Amazon Cognito Identity

2016/06/23 - Amazon Cognito Identity - 4 updated api methods

CreateIdentityPool (updated) Link ¶
Changes (both)
{'SamlProviderARNs': ['string']}

Creates a new identity pool. The identity pool is a store of user identity information that is specific to your AWS account. The limit on identity pools is 60 per account. The keys for SupportedLoginProviders are as follows:

  • Facebook: graph.facebook.com

  • Google: accounts.google.com

  • Amazon: www.amazon.com

  • Twitter: api.twitter.com

  • Digits: www.digits.com

You must use AWS Developer credentials to call this API.

Request Syntax

client.create_identity_pool(
    IdentityPoolName='string',
    AllowUnauthenticatedIdentities=True|False,
    SupportedLoginProviders={
        'string': 'string'
    },
    DeveloperProviderName='string',
    OpenIdConnectProviderARNs=[
        'string',
    ],
    CognitoIdentityProviders=[
        {
            'ProviderName': 'string',
            'ClientId': 'string'
        },
    ],
    SamlProviderARNs=[
        'string',
    ]
)
type IdentityPoolName

string

param IdentityPoolName

[REQUIRED]

A string that you provide.

type AllowUnauthenticatedIdentities

boolean

param AllowUnauthenticatedIdentities

[REQUIRED]

TRUE if the identity pool supports unauthenticated logins.

type SupportedLoginProviders

dict

param SupportedLoginProviders

Optional key:value pairs mapping provider names to provider app IDs.

  • (string) --

    • (string) --

type DeveloperProviderName

string

param DeveloperProviderName

The "domain" by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider. For the DeveloperProviderName , you can use letters as well as period (. ), underscore (_ ), and dash (- ).

Once you have set a developer provider name, you cannot change it. Please take care in setting this parameter.

type OpenIdConnectProviderARNs

list

param OpenIdConnectProviderARNs

A list of OpendID Connect provider ARNs.

  • (string) --

type CognitoIdentityProviders

list

param CognitoIdentityProviders

An array of Amazon Cognito Identity user pools.

  • (dict) --

    A provider representing an Amazon Cognito Identity User Pool and its client ID.

    • ProviderName (string) --

      The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

    • ClientId (string) --

      The client ID for the Amazon Cognito Identity User Pool.

type SamlProviderARNs

list

param SamlProviderARNs

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

  • (string) --

rtype

dict

returns

Response Syntax

{
    'IdentityPoolId': 'string',
    'IdentityPoolName': 'string',
    'AllowUnauthenticatedIdentities': True|False,
    'SupportedLoginProviders': {
        'string': 'string'
    },
    'DeveloperProviderName': 'string',
    'OpenIdConnectProviderARNs': [
        'string',
    ],
    'CognitoIdentityProviders': [
        {
            'ProviderName': 'string',
            'ClientId': 'string'
        },
    ],
    'SamlProviderARNs': [
        'string',
    ]
}

Response Structure

  • (dict) -- An object representing a Cognito identity pool.

    • IdentityPoolId (string) -- An identity pool ID in the format REGION:GUID.

    • IdentityPoolName (string) --

      A string that you provide.

    • AllowUnauthenticatedIdentities (boolean) -- TRUE if the identity pool supports unauthenticated logins.

    • SupportedLoginProviders (dict) --

      Optional key:value pairs mapping provider names to provider app IDs.

      • (string) --

        • (string) --

    • DeveloperProviderName (string) --

      The "domain" by which Cognito will refer to your users.

    • OpenIdConnectProviderARNs (list) --

      A list of OpendID Connect provider ARNs.

      • (string) --

    • CognitoIdentityProviders (list) --

      A list representing an Amazon Cognito Identity User Pool and its client ID.

      • (dict) --

        A provider representing an Amazon Cognito Identity User Pool and its client ID.

        • ProviderName (string) --

          The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

        • ClientId (string) --

          The client ID for the Amazon Cognito Identity User Pool.

    • SamlProviderARNs (list) --

      An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

      • (string) --

DescribeIdentityPool (updated) Link ¶
Changes (response)
{'SamlProviderARNs': ['string']}

Gets details about a particular identity pool, including the pool name, ID description, creation date, and current number of users.

You must use AWS Developer credentials to call this API.

Request Syntax

client.describe_identity_pool(
    IdentityPoolId='string'
)
type IdentityPoolId

string

param IdentityPoolId

[REQUIRED] An identity pool ID in the format REGION:GUID.

rtype

dict

returns

Response Syntax

{
    'IdentityPoolId': 'string',
    'IdentityPoolName': 'string',
    'AllowUnauthenticatedIdentities': True|False,
    'SupportedLoginProviders': {
        'string': 'string'
    },
    'DeveloperProviderName': 'string',
    'OpenIdConnectProviderARNs': [
        'string',
    ],
    'CognitoIdentityProviders': [
        {
            'ProviderName': 'string',
            'ClientId': 'string'
        },
    ],
    'SamlProviderARNs': [
        'string',
    ]
}

Response Structure

  • (dict) -- An object representing a Cognito identity pool.

    • IdentityPoolId (string) -- An identity pool ID in the format REGION:GUID.

    • IdentityPoolName (string) --

      A string that you provide.

    • AllowUnauthenticatedIdentities (boolean) -- TRUE if the identity pool supports unauthenticated logins.

    • SupportedLoginProviders (dict) --

      Optional key:value pairs mapping provider names to provider app IDs.

      • (string) --

        • (string) --

    • DeveloperProviderName (string) --

      The "domain" by which Cognito will refer to your users.

    • OpenIdConnectProviderARNs (list) --

      A list of OpendID Connect provider ARNs.

