Amazon Cognito Identity Provider

2016/10/06 - Amazon Cognito Identity Provider - 1 new 9 updated api methods

AdminCreateUser (new) Link ¶

Creates a new user in the specified user pool and sends a welcome message via email or phone (SMS). This message is based on a template that you configured in your call to CreateUserPool or UpdateUserPool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.

Requires developer credentials.

Request Syntax

client.admin_create_user(
    UserPoolId='string',
    Username='string',
    UserAttributes=[
        {
            'Name': 'string',
            'Value': 'string'
        },
    ],
    ValidationData=[
        {
            'Name': 'string',
            'Value': 'string'
        },
    ],
    TemporaryPassword='string',
    ForceAliasCreation=True|False,
    MessageAction='RESEND'|'SUPPRESS',
    DesiredDeliveryMediums=[
        'SMS'|'EMAIL',
    ]
)
type UserPoolId

string

param UserPoolId

[REQUIRED]

The user pool ID for the user pool where the user will be created.

type Username

string

param Username

[REQUIRED]

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

type UserAttributes

list

param UserAttributes

An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than Username. However, any attributes that you specify as required (in CreateUserPool or in the Attributes tab of the console) must be supplied either by you (in your call to AdminCreateUser) or by the user (when he or she signs up in response to your welcome message).

To send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.

In your call to AdminCreateUser, you can set the email_verified attribute to True, and you can set the phone_number_verified attribute to True. (You cannot do this by calling other operations such as AdminUpdateUserAttributes.)

  • email : The email address of the user to whom the message that contains the code and username will be sent. Required if the email_verified attribute is set to True, or if "EMAIL" is specified in the DesiredDeliveryMediums parameter.

  • phone_number : The phone number of the user to whom the message that contains the code and username will be sent. Required if the phone_number_verified attribute is set to True, or if "SMS" is specified in the DesiredDeliveryMediums parameter.

  • (dict) --

    Specifies whether the attribute is standard or custom.

    • Name (string) -- [REQUIRED]

      The name of the attribute.

    • Value (string) --

      The value of the attribute.

type ValidationData

list

param ValidationData

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain.

To configure custom validation, you must create a Pre Sign-up Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process.

The user's validation data is not persisted.

  • (dict) --

    Specifies whether the attribute is standard or custom.

    • Name (string) -- [REQUIRED]

      The name of the attribute.

    • Value (string) --

      The value of the attribute.

type TemporaryPassword

string

param TemporaryPassword

The user's temporary password. This password must conform to the password policy that you specified when you created the user pool.

The temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary password in the sign-in page along with a new password to be used in all future sign-ins.

This parameter is not required. If you do not specify a value, Amazon Cognito generates one for you.

The temporary password can only be used until the user account expiration limit that you specified when you created the user pool. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.

type ForceAliasCreation

boolean

param ForceAliasCreation

This parameter is only used if the phone_number_verified or email_verified attribute is set to True. Otherwise, it is ignored.

If this parameter is set to True and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias.

If this parameter is set to False, the API throws an AliasExistsException error if the alias already exists. The default value is False.

type MessageAction

string

param MessageAction

Set to "RESEND" to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to "SUPPRESS" to suppress sending the message. Only one value can be specified.

type DesiredDeliveryMediums

list

param DesiredDeliveryMediums

Specify "EMAIL" if email will be used to send the welcome message. Specify "SMS" if the phone number will be used. The default value is "SMS". More than one value can be specified.

  • (string) --

rtype

dict

returns

Response Syntax

{
    'User': {
        'Username': 'string',
        'Attributes': [
            {
                'Name': 'string',
                'Value': 'string'
            },
        ],
        'UserCreateDate': datetime(2015, 1, 1),
        'UserLastModifiedDate': datetime(2015, 1, 1),
        'Enabled': True|False,
        'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD',
        'MFAOptions': [
            {
                'DeliveryMedium': 'SMS'|'EMAIL',
                'AttributeName': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    Represents the response from the server to the request to create the user.

    • User (dict) --

      The user returned in the request to create a new user.

      • Username (string) --

        The user name of the user you wish to describe.

      • Attributes (list) --

        A container with information about the user type attributes.

        • (dict) --

          Specifies whether the attribute is standard or custom.

          • Name (string) --

            The name of the attribute.

          • Value (string) --

            The value of the attribute.

      • UserCreateDate (datetime) --

        The creation date of the user.

      • UserLastModifiedDate (datetime) --

        The last modified date of the user.

      • Enabled (boolean) --

        Specifies whether the user is enabled.

      • UserStatus (string) --

        The user status. Can be one of the following:

        • UNCONFIRMED - User has been created but not confirmed.

        • CONFIRMED - User has been confirmed.

        • ARCHIVED - User is no longer active.

        • COMPROMISED - User is disabled due to a potential security threat.

        • UNKNOWN - User status is not known.

      • MFAOptions (list) --

        The MFA options for the user.

        • (dict) --

          Specifies the different settings for multi-factor authentication (MFA).

          • DeliveryMedium (string) --

            The delivery medium (email message or SMS message) to send the MFA code.

          • AttributeName (string) --

            The attribute name of the MFA option type.

AdminGetUser (updated) Link ¶
Changes (response)
{'UserStatus': ['FORCE_CHANGE_PASSWORD']}

Gets the specified user by user name in a user pool as an administrator. Works on any user.

Request Syntax

client.admin_get_user(
    UserPoolId='string',
    Username='string'
)
type UserPoolId

string

param UserPoolId

[REQUIRED]

The user pool ID for the user pool where you want to get information about the user.

type Username

string

param Username

[REQUIRED]

The user name of the user you wish to retrieve.

rtype

dict

returns

Response Syntax

{
    'Username': 'string',
    'UserAttributes': [
        {
            'Name': 'string',
            'Value': 'string'
        },
    ],
    'UserCreateDate': datetime(2015, 1, 1),
    'UserLastModifiedDate': datetime(2015, 1, 1),
    'Enabled': True|False,
    'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD',
    'MFAOptions': [
        {
            'DeliveryMedium': 'SMS'|'EMAIL',
            'AttributeName': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    Represents the response from the server from the request to get the specified user as an administrator.

