cognitoidentityprovider: Amazon Cognito Identity Provider

View source: R/cognitoidentityprovider_service.R

cognitoidentityproviderR Documentation

Amazon Cognito Identity Provider

Description

With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and hosted UI reference.

This API reference provides detailed information about API operations and object types in Amazon Cognito.

Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.

  1. An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.

  2. A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.

  3. A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.

For more information, see Using the Amazon Cognito user pools API and user pool endpoints in the Amazon Cognito Developer Guide.

With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in other supported Amazon Web Services SDKs.

To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.

Usage

cognitoidentityprovider(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

  • credentials:

    • creds:

      • access_key_id: AWS access key ID

      • secret_access_key: AWS secret access key

      • session_token: AWS temporary session token

    • profile: The name of a profile to use. If not given, then the default profile is used.

    • anonymous: Set anonymous credentials.

  • endpoint: The complete URL to use for the constructed client.

  • region: The AWS Region used in instantiating the client.

  • close_connection: Immediately close all HTTP connections.

  • timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.

  • s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. ⁠http://s3.amazonaws.com/BUCKET/KEY⁠.

  • sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

credentials

Optional credentials shorthand for the config parameter

  • creds:

    • access_key_id: AWS access key ID

    • secret_access_key: AWS secret access key

    • session_token: AWS temporary session token

  • profile: The name of a profile to use. If not given, then the default profile is used.

  • anonymous: Set anonymous credentials.

endpoint

Optional shorthand for complete URL to use for the constructed client.

region

Optional shorthand for AWS Region used in instantiating the client.

Value

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Service syntax

svc <- cognitoidentityprovider(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations

