens' UserPoolDescriptionType (Maybe Text) Source #
The ID in a user pool description.
userPoolDescriptionType_lambdaConfig :: Lens' UserPoolDescriptionType (Maybe LambdaConfigType) Source #
The Lambda configuration information in a user pool description.
userPoolDescriptionType_lastModifiedDate :: Lens' UserPoolDescriptionType (Maybe UTCTime) Source #
The date the user pool description was last modified.
userPoolDescriptionType_name :: Lens' UserPoolDescriptionType (Maybe Text) Source #
The name in a user pool description.
userPoolDescriptionType_status :: Lens' UserPoolDescriptionType (Maybe StatusType) Source #
The user pool status in a user pool description.
UserPoolPolicyType
data UserPoolPolicyType Source #
The policy associated with a user pool.
See: newUserPoolPolicyType
smart constructor.
UserPoolPolicyType' | |
|
Instances
newUserPoolPolicyType :: UserPoolPolicyType Source #
Create a value of UserPoolPolicyType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:passwordPolicy:UserPoolPolicyType'
, userPoolPolicyType_passwordPolicy
- The password policy.
userPoolPolicyType_passwordPolicy :: Lens' UserPoolPolicyType (Maybe PasswordPolicyType) Source #
The password policy.
UserPoolType
data UserPoolType Source #
A container for information about the user pool.
See: newUserPoolType
smart constructor.
UserPoolType' | |
|
Instances
newUserPoolType :: UserPoolType Source #
Create a value of UserPoolType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountRecoverySetting:UserPoolType'
, userPoolType_accountRecoverySetting
- The available verified method a user can use to recover their password
when they call ForgotPassword
. You can use this setting to define a
preferred method when a user has more than one method available. With
this setting, SMS doesn't qualify for a valid password recovery
mechanism if the user also has SMS multi-factor authentication (MFA)
activated. In the absence of this setting, Amazon Cognito uses the
legacy behavior to determine the recovery method where SMS is preferred
through email.
$sel:adminCreateUserConfig:UserPoolType'
, userPoolType_adminCreateUserConfig
- The configuration for AdminCreateUser
requests.
$sel:aliasAttributes:UserPoolType'
, userPoolType_aliasAttributes
- The attributes that are aliased in a user pool.
$sel:arn:UserPoolType'
, userPoolType_arn
- The Amazon Resource Name (ARN) for the user pool.
$sel:autoVerifiedAttributes:UserPoolType'
, userPoolType_autoVerifiedAttributes
- The attributes that are auto-verified in a user pool.
$sel:creationDate:UserPoolType'
, userPoolType_creationDate
- The date the user pool was created.
$sel:customDomain:UserPoolType'
, userPoolType_customDomain
- A custom domain name that you provide to Amazon Cognito. This parameter
applies only if you use a custom domain to host the sign-up and sign-in
pages for your application. An example of a custom domain name might be
auth.example.com
.
For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.
$sel:deletionProtection:UserPoolType'
, userPoolType_deletionProtection
- When active, DeletionProtection
prevents accidental deletion of your
user pool. Before you can delete a user pool that you have protected
against deletion, you must deactivate this feature.
When you try to delete a protected user pool in a DeleteUserPool
API
request, Amazon Cognito returns an InvalidParameterException
error. To
delete a protected user pool, send a new DeleteUserPool
request after
you deactivate deletion protection in an UpdateUserPool
API request.
$sel:deviceConfiguration:UserPoolType'
, userPoolType_deviceConfiguration
- The device-remembering configuration for a user pool. A null value
indicates that you have deactivated device remembering in your user
pool.
When you provide a value for any DeviceConfiguration
field, you
activate the Amazon Cognito device-remembering feature.
$sel:domain:UserPoolType'
, userPoolType_domain
- The domain prefix, if the user pool has a domain associated with it.
$sel:emailConfiguration:UserPoolType'
, userPoolType_emailConfiguration
- The email configuration of your user pool. The email configuration type
sets your preferred sending method, Amazon Web Services Region, and
sender for messages tfrom your user pool.
$sel:emailConfigurationFailure:UserPoolType'
, userPoolType_emailConfigurationFailure
- Deprecated. Review error codes from API requests with
EventSource:cognito-idp.amazonaws.com
in CloudTrail for information
about problems with user pool email configuration.
$sel:emailVerificationMessage:UserPoolType'
, userPoolType_emailVerificationMessage
- This parameter is no longer used. See
VerificationMessageTemplateType.
