Interface CognitoIdentityProviderClient

All Superinterfaces:

AutoCloseable, AwsClient, SdkAutoCloseable, SdkClient

@Generated("software.amazon.awssdk:codegen")
@SdkPublicApi
@ThreadSafe
public interface CognitoIdentityProviderClient
extends AwsClient

Service client for accessing Amazon Cognito Identity Provider. This can be created using the static builder() method.

With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and managed login reference.

This API reference provides detailed information about API operations and object types in Amazon Cognito.

Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.

1. An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.

2. A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.

3. A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.

For more information, see Understanding API, OIDC, and managed login pages authentication in the Amazon Cognito Developer Guide.

With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in supported Amazon Web Services SDKs.

To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	SERVICE_METADATA_ID	Value for looking up the service's metadata from the ServiceMetadataProvider.
static final String	SERVICE_NAME

Method Summary

Modifier and Type	Method	Description
default AddCustomAttributesResponse	addCustomAttributes(Consumer<AddCustomAttributesRequest.Builder> addCustomAttributesRequest)	Adds additional user attributes to the user pool schema.
default AddCustomAttributesResponse	addCustomAttributes(AddCustomAttributesRequest addCustomAttributesRequest)	Adds additional user attributes to the user pool schema.
default AdminAddUserToGroupResponse	adminAddUserToGroup(Consumer<AdminAddUserToGroupRequest.Builder> adminAddUserToGroupRequest)	Adds a user to a group.
default AdminAddUserToGroupResponse	adminAddUserToGroup(AdminAddUserToGroupRequest adminAddUserToGroupRequest)	Adds a user to a group.
default AdminConfirmSignUpResponse	adminConfirmSignUp(Consumer<AdminConfirmSignUpRequest.Builder> adminConfirmSignUpRequest)	Confirms user sign-up as an administrator.
default AdminConfirmSignUpResponse	adminConfirmSignUp(AdminConfirmSignUpRequest adminConfirmSignUpRequest)	Confirms user sign-up as an administrator.
default AdminCreateUserResponse	adminCreateUser(Consumer<AdminCreateUserRequest.Builder> adminCreateUserRequest)	Creates a new user in the specified user pool.
default AdminCreateUserResponse	adminCreateUser(AdminCreateUserRequest adminCreateUserRequest)	Creates a new user in the specified user pool.
default AdminDeleteUserResponse	adminDeleteUser(Consumer<AdminDeleteUserRequest.Builder> adminDeleteUserRequest)	Deletes a user profile in your user pool.
default AdminDeleteUserResponse	adminDeleteUser(AdminDeleteUserRequest adminDeleteUserRequest)	Deletes a user profile in your user pool.
default AdminDeleteUserAttributesResponse	adminDeleteUserAttributes(Consumer<AdminDeleteUserAttributesRequest.Builder> adminDeleteUserAttributesRequest)	Deletes attribute values from a user.
default AdminDeleteUserAttributesResponse	adminDeleteUserAttributes(AdminDeleteUserAttributesRequest adminDeleteUserAttributesRequest)	Deletes attribute values from a user.
default AdminDisableProviderForUserResponse	adminDisableProviderForUser(Consumer<AdminDisableProviderForUserRequest.Builder> adminDisableProviderForUserRequest)	Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP).
default AdminDisableProviderForUserResponse	adminDisableProviderForUser(AdminDisableProviderForUserRequest adminDisableProviderForUserRequest)	Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP).
default AdminDisableUserResponse	adminDisableUser(Consumer<AdminDisableUserRequest.Builder> adminDisableUserRequest)	Deactivates a user profile and revokes all access tokens for the user.
default AdminDisableUserResponse	adminDisableUser(AdminDisableUserRequest adminDisableUserRequest)	Deactivates a user profile and revokes all access tokens for the user.
default AdminEnableUserResponse	adminEnableUser(Consumer<AdminEnableUserRequest.Builder> adminEnableUserRequest)	Activates sign-in for a user profile that previously had sign-in access disabled.
default AdminEnableUserResponse	adminEnableUser(AdminEnableUserRequest adminEnableUserRequest)	Activates sign-in for a user profile that previously had sign-in access disabled.
default AdminForgetDeviceResponse	adminForgetDevice(Consumer<AdminForgetDeviceRequest.Builder> adminForgetDeviceRequest)	Forgets, or deletes, a remembered device from a user's profile.
default AdminForgetDeviceResponse	adminForgetDevice(AdminForgetDeviceRequest adminForgetDeviceRequest)	Forgets, or deletes, a remembered device from a user's profile.
default AdminGetDeviceResponse	adminGetDevice(Consumer<AdminGetDeviceRequest.Builder> adminGetDeviceRequest)	Given the device key, returns details for a user's device.
default AdminGetDeviceResponse	adminGetDevice(AdminGetDeviceRequest adminGetDeviceRequest)	Given the device key, returns details for a user's device.
default AdminGetUserResponse	adminGetUser(Consumer<AdminGetUserRequest.Builder> adminGetUserRequest)	Given a username, returns details about a user profile in a user pool.
default AdminGetUserResponse	adminGetUser(AdminGetUserRequest adminGetUserRequest)	Given a username, returns details about a user profile in a user pool.
default AdminInitiateAuthResponse	adminInitiateAuth(Consumer<AdminInitiateAuthRequest.Builder> adminInitiateAuthRequest)	Starts sign-in for applications with a server-side component, for example a traditional web application.
default AdminInitiateAuthResponse	adminInitiateAuth(AdminInitiateAuthRequest adminInitiateAuthRequest)	Starts sign-in for applications with a server-side component, for example a traditional web application.
default AdminLinkProviderForUserResponse	adminLinkProviderForUser(Consumer<AdminLinkProviderForUserRequest.Builder> adminLinkProviderForUserRequest)	Links an existing user account in a user pool, or DestinationUser, to an identity from an external IdP, or SourceUser, based on a specified attribute name and value from the external IdP.
default AdminLinkProviderForUserResponse	adminLinkProviderForUser(AdminLinkProviderForUserRequest adminLinkProviderForUserRequest)	Links an existing user account in a user pool, or DestinationUser, to an identity from an external IdP, or SourceUser, based on a specified attribute name and value from the external IdP.
default AdminListDevicesResponse	adminListDevices(Consumer<AdminListDevicesRequest.Builder> adminListDevicesRequest)	Lists a user's registered devices.
default AdminListDevicesResponse	adminListDevices(AdminListDevicesRequest adminListDevicesRequest)	Lists a user's registered devices.
default AdminListGroupsForUserResponse	adminListGroupsForUser(Consumer<AdminListGroupsForUserRequest.Builder> adminListGroupsForUserRequest)	Lists the groups that a user belongs to.
default AdminListGroupsForUserResponse	adminListGroupsForUser(AdminListGroupsForUserRequest adminListGroupsForUserRequest)	Lists the groups that a user belongs to.
default AdminListGroupsForUserIterable	adminListGroupsForUserPaginator(Consumer<AdminListGroupsForUserRequest.Builder> adminListGroupsForUserRequest)	This is a variant of adminListGroupsForUser(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListGroupsForUserRequest) operation.
default AdminListGroupsForUserIterable	adminListGroupsForUserPaginator(AdminListGroupsForUserRequest adminListGroupsForUserRequest)	This is a variant of adminListGroupsForUser(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListGroupsForUserRequest) operation.
default AdminListUserAuthEventsResponse	adminListUserAuthEvents(Consumer<AdminListUserAuthEventsRequest.Builder> adminListUserAuthEventsRequest)	Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection.
default AdminListUserAuthEventsResponse	adminListUserAuthEvents(AdminListUserAuthEventsRequest adminListUserAuthEventsRequest)	Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection.
default AdminListUserAuthEventsIterable	adminListUserAuthEventsPaginator(Consumer<AdminListUserAuthEventsRequest.Builder> adminListUserAuthEventsRequest)	This is a variant of adminListUserAuthEvents(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListUserAuthEventsRequest) operation.
default AdminListUserAuthEventsIterable	adminListUserAuthEventsPaginator(AdminListUserAuthEventsRequest adminListUserAuthEventsRequest)	This is a variant of adminListUserAuthEvents(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListUserAuthEventsRequest) operation.
default AdminRemoveUserFromGroupResponse	adminRemoveUserFromGroup(Consumer<AdminRemoveUserFromGroupRequest.Builder> adminRemoveUserFromGroupRequest)	Given a username and a group name, removes them from the group.
default AdminRemoveUserFromGroupResponse	adminRemoveUserFromGroup(AdminRemoveUserFromGroupRequest adminRemoveUserFromGroupRequest)	Given a username and a group name, removes them from the group.
default AdminResetUserPasswordResponse	adminResetUserPassword(Consumer<AdminResetUserPasswordRequest.Builder> adminResetUserPasswordRequest)	Begins the password reset process.
default AdminResetUserPasswordResponse	adminResetUserPassword(AdminResetUserPasswordRequest adminResetUserPasswordRequest)	Begins the password reset process.
default AdminRespondToAuthChallengeResponse	adminRespondToAuthChallenge(Consumer<AdminRespondToAuthChallengeRequest.Builder> adminRespondToAuthChallengeRequest)	Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
default AdminRespondToAuthChallengeResponse	adminRespondToAuthChallenge(AdminRespondToAuthChallengeRequest adminRespondToAuthChallengeRequest)	Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
default AdminSetUserMfaPreferenceResponse	adminSetUserMFAPreference(Consumer<AdminSetUserMfaPreferenceRequest.Builder> adminSetUserMfaPreferenceRequest)	Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred.
default AdminSetUserMfaPreferenceResponse	adminSetUserMFAPreference(AdminSetUserMfaPreferenceRequest adminSetUserMfaPreferenceRequest)	Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred.
default AdminSetUserPasswordResponse	adminSetUserPassword(Consumer<AdminSetUserPasswordRequest.Builder> adminSetUserPasswordRequest)	Sets the specified user's password in a user pool.
default AdminSetUserPasswordResponse	adminSetUserPassword(AdminSetUserPasswordRequest adminSetUserPasswordRequest)	Sets the specified user's password in a user pool.
default AdminSetUserSettingsResponse	adminSetUserSettings(Consumer<AdminSetUserSettingsRequest.Builder> adminSetUserSettingsRequest)	This action is no longer supported. You can use it to configure only SMS MFA.
default AdminSetUserSettingsResponse	adminSetUserSettings(AdminSetUserSettingsRequest adminSetUserSettingsRequest)	This action is no longer supported. You can use it to configure only SMS MFA.
default AdminUpdateAuthEventFeedbackResponse	adminUpdateAuthEventFeedback(Consumer<AdminUpdateAuthEventFeedbackRequest.Builder> adminUpdateAuthEventFeedbackRequest)	Provides the feedback for an authentication event generated by threat protection features.
default AdminUpdateAuthEventFeedbackResponse	adminUpdateAuthEventFeedback(AdminUpdateAuthEventFeedbackRequest adminUpdateAuthEventFeedbackRequest)	Provides the feedback for an authentication event generated by threat protection features.
default AdminUpdateDeviceStatusResponse	adminUpdateDeviceStatus(Consumer<AdminUpdateDeviceStatusRequest.Builder> adminUpdateDeviceStatusRequest)	Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication.
default AdminUpdateDeviceStatusResponse	adminUpdateDeviceStatus(AdminUpdateDeviceStatusRequest adminUpdateDeviceStatusRequest)	Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication.
default AdminUpdateUserAttributesResponse	adminUpdateUserAttributes(Consumer<AdminUpdateUserAttributesRequest.Builder> adminUpdateUserAttributesRequest)	Updates the specified user's attributes.
default AdminUpdateUserAttributesResponse	adminUpdateUserAttributes(AdminUpdateUserAttributesRequest adminUpdateUserAttributesRequest)	Updates the specified user's attributes.
default AdminUserGlobalSignOutResponse	adminUserGlobalSignOut(Consumer<AdminUserGlobalSignOutRequest.Builder> adminUserGlobalSignOutRequest)	Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
default AdminUserGlobalSignOutResponse	adminUserGlobalSignOut(AdminUserGlobalSignOutRequest adminUserGlobalSignOutRequest)	Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
default AssociateSoftwareTokenResponse	associateSoftwareToken(Consumer<AssociateSoftwareTokenRequest.Builder> associateSoftwareTokenRequest)	Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response.
default AssociateSoftwareTokenResponse	associateSoftwareToken(AssociateSoftwareTokenRequest associateSoftwareTokenRequest)	Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response.
static CognitoIdentityProviderClientBuilder	builder()	Create a builder that can be used to configure and create a CognitoIdentityProviderClient.
default ChangePasswordResponse	changePassword(Consumer<ChangePasswordRequest.Builder> changePasswordRequest)	Changes the password for the currently signed-in user.
default ChangePasswordResponse	changePassword(ChangePasswordRequest changePasswordRequest)	Changes the password for the currently signed-in user.
default CompleteWebAuthnRegistrationResponse	completeWebAuthnRegistration(Consumer<CompleteWebAuthnRegistrationRequest.Builder> completeWebAuthnRegistrationRequest)	Completes registration of a passkey authenticator for the currently signed-in user.
default CompleteWebAuthnRegistrationResponse	completeWebAuthnRegistration(CompleteWebAuthnRegistrationRequest completeWebAuthnRegistrationRequest)	Completes registration of a passkey authenticator for the currently signed-in user.
default ConfirmDeviceResponse	confirmDevice(Consumer<ConfirmDeviceRequest.Builder> confirmDeviceRequest)	Confirms a device that a user wants to remember.
default ConfirmDeviceResponse	confirmDevice(ConfirmDeviceRequest confirmDeviceRequest)	Confirms a device that a user wants to remember.
default ConfirmForgotPasswordResponse	confirmForgotPassword(Consumer<ConfirmForgotPasswordRequest.Builder> confirmForgotPasswordRequest)	This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user.
default ConfirmForgotPasswordResponse	confirmForgotPassword(ConfirmForgotPasswordRequest confirmForgotPasswordRequest)	This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user.
default ConfirmSignUpResponse	confirmSignUp(Consumer<ConfirmSignUpRequest.Builder> confirmSignUpRequest)	Confirms the account of a new user.
default ConfirmSignUpResponse	confirmSignUp(ConfirmSignUpRequest confirmSignUpRequest)	Confirms the account of a new user.
static CognitoIdentityProviderClient	create()	Create a CognitoIdentityProviderClient with the region loaded from the DefaultAwsRegionProviderChain and credentials loaded from the DefaultCredentialsProvider.
default CreateGroupResponse	createGroup(Consumer<CreateGroupRequest.Builder> createGroupRequest)	Creates a new group in the specified user pool.
default CreateGroupResponse	createGroup(CreateGroupRequest createGroupRequest)	Creates a new group in the specified user pool.
default CreateIdentityProviderResponse	createIdentityProvider(Consumer<CreateIdentityProviderRequest.Builder> createIdentityProviderRequest)	Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
default CreateIdentityProviderResponse	createIdentityProvider(CreateIdentityProviderRequest createIdentityProviderRequest)	Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
default CreateManagedLoginBrandingResponse	createManagedLoginBranding(Consumer<CreateManagedLoginBrandingRequest.Builder> createManagedLoginBrandingRequest)	Creates a new set of branding settings for a user pool style and associates it with an app client.
default CreateManagedLoginBrandingResponse	createManagedLoginBranding(CreateManagedLoginBrandingRequest createManagedLoginBrandingRequest)	Creates a new set of branding settings for a user pool style and associates it with an app client.
default CreateResourceServerResponse	createResourceServer(Consumer<CreateResourceServerRequest.Builder> createResourceServerRequest)	Creates a new OAuth2.0 resource server and defines custom scopes within it.
default CreateResourceServerResponse	createResourceServer(CreateResourceServerRequest createResourceServerRequest)	Creates a new OAuth2.0 resource server and defines custom scopes within it.
default CreateTermsResponse	createTerms(Consumer<CreateTermsRequest.Builder> createTermsRequest)	Creates terms documents for the requested app client.
default CreateTermsResponse	createTerms(CreateTermsRequest createTermsRequest)	Creates terms documents for the requested app client.
default CreateUserImportJobResponse	createUserImportJob(Consumer<CreateUserImportJobRequest.Builder> createUserImportJobRequest)	Creates a user import job.
default CreateUserImportJobResponse	createUserImportJob(CreateUserImportJobRequest createUserImportJobRequest)	Creates a user import job.
default CreateUserPoolResponse	createUserPool(Consumer<CreateUserPoolRequest.Builder> createUserPoolRequest)	Creates a new Amazon Cognito user pool.
default CreateUserPoolResponse	createUserPool(CreateUserPoolRequest createUserPoolRequest)	Creates a new Amazon Cognito user pool.
default CreateUserPoolClientResponse	createUserPoolClient(Consumer<CreateUserPoolClientRequest.Builder> createUserPoolClientRequest)	Creates an app client in a user pool.
default CreateUserPoolClientResponse	createUserPoolClient(CreateUserPoolClientRequest createUserPoolClientRequest)	Creates an app client in a user pool.
default CreateUserPoolDomainResponse	createUserPoolDomain(Consumer<CreateUserPoolDomainRequest.Builder> createUserPoolDomainRequest)	A user pool domain hosts managed login, an authorization server and web server for authentication in your application.
default CreateUserPoolDomainResponse	createUserPoolDomain(CreateUserPoolDomainRequest createUserPoolDomainRequest)	A user pool domain hosts managed login, an authorization server and web server for authentication in your application.
default DeleteGroupResponse	deleteGroup(Consumer<DeleteGroupRequest.Builder> deleteGroupRequest)	Deletes a group from the specified user pool.
default DeleteGroupResponse	deleteGroup(DeleteGroupRequest deleteGroupRequest)	Deletes a group from the specified user pool.
default DeleteIdentityProviderResponse	deleteIdentityProvider(Consumer<DeleteIdentityProviderRequest.Builder> deleteIdentityProviderRequest)	Deletes a user pool identity provider (IdP).
default DeleteIdentityProviderResponse	deleteIdentityProvider(DeleteIdentityProviderRequest deleteIdentityProviderRequest)	Deletes a user pool identity provider (IdP).
default DeleteManagedLoginBrandingResponse	deleteManagedLoginBranding(Consumer<DeleteManagedLoginBrandingRequest.Builder> deleteManagedLoginBrandingRequest)	Deletes a managed login branding style.
default DeleteManagedLoginBrandingResponse	deleteManagedLoginBranding(DeleteManagedLoginBrandingRequest deleteManagedLoginBrandingRequest)	Deletes a managed login branding style.
default DeleteResourceServerResponse	deleteResourceServer(Consumer<DeleteResourceServerRequest.Builder> deleteResourceServerRequest)	Deletes a resource server.
default DeleteResourceServerResponse	deleteResourceServer(DeleteResourceServerRequest deleteResourceServerRequest)	Deletes a resource server.
default DeleteTermsResponse	deleteTerms(Consumer<DeleteTermsRequest.Builder> deleteTermsRequest)	Deletes the terms documents with the requested ID from your app client.
default DeleteTermsResponse	deleteTerms(DeleteTermsRequest deleteTermsRequest)	Deletes the terms documents with the requested ID from your app client.
default DeleteUserResponse	deleteUser(Consumer<DeleteUserRequest.Builder> deleteUserRequest)	Deletes the profile of the currently signed-in user.
default DeleteUserResponse	deleteUser(DeleteUserRequest deleteUserRequest)	Deletes the profile of the currently signed-in user.
default DeleteUserAttributesResponse	deleteUserAttributes(Consumer<DeleteUserAttributesRequest.Builder> deleteUserAttributesRequest)	Deletes attributes from the currently signed-in user.
default DeleteUserAttributesResponse	deleteUserAttributes(DeleteUserAttributesRequest deleteUserAttributesRequest)	Deletes attributes from the currently signed-in user.
default DeleteUserPoolResponse	deleteUserPool(Consumer<DeleteUserPoolRequest.Builder> deleteUserPoolRequest)	Deletes a user pool.
default DeleteUserPoolResponse	deleteUserPool(DeleteUserPoolRequest deleteUserPoolRequest)	Deletes a user pool.
default DeleteUserPoolClientResponse	deleteUserPoolClient(Consumer<DeleteUserPoolClientRequest.Builder> deleteUserPoolClientRequest)	Deletes a user pool app client.
default DeleteUserPoolClientResponse	deleteUserPoolClient(DeleteUserPoolClientRequest deleteUserPoolClientRequest)	Deletes a user pool app client.
default DeleteUserPoolDomainResponse	deleteUserPoolDomain(Consumer<DeleteUserPoolDomainRequest.Builder> deleteUserPoolDomainRequest)	Given a user pool ID and domain identifier, deletes a user pool domain.
default DeleteUserPoolDomainResponse	deleteUserPoolDomain(DeleteUserPoolDomainRequest deleteUserPoolDomainRequest)	Given a user pool ID and domain identifier, deletes a user pool domain.
default DeleteWebAuthnCredentialResponse	deleteWebAuthnCredential(Consumer<DeleteWebAuthnCredentialRequest.Builder> deleteWebAuthnCredentialRequest)	Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.
default DeleteWebAuthnCredentialResponse	deleteWebAuthnCredential(DeleteWebAuthnCredentialRequest deleteWebAuthnCredentialRequest)	Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.
default DescribeIdentityProviderResponse	describeIdentityProvider(Consumer<DescribeIdentityProviderRequest.Builder> describeIdentityProviderRequest)	Given a user pool ID and identity provider (IdP) name, returns details about the IdP.
default DescribeIdentityProviderResponse	describeIdentityProvider(DescribeIdentityProviderRequest describeIdentityProviderRequest)	Given a user pool ID and identity provider (IdP) name, returns details about the IdP.
default DescribeManagedLoginBrandingResponse	describeManagedLoginBranding(Consumer<DescribeManagedLoginBrandingRequest.Builder> describeManagedLoginBrandingRequest)	Given the ID of a managed login branding style, returns detailed information about the style.
default DescribeManagedLoginBrandingResponse	describeManagedLoginBranding(DescribeManagedLoginBrandingRequest describeManagedLoginBrandingRequest)	Given the ID of a managed login branding style, returns detailed information about the style.
default DescribeManagedLoginBrandingByClientResponse	describeManagedLoginBrandingByClient(Consumer<DescribeManagedLoginBrandingByClientRequest.Builder> describeManagedLoginBrandingByClientRequest)	Given the ID of a user pool app client, returns detailed information about the style assigned to the app client.
default DescribeManagedLoginBrandingByClientResponse	describeManagedLoginBrandingByClient(DescribeManagedLoginBrandingByClientRequest describeManagedLoginBrandingByClientRequest)	Given the ID of a user pool app client, returns detailed information about the style assigned to the app client.
default DescribeResourceServerResponse	describeResourceServer(Consumer<DescribeResourceServerRequest.Builder> describeResourceServerRequest)	Describes a resource server.
default DescribeResourceServerResponse	describeResourceServer(DescribeResourceServerRequest describeResourceServerRequest)	Describes a resource server.
default DescribeRiskConfigurationResponse	describeRiskConfiguration(Consumer<DescribeRiskConfigurationRequest.Builder> describeRiskConfigurationRequest)	Given an app client or user pool ID where threat protection is configured, describes the risk configuration.
default DescribeRiskConfigurationResponse	describeRiskConfiguration(DescribeRiskConfigurationRequest describeRiskConfigurationRequest)	Given an app client or user pool ID where threat protection is configured, describes the risk configuration.
default DescribeTermsResponse	describeTerms(Consumer<DescribeTermsRequest.Builder> describeTermsRequest)	Returns details for the requested terms documents ID.
default DescribeTermsResponse	describeTerms(DescribeTermsRequest describeTermsRequest)	Returns details for the requested terms documents ID.
default DescribeUserImportJobResponse	describeUserImportJob(Consumer<DescribeUserImportJobRequest.Builder> describeUserImportJobRequest)	Describes a user import job.
default DescribeUserImportJobResponse	describeUserImportJob(DescribeUserImportJobRequest describeUserImportJobRequest)	Describes a user import job.
default DescribeUserPoolResponse	describeUserPool(Consumer<DescribeUserPoolRequest.Builder> describeUserPoolRequest)	Given a user pool ID, returns configuration information.
default DescribeUserPoolResponse	describeUserPool(DescribeUserPoolRequest describeUserPoolRequest)	Given a user pool ID, returns configuration information.
default DescribeUserPoolClientResponse	describeUserPoolClient(Consumer<DescribeUserPoolClientRequest.Builder> describeUserPoolClientRequest)	Given an app client ID, returns configuration information.
default DescribeUserPoolClientResponse	describeUserPoolClient(DescribeUserPoolClientRequest describeUserPoolClientRequest)	Given an app client ID, returns configuration information.
default DescribeUserPoolDomainResponse	describeUserPoolDomain(Consumer<DescribeUserPoolDomainRequest.Builder> describeUserPoolDomainRequest)	Given a user pool domain name, returns information about the domain configuration.
default DescribeUserPoolDomainResponse	describeUserPoolDomain(DescribeUserPoolDomainRequest describeUserPoolDomainRequest)	Given a user pool domain name, returns information about the domain configuration.
default ForgetDeviceResponse	forgetDevice(Consumer<ForgetDeviceRequest.Builder> forgetDeviceRequest)	Given a device key, deletes a remembered device as the currently signed-in user.
default ForgetDeviceResponse	forgetDevice(ForgetDeviceRequest forgetDeviceRequest)	Given a device key, deletes a remembered device as the currently signed-in user.
default ForgotPasswordResponse	forgotPassword(Consumer<ForgotPasswordRequest.Builder> forgotPasswordRequest)	Sends a password-reset confirmation code to the email address or phone number of the requested username.
default ForgotPasswordResponse	forgotPassword(ForgotPasswordRequest forgotPasswordRequest)	Sends a password-reset confirmation code to the email address or phone number of the requested username.
default GetCsvHeaderResponse	getCSVHeader(Consumer<GetCsvHeaderRequest.Builder> getCsvHeaderRequest)	Given a user pool ID, generates a comma-separated value (CSV) list populated with available user attributes in the user pool.
default GetCsvHeaderResponse	getCSVHeader(GetCsvHeaderRequest getCsvHeaderRequest)	Given a user pool ID, generates a comma-separated value (CSV) list populated with available user attributes in the user pool.
default GetDeviceResponse	getDevice(Consumer<GetDeviceRequest.Builder> getDeviceRequest)	Given a device key, returns information about a remembered device for the current user.
default GetDeviceResponse	getDevice(GetDeviceRequest getDeviceRequest)	Given a device key, returns information about a remembered device for the current user.
default GetGroupResponse	getGroup(Consumer<GetGroupRequest.Builder> getGroupRequest)	Given a user pool ID and a group name, returns information about the user group.
default GetGroupResponse	getGroup(GetGroupRequest getGroupRequest)	Given a user pool ID and a group name, returns information about the user group.
default GetIdentityProviderByIdentifierResponse	getIdentityProviderByIdentifier(Consumer<GetIdentityProviderByIdentifierRequest.Builder> getIdentityProviderByIdentifierRequest)	Given the identifier of an identity provider (IdP), for example examplecorp, returns information about the user pool configuration for that IdP.
default GetIdentityProviderByIdentifierResponse	getIdentityProviderByIdentifier(GetIdentityProviderByIdentifierRequest getIdentityProviderByIdentifierRequest)	Given the identifier of an identity provider (IdP), for example examplecorp, returns information about the user pool configuration for that IdP.
default GetLogDeliveryConfigurationResponse	getLogDeliveryConfiguration(Consumer<GetLogDeliveryConfigurationRequest.Builder> getLogDeliveryConfigurationRequest)	Given a user pool ID, returns the logging configuration.
default GetLogDeliveryConfigurationResponse	getLogDeliveryConfiguration(GetLogDeliveryConfigurationRequest getLogDeliveryConfigurationRequest)	Given a user pool ID, returns the logging configuration.
default GetSigningCertificateResponse	getSigningCertificate(Consumer<GetSigningCertificateRequest.Builder> getSigningCertificateRequest)	Given a user pool ID, returns the signing certificate for SAML 2.0 federation.
default GetSigningCertificateResponse	getSigningCertificate(GetSigningCertificateRequest getSigningCertificateRequest)	Given a user pool ID, returns the signing certificate for SAML 2.0 federation.
default GetTokensFromRefreshTokenResponse	getTokensFromRefreshToken(Consumer<GetTokensFromRefreshTokenRequest.Builder> getTokensFromRefreshTokenRequest)	Given a refresh token, issues new ID, access, and optionally refresh tokens for the user who owns the submitted token.
default GetTokensFromRefreshTokenResponse	getTokensFromRefreshToken(GetTokensFromRefreshTokenRequest getTokensFromRefreshTokenRequest)	Given a refresh token, issues new ID, access, and optionally refresh tokens for the user who owns the submitted token.
default GetUiCustomizationResponse	getUICustomization(Consumer<GetUiCustomizationRequest.Builder> getUiCustomizationRequest)	Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any.
default GetUiCustomizationResponse	getUICustomization(GetUiCustomizationRequest getUiCustomizationRequest)	Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any.
default GetUserResponse	getUser(Consumer<GetUserRequest.Builder> getUserRequest)	Gets user attributes and and MFA settings for the currently signed-in user.
default GetUserResponse	getUser(GetUserRequest getUserRequest)	Gets user attributes and and MFA settings for the currently signed-in user.
default GetUserAttributeVerificationCodeResponse	getUserAttributeVerificationCode(Consumer<GetUserAttributeVerificationCodeRequest.Builder> getUserAttributeVerificationCodeRequest)	Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.
default GetUserAttributeVerificationCodeResponse	getUserAttributeVerificationCode(GetUserAttributeVerificationCodeRequest getUserAttributeVerificationCodeRequest)	Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.
default GetUserAuthFactorsResponse	getUserAuthFactors(Consumer<GetUserAuthFactorsRequest.Builder> getUserAuthFactorsRequest)	Lists the authentication options for the currently signed-in user.
default GetUserAuthFactorsResponse	getUserAuthFactors(GetUserAuthFactorsRequest getUserAuthFactorsRequest)	Lists the authentication options for the currently signed-in user.
default GetUserPoolMfaConfigResponse	getUserPoolMfaConfig(Consumer<GetUserPoolMfaConfigRequest.Builder> getUserPoolMfaConfigRequest)	Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA).
default GetUserPoolMfaConfigResponse	getUserPoolMfaConfig(GetUserPoolMfaConfigRequest getUserPoolMfaConfigRequest)	Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA).
default GlobalSignOutResponse	globalSignOut(Consumer<GlobalSignOutRequest.Builder> globalSignOutRequest)	Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
default GlobalSignOutResponse	globalSignOut(GlobalSignOutRequest globalSignOutRequest)	Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user.
default InitiateAuthResponse	initiateAuth(Consumer<InitiateAuthRequest.Builder> initiateAuthRequest)	Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user directory.
default InitiateAuthResponse	initiateAuth(InitiateAuthRequest initiateAuthRequest)	Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user directory.
default ListDevicesResponse	listDevices(Consumer<ListDevicesRequest.Builder> listDevicesRequest)	Lists the devices that Amazon Cognito has registered to the currently signed-in user.
default ListDevicesResponse	listDevices(ListDevicesRequest listDevicesRequest)	Lists the devices that Amazon Cognito has registered to the currently signed-in user.
default ListGroupsResponse	listGroups(Consumer<ListGroupsRequest.Builder> listGroupsRequest)	Given a user pool ID, returns user pool groups and their details.
default ListGroupsResponse	listGroups(ListGroupsRequest listGroupsRequest)	Given a user pool ID, returns user pool groups and their details.
default ListGroupsIterable	listGroupsPaginator(Consumer<ListGroupsRequest.Builder> listGroupsRequest)	This is a variant of listGroups(software.amazon.awssdk.services.cognitoidentityprovider.model.ListGroupsRequest) operation.
default ListGroupsIterable	listGroupsPaginator(ListGroupsRequest listGroupsRequest)	This is a variant of listGroups(software.amazon.awssdk.services.cognitoidentityprovider.model.ListGroupsRequest) operation.
default ListIdentityProvidersResponse	listIdentityProviders(Consumer<ListIdentityProvidersRequest.Builder> listIdentityProvidersRequest)	Given a user pool ID, returns information about configured identity providers (IdPs).
default ListIdentityProvidersResponse	listIdentityProviders(ListIdentityProvidersRequest listIdentityProvidersRequest)	Given a user pool ID, returns information about configured identity providers (IdPs).
default ListIdentityProvidersIterable	listIdentityProvidersPaginator(Consumer<ListIdentityProvidersRequest.Builder> listIdentityProvidersRequest)	This is a variant of listIdentityProviders(software.amazon.awssdk.services.cognitoidentityprovider.model.ListIdentityProvidersRequest) operation.
default ListIdentityProvidersIterable	listIdentityProvidersPaginator(ListIdentityProvidersRequest listIdentityProvidersRequest)	This is a variant of listIdentityProviders(software.amazon.awssdk.services.cognitoidentityprovider.model.ListIdentityProvidersRequest) operation.
default ListResourceServersResponse	listResourceServers(Consumer<ListResourceServersRequest.Builder> listResourceServersRequest)	Given a user pool ID, returns all resource servers and their details.
default ListResourceServersResponse	listResourceServers(ListResourceServersRequest listResourceServersRequest)	Given a user pool ID, returns all resource servers and their details.
default ListResourceServersIterable	listResourceServersPaginator(Consumer<ListResourceServersRequest.Builder> listResourceServersRequest)	This is a variant of listResourceServers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListResourceServersRequest) operation.
default ListResourceServersIterable	listResourceServersPaginator(ListResourceServersRequest listResourceServersRequest)	This is a variant of listResourceServers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListResourceServersRequest) operation.
default ListTagsForResourceResponse	listTagsForResource(Consumer<ListTagsForResourceRequest.Builder> listTagsForResourceRequest)	Lists the tags that are assigned to an Amazon Cognito user pool.
default ListTagsForResourceResponse	listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)	Lists the tags that are assigned to an Amazon Cognito user pool.
default ListTermsResponse	listTerms(Consumer<ListTermsRequest.Builder> listTermsRequest)	Returns details about all terms documents for the requested user pool.
default ListTermsResponse	listTerms(ListTermsRequest listTermsRequest)	Returns details about all terms documents for the requested user pool.
default ListUserImportJobsResponse	listUserImportJobs(Consumer<ListUserImportJobsRequest.Builder> listUserImportJobsRequest)	Given a user pool ID, returns user import jobs and their details.
default ListUserImportJobsResponse	listUserImportJobs(ListUserImportJobsRequest listUserImportJobsRequest)	Given a user pool ID, returns user import jobs and their details.
default ListUserPoolClientsResponse	listUserPoolClients(Consumer<ListUserPoolClientsRequest.Builder> listUserPoolClientsRequest)	Given a user pool ID, lists app clients.
default ListUserPoolClientsResponse	listUserPoolClients(ListUserPoolClientsRequest listUserPoolClientsRequest)	Given a user pool ID, lists app clients.
default ListUserPoolClientsIterable	listUserPoolClientsPaginator(Consumer<ListUserPoolClientsRequest.Builder> listUserPoolClientsRequest)	This is a variant of listUserPoolClients(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolClientsRequest) operation.
default ListUserPoolClientsIterable	listUserPoolClientsPaginator(ListUserPoolClientsRequest listUserPoolClientsRequest)	This is a variant of listUserPoolClients(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolClientsRequest) operation.
default ListUserPoolsResponse	listUserPools(Consumer<ListUserPoolsRequest.Builder> listUserPoolsRequest)	Lists user pools and their details in the current Amazon Web Services account.
default ListUserPoolsResponse	listUserPools(ListUserPoolsRequest listUserPoolsRequest)	Lists user pools and their details in the current Amazon Web Services account.
default ListUserPoolsIterable	listUserPoolsPaginator(Consumer<ListUserPoolsRequest.Builder> listUserPoolsRequest)	This is a variant of listUserPools(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest) operation.
default ListUserPoolsIterable	listUserPoolsPaginator(ListUserPoolsRequest listUserPoolsRequest)	This is a variant of listUserPools(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest) operation.
default ListUsersResponse	listUsers(Consumer<ListUsersRequest.Builder> listUsersRequest)	Given a user pool ID, returns a list of users and their basic details in a user pool.
default ListUsersResponse	listUsers(ListUsersRequest listUsersRequest)	Given a user pool ID, returns a list of users and their basic details in a user pool.
default ListUsersInGroupResponse	listUsersInGroup(Consumer<ListUsersInGroupRequest.Builder> listUsersInGroupRequest)	Given a user pool ID and a group name, returns a list of users in the group.
default ListUsersInGroupResponse	listUsersInGroup(ListUsersInGroupRequest listUsersInGroupRequest)	Given a user pool ID and a group name, returns a list of users in the group.
default ListUsersInGroupIterable	listUsersInGroupPaginator(Consumer<ListUsersInGroupRequest.Builder> listUsersInGroupRequest)	This is a variant of listUsersInGroup(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersInGroupRequest) operation.
default ListUsersInGroupIterable	listUsersInGroupPaginator(ListUsersInGroupRequest listUsersInGroupRequest)	This is a variant of listUsersInGroup(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersInGroupRequest) operation.
default ListUsersIterable	listUsersPaginator(Consumer<ListUsersRequest.Builder> listUsersRequest)	This is a variant of listUsers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest) operation.
default ListUsersIterable	listUsersPaginator(ListUsersRequest listUsersRequest)	This is a variant of listUsers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest) operation.
default ListWebAuthnCredentialsResponse	listWebAuthnCredentials(Consumer<ListWebAuthnCredentialsRequest.Builder> listWebAuthnCredentialsRequest)	Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials.
default ListWebAuthnCredentialsResponse	listWebAuthnCredentials(ListWebAuthnCredentialsRequest listWebAuthnCredentialsRequest)	Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials.
default ResendConfirmationCodeResponse	resendConfirmationCode(Consumer<ResendConfirmationCodeRequest.Builder> resendConfirmationCodeRequest)	Resends the code that confirms a new account for a user who has signed up in your user pool.
default ResendConfirmationCodeResponse	resendConfirmationCode(ResendConfirmationCodeRequest resendConfirmationCodeRequest)	Resends the code that confirms a new account for a user who has signed up in your user pool.
default RespondToAuthChallengeResponse	respondToAuthChallenge(Consumer<RespondToAuthChallengeRequest.Builder> respondToAuthChallengeRequest)	Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
default RespondToAuthChallengeResponse	respondToAuthChallenge(RespondToAuthChallengeRequest respondToAuthChallengeRequest)	Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge.
default RevokeTokenResponse	revokeToken(Consumer<RevokeTokenRequest.Builder> revokeTokenRequest)	Revokes all of the access tokens generated by, and at the same time as, the specified refresh token.
default RevokeTokenResponse	revokeToken(RevokeTokenRequest revokeTokenRequest)	Revokes all of the access tokens generated by, and at the same time as, the specified refresh token.
default CognitoIdentityProviderServiceClientConfiguration	serviceClientConfiguration()	The SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfiguration
static ServiceMetadata	serviceMetadata()
default SetLogDeliveryConfigurationResponse	setLogDeliveryConfiguration(Consumer<SetLogDeliveryConfigurationRequest.Builder> setLogDeliveryConfigurationRequest)	Sets up or modifies the logging configuration of a user pool.
default SetLogDeliveryConfigurationResponse	setLogDeliveryConfiguration(SetLogDeliveryConfigurationRequest setLogDeliveryConfigurationRequest)	Sets up or modifies the logging configuration of a user pool.
default SetRiskConfigurationResponse	setRiskConfiguration(Consumer<SetRiskConfigurationRequest.Builder> setRiskConfigurationRequest)	Configures threat protection for a user pool or app client.
default SetRiskConfigurationResponse	setRiskConfiguration(SetRiskConfigurationRequest setRiskConfigurationRequest)	Configures threat protection for a user pool or app client.
default SetUiCustomizationResponse	setUICustomization(Consumer<SetUiCustomizationRequest.Builder> setUiCustomizationRequest)	Configures UI branding settings for domains with the hosted UI (classic) branding version.
default SetUiCustomizationResponse	setUICustomization(SetUiCustomizationRequest setUiCustomizationRequest)	Configures UI branding settings for domains with the hosted UI (classic) branding version.
default SetUserMfaPreferenceResponse	setUserMFAPreference(Consumer<SetUserMfaPreferenceRequest.Builder> setUserMfaPreferenceRequest)	Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred.
default SetUserMfaPreferenceResponse	setUserMFAPreference(SetUserMfaPreferenceRequest setUserMfaPreferenceRequest)	Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred.
default SetUserPoolMfaConfigResponse	setUserPoolMfaConfig(Consumer<SetUserPoolMfaConfigRequest.Builder> setUserPoolMfaConfigRequest)	Sets user pool multi-factor authentication (MFA) and passkey configuration.
default SetUserPoolMfaConfigResponse	setUserPoolMfaConfig(SetUserPoolMfaConfigRequest setUserPoolMfaConfigRequest)	Sets user pool multi-factor authentication (MFA) and passkey configuration.
default SetUserSettingsResponse	setUserSettings(Consumer<SetUserSettingsRequest.Builder> setUserSettingsRequest)	This action is no longer supported. You can use it to configure only SMS MFA.
default SetUserSettingsResponse	setUserSettings(SetUserSettingsRequest setUserSettingsRequest)	This action is no longer supported. You can use it to configure only SMS MFA.
default SignUpResponse	signUp(Consumer<SignUpRequest.Builder> signUpRequest)	Registers a user with an app client and requests a user name, password, and user attributes in the user pool.
default SignUpResponse	signUp(SignUpRequest signUpRequest)	Registers a user with an app client and requests a user name, password, and user attributes in the user pool.
default StartUserImportJobResponse	startUserImportJob(Consumer<StartUserImportJobRequest.Builder> startUserImportJobRequest)	Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes.
default StartUserImportJobResponse	startUserImportJob(StartUserImportJobRequest startUserImportJobRequest)	Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes.
default StartWebAuthnRegistrationResponse	startWebAuthnRegistration(Consumer<StartWebAuthnRegistrationRequest.Builder> startWebAuthnRegistrationRequest)	Requests credential creation options from your user pool for the currently signed-in user.
default StartWebAuthnRegistrationResponse	startWebAuthnRegistration(StartWebAuthnRegistrationRequest startWebAuthnRegistrationRequest)	Requests credential creation options from your user pool for the currently signed-in user.
default StopUserImportJobResponse	stopUserImportJob(Consumer<StopUserImportJobRequest.Builder> stopUserImportJobRequest)	Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes.
default StopUserImportJobResponse	stopUserImportJob(StopUserImportJobRequest stopUserImportJobRequest)	Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes.
default TagResourceResponse	tagResource(Consumer<TagResourceRequest.Builder> tagResourceRequest)	Assigns a set of tags to an Amazon Cognito user pool.
default TagResourceResponse	tagResource(TagResourceRequest tagResourceRequest)	Assigns a set of tags to an Amazon Cognito user pool.
default UntagResourceResponse	untagResource(Consumer<UntagResourceRequest.Builder> untagResourceRequest)	Given tag IDs that you previously assigned to a user pool, removes them.
default UntagResourceResponse	untagResource(UntagResourceRequest untagResourceRequest)	Given tag IDs that you previously assigned to a user pool, removes them.
default UpdateAuthEventFeedbackResponse	updateAuthEventFeedback(Consumer<UpdateAuthEventFeedbackRequest.Builder> updateAuthEventFeedbackRequest)	Provides the feedback for an authentication event generated by threat protection features.
default UpdateAuthEventFeedbackResponse	updateAuthEventFeedback(UpdateAuthEventFeedbackRequest updateAuthEventFeedbackRequest)	Provides the feedback for an authentication event generated by threat protection features.
default UpdateDeviceStatusResponse	updateDeviceStatus(Consumer<UpdateDeviceStatusRequest.Builder> updateDeviceStatusRequest)	Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication.
default UpdateDeviceStatusResponse	updateDeviceStatus(UpdateDeviceStatusRequest updateDeviceStatusRequest)	Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication.
default UpdateGroupResponse	updateGroup(Consumer<UpdateGroupRequest.Builder> updateGroupRequest)	Given the name of a user pool group, updates any of the properties for precedence, IAM role, or description.
default UpdateGroupResponse	updateGroup(UpdateGroupRequest updateGroupRequest)	Given the name of a user pool group, updates any of the properties for precedence, IAM role, or description.
default UpdateIdentityProviderResponse	updateIdentityProvider(Consumer<UpdateIdentityProviderRequest.Builder> updateIdentityProviderRequest)	Modifies the configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
default UpdateIdentityProviderResponse	updateIdentityProvider(UpdateIdentityProviderRequest updateIdentityProviderRequest)	Modifies the configuration and trust relationship between a third-party identity provider (IdP) and a user pool.
default UpdateManagedLoginBrandingResponse	updateManagedLoginBranding(Consumer<UpdateManagedLoginBrandingRequest.Builder> updateManagedLoginBrandingRequest)	Configures the branding settings for a user pool style.
default UpdateManagedLoginBrandingResponse	updateManagedLoginBranding(UpdateManagedLoginBrandingRequest updateManagedLoginBrandingRequest)	Configures the branding settings for a user pool style.
default UpdateResourceServerResponse	updateResourceServer(Consumer<UpdateResourceServerRequest.Builder> updateResourceServerRequest)	Updates the name and scopes of a resource server.
default UpdateResourceServerResponse	updateResourceServer(UpdateResourceServerRequest updateResourceServerRequest)	Updates the name and scopes of a resource server.
default UpdateTermsResponse	updateTerms(Consumer<UpdateTermsRequest.Builder> updateTermsRequest)	Modifies existing terms documents for the requested app client.
default UpdateTermsResponse	updateTerms(UpdateTermsRequest updateTermsRequest)	Modifies existing terms documents for the requested app client.
default UpdateUserAttributesResponse	updateUserAttributes(Consumer<UpdateUserAttributesRequest.Builder> updateUserAttributesRequest)	Updates the currently signed-in user's attributes.
default UpdateUserAttributesResponse	updateUserAttributes(UpdateUserAttributesRequest updateUserAttributesRequest)	Updates the currently signed-in user's attributes.
default UpdateUserPoolResponse	updateUserPool(Consumer<UpdateUserPoolRequest.Builder> updateUserPoolRequest)	Updates the configuration of a user pool.
default UpdateUserPoolResponse	updateUserPool(UpdateUserPoolRequest updateUserPoolRequest)	Updates the configuration of a user pool.
default UpdateUserPoolClientResponse	updateUserPoolClient(Consumer<UpdateUserPoolClientRequest.Builder> updateUserPoolClientRequest)	Given a user pool app client ID, updates the configuration.
default UpdateUserPoolClientResponse	updateUserPoolClient(UpdateUserPoolClientRequest updateUserPoolClientRequest)	Given a user pool app client ID, updates the configuration.
default UpdateUserPoolDomainResponse	updateUserPoolDomain(Consumer<UpdateUserPoolDomainRequest.Builder> updateUserPoolDomainRequest)	A user pool domain hosts managed login, an authorization server and web server for authentication in your application.
default UpdateUserPoolDomainResponse	updateUserPoolDomain(UpdateUserPoolDomainRequest updateUserPoolDomainRequest)	A user pool domain hosts managed login, an authorization server and web server for authentication in your application.
default VerifySoftwareTokenResponse	verifySoftwareToken(Consumer<VerifySoftwareTokenRequest.Builder> verifySoftwareTokenRequest)	Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool.
default VerifySoftwareTokenResponse	verifySoftwareToken(VerifySoftwareTokenRequest verifySoftwareTokenRequest)	Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool.
default VerifyUserAttributeResponse	verifyUserAttribute(Consumer<VerifyUserAttributeRequest.Builder> verifyUserAttributeRequest)	Submits a verification code for a signed-in user who has added or changed a value of an auto-verified attribute.
default VerifyUserAttributeResponse	verifyUserAttribute(VerifyUserAttributeRequest verifyUserAttributeRequest)	Submits a verification code for a signed-in user who has added or changed a value of an auto-verified attribute.