    • Username (string) --

      The user name of the user about whom you are receiving information.

    • UserAttributes (list) --

      An array of name-value pairs representing user attributes.

      • (dict) --

        Specifies whether the attribute is standard or custom.

        • Name (string) --

          The name of the attribute.

        • Value (string) --

          The value of the attribute.

    • UserCreateDate (datetime) --

      The date the user was created.

    • UserLastModifiedDate (datetime) --

      The date the user was last modified.

    • Enabled (boolean) --

      Indicates that the status is enabled.

    • UserStatus (string) --

      The user status. Can be one of the following:

      • UNCONFIRMED - User has been created but not confirmed.

      • CONFIRMED - User has been confirmed.

      • ARCHIVED - User is no longer active.

      • COMPROMISED - User is disabled due to a potential security threat.

      • UNKNOWN - User status is not known.

    • MFAOptions (list) --

      Specifies the options for MFA (e.g., email or phone number).

      • (dict) --

        Specifies the different settings for multi-factor authentication (MFA).

        • DeliveryMedium (string) --

          The delivery medium (email message or SMS message) to send the MFA code.

        • AttributeName (string) --

          The attribute name of the MFA option type.

AdminInitiateAuth (updated) Link ¶
Changes (response)
{'ChallengeName': ['NEW_PASSWORD_REQUIRED']}

Initiates the authentication flow, as an administrator.

Request Syntax

client.admin_initiate_auth(
    UserPoolId='string',
    ClientId='string',
    AuthFlow='USER_SRP_AUTH'|'REFRESH_TOKEN_AUTH'|'REFRESH_TOKEN'|'CUSTOM_AUTH'|'ADMIN_NO_SRP_AUTH',
    AuthParameters={
        'string': 'string'
    },
    ClientMetadata={
        'string': 'string'
    }
)
type UserPoolId

string

param UserPoolId

[REQUIRED]

The ID of the Amazon Cognito user pool.

type ClientId

string

param ClientId

[REQUIRED]

The client app ID.

type AuthFlow

string

param AuthFlow

[REQUIRED]

The authentication flow.

type AuthParameters

dict

param AuthParameters

The authentication parameters.

  • (string) --

    • (string) --

type ClientMetadata

dict

param ClientMetadata

The client app metadata.

  • (string) --

    • (string) --

rtype

dict

returns

Response Syntax

{
    'ChallengeName': 'SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
    'Session': 'string',
    'ChallengeParameters': {
        'string': 'string'
    },
    'AuthenticationResult': {
        'AccessToken': 'string',
        'ExpiresIn': 123,
        'TokenType': 'string',
        'RefreshToken': 'string',
        'IdToken': 'string',
        'NewDeviceMetadata': {
            'DeviceKey': 'string',
            'DeviceGroupKey': 'string'
        }
    }
}

Response Structure

  • (dict) --

    Initiates the authentication response, as an administrator.

    • ChallengeName (string) --

      The name of the challenge.

    • Session (string) --

      The session.

    • ChallengeParameters (dict) --

      The challenge parameters.

      • (string) --

        • (string) --

    • AuthenticationResult (dict) --

      The result type of the authentication result.

      • AccessToken (string) --

        The access token of the authentication result.

      • ExpiresIn (integer) --

        The expiration period of the authentication result.

      • TokenType (string) --

        The token type of the authentication result.

      • RefreshToken (string) --

        The refresh token of the authentication result.

      • IdToken (string) --

        The ID token of the authentication result.

      • NewDeviceMetadata (dict) --

        The new device metadata from an authentication result.

        • DeviceKey (string) --

          The device key.

        • DeviceGroupKey (string) --

          The device group key.

AdminRespondToAuthChallenge (updated) Link ¶
Changes (both)
{'ChallengeName': ['NEW_PASSWORD_REQUIRED']}

Responds to an authentication challenge, as an administrator.

Request Syntax

client.admin_respond_to_auth_challenge(
    UserPoolId='string',
    ClientId='string',
    ChallengeName='SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
    ChallengeResponses={
        'string': 'string'
    },
    Session='string'
)
type UserPoolId

string

param UserPoolId

[REQUIRED]

The ID of the Amazon Cognito user pool.

type ClientId

string

param ClientId

[REQUIRED]

The client ID.

type ChallengeName

string

param ChallengeName

[REQUIRED]

The name of the challenge.

type ChallengeResponses

dict

param ChallengeResponses

The challenge response.

  • (string) --

    • (string) --

type Session

string

param Session

The session.

rtype

dict

returns

Response Syntax

{
    'ChallengeName': 'SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
    'Session': 'string',
    'ChallengeParameters': {
        'string': 'string'
    },
    'AuthenticationResult': {
        'AccessToken': 'string',
        'ExpiresIn': 123,
        'TokenType': 'string',
        'RefreshToken': 'string',
        'IdToken': 'string',
        'NewDeviceMetadata': {
            'DeviceKey': 'string',
            'DeviceGroupKey': 'string'
        }
    }
}

Response Structure

  • (dict) --

    Responds to the authentication challenge, as an administrator.

    • ChallengeName (string) --

      The name of the challenge.

    • Session (string) --

      The session.

    • ChallengeParameters (dict) --

      The challenge parameters.

      • (string) --

        • (string) --

    • AuthenticationResult (dict) --

      The result type of the authentication result.

      • AccessToken (string) --

        The access token of the authentication result.

      • ExpiresIn (integer) --

        The expiration period of the authentication result.