$sel:emailVerificationSubject:UserPoolType'
, userPoolType_emailVerificationSubject
- This parameter is no longer used. See
VerificationMessageTemplateType.
$sel:estimatedNumberOfUsers:UserPoolType'
, userPoolType_estimatedNumberOfUsers
- A number estimating the size of the user pool.
$sel:id:UserPoolType'
, userPoolType_id
- The ID of the user pool.
$sel:lambdaConfig:UserPoolType'
, userPoolType_lambdaConfig
- The Lambda triggers associated with the user pool.
$sel:lastModifiedDate:UserPoolType'
, userPoolType_lastModifiedDate
- The date the user pool was last modified.
$sel:mfaConfiguration:UserPoolType'
, userPoolType_mfaConfiguration
- Can be one of the following values:
OFF
- MFA tokens aren't required and can't be specified during user registration.ON
- MFA tokens are required for all user registrations. You can only specify required when you're initially creating a user pool.OPTIONAL
- Users have the option when registering to create an MFA token.
UserPoolType
, userPoolType_name
- The name of the user pool.
$sel:policies:UserPoolType'
, userPoolType_policies
- The policies associated with the user pool.
$sel:schemaAttributes:UserPoolType'
, userPoolType_schemaAttributes
- A container with the schema attributes of a user pool.
$sel:smsAuthenticationMessage:UserPoolType'
, userPoolType_smsAuthenticationMessage
- The contents of the SMS authentication message.
$sel:smsConfiguration:UserPoolType'
, userPoolType_smsConfiguration
- The SMS configuration with the settings that your Amazon Cognito user
pool must use to send an SMS message from your Amazon Web Services
account through Amazon Simple Notification Service. To send SMS messages
with Amazon SNS in the Amazon Web Services Region that you want, the
Amazon Cognito user pool uses an Identity and Access Management (IAM)
role in your Amazon Web Services account.
$sel:smsConfigurationFailure:UserPoolType'
, userPoolType_smsConfigurationFailure
- The reason why the SMS configuration can't send the messages to your
users.
This message might include comma-separated values to describe why your SMS configuration can't send messages to user pool end users.
- InvalidSmsRoleAccessPolicyException
- The Identity and Access Management role that Amazon Cognito uses to send SMS messages isn't properly configured. For more information, see SmsConfigurationType.
- SNSSandbox
- The Amazon Web Services account is in the SNS SMS Sandbox and messages will only reach verified end users. This parameter won’t get populated with SNSSandbox if the IAM user creating the user pool doesn’t have SNS permissions. To learn how to move your Amazon Web Services account out of the sandbox, see Moving out of the SMS sandbox.
$sel:smsVerificationMessage:UserPoolType'
, userPoolType_smsVerificationMessage
- This parameter is no longer used. See
VerificationMessageTemplateType.
$sel:status:UserPoolType'
, userPoolType_status
- The status of a user pool.
$sel:userAttributeUpdateSettings:UserPoolType'
, userPoolType_userAttributeUpdateSettings
- The settings for updates to user attributes. These settings include the
property AttributesRequireVerificationBeforeUpdate
, a user-pool
setting that tells Amazon Cognito how to handle changes to the value of
your users' email address and phone number attributes. For more
information, see
Verifying updates to email addresses and phone numbers.
$sel:userPoolAddOns:UserPoolType'
, userPoolType_userPoolAddOns
- The user pool add-ons.
$sel:userPoolTags:UserPoolType'
, userPoolType_userPoolTags
- The tags that are assigned to the user pool. A tag is a label that you
can apply to user pools to categorize and manage them in different ways,
such as by purpose, owner, environment, or other criteria.
$sel:usernameAttributes:UserPoolType'
, userPoolType_usernameAttributes
- Specifies whether a user can use an email address or phone number as a
username when they sign up.
$sel:usernameConfiguration:UserPoolType'
, userPoolType_usernameConfiguration
- Case sensitivity of the username input for the selected sign-in option.
For example, when case sensitivity is set to False
, users can sign in
using either "username" or "Username". This configuration is
immutable once it has been set. For more information, see
UsernameConfigurationType.
