Amazon Cognito Identity

2017/02/16 - Amazon Cognito Identity - 3 updated api methods

Changes  Allows createIdentityPool and updateIdentityPool API to set server side token check value on identity pool.

CreateIdentityPool (updated) Link ¶
Changes (both) 
{'CognitoIdentityProviders': {'ServerSideTokenCheck': 'boolean'}}

Creates a new identity pool. The identity pool is a store of user identity information that is specific to your AWS account. The limit on identity pools is 60 per account. The keys for SupportedLoginProviders are as follows:

  • Facebook: graph.facebook.com

  • Google: accounts.google.com

  • Amazon: www.amazon.com

  • Twitter: api.twitter.com

  • Digits: www.digits.com

You must use AWS Developer credentials to call this API.

See also: AWS API Documentation

Request Syntax

client.create_identity_pool(
    IdentityPoolName='string',
    AllowUnauthenticatedIdentities=True|False,
    SupportedLoginProviders={
        'string': 'string'
    },
    DeveloperProviderName='string',
    OpenIdConnectProviderARNs=[
        'string',
    ],
    CognitoIdentityProviders=[
        {
            'ProviderName': 'string',
            'ClientId': 'string',
            'ServerSideTokenCheck': True|False
        },
    ],
    SamlProviderARNs=[
        'string',
    ]
)
type IdentityPoolName

string

param IdentityPoolName

[REQUIRED]

A string that you provide.

type AllowUnauthenticatedIdentities

boolean

param AllowUnauthenticatedIdentities

[REQUIRED]

TRUE if the identity pool supports unauthenticated logins.

type SupportedLoginProviders

dict

param SupportedLoginProviders

Optional key:value pairs mapping provider names to provider app IDs.

  • (string) --

    • (string) --

type DeveloperProviderName

string

param DeveloperProviderName

The "domain" by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider. For the DeveloperProviderName , you can use letters as well as period (. ), underscore (_ ), and dash (- ).

Once you have set a developer provider name, you cannot change it. Please take care in setting this parameter.

type OpenIdConnectProviderARNs

list

param OpenIdConnectProviderARNs

A list of OpendID Connect provider ARNs.

  • (string) --

type CognitoIdentityProviders

list

param CognitoIdentityProviders

An array of Amazon Cognito Identity user pools and their client IDs.

  • (dict) --

    A provider representing an Amazon Cognito Identity User Pool and its client ID.

    • ProviderName (string) --

      The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

    • ClientId (string) --

      The client ID for the Amazon Cognito Identity User Pool.

    • ServerSideTokenCheck (boolean) --

      TRUE if server-side token validation is enabled for the identity provider’s token.

type SamlProviderARNs

list

param SamlProviderARNs

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

  • (string) --

rtype

dict

returns

Response Syntax

{
    'IdentityPoolId': 'string',
    'IdentityPoolName': 'string',
    'AllowUnauthenticatedIdentities': True|False,
    'SupportedLoginProviders': {
        'string': 'string'
    },
    'DeveloperProviderName': 'string',
    'OpenIdConnectProviderARNs': [
        'string',
    ],
    'CognitoIdentityProviders': [
        {
            'ProviderName': 'string',
            'ClientId': 'string',
            'ServerSideTokenCheck': True|False
        },
    ],
    'SamlProviderARNs': [
        'string',
    ]
}

Response Structure

  • (dict) --

    An object representing an Amazon Cognito identity pool.

    • IdentityPoolId (string) --

      An identity pool ID in the format REGION:GUID.

    • IdentityPoolName (string) --

      A string that you provide.

    • AllowUnauthenticatedIdentities (boolean) --

      TRUE if the identity pool supports unauthenticated logins.

    • SupportedLoginProviders (dict) --

      Optional key:value pairs mapping provider names to provider app IDs.

      • (string) --

        • (string) --

    • DeveloperProviderName (string) --

      The "domain" by which Cognito will refer to your users.

    • OpenIdConnectProviderARNs (list) --

      A list of OpendID Connect provider ARNs.

      • (string) --

    • CognitoIdentityProviders (list) --

      A list representing an Amazon Cognito Identity User Pool and its client ID.

      • (dict) --

        A provider representing an Amazon Cognito Identity User Pool and its client ID.

        • ProviderName (string) --

          The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

        • ClientId (string) --

          The client ID for the Amazon Cognito Identity User Pool.

        • ServerSideTokenCheck (boolean) --

          TRUE if server-side token validation is enabled for the identity provider’s token.

    • SamlProviderARNs (list) --

      An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

      • (string) --

DescribeIdentityPool (updated) Link ¶
Changes (response) 
{'CognitoIdentityProviders': {'ServerSideTokenCheck': 'boolean'}}

Gets details about a particular identity pool, including the pool name, ID description, creation date, and current number of users.

You must use AWS Developer credentials to call this API.

See also: AWS API Documentation

Request Syntax

client.describe_identity_pool(
    IdentityPoolId='string'
)
type IdentityPoolId

string

param IdentityPoolId

[REQUIRED]

An identity pool ID in the format REGION:GUID.

rtype

dict

returns

Response Syntax

{
    'IdentityPoolId': 'string',
    'IdentityPoolName': 'string',
    'AllowUnauthenticatedIdentities': True|False,
    'SupportedLoginProviders': {
        'string': 'string'
    },
    'DeveloperProviderName': 'string',
    'OpenIdConnectProviderARNs': [
        'string',
    ],
    'CognitoIdentityProviders': [
        {
            'ProviderName': 'string',
            'ClientId': 'string',
            'ServerSideTokenCheck': True|False
        },
    ],
    'SamlProviderARNs': [
        'string',
    ]
}

Response Structure

  • (dict) --

    An object representing an Amazon Cognito identity pool.