Methods inherited from interface software.amazon.awssdk.utils.SdkAutoCloseable

close

Methods inherited from interface software.amazon.awssdk.core.SdkClient

serviceName

Field Details

SERVICE_NAME

static final String SERVICE_NAME

See Also:

• Constant Field Values

SERVICE_METADATA_ID

static final String SERVICE_METADATA_ID

Value for looking up the service's metadata from the ServiceMetadataProvider.

See Also:

• Constant Field Values

Method Details

addCustomAttributes

default AddCustomAttributesResponse addCustomAttributes(AddCustomAttributesRequest addCustomAttributesRequest)
                                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserImportInProgressException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Adds additional user attributes to the user pool schema. Custom attributes can be mutable or immutable and have a custom: or dev: prefix. For more information, see Custom attributes.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

addCustomAttributesRequest - Represents the request to add custom attributes.

Returns:

Result of the AddCustomAttributes operation returned by the service.

See Also:

• AWS API Documentation

addCustomAttributes

default AddCustomAttributesResponse addCustomAttributes(Consumer<AddCustomAttributesRequest.Builder> addCustomAttributesRequest)
                                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserImportInProgressException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Adds additional user attributes to the user pool schema. Custom attributes can be mutable or immutable and have a custom: or dev: prefix. For more information, see Custom attributes.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AddCustomAttributesRequest.Builder avoiding the need to create one manually via AddCustomAttributesRequest.builder()

Parameters:

addCustomAttributesRequest - A Consumer that will call methods on AddCustomAttributesRequest.Builder to create a request. Represents the request to add custom attributes.

Returns:

Result of the AddCustomAttributes operation returned by the service.