$sel:verificationMessageTemplate:UserPoolType'
, userPoolType_verificationMessageTemplate
- The template for verification messages.
userPoolType_accountRecoverySetting :: Lens' UserPoolType (Maybe AccountRecoverySettingType) Source #
The available verified method a user can use to recover their password
when they call ForgotPassword
. You can use this setting to define a
preferred method when a user has more than one method available. With
this setting, SMS doesn't qualify for a valid password recovery
mechanism if the user also has SMS multi-factor authentication (MFA)
activated. In the absence of this setting, Amazon Cognito uses the
legacy behavior to determine the recovery method where SMS is preferred
through email.
userPoolType_adminCreateUserConfig :: Lens' UserPoolType (Maybe AdminCreateUserConfigType) Source #
The configuration for AdminCreateUser
requests.
userPoolType_aliasAttributes :: Lens' UserPoolType (Maybe [AliasAttributeType]) Source #
The attributes that are aliased in a user pool.
userPoolType_arn :: Lens' UserPoolType (Maybe Text) Source #
The Amazon Resource Name (ARN) for the user pool.
userPoolType_autoVerifiedAttributes :: Lens' UserPoolType (Maybe [VerifiedAttributeType]) Source #
The attributes that are auto-verified in a user pool.
userPoolType_creationDate :: Lens' UserPoolType (Maybe UTCTime) Source #
The date the user pool was created.
userPoolType_customDomain :: Lens' UserPoolType (Maybe Text) Source #
A custom domain name that you provide to Amazon Cognito. This parameter
applies only if you use a custom domain to host the sign-up and sign-in
pages for your application. An example of a custom domain name might be
auth.example.com
.
For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.
userPoolType_deletionProtection :: Lens' UserPoolType (Maybe DeletionProtectionType) Source #
When active, DeletionProtection
prevents accidental deletion of your
user pool. Before you can delete a user pool that you have protected
against deletion, you must deactivate this feature.
When you try to delete a protected user pool in a DeleteUserPool
API
request, Amazon Cognito returns an InvalidParameterException
error. To
delete a protected user pool, send a new DeleteUserPool
request after
you deactivate deletion protection in an UpdateUserPool
API request.
userPoolType_deviceConfiguration :: Lens' UserPoolType (Maybe DeviceConfigurationType) Source #
The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.
When you provide a value for any DeviceConfiguration
field, you
activate the Amazon Cognito device-remembering feature.
userPoolType_domain :: Lens' UserPoolType (Maybe Text) Source #
The domain prefix, if the user pool has a domain associated with it.
userPoolType_emailConfiguration :: Lens' UserPoolType (Maybe EmailConfigurationType) Source #
The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages tfrom your user pool.
userPoolType_emailConfigurationFailure :: Lens' UserPoolType (Maybe Text) Source #
Deprecated. Review error codes from API requests with
EventSource:cognito-idp.amazonaws.com
in CloudTrail for information
about problems with user pool email configuration.
userPoolType_emailVerificationMessage :: Lens' UserPoolType (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
userPoolType_emailVerificationSubject :: Lens' UserPoolType (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
userPoolType_estimatedNumberOfUsers :: Lens' UserPoolType (Maybe Int) Source #
A number estimating the size of the user pool.
userPoolType_id :: Lens' UserPoolType (Maybe Text) Source #
The ID of the user pool.
userPoolType_lambdaConfig :: Lens' UserPoolType (Maybe LambdaConfigType) Source #
The Lambda triggers associated with the user pool.
userPoolType_lastModifiedDate :: Lens' UserPoolType (Maybe UTCTime) Source #
The date the user pool was last modified.
userPoolType_mfaConfiguration :: Lens' UserPoolType (Maybe UserPoolMfaType) Source #
Can be one of the following values:
OFF
- MFA tokens aren't required and can't be specified during user registration.ON
- MFA tokens are required for all user registrations. You can only specify required when you're initially creating a user pool.OPTIONAL
- Users have the option when registering to create an MFA token.
userPoolType_name :: Lens' UserPoolType (Maybe Text) Source #
The name of the user pool.
userPoolType_policies :: Lens' UserPoolType (Maybe UserPoolPolicyType) Source #
The policies associated with the user pool.
userPoolType_schemaAttributes :: Lens' UserPoolType (Maybe (NonEmpty SchemaAttributeType)) Source #
A container with the schema attributes of a user pool.
userPoolType_smsAuthenticationMessage :: Lens' UserPoolType (Maybe Text) Source #
The contents of the SMS authentication message.
userPoolType_smsConfiguration :: Lens' UserPoolType (Maybe SmsConfigurationType) Source #
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.
userPoolType_smsConfigurationFailure :: Lens' UserPoolType (Maybe Text) Source #
The reason why the SMS configuration can't send the messages to your users.
