AWS SDK for C++AWS SDK for C++ Version 1.11.605 |
Loading...
Searching...
No Matches
AWS SDK for C++AWS SDK for C++ Version 1.11.605 |
#include <CognitoIdentityProviderClient.h>
With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and managed login reference.
This API reference provides detailed information about API operations and object types in Amazon Cognito.
Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.
An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.
A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.
A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.
For more information, see Understanding API, OIDC, and managed login pages authentication in the Amazon Cognito Developer Guide.
With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in supported Amazon Web Services SDKs.
To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.
Definition at line 56 of file CognitoIdentityProviderClient.h.
Definition at line 59 of file CognitoIdentityProviderClient.h.
Definition at line 63 of file CognitoIdentityProviderClient.h.
Definition at line 64 of file CognitoIdentityProviderClient.h.
Aws::CognitoIdentityProvider::CognitoIdentityProviderClientConfiguration(),
nullptr
Initializes client to use DefaultCredentialProviderChain, with default http client factory, and optional client config. If client config is not specified, it will be initialized to default values.
nullptr,
Aws::CognitoIdentityProvider::CognitoIdentityProviderClientConfiguration()
Initializes client to use SimpleAWSCredentialsProvider, with default http client factory, and optional client config. If client config is not specified, it will be initialized to default values.
nullptr,
Aws::CognitoIdentityProvider::CognitoIdentityProviderClientConfiguration()
Initializes client to use specified credentials provider with specified client config. If http client factory is not supplied, the default http client factory will be used
Initializes client to use DefaultCredentialProviderChain, with default http client factory, and optional client config. If client config is not specified, it will be initialized to default values.
Initializes client to use SimpleAWSCredentialsProvider, with default http client factory, and optional client config. If client config is not specified, it will be initialized to default values.
Initializes client to use specified credentials provider with specified client config. If http client factory is not supplied, the default http client factory will be used
Adds additional user attributes to the user pool schema. Custom attributes can be mutable or immutable and have a custom: or dev: prefix. For more information, see Custom attributes.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AddCustomAttributes that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 147 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AddCustomAttributes that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 138 of file CognitoIdentityProviderClient.h.
Adds a user to a group. A user who is in a group can present a preferred-role claim to an identity pool, and populates a cognito:groups claim to their access and identity tokens.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminAddUserToGroup that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 183 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminAddUserToGroup that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 174 of file CognitoIdentityProviderClient.h.
Confirms user sign-up as an administrator.
This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
To configure your user pool to require administrative confirmation of users, set AllowAdminCreateUserOnly to true in a CreateUserPool or UpdateUserPool request.
nullptr
An Async wrapper for AdminConfirmSignUp that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 225 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminConfirmSignUp that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 216 of file CognitoIdentityProviderClient.h.
Creates a new user in the specified user pool.
If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS).
This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser with SUPPRESS for the MessageAction parameter, and Amazon Cognito won't send any email.
In either case, if the user has a password, they will be in the FORCE_CHANGE_PASSWORD state until they sign in and set their password. Your invitation message template must have the {####} password placeholder if your users have passwords. If your template doesn't have this placeholder, Amazon Cognito doesn't deliver the invitation message. In this case, you must update your message template and resend the password with a new AdminCreateUser request with a MessageAction value of RESEND.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminCreateUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 290 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminCreateUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 281 of file CognitoIdentityProviderClient.h.
Deletes a user profile in your user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminDeleteUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 324 of file CognitoIdentityProviderClient.h.
Deletes attribute values from a user. This operation doesn't affect tokens for existing user sessions. The next ID token that the user receives will no longer have the deleted attributes.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminDeleteUserAttributes that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 360 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminDeleteUserAttributes that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 351 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminDeleteUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 315 of file CognitoIdentityProviderClient.h.
Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can't use their password to sign in. If the user to deactivate is a linked external IdP user, any link between that user and an existing user is removed. When the external user signs in again, and the user is no longer attached to the previously linked DestinationUser, the user must create a new user account.
The value of ProviderName must match the name of a user pool IdP.
To deactivate a local user, set ProviderName to Cognito and the ProviderAttributeName to Cognito_Subject. The ProviderAttributeValue must be user's local username.
The ProviderAttributeName must always be Cognito_Subject for social IdPs. The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.