See Also:

• AWS API Documentation

adminAddUserToGroup

default AdminAddUserToGroupResponse adminAddUserToGroup(AdminAddUserToGroupRequest adminAddUserToGroupRequest)
                                                 throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Adds a user to a group. A user who is in a group can present a preferred-role claim to an identity pool, and populates a cognito:groups claim to their access and identity tokens.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminAddUserToGroupRequest -

Returns:

Result of the AdminAddUserToGroup operation returned by the service.

See Also:

• AWS API Documentation

adminAddUserToGroup

default AdminAddUserToGroupResponse adminAddUserToGroup(Consumer<AdminAddUserToGroupRequest.Builder> adminAddUserToGroupRequest)
                                                 throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Adds a user to a group. A user who is in a group can present a preferred-role claim to an identity pool, and populates a cognito:groups claim to their access and identity tokens.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminAddUserToGroupRequest.Builder avoiding the need to create one manually via AdminAddUserToGroupRequest.builder()

Parameters:

adminAddUserToGroupRequest - A Consumer that will call methods on AdminAddUserToGroupRequest.Builder to create a request.

Returns:

Result of the AdminAddUserToGroup operation returned by the service.

See Also:

• AWS API Documentation

adminConfirmSignUp

default AdminConfirmSignUpResponse adminConfirmSignUp(AdminConfirmSignUpRequest adminConfirmSignUpRequest)
                                               throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
TooManyFailedAttemptsException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Confirms user sign-up as an administrator.

This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

To configure your user pool to require administrative confirmation of users, set AllowAdminCreateUserOnly to true in a CreateUserPool or UpdateUserPool request.

Parameters:

adminConfirmSignUpRequest - Confirm a user's registration as a user pool administrator.

Returns:

Result of the AdminConfirmSignUp operation returned by the service.

See Also:

• AWS API Documentation

adminConfirmSignUp

default AdminConfirmSignUpResponse adminConfirmSignUp(Consumer<AdminConfirmSignUpRequest.Builder> adminConfirmSignUpRequest)
                                               throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
TooManyFailedAttemptsException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Confirms user sign-up as an administrator.

This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

To configure your user pool to require administrative confirmation of users, set AllowAdminCreateUserOnly to true in a CreateUserPool or UpdateUserPool request.

This is a convenience which creates an instance of the AdminConfirmSignUpRequest.Builder avoiding the need to create one manually via AdminConfirmSignUpRequest.builder()

Parameters:

adminConfirmSignUpRequest - A Consumer that will call methods on AdminConfirmSignUpRequest.Builder to create a request. Confirm a user's registration as a user pool administrator.

Returns:

Result of the AdminConfirmSignUp operation returned by the service.

See Also:

• AWS API Documentation

adminCreateUser

default AdminCreateUserResponse adminCreateUser(AdminCreateUserRequest adminCreateUserRequest)
                                         throws ResourceNotFoundException,
InvalidParameterException,
UserNotFoundException,
UsernameExistsException,
InvalidPasswordException,
CodeDeliveryFailureException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
PreconditionNotMetException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
TooManyRequestsException,
NotAuthorizedException,
UnsupportedUserStateException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new user in the specified user pool.

If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS).

This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.

Alternatively, you can call AdminCreateUser with SUPPRESS for the MessageAction parameter, and Amazon Cognito won't send any email.

In either case, if the user has a password, they will be in the FORCE_CHANGE_PASSWORD state until they sign in and set their password. Your invitation message template must have the {####} password placeholder if your users have passwords. If your template doesn't have this placeholder, Amazon Cognito doesn't deliver the invitation message. In this case, you must update your message template and resend the password with a new AdminCreateUser request with a MessageAction value of RESEND.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminCreateUserRequest - Creates a new user in the specified user pool.

Returns:

Result of the AdminCreateUser operation returned by the service.

See Also:

• AWS API Documentation

adminCreateUser

default AdminCreateUserResponse adminCreateUser(Consumer<AdminCreateUserRequest.Builder> adminCreateUserRequest)
                                         throws ResourceNotFoundException,
InvalidParameterException,
UserNotFoundException,
UsernameExistsException,
InvalidPasswordException,
CodeDeliveryFailureException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
PreconditionNotMetException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
TooManyRequestsException,
NotAuthorizedException,
UnsupportedUserStateException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new user in the specified user pool.

If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS).

This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.

Alternatively, you can call AdminCreateUser with SUPPRESS for the MessageAction parameter, and Amazon Cognito won't send any email.

In either case, if the user has a password, they will be in the FORCE_CHANGE_PASSWORD state until they sign in and set their password. Your invitation message template must have the {####} password placeholder if your users have passwords. If your template doesn't have this placeholder, Amazon Cognito doesn't deliver the invitation message. In this case, you must update your message template and resend the password with a new AdminCreateUser request with a MessageAction value of RESEND.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminCreateUserRequest.Builder avoiding the need to create one manually via AdminCreateUserRequest.builder()

Parameters:

adminCreateUserRequest - A Consumer that will call methods on AdminCreateUserRequest.Builder to create a request. Creates a new user in the specified user pool.

Returns:

Result of the AdminCreateUser operation returned by the service.

See Also:

• AWS API Documentation

adminDeleteUser

default AdminDeleteUserResponse adminDeleteUser(AdminDeleteUserRequest adminDeleteUserRequest)
                                         throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a user profile in your user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminDeleteUserRequest - Represents the request to delete a user as an administrator.

Returns:

Result of the AdminDeleteUser operation returned by the service.

See Also:

• AWS API Documentation

adminDeleteUser

default AdminDeleteUserResponse adminDeleteUser(Consumer<AdminDeleteUserRequest.Builder> adminDeleteUserRequest)
                                         throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a user profile in your user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminDeleteUserRequest.Builder avoiding the need to create one manually via AdminDeleteUserRequest.builder()

Parameters:

adminDeleteUserRequest - A Consumer that will call methods on AdminDeleteUserRequest.Builder to create a request. Represents the request to delete a user as an administrator.

Returns:

Result of the AdminDeleteUser operation returned by the service.

See Also:

• AWS API Documentation

adminDeleteUserAttributes

default AdminDeleteUserAttributesResponse adminDeleteUserAttributes(AdminDeleteUserAttributesRequest adminDeleteUserAttributesRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes attribute values from a user. This operation doesn't affect tokens for existing user sessions. The next ID token that the user receives will no longer have the deleted attributes.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminDeleteUserAttributesRequest - Represents the request to delete user attributes as an administrator.

Returns:

Result of the AdminDeleteUserAttributes operation returned by the service.

See Also:

• AWS API Documentation

adminDeleteUserAttributes

default AdminDeleteUserAttributesResponse adminDeleteUserAttributes(Consumer<AdminDeleteUserAttributesRequest.Builder> adminDeleteUserAttributesRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes attribute values from a user. This operation doesn't affect tokens for existing user sessions. The next ID token that the user receives will no longer have the deleted attributes.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminDeleteUserAttributesRequest.Builder avoiding the need to create one manually via AdminDeleteUserAttributesRequest.builder()

Parameters:

adminDeleteUserAttributesRequest - A Consumer that will call methods on AdminDeleteUserAttributesRequest.Builder to create a request. Represents the request to delete user attributes as an administrator.

Returns:

Result of the AdminDeleteUserAttributes operation returned by the service.

See Also:

• AWS API Documentation

adminDisableProviderForUser

default AdminDisableProviderForUserResponse adminDisableProviderForUser(AdminDisableProviderForUserRequest adminDisableProviderForUserRequest)
                                                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
AliasExistsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can't use their password to sign in. If the user to deactivate is a linked external IdP user, any link between that user and an existing user is removed. When the external user signs in again, and the user is no longer attached to the previously linked DestinationUser, the user must create a new user account.

The value of ProviderName must match the name of a user pool IdP.

To deactivate a local user, set ProviderName to Cognito and the ProviderAttributeName to Cognito_Subject. The ProviderAttributeValue must be user's local username.

The ProviderAttributeName must always be Cognito_Subject for social IdPs. The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked using AdminLinkProviderForUser call. This is also true if the linking was done with ProviderAttributeName set to Cognito_Subject. If the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the NameID from their SAML assertion.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminDisableProviderForUserRequest -

Returns:

Result of the AdminDisableProviderForUser operation returned by the service.

See Also:

• AWS API Documentation

adminDisableProviderForUser

default AdminDisableProviderForUserResponse adminDisableProviderForUser(Consumer<AdminDisableProviderForUserRequest.Builder> adminDisableProviderForUserRequest)
                                                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
AliasExistsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can't use their password to sign in. If the user to deactivate is a linked external IdP user, any link between that user and an existing user is removed. When the external user signs in again, and the user is no longer attached to the previously linked DestinationUser, the user must create a new user account.

The value of ProviderName must match the name of a user pool IdP.

To deactivate a local user, set ProviderName to Cognito and the ProviderAttributeName to Cognito_Subject. The ProviderAttributeValue must be user's local username.

The ProviderAttributeName must always be Cognito_Subject for social IdPs. The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked using AdminLinkProviderForUser call. This is also true if the linking was done with ProviderAttributeName set to Cognito_Subject. If the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the NameID from their SAML assertion.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminDisableProviderForUserRequest.Builder avoiding the need to create one manually via AdminDisableProviderForUserRequest.builder()

Parameters:

adminDisableProviderForUserRequest - A Consumer that will call methods on AdminDisableProviderForUserRequest.Builder to create a request.

Returns:

Result of the AdminDisableProviderForUser operation returned by the service.

See Also:

• AWS API Documentation

adminDisableUser

default AdminDisableUserResponse adminDisableUser(AdminDisableUserRequest adminDisableUserRequest)
                                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deactivates a user profile and revokes all access tokens for the user. A deactivated user can't sign in, but still appears in the responses to ListUsers API requests.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminDisableUserRequest - Represents the request to disable the user as an administrator.

Returns:

Result of the AdminDisableUser operation returned by the service.

See Also:

• AWS API Documentation

adminDisableUser

default AdminDisableUserResponse adminDisableUser(Consumer<AdminDisableUserRequest.Builder> adminDisableUserRequest)
                                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deactivates a user profile and revokes all access tokens for the user. A deactivated user can't sign in, but still appears in the responses to ListUsers API requests.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminDisableUserRequest.Builder avoiding the need to create one manually via AdminDisableUserRequest.builder()

Parameters:

adminDisableUserRequest - A Consumer that will call methods on AdminDisableUserRequest.Builder to create a request. Represents the request to disable the user as an administrator.

Returns:

Result of the AdminDisableUser operation returned by the service.

See Also:

• AWS API Documentation

adminEnableUser

default AdminEnableUserResponse adminEnableUser(AdminEnableUserRequest adminEnableUserRequest)
                                         throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Activates sign-in for a user profile that previously had sign-in access disabled.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminEnableUserRequest - Represents the request that enables the user as an administrator.

Returns:

Result of the AdminEnableUser operation returned by the service.

See Also:

• AWS API Documentation

adminEnableUser

default AdminEnableUserResponse adminEnableUser(Consumer<AdminEnableUserRequest.Builder> adminEnableUserRequest)
                                         throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Activates sign-in for a user profile that previously had sign-in access disabled.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminEnableUserRequest.Builder avoiding the need to create one manually via AdminEnableUserRequest.builder()

Parameters:

adminEnableUserRequest - A Consumer that will call methods on AdminEnableUserRequest.Builder to create a request. Represents the request that enables the user as an administrator.

Returns:

Result of the AdminEnableUser operation returned by the service.

See Also:

• AWS API Documentation

adminForgetDevice

default AdminForgetDeviceResponse adminForgetDevice(AdminForgetDeviceRequest adminForgetDeviceRequest)
                                             throws ResourceNotFoundException,
InvalidParameterException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Forgets, or deletes, a remembered device from a user's profile. After you forget the device, the user can no longer complete device authentication with that device and when applicable, must submit MFA codes again. For more information, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminForgetDeviceRequest - Sends the forgot device request, as an administrator.

Returns:

Result of the AdminForgetDevice operation returned by the service.

See Also:

• AWS API Documentation

adminForgetDevice

default AdminForgetDeviceResponse adminForgetDevice(Consumer<AdminForgetDeviceRequest.Builder> adminForgetDeviceRequest)
                                             throws ResourceNotFoundException,
InvalidParameterException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Forgets, or deletes, a remembered device from a user's profile. After you forget the device, the user can no longer complete device authentication with that device and when applicable, must submit MFA codes again. For more information, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminForgetDeviceRequest.Builder avoiding the need to create one manually via AdminForgetDeviceRequest.builder()

Parameters:

adminForgetDeviceRequest - A Consumer that will call methods on AdminForgetDeviceRequest.Builder to create a request. Sends the forgot device request, as an administrator.

Returns:

Result of the AdminForgetDevice operation returned by the service.

See Also:

• AWS API Documentation

adminGetDevice

default AdminGetDeviceResponse adminGetDevice(AdminGetDeviceRequest adminGetDeviceRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
InternalErrorException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the device key, returns details for a user's device. For more information, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminGetDeviceRequest - Represents the request to get the device, as an administrator.

Returns:

Result of the AdminGetDevice operation returned by the service.

See Also:

• AWS API Documentation

adminGetDevice

default AdminGetDeviceResponse adminGetDevice(Consumer<AdminGetDeviceRequest.Builder> adminGetDeviceRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
InternalErrorException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the device key, returns details for a user's device. For more information, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminGetDeviceRequest.Builder avoiding the need to create one manually via AdminGetDeviceRequest.builder()

Parameters:

adminGetDeviceRequest - A Consumer that will call methods on AdminGetDeviceRequest.Builder to create a request. Represents the request to get the device, as an administrator.

Returns:

Result of the AdminGetDevice operation returned by the service.

See Also:

• AWS API Documentation

adminGetUser

default AdminGetUserResponse adminGetUser(AdminGetUserRequest adminGetUserRequest)
                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a username, returns details about a user profile in a user pool. You can specify alias attributes in the Username request parameter.

This operation contributes to your monthly active user (MAU) count for the purpose of billing.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminGetUserRequest - Represents the request to get the specified user as an administrator.

Returns:

Result of the AdminGetUser operation returned by the service.

See Also:

• AWS API Documentation

adminGetUser

default AdminGetUserResponse adminGetUser(Consumer<AdminGetUserRequest.Builder> adminGetUserRequest)
                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a username, returns details about a user profile in a user pool. You can specify alias attributes in the Username request parameter.

This operation contributes to your monthly active user (MAU) count for the purpose of billing.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminGetUserRequest.Builder avoiding the need to create one manually via AdminGetUserRequest.builder()

Parameters:

adminGetUserRequest - A Consumer that will call methods on AdminGetUserRequest.Builder to create a request. Represents the request to get the specified user as an administrator.

Returns:

Result of the AdminGetUser operation returned by the service.

See Also:

• AWS API Documentation

adminInitiateAuth

default AdminInitiateAuthResponse adminInitiateAuth(AdminInitiateAuthRequest adminInitiateAuthRequest)
                                             throws ResourceNotFoundException,
UnsupportedOperationException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
UnexpectedLambdaException,
InvalidUserPoolConfigurationException,
UserLambdaValidationException,
InvalidLambdaResponseException,
MfaMethodNotFoundException,
InvalidSmsRoleAccessPolicyException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Starts sign-in for applications with a server-side component, for example a traditional web application. This operation specifies the authentication flow that you'd like to begin. The authentication flow that you specify must be supported in your app client configuration. For more information about authentication flows, see Authentication flows.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminInitiateAuthRequest - Initiates the authorization request, as an administrator.

Returns:

Result of the AdminInitiateAuth operation returned by the service.

See Also:

• AWS API Documentation

adminInitiateAuth

default AdminInitiateAuthResponse adminInitiateAuth(Consumer<AdminInitiateAuthRequest.Builder> adminInitiateAuthRequest)
                                             throws ResourceNotFoundException,
UnsupportedOperationException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
UnexpectedLambdaException,
InvalidUserPoolConfigurationException,
UserLambdaValidationException,
InvalidLambdaResponseException,
MfaMethodNotFoundException,
InvalidSmsRoleAccessPolicyException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Starts sign-in for applications with a server-side component, for example a traditional web application. This operation specifies the authentication flow that you'd like to begin. The authentication flow that you specify must be supported in your app client configuration. For more information about authentication flows, see Authentication flows.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminInitiateAuthRequest.Builder avoiding the need to create one manually via AdminInitiateAuthRequest.builder()

Parameters:

adminInitiateAuthRequest - A Consumer that will call methods on AdminInitiateAuthRequest.Builder to create a request. Initiates the authorization request, as an administrator.

Returns:

Result of the AdminInitiateAuth operation returned by the service.

See Also:

• AWS API Documentation

adminLinkProviderForUser

default AdminLinkProviderForUserResponse adminLinkProviderForUser(AdminLinkProviderForUserRequest adminLinkProviderForUserRequest)
                                                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
AliasExistsException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Links an existing user account in a user pool, or DestinationUser, to an identity from an external IdP, or SourceUser, based on a specified attribute name and value from the external IdP.

This operation connects a local user profile with a user identity who hasn't yet signed in from their third-party IdP. When the user signs in with their IdP, they get access-control configuration from the local user profile. Linked local users can also sign in with SDK-based API operations like InitiateAuth after they sign in at least once through their IdP. For more information, see Linking federated users.

The maximum number of federated identities linked to a user is five.

Because this API allows a user with an external federated identity to sign in as a local user, it is critical that it only be used with external IdPs and linked attributes that you trust.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminLinkProviderForUserRequest -

Returns:

Result of the AdminLinkProviderForUser operation returned by the service.

See Also:

• AWS API Documentation

adminLinkProviderForUser

default AdminLinkProviderForUserResponse adminLinkProviderForUser(Consumer<AdminLinkProviderForUserRequest.Builder> adminLinkProviderForUserRequest)
                                                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
AliasExistsException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Links an existing user account in a user pool, or DestinationUser, to an identity from an external IdP, or SourceUser, based on a specified attribute name and value from the external IdP.

This operation connects a local user profile with a user identity who hasn't yet signed in from their third-party IdP. When the user signs in with their IdP, they get access-control configuration from the local user profile. Linked local users can also sign in with SDK-based API operations like InitiateAuth after they sign in at least once through their IdP. For more information, see Linking federated users.

The maximum number of federated identities linked to a user is five.

Because this API allows a user with an external federated identity to sign in as a local user, it is critical that it only be used with external IdPs and linked attributes that you trust.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminLinkProviderForUserRequest.Builder avoiding the need to create one manually via AdminLinkProviderForUserRequest.builder()

Parameters:

adminLinkProviderForUserRequest - A Consumer that will call methods on AdminLinkProviderForUserRequest.Builder to create a request.

Returns:

Result of the AdminLinkProviderForUser operation returned by the service.

See Also:

• AWS API Documentation

adminListDevices

default AdminListDevicesResponse adminListDevices(AdminListDevicesRequest adminListDevicesRequest)
                                           throws InvalidParameterException,
ResourceNotFoundException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
InternalErrorException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists a user's registered devices. Remembered devices are used in authentication services where you offer a "Remember me" option for users who you want to permit to sign in without MFA from a trusted device. Users can bypass MFA while your application performs device SRP authentication on the back end. For more information, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminListDevicesRequest - Represents the request to list devices, as an administrator.

Returns:

Result of the AdminListDevices operation returned by the service.

See Also:

• AWS API Documentation

adminListDevices

default AdminListDevicesResponse adminListDevices(Consumer<AdminListDevicesRequest.Builder> adminListDevicesRequest)
                                           throws InvalidParameterException,
ResourceNotFoundException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
InternalErrorException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists a user's registered devices. Remembered devices are used in authentication services where you offer a "Remember me" option for users who you want to permit to sign in without MFA from a trusted device. Users can bypass MFA while your application performs device SRP authentication on the back end. For more information, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminListDevicesRequest.Builder avoiding the need to create one manually via AdminListDevicesRequest.builder()

Parameters:

adminListDevicesRequest - A Consumer that will call methods on AdminListDevicesRequest.Builder to create a request. Represents the request to list devices, as an administrator.

Returns:

Result of the AdminListDevices operation returned by the service.

See Also:

• AWS API Documentation

adminListGroupsForUser

default AdminListGroupsForUserResponse adminListGroupsForUser(AdminListGroupsForUserRequest adminListGroupsForUserRequest)
                                                       throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists the groups that a user belongs to. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminListGroupsForUserRequest -

Returns:

Result of the AdminListGroupsForUser operation returned by the service.

See Also:

• AWS API Documentation

adminListGroupsForUser

default AdminListGroupsForUserResponse adminListGroupsForUser(Consumer<AdminListGroupsForUserRequest.Builder> adminListGroupsForUserRequest)
                                                       throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists the groups that a user belongs to. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminListGroupsForUserRequest.Builder avoiding the need to create one manually via AdminListGroupsForUserRequest.builder()

Parameters:

adminListGroupsForUserRequest - A Consumer that will call methods on AdminListGroupsForUserRequest.Builder to create a request.

Returns:

Result of the AdminListGroupsForUser operation returned by the service.

See Also:

• AWS API Documentation

adminListGroupsForUserPaginator

default AdminListGroupsForUserIterable adminListGroupsForUserPaginator(AdminListGroupsForUserRequest adminListGroupsForUserRequest)
                                                                throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of adminListGroupsForUser(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListGroupsForUserRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListGroupsForUserIterable responses = client.adminListGroupsForUserPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListGroupsForUserIterable responses = client
             .adminListGroupsForUserPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListGroupsForUserResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListGroupsForUserIterable responses = client.adminListGroupsForUserPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of Limit won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the adminListGroupsForUser(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListGroupsForUserRequest) operation.

Parameters:

adminListGroupsForUserRequest -

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

adminListGroupsForUserPaginator

default AdminListGroupsForUserIterable adminListGroupsForUserPaginator(Consumer<AdminListGroupsForUserRequest.Builder> adminListGroupsForUserRequest)
                                                                throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of adminListGroupsForUser(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListGroupsForUserRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListGroupsForUserIterable responses = client.adminListGroupsForUserPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListGroupsForUserIterable responses = client
             .adminListGroupsForUserPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListGroupsForUserResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListGroupsForUserIterable responses = client.adminListGroupsForUserPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of Limit won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the adminListGroupsForUser(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListGroupsForUserRequest) operation.

This is a convenience which creates an instance of the AdminListGroupsForUserRequest.Builder avoiding the need to create one manually via AdminListGroupsForUserRequest.builder()

Parameters:

adminListGroupsForUserRequest - A Consumer that will call methods on AdminListGroupsForUserRequest.Builder to create a request.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

adminListUserAuthEvents

default AdminListUserAuthEventsResponse adminListUserAuthEvents(AdminListUserAuthEventsRequest adminListUserAuthEventsRequest)
                                                         throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection. For more information, see Viewing user event history.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminListUserAuthEventsRequest -

Returns:

Result of the AdminListUserAuthEvents operation returned by the service.

See Also:

• AWS API Documentation

adminListUserAuthEvents

default AdminListUserAuthEventsResponse adminListUserAuthEvents(Consumer<AdminListUserAuthEventsRequest.Builder> adminListUserAuthEventsRequest)
                                                         throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection. For more information, see Viewing user event history.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminListUserAuthEventsRequest.Builder avoiding the need to create one manually via AdminListUserAuthEventsRequest.builder()

Parameters:

adminListUserAuthEventsRequest - A Consumer that will call methods on AdminListUserAuthEventsRequest.Builder to create a request.

Returns:

Result of the AdminListUserAuthEvents operation returned by the service.

See Also:

• AWS API Documentation

adminListUserAuthEventsPaginator

default AdminListUserAuthEventsIterable adminListUserAuthEventsPaginator(AdminListUserAuthEventsRequest adminListUserAuthEventsRequest)
                                                                  throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of adminListUserAuthEvents(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListUserAuthEventsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListUserAuthEventsIterable responses = client.adminListUserAuthEventsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListUserAuthEventsIterable responses = client
             .adminListUserAuthEventsPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListUserAuthEventsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListUserAuthEventsIterable responses = client.adminListUserAuthEventsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the adminListUserAuthEvents(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListUserAuthEventsRequest) operation.

Parameters:

adminListUserAuthEventsRequest -

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

adminListUserAuthEventsPaginator

default AdminListUserAuthEventsIterable adminListUserAuthEventsPaginator(Consumer<AdminListUserAuthEventsRequest.Builder> adminListUserAuthEventsRequest)
                                                                  throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of adminListUserAuthEvents(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListUserAuthEventsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListUserAuthEventsIterable responses = client.adminListUserAuthEventsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListUserAuthEventsIterable responses = client
             .adminListUserAuthEventsPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListUserAuthEventsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.AdminListUserAuthEventsIterable responses = client.adminListUserAuthEventsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the adminListUserAuthEvents(software.amazon.awssdk.services.cognitoidentityprovider.model.AdminListUserAuthEventsRequest) operation.