This message might include comma-separated values to describe why your SMS configuration can't send messages to user pool end users.
- InvalidSmsRoleAccessPolicyException
- The Identity and Access Management role that Amazon Cognito uses to send SMS messages isn't properly configured. For more information, see SmsConfigurationType.
- SNSSandbox
- The Amazon Web Services account is in the SNS SMS Sandbox and messages will only reach verified end users. This parameter won’t get populated with SNSSandbox if the IAM user creating the user pool doesn’t have SNS permissions. To learn how to move your Amazon Web Services account out of the sandbox, see Moving out of the SMS sandbox.
userPoolType_smsVerificationMessage :: Lens' UserPoolType (Maybe Text) Source #
This parameter is no longer used. See VerificationMessageTemplateType.
userPoolType_status :: Lens' UserPoolType (Maybe StatusType) Source #
The status of a user pool.
userPoolType_userAttributeUpdateSettings :: Lens' UserPoolType (Maybe UserAttributeUpdateSettingsType) Source #
The settings for updates to user attributes. These settings include the
property AttributesRequireVerificationBeforeUpdate
, a user-pool
setting that tells Amazon Cognito how to handle changes to the value of
your users' email address and phone number attributes. For more
information, see
Verifying updates to email addresses and phone numbers.
userPoolType_userPoolAddOns :: Lens' UserPoolType (Maybe UserPoolAddOnsType) Source #
The user pool add-ons.
userPoolType_userPoolTags :: Lens' UserPoolType (Maybe (HashMap Text Text)) Source #
The tags that are assigned to the user pool. A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
userPoolType_usernameAttributes :: Lens' UserPoolType (Maybe [UsernameAttributeType]) Source #
Specifies whether a user can use an email address or phone number as a username when they sign up.
userPoolType_usernameConfiguration :: Lens' UserPoolType (Maybe UsernameConfigurationType) Source #
Case sensitivity of the username input for the selected sign-in option.
For example, when case sensitivity is set to False
, users can sign in
using either "username" or "Username". This configuration is
immutable once it has been set. For more information, see
UsernameConfigurationType.
userPoolType_verificationMessageTemplate :: Lens' UserPoolType (Maybe VerificationMessageTemplateType) Source #
The template for verification messages.
UserType
A user profile in a Amazon Cognito user pool.
See: newUserType
smart constructor.
UserType' | |
|
Instances
newUserType :: UserType Source #
Create a value of UserType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:attributes:UserType'
, userType_attributes
- A container with information about the user type attributes.
$sel:enabled:UserType'
, userType_enabled
- Specifies whether the user is enabled.
$sel:mfaOptions:UserType'
, userType_mfaOptions
- The MFA options for the user.
$sel:userCreateDate:UserType'
, userType_userCreateDate
- The creation date of the user.
$sel:userLastModifiedDate:UserType'
, userType_userLastModifiedDate
- The last modified date of the user.
$sel:userStatus:UserType'
, userType_userStatus
- The user status. This can be one of the following:
- UNCONFIRMED - User has been created but not confirmed.
- CONFIRMED - User has been confirmed.
- EXTERNAL_PROVIDER - User signed in with a third-party IdP.
- ARCHIVED - User is no longer active.
- UNKNOWN - User status isn't known.
- RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.
- FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.
$sel:username:UserType'
, userType_username
- The user name of the user you want to describe.
userType_attributes :: Lens' UserType (Maybe [AttributeType]) Source #
A container with information about the user type attributes.
userType_mfaOptions :: Lens' UserType (Maybe [MFAOptionType]) Source #
The MFA options for the user.
userType_userLastModifiedDate :: Lens' UserType (Maybe UTCTime) Source #
The last modified date of the user.
userType_userStatus :: Lens' UserType (Maybe UserStatusType) Source #
The user status. This can be one of the following:
- UNCONFIRMED - User has been created but not confirmed.
- CONFIRMED - User has been confirmed.
- EXTERNAL_PROVIDER - User signed in with a third-party IdP.
- ARCHIVED - User is no longer active.
- UNKNOWN - User status isn't known.
- RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.
- FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.
userType_username :: Lens' UserType (Maybe Text) Source #
The user name of the user you want to describe.
UsernameConfigurationType
data UsernameConfigurationType Source #
The username configuration type.
See: newUsernameConfigurationType
smart constructor.