For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked using AdminLinkProviderForUser call. This is also true if the linking was done with ProviderAttributeName set to Cognito_Subject. If the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the NameID from their SAML assertion.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminDisableProviderForUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 418 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminDisableProviderForUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 409 of file CognitoIdentityProviderClient.h.
Deactivates a user profile and revokes all access tokens for the user. A deactivated user can't sign in, but still appears in the responses to ListUsers API requests.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminDisableUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 454 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminDisableUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 445 of file CognitoIdentityProviderClient.h.
Activates sign-in for a user profile that previously had sign-in access disabled.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminEnableUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 489 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminEnableUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 480 of file CognitoIdentityProviderClient.h.
Forgets, or deletes, a remembered device from a user's profile. After you forget the device, the user can no longer complete device authentication with that device and when applicable, must submit MFA codes again. For more information, see Working with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminForgetDevice that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 528 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminForgetDevice that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 519 of file CognitoIdentityProviderClient.h.
Given the device key, returns details for a user's device. For more information, see Working with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminGetDevice that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 565 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminGetDevice that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 556 of file CognitoIdentityProviderClient.h.
Given a username, returns details about a user profile in a user pool. You can specify alias attributes in the Username request parameter.
This operation contributes to your monthly active user (MAU) count for the purpose of billing.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminGetUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 602 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminGetUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 593 of file CognitoIdentityProviderClient.h.
Starts sign-in for applications with a server-side component, for example a traditional web application. This operation specifies the authentication flow that you'd like to begin. The authentication flow that you specify must be supported in your app client configuration. For more information about authentication flows, see Authentication flows.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminInitiateAuth that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 659 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminInitiateAuth that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 650 of file CognitoIdentityProviderClient.h.
Links an existing user account in a user pool, or DestinationUser, to an identity from an external IdP, or SourceUser, based on a specified attribute name and value from the external IdP.
This operation connects a local user profile with a user identity who hasn't yet signed in from their third-party IdP. When the user signs in with their IdP, they get access-control configuration from the local user profile. Linked local users can also sign in with SDK-based API operations like InitiateAuth after they sign in at least once through their IdP. For more information, see Linking federated users.
The maximum number of federated identities linked to a user is five.
Because this API allows a user with an external federated identity to sign in as a local user, it is critical that it only be used with external IdPs and linked attributes that you trust.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminLinkProviderForUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 707 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminLinkProviderForUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 698 of file CognitoIdentityProviderClient.h.
Lists a user's registered devices. Remembered devices are used in authentication services where you offer a "Remember me" option for users who you want to permit to sign in without MFA from a trusted device. Users can bypass MFA while your application performs device SRP authentication on the back end. For more information, see Working with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminListDevices that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 747 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminListDevices that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 738 of file CognitoIdentityProviderClient.h.
Lists the groups that a user belongs to. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminListGroupsForUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 786 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminListGroupsForUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 777 of file CognitoIdentityProviderClient.h.
Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection. For more information, see Viewing user event history.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminListUserAuthEvents that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 823 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminListUserAuthEvents that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 814 of file CognitoIdentityProviderClient.h.
Given a username and a group name, removes them from the group. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminRemoveUserFromGroup that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 862 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminRemoveUserFromGroup that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 853 of file CognitoIdentityProviderClient.h.
Resets the specified user's password in a user pool. This operation doesn't change the user's password, but sends a password-reset code.
To use this API operation, your user pool must have self-service account recovery configured.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminResetUserPassword that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 916 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminResetUserPassword that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 907 of file CognitoIdentityProviderClient.h.
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminRespondToAuthChallenge that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 975 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminRespondToAuthChallenge that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 966 of file CognitoIdentityProviderClient.h.
Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminSetUserMFAPreference that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1014 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminSetUserMFAPreference that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1005 of file CognitoIdentityProviderClient.h.
Sets the specified user's password in a user pool. This operation administratively sets a temporary or permanent password for a user. With this operation, you can bypass self-service password changes and permit immediate sign-in with the password that you set. To do this, set Permanent to true.
You can also set a new temporary password in this request, send it to a user, and require them to choose a new password on their next sign-in. To do this, set Permanent to false.