This is a convenience which creates an instance of the AdminListUserAuthEventsRequest.Builder avoiding the need to create one manually via AdminListUserAuthEventsRequest.builder()

Parameters:

adminListUserAuthEventsRequest - A Consumer that will call methods on AdminListUserAuthEventsRequest.Builder to create a request.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

adminRemoveUserFromGroup

default AdminRemoveUserFromGroupResponse adminRemoveUserFromGroup(AdminRemoveUserFromGroupRequest adminRemoveUserFromGroupRequest)
                                                           throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a username and a group name, removes them from the group. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminRemoveUserFromGroupRequest -

Returns:

Result of the AdminRemoveUserFromGroup operation returned by the service.

See Also:

• AWS API Documentation

adminRemoveUserFromGroup

default AdminRemoveUserFromGroupResponse adminRemoveUserFromGroup(Consumer<AdminRemoveUserFromGroupRequest.Builder> adminRemoveUserFromGroupRequest)
                                                           throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a username and a group name, removes them from the group. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminRemoveUserFromGroupRequest.Builder avoiding the need to create one manually via AdminRemoveUserFromGroupRequest.builder()

Parameters:

adminRemoveUserFromGroupRequest - A Consumer that will call methods on AdminRemoveUserFromGroupRequest.Builder to create a request.

Returns:

Result of the AdminRemoveUserFromGroup operation returned by the service.

See Also:

• AWS API Documentation

adminResetUserPassword

default AdminResetUserPasswordResponse adminResetUserPassword(AdminResetUserPasswordRequest adminResetUserPasswordRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
UserNotFoundException,
InvalidSmsRoleAccessPolicyException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Begins the password reset process. Sets the requested user’s account into a RESET_REQUIRED status, and sends them a password-reset code. Your user pool also sends the user a notification with a reset code and the information that their password has been reset. At sign-in, your application or the managed login session receives a challenge to complete the reset by confirming the code and setting a new password.

To use this API operation, your user pool must have self-service account recovery configured.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminResetUserPasswordRequest - Represents the request to reset a user's password as an administrator.

Returns:

Result of the AdminResetUserPassword operation returned by the service.

See Also:

• AWS API Documentation

adminResetUserPassword

default AdminResetUserPasswordResponse adminResetUserPassword(Consumer<AdminResetUserPasswordRequest.Builder> adminResetUserPasswordRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
UserNotFoundException,
InvalidSmsRoleAccessPolicyException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Begins the password reset process. Sets the requested user’s account into a RESET_REQUIRED status, and sends them a password-reset code. Your user pool also sends the user a notification with a reset code and the information that their password has been reset. At sign-in, your application or the managed login session receives a challenge to complete the reset by confirming the code and setting a new password.

To use this API operation, your user pool must have self-service account recovery configured.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminResetUserPasswordRequest.Builder avoiding the need to create one manually via AdminResetUserPasswordRequest.builder()

Parameters:

adminResetUserPasswordRequest - A Consumer that will call methods on AdminResetUserPasswordRequest.Builder to create a request. Represents the request to reset a user's password as an administrator.

Returns:

Result of the AdminResetUserPassword operation returned by the service.

See Also:

• AWS API Documentation

adminRespondToAuthChallenge

default AdminRespondToAuthChallengeResponse adminRespondToAuthChallenge(AdminRespondToAuthChallengeRequest adminRespondToAuthChallengeRequest)
                                                                 throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
CodeMismatchException,
ExpiredCodeException,
UnexpectedLambdaException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
UserLambdaValidationException,
InvalidLambdaResponseException,
TooManyRequestsException,
InvalidUserPoolConfigurationException,
InternalErrorException,
MfaMethodNotFoundException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
AliasExistsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
SoftwareTokenMfaNotFoundException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.

For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminRespondToAuthChallengeRequest - The request to respond to the authentication challenge, as an administrator.

Returns:

Result of the AdminRespondToAuthChallenge operation returned by the service.

See Also:

• AWS API Documentation

adminRespondToAuthChallenge

default AdminRespondToAuthChallengeResponse adminRespondToAuthChallenge(Consumer<AdminRespondToAuthChallengeRequest.Builder> adminRespondToAuthChallengeRequest)
                                                                 throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
CodeMismatchException,
ExpiredCodeException,
UnexpectedLambdaException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
UserLambdaValidationException,
InvalidLambdaResponseException,
TooManyRequestsException,
InvalidUserPoolConfigurationException,
InternalErrorException,
MfaMethodNotFoundException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
AliasExistsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
SoftwareTokenMfaNotFoundException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.

For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminRespondToAuthChallengeRequest.Builder avoiding the need to create one manually via AdminRespondToAuthChallengeRequest.builder()

Parameters:

adminRespondToAuthChallengeRequest - A Consumer that will call methods on AdminRespondToAuthChallengeRequest.Builder to create a request. The request to respond to the authentication challenge, as an administrator.

Returns:

Result of the AdminRespondToAuthChallenge operation returned by the service.

See Also:

• AWS API Documentation

adminSetUserMFAPreference

default AdminSetUserMfaPreferenceResponse adminSetUserMFAPreference(AdminSetUserMfaPreferenceRequest adminSetUserMfaPreferenceRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminSetUserMfaPreferenceRequest -

Returns:

Result of the AdminSetUserMFAPreference operation returned by the service.

See Also:

• AWS API Documentation

adminSetUserMFAPreference

default AdminSetUserMfaPreferenceResponse adminSetUserMFAPreference(Consumer<AdminSetUserMfaPreferenceRequest.Builder> adminSetUserMfaPreferenceRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminSetUserMfaPreferenceRequest.Builder avoiding the need to create one manually via AdminSetUserMfaPreferenceRequest.builder()

Parameters:

adminSetUserMfaPreferenceRequest - A Consumer that will call methods on AdminSetUserMfaPreferenceRequest.Builder to create a request.

Returns:

Result of the AdminSetUserMFAPreference operation returned by the service.

See Also:

• AWS API Documentation

adminSetUserPassword

default AdminSetUserPasswordResponse adminSetUserPassword(AdminSetUserPasswordRequest adminSetUserPasswordRequest)
                                                   throws ResourceNotFoundException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
TooManyRequestsException,
InvalidParameterException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sets the specified user's password in a user pool. This operation administratively sets a temporary or permanent password for a user. With this operation, you can bypass self-service password changes and permit immediate sign-in with the password that you set. To do this, set Permanent to true.

You can also set a new temporary password in this request, send it to a user, and require them to choose a new password on their next sign-in. To do this, set Permanent to false.

If the password is temporary, the user's Status becomes FORCE_CHANGE_PASSWORD. When the user next tries to sign in, the InitiateAuth or AdminInitiateAuth response includes the NEW_PASSWORD_REQUIRED challenge. If the user doesn't sign in before the temporary password expires, they can no longer sign in and you must repeat this operation to set a temporary or permanent password for them.

After the user sets a new password, or if you set a permanent password, their status becomes Confirmed.

AdminSetUserPassword can set a password for the user profile that Amazon Cognito creates for third-party federated users. When you set a password, the federated user's status changes from EXTERNAL_PROVIDER to CONFIRMED. A user in this state can sign in as a federated user, and initiate authentication flows in the API like a linked native user. They can also modify their password and attributes in token-authenticated API requests like ChangePassword and UpdateUserAttributes. As a best security practice and to keep users in sync with your external IdP, don't set passwords on federated user profiles. To set up a federated user for native sign-in with a linked native user, refer to Linking federated users to an existing user profile.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminSetUserPasswordRequest -

Returns:

Result of the AdminSetUserPassword operation returned by the service.

See Also:

• AWS API Documentation

adminSetUserPassword

default AdminSetUserPasswordResponse adminSetUserPassword(Consumer<AdminSetUserPasswordRequest.Builder> adminSetUserPasswordRequest)
                                                   throws ResourceNotFoundException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
TooManyRequestsException,
InvalidParameterException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sets the specified user's password in a user pool. This operation administratively sets a temporary or permanent password for a user. With this operation, you can bypass self-service password changes and permit immediate sign-in with the password that you set. To do this, set Permanent to true.

You can also set a new temporary password in this request, send it to a user, and require them to choose a new password on their next sign-in. To do this, set Permanent to false.

If the password is temporary, the user's Status becomes FORCE_CHANGE_PASSWORD. When the user next tries to sign in, the InitiateAuth or AdminInitiateAuth response includes the NEW_PASSWORD_REQUIRED challenge. If the user doesn't sign in before the temporary password expires, they can no longer sign in and you must repeat this operation to set a temporary or permanent password for them.

After the user sets a new password, or if you set a permanent password, their status becomes Confirmed.

AdminSetUserPassword can set a password for the user profile that Amazon Cognito creates for third-party federated users. When you set a password, the federated user's status changes from EXTERNAL_PROVIDER to CONFIRMED. A user in this state can sign in as a federated user, and initiate authentication flows in the API like a linked native user. They can also modify their password and attributes in token-authenticated API requests like ChangePassword and UpdateUserAttributes. As a best security practice and to keep users in sync with your external IdP, don't set passwords on federated user profiles. To set up a federated user for native sign-in with a linked native user, refer to Linking federated users to an existing user profile.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminSetUserPasswordRequest.Builder avoiding the need to create one manually via AdminSetUserPasswordRequest.builder()

Parameters:

adminSetUserPasswordRequest - A Consumer that will call methods on AdminSetUserPasswordRequest.Builder to create a request.

Returns:

Result of the AdminSetUserPassword operation returned by the service.

See Also:

• AWS API Documentation

adminSetUserSettings

default AdminSetUserSettingsResponse adminSetUserSettings(AdminSetUserSettingsRequest adminSetUserSettingsRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminSetUserSettingsRequest - You can use this parameter to set an MFA configuration that uses the SMS delivery medium.

Returns:

Result of the AdminSetUserSettings operation returned by the service.

See Also:

• AWS API Documentation

adminSetUserSettings

default AdminSetUserSettingsResponse adminSetUserSettings(Consumer<AdminSetUserSettingsRequest.Builder> adminSetUserSettingsRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminSetUserSettingsRequest.Builder avoiding the need to create one manually via AdminSetUserSettingsRequest.builder()

Parameters:

adminSetUserSettingsRequest - A Consumer that will call methods on AdminSetUserSettingsRequest.Builder to create a request. You can use this parameter to set an MFA configuration that uses the SMS delivery medium.

Returns:

Result of the AdminSetUserSettings operation returned by the service.

See Also:

• AWS API Documentation

adminUpdateAuthEventFeedback

default AdminUpdateAuthEventFeedbackResponse adminUpdateAuthEventFeedback(AdminUpdateAuthEventFeedbackRequest adminUpdateAuthEventFeedbackRequest)
                                                                   throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Provides the feedback for an authentication event generated by threat protection features. Your response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.

To train the threat-protection model to recognize trusted and untrusted sign-in characteristics, configure threat protection in audit-only mode and provide a mechanism for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree with.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminUpdateAuthEventFeedbackRequest -

Returns:

Result of the AdminUpdateAuthEventFeedback operation returned by the service.

See Also:

• AWS API Documentation

adminUpdateAuthEventFeedback

default AdminUpdateAuthEventFeedbackResponse adminUpdateAuthEventFeedback(Consumer<AdminUpdateAuthEventFeedbackRequest.Builder> adminUpdateAuthEventFeedbackRequest)
                                                                   throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Provides the feedback for an authentication event generated by threat protection features. Your response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.

To train the threat-protection model to recognize trusted and untrusted sign-in characteristics, configure threat protection in audit-only mode and provide a mechanism for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree with.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminUpdateAuthEventFeedbackRequest.Builder avoiding the need to create one manually via AdminUpdateAuthEventFeedbackRequest.builder()

Parameters:

adminUpdateAuthEventFeedbackRequest - A Consumer that will call methods on AdminUpdateAuthEventFeedbackRequest.Builder to create a request.

Returns:

Result of the AdminUpdateAuthEventFeedback operation returned by the service.

See Also:

• AWS API Documentation

adminUpdateDeviceStatus

default AdminUpdateDeviceStatusResponse adminUpdateDeviceStatus(AdminUpdateDeviceStatusRequest adminUpdateDeviceStatusRequest)
                                                         throws InvalidParameterException,
ResourceNotFoundException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminUpdateDeviceStatusRequest - The request to update the device status, as an administrator.

Returns:

Result of the AdminUpdateDeviceStatus operation returned by the service.

See Also:

• AWS API Documentation

adminUpdateDeviceStatus

default AdminUpdateDeviceStatusResponse adminUpdateDeviceStatus(Consumer<AdminUpdateDeviceStatusRequest.Builder> adminUpdateDeviceStatusRequest)
                                                         throws InvalidParameterException,
ResourceNotFoundException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminUpdateDeviceStatusRequest.Builder avoiding the need to create one manually via AdminUpdateDeviceStatusRequest.builder()

Parameters:

adminUpdateDeviceStatusRequest - A Consumer that will call methods on AdminUpdateDeviceStatusRequest.Builder to create a request. The request to update the device status, as an administrator.

Returns:

Result of the AdminUpdateDeviceStatus operation returned by the service.

See Also:

• AWS API Documentation

adminUpdateUserAttributes

default AdminUpdateUserAttributesResponse adminUpdateUserAttributes(AdminUpdateUserAttributesRequest adminUpdateUserAttributesRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
AliasExistsException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
InvalidSmsRoleAccessPolicyException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API request with a blank value.

For custom attributes, you must add a custom: prefix to the attribute name, for example custom:department.

This operation can set a user's email address or phone number as verified and permit immediate sign-in in user pools that require verification of these attributes. To do this, set the email_verified or phone_number_verified attribute to true.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Parameters:

adminUpdateUserAttributesRequest - Represents the request to update the user's attributes as an administrator.

Returns:

Result of the AdminUpdateUserAttributes operation returned by the service.

See Also:

• AWS API Documentation

adminUpdateUserAttributes

default AdminUpdateUserAttributesResponse adminUpdateUserAttributes(Consumer<AdminUpdateUserAttributesRequest.Builder> adminUpdateUserAttributesRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
AliasExistsException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
InvalidSmsRoleAccessPolicyException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API request with a blank value.

For custom attributes, you must add a custom: prefix to the attribute name, for example custom:department.

This operation can set a user's email address or phone number as verified and permit immediate sign-in in user pools that require verification of these attributes. To do this, set the email_verified or phone_number_verified attribute to true.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This is a convenience which creates an instance of the AdminUpdateUserAttributesRequest.Builder avoiding the need to create one manually via AdminUpdateUserAttributesRequest.builder()

Parameters:

adminUpdateUserAttributesRequest - A Consumer that will call methods on AdminUpdateUserAttributesRequest.Builder to create a request. Represents the request to update the user's attributes as an administrator.

Returns:

Result of the AdminUpdateUserAttributes operation returned by the service.

See Also:

• AWS API Documentation

adminUserGlobalSignOut

default AdminUserGlobalSignOutResponse adminUserGlobalSignOut(AdminUserGlobalSignOutRequest adminUserGlobalSignOutRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.

• Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.

  Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin.

• Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider.

• Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.

Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

adminUserGlobalSignOutRequest - The request to sign out of all devices, as an administrator.

Returns:

Result of the AdminUserGlobalSignOut operation returned by the service.

See Also:

• AWS API Documentation

adminUserGlobalSignOut

default AdminUserGlobalSignOutResponse adminUserGlobalSignOut(Consumer<AdminUserGlobalSignOutRequest.Builder> adminUserGlobalSignOutRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.

• Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.

  Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin.

• Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider.

• Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.

Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the AdminUserGlobalSignOutRequest.Builder avoiding the need to create one manually via AdminUserGlobalSignOutRequest.builder()

Parameters:

adminUserGlobalSignOutRequest - A Consumer that will call methods on AdminUserGlobalSignOutRequest.Builder to create a request. The request to sign out of all devices, as an administrator.

Returns:

Result of the AdminUserGlobalSignOut operation returned by the service.

See Also:

• AWS API Documentation

associateSoftwareToken

default AssociateSoftwareTokenResponse associateSoftwareToken(AssociateSoftwareTokenRequest associateSoftwareTokenRequest)
                                                       throws ConcurrentModificationException,
InvalidParameterException,
NotAuthorizedException,
ResourceNotFoundException,
InternalErrorException,
SoftwareTokenMfaNotFoundException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Parameters:

associateSoftwareTokenRequest -

Returns:

Result of the AssociateSoftwareToken operation returned by the service.

See Also:

• AWS API Documentation

associateSoftwareToken

default AssociateSoftwareTokenResponse associateSoftwareToken(Consumer<AssociateSoftwareTokenRequest.Builder> associateSoftwareTokenRequest)
                                                       throws ConcurrentModificationException,
InvalidParameterException,
NotAuthorizedException,
ResourceNotFoundException,
InternalErrorException,
SoftwareTokenMfaNotFoundException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

This is a convenience which creates an instance of the AssociateSoftwareTokenRequest.Builder avoiding the need to create one manually via AssociateSoftwareTokenRequest.builder()

Parameters:

associateSoftwareTokenRequest - A Consumer that will call methods on AssociateSoftwareTokenRequest.Builder to create a request.

Returns:

Result of the AssociateSoftwareToken operation returned by the service.

See Also:

• AWS API Documentation

changePassword

default ChangePasswordResponse changePassword(ChangePasswordRequest changePasswordRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
NotAuthorizedException,
TooManyRequestsException,
LimitExceededException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Changes the password for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

changePasswordRequest - Represents the request to change a user password.

Returns:

Result of the ChangePassword operation returned by the service.

See Also:

• AWS API Documentation

changePassword

default ChangePasswordResponse changePassword(Consumer<ChangePasswordRequest.Builder> changePasswordRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
NotAuthorizedException,
TooManyRequestsException,
LimitExceededException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Changes the password for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the ChangePasswordRequest.Builder avoiding the need to create one manually via ChangePasswordRequest.builder()

Parameters:

changePasswordRequest - A Consumer that will call methods on ChangePasswordRequest.Builder to create a request. Represents the request to change a user password.

Returns:

Result of the ChangePassword operation returned by the service.

See Also:

• AWS API Documentation

completeWebAuthnRegistration

default CompleteWebAuthnRegistrationResponse completeWebAuthnRegistration(CompleteWebAuthnRegistrationRequest completeWebAuthnRegistrationRequest)
                                                                   throws ForbiddenException,
InternalErrorException,
InvalidParameterException,
LimitExceededException,
NotAuthorizedException,
TooManyRequestsException,
WebAuthnNotEnabledException,
WebAuthnChallengeNotFoundException,
WebAuthnRelyingPartyMismatchException,
WebAuthnClientMismatchException,
WebAuthnOriginNotAllowedException,
WebAuthnCredentialNotSupportedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Completes registration of a passkey authenticator for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Parameters:

completeWebAuthnRegistrationRequest -

Returns:

Result of the CompleteWebAuthnRegistration operation returned by the service.

See Also:

• AWS API Documentation

completeWebAuthnRegistration

default CompleteWebAuthnRegistrationResponse completeWebAuthnRegistration(Consumer<CompleteWebAuthnRegistrationRequest.Builder> completeWebAuthnRegistrationRequest)
                                                                   throws ForbiddenException,
InternalErrorException,
InvalidParameterException,
LimitExceededException,
NotAuthorizedException,
TooManyRequestsException,
WebAuthnNotEnabledException,
WebAuthnChallengeNotFoundException,
WebAuthnRelyingPartyMismatchException,
WebAuthnClientMismatchException,
WebAuthnOriginNotAllowedException,
WebAuthnCredentialNotSupportedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Completes registration of a passkey authenticator for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

This is a convenience which creates an instance of the CompleteWebAuthnRegistrationRequest.Builder avoiding the need to create one manually via CompleteWebAuthnRegistrationRequest.builder()

Parameters:

completeWebAuthnRegistrationRequest - A Consumer that will call methods on CompleteWebAuthnRegistrationRequest.Builder to create a request.

Returns:

Result of the CompleteWebAuthnRegistration operation returned by the service.

See Also:

• AWS API Documentation

confirmDevice

default ConfirmDeviceResponse confirmDevice(ConfirmDeviceRequest confirmDeviceRequest)
                                     throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
InvalidPasswordException,
InvalidLambdaResponseException,
UsernameExistsException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
DeviceKeyExistsException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Confirms a device that a user wants to remember. A remembered device is a "Remember me on this device" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

confirmDeviceRequest - The confirm-device request.

Returns:

Result of the ConfirmDevice operation returned by the service.

See Also:

• AWS API Documentation

confirmDevice

default ConfirmDeviceResponse confirmDevice(Consumer<ConfirmDeviceRequest.Builder> confirmDeviceRequest)
                                     throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
InvalidPasswordException,
InvalidLambdaResponseException,
UsernameExistsException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
DeviceKeyExistsException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Confirms a device that a user wants to remember. A remembered device is a "Remember me on this device" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the ConfirmDeviceRequest.Builder avoiding the need to create one manually via ConfirmDeviceRequest.builder()

Parameters:

confirmDeviceRequest - A Consumer that will call methods on ConfirmDeviceRequest.Builder to create a request. The confirm-device request.

Returns:

Result of the ConfirmDevice operation returned by the service.

See Also:

• AWS API Documentation

confirmForgotPassword

default ConfirmForgotPasswordResponse confirmForgotPassword(ConfirmForgotPasswordRequest confirmForgotPasswordRequest)
                                                     throws ResourceNotFoundException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidParameterException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
NotAuthorizedException,
CodeMismatchException,
ExpiredCodeException,
TooManyFailedAttemptsException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

confirmForgotPasswordRequest - The request representing the confirmation for a password reset.

Returns:

Result of the ConfirmForgotPassword operation returned by the service.

See Also:

• AWS API Documentation

confirmForgotPassword

default ConfirmForgotPasswordResponse confirmForgotPassword(Consumer<ConfirmForgotPasswordRequest.Builder> confirmForgotPasswordRequest)
                                                     throws ResourceNotFoundException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidParameterException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
NotAuthorizedException,
CodeMismatchException,
ExpiredCodeException,
TooManyFailedAttemptsException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the ConfirmForgotPasswordRequest.Builder avoiding the need to create one manually via ConfirmForgotPasswordRequest.builder()

Parameters:

confirmForgotPasswordRequest - A Consumer that will call methods on ConfirmForgotPasswordRequest.Builder to create a request. The request representing the confirmation for a password reset.

Returns:

Result of the ConfirmForgotPassword operation returned by the service.

See Also:

• AWS API Documentation

confirmSignUp

default ConfirmSignUpResponse confirmSignUp(ConfirmSignUpRequest confirmSignUpRequest)
                                     throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
TooManyFailedAttemptsException,
CodeMismatchException,
ExpiredCodeException,
InvalidLambdaResponseException,
AliasExistsException,
TooManyRequestsException,
LimitExceededException,
UserNotFoundException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Confirms the account of a new user. This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.

Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

confirmSignUpRequest - Represents the request to confirm registration of a user.

Returns:

Result of the ConfirmSignUp operation returned by the service.

See Also:

• AWS API Documentation

confirmSignUp

default ConfirmSignUpResponse confirmSignUp(Consumer<ConfirmSignUpRequest.Builder> confirmSignUpRequest)
                                     throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
TooManyFailedAttemptsException,
CodeMismatchException,
ExpiredCodeException,
InvalidLambdaResponseException,
AliasExistsException,
TooManyRequestsException,
LimitExceededException,
UserNotFoundException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Confirms the account of a new user. This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.

Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the ConfirmSignUpRequest.Builder avoiding the need to create one manually via ConfirmSignUpRequest.builder()

Parameters:

confirmSignUpRequest - A Consumer that will call methods on ConfirmSignUpRequest.Builder to create a request. Represents the request to confirm registration of a user.

Returns:

Result of the ConfirmSignUp operation returned by the service.

See Also:

• AWS API Documentation

createGroup

default CreateGroupResponse createGroup(CreateGroupRequest createGroupRequest)
                                 throws InvalidParameterException,
GroupExistsException,
ResourceNotFoundException,
TooManyRequestsException,
LimitExceededException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new group in the specified user pool. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

createGroupRequest -

Returns:

Result of the CreateGroup operation returned by the service.

See Also:

• AWS API Documentation

createGroup

default CreateGroupResponse createGroup(Consumer<CreateGroupRequest.Builder> createGroupRequest)
                                 throws InvalidParameterException,
GroupExistsException,
ResourceNotFoundException,
TooManyRequestsException,
LimitExceededException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new group in the specified user pool. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the CreateGroupRequest.Builder avoiding the need to create one manually via CreateGroupRequest.builder()

Parameters:

createGroupRequest - A Consumer that will call methods on CreateGroupRequest.Builder to create a request.

Returns:

Result of the CreateGroup operation returned by the service.