      • TokenType (string) --

        The token type of the authentication result.

      • RefreshToken (string) --

        The refresh token of the authentication result.

      • IdToken (string) --

        The ID token of the authentication result.

      • NewDeviceMetadata (dict) --

        The new device metadata from an authentication result.

        • DeviceKey (string) --

          The device key.

        • DeviceGroupKey (string) --

          The device group key.

CreateUserPool (updated) Link ¶
Changes (request, response)
Request
{'AdminCreateUserConfig': {'AllowAdminCreateUserOnly': 'boolean',
                           'InviteMessageTemplate': {'EmailMessage': 'string',
                                                     'EmailSubject': 'string',
                                                     'SMSMessage': 'string'},
                           'UnusedAccountValidityDays': 'integer'}}
Response
{'UserPool': {'AdminCreateUserConfig': {'AllowAdminCreateUserOnly': 'boolean',
                                        'InviteMessageTemplate': {'EmailMessage': 'string',
                                                                  'EmailSubject': 'string',
                                                                  'SMSMessage': 'string'},
                                        'UnusedAccountValidityDays': 'integer'}}}

Creates a new Amazon Cognito user pool and sets the password policy for the pool.

Request Syntax

client.create_user_pool(
    PoolName='string',
    Policies={
        'PasswordPolicy': {
            'MinimumLength': 123,
            'RequireUppercase': True|False,
            'RequireLowercase': True|False,
            'RequireNumbers': True|False,
            'RequireSymbols': True|False
        }
    },
    LambdaConfig={
        'PreSignUp': 'string',
        'CustomMessage': 'string',
        'PostConfirmation': 'string',
        'PreAuthentication': 'string',
        'PostAuthentication': 'string',
        'DefineAuthChallenge': 'string',
        'CreateAuthChallenge': 'string',
        'VerifyAuthChallengeResponse': 'string'
    },
    AutoVerifiedAttributes=[
        'phone_number'|'email',
    ],
    AliasAttributes=[
        'phone_number'|'email'|'preferred_username',
    ],
    SmsVerificationMessage='string',
    EmailVerificationMessage='string',
    EmailVerificationSubject='string',
    SmsAuthenticationMessage='string',
    MfaConfiguration='OFF'|'ON'|'OPTIONAL',
    DeviceConfiguration={
        'ChallengeRequiredOnNewDevice': True|False,
        'DeviceOnlyRememberedOnUserPrompt': True|False
    },
    EmailConfiguration={
        'SourceArn': 'string',
        'ReplyToEmailAddress': 'string'
    },
    SmsConfiguration={
        'SnsCallerArn': 'string',
        'ExternalId': 'string'
    },
    AdminCreateUserConfig={
        'AllowAdminCreateUserOnly': True|False,
        'UnusedAccountValidityDays': 123,
        'InviteMessageTemplate': {
            'SMSMessage': 'string',
            'EmailMessage': 'string',
            'EmailSubject': 'string'
        }
    }
)
type PoolName

string

param PoolName

[REQUIRED]

A string used to name the user pool.

type Policies

dict

param Policies

The policies associated with the new user pool.

  • PasswordPolicy (dict) --

    A container with information about the user pool password policy.

    • MinimumLength (integer) --

      The minimum length of the password policy that you have set. Cannot be less than 6.

    • RequireUppercase (boolean) --

      In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.

    • RequireLowercase (boolean) --

      In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.

    • RequireNumbers (boolean) --

      In the password policy that you have set, refers to whether you have required users to use at least one number in their password.

    • RequireSymbols (boolean) --

      In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.

type LambdaConfig

dict

param LambdaConfig

The Lambda trigger configuration information for the new user pool.

  • PreSignUp (string) --

    A pre-registration AWS Lambda trigger.

  • CustomMessage (string) --

    A custom Message AWS Lambda trigger.

  • PostConfirmation (string) --

    A post-confirmation AWS Lambda trigger.

  • PreAuthentication (string) --

    A pre-authentication AWS Lambda trigger.

  • PostAuthentication (string) --

    A post-authentication AWS Lambda trigger.

  • DefineAuthChallenge (string) --

    Defines the authentication challenge.

  • CreateAuthChallenge (string) --

    Creates an authentication challenge.

  • VerifyAuthChallengeResponse (string) --

    Verifies the authentication challenge response.

type AutoVerifiedAttributes

list

param AutoVerifiedAttributes

The attributes to be auto-verified. Possible values: email , phone_number .

  • (string) --

type AliasAttributes

list

param AliasAttributes

Attributes supported as an alias for this user pool. Possible values: phone_number , email , or preferred_username .

  • (string) --

type SmsVerificationMessage

string

param SmsVerificationMessage

A string representing the SMS verification message.

type EmailVerificationMessage

string

param EmailVerificationMessage

A string representing the email verification message.

type EmailVerificationSubject

string

param EmailVerificationSubject

A string representing the email verification subject.

type SmsAuthenticationMessage

string

param SmsAuthenticationMessage

A string representing the SMS authentication message.

type MfaConfiguration

string

param MfaConfiguration

Specifies MFA configuration details.

type DeviceConfiguration

dict

param DeviceConfiguration

The device configuration.

  • ChallengeRequiredOnNewDevice (boolean) --

    Indicates whether a challenge is required on a new device. Only applicable to a new device.

  • DeviceOnlyRememberedOnUserPrompt (boolean) --

    If true, a device is only remembered on user prompt.

type EmailConfiguration

dict

param EmailConfiguration

The email configuration.

  • SourceArn (string) --

    The Amazon Resource Name (ARN) of the email source.

  • ReplyToEmailAddress (string) --

    The REPLY-TO email address.

type SmsConfiguration

dict

param SmsConfiguration

The SMS configuration.

  • SnsCallerArn (string) --

    The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.