If the password is temporary, the user's Status becomes FORCE_CHANGE_PASSWORD. When the user next tries to sign in, the InitiateAuth or AdminInitiateAuth response includes the NEW_PASSWORD_REQUIRED challenge. If the user doesn't sign in before the temporary password expires, they can no longer sign in and you must repeat this operation to set a temporary or permanent password for them.
After the user sets a new password, or if you set a permanent password, their status becomes Confirmed.
AdminSetUserPassword can set a password for the user profile that Amazon Cognito creates for third-party federated users. When you set a password, the federated user's status changes from EXTERNAL_PROVIDER to CONFIRMED. A user in this state can sign in as a federated user, and initiate authentication flows in the API like a linked native user. They can also modify their password and attributes in token-authenticated API requests like ChangePassword and UpdateUserAttributes. As a best security practice and to keep users in sync with your external IdP, don't set passwords on federated user profiles. To set up a federated user for native sign-in with a linked native user, refer to Linking federated users to an existing user profile.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminSetUserPassword that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1074 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminSetUserPassword that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1065 of file CognitoIdentityProviderClient.h.
This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminSetUserSettings that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1110 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminSetUserSettings that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1101 of file CognitoIdentityProviderClient.h.
Provides the feedback for an authentication event generated by threat protection features. Your response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.
To train the threat-protection model to recognize trusted and untrusted sign-in characteristics, configure threat protection in audit-only mode and provide a mechanism for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree with.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminUpdateAuthEventFeedback that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1155 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminUpdateAuthEventFeedback that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1146 of file CognitoIdentityProviderClient.h.
Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminUpdateDeviceStatus that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1196 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminUpdateDeviceStatus that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1187 of file CognitoIdentityProviderClient.h.
Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must add a custom: prefix to the attribute name, for example custom:department.
This operation can set a user's email address or phone number as verified and permit immediate sign-in in user pools that require verification of these attributes. To do this, set the email_verified or phone_number_verified attribute to true.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
nullptr
An Async wrapper for AdminUpdateUserAttributes that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1253 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminUpdateUserAttributes that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1244 of file CognitoIdentityProviderClient.h.
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.
Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin.
Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider.
Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.
Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for AdminUserGlobalSignOut that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1310 of file CognitoIdentityProviderClient.h.
A Callable wrapper for AdminUserGlobalSignOut that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1301 of file CognitoIdentityProviderClient.h.
{})
const
Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
nullptr,
{}
An Async wrapper for AssociateSoftwareToken that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1349 of file CognitoIdentityProviderClient.h.
{})
const
A Callable wrapper for AssociateSoftwareToken that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1340 of file CognitoIdentityProviderClient.h.
Changes the password for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for ChangePassword that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1383 of file CognitoIdentityProviderClient.h.
A Callable wrapper for ChangePassword that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1374 of file CognitoIdentityProviderClient.h.
Completes registration of a passkey authenticator for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
nullptr
An Async wrapper for CompleteWebAuthnRegistration that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1411 of file CognitoIdentityProviderClient.h.
A Callable wrapper for CompleteWebAuthnRegistration that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1402 of file CognitoIdentityProviderClient.h.
Confirms a device that a user wants to remember. A remembered device is a "Remember me on this device" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for ConfirmDevice that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1450 of file CognitoIdentityProviderClient.h.
A Callable wrapper for ConfirmDevice that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1441 of file CognitoIdentityProviderClient.h.
This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for ConfirmForgotPassword that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1484 of file CognitoIdentityProviderClient.h.
A Callable wrapper for ConfirmForgotPassword that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1475 of file CognitoIdentityProviderClient.h.
Confirms the account of a new user. This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.
Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for ConfirmSignUp that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1524 of file CognitoIdentityProviderClient.h.
A Callable wrapper for ConfirmSignUp that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1515 of file CognitoIdentityProviderClient.h.
Creates a new group in the specified user pool. For more information about user pool groups, see Adding groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for CreateGroup that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1561 of file CognitoIdentityProviderClient.h.
A Callable wrapper for CreateGroup that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1552 of file CognitoIdentityProviderClient.h.
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for CreateIdentityProvider that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1600 of file CognitoIdentityProviderClient.h.
A Callable wrapper for CreateIdentityProvider that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1591 of file CognitoIdentityProviderClient.h.
Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer.