See Also:

• AWS API Documentation

createIdentityProvider

default CreateIdentityProviderResponse createIdentityProvider(CreateIdentityProviderRequest createIdentityProviderRequest)
                                                       throws InvalidParameterException,
DuplicateProviderException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

createIdentityProviderRequest -

Returns:

Result of the CreateIdentityProvider operation returned by the service.

See Also:

• AWS API Documentation

createIdentityProvider

default CreateIdentityProviderResponse createIdentityProvider(Consumer<CreateIdentityProviderRequest.Builder> createIdentityProviderRequest)
                                                       throws InvalidParameterException,
DuplicateProviderException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the CreateIdentityProviderRequest.Builder avoiding the need to create one manually via CreateIdentityProviderRequest.builder()

Parameters:

createIdentityProviderRequest - A Consumer that will call methods on CreateIdentityProviderRequest.Builder to create a request.

Returns:

Result of the CreateIdentityProvider operation returned by the service.

See Also:

• AWS API Documentation

createManagedLoginBranding

default CreateManagedLoginBrandingResponse createManagedLoginBranding(CreateManagedLoginBrandingRequest createManagedLoginBrandingRequest)
                                                               throws ResourceNotFoundException,
ConcurrentModificationException,
ManagedLoginBrandingExistsException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding editor.

Provides values for UI customization in a Settings JSON object and image files in an Assets array. To send the JSON object Document type parameter in Settings, you might need to update to the most recent version of your Amazon Web Services SDK. To create a new style with default settings, set UseCognitoProvidedValues to true and don't provide values for any other options.

This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

createManagedLoginBrandingRequest -

Returns:

Result of the CreateManagedLoginBranding operation returned by the service.

See Also:

• AWS API Documentation

createManagedLoginBranding

default CreateManagedLoginBrandingResponse createManagedLoginBranding(Consumer<CreateManagedLoginBrandingRequest.Builder> createManagedLoginBrandingRequest)
                                                               throws ResourceNotFoundException,
ConcurrentModificationException,
ManagedLoginBrandingExistsException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding editor.

Provides values for UI customization in a Settings JSON object and image files in an Assets array. To send the JSON object Document type parameter in Settings, you might need to update to the most recent version of your Amazon Web Services SDK. To create a new style with default settings, set UseCognitoProvidedValues to true and don't provide values for any other options.

This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the CreateManagedLoginBrandingRequest.Builder avoiding the need to create one manually via CreateManagedLoginBrandingRequest.builder()

Parameters:

createManagedLoginBrandingRequest - A Consumer that will call methods on CreateManagedLoginBrandingRequest.Builder to create a request.

Returns:

Result of the CreateManagedLoginBranding operation returned by the service.

See Also:

• AWS API Documentation

createResourceServer

default CreateResourceServerResponse createResourceServer(CreateResourceServerRequest createResourceServerRequest)
                                                   throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new OAuth2.0 resource server and defines custom scopes within it. Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

createResourceServerRequest -

Returns:

Result of the CreateResourceServer operation returned by the service.

See Also:

• AWS API Documentation

createResourceServer

default CreateResourceServerResponse createResourceServer(Consumer<CreateResourceServerRequest.Builder> createResourceServerRequest)
                                                   throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new OAuth2.0 resource server and defines custom scopes within it. Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the CreateResourceServerRequest.Builder avoiding the need to create one manually via CreateResourceServerRequest.builder()

Parameters:

createResourceServerRequest - A Consumer that will call methods on CreateResourceServerRequest.Builder to create a request.

Returns:

Result of the CreateResourceServer operation returned by the service.

See Also:

• AWS API Documentation

createTerms

default CreateTermsResponse createTerms(CreateTermsRequest createTermsRequest)
                                 throws ResourceNotFoundException,
ConcurrentModificationException,
TermsExistsException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates terms documents for the requested app client. When Terms and conditions and Privacy policy documents are configured, the app client displays links to them in the sign-up page of managed login for the app client.

You can provide URLs for terms documents in the languages that are supported by managed login localization. Amazon Cognito directs users to the terms documents for their current language, with fallback to default if no document exists for the language.

Each request accepts one type of terms document and a map of language-to-link for that document type. You must provide both types of terms documents in at least one language before Amazon Cognito displays your terms documents. Supply each type in separate requests.

For more information, see Terms documents.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

createTermsRequest -

Returns:

Result of the CreateTerms operation returned by the service.

See Also:

• AWS API Documentation

createTerms

default CreateTermsResponse createTerms(Consumer<CreateTermsRequest.Builder> createTermsRequest)
                                 throws ResourceNotFoundException,
ConcurrentModificationException,
TermsExistsException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates terms documents for the requested app client. When Terms and conditions and Privacy policy documents are configured, the app client displays links to them in the sign-up page of managed login for the app client.

You can provide URLs for terms documents in the languages that are supported by managed login localization. Amazon Cognito directs users to the terms documents for their current language, with fallback to default if no document exists for the language.

Each request accepts one type of terms document and a map of language-to-link for that document type. You must provide both types of terms documents in at least one language before Amazon Cognito displays your terms documents. Supply each type in separate requests.

For more information, see Terms documents.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the CreateTermsRequest.Builder avoiding the need to create one manually via CreateTermsRequest.builder()

Parameters:

createTermsRequest - A Consumer that will call methods on CreateTermsRequest.Builder to create a request.

Returns:

Result of the CreateTerms operation returned by the service.

See Also:

• AWS API Documentation

createUserImportJob

default CreateUserImportJobResponse createUserImportJob(CreateUserImportJobRequest createUserImportJobRequest)
                                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
PreconditionNotMetException,
NotAuthorizedException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a user import job. You can import users into user pools from a comma-separated values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services bill.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

createUserImportJobRequest - Represents the request to create the user import job.

Returns:

Result of the CreateUserImportJob operation returned by the service.

See Also:

• AWS API Documentation

createUserImportJob

default CreateUserImportJobResponse createUserImportJob(Consumer<CreateUserImportJobRequest.Builder> createUserImportJobRequest)
                                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
PreconditionNotMetException,
NotAuthorizedException,
LimitExceededException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a user import job. You can import users into user pools from a comma-separated values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services bill.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the CreateUserImportJobRequest.Builder avoiding the need to create one manually via CreateUserImportJobRequest.builder()

Parameters:

createUserImportJobRequest - A Consumer that will call methods on CreateUserImportJobRequest.Builder to create a request. Represents the request to create the user import job.

Returns:

Result of the CreateUserImportJob operation returned by the service.

See Also:

• AWS API Documentation

createUserPool

default CreateUserPoolResponse createUserPool(CreateUserPoolRequest createUserPoolRequest)
                                       throws InvalidParameterException,
TooManyRequestsException,
LimitExceededException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
NotAuthorizedException,
UserPoolTaggingException,
InternalErrorException,
TierChangeNotAllowedException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration options.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

createUserPoolRequest - Represents the request to create a user pool.

Returns:

Result of the CreateUserPool operation returned by the service.

See Also:

• AWS API Documentation

createUserPool

default CreateUserPoolResponse createUserPool(Consumer<CreateUserPoolRequest.Builder> createUserPoolRequest)
                                       throws InvalidParameterException,
TooManyRequestsException,
LimitExceededException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
NotAuthorizedException,
UserPoolTaggingException,
InternalErrorException,
TierChangeNotAllowedException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration options.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the CreateUserPoolRequest.Builder avoiding the need to create one manually via CreateUserPoolRequest.builder()

Parameters:

createUserPoolRequest - A Consumer that will call methods on CreateUserPoolRequest.Builder to create a request. Represents the request to create a user pool.

Returns:

Result of the CreateUserPool operation returned by the service.

See Also:

• AWS API Documentation

createUserPoolClient

default CreateUserPoolClientResponse createUserPoolClient(CreateUserPoolClientRequest createUserPoolClientRequest)
                                                   throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
LimitExceededException,
NotAuthorizedException,
ScopeDoesNotExistException,
InvalidOAuthFlowException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates an app client in a user pool. This operation sets basic and advanced configuration options.

Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

createUserPoolClientRequest - Represents the request to create a user pool client.

Returns:

Result of the CreateUserPoolClient operation returned by the service.

See Also:

• AWS API Documentation

createUserPoolClient

default CreateUserPoolClientResponse createUserPoolClient(Consumer<CreateUserPoolClientRequest.Builder> createUserPoolClientRequest)
                                                   throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
LimitExceededException,
NotAuthorizedException,
ScopeDoesNotExistException,
InvalidOAuthFlowException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Creates an app client in a user pool. This operation sets basic and advanced configuration options.

Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the CreateUserPoolClientRequest.Builder avoiding the need to create one manually via CreateUserPoolClientRequest.builder()

Parameters:

createUserPoolClientRequest - A Consumer that will call methods on CreateUserPoolClientRequest.Builder to create a request. Represents the request to create a user pool client.

Returns:

Result of the CreateUserPoolClient operation returned by the service.

See Also:

• AWS API Documentation

createUserPoolDomain

default CreateUserPoolDomainResponse createUserPoolDomain(CreateUserPoolDomainRequest createUserPoolDomainRequest)
                                                   throws InvalidParameterException,
NotAuthorizedException,
ConcurrentModificationException,
ResourceNotFoundException,
LimitExceededException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation creates a new user pool prefix domain or custom domain and sets the managed login branding version. Set the branding version to 1 for hosted UI (classic) or 2 for managed login. When you choose a custom domain, you must provide an SSL certificate in the US East (N. Virginia) Amazon Web Services Region in your request.

Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

createUserPoolDomainRequest -

Returns:

Result of the CreateUserPoolDomain operation returned by the service.

See Also:

• AWS API Documentation

createUserPoolDomain

default CreateUserPoolDomainResponse createUserPoolDomain(Consumer<CreateUserPoolDomainRequest.Builder> createUserPoolDomainRequest)
                                                   throws InvalidParameterException,
NotAuthorizedException,
ConcurrentModificationException,
ResourceNotFoundException,
LimitExceededException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation creates a new user pool prefix domain or custom domain and sets the managed login branding version. Set the branding version to 1 for hosted UI (classic) or 2 for managed login. When you choose a custom domain, you must provide an SSL certificate in the US East (N. Virginia) Amazon Web Services Region in your request.

Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the CreateUserPoolDomainRequest.Builder avoiding the need to create one manually via CreateUserPoolDomainRequest.builder()

Parameters:

createUserPoolDomainRequest - A Consumer that will call methods on CreateUserPoolDomainRequest.Builder to create a request.

Returns:

Result of the CreateUserPoolDomain operation returned by the service.

See Also:

• AWS API Documentation

deleteGroup

default DeleteGroupResponse deleteGroup(DeleteGroupRequest deleteGroupRequest)
                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a group from the specified user pool. When you delete a group, that group no longer contributes to users' cognito:preferred_group or cognito:groups claims, and no longer influence access-control decision that are based on group membership. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

deleteGroupRequest -

Returns:

Result of the DeleteGroup operation returned by the service.

See Also:

• AWS API Documentation

deleteGroup

default DeleteGroupResponse deleteGroup(Consumer<DeleteGroupRequest.Builder> deleteGroupRequest)
                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a group from the specified user pool. When you delete a group, that group no longer contributes to users' cognito:preferred_group or cognito:groups claims, and no longer influence access-control decision that are based on group membership. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the DeleteGroupRequest.Builder avoiding the need to create one manually via DeleteGroupRequest.builder()

Parameters:

deleteGroupRequest - A Consumer that will call methods on DeleteGroupRequest.Builder to create a request.

Returns:

Result of the DeleteGroup operation returned by the service.

See Also:

• AWS API Documentation

deleteIdentityProvider

default DeleteIdentityProviderResponse deleteIdentityProvider(DeleteIdentityProviderRequest deleteIdentityProviderRequest)
                                                       throws InvalidParameterException,
UnsupportedIdentityProviderException,
ConcurrentModificationException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a user pool identity provider (IdP). After you delete an IdP, users can no longer sign in to your user pool through that IdP. For more information about user pool IdPs, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

deleteIdentityProviderRequest -

Returns:

Result of the DeleteIdentityProvider operation returned by the service.

See Also:

• AWS API Documentation

deleteIdentityProvider

default DeleteIdentityProviderResponse deleteIdentityProvider(Consumer<DeleteIdentityProviderRequest.Builder> deleteIdentityProviderRequest)
                                                       throws InvalidParameterException,
UnsupportedIdentityProviderException,
ConcurrentModificationException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a user pool identity provider (IdP). After you delete an IdP, users can no longer sign in to your user pool through that IdP. For more information about user pool IdPs, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the DeleteIdentityProviderRequest.Builder avoiding the need to create one manually via DeleteIdentityProviderRequest.builder()

Parameters:

deleteIdentityProviderRequest - A Consumer that will call methods on DeleteIdentityProviderRequest.Builder to create a request.

Returns:

Result of the DeleteIdentityProvider operation returned by the service.

See Also:

• AWS API Documentation

deleteManagedLoginBranding

default DeleteManagedLoginBrandingResponse deleteManagedLoginBranding(DeleteManagedLoginBrandingRequest deleteManagedLoginBrandingRequest)
                                                               throws ResourceNotFoundException,
ConcurrentModificationException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a managed login branding style. When you delete a style, you delete the branding association for an app client. When an app client doesn't have a style assigned, your managed login pages for that app client are nonfunctional until you create a new style or switch the domain branding version.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

deleteManagedLoginBrandingRequest -

Returns:

Result of the DeleteManagedLoginBranding operation returned by the service.

See Also:

• AWS API Documentation

deleteManagedLoginBranding

default DeleteManagedLoginBrandingResponse deleteManagedLoginBranding(Consumer<DeleteManagedLoginBrandingRequest.Builder> deleteManagedLoginBrandingRequest)
                                                               throws ResourceNotFoundException,
ConcurrentModificationException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a managed login branding style. When you delete a style, you delete the branding association for an app client. When an app client doesn't have a style assigned, your managed login pages for that app client are nonfunctional until you create a new style or switch the domain branding version.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the DeleteManagedLoginBrandingRequest.Builder avoiding the need to create one manually via DeleteManagedLoginBrandingRequest.builder()

Parameters:

deleteManagedLoginBrandingRequest - A Consumer that will call methods on DeleteManagedLoginBrandingRequest.Builder to create a request.

Returns:

Result of the DeleteManagedLoginBranding operation returned by the service.

See Also:

• AWS API Documentation

deleteResourceServer

default DeleteResourceServerResponse deleteResourceServer(DeleteResourceServerRequest deleteResourceServerRequest)
                                                   throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a resource server. After you delete a resource server, users can no longer generate access tokens with scopes that are associate with that resource server.

Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

deleteResourceServerRequest -

Returns:

Result of the DeleteResourceServer operation returned by the service.

See Also:

• AWS API Documentation

deleteResourceServer

default DeleteResourceServerResponse deleteResourceServer(Consumer<DeleteResourceServerRequest.Builder> deleteResourceServerRequest)
                                                   throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a resource server. After you delete a resource server, users can no longer generate access tokens with scopes that are associate with that resource server.

Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the DeleteResourceServerRequest.Builder avoiding the need to create one manually via DeleteResourceServerRequest.builder()

Parameters:

deleteResourceServerRequest - A Consumer that will call methods on DeleteResourceServerRequest.Builder to create a request.

Returns:

Result of the DeleteResourceServer operation returned by the service.

See Also:

• AWS API Documentation

deleteTerms

default DeleteTermsResponse deleteTerms(DeleteTermsRequest deleteTermsRequest)
                                 throws ResourceNotFoundException,
ConcurrentModificationException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes the terms documents with the requested ID from your app client.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

deleteTermsRequest -

Returns:

Result of the DeleteTerms operation returned by the service.

See Also:

• AWS API Documentation

deleteTerms

default DeleteTermsResponse deleteTerms(Consumer<DeleteTermsRequest.Builder> deleteTermsRequest)
                                 throws ResourceNotFoundException,
ConcurrentModificationException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes the terms documents with the requested ID from your app client.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the DeleteTermsRequest.Builder avoiding the need to create one manually via DeleteTermsRequest.builder()

Parameters:

deleteTermsRequest - A Consumer that will call methods on DeleteTermsRequest.Builder to create a request.

Returns:

Result of the DeleteTerms operation returned by the service.

See Also:

• AWS API Documentation

deleteUser

default DeleteUserResponse deleteUser(DeleteUserRequest deleteUserRequest)
                               throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes the profile of the currently signed-in user. A deleted user profile can no longer be used to sign in and can't be restored.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

deleteUserRequest - Represents the request to delete a user.

Returns:

Result of the DeleteUser operation returned by the service.

See Also:

• AWS API Documentation

deleteUser

default DeleteUserResponse deleteUser(Consumer<DeleteUserRequest.Builder> deleteUserRequest)
                               throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes the profile of the currently signed-in user. A deleted user profile can no longer be used to sign in and can't be restored.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the DeleteUserRequest.Builder avoiding the need to create one manually via DeleteUserRequest.builder()

Parameters:

deleteUserRequest - A Consumer that will call methods on DeleteUserRequest.Builder to create a request. Represents the request to delete a user.

Returns:

Result of the DeleteUser operation returned by the service.

See Also:

• AWS API Documentation

deleteUserAttributes

default DeleteUserAttributesResponse deleteUserAttributes(DeleteUserAttributesRequest deleteUserAttributesRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes attributes from the currently signed-in user. For example, your application can submit a request to this operation when a user wants to remove their birthdate attribute value.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

deleteUserAttributesRequest - Represents the request to delete user attributes.

Returns:

Result of the DeleteUserAttributes operation returned by the service.

See Also:

• AWS API Documentation

deleteUserAttributes

default DeleteUserAttributesResponse deleteUserAttributes(Consumer<DeleteUserAttributesRequest.Builder> deleteUserAttributesRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes attributes from the currently signed-in user. For example, your application can submit a request to this operation when a user wants to remove their birthdate attribute value.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the DeleteUserAttributesRequest.Builder avoiding the need to create one manually via DeleteUserAttributesRequest.builder()

Parameters:

deleteUserAttributesRequest - A Consumer that will call methods on DeleteUserAttributesRequest.Builder to create a request. Represents the request to delete user attributes.

Returns:

Result of the DeleteUserAttributes operation returned by the service.

See Also:

• AWS API Documentation

deleteUserPool

default DeleteUserPoolResponse deleteUserPool(DeleteUserPoolRequest deleteUserPoolRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserImportInProgressException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a user pool. After you delete a user pool, users can no longer sign in to any associated applications.

When you delete a user pool, it's no longer visible or operational in your Amazon Web Services account. Amazon Cognito retains deleted user pools in an inactive state for 14 days, then begins a cleanup process that fully removes them from Amazon Web Services systems. In case of accidental deletion, contact Amazon Web ServicesSupport within 14 days for restoration assistance.

Amazon Cognito begins full deletion of all resources from deleted user pools after 14 days. In the case of large user pools, the cleanup process might take significant additional time before all user data is permanently deleted.

Parameters:

deleteUserPoolRequest - Represents the request to delete a user pool.

Returns:

Result of the DeleteUserPool operation returned by the service.

See Also:

• AWS API Documentation

deleteUserPool

default DeleteUserPoolResponse deleteUserPool(Consumer<DeleteUserPoolRequest.Builder> deleteUserPoolRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserImportInProgressException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a user pool. After you delete a user pool, users can no longer sign in to any associated applications.

When you delete a user pool, it's no longer visible or operational in your Amazon Web Services account. Amazon Cognito retains deleted user pools in an inactive state for 14 days, then begins a cleanup process that fully removes them from Amazon Web Services systems. In case of accidental deletion, contact Amazon Web ServicesSupport within 14 days for restoration assistance.

Amazon Cognito begins full deletion of all resources from deleted user pools after 14 days. In the case of large user pools, the cleanup process might take significant additional time before all user data is permanently deleted.

This is a convenience which creates an instance of the DeleteUserPoolRequest.Builder avoiding the need to create one manually via DeleteUserPoolRequest.builder()

Parameters:

deleteUserPoolRequest - A Consumer that will call methods on DeleteUserPoolRequest.Builder to create a request. Represents the request to delete a user pool.

Returns:

Result of the DeleteUserPool operation returned by the service.

See Also:

• AWS API Documentation

deleteUserPoolClient

default DeleteUserPoolClientResponse deleteUserPoolClient(DeleteUserPoolClientRequest deleteUserPoolClientRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
ConcurrentModificationException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a user pool app client. After you delete an app client, users can no longer sign in to the associated application.

Parameters:

deleteUserPoolClientRequest - Represents the request to delete a user pool client.

Returns:

Result of the DeleteUserPoolClient operation returned by the service.

See Also:

• AWS API Documentation

deleteUserPoolClient

default DeleteUserPoolClientResponse deleteUserPoolClient(Consumer<DeleteUserPoolClientRequest.Builder> deleteUserPoolClientRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
ConcurrentModificationException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a user pool app client. After you delete an app client, users can no longer sign in to the associated application.

This is a convenience which creates an instance of the DeleteUserPoolClientRequest.Builder avoiding the need to create one manually via DeleteUserPoolClientRequest.builder()

Parameters:

deleteUserPoolClientRequest - A Consumer that will call methods on DeleteUserPoolClientRequest.Builder to create a request. Represents the request to delete a user pool client.

Returns:

Result of the DeleteUserPoolClient operation returned by the service.

See Also:

• AWS API Documentation

deleteUserPoolDomain

default DeleteUserPoolDomainResponse deleteUserPoolDomain(DeleteUserPoolDomainRequest deleteUserPoolDomainRequest)
                                                   throws NotAuthorizedException,
InvalidParameterException,
ConcurrentModificationException,
ResourceNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID and domain identifier, deletes a user pool domain. After you delete a user pool domain, your managed login pages and authorization server are no longer available.

Parameters:

deleteUserPoolDomainRequest -

Returns:

Result of the DeleteUserPoolDomain operation returned by the service.

See Also:

• AWS API Documentation

deleteUserPoolDomain

default DeleteUserPoolDomainResponse deleteUserPoolDomain(Consumer<DeleteUserPoolDomainRequest.Builder> deleteUserPoolDomainRequest)
                                                   throws NotAuthorizedException,
InvalidParameterException,
ConcurrentModificationException,
ResourceNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID and domain identifier, deletes a user pool domain. After you delete a user pool domain, your managed login pages and authorization server are no longer available.

This is a convenience which creates an instance of the DeleteUserPoolDomainRequest.Builder avoiding the need to create one manually via DeleteUserPoolDomainRequest.builder()

Parameters:

deleteUserPoolDomainRequest - A Consumer that will call methods on DeleteUserPoolDomainRequest.Builder to create a request.

Returns:

Result of the DeleteUserPoolDomain operation returned by the service.

See Also:

• AWS API Documentation

deleteWebAuthnCredential

default DeleteWebAuthnCredentialResponse deleteWebAuthnCredential(DeleteWebAuthnCredentialRequest deleteWebAuthnCredentialRequest)
                                                           throws ForbiddenException,
InternalErrorException,
InvalidParameterException,
TooManyRequestsException,
LimitExceededException,
NotAuthorizedException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

deleteWebAuthnCredentialRequest -

Returns:

Result of the DeleteWebAuthnCredential operation returned by the service.

See Also:

• AWS API Documentation

deleteWebAuthnCredential

default DeleteWebAuthnCredentialResponse deleteWebAuthnCredential(Consumer<DeleteWebAuthnCredentialRequest.Builder> deleteWebAuthnCredentialRequest)
                                                           throws ForbiddenException,
InternalErrorException,
InvalidParameterException,
TooManyRequestsException,
LimitExceededException,
NotAuthorizedException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the DeleteWebAuthnCredentialRequest.Builder avoiding the need to create one manually via DeleteWebAuthnCredentialRequest.builder()

Parameters:

deleteWebAuthnCredentialRequest - A Consumer that will call methods on DeleteWebAuthnCredentialRequest.Builder to create a request.

Returns:

Result of the DeleteWebAuthnCredential operation returned by the service.

See Also:

• AWS API Documentation

describeIdentityProvider

default DescribeIdentityProviderResponse describeIdentityProvider(DescribeIdentityProviderRequest describeIdentityProviderRequest)
                                                           throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID and identity provider (IdP) name, returns details about the IdP.

Parameters:

describeIdentityProviderRequest -

Returns:

Result of the DescribeIdentityProvider operation returned by the service.

See Also:

• AWS API Documentation

describeIdentityProvider

default DescribeIdentityProviderResponse describeIdentityProvider(Consumer<DescribeIdentityProviderRequest.Builder> describeIdentityProviderRequest)
                                                           throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID and identity provider (IdP) name, returns details about the IdP.

This is a convenience which creates an instance of the DescribeIdentityProviderRequest.Builder avoiding the need to create one manually via DescribeIdentityProviderRequest.builder()

Parameters:

describeIdentityProviderRequest - A Consumer that will call methods on DescribeIdentityProviderRequest.Builder to create a request.