add_custom_attributes Adds additional user attributes to the user pool schema
admin_add_user_to_group Adds a user to a group
admin_confirm_sign_up This IAM-authenticated API operation confirms user sign-up as an administrator
admin_create_user Creates a new user in the specified user pool
admin_delete_user Deletes a user as an administrator
admin_delete_user_attributes Deletes the user attributes in a user pool as an administrator
admin_disable_provider_for_user Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP)
admin_disable_user Deactivates a user and revokes all access tokens for the user
admin_enable_user Enables the specified user as an administrator
admin_forget_device Forgets the device, as an administrator
admin_get_device Gets the device, as an administrator
admin_get_user Gets the specified user by user name in a user pool as an administrator
admin_initiate_auth Initiates the authentication flow, as an administrator
admin_link_provider_for_user Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP
admin_list_devices Lists devices, as an administrator
admin_list_groups_for_user Lists the groups that a user belongs to
admin_list_user_auth_events A history of user activity and any risks detected as part of Amazon Cognito advanced security
admin_remove_user_from_group Removes the specified user from the specified group
admin_reset_user_password Resets the specified user's password in a user pool as an administrator
admin_respond_to_auth_challenge Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge
admin_set_user_mfa_preference The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred
admin_set_user_password Sets the specified user's password in a user pool as an administrator
admin_set_user_settings This action is no longer supported
admin_update_auth_event_feedback Provides feedback for an authentication event indicating if it was from a valid user
admin_update_device_status Updates the device status as an administrator
admin_update_user_attributes This action might generate an SMS text message
admin_user_global_sign_out Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user
associate_software_token Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response
change_password Changes the password for a specified user in a user pool
confirm_device Confirms tracking of the device
confirm_forgot_password Allows a user to enter a confirmation code to reset a forgotten password
confirm_sign_up This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation
create_group Creates a new group in the specified user pool
create_identity_provider Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool
create_resource_server Creates a new OAuth2
create_user_import_job Creates a user import job
create_user_pool This action might generate an SMS text message
create_user_pool_client Creates the user pool client
create_user_pool_domain Creates a new domain for a user pool
delete_group Deletes a group
delete_identity_provider Deletes an IdP for a user pool
delete_resource_server Deletes a resource server
delete_user Allows a user to delete their own user profile
delete_user_attributes Deletes the attributes for a user
delete_user_pool Deletes the specified Amazon Cognito user pool
delete_user_pool_client Allows the developer to delete the user pool client
delete_user_pool_domain Deletes a domain for a user pool
describe_identity_provider Gets information about a specific IdP
describe_resource_server Describes a resource server
describe_risk_configuration Describes the risk configuration
describe_user_import_job Describes the user import job
describe_user_pool Returns the configuration information and metadata of the specified user pool
describe_user_pool_client Client method for returning the configuration information and metadata of the specified user pool app client
describe_user_pool_domain Gets information about a domain
forget_device Forgets the specified device
forgot_password Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password
get_csv_header Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job
get_device Gets the device
get_group Gets a group
get_identity_provider_by_identifier Gets the specified IdP
get_log_delivery_configuration Gets the logging configuration of a user pool
get_signing_certificate This method takes a user pool ID, and returns the signing certificate
get_ui_customization Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client
get_user Gets the user attributes and metadata for a user
get_user_attribute_verification_code Generates a user attribute verification code for the specified attribute name
get_user_pool_mfa_config Gets the user pool multi-factor authentication (MFA) configuration
global_sign_out Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user
initiate_auth Initiates sign-in for a user in the Amazon Cognito user directory
list_devices Lists the sign-in devices that Amazon Cognito has registered to the current user
list_groups Lists the groups associated with a user pool
list_identity_providers Lists information about all IdPs for a user pool
list_resource_servers Lists the resource servers for a user pool
list_tags_for_resource Lists the tags that are assigned to an Amazon Cognito user pool
list_user_import_jobs Lists user import jobs for a user pool
list_user_pool_clients Lists the clients that have been created for the specified user pool
list_user_pools Lists the user pools associated with an Amazon Web Services account
list_users Lists users and their basic details in a user pool
list_users_in_group Lists the users in the specified group
resend_confirmation_code Resends the confirmation (for confirmation of registration) to a specific user in the user pool
respond_to_auth_challenge Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge
revoke_token Revokes all of the access tokens generated by, and at the same time as, the specified refresh token
set_log_delivery_configuration Sets up or modifies the logging configuration of a user pool
set_risk_configuration Configures actions on detected risks
set_ui_customization Sets the user interface (UI) customization information for a user pool's built-in app UI
set_user_mfa_preference Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred
set_user_pool_mfa_config Sets the user pool multi-factor authentication (MFA) configuration
set_user_settings This action is no longer supported
sign_up Registers the user in the specified user pool and creates a user name, password, and user attributes
start_user_import_job Starts the user import
stop_user_import_job Stops the user import job
tag_resource Assigns a set of tags to an Amazon Cognito user pool
untag_resource Removes the specified tags from an Amazon Cognito user pool
update_auth_event_feedback Provides the feedback for an authentication event, whether it was from a valid user or not
update_device_status Updates the device status
update_group Updates the specified group with the specified attributes
update_identity_provider Updates IdP information for a user pool
update_resource_server Updates the name and scopes of resource server
update_user_attributes With this operation, your users can update one or more of their attributes with their own credentials
update_user_pool This action might generate an SMS text message
update_user_pool_client Updates the specified user pool app client with the specified attributes
update_user_pool_domain Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool
verify_software_token Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful
verify_user_attribute Verifies the specified user attributes in the user pool

Examples

## Not run: 
svc <- cognitoidentityprovider()
# This request submits a value for all possible parameters for
# AdminCreateUser.
svc$admin_create_user(
  DesiredDeliveryMediums = list(
    "SMS"
  ),
  MessageAction = "SUPPRESS",
  TemporaryPassword = "This-is-my-test-99!",
  UserAttributes = list(
    list(
      Name = "name",
      Value = "John"
    ),
    list(
      Name = "phone_number",
      Value = "+12065551212"
    ),
    list(
      Name = "email",
      Value = "testuser@example.com"
    )
  ),
  UserPoolId = "us-east-1_EXAMPLE",
  Username = "testuser"
)

## End(Not run)


paws.security.identity documentation built on Sept. 12, 2024, 6:30 a.m.