    • IdentityPoolId (string) --

      An identity pool ID in the format REGION:GUID.

    • IdentityPoolName (string) --

      A string that you provide.

    • AllowUnauthenticatedIdentities (boolean) --

      TRUE if the identity pool supports unauthenticated logins.

    • SupportedLoginProviders (dict) --

      Optional key:value pairs mapping provider names to provider app IDs.

      • (string) --

        • (string) --

    • DeveloperProviderName (string) --

      The "domain" by which Cognito will refer to your users.

    • OpenIdConnectProviderARNs (list) --

      A list of OpendID Connect provider ARNs.

      • (string) --

    • CognitoIdentityProviders (list) --

      A list representing an Amazon Cognito Identity User Pool and its client ID.

      • (dict) --

        A provider representing an Amazon Cognito Identity User Pool and its client ID.

        • ProviderName (string) --

          The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

        • ClientId (string) --

          The client ID for the Amazon Cognito Identity User Pool.

        • ServerSideTokenCheck (boolean) --

          TRUE if server-side token validation is enabled for the identity provider’s token.

    • SamlProviderARNs (list) --

      An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

      • (string) --

UpdateIdentityPool (updated) Link ¶
Changes (both) 
{'CognitoIdentityProviders': {'ServerSideTokenCheck': 'boolean'}}

Updates a user pool.

You must use AWS Developer credentials to call this API.

See also: AWS API Documentation

Request Syntax

client.update_identity_pool(
    IdentityPoolId='string',
    IdentityPoolName='string',
    AllowUnauthenticatedIdentities=True|False,
    SupportedLoginProviders={
        'string': 'string'
    },
    DeveloperProviderName='string',
    OpenIdConnectProviderARNs=[
        'string',
    ],
    CognitoIdentityProviders=[
        {
            'ProviderName': 'string',
            'ClientId': 'string',
            'ServerSideTokenCheck': True|False
        },
    ],
    SamlProviderARNs=[
        'string',
    ]
)
type IdentityPoolId

string

param IdentityPoolId

[REQUIRED]

An identity pool ID in the format REGION:GUID.

type IdentityPoolName

string

param IdentityPoolName

[REQUIRED]

A string that you provide.

type AllowUnauthenticatedIdentities

boolean

param AllowUnauthenticatedIdentities

[REQUIRED]

TRUE if the identity pool supports unauthenticated logins.

type SupportedLoginProviders

dict

param SupportedLoginProviders

Optional key:value pairs mapping provider names to provider app IDs.

  • (string) --

    • (string) --

type DeveloperProviderName

string

param DeveloperProviderName

The "domain" by which Cognito will refer to your users.

type OpenIdConnectProviderARNs

list

param OpenIdConnectProviderARNs

A list of OpendID Connect provider ARNs.

  • (string) --

type CognitoIdentityProviders

list

param CognitoIdentityProviders

A list representing an Amazon Cognito Identity User Pool and its client ID.

  • (dict) --

    A provider representing an Amazon Cognito Identity User Pool and its client ID.

    • ProviderName (string) --

      The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

    • ClientId (string) --

      The client ID for the Amazon Cognito Identity User Pool.

    • ServerSideTokenCheck (boolean) --

      TRUE if server-side token validation is enabled for the identity provider’s token.

type SamlProviderARNs

list

param SamlProviderARNs

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

  • (string) --

rtype

dict

returns

Response Syntax

{
    'IdentityPoolId': 'string',
    'IdentityPoolName': 'string',
    'AllowUnauthenticatedIdentities': True|False,
    'SupportedLoginProviders': {
        'string': 'string'
    },
    'DeveloperProviderName': 'string',
    'OpenIdConnectProviderARNs': [
        'string',
    ],
    'CognitoIdentityProviders': [
        {
            'ProviderName': 'string',
            'ClientId': 'string',
            'ServerSideTokenCheck': True|False
        },
    ],
    'SamlProviderARNs': [
        'string',
    ]
}

Response Structure

  • (dict) --

    An object representing an Amazon Cognito identity pool.

    • IdentityPoolId (string) --

      An identity pool ID in the format REGION:GUID.

    • IdentityPoolName (string) --

      A string that you provide.

    • AllowUnauthenticatedIdentities (boolean) --

      TRUE if the identity pool supports unauthenticated logins.

    • SupportedLoginProviders (dict) --

      Optional key:value pairs mapping provider names to provider app IDs.

      • (string) --

        • (string) --

    • DeveloperProviderName (string) --

      The "domain" by which Cognito will refer to your users.

    • OpenIdConnectProviderARNs (list) --

      A list of OpendID Connect provider ARNs.

      • (string) --

    • CognitoIdentityProviders (list) --

      A list representing an Amazon Cognito Identity User Pool and its client ID.

      • (dict) --

        A provider representing an Amazon Cognito Identity User Pool and its client ID.

        • ProviderName (string) --

          The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

        • ClientId (string) --

          The client ID for the Amazon Cognito Identity User Pool.

        • ServerSideTokenCheck (boolean) --

          TRUE if server-side token validation is enabled for the identity provider’s token.

    • SamlProviderARNs (list) --

      An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

      • (string) --