Provides values for UI customization in a Settings JSON object and image files in an Assets array. To send the JSON object Document type parameter in Settings, you might need to update to the most recent version of your Amazon Web Services SDK. To create a new style with default settings, set UseCognitoProvidedValues to true and don't provide values for any other options.
This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for CreateManagedLoginBranding that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1648 of file CognitoIdentityProviderClient.h.
A Callable wrapper for CreateManagedLoginBranding that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1639 of file CognitoIdentityProviderClient.h.
Creates a new OAuth2.0 resource server and defines custom scopes within it. Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for CreateResourceServer that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1686 of file CognitoIdentityProviderClient.h.
A Callable wrapper for CreateResourceServer that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1677 of file CognitoIdentityProviderClient.h.
Creates a user import job. You can import users into user pools from a comma-separated values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services bill.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for CreateUserImportJob that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1722 of file CognitoIdentityProviderClient.h.
A Callable wrapper for CreateUserImportJob that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1713 of file CognitoIdentityProviderClient.h.
Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration options.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for CreateUserPool that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1775 of file CognitoIdentityProviderClient.h.
A Callable wrapper for CreateUserPool that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1766 of file CognitoIdentityProviderClient.h.
Creates an app client in a user pool. This operation sets basic and advanced configuration options.
Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for CreateUserPoolClient that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1815 of file CognitoIdentityProviderClient.h.
A Callable wrapper for CreateUserPoolClient that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1806 of file CognitoIdentityProviderClient.h.
A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation creates a new user pool prefix domain or custom domain and sets the managed login branding version. Set the branding version to 1 for hosted UI (classic) or 2 for managed login. When you choose a custom domain, you must provide an SSL certificate in the US East (N. Virginia) Amazon Web Services Region in your request.
Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.
For more information about adding a custom domain to your user pool, see Configuring a user pool domain.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for CreateUserPoolDomain that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1860 of file CognitoIdentityProviderClient.h.
A Callable wrapper for CreateUserPoolDomain that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1851 of file CognitoIdentityProviderClient.h.
Deletes a group from the specified user pool. When you delete a group, that group no longer contributes to users' cognito:preferred_group or cognito:groups claims, and no longer influence access-control decision that are based on group membership. For more information about user pool groups, see Adding groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for DeleteGroup that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1900 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteGroup that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1891 of file CognitoIdentityProviderClient.h.
Deletes a user pool identity provider (IdP). After you delete an IdP, users can no longer sign in to your user pool through that IdP. For more information about user pool IdPs, see Third-party IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for DeleteIdentityProvider that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1938 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteIdentityProvider that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1929 of file CognitoIdentityProviderClient.h.
Deletes a managed login branding style. When you delete a style, you delete the branding association for an app client. When an app client doesn't have a style assigned, your managed login pages for that app client are nonfunctional until you create a new style or switch the domain branding version.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for DeleteManagedLoginBranding that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 1976 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteManagedLoginBranding that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 1967 of file CognitoIdentityProviderClient.h.
Deletes a resource server. After you delete a resource server, users can no longer generate access tokens with scopes that are associate with that resource server.
Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for DeleteResourceServer that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2015 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteResourceServer that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2006 of file CognitoIdentityProviderClient.h.
Deletes the profile of the currently signed-in user. A deleted user profile can no longer be used to sign in and can't be restored.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for DeleteUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2050 of file CognitoIdentityProviderClient.h.
Deletes attributes from the currently signed-in user. For example, your application can submit a request to this operation when a user wants to remove their birthdate attribute value.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for DeleteUserAttributes that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2086 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteUserAttributes that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2077 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2041 of file CognitoIdentityProviderClient.h.
Deletes a user pool. After you delete a user pool, users can no longer sign in to any associated applications.
When you delete a user pool, it's no longer visible or operational in your Amazon Web Services account. Amazon Cognito retains deleted user pools in an inactive state for 14 days, then begins a cleanup process that fully removes them from Amazon Web Services systems. In case of accidental deletion, contact Amazon Web ServicesSupport within 14 days for restoration assistance.
Amazon Cognito begins full deletion of all resources from deleted user pools after 14 days. In the case of large user pools, the cleanup process might take significant additional time before all user data is permanently deleted.
nullptr
An Async wrapper for DeleteUserPool that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2120 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteUserPool that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2111 of file CognitoIdentityProviderClient.h.