  • ExternalId (string) --

    The external ID.

type AdminCreateUserConfig

dict

param AdminCreateUserConfig

The configuration for AdminCreateUser requests.

  • AllowAdminCreateUserOnly (boolean) --

    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

  • UnusedAccountValidityDays (integer) --

    The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.

  • InviteMessageTemplate (dict) --

    The message template to be used for the welcome message to new users.

    • SMSMessage (string) --

      The message template for SMS messages.

    • EmailMessage (string) --

      The message template for email messages.

    • EmailSubject (string) --

      The subject line for email messages.

rtype

dict

returns

Response Syntax

{
    'UserPool': {
        'Id': 'string',
        'Name': 'string',
        'Policies': {
            'PasswordPolicy': {
                'MinimumLength': 123,
                'RequireUppercase': True|False,
                'RequireLowercase': True|False,
                'RequireNumbers': True|False,
                'RequireSymbols': True|False
            }
        },
        'LambdaConfig': {
            'PreSignUp': 'string',
            'CustomMessage': 'string',
            'PostConfirmation': 'string',
            'PreAuthentication': 'string',
            'PostAuthentication': 'string',
            'DefineAuthChallenge': 'string',
            'CreateAuthChallenge': 'string',
            'VerifyAuthChallengeResponse': 'string'
        },
        'Status': 'Enabled'|'Disabled',
        'LastModifiedDate': datetime(2015, 1, 1),
        'CreationDate': datetime(2015, 1, 1),
        'SchemaAttributes': [
            {
                'Name': 'string',
                'AttributeDataType': 'String'|'Number'|'DateTime'|'Boolean',
                'DeveloperOnlyAttribute': True|False,
                'Mutable': True|False,
                'Required': True|False,
                'NumberAttributeConstraints': {
                    'MinValue': 'string',
                    'MaxValue': 'string'
                },
                'StringAttributeConstraints': {
                    'MinLength': 'string',
                    'MaxLength': 'string'
                }
            },
        ],
        'AutoVerifiedAttributes': [
            'phone_number'|'email',
        ],
        'AliasAttributes': [
            'phone_number'|'email'|'preferred_username',
        ],
        'SmsVerificationMessage': 'string',
        'EmailVerificationMessage': 'string',
        'EmailVerificationSubject': 'string',
        'SmsAuthenticationMessage': 'string',
        'MfaConfiguration': 'OFF'|'ON'|'OPTIONAL',
        'DeviceConfiguration': {
            'ChallengeRequiredOnNewDevice': True|False,
            'DeviceOnlyRememberedOnUserPrompt': True|False
        },
        'EstimatedNumberOfUsers': 123,
        'EmailConfiguration': {
            'SourceArn': 'string',
            'ReplyToEmailAddress': 'string'
        },
        'SmsConfiguration': {
            'SnsCallerArn': 'string',
            'ExternalId': 'string'
        },
        'SmsConfigurationFailure': 'string',
        'EmailConfigurationFailure': 'string',
        'AdminCreateUserConfig': {
            'AllowAdminCreateUserOnly': True|False,
            'UnusedAccountValidityDays': 123,
            'InviteMessageTemplate': {
                'SMSMessage': 'string',
                'EmailMessage': 'string',
                'EmailSubject': 'string'
            }
        }
    }
}

Response Structure

  • (dict) --

    Represents the response from the server for the request to create a user pool.

    • UserPool (dict) --

      A container for the user pool details.

      • Id (string) --

        The ID of the user pool.

      • Name (string) --

        The name of the user pool.

      • Policies (dict) --

        A container describing the policies associated with a user pool.

        • PasswordPolicy (dict) --

          A container with information about the user pool password policy.

          • MinimumLength (integer) --

            The minimum length of the password policy that you have set. Cannot be less than 6.

          • RequireUppercase (boolean) --

            In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.

          • RequireLowercase (boolean) --

            In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.

          • RequireNumbers (boolean) --

            In the password policy that you have set, refers to whether you have required users to use at least one number in their password.

          • RequireSymbols (boolean) --

            In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.

      • LambdaConfig (dict) --

        A container describing the AWS Lambda triggers associated with a user pool.

        • PreSignUp (string) --

          A pre-registration AWS Lambda trigger.

        • CustomMessage (string) --

          A custom Message AWS Lambda trigger.

        • PostConfirmation (string) --

          A post-confirmation AWS Lambda trigger.

        • PreAuthentication (string) --

          A pre-authentication AWS Lambda trigger.

        • PostAuthentication (string) --

          A post-authentication AWS Lambda trigger.

        • DefineAuthChallenge (string) --

          Defines the authentication challenge.

        • CreateAuthChallenge (string) --

          Creates an authentication challenge.

        • VerifyAuthChallengeResponse (string) --

          Verifies the authentication challenge response.

      • Status (string) --

        The status of a user pool.

      • LastModifiedDate (datetime) --

        The last modified date of a user pool.

      • CreationDate (datetime) --

        The creation date of a user pool.

      • SchemaAttributes (list) --

        A container with the schema attributes of a user pool.

        • (dict) --

          Contains information about the schema attribute.

          • Name (string) --

            A schema attribute of the name type.

          • AttributeDataType (string) --

            The attribute data type.

          • DeveloperOnlyAttribute (boolean) --

            Specifies whether the attribute type is developer only.

          • Mutable (boolean) --

            Specifies whether the attribute can be changed once it has been created.

          • Required (boolean) --

            Specifies whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.

          • NumberAttributeConstraints (dict) --

            Specifies the constraints for an attribute of the number type.

            • MinValue (string) --

              The minimum value of an attribute that is of the number data type.

            • MaxValue (string) --

              The maximum value of an attribute that is of the number data type.

          • StringAttributeConstraints (dict) --

            Specifies the constraints for an attribute of the string type.

            • MinLength (string) --

              The minimum length of an attribute value of the string type.