UsernameConfigurationType' | |
|
Instances
FromJSON UsernameConfigurationType Source # | |
ToJSON UsernameConfigurationType Source # | |
Generic UsernameConfigurationType Source # | |
Read UsernameConfigurationType Source # | |
Show UsernameConfigurationType Source # | |
NFData UsernameConfigurationType Source # | |
Eq UsernameConfigurationType Source # | |
Hashable UsernameConfigurationType Source # | |
type Rep UsernameConfigurationType Source # | |
Defined in Amazonka.CognitoIdentityProvider.Types.UsernameConfigurationType type Rep UsernameConfigurationType = D1 ('MetaData "UsernameConfigurationType" "Amazonka.CognitoIdentityProvider.Types.UsernameConfigurationType" "amazonka-cognito-idp-2.0-D1ERgMvEVPG9z8cOLXdU2" 'False) (C1 ('MetaCons "UsernameConfigurationType'" 'PrefixI 'True) (S1 ('MetaSel ('Just "caseSensitive") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Bool))) |
newUsernameConfigurationType Source #
Create a value of UsernameConfigurationType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:caseSensitive:UsernameConfigurationType'
, usernameConfigurationType_caseSensitive
- Specifies whether user name case sensitivity will be applied for all
users in the user pool through Amazon Cognito APIs.
Valid values include:
- True
- Enables case sensitivity for all username input. When this option is
set to
True
, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value. - False
- Enables case insensitivity for all username input. For example, when
this option is set to
False
, users can sign in using either "username" or "Username". This option also enables bothpreferred_username
andemail
alias to be case insensitive, in addition to theusername
attribute.
usernameConfigurationType_caseSensitive :: Lens' UsernameConfigurationType Bool Source #
Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.
Valid values include:
- True
- Enables case sensitivity for all username input. When this option is
set to
True
, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value. - False
- Enables case insensitivity for all username input. For example, when
this option is set to
False
, users can sign in using either "username" or "Username". This option also enables bothpreferred_username
andemail
alias to be case insensitive, in addition to theusername
attribute.
VerificationMessageTemplateType
data VerificationMessageTemplateType Source #
The template for verification messages.
See: newVerificationMessageTemplateType
smart constructor.
VerificationMessageTemplateType' | |
|
Instances
newVerificationMessageTemplateType :: VerificationMessageTemplateType Source #
Create a value of VerificationMessageTemplateType
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:defaultEmailOption:VerificationMessageTemplateType'
, verificationMessageTemplateType_defaultEmailOption
- The default email option.
$sel:emailMessage:VerificationMessageTemplateType'
, verificationMessageTemplateType_emailMessage
- The template for email messages that Amazon Cognito sends to your users.
You can set an EmailMessage
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
$sel:emailMessageByLink:VerificationMessageTemplateType'
, verificationMessageTemplateType_emailMessageByLink
- The email message template for sending a confirmation link to the user.
You can set an EmailMessageByLink
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
$sel:emailSubject:VerificationMessageTemplateType'
, verificationMessageTemplateType_emailSubject
- The subject line for the email message template. You can set an
EmailSubject
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
$sel:emailSubjectByLink:VerificationMessageTemplateType'
, verificationMessageTemplateType_emailSubjectByLink
- The subject line for the email message template for sending a
confirmation link to the user. You can set an EmailSubjectByLink
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
$sel:smsMessage:VerificationMessageTemplateType'
, verificationMessageTemplateType_smsMessage
- The template for SMS messages that Amazon Cognito sends to your users.
verificationMessageTemplateType_defaultEmailOption :: Lens' VerificationMessageTemplateType (Maybe DefaultEmailOptionType) Source #
The default email option.
verificationMessageTemplateType_emailMessage :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The template for email messages that Amazon Cognito sends to your users.
You can set an EmailMessage
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
verificationMessageTemplateType_emailMessageByLink :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The email message template for sending a confirmation link to the user.
You can set an EmailMessageByLink
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
verificationMessageTemplateType_emailSubject :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The subject line for the email message template. You can set an
EmailSubject
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
verificationMessageTemplateType_emailSubjectByLink :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The subject line for the email message template for sending a
confirmation link to the user. You can set an EmailSubjectByLink
template only if the value of
EmailSendingAccount
is DEVELOPER
. When your
EmailSendingAccount
is DEVELOPER
, your user pool sends email messages with your own Amazon
SES configuration.
verificationMessageTemplateType_smsMessage :: Lens' VerificationMessageTemplateType (Maybe Text) Source #
The template for SMS messages that Amazon Cognito sends to your users.