Returns:

Result of the DescribeIdentityProvider operation returned by the service.

See Also:

• AWS API Documentation

describeManagedLoginBranding

default DescribeManagedLoginBrandingResponse describeManagedLoginBranding(DescribeManagedLoginBrandingRequest describeManagedLoginBrandingRequest)
                                                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the ID of a managed login branding style, returns detailed information about the style.

Parameters:

describeManagedLoginBrandingRequest -

Returns:

Result of the DescribeManagedLoginBranding operation returned by the service.

See Also:

• AWS API Documentation

describeManagedLoginBranding

default DescribeManagedLoginBrandingResponse describeManagedLoginBranding(Consumer<DescribeManagedLoginBrandingRequest.Builder> describeManagedLoginBrandingRequest)
                                                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the ID of a managed login branding style, returns detailed information about the style.

This is a convenience which creates an instance of the DescribeManagedLoginBrandingRequest.Builder avoiding the need to create one manually via DescribeManagedLoginBrandingRequest.builder()

Parameters:

describeManagedLoginBrandingRequest - A Consumer that will call methods on DescribeManagedLoginBrandingRequest.Builder to create a request.

Returns:

Result of the DescribeManagedLoginBranding operation returned by the service.

See Also:

• AWS API Documentation

describeManagedLoginBrandingByClient

default DescribeManagedLoginBrandingByClientResponse describeManagedLoginBrandingByClient(DescribeManagedLoginBrandingByClientRequest describeManagedLoginBrandingByClientRequest)
                                                                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the ID of a user pool app client, returns detailed information about the style assigned to the app client.

Parameters:

describeManagedLoginBrandingByClientRequest -

Returns:

Result of the DescribeManagedLoginBrandingByClient operation returned by the service.

See Also:

• AWS API Documentation

describeManagedLoginBrandingByClient

default DescribeManagedLoginBrandingByClientResponse describeManagedLoginBrandingByClient(Consumer<DescribeManagedLoginBrandingByClientRequest.Builder> describeManagedLoginBrandingByClientRequest)
                                                                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the ID of a user pool app client, returns detailed information about the style assigned to the app client.

This is a convenience which creates an instance of the DescribeManagedLoginBrandingByClientRequest.Builder avoiding the need to create one manually via DescribeManagedLoginBrandingByClientRequest.builder()

Parameters:

describeManagedLoginBrandingByClientRequest - A Consumer that will call methods on DescribeManagedLoginBrandingByClientRequest.Builder to create a request.

Returns:

Result of the DescribeManagedLoginBrandingByClient operation returned by the service.

See Also:

• AWS API Documentation

describeResourceServer

default DescribeResourceServerResponse describeResourceServer(DescribeResourceServerRequest describeResourceServerRequest)
                                                       throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Describes a resource server. For more information about resource servers, see Access control with resource servers.

Parameters:

describeResourceServerRequest -

Returns:

Result of the DescribeResourceServer operation returned by the service.

See Also:

• AWS API Documentation

describeResourceServer

default DescribeResourceServerResponse describeResourceServer(Consumer<DescribeResourceServerRequest.Builder> describeResourceServerRequest)
                                                       throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Describes a resource server. For more information about resource servers, see Access control with resource servers.

This is a convenience which creates an instance of the DescribeResourceServerRequest.Builder avoiding the need to create one manually via DescribeResourceServerRequest.builder()

Parameters:

describeResourceServerRequest - A Consumer that will call methods on DescribeResourceServerRequest.Builder to create a request.

Returns:

Result of the DescribeResourceServer operation returned by the service.

See Also:

• AWS API Documentation

describeRiskConfiguration

default DescribeRiskConfigurationResponse describeRiskConfiguration(DescribeRiskConfigurationRequest describeRiskConfigurationRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given an app client or user pool ID where threat protection is configured, describes the risk configuration. This operation returns details about adaptive authentication, compromised credentials, and IP-address allow- and denylists. For more information about threat protection, see Threat protection.

Parameters:

describeRiskConfigurationRequest -

Returns:

Result of the DescribeRiskConfiguration operation returned by the service.

See Also:

• AWS API Documentation

describeRiskConfiguration

default DescribeRiskConfigurationResponse describeRiskConfiguration(Consumer<DescribeRiskConfigurationRequest.Builder> describeRiskConfigurationRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given an app client or user pool ID where threat protection is configured, describes the risk configuration. This operation returns details about adaptive authentication, compromised credentials, and IP-address allow- and denylists. For more information about threat protection, see Threat protection.

This is a convenience which creates an instance of the DescribeRiskConfigurationRequest.Builder avoiding the need to create one manually via DescribeRiskConfigurationRequest.builder()

Parameters:

describeRiskConfigurationRequest - A Consumer that will call methods on DescribeRiskConfigurationRequest.Builder to create a request.

Returns:

Result of the DescribeRiskConfiguration operation returned by the service.

See Also:

• AWS API Documentation

describeTerms

default DescribeTermsResponse describeTerms(DescribeTermsRequest describeTermsRequest)
                                     throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Returns details for the requested terms documents ID. For more information, see Terms documents.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

describeTermsRequest -

Returns:

Result of the DescribeTerms operation returned by the service.

See Also:

• AWS API Documentation

describeTerms

default DescribeTermsResponse describeTerms(Consumer<DescribeTermsRequest.Builder> describeTermsRequest)
                                     throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Returns details for the requested terms documents ID. For more information, see Terms documents.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the DescribeTermsRequest.Builder avoiding the need to create one manually via DescribeTermsRequest.builder()

Parameters:

describeTermsRequest - A Consumer that will call methods on DescribeTermsRequest.Builder to create a request.

Returns:

Result of the DescribeTerms operation returned by the service.

See Also:

• AWS API Documentation

describeUserImportJob

default DescribeUserImportJobResponse describeUserImportJob(DescribeUserImportJobRequest describeUserImportJobRequest)
                                                     throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Describes a user import job. For more information about user CSV import, see Importing users from a CSV file.

Parameters:

describeUserImportJobRequest - Represents the request to describe the user import job.

Returns:

Result of the DescribeUserImportJob operation returned by the service.

See Also:

• AWS API Documentation

describeUserImportJob

default DescribeUserImportJobResponse describeUserImportJob(Consumer<DescribeUserImportJobRequest.Builder> describeUserImportJobRequest)
                                                     throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Describes a user import job. For more information about user CSV import, see Importing users from a CSV file.

This is a convenience which creates an instance of the DescribeUserImportJobRequest.Builder avoiding the need to create one manually via DescribeUserImportJobRequest.builder()

Parameters:

describeUserImportJobRequest - A Consumer that will call methods on DescribeUserImportJobRequest.Builder to create a request. Represents the request to describe the user import job.

Returns:

Result of the DescribeUserImportJob operation returned by the service.

See Also:

• AWS API Documentation

describeUserPool

default DescribeUserPoolResponse describeUserPool(DescribeUserPoolRequest describeUserPoolRequest)
                                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserPoolTaggingException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns configuration information. This operation is useful when you want to inspect an existing user pool and programmatically replicate the configuration to another user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

describeUserPoolRequest - Represents the request to describe the user pool.

Returns:

Result of the DescribeUserPool operation returned by the service.

See Also:

• AWS API Documentation

describeUserPool

default DescribeUserPoolResponse describeUserPool(Consumer<DescribeUserPoolRequest.Builder> describeUserPoolRequest)
                                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserPoolTaggingException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns configuration information. This operation is useful when you want to inspect an existing user pool and programmatically replicate the configuration to another user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the DescribeUserPoolRequest.Builder avoiding the need to create one manually via DescribeUserPoolRequest.builder()

Parameters:

describeUserPoolRequest - A Consumer that will call methods on DescribeUserPoolRequest.Builder to create a request. Represents the request to describe the user pool.

Returns:

Result of the DescribeUserPool operation returned by the service.

See Also:

• AWS API Documentation

describeUserPoolClient

default DescribeUserPoolClientResponse describeUserPoolClient(DescribeUserPoolClientRequest describeUserPoolClientRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given an app client ID, returns configuration information. This operation is useful when you want to inspect an existing app client and programmatically replicate the configuration to another app client. For more information about app clients, see App clients.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

describeUserPoolClientRequest - Represents the request to describe a user pool client.

Returns:

Result of the DescribeUserPoolClient operation returned by the service.

See Also:

• AWS API Documentation

describeUserPoolClient

default DescribeUserPoolClientResponse describeUserPoolClient(Consumer<DescribeUserPoolClientRequest.Builder> describeUserPoolClientRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given an app client ID, returns configuration information. This operation is useful when you want to inspect an existing app client and programmatically replicate the configuration to another app client. For more information about app clients, see App clients.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the DescribeUserPoolClientRequest.Builder avoiding the need to create one manually via DescribeUserPoolClientRequest.builder()

Parameters:

describeUserPoolClientRequest - A Consumer that will call methods on DescribeUserPoolClientRequest.Builder to create a request. Represents the request to describe a user pool client.

Returns:

Result of the DescribeUserPoolClient operation returned by the service.

See Also:

• AWS API Documentation

describeUserPoolDomain

default DescribeUserPoolDomainResponse describeUserPoolDomain(DescribeUserPoolDomainRequest describeUserPoolDomainRequest)
                                                       throws NotAuthorizedException,
InvalidParameterException,
ResourceNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool domain name, returns information about the domain configuration.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

describeUserPoolDomainRequest -

Returns:

Result of the DescribeUserPoolDomain operation returned by the service.

See Also:

• AWS API Documentation

describeUserPoolDomain

default DescribeUserPoolDomainResponse describeUserPoolDomain(Consumer<DescribeUserPoolDomainRequest.Builder> describeUserPoolDomainRequest)
                                                       throws NotAuthorizedException,
InvalidParameterException,
ResourceNotFoundException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool domain name, returns information about the domain configuration.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the DescribeUserPoolDomainRequest.Builder avoiding the need to create one manually via DescribeUserPoolDomainRequest.builder()

Parameters:

describeUserPoolDomainRequest - A Consumer that will call methods on DescribeUserPoolDomainRequest.Builder to create a request.

Returns:

Result of the DescribeUserPoolDomain operation returned by the service.

See Also:

• AWS API Documentation

forgetDevice

default ForgetDeviceResponse forgetDevice(ForgetDeviceRequest forgetDeviceRequest)
                                   throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
InvalidUserPoolConfigurationException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a device key, deletes a remembered device as the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

forgetDeviceRequest - Represents the request to forget the device.

Returns:

Result of the ForgetDevice operation returned by the service.

See Also:

• AWS API Documentation

forgetDevice

default ForgetDeviceResponse forgetDevice(Consumer<ForgetDeviceRequest.Builder> forgetDeviceRequest)
                                   throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
InvalidUserPoolConfigurationException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a device key, deletes a remembered device as the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the ForgetDeviceRequest.Builder avoiding the need to create one manually via ForgetDeviceRequest.builder()

Parameters:

forgetDeviceRequest - A Consumer that will call methods on ForgetDeviceRequest.Builder to create a request. Represents the request to forget the device.

Returns:

Result of the ForgetDevice operation returned by the service.

See Also:

• AWS API Documentation

forgotPassword

default ForgotPasswordResponse forgotPassword(ForgotPasswordRequest forgotPasswordRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
UserNotFoundException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sends a password-reset confirmation code to the email address or phone number of the requested username. The message delivery method is determined by the user's available attributes and the AccountRecoverySetting configuration of the user pool.

For the Username parameter, you can use the username or an email, phone, or preferred username alias.

If neither a verified phone number nor a verified email exists, Amazon Cognito responds with an InvalidParameterException error . If your app client has a client secret and you don't provide a SECRET_HASH parameter, this API returns NotAuthorizedException.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Parameters:

forgotPasswordRequest - Represents the request to reset a user's password.

Returns:

Result of the ForgotPassword operation returned by the service.

See Also:

• AWS API Documentation

forgotPassword

default ForgotPasswordResponse forgotPassword(Consumer<ForgotPasswordRequest.Builder> forgotPasswordRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
UserNotFoundException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sends a password-reset confirmation code to the email address or phone number of the requested username. The message delivery method is determined by the user's available attributes and the AccountRecoverySetting configuration of the user pool.

For the Username parameter, you can use the username or an email, phone, or preferred username alias.

If neither a verified phone number nor a verified email exists, Amazon Cognito responds with an InvalidParameterException error . If your app client has a client secret and you don't provide a SECRET_HASH parameter, this API returns NotAuthorizedException.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This is a convenience which creates an instance of the ForgotPasswordRequest.Builder avoiding the need to create one manually via ForgotPasswordRequest.builder()

Parameters:

forgotPasswordRequest - A Consumer that will call methods on ForgotPasswordRequest.Builder to create a request. Represents the request to reset a user's password.

Returns:

Result of the ForgotPassword operation returned by the service.

See Also:

• AWS API Documentation

getCSVHeader

default GetCsvHeaderResponse getCSVHeader(GetCsvHeaderRequest getCsvHeaderRequest)
                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, generates a comma-separated value (CSV) list populated with available user attributes in the user pool. This list is the header for the CSV file that determines the users in a user import job. Save the content of CSVHeader in the response as a .csv file and populate it with the usernames and attributes of users that you want to import. For more information about CSV user import, see Importing users from a CSV file.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

getCsvHeaderRequest - Represents the request to get the header information of the CSV file for the user import job.

Returns:

Result of the GetCSVHeader operation returned by the service.

See Also:

• AWS API Documentation

getCSVHeader

default GetCsvHeaderResponse getCSVHeader(Consumer<GetCsvHeaderRequest.Builder> getCsvHeaderRequest)
                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, generates a comma-separated value (CSV) list populated with available user attributes in the user pool. This list is the header for the CSV file that determines the users in a user import job. Save the content of CSVHeader in the response as a .csv file and populate it with the usernames and attributes of users that you want to import. For more information about CSV user import, see Importing users from a CSV file.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the GetCsvHeaderRequest.Builder avoiding the need to create one manually via GetCsvHeaderRequest.builder()

Parameters:

getCsvHeaderRequest - A Consumer that will call methods on GetCsvHeaderRequest.Builder to create a request. Represents the request to get the header information of the CSV file for the user import job.

Returns:

Result of the GetCSVHeader operation returned by the service.

See Also:

• AWS API Documentation

getDevice

default GetDeviceResponse getDevice(GetDeviceRequest getDeviceRequest)
                             throws ResourceNotFoundException,
InvalidParameterException,
InvalidUserPoolConfigurationException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a device key, returns information about a remembered device for the current user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

getDeviceRequest - Represents the request to get the device.

Returns:

Result of the GetDevice operation returned by the service.

See Also:

• AWS API Documentation

getDevice

default GetDeviceResponse getDevice(Consumer<GetDeviceRequest.Builder> getDeviceRequest)
                             throws ResourceNotFoundException,
InvalidParameterException,
InvalidUserPoolConfigurationException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a device key, returns information about a remembered device for the current user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the GetDeviceRequest.Builder avoiding the need to create one manually via GetDeviceRequest.builder()

Parameters:

getDeviceRequest - A Consumer that will call methods on GetDeviceRequest.Builder to create a request. Represents the request to get the device.

Returns:

Result of the GetDevice operation returned by the service.

See Also:

• AWS API Documentation

getGroup

default GetGroupResponse getGroup(GetGroupRequest getGroupRequest)
                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID and a group name, returns information about the user group.

For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

getGroupRequest -

Returns:

Result of the GetGroup operation returned by the service.

See Also:

• AWS API Documentation

getGroup

default GetGroupResponse getGroup(Consumer<GetGroupRequest.Builder> getGroupRequest)
                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID and a group name, returns information about the user group.

For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the GetGroupRequest.Builder avoiding the need to create one manually via GetGroupRequest.builder()

Parameters:

getGroupRequest - A Consumer that will call methods on GetGroupRequest.Builder to create a request.

Returns:

Result of the GetGroup operation returned by the service.

See Also:

• AWS API Documentation

getIdentityProviderByIdentifier

default GetIdentityProviderByIdentifierResponse getIdentityProviderByIdentifier(GetIdentityProviderByIdentifierRequest getIdentityProviderByIdentifierRequest)
                                                                         throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the identifier of an identity provider (IdP), for example examplecorp, returns information about the user pool configuration for that IdP. For more information about IdPs, see Third-party IdP sign-in.

Parameters:

getIdentityProviderByIdentifierRequest -

Returns:

Result of the GetIdentityProviderByIdentifier operation returned by the service.

See Also:

• AWS API Documentation

getIdentityProviderByIdentifier

default GetIdentityProviderByIdentifierResponse getIdentityProviderByIdentifier(Consumer<GetIdentityProviderByIdentifierRequest.Builder> getIdentityProviderByIdentifierRequest)
                                                                         throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the identifier of an identity provider (IdP), for example examplecorp, returns information about the user pool configuration for that IdP. For more information about IdPs, see Third-party IdP sign-in.

This is a convenience which creates an instance of the GetIdentityProviderByIdentifierRequest.Builder avoiding the need to create one manually via GetIdentityProviderByIdentifierRequest.builder()

Parameters:

getIdentityProviderByIdentifierRequest - A Consumer that will call methods on GetIdentityProviderByIdentifierRequest.Builder to create a request.

Returns:

Result of the GetIdentityProviderByIdentifier operation returned by the service.

See Also:

• AWS API Documentation

getLogDeliveryConfiguration

default GetLogDeliveryConfigurationResponse getLogDeliveryConfiguration(GetLogDeliveryConfigurationRequest getLogDeliveryConfigurationRequest)
                                                                 throws InvalidParameterException,
InternalErrorException,
TooManyRequestsException,
NotAuthorizedException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns the logging configuration. User pools can export message-delivery error and threat-protection activity logs to external Amazon Web Services services. For more information, see Exporting user pool logs.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

getLogDeliveryConfigurationRequest -

Returns:

Result of the GetLogDeliveryConfiguration operation returned by the service.

See Also:

• AWS API Documentation

getLogDeliveryConfiguration

default GetLogDeliveryConfigurationResponse getLogDeliveryConfiguration(Consumer<GetLogDeliveryConfigurationRequest.Builder> getLogDeliveryConfigurationRequest)
                                                                 throws InvalidParameterException,
InternalErrorException,
TooManyRequestsException,
NotAuthorizedException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns the logging configuration. User pools can export message-delivery error and threat-protection activity logs to external Amazon Web Services services. For more information, see Exporting user pool logs.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the GetLogDeliveryConfigurationRequest.Builder avoiding the need to create one manually via GetLogDeliveryConfigurationRequest.builder()

Parameters:

getLogDeliveryConfigurationRequest - A Consumer that will call methods on GetLogDeliveryConfigurationRequest.Builder to create a request.

Returns:

Result of the GetLogDeliveryConfiguration operation returned by the service.

See Also:

• AWS API Documentation

getSigningCertificate

default GetSigningCertificateResponse getSigningCertificate(GetSigningCertificateRequest getSigningCertificateRequest)
                                                     throws InternalErrorException,
InvalidParameterException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns the signing certificate for SAML 2.0 federation.

Issued certificates are valid for 10 years from the date of issue. Amazon Cognito issues and assigns a new signing certificate annually. This renewal process returns a new value in the response to GetSigningCertificate, but doesn't invalidate the original certificate.

For more information, see Signing SAML requests.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

getSigningCertificateRequest - Request to get a signing certificate from Amazon Cognito.

Returns:

Result of the GetSigningCertificate operation returned by the service.

See Also:

• AWS API Documentation

getSigningCertificate

default GetSigningCertificateResponse getSigningCertificate(Consumer<GetSigningCertificateRequest.Builder> getSigningCertificateRequest)
                                                     throws InternalErrorException,
InvalidParameterException,
ResourceNotFoundException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns the signing certificate for SAML 2.0 federation.

Issued certificates are valid for 10 years from the date of issue. Amazon Cognito issues and assigns a new signing certificate annually. This renewal process returns a new value in the response to GetSigningCertificate, but doesn't invalidate the original certificate.

For more information, see Signing SAML requests.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the GetSigningCertificateRequest.Builder avoiding the need to create one manually via GetSigningCertificateRequest.builder()

Parameters:

getSigningCertificateRequest - A Consumer that will call methods on GetSigningCertificateRequest.Builder to create a request. Request to get a signing certificate from Amazon Cognito.

Returns:

Result of the GetSigningCertificate operation returned by the service.

See Also:

• AWS API Documentation

getTokensFromRefreshToken

default GetTokensFromRefreshTokenResponse getTokensFromRefreshToken(GetTokensFromRefreshTokenRequest getTokensFromRefreshTokenRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
UserNotFoundException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
ForbiddenException,
RefreshTokenReuseException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a refresh token, issues new ID, access, and optionally refresh tokens for the user who owns the submitted token. This operation issues a new refresh token and invalidates the original refresh token after an optional grace period when refresh token rotation is enabled. If refresh token rotation is disabled, issues new ID and access tokens only.

Parameters:

getTokensFromRefreshTokenRequest -

Returns:

Result of the GetTokensFromRefreshToken operation returned by the service.

See Also:

• AWS API Documentation

getTokensFromRefreshToken

default GetTokensFromRefreshTokenResponse getTokensFromRefreshToken(Consumer<GetTokensFromRefreshTokenRequest.Builder> getTokensFromRefreshTokenRequest)
                                                             throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
UserNotFoundException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
ForbiddenException,
RefreshTokenReuseException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a refresh token, issues new ID, access, and optionally refresh tokens for the user who owns the submitted token. This operation issues a new refresh token and invalidates the original refresh token after an optional grace period when refresh token rotation is enabled. If refresh token rotation is disabled, issues new ID and access tokens only.

This is a convenience which creates an instance of the GetTokensFromRefreshTokenRequest.Builder avoiding the need to create one manually via GetTokensFromRefreshTokenRequest.builder()

Parameters:

getTokensFromRefreshTokenRequest - A Consumer that will call methods on GetTokensFromRefreshTokenRequest.Builder to create a request.

Returns:

Result of the GetTokensFromRefreshToken operation returned by the service.

See Also:

• AWS API Documentation

getUICustomization

default GetUiCustomizationResponse getUICustomization(GetUiCustomizationRequest getUiCustomizationRequest)
                                               throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any. Returns user-pool level branding information if no app client branding is applied, or if you don't specify an app client ID. Returns an empty object if you haven't applied hosted UI branding to either the client or the user pool. For more information, see Hosted UI (classic) branding.

Parameters:

getUiCustomizationRequest -

Returns:

Result of the GetUICustomization operation returned by the service.

See Also:

• AWS API Documentation

getUICustomization

default GetUiCustomizationResponse getUICustomization(Consumer<GetUiCustomizationRequest.Builder> getUiCustomizationRequest)
                                               throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any. Returns user-pool level branding information if no app client branding is applied, or if you don't specify an app client ID. Returns an empty object if you haven't applied hosted UI branding to either the client or the user pool. For more information, see Hosted UI (classic) branding.

This is a convenience which creates an instance of the GetUiCustomizationRequest.Builder avoiding the need to create one manually via GetUiCustomizationRequest.builder()

Parameters:

getUiCustomizationRequest - A Consumer that will call methods on GetUiCustomizationRequest.Builder to create a request.

Returns:

Result of the GetUICustomization operation returned by the service.

See Also:

• AWS API Documentation

getUser

default GetUserResponse getUser(GetUserRequest getUserRequest)
                         throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Gets user attributes and and MFA settings for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

getUserRequest - Represents the request to get information about the user.

Returns:

Result of the GetUser operation returned by the service.

See Also:

• AWS API Documentation

getUser

default GetUserResponse getUser(Consumer<GetUserRequest.Builder> getUserRequest)
                         throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Gets user attributes and and MFA settings for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the GetUserRequest.Builder avoiding the need to create one manually via GetUserRequest.builder()

Parameters:

getUserRequest - A Consumer that will call methods on GetUserRequest.Builder to create a request. Represents the request to get information about the user.

Returns:

Result of the GetUser operation returned by the service.

See Also:

• AWS API Documentation

getUserAttributeVerificationCode

default GetUserAttributeVerificationCodeResponse getUserAttributeVerificationCode(GetUserAttributeVerificationCodeRequest getUserAttributeVerificationCodeRequest)
                                                                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
LimitExceededException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Parameters:

getUserAttributeVerificationCodeRequest - Represents the request to get user attribute verification.

Returns:

Result of the GetUserAttributeVerificationCode operation returned by the service.

See Also:

• AWS API Documentation

getUserAttributeVerificationCode

default GetUserAttributeVerificationCodeResponse getUserAttributeVerificationCode(Consumer<GetUserAttributeVerificationCodeRequest.Builder> getUserAttributeVerificationCodeRequest)
                                                                           throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
LimitExceededException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This is a convenience which creates an instance of the GetUserAttributeVerificationCodeRequest.Builder avoiding the need to create one manually via GetUserAttributeVerificationCodeRequest.builder()

Parameters:

getUserAttributeVerificationCodeRequest - A Consumer that will call methods on GetUserAttributeVerificationCodeRequest.Builder to create a request. Represents the request to get user attribute verification.