            • MaxLength (string) --

              The maximum length of an attribute value of the string type.

      • AutoVerifiedAttributes (list) --

        Specifies the attributes that are auto-verified in a user pool.

        • (string) --

      • AliasAttributes (list) --

        Specifies the attributes that are aliased in a user pool.

        • (string) --

      • SmsVerificationMessage (string) --

        The contents of the SMS verification message.

      • EmailVerificationMessage (string) --

        The contents of the email verification message.

      • EmailVerificationSubject (string) --

        The subject of the email verification message.

      • SmsAuthenticationMessage (string) --

        The contents of the SMS authentication message.

      • MfaConfiguration (string) --

        Can be one of the following values:

        • OFF - MFA tokens are not required and cannot be specified during user registration.

        • ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.

        • OPTIONAL - Users have the option when registering to create an MFA token.

      • DeviceConfiguration (dict) --

        The device configuration.

        • ChallengeRequiredOnNewDevice (boolean) --

          Indicates whether a challenge is required on a new device. Only applicable to a new device.

        • DeviceOnlyRememberedOnUserPrompt (boolean) --

          If true, a device is only remembered on user prompt.

      • EstimatedNumberOfUsers (integer) --

        A number estimating the size of the user pool.

      • EmailConfiguration (dict) --

        The email configuration.

        • SourceArn (string) --

          The Amazon Resource Name (ARN) of the email source.

        • ReplyToEmailAddress (string) --

          The REPLY-TO email address.

      • SmsConfiguration (dict) --

        The SMS configuration.

        • SnsCallerArn (string) --

          The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.

        • ExternalId (string) --

          The external ID.

      • SmsConfigurationFailure (string) --

        The reason why the SMS configuration cannot send the message(s) to your users.

      • EmailConfigurationFailure (string) --

        The reason why the email configuration cannot send the messages to your users.

      • AdminCreateUserConfig (dict) --

        The configuration for AdminCreateUser requests.

        • AllowAdminCreateUserOnly (boolean) --

          Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

        • UnusedAccountValidityDays (integer) --

          The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.

        • InviteMessageTemplate (dict) --

          The message template to be used for the welcome message to new users.

          • SMSMessage (string) --

            The message template for SMS messages.

          • EmailMessage (string) --

            The message template for email messages.

          • EmailSubject (string) --

            The subject line for email messages.

DescribeUserPool (updated) Link ¶
Changes (response)
{'UserPool': {'AdminCreateUserConfig': {'AllowAdminCreateUserOnly': 'boolean',
                                        'InviteMessageTemplate': {'EmailMessage': 'string',
                                                                  'EmailSubject': 'string',
                                                                  'SMSMessage': 'string'},
                                        'UnusedAccountValidityDays': 'integer'}}}

Returns the configuration information and metadata of the specified user pool.

Request Syntax

client.describe_user_pool(
    UserPoolId='string'
)
type UserPoolId

string

param UserPoolId

[REQUIRED]

The user pool ID for the user pool you want to describe.

rtype

dict

returns

Response Syntax

{
    'UserPool': {
        'Id': 'string',
        'Name': 'string',
        'Policies': {
            'PasswordPolicy': {
                'MinimumLength': 123,
                'RequireUppercase': True|False,
                'RequireLowercase': True|False,
                'RequireNumbers': True|False,
                'RequireSymbols': True|False
            }
        },
        'LambdaConfig': {
            'PreSignUp': 'string',
            'CustomMessage': 'string',
            'PostConfirmation': 'string',
            'PreAuthentication': 'string',
            'PostAuthentication': 'string',
            'DefineAuthChallenge': 'string',
            'CreateAuthChallenge': 'string',
            'VerifyAuthChallengeResponse': 'string'
        },
        'Status': 'Enabled'|'Disabled',
        'LastModifiedDate': datetime(2015, 1, 1),
        'CreationDate': datetime(2015, 1, 1),
        'SchemaAttributes': [
            {
                'Name': 'string',
                'AttributeDataType': 'String'|'Number'|'DateTime'|'Boolean',
                'DeveloperOnlyAttribute': True|False,
                'Mutable': True|False,
                'Required': True|False,
                'NumberAttributeConstraints': {
                    'MinValue': 'string',
                    'MaxValue': 'string'
                },
                'StringAttributeConstraints': {
                    'MinLength': 'string',
                    'MaxLength': 'string'
                }
            },
        ],
        'AutoVerifiedAttributes': [
            'phone_number'|'email',
        ],
        'AliasAttributes': [
            'phone_number'|'email'|'preferred_username',
        ],
        'SmsVerificationMessage': 'string',
        'EmailVerificationMessage': 'string',
        'EmailVerificationSubject': 'string',
        'SmsAuthenticationMessage': 'string',
        'MfaConfiguration': 'OFF'|'ON'|'OPTIONAL',
        'DeviceConfiguration': {
            'ChallengeRequiredOnNewDevice': True|False,
            'DeviceOnlyRememberedOnUserPrompt': True|False
        },
        'EstimatedNumberOfUsers': 123,
        'EmailConfiguration': {
            'SourceArn': 'string',
            'ReplyToEmailAddress': 'string'
        },
        'SmsConfiguration': {
            'SnsCallerArn': 'string',
            'ExternalId': 'string'
        },
        'SmsConfigurationFailure': 'string',
        'EmailConfigurationFailure': 'string',
        'AdminCreateUserConfig': {
            'AllowAdminCreateUserOnly': True|False,
            'UnusedAccountValidityDays': 123,
            'InviteMessageTemplate': {
                'SMSMessage': 'string',
                'EmailMessage': 'string',
                'EmailSubject': 'string'
            }
        }
    }
}

Response Structure

  • (dict) --

    Represents the response to describe the user pool.

    • UserPool (dict) --

      The container of metadata returned by the server to describe the pool.