Deletes a user pool app client. After you delete an app client, users can no longer sign in to the associated application.
nullptr
An Async wrapper for DeleteUserPoolClient that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2146 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteUserPoolClient that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2137 of file CognitoIdentityProviderClient.h.
Given a user pool ID and domain identifier, deletes a user pool domain. After you delete a user pool domain, your managed login pages and authorization server are no longer available.
nullptr
An Async wrapper for DeleteUserPoolDomain that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2173 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteUserPoolDomain that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2164 of file CognitoIdentityProviderClient.h.
Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for DeleteWebAuthnCredential that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2208 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DeleteWebAuthnCredential that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2199 of file CognitoIdentityProviderClient.h.
Given a user pool ID and identity provider (IdP) name, returns details about the IdP.
nullptr
An Async wrapper for DescribeIdentityProvider that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2234 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DescribeIdentityProvider that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2225 of file CognitoIdentityProviderClient.h.
Given the ID of a managed login branding style, returns detailed information about the style.
nullptr
An Async wrapper for DescribeManagedLoginBranding that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2260 of file CognitoIdentityProviderClient.h.
Given the ID of a user pool app client, returns detailed information about the style assigned to the app client.
nullptr
An Async wrapper for DescribeManagedLoginBrandingByClient that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2286 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DescribeManagedLoginBrandingByClient that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2277 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DescribeManagedLoginBranding that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2251 of file CognitoIdentityProviderClient.h.
Describes a resource server. For more information about resource servers, see Access control with resource servers.
nullptr
An Async wrapper for DescribeResourceServer that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2314 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DescribeResourceServer that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2305 of file CognitoIdentityProviderClient.h.
Given an app client or user pool ID where threat protection is configured, describes the risk configuration. This operation returns details about adaptive authentication, compromised credentials, and IP-address allow- and denylists. For more information about threat protection, see Threat protection.
nullptr
An Async wrapper for DescribeRiskConfiguration that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2344 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DescribeRiskConfiguration that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2335 of file CognitoIdentityProviderClient.h.
Describes a user import job. For more information about user CSV import, see Importing users from a CSV file.
nullptr
An Async wrapper for DescribeUserImportJob that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2372 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DescribeUserImportJob that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2363 of file CognitoIdentityProviderClient.h.
Given a user pool ID, returns configuration information. This operation is useful when you want to inspect an existing user pool and programmatically replicate the configuration to another user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for DescribeUserPool that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2408 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DescribeUserPool that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2399 of file CognitoIdentityProviderClient.h.
Given an app client ID, returns configuration information. This operation is useful when you want to inspect an existing app client and programmatically replicate the configuration to another app client. For more information about app clients, see App clients.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for DescribeUserPoolClient that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2447 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DescribeUserPoolClient that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2438 of file CognitoIdentityProviderClient.h.
Given a user pool domain name, returns information about the domain configuration.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for DescribeUserPoolDomain that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2482 of file CognitoIdentityProviderClient.h.
A Callable wrapper for DescribeUserPoolDomain that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2473 of file CognitoIdentityProviderClient.h.
Given a device key, deletes a remembered device as the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for ForgetDevice that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2519 of file CognitoIdentityProviderClient.h.
A Callable wrapper for ForgetDevice that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2510 of file CognitoIdentityProviderClient.h.
Sends a password-reset confirmation code for the currently signed-in user.
For the Username parameter, you can use the username or user alias.
If neither a verified phone number nor a verified email exists, Amazon Cognito responds with an InvalidParameterException error . If your app client has a client secret and you don't provide a SECRET_HASH parameter, this API returns NotAuthorizedException.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
nullptr
An Async wrapper for ForgotPassword that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2573 of file CognitoIdentityProviderClient.h.
A Callable wrapper for ForgotPassword that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2564 of file CognitoIdentityProviderClient.h.
Given a user pool ID, generates a comma-separated value (CSV) list populated with available user attributes in the user pool. This list is the header for the CSV file that determines the users in a user import job. Save the content of CSVHeader in the response as a .csv file and populate it with the usernames and attributes of users that you want to import. For more information about CSV user import, see Importing users from a CSV file.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for GetCSVHeader that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2614 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetCSVHeader that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2605 of file CognitoIdentityProviderClient.h.
Given a device key, returns information about a remembered device for the current user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for GetDevice that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2651 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetDevice that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2642 of file CognitoIdentityProviderClient.h.