      • (string) --

    • CognitoIdentityProviders (list) --

      A list representing an Amazon Cognito Identity User Pool and its client ID.

      • (dict) --

        A provider representing an Amazon Cognito Identity User Pool and its client ID.

        • ProviderName (string) --

          The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

        • ClientId (string) --

          The client ID for the Amazon Cognito Identity User Pool.

    • SamlProviderARNs (list) --

      An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

      • (string) --

GetCredentialsForIdentity (updated) Link ¶
Changes (request)
{'CustomRoleArn': 'string'}

Returns credentials for the provided identity ID. Any provided logins will be validated against supported login providers. If the token is for cognito-identity.amazonaws.com, it will be passed through to AWS Security Token Service with the appropriate role for the token.

This is a public API. You do not need any credentials to call this API.

Request Syntax

client.get_credentials_for_identity(
    IdentityId='string',
    Logins={
        'string': 'string'
    },
    CustomRoleArn='string'
)
type IdentityId

string

param IdentityId

[REQUIRED]

A unique identifier in the format REGION:GUID.

type Logins

dict

param Logins

A set of optional name-value pairs that map provider names to provider tokens.

  • (string) --

    • (string) --

type CustomRoleArn

string

param CustomRoleArn

The Amazon Resource Name (ARN) of the role to be assumed when multiple roles were received in the token from the identity provider. For example, a SAML-based identity provider. This parameter is optional for identity providers that do not support role customization.

rtype

dict

returns

Response Syntax

{
    'IdentityId': 'string',
    'Credentials': {
        'AccessKeyId': 'string',
        'SecretKey': 'string',
        'SessionToken': 'string',
        'Expiration': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    Returned in response to a successful GetCredentialsForIdentity operation.

    • IdentityId (string) --

      A unique identifier in the format REGION:GUID.

    • Credentials (dict) --

      Credentials for the provided identity ID.

      • AccessKeyId (string) --

        The Access Key portion of the credentials.

      • SecretKey (string) --

        The Secret Access Key portion of the credentials

      • SessionToken (string) --

        The Session Token portion of the credentials

      • Expiration (datetime) --

        The date at which these credentials will expire.

UpdateIdentityPool (updated) Link ¶
Changes (both)
{'SamlProviderARNs': ['string']}

Updates a user pool.

You must use AWS Developer credentials to call this API.

Request Syntax

client.update_identity_pool(
    IdentityPoolId='string',
    IdentityPoolName='string',
    AllowUnauthenticatedIdentities=True|False,
    SupportedLoginProviders={
        'string': 'string'
    },
    DeveloperProviderName='string',
    OpenIdConnectProviderARNs=[
        'string',
    ],
    CognitoIdentityProviders=[
        {
            'ProviderName': 'string',
            'ClientId': 'string'
        },
    ],
    SamlProviderARNs=[
        'string',
    ]
)
type IdentityPoolId

string

param IdentityPoolId

[REQUIRED] An identity pool ID in the format REGION:GUID.

type IdentityPoolName

string

param IdentityPoolName

[REQUIRED]

A string that you provide.

type AllowUnauthenticatedIdentities

boolean

param AllowUnauthenticatedIdentities

[REQUIRED] TRUE if the identity pool supports unauthenticated logins.

type SupportedLoginProviders

dict

param SupportedLoginProviders

Optional key:value pairs mapping provider names to provider app IDs.

  • (string) --

    • (string) --

type DeveloperProviderName

string

param DeveloperProviderName

The "domain" by which Cognito will refer to your users.

type OpenIdConnectProviderARNs

list

param OpenIdConnectProviderARNs

A list of OpendID Connect provider ARNs.

  • (string) --

type CognitoIdentityProviders

list

param CognitoIdentityProviders

A list representing an Amazon Cognito Identity User Pool and its client ID.

  • (dict) --

    A provider representing an Amazon Cognito Identity User Pool and its client ID.

    • ProviderName (string) --

      The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

    • ClientId (string) --

      The client ID for the Amazon Cognito Identity User Pool.

type SamlProviderARNs

list

param SamlProviderARNs

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

  • (string) --

rtype

dict

returns

Response Syntax

{
    'IdentityPoolId': 'string',
    'IdentityPoolName': 'string',
    'AllowUnauthenticatedIdentities': True|False,
    'SupportedLoginProviders': {
        'string': 'string'
    },
    'DeveloperProviderName': 'string',
    'OpenIdConnectProviderARNs': [
        'string',
    ],
    'CognitoIdentityProviders': [
        {
            'ProviderName': 'string',
            'ClientId': 'string'
        },
    ],
    'SamlProviderARNs': [
        'string',
    ]
}

Response Structure

  • (dict) -- An object representing a Cognito identity pool.

    • IdentityPoolId (string) -- An identity pool ID in the format REGION:GUID.

    • IdentityPoolName (string) --

      A string that you provide.

    • AllowUnauthenticatedIdentities (boolean) -- TRUE if the identity pool supports unauthenticated logins.

    • SupportedLoginProviders (dict) --

      Optional key:value pairs mapping provider names to provider app IDs.

      • (string) --

        • (string) --

    • DeveloperProviderName (string) --

      The "domain" by which Cognito will refer to your users.

    • OpenIdConnectProviderARNs (list) --

      A list of OpendID Connect provider ARNs.

      • (string) --

    • CognitoIdentityProviders (list) --

      A list representing an Amazon Cognito Identity User Pool and its client ID.

      • (dict) --

        A provider representing an Amazon Cognito Identity User Pool and its client ID.

        • ProviderName (string) --

          The provider name for an Amazon Cognito Identity User Pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789 .

        • ClientId (string) --

          The client ID for the Amazon Cognito Identity User Pool.

    • SamlProviderARNs (list) --

      An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.

      • (string) --