      • Id (string) --

        The ID of the user pool.

      • Name (string) --

        The name of the user pool.

      • Policies (dict) --

        A container describing the policies associated with a user pool.

        • PasswordPolicy (dict) --

          A container with information about the user pool password policy.

          • MinimumLength (integer) --

            The minimum length of the password policy that you have set. Cannot be less than 6.

          • RequireUppercase (boolean) --

            In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.

          • RequireLowercase (boolean) --

            In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.

          • RequireNumbers (boolean) --

            In the password policy that you have set, refers to whether you have required users to use at least one number in their password.

          • RequireSymbols (boolean) --

            In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.

      • LambdaConfig (dict) --

        A container describing the AWS Lambda triggers associated with a user pool.

        • PreSignUp (string) --

          A pre-registration AWS Lambda trigger.

        • CustomMessage (string) --

          A custom Message AWS Lambda trigger.

        • PostConfirmation (string) --

          A post-confirmation AWS Lambda trigger.

        • PreAuthentication (string) --

          A pre-authentication AWS Lambda trigger.

        • PostAuthentication (string) --

          A post-authentication AWS Lambda trigger.

        • DefineAuthChallenge (string) --

          Defines the authentication challenge.

        • CreateAuthChallenge (string) --

          Creates an authentication challenge.

        • VerifyAuthChallengeResponse (string) --

          Verifies the authentication challenge response.

      • Status (string) --

        The status of a user pool.

      • LastModifiedDate (datetime) --

        The last modified date of a user pool.

      • CreationDate (datetime) --

        The creation date of a user pool.

      • SchemaAttributes (list) --

        A container with the schema attributes of a user pool.

        • (dict) --

          Contains information about the schema attribute.

          • Name (string) --

            A schema attribute of the name type.

          • AttributeDataType (string) --

            The attribute data type.

          • DeveloperOnlyAttribute (boolean) --

            Specifies whether the attribute type is developer only.

          • Mutable (boolean) --

            Specifies whether the attribute can be changed once it has been created.

          • Required (boolean) --

            Specifies whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.

          • NumberAttributeConstraints (dict) --

            Specifies the constraints for an attribute of the number type.

            • MinValue (string) --

              The minimum value of an attribute that is of the number data type.

            • MaxValue (string) --

              The maximum value of an attribute that is of the number data type.

          • StringAttributeConstraints (dict) --

            Specifies the constraints for an attribute of the string type.

            • MinLength (string) --

              The minimum length of an attribute value of the string type.

            • MaxLength (string) --

              The maximum length of an attribute value of the string type.

      • AutoVerifiedAttributes (list) --

        Specifies the attributes that are auto-verified in a user pool.

        • (string) --

      • AliasAttributes (list) --

        Specifies the attributes that are aliased in a user pool.

        • (string) --

      • SmsVerificationMessage (string) --

        The contents of the SMS verification message.

      • EmailVerificationMessage (string) --

        The contents of the email verification message.

      • EmailVerificationSubject (string) --

        The subject of the email verification message.

      • SmsAuthenticationMessage (string) --

        The contents of the SMS authentication message.

      • MfaConfiguration (string) --

        Can be one of the following values:

        • OFF - MFA tokens are not required and cannot be specified during user registration.

        • ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.

        • OPTIONAL - Users have the option when registering to create an MFA token.

      • DeviceConfiguration (dict) --

        The device configuration.

        • ChallengeRequiredOnNewDevice (boolean) --

          Indicates whether a challenge is required on a new device. Only applicable to a new device.

        • DeviceOnlyRememberedOnUserPrompt (boolean) --

          If true, a device is only remembered on user prompt.

      • EstimatedNumberOfUsers (integer) --

        A number estimating the size of the user pool.

      • EmailConfiguration (dict) --

        The email configuration.

        • SourceArn (string) --

          The Amazon Resource Name (ARN) of the email source.

        • ReplyToEmailAddress (string) --

          The REPLY-TO email address.

      • SmsConfiguration (dict) --

        The SMS configuration.

        • SnsCallerArn (string) --

          The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.

        • ExternalId (string) --

          The external ID.

      • SmsConfigurationFailure (string) --

        The reason why the SMS configuration cannot send the message(s) to your users.

      • EmailConfigurationFailure (string) --

        The reason why the email configuration cannot send the messages to your users.

      • AdminCreateUserConfig (dict) --

        The configuration for AdminCreateUser requests.

        • AllowAdminCreateUserOnly (boolean) --

          Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

        • UnusedAccountValidityDays (integer) --

          The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.

        • InviteMessageTemplate (dict) --

          The message template to be used for the welcome message to new users.

          • SMSMessage (string) --

            The message template for SMS messages.

          • EmailMessage (string) --

            The message template for email messages.

          • EmailSubject (string) --

            The subject line for email messages.

InitiateAuth (updated) Link ¶
Changes (response)
{'ChallengeName': ['NEW_PASSWORD_REQUIRED']}

Initiates the authentication flow.

Request Syntax

client.initiate_auth(
    AuthFlow='USER_SRP_AUTH'|'REFRESH_TOKEN_AUTH'|'REFRESH_TOKEN'|'CUSTOM_AUTH'|'ADMIN_NO_SRP_AUTH',
    AuthParameters={
        'string': 'string'
    },
    ClientMetadata={
        'string': 'string'
    },
    ClientId='string'
)
type AuthFlow

string

param AuthFlow

[REQUIRED]

The authentication flow.

type AuthParameters

dict

param AuthParameters

The authentication parameters.

  • (string) --

    • (string) --

type ClientMetadata

dict

param ClientMetadata

The client app's metadata.