Returns:

Result of the GetUserAttributeVerificationCode operation returned by the service.

See Also:

• AWS API Documentation

getUserAuthFactors

default GetUserAuthFactorsResponse getUserAuthFactors(GetUserAuthFactorsRequest getUserAuthFactorsRequest)
                                               throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists the authentication options for the currently signed-in user. Returns the following:

1. The user's multi-factor authentication (MFA) preferences.

2. The user's options for choice-based authentication with the USER_AUTH flow.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

getUserAuthFactorsRequest -

Returns:

Result of the GetUserAuthFactors operation returned by the service.

See Also:

• AWS API Documentation

getUserAuthFactors

default GetUserAuthFactorsResponse getUserAuthFactors(Consumer<GetUserAuthFactorsRequest.Builder> getUserAuthFactorsRequest)
                                               throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists the authentication options for the currently signed-in user. Returns the following:

1. The user's multi-factor authentication (MFA) preferences.

2. The user's options for choice-based authentication with the USER_AUTH flow.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the GetUserAuthFactorsRequest.Builder avoiding the need to create one manually via GetUserAuthFactorsRequest.builder()

Parameters:

getUserAuthFactorsRequest - A Consumer that will call methods on GetUserAuthFactorsRequest.Builder to create a request.

Returns:

Result of the GetUserAuthFactors operation returned by the service.

See Also:

• AWS API Documentation

getUserPoolMfaConfig

default GetUserPoolMfaConfigResponse getUserPoolMfaConfig(GetUserPoolMfaConfigRequest getUserPoolMfaConfigRequest)
                                                   throws InvalidParameterException,
TooManyRequestsException,
ResourceNotFoundException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA). This operation describes the following:

• The WebAuthn relying party (RP) ID and user-verification settings.

• The required, optional, or disabled state of MFA for all user pool users.

• The message templates for email and SMS MFA.

• The enabled or disabled state of time-based one-time password (TOTP) MFA.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

getUserPoolMfaConfigRequest -

Returns:

Result of the GetUserPoolMfaConfig operation returned by the service.

See Also:

• AWS API Documentation

getUserPoolMfaConfig

default GetUserPoolMfaConfigResponse getUserPoolMfaConfig(Consumer<GetUserPoolMfaConfigRequest.Builder> getUserPoolMfaConfigRequest)
                                                   throws InvalidParameterException,
TooManyRequestsException,
ResourceNotFoundException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA). This operation describes the following:

• The WebAuthn relying party (RP) ID and user-verification settings.

• The required, optional, or disabled state of MFA for all user pool users.

• The message templates for email and SMS MFA.

• The enabled or disabled state of time-based one-time password (TOTP) MFA.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the GetUserPoolMfaConfigRequest.Builder avoiding the need to create one manually via GetUserPoolMfaConfigRequest.builder()

Parameters:

getUserPoolMfaConfigRequest - A Consumer that will call methods on GetUserPoolMfaConfigRequest.Builder to create a request.

Returns:

Result of the GetUserPoolMfaConfig operation returned by the service.

See Also:

• AWS API Documentation

globalSignOut

default GlobalSignOutResponse globalSignOut(GlobalSignOutRequest globalSignOutRequest)
                                     throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.

• Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.

  Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin.

• Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider.

• Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.

Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

globalSignOutRequest - Represents the request to sign out all devices.

Returns:

Result of the GlobalSignOut operation returned by the service.

See Also:

• AWS API Documentation

globalSignOut

default GlobalSignOutResponse globalSignOut(Consumer<GlobalSignOutRequest.Builder> globalSignOutRequest)
                                     throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.

• Amazon Cognito no longer accepts token-authorized user operations that you authorize with a signed-out user's access tokens. For more information, see Using the Amazon Cognito user pools API and user pool endpoints.

  Amazon Cognito returns an Access Token has been revoked error when your app attempts to authorize a user pools API request with a revoked access token that contains the scope aws.cognito.signin.user.admin.

• Amazon Cognito no longer accepts a signed-out user's ID token in a GetId request to an identity pool with ServerSideTokenCheck enabled for its user pool IdP configuration in CognitoIdentityProvider.

• Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests.

Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the GlobalSignOutRequest.Builder avoiding the need to create one manually via GlobalSignOutRequest.builder()

Parameters:

globalSignOutRequest - A Consumer that will call methods on GlobalSignOutRequest.Builder to create a request. Represents the request to sign out all devices.

Returns:

Result of the GlobalSignOut operation returned by the service.

See Also:

• AWS API Documentation

initiateAuth

default InitiateAuthResponse initiateAuth(InitiateAuthRequest initiateAuthRequest)
                                   throws UnsupportedOperationException,
ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
UnexpectedLambdaException,
InvalidUserPoolConfigurationException,
UserLambdaValidationException,
InvalidLambdaResponseException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
InvalidSmsRoleAccessPolicyException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user directory. Amazon Cognito might respond with an additional challenge or an AuthenticationResult that contains the outcome of a successful authentication. You can't sign in a user with a federated IdP with InitiateAuth. For more information, see Authentication.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Parameters:

initiateAuthRequest - Initiates the authentication request.

Returns:

Result of the InitiateAuth operation returned by the service.

See Also:

• AWS API Documentation

initiateAuth

default InitiateAuthResponse initiateAuth(Consumer<InitiateAuthRequest.Builder> initiateAuthRequest)
                                   throws UnsupportedOperationException,
ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
TooManyRequestsException,
UnexpectedLambdaException,
InvalidUserPoolConfigurationException,
UserLambdaValidationException,
InvalidLambdaResponseException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
InvalidSmsRoleAccessPolicyException,
InvalidEmailRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user directory. Amazon Cognito might respond with an additional challenge or an AuthenticationResult that contains the outcome of a successful authentication. You can't sign in a user with a federated IdP with InitiateAuth. For more information, see Authentication.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This is a convenience which creates an instance of the InitiateAuthRequest.Builder avoiding the need to create one manually via InitiateAuthRequest.builder()

Parameters:

initiateAuthRequest - A Consumer that will call methods on InitiateAuthRequest.Builder to create a request. Initiates the authentication request.

Returns:

Result of the InitiateAuth operation returned by the service.

See Also:

• AWS API Documentation

listDevices

default ListDevicesResponse listDevices(ListDevicesRequest listDevicesRequest)
                                 throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists the devices that Amazon Cognito has registered to the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

listDevicesRequest - Represents the request to list the devices.

Returns:

Result of the ListDevices operation returned by the service.

See Also:

• AWS API Documentation

listDevices

default ListDevicesResponse listDevices(Consumer<ListDevicesRequest.Builder> listDevicesRequest)
                                 throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists the devices that Amazon Cognito has registered to the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the ListDevicesRequest.Builder avoiding the need to create one manually via ListDevicesRequest.builder()

Parameters:

listDevicesRequest - A Consumer that will call methods on ListDevicesRequest.Builder to create a request. Represents the request to list the devices.

Returns:

Result of the ListDevices operation returned by the service.

See Also:

• AWS API Documentation

listGroups

default ListGroupsResponse listGroups(ListGroupsRequest listGroupsRequest)
                               throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns user pool groups and their details.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

listGroupsRequest -

Returns:

Result of the ListGroups operation returned by the service.

See Also:

• AWS API Documentation

listGroups

default ListGroupsResponse listGroups(Consumer<ListGroupsRequest.Builder> listGroupsRequest)
                               throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns user pool groups and their details.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the ListGroupsRequest.Builder avoiding the need to create one manually via ListGroupsRequest.builder()

Parameters:

listGroupsRequest - A Consumer that will call methods on ListGroupsRequest.Builder to create a request.

Returns:

Result of the ListGroups operation returned by the service.

See Also:

• AWS API Documentation

listGroupsPaginator

default ListGroupsIterable listGroupsPaginator(ListGroupsRequest listGroupsRequest)
                                        throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listGroups(software.amazon.awssdk.services.cognitoidentityprovider.model.ListGroupsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListGroupsIterable responses = client.listGroupsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListGroupsIterable responses = client
             .listGroupsPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListGroupsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListGroupsIterable responses = client.listGroupsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of Limit won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listGroups(software.amazon.awssdk.services.cognitoidentityprovider.model.ListGroupsRequest) operation.

Parameters:

listGroupsRequest -

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listGroupsPaginator

default ListGroupsIterable listGroupsPaginator(Consumer<ListGroupsRequest.Builder> listGroupsRequest)
                                        throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listGroups(software.amazon.awssdk.services.cognitoidentityprovider.model.ListGroupsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListGroupsIterable responses = client.listGroupsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListGroupsIterable responses = client
             .listGroupsPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListGroupsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListGroupsIterable responses = client.listGroupsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of Limit won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listGroups(software.amazon.awssdk.services.cognitoidentityprovider.model.ListGroupsRequest) operation.

This is a convenience which creates an instance of the ListGroupsRequest.Builder avoiding the need to create one manually via ListGroupsRequest.builder()

Parameters:

listGroupsRequest - A Consumer that will call methods on ListGroupsRequest.Builder to create a request.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listIdentityProviders

default ListIdentityProvidersResponse listIdentityProviders(ListIdentityProvidersRequest listIdentityProvidersRequest)
                                                     throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns information about configured identity providers (IdPs). For more information about IdPs, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

listIdentityProvidersRequest -

Returns:

Result of the ListIdentityProviders operation returned by the service.

See Also:

• AWS API Documentation

listIdentityProviders

default ListIdentityProvidersResponse listIdentityProviders(Consumer<ListIdentityProvidersRequest.Builder> listIdentityProvidersRequest)
                                                     throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns information about configured identity providers (IdPs). For more information about IdPs, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the ListIdentityProvidersRequest.Builder avoiding the need to create one manually via ListIdentityProvidersRequest.builder()

Parameters:

listIdentityProvidersRequest - A Consumer that will call methods on ListIdentityProvidersRequest.Builder to create a request.

Returns:

Result of the ListIdentityProviders operation returned by the service.

See Also:

• AWS API Documentation

listIdentityProvidersPaginator

default ListIdentityProvidersIterable listIdentityProvidersPaginator(ListIdentityProvidersRequest listIdentityProvidersRequest)
                                                              throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listIdentityProviders(software.amazon.awssdk.services.cognitoidentityprovider.model.ListIdentityProvidersRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListIdentityProvidersIterable responses = client.listIdentityProvidersPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListIdentityProvidersIterable responses = client
             .listIdentityProvidersPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListIdentityProvidersResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListIdentityProvidersIterable responses = client.listIdentityProvidersPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listIdentityProviders(software.amazon.awssdk.services.cognitoidentityprovider.model.ListIdentityProvidersRequest) operation.

Parameters:

listIdentityProvidersRequest -

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listIdentityProvidersPaginator

default ListIdentityProvidersIterable listIdentityProvidersPaginator(Consumer<ListIdentityProvidersRequest.Builder> listIdentityProvidersRequest)
                                                              throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listIdentityProviders(software.amazon.awssdk.services.cognitoidentityprovider.model.ListIdentityProvidersRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListIdentityProvidersIterable responses = client.listIdentityProvidersPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListIdentityProvidersIterable responses = client
             .listIdentityProvidersPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListIdentityProvidersResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListIdentityProvidersIterable responses = client.listIdentityProvidersPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listIdentityProviders(software.amazon.awssdk.services.cognitoidentityprovider.model.ListIdentityProvidersRequest) operation.

This is a convenience which creates an instance of the ListIdentityProvidersRequest.Builder avoiding the need to create one manually via ListIdentityProvidersRequest.builder()

Parameters:

listIdentityProvidersRequest - A Consumer that will call methods on ListIdentityProvidersRequest.Builder to create a request.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listResourceServers

default ListResourceServersResponse listResourceServers(ListResourceServersRequest listResourceServersRequest)
                                                 throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns all resource servers and their details. For more information about resource servers, see Access control with resource servers.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

listResourceServersRequest -

Returns:

Result of the ListResourceServers operation returned by the service.

See Also:

• AWS API Documentation

listResourceServers

default ListResourceServersResponse listResourceServers(Consumer<ListResourceServersRequest.Builder> listResourceServersRequest)
                                                 throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns all resource servers and their details. For more information about resource servers, see Access control with resource servers.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the ListResourceServersRequest.Builder avoiding the need to create one manually via ListResourceServersRequest.builder()

Parameters:

listResourceServersRequest - A Consumer that will call methods on ListResourceServersRequest.Builder to create a request.

Returns:

Result of the ListResourceServers operation returned by the service.

See Also:

• AWS API Documentation

listResourceServersPaginator

default ListResourceServersIterable listResourceServersPaginator(ListResourceServersRequest listResourceServersRequest)
                                                          throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listResourceServers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListResourceServersRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListResourceServersIterable responses = client.listResourceServersPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListResourceServersIterable responses = client
             .listResourceServersPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListResourceServersResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListResourceServersIterable responses = client.listResourceServersPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listResourceServers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListResourceServersRequest) operation.

Parameters:

listResourceServersRequest -

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listResourceServersPaginator

default ListResourceServersIterable listResourceServersPaginator(Consumer<ListResourceServersRequest.Builder> listResourceServersRequest)
                                                          throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listResourceServers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListResourceServersRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListResourceServersIterable responses = client.listResourceServersPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListResourceServersIterable responses = client
             .listResourceServersPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListResourceServersResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListResourceServersIterable responses = client.listResourceServersPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listResourceServers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListResourceServersRequest) operation.

This is a convenience which creates an instance of the ListResourceServersRequest.Builder avoiding the need to create one manually via ListResourceServersRequest.builder()

Parameters:

listResourceServersRequest - A Consumer that will call methods on ListResourceServersRequest.Builder to create a request.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listTagsForResource

default ListTagsForResourceResponse listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)
                                                 throws ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InvalidParameterException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists the tags that are assigned to an Amazon Cognito user pool. For more information, see Tagging resources.

Parameters:

listTagsForResourceRequest -

Returns:

Result of the ListTagsForResource operation returned by the service.

See Also:

• AWS API Documentation

listTagsForResource

default ListTagsForResourceResponse listTagsForResource(Consumer<ListTagsForResourceRequest.Builder> listTagsForResourceRequest)
                                                 throws ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InvalidParameterException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists the tags that are assigned to an Amazon Cognito user pool. For more information, see Tagging resources.

This is a convenience which creates an instance of the ListTagsForResourceRequest.Builder avoiding the need to create one manually via ListTagsForResourceRequest.builder()

Parameters:

listTagsForResourceRequest - A Consumer that will call methods on ListTagsForResourceRequest.Builder to create a request.

Returns:

Result of the ListTagsForResource operation returned by the service.

See Also:

• AWS API Documentation

listTerms

default ListTermsResponse listTerms(ListTermsRequest listTermsRequest)
                             throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Returns details about all terms documents for the requested user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

listTermsRequest -

Returns:

Result of the ListTerms operation returned by the service.

See Also:

• AWS API Documentation

listTerms

default ListTermsResponse listTerms(Consumer<ListTermsRequest.Builder> listTermsRequest)
                             throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Returns details about all terms documents for the requested user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the ListTermsRequest.Builder avoiding the need to create one manually via ListTermsRequest.builder()

Parameters:

listTermsRequest - A Consumer that will call methods on ListTermsRequest.Builder to create a request.

Returns:

Result of the ListTerms operation returned by the service.

See Also:

• AWS API Documentation

listUserImportJobs

default ListUserImportJobsResponse listUserImportJobs(ListUserImportJobsRequest listUserImportJobsRequest)
                                               throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns user import jobs and their details. Import jobs are retained in user pool configuration so that you can stage, stop, start, review, and delete them. For more information about user import, see Importing users from a CSV file.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

listUserImportJobsRequest - Represents the request to list the user import jobs.

Returns:

Result of the ListUserImportJobs operation returned by the service.

See Also:

• AWS API Documentation

listUserImportJobs

default ListUserImportJobsResponse listUserImportJobs(Consumer<ListUserImportJobsRequest.Builder> listUserImportJobsRequest)
                                               throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns user import jobs and their details. Import jobs are retained in user pool configuration so that you can stage, stop, start, review, and delete them. For more information about user import, see Importing users from a CSV file.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the ListUserImportJobsRequest.Builder avoiding the need to create one manually via ListUserImportJobsRequest.builder()

Parameters:

listUserImportJobsRequest - A Consumer that will call methods on ListUserImportJobsRequest.Builder to create a request. Represents the request to list the user import jobs.

Returns:

Result of the ListUserImportJobs operation returned by the service.

See Also:

• AWS API Documentation

listUserPoolClients

default ListUserPoolClientsResponse listUserPoolClients(ListUserPoolClientsRequest listUserPoolClientsRequest)
                                                 throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, lists app clients. App clients are sets of rules for the access that you want a user pool to grant to one application. For more information, see App clients.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

listUserPoolClientsRequest - Represents the request to list the user pool clients.

Returns:

Result of the ListUserPoolClients operation returned by the service.

See Also:

• AWS API Documentation

listUserPoolClients

default ListUserPoolClientsResponse listUserPoolClients(Consumer<ListUserPoolClientsRequest.Builder> listUserPoolClientsRequest)
                                                 throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, lists app clients. App clients are sets of rules for the access that you want a user pool to grant to one application. For more information, see App clients.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the ListUserPoolClientsRequest.Builder avoiding the need to create one manually via ListUserPoolClientsRequest.builder()

Parameters:

listUserPoolClientsRequest - A Consumer that will call methods on ListUserPoolClientsRequest.Builder to create a request. Represents the request to list the user pool clients.

Returns:

Result of the ListUserPoolClients operation returned by the service.

See Also:

• AWS API Documentation

listUserPoolClientsPaginator

default ListUserPoolClientsIterable listUserPoolClientsPaginator(ListUserPoolClientsRequest listUserPoolClientsRequest)
                                                          throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listUserPoolClients(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolClientsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolClientsIterable responses = client.listUserPoolClientsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolClientsIterable responses = client
             .listUserPoolClientsPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolClientsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolClientsIterable responses = client.listUserPoolClientsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listUserPoolClients(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolClientsRequest) operation.

Parameters:

listUserPoolClientsRequest - Represents the request to list the user pool clients.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listUserPoolClientsPaginator

default ListUserPoolClientsIterable listUserPoolClientsPaginator(Consumer<ListUserPoolClientsRequest.Builder> listUserPoolClientsRequest)
                                                          throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listUserPoolClients(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolClientsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolClientsIterable responses = client.listUserPoolClientsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolClientsIterable responses = client
             .listUserPoolClientsPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolClientsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolClientsIterable responses = client.listUserPoolClientsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listUserPoolClients(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolClientsRequest) operation.

This is a convenience which creates an instance of the ListUserPoolClientsRequest.Builder avoiding the need to create one manually via ListUserPoolClientsRequest.builder()

Parameters:

listUserPoolClientsRequest - A Consumer that will call methods on ListUserPoolClientsRequest.Builder to create a request. Represents the request to list the user pool clients.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listUserPools

default ListUserPoolsResponse listUserPools(ListUserPoolsRequest listUserPoolsRequest)
                                     throws InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists user pools and their details in the current Amazon Web Services account.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

listUserPoolsRequest - Represents the request to list user pools.

Returns:

Result of the ListUserPools operation returned by the service.

See Also:

• AWS API Documentation

listUserPools

default ListUserPoolsResponse listUserPools(Consumer<ListUserPoolsRequest.Builder> listUserPoolsRequest)
                                     throws InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Lists user pools and their details in the current Amazon Web Services account.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the ListUserPoolsRequest.Builder avoiding the need to create one manually via ListUserPoolsRequest.builder()

Parameters:

listUserPoolsRequest - A Consumer that will call methods on ListUserPoolsRequest.Builder to create a request. Represents the request to list user pools.

Returns:

Result of the ListUserPools operation returned by the service.

See Also:

• AWS API Documentation

listUserPoolsPaginator

default ListUserPoolsIterable listUserPoolsPaginator(ListUserPoolsRequest listUserPoolsRequest)
                                              throws InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listUserPools(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolsIterable responses = client.listUserPoolsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolsIterable responses = client
             .listUserPoolsPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolsIterable responses = client.listUserPoolsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listUserPools(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest) operation.

Parameters:

listUserPoolsRequest - Represents the request to list user pools.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listUserPoolsPaginator

default ListUserPoolsIterable listUserPoolsPaginator(Consumer<ListUserPoolsRequest.Builder> listUserPoolsRequest)
                                              throws InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listUserPools(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolsIterable responses = client.listUserPoolsPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolsIterable responses = client
             .listUserPoolsPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUserPoolsIterable responses = client.listUserPoolsPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listUserPools(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest) operation.

This is a convenience which creates an instance of the ListUserPoolsRequest.Builder avoiding the need to create one manually via ListUserPoolsRequest.builder()

Parameters:

listUserPoolsRequest - A Consumer that will call methods on ListUserPoolsRequest.Builder to create a request. Represents the request to list user pools.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listUsers

default ListUsersResponse listUsers(ListUsersRequest listUsersRequest)
                             throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns a list of users and their basic details in a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

listUsersRequest - Represents the request to list users.

Returns:

Result of the ListUsers operation returned by the service.

See Also:

• AWS API Documentation

listUsers

default ListUsersResponse listUsers(Consumer<ListUsersRequest.Builder> listUsersRequest)
                             throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID, returns a list of users and their basic details in a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the ListUsersRequest.Builder avoiding the need to create one manually via ListUsersRequest.builder()

Parameters:

listUsersRequest - A Consumer that will call methods on ListUsersRequest.Builder to create a request. Represents the request to list users.

Returns:

Result of the ListUsers operation returned by the service.

See Also:

• AWS API Documentation

listUsersPaginator

default ListUsersIterable listUsersPaginator(ListUsersRequest listUsersRequest)
                                      throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listUsers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersIterable responses = client.listUsersPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersIterable responses = client
             .listUsersPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersIterable responses = client.listUsersPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of Limit won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listUsers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest) operation.

Parameters:

listUsersRequest - Represents the request to list users.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listUsersPaginator

default ListUsersIterable listUsersPaginator(Consumer<ListUsersRequest.Builder> listUsersRequest)
                                      throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listUsers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersIterable responses = client.listUsersPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersIterable responses = client
             .listUsersPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersIterable responses = client.listUsersPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of Limit won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listUsers(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest) operation.

This is a convenience which creates an instance of the ListUsersRequest.Builder avoiding the need to create one manually via ListUsersRequest.builder()

Parameters:

listUsersRequest - A Consumer that will call methods on ListUsersRequest.Builder to create a request. Represents the request to list users.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listUsersInGroup

default ListUsersInGroupResponse listUsersInGroup(ListUsersInGroupRequest listUsersInGroupRequest)
                                           throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID and a group name, returns a list of users in the group. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

listUsersInGroupRequest -

Returns:

Result of the ListUsersInGroup operation returned by the service.

See Also:

• AWS API Documentation

listUsersInGroup

default ListUsersInGroupResponse listUsersInGroup(Consumer<ListUsersInGroupRequest.Builder> listUsersInGroupRequest)
                                           throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool ID and a group name, returns a list of users in the group. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the ListUsersInGroupRequest.Builder avoiding the need to create one manually via ListUsersInGroupRequest.builder()

Parameters:

listUsersInGroupRequest - A Consumer that will call methods on ListUsersInGroupRequest.Builder to create a request.

Returns:

Result of the ListUsersInGroup operation returned by the service.

See Also:

• AWS API Documentation

listUsersInGroupPaginator

default ListUsersInGroupIterable listUsersInGroupPaginator(ListUsersInGroupRequest listUsersInGroupRequest)
                                                    throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listUsersInGroup(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersInGroupRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersInGroupIterable responses = client.listUsersInGroupPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersInGroupIterable responses = client
             .listUsersInGroupPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersInGroupResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersInGroupIterable responses = client.listUsersInGroupPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of Limit won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listUsersInGroup(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersInGroupRequest) operation.

Parameters:

listUsersInGroupRequest -

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listUsersInGroupPaginator

default ListUsersInGroupIterable listUsersInGroupPaginator(Consumer<ListUsersInGroupRequest.Builder> listUsersInGroupRequest)
                                                    throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This is a variant of listUsersInGroup(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersInGroupRequest) operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.

When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.

The following are few ways to iterate through the response pages:

1) Using a Stream

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersInGroupIterable responses = client.listUsersInGroupPaginator(request);
 responses.stream().forEach(....);
 
 

2) Using For loop

 {
     @code
     software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersInGroupIterable responses = client
             .listUsersInGroupPaginator(request);
     for (software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersInGroupResponse response : responses) {
         // do something;
     }
 }
 

3) Use iterator directly

 
 software.amazon.awssdk.services.cognitoidentityprovider.paginators.ListUsersInGroupIterable responses = client.listUsersInGroupPaginator(request);
 responses.iterator().forEachRemaining(....);
 
 

Please notice that the configuration of Limit won't limit the number of results you get with the paginator. It only limits the number of results in each page.