Given a user pool ID and a group name, returns information about the user group.
For more information about user pool groups, see Adding groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for GetGroup that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2688 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetGroup that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2679 of file CognitoIdentityProviderClient.h.
Given the identifier of an identity provider (IdP), for example examplecorp, returns information about the user pool configuration for that IdP. For more information about IdPs, see Third-party IdP sign-in.
nullptr
An Async wrapper for GetIdentityProviderByIdentifier that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2717 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetIdentityProviderByIdentifier that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2708 of file CognitoIdentityProviderClient.h.
Given a user pool ID, returns the logging configuration. User pools can export message-delivery error and threat-protection activity logs to external Amazon Web Services services. For more information, see Exporting user pool logs.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for GetLogDeliveryConfiguration that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2755 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetLogDeliveryConfiguration that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2746 of file CognitoIdentityProviderClient.h.
Given a user pool ID, returns the signing certificate for SAML 2.0 federation.
Issued certificates are valid for 10 years from the date of issue. Amazon Cognito issues and assigns a new signing certificate annually. This renewal process returns a new value in the response to GetSigningCertificate, but doesn't invalidate the original certificate.
For more information, see Signing SAML requests.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for GetSigningCertificate that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2796 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetSigningCertificate that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2787 of file CognitoIdentityProviderClient.h.
Given a refresh token, issues new ID, access, and optionally refresh tokens for the user who owns the submitted token. This operation issues a new refresh token and invalidates the original refresh token after an optional grace period when refresh token rotation is enabled. If refresh token rotation is disabled, issues new ID and access tokens only.
nullptr
An Async wrapper for GetTokensFromRefreshToken that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2825 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetTokensFromRefreshToken that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2816 of file CognitoIdentityProviderClient.h.
Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any. Returns user-pool level branding information if no app client branding is applied, or if you don't specify an app client ID. Returns an empty object if you haven't applied hosted UI branding to either the client or the user pool. For more information, see Hosted UI (classic) branding.
nullptr
An Async wrapper for GetUICustomization that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2856 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetUICustomization that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2847 of file CognitoIdentityProviderClient.h.
Gets user attributes and and MFA settings for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for GetUser that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2891 of file CognitoIdentityProviderClient.h.
Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
nullptr
An Async wrapper for GetUserAttributeVerificationCode that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2942 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetUserAttributeVerificationCode that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2933 of file CognitoIdentityProviderClient.h.
Lists the authentication options for the currently signed-in user. Returns the following:
The user's multi-factor authentication (MFA) preferences.
The user's options for choice-based authentication with the USER_AUTH flow.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for GetUserAuthFactors that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 2980 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetUserAuthFactors that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2971 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetUser that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 2882 of file CognitoIdentityProviderClient.h.
Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA). This operation describes the following:
The WebAuthn relying party (RP) ID and user-verification settings.
The required, optional, or disabled state of MFA for all user pool users.
The message templates for email and SMS MFA.
The enabled or disabled state of time-based one-time password (TOTP) MFA.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
nullptr
An Async wrapper for GetUserPoolMfaConfig that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 3020 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GetUserPoolMfaConfig that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 3011 of file CognitoIdentityProviderClient.h.
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.
Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin.
Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider.
Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.
Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for GlobalSignOut that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 3076 of file CognitoIdentityProviderClient.h.
A Callable wrapper for GlobalSignOut that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 3067 of file CognitoIdentityProviderClient.h.
Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user directory. Amazon Cognito might respond with an additional challenge or an AuthenticationResult that contains the outcome of a successful authentication. You can't sign in a user with a federated IdP with InitiateAuth. For more information, see Authentication.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
nullptr
An Async wrapper for InitiateAuth that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 3130 of file CognitoIdentityProviderClient.h.
A Callable wrapper for InitiateAuth that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 3121 of file CognitoIdentityProviderClient.h.
Lists the devices that Amazon Cognito has registered to the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
nullptr
An Async wrapper for ListDevices that queues the request into a thread executor and triggers associated callback when operation has finished.
Definition at line 3167 of file CognitoIdentityProviderClient.h.
A Callable wrapper for ListDevices that returns a future to the operation so that it can be executed in parallel to other requests.
Definition at line 3158 of file CognitoIdentityProviderClient.h.