  • (string) --

    • (string) --

type ClientId

string

param ClientId

[REQUIRED]

The client ID.

rtype

dict

returns

Response Syntax

{
    'ChallengeName': 'SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
    'Session': 'string',
    'ChallengeParameters': {
        'string': 'string'
    },
    'AuthenticationResult': {
        'AccessToken': 'string',
        'ExpiresIn': 123,
        'TokenType': 'string',
        'RefreshToken': 'string',
        'IdToken': 'string',
        'NewDeviceMetadata': {
            'DeviceKey': 'string',
            'DeviceGroupKey': 'string'
        }
    }
}

Response Structure

  • (dict) --

    Initiates the authentication response.

    • ChallengeName (string) --

      The name of the challenge.

    • Session (string) --

      The session.

    • ChallengeParameters (dict) --

      The challenge parameters.

      • (string) --

        • (string) --

    • AuthenticationResult (dict) --

      The result type of the authentication result.

      • AccessToken (string) --

        The access token of the authentication result.

      • ExpiresIn (integer) --

        The expiration period of the authentication result.

      • TokenType (string) --

        The token type of the authentication result.

      • RefreshToken (string) --

        The refresh token of the authentication result.

      • IdToken (string) --

        The ID token of the authentication result.

      • NewDeviceMetadata (dict) --

        The new device metadata from an authentication result.

        • DeviceKey (string) --

          The device key.

        • DeviceGroupKey (string) --

          The device group key.

ListUsers (updated) Link ¶
Changes (response)
{'Users': {'MFAOptions': [{'AttributeName': 'string',
                           'DeliveryMedium': 'SMS | EMAIL'}],
           'UserStatus': ['FORCE_CHANGE_PASSWORD']}}

Lists the users in the Amazon Cognito user pool.

Request Syntax

client.list_users(
    UserPoolId='string',
    AttributesToGet=[
        'string',
    ],
    Limit=123,
    PaginationToken='string',
    Filter='string'
)
type UserPoolId

string

param UserPoolId

[REQUIRED]

The user pool ID for which you want to list users.

type AttributesToGet

list

param AttributesToGet

The attributes to get from the request to list users.

  • (string) --

type Limit

integer

param Limit

The limit of the request to list users.

type PaginationToken

string

param PaginationToken

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

type Filter

string

param Filter

The filter for the list users request.

rtype

dict

returns

Response Syntax

{
    'Users': [
        {
            'Username': 'string',
            'Attributes': [
                {
                    'Name': 'string',
                    'Value': 'string'
                },
            ],
            'UserCreateDate': datetime(2015, 1, 1),
            'UserLastModifiedDate': datetime(2015, 1, 1),
            'Enabled': True|False,
            'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD',
            'MFAOptions': [
                {
                    'DeliveryMedium': 'SMS'|'EMAIL',
                    'AttributeName': 'string'
                },
            ]
        },
    ],
    'PaginationToken': 'string'
}

Response Structure

  • (dict) --

    The response from the request to list users.

    • Users (list) --

      The users returned in the request to list users.

      • (dict) --

        The user type.

        • Username (string) --

          The user name of the user you wish to describe.

        • Attributes (list) --

          A container with information about the user type attributes.

          • (dict) --

            Specifies whether the attribute is standard or custom.

            • Name (string) --

              The name of the attribute.

            • Value (string) --

              The value of the attribute.

        • UserCreateDate (datetime) --

          The creation date of the user.

        • UserLastModifiedDate (datetime) --

          The last modified date of the user.

        • Enabled (boolean) --

          Specifies whether the user is enabled.

        • UserStatus (string) --

          The user status. Can be one of the following:

          • UNCONFIRMED - User has been created but not confirmed.

          • CONFIRMED - User has been confirmed.

          • ARCHIVED - User is no longer active.

          • COMPROMISED - User is disabled due to a potential security threat.

          • UNKNOWN - User status is not known.

        • MFAOptions (list) --

          The MFA options for the user.

          • (dict) --

            Specifies the different settings for multi-factor authentication (MFA).

            • DeliveryMedium (string) --

              The delivery medium (email message or SMS message) to send the MFA code.

            • AttributeName (string) --

              The attribute name of the MFA option type.

    • PaginationToken (string) --

      An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

RespondToAuthChallenge (updated) Link ¶
Changes (both)
{'ChallengeName': ['NEW_PASSWORD_REQUIRED']}

Responds to the authentication challenge.

Request Syntax

client.respond_to_auth_challenge(
    ClientId='string',
    ChallengeName='SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
    Session='string',
    ChallengeResponses={
        'string': 'string'
    }
)
type ClientId

string

param ClientId

[REQUIRED]

The client ID.

type ChallengeName

string

param ChallengeName

[REQUIRED]

The name of the challenge.

type Session

string

param Session

The session.

type ChallengeResponses

dict

param ChallengeResponses

The responses to the authentication challenge.

  • (string) --

    • (string) --

rtype

dict

returns

Response Syntax

{
    'ChallengeName': 'SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
    'Session': 'string',
    'ChallengeParameters': {
        'string': 'string'
    },
    'AuthenticationResult': {
        'AccessToken': 'string',
        'ExpiresIn': 123,
        'TokenType': 'string',
        'RefreshToken': 'string',
        'IdToken': 'string',
        'NewDeviceMetadata': {
            'DeviceKey': 'string',
            'DeviceGroupKey': 'string'
        }
    }
}

Response Structure

  • (dict) --

    The response to respond to the authentication challenge.

    • ChallengeName (string) --

      The challenge name.

    • Session (string) --

      The session.

    • ChallengeParameters (dict) --

      The challenge parameters.

      • (string) --

        • (string) --

    • AuthenticationResult (dict) --

      The result type of the authentication result.

      • AccessToken (string) --

        The access token of the authentication result.

      • ExpiresIn (integer) --

        The expiration period of the authentication result.

      • TokenType (string) --

        The token type of the authentication result.

      • RefreshToken (string) --

        The refresh token of the authentication result.

      • IdToken (string) --

        The ID token of the authentication result.