Note: If you prefer to have control on service calls, use the listUsersInGroup(software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersInGroupRequest) operation.

This is a convenience which creates an instance of the ListUsersInGroupRequest.Builder avoiding the need to create one manually via ListUsersInGroupRequest.builder()

Parameters:

listUsersInGroupRequest - A Consumer that will call methods on ListUsersInGroupRequest.Builder to create a request.

Returns:

A custom iterable that can be used to iterate through all the response pages.

See Also:

• AWS API Documentation

listWebAuthnCredentials

default ListWebAuthnCredentialsResponse listWebAuthnCredentials(ListWebAuthnCredentialsRequest listWebAuthnCredentialsRequest)
                                                         throws ForbiddenException,
InternalErrorException,
InvalidParameterException,
TooManyRequestsException,
LimitExceededException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

listWebAuthnCredentialsRequest -

Returns:

Result of the ListWebAuthnCredentials operation returned by the service.

See Also:

• AWS API Documentation

listWebAuthnCredentials

default ListWebAuthnCredentialsResponse listWebAuthnCredentials(Consumer<ListWebAuthnCredentialsRequest.Builder> listWebAuthnCredentialsRequest)
                                                         throws ForbiddenException,
InternalErrorException,
InvalidParameterException,
TooManyRequestsException,
LimitExceededException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the ListWebAuthnCredentialsRequest.Builder avoiding the need to create one manually via ListWebAuthnCredentialsRequest.builder()

Parameters:

listWebAuthnCredentialsRequest - A Consumer that will call methods on ListWebAuthnCredentialsRequest.Builder to create a request.

Returns:

Result of the ListWebAuthnCredentials operation returned by the service.

See Also:

• AWS API Documentation

resendConfirmationCode

default ResendConfirmationCodeResponse resendConfirmationCode(ResendConfirmationCodeRequest resendConfirmationCodeRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
UserNotFoundException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Resends the code that confirms a new account for a user who has signed up in your user pool. Amazon Cognito sends confirmation codes to the user attribute in the AutoVerifiedAttributes property of your user pool. When you prompt new users for the confirmation code, include a "Resend code" option that generates a call to this API operation.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Parameters:

resendConfirmationCodeRequest - Represents the request to resend the confirmation code.

Returns:

Result of the ResendConfirmationCode operation returned by the service.

See Also:

• AWS API Documentation

resendConfirmationCode

default ResendConfirmationCodeResponse resendConfirmationCode(Consumer<ResendConfirmationCodeRequest.Builder> resendConfirmationCodeRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
InvalidLambdaResponseException,
TooManyRequestsException,
LimitExceededException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
UserNotFoundException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Resends the code that confirms a new account for a user who has signed up in your user pool. Amazon Cognito sends confirmation codes to the user attribute in the AutoVerifiedAttributes property of your user pool. When you prompt new users for the confirmation code, include a "Resend code" option that generates a call to this API operation.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This is a convenience which creates an instance of the ResendConfirmationCodeRequest.Builder avoiding the need to create one manually via ResendConfirmationCodeRequest.builder()

Parameters:

resendConfirmationCodeRequest - A Consumer that will call methods on ResendConfirmationCodeRequest.Builder to create a request. Represents the request to resend the confirmation code.

Returns:

Result of the ResendConfirmationCode operation returned by the service.

See Also:

• AWS API Documentation

respondToAuthChallenge

default RespondToAuthChallengeResponse respondToAuthChallenge(RespondToAuthChallengeRequest respondToAuthChallengeRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
CodeMismatchException,
ExpiredCodeException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
InvalidLambdaResponseException,
TooManyRequestsException,
InvalidUserPoolConfigurationException,
MfaMethodNotFoundException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
AliasExistsException,
InternalErrorException,
SoftwareTokenMfaNotFoundException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. A RespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.

For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Parameters:

respondToAuthChallengeRequest - The request to respond to an authentication challenge.

Returns:

Result of the RespondToAuthChallenge operation returned by the service.

See Also:

• AWS API Documentation

respondToAuthChallenge

default RespondToAuthChallengeResponse respondToAuthChallenge(Consumer<RespondToAuthChallengeRequest.Builder> respondToAuthChallengeRequest)
                                                       throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
CodeMismatchException,
ExpiredCodeException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidPasswordException,
PasswordHistoryPolicyViolationException,
InvalidLambdaResponseException,
TooManyRequestsException,
InvalidUserPoolConfigurationException,
MfaMethodNotFoundException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
AliasExistsException,
InternalErrorException,
SoftwareTokenMfaNotFoundException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. A RespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.

For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This is a convenience which creates an instance of the RespondToAuthChallengeRequest.Builder avoiding the need to create one manually via RespondToAuthChallengeRequest.builder()

Parameters:

respondToAuthChallengeRequest - A Consumer that will call methods on RespondToAuthChallengeRequest.Builder to create a request. The request to respond to an authentication challenge.

Returns:

Result of the RespondToAuthChallenge operation returned by the service.

See Also:

• AWS API Documentation

revokeToken

default RevokeTokenResponse revokeToken(RevokeTokenRequest revokeTokenRequest)
                                 throws TooManyRequestsException,
InternalErrorException,
UnauthorizedException,
InvalidParameterException,
UnsupportedOperationException,
UnsupportedTokenTypeException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

revokeTokenRequest -

Returns:

Result of the RevokeToken operation returned by the service.

See Also:

• AWS API Documentation

revokeToken

default RevokeTokenResponse revokeToken(Consumer<RevokeTokenRequest.Builder> revokeTokenRequest)
                                 throws TooManyRequestsException,
InternalErrorException,
UnauthorizedException,
InvalidParameterException,
UnsupportedOperationException,
UnsupportedTokenTypeException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the RevokeTokenRequest.Builder avoiding the need to create one manually via RevokeTokenRequest.builder()

Parameters:

revokeTokenRequest - A Consumer that will call methods on RevokeTokenRequest.Builder to create a request.

Returns:

Result of the RevokeToken operation returned by the service.

See Also:

• AWS API Documentation

setLogDeliveryConfiguration

default SetLogDeliveryConfigurationResponse setLogDeliveryConfiguration(SetLogDeliveryConfigurationRequest setLogDeliveryConfigurationRequest)
                                                                 throws InvalidParameterException,
InternalErrorException,
TooManyRequestsException,
NotAuthorizedException,
ResourceNotFoundException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs.

Parameters:

setLogDeliveryConfigurationRequest -

Returns:

Result of the SetLogDeliveryConfiguration operation returned by the service.

See Also:

• AWS API Documentation

setLogDeliveryConfiguration

default SetLogDeliveryConfigurationResponse setLogDeliveryConfiguration(Consumer<SetLogDeliveryConfigurationRequest.Builder> setLogDeliveryConfigurationRequest)
                                                                 throws InvalidParameterException,
InternalErrorException,
TooManyRequestsException,
NotAuthorizedException,
ResourceNotFoundException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs.

This is a convenience which creates an instance of the SetLogDeliveryConfigurationRequest.Builder avoiding the need to create one manually via SetLogDeliveryConfigurationRequest.builder()

Parameters:

setLogDeliveryConfigurationRequest - A Consumer that will call methods on SetLogDeliveryConfigurationRequest.Builder to create a request.

Returns:

Result of the SetLogDeliveryConfiguration operation returned by the service.

See Also:

• AWS API Documentation

setRiskConfiguration

default SetRiskConfigurationResponse setRiskConfiguration(SetRiskConfigurationRequest setRiskConfigurationRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserPoolAddOnNotEnabledException,
CodeDeliveryFailureException,
InvalidEmailRoleAccessPolicyException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Configures threat protection for a user pool or app client. Sets configuration for the following.

• Responses to risks with adaptive authentication

• Responses to vulnerable passwords with compromised-credentials detection

• Notifications to users who have had risky activity detected

• IP-address denylist and allowlist

To set the risk configuration for the user pool to defaults, send this request with only the UserPoolId parameter. To reset the threat protection settings of an app client to be inherited from the user pool, send UserPoolId and ClientId parameters only. To change threat protection to audit-only or off, update the value of UserPoolAddOns in an UpdateUserPool request. To activate this setting, your user pool must be on the Plus tier.

Parameters:

setRiskConfigurationRequest -

Returns:

Result of the SetRiskConfiguration operation returned by the service.

See Also:

• AWS API Documentation

setRiskConfiguration

default SetRiskConfigurationResponse setRiskConfiguration(Consumer<SetRiskConfigurationRequest.Builder> setRiskConfigurationRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
UserPoolAddOnNotEnabledException,
CodeDeliveryFailureException,
InvalidEmailRoleAccessPolicyException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Configures threat protection for a user pool or app client. Sets configuration for the following.

• Responses to risks with adaptive authentication

• Responses to vulnerable passwords with compromised-credentials detection

• Notifications to users who have had risky activity detected

• IP-address denylist and allowlist

To set the risk configuration for the user pool to defaults, send this request with only the UserPoolId parameter. To reset the threat protection settings of an app client to be inherited from the user pool, send UserPoolId and ClientId parameters only. To change threat protection to audit-only or off, update the value of UserPoolAddOns in an UpdateUserPool request. To activate this setting, your user pool must be on the Plus tier.

This is a convenience which creates an instance of the SetRiskConfigurationRequest.Builder avoiding the need to create one manually via SetRiskConfigurationRequest.builder()

Parameters:

setRiskConfigurationRequest - A Consumer that will call methods on SetRiskConfigurationRequest.Builder to create a request.

Returns:

Result of the SetRiskConfiguration operation returned by the service.

See Also:

• AWS API Documentation

setUICustomization

default SetUiCustomizationResponse setUICustomization(SetUiCustomizationRequest setUiCustomizationRequest)
                                               throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Configures UI branding settings for domains with the hosted UI (classic) branding version. Your user pool must have a domain. Configure a domain with .

Set the default configuration for all clients with a ClientId of ALL. When the ClientId value is an app client ID, the settings you pass in this request apply to that app client and override the default ALL configuration.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

setUiCustomizationRequest -

Returns:

Result of the SetUICustomization operation returned by the service.

See Also:

• AWS API Documentation

setUICustomization

default SetUiCustomizationResponse setUICustomization(Consumer<SetUiCustomizationRequest.Builder> setUiCustomizationRequest)
                                               throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Configures UI branding settings for domains with the hosted UI (classic) branding version. Your user pool must have a domain. Configure a domain with .

Set the default configuration for all clients with a ClientId of ALL. When the ClientId value is an app client ID, the settings you pass in this request apply to that app client and override the default ALL configuration.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the SetUiCustomizationRequest.Builder avoiding the need to create one manually via SetUiCustomizationRequest.builder()

Parameters:

setUiCustomizationRequest - A Consumer that will call methods on SetUiCustomizationRequest.Builder to create a request.

Returns:

Result of the SetUICustomization operation returned by the service.

See Also:

• AWS API Documentation

setUserMFAPreference

default SetUserMfaPreferenceResponse setUserMFAPreference(SetUserMfaPreferenceRequest setUserMfaPreferenceRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

setUserMfaPreferenceRequest -

Returns:

Result of the SetUserMFAPreference operation returned by the service.

See Also:

• AWS API Documentation

setUserMFAPreference

default SetUserMfaPreferenceResponse setUserMFAPreference(Consumer<SetUserMfaPreferenceRequest.Builder> setUserMfaPreferenceRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the SetUserMfaPreferenceRequest.Builder avoiding the need to create one manually via SetUserMfaPreferenceRequest.builder()

Parameters:

setUserMfaPreferenceRequest - A Consumer that will call methods on SetUserMfaPreferenceRequest.Builder to create a request.

Returns:

Result of the SetUserMFAPreference operation returned by the service.

See Also:

• AWS API Documentation

setUserPoolMfaConfig

default SetUserPoolMfaConfigResponse setUserPoolMfaConfig(SetUserPoolMfaConfigRequest setUserPoolMfaConfigRequest)
                                                   throws InvalidParameterException,
TooManyRequestsException,
ConcurrentModificationException,
ResourceNotFoundException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
NotAuthorizedException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sets user pool multi-factor authentication (MFA) and passkey configuration. For more information about user pool MFA, see Adding MFA. For more information about WebAuthn passkeys see Authentication flows.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Parameters:

setUserPoolMfaConfigRequest -

Returns:

Result of the SetUserPoolMfaConfig operation returned by the service.

See Also:

• AWS API Documentation

setUserPoolMfaConfig

default SetUserPoolMfaConfigResponse setUserPoolMfaConfig(Consumer<SetUserPoolMfaConfigRequest.Builder> setUserPoolMfaConfigRequest)
                                                   throws InvalidParameterException,
TooManyRequestsException,
ConcurrentModificationException,
ResourceNotFoundException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
NotAuthorizedException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Sets user pool multi-factor authentication (MFA) and passkey configuration. For more information about user pool MFA, see Adding MFA. For more information about WebAuthn passkeys see Authentication flows.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This is a convenience which creates an instance of the SetUserPoolMfaConfigRequest.Builder avoiding the need to create one manually via SetUserPoolMfaConfigRequest.builder()

Parameters:

setUserPoolMfaConfigRequest - A Consumer that will call methods on SetUserPoolMfaConfigRequest.Builder to create a request.

Returns:

Result of the SetUserPoolMfaConfig operation returned by the service.

See Also:

• AWS API Documentation

setUserSettings

default SetUserSettingsResponse setUserSettings(SetUserSettingsRequest setUserSettingsRequest)
                                         throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token or email MFA.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

setUserSettingsRequest - Represents the request to set user settings.

Returns:

Result of the SetUserSettings operation returned by the service.

See Also:

• AWS API Documentation

setUserSettings

default SetUserSettingsResponse setUserSettings(Consumer<SetUserSettingsRequest.Builder> setUserSettingsRequest)
                                         throws ResourceNotFoundException,
InvalidParameterException,
NotAuthorizedException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token or email MFA.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the SetUserSettingsRequest.Builder avoiding the need to create one manually via SetUserSettingsRequest.builder()

Parameters:

setUserSettingsRequest - A Consumer that will call methods on SetUserSettingsRequest.Builder to create a request. Represents the request to set user settings.

Returns:

Result of the SetUserSettings operation returned by the service.

See Also:

• AWS API Documentation

signUp

default SignUpResponse signUp(SignUpRequest signUpRequest)
                       throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
InvalidPasswordException,
InvalidLambdaResponseException,
UsernameExistsException,
TooManyRequestsException,
InternalErrorException,
LimitExceededException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Registers a user with an app client and requests a user name, password, and user attributes in the user pool.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

You might receive a LimitExceeded exception in response to this request if you have exceeded a rate quota for email or SMS messages, and if your user pool automatically verifies email addresses or phone numbers. When you get this exception in the response, the user is successfully created and is in an UNCONFIRMED state.

Parameters:

signUpRequest - Represents the request to register a user.

Returns:

Result of the SignUp operation returned by the service.

See Also:

• AWS API Documentation

signUp

default SignUpResponse signUp(Consumer<SignUpRequest.Builder> signUpRequest)
                       throws ResourceNotFoundException,
InvalidParameterException,
UnexpectedLambdaException,
UserLambdaValidationException,
NotAuthorizedException,
InvalidPasswordException,
InvalidLambdaResponseException,
UsernameExistsException,
TooManyRequestsException,
InternalErrorException,
LimitExceededException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Registers a user with an app client and requests a user name, password, and user attributes in the user pool.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

You might receive a LimitExceeded exception in response to this request if you have exceeded a rate quota for email or SMS messages, and if your user pool automatically verifies email addresses or phone numbers. When you get this exception in the response, the user is successfully created and is in an UNCONFIRMED state.

This is a convenience which creates an instance of the SignUpRequest.Builder avoiding the need to create one manually via SignUpRequest.builder()

Parameters:

signUpRequest - A Consumer that will call methods on SignUpRequest.Builder to create a request. Represents the request to register a user.

Returns:

Result of the SignUp operation returned by the service.

See Also:

• AWS API Documentation

startUserImportJob

default StartUserImportJobResponse startUserImportJob(StartUserImportJobRequest startUserImportJobRequest)
                                               throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
InternalErrorException,
PreconditionNotMetException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file.

Parameters:

startUserImportJobRequest - Represents the request to start the user import job.

Returns:

Result of the StartUserImportJob operation returned by the service.

See Also:

• AWS API Documentation

startUserImportJob

default StartUserImportJobResponse startUserImportJob(Consumer<StartUserImportJobRequest.Builder> startUserImportJobRequest)
                                               throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
InternalErrorException,
PreconditionNotMetException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file.

This is a convenience which creates an instance of the StartUserImportJobRequest.Builder avoiding the need to create one manually via StartUserImportJobRequest.builder()

Parameters:

startUserImportJobRequest - A Consumer that will call methods on StartUserImportJobRequest.Builder to create a request. Represents the request to start the user import job.

Returns:

Result of the StartUserImportJob operation returned by the service.

See Also:

• AWS API Documentation

startWebAuthnRegistration

default StartWebAuthnRegistrationResponse startWebAuthnRegistration(StartWebAuthnRegistrationRequest startWebAuthnRegistrationRequest)
                                                             throws ForbiddenException,
InternalErrorException,
InvalidParameterException,
LimitExceededException,
NotAuthorizedException,
TooManyRequestsException,
WebAuthnNotEnabledException,
WebAuthnConfigurationMissingException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Requests credential creation options from your user pool for the currently signed-in user. Returns information about the user pool, the user profile, and authentication requirements. Users must provide this information in their request to enroll your application with their passkey provider.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Parameters:

startWebAuthnRegistrationRequest -

Returns:

Result of the StartWebAuthnRegistration operation returned by the service.

See Also:

• AWS API Documentation

startWebAuthnRegistration

default StartWebAuthnRegistrationResponse startWebAuthnRegistration(Consumer<StartWebAuthnRegistrationRequest.Builder> startWebAuthnRegistrationRequest)
                                                             throws ForbiddenException,
InternalErrorException,
InvalidParameterException,
LimitExceededException,
NotAuthorizedException,
TooManyRequestsException,
WebAuthnNotEnabledException,
WebAuthnConfigurationMissingException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Requests credential creation options from your user pool for the currently signed-in user. Returns information about the user pool, the user profile, and authentication requirements. Users must provide this information in their request to enroll your application with their passkey provider.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

This is a convenience which creates an instance of the StartWebAuthnRegistrationRequest.Builder avoiding the need to create one manually via StartWebAuthnRegistrationRequest.builder()

Parameters:

startWebAuthnRegistrationRequest - A Consumer that will call methods on StartWebAuthnRegistrationRequest.Builder to create a request.

Returns:

Result of the StartWebAuthnRegistration operation returned by the service.

See Also:

• AWS API Documentation

stopUserImportJob

default StopUserImportJobResponse stopUserImportJob(StopUserImportJobRequest stopUserImportJobRequest)
                                             throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
InternalErrorException,
PreconditionNotMetException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file.

Parameters:

stopUserImportJobRequest - Represents the request to stop the user import job.

Returns:

Result of the StopUserImportJob operation returned by the service.

See Also:

• AWS API Documentation

stopUserImportJob

default StopUserImportJobResponse stopUserImportJob(Consumer<StopUserImportJobRequest.Builder> stopUserImportJobRequest)
                                             throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
InternalErrorException,
PreconditionNotMetException,
NotAuthorizedException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file.

This is a convenience which creates an instance of the StopUserImportJobRequest.Builder avoiding the need to create one manually via StopUserImportJobRequest.builder()

Parameters:

stopUserImportJobRequest - A Consumer that will call methods on StopUserImportJobRequest.Builder to create a request. Represents the request to stop the user import job.

Returns:

Result of the StopUserImportJob operation returned by the service.

See Also:

• AWS API Documentation

tagResource

default TagResourceResponse tagResource(TagResourceRequest tagResourceRequest)
                                 throws ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InvalidParameterException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.

Each tag consists of a key and value, both of which you define. A key is a general category for more specific values. For example, if you have two versions of a user pool, one for testing and another for production, you might assign an Environment tag key to both user pools. The value of this key might be Test for one user pool, and Production for the other.

Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an Identity and Access Management policy, you can constrain permissions for user pools based on specific tags or tag values.

You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.

Parameters:

tagResourceRequest -

Returns:

Result of the TagResource operation returned by the service.

See Also:

• AWS API Documentation

tagResource

default TagResourceResponse tagResource(Consumer<TagResourceRequest.Builder> tagResourceRequest)
                                 throws ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InvalidParameterException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.

Each tag consists of a key and value, both of which you define. A key is a general category for more specific values. For example, if you have two versions of a user pool, one for testing and another for production, you might assign an Environment tag key to both user pools. The value of this key might be Test for one user pool, and Production for the other.

Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an Identity and Access Management policy, you can constrain permissions for user pools based on specific tags or tag values.

You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.

This is a convenience which creates an instance of the TagResourceRequest.Builder avoiding the need to create one manually via TagResourceRequest.builder()

Parameters:

tagResourceRequest - A Consumer that will call methods on TagResourceRequest.Builder to create a request.

Returns:

Result of the TagResource operation returned by the service.

See Also:

• AWS API Documentation

untagResource

default UntagResourceResponse untagResource(UntagResourceRequest untagResourceRequest)
                                     throws ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InvalidParameterException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given tag IDs that you previously assigned to a user pool, removes them.

Parameters:

untagResourceRequest -

Returns:

Result of the UntagResource operation returned by the service.

See Also:

• AWS API Documentation

untagResource

default UntagResourceResponse untagResource(Consumer<UntagResourceRequest.Builder> untagResourceRequest)
                                     throws ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InvalidParameterException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given tag IDs that you previously assigned to a user pool, removes them.

This is a convenience which creates an instance of the UntagResourceRequest.Builder avoiding the need to create one manually via UntagResourceRequest.builder()

Parameters:

untagResourceRequest - A Consumer that will call methods on UntagResourceRequest.Builder to create a request.

Returns:

Result of the UntagResource operation returned by the service.

See Also:

• AWS API Documentation

updateAuthEventFeedback

default UpdateAuthEventFeedbackResponse updateAuthEventFeedback(UpdateAuthEventFeedbackRequest updateAuthEventFeedbackRequest)
                                                         throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Provides the feedback for an authentication event generated by threat protection features. The user's response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.

This operation requires a FeedbackToken that Amazon Cognito generates and adds to notification emails when users have potentially suspicious authentication events. Users invoke this operation when they select the link that corresponds to {one-click-link-valid} or {one-click-link-invalid} in your notification template. Because FeedbackToken is a required parameter, you can't make requests to UpdateAuthEventFeedback without the contents of the notification email message.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

updateAuthEventFeedbackRequest -

Returns:

Result of the UpdateAuthEventFeedback operation returned by the service.

See Also:

• AWS API Documentation

updateAuthEventFeedback

default UpdateAuthEventFeedbackResponse updateAuthEventFeedback(Consumer<UpdateAuthEventFeedbackRequest.Builder> updateAuthEventFeedbackRequest)
                                                         throws InvalidParameterException,
ResourceNotFoundException,
TooManyRequestsException,
NotAuthorizedException,
UserNotFoundException,
UserPoolAddOnNotEnabledException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Provides the feedback for an authentication event generated by threat protection features. The user's response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.

This operation requires a FeedbackToken that Amazon Cognito generates and adds to notification emails when users have potentially suspicious authentication events. Users invoke this operation when they select the link that corresponds to {one-click-link-valid} or {one-click-link-invalid} in your notification template. Because FeedbackToken is a required parameter, you can't make requests to UpdateAuthEventFeedback without the contents of the notification email message.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the UpdateAuthEventFeedbackRequest.Builder avoiding the need to create one manually via UpdateAuthEventFeedbackRequest.builder()

Parameters:

updateAuthEventFeedbackRequest - A Consumer that will call methods on UpdateAuthEventFeedbackRequest.Builder to create a request.

Returns:

Result of the UpdateAuthEventFeedback operation returned by the service.

See Also:

• AWS API Documentation

updateDeviceStatus

default UpdateDeviceStatusResponse updateDeviceStatus(UpdateDeviceStatusRequest updateDeviceStatusRequest)
                                               throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

updateDeviceStatusRequest - Represents the request to update the device status.

Returns:

Result of the UpdateDeviceStatus operation returned by the service.

See Also:

• AWS API Documentation

updateDeviceStatus

default UpdateDeviceStatusResponse updateDeviceStatus(Consumer<UpdateDeviceStatusRequest.Builder> updateDeviceStatusRequest)
                                               throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
InvalidUserPoolConfigurationException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the UpdateDeviceStatusRequest.Builder avoiding the need to create one manually via UpdateDeviceStatusRequest.builder