      • NewDeviceMetadata (dict) --

        The new device metadata from an authentication result.

        • DeviceKey (string) --

          The device key.

        • DeviceGroupKey (string) --

          The device group key.

UpdateUserPool (updated) Link ¶
Changes (request)
{'AdminCreateUserConfig': {'AllowAdminCreateUserOnly': 'boolean',
                           'InviteMessageTemplate': {'EmailMessage': 'string',
                                                     'EmailSubject': 'string',
                                                     'SMSMessage': 'string'},
                           'UnusedAccountValidityDays': 'integer'}}

Updates the specified user pool with the specified attributes.

Request Syntax

client.update_user_pool(
    UserPoolId='string',
    Policies={
        'PasswordPolicy': {
            'MinimumLength': 123,
            'RequireUppercase': True|False,
            'RequireLowercase': True|False,
            'RequireNumbers': True|False,
            'RequireSymbols': True|False
        }
    },
    LambdaConfig={
        'PreSignUp': 'string',
        'CustomMessage': 'string',
        'PostConfirmation': 'string',
        'PreAuthentication': 'string',
        'PostAuthentication': 'string',
        'DefineAuthChallenge': 'string',
        'CreateAuthChallenge': 'string',
        'VerifyAuthChallengeResponse': 'string'
    },
    AutoVerifiedAttributes=[
        'phone_number'|'email',
    ],
    SmsVerificationMessage='string',
    EmailVerificationMessage='string',
    EmailVerificationSubject='string',
    SmsAuthenticationMessage='string',
    MfaConfiguration='OFF'|'ON'|'OPTIONAL',
    DeviceConfiguration={
        'ChallengeRequiredOnNewDevice': True|False,
        'DeviceOnlyRememberedOnUserPrompt': True|False
    },
    EmailConfiguration={
        'SourceArn': 'string',
        'ReplyToEmailAddress': 'string'
    },
    SmsConfiguration={
        'SnsCallerArn': 'string',
        'ExternalId': 'string'
    },
    AdminCreateUserConfig={
        'AllowAdminCreateUserOnly': True|False,
        'UnusedAccountValidityDays': 123,
        'InviteMessageTemplate': {
            'SMSMessage': 'string',
            'EmailMessage': 'string',
            'EmailSubject': 'string'
        }
    }
)
type UserPoolId

string

param UserPoolId

[REQUIRED]

The user pool ID for the user pool you want to update.

type Policies

dict

param Policies

A container with the policies you wish to update in a user pool.

  • PasswordPolicy (dict) --

    A container with information about the user pool password policy.

    • MinimumLength (integer) --

      The minimum length of the password policy that you have set. Cannot be less than 6.

    • RequireUppercase (boolean) --

      In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.

    • RequireLowercase (boolean) --

      In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.

    • RequireNumbers (boolean) --

      In the password policy that you have set, refers to whether you have required users to use at least one number in their password.

    • RequireSymbols (boolean) --

      In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.

type LambdaConfig

dict

param LambdaConfig

The AWS Lambda configuration information from the request to update the user pool.

  • PreSignUp (string) --

    A pre-registration AWS Lambda trigger.

  • CustomMessage (string) --

    A custom Message AWS Lambda trigger.

  • PostConfirmation (string) --

    A post-confirmation AWS Lambda trigger.

  • PreAuthentication (string) --

    A pre-authentication AWS Lambda trigger.

  • PostAuthentication (string) --

    A post-authentication AWS Lambda trigger.

  • DefineAuthChallenge (string) --

    Defines the authentication challenge.

  • CreateAuthChallenge (string) --

    Creates an authentication challenge.

  • VerifyAuthChallengeResponse (string) --

    Verifies the authentication challenge response.

type AutoVerifiedAttributes

list

param AutoVerifiedAttributes

The attributes that are automatically verified when the Amazon Cognito service makes a request to update user pools.

  • (string) --

type SmsVerificationMessage

string

param SmsVerificationMessage

A container with information about the SMS verification message.

type EmailVerificationMessage

string

param EmailVerificationMessage

The contents of the email verification message.

type EmailVerificationSubject

string

param EmailVerificationSubject

The subject of the email verfication message.

type SmsAuthenticationMessage

string

param SmsAuthenticationMessage

The contents of the SMS authentication message.

type MfaConfiguration

string

param MfaConfiguration

Can be one of the following values:

  • OFF - MFA tokens are not required and cannot be specified during user registration.

  • ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.

  • OPTIONAL - Users have the option when registering to create an MFA token.

type DeviceConfiguration

dict

param DeviceConfiguration

Device configuration.

  • ChallengeRequiredOnNewDevice (boolean) --

    Indicates whether a challenge is required on a new device. Only applicable to a new device.

  • DeviceOnlyRememberedOnUserPrompt (boolean) --

    If true, a device is only remembered on user prompt.

type EmailConfiguration

dict

param EmailConfiguration

Email configuration.

  • SourceArn (string) --

    The Amazon Resource Name (ARN) of the email source.

  • ReplyToEmailAddress (string) --

    The REPLY-TO email address.

type SmsConfiguration

dict

param SmsConfiguration

SMS configuration.

  • SnsCallerArn (string) --

    The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.

  • ExternalId (string) --

    The external ID.

type AdminCreateUserConfig

dict

param AdminCreateUserConfig

The configuration for AdminCreateUser requests.

  • AllowAdminCreateUserOnly (boolean) --

    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

  • UnusedAccountValidityDays (integer) --

    The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.

  • InviteMessageTemplate (dict) --

    The message template to be used for the welcome message to new users.

    • SMSMessage (string) --

      The message template for SMS messages.

    • EmailMessage (string) --

      The message template for email messages.

    • EmailSubject (string) --

      The subject line for email messages.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

    Represents the response from the server when you make a request to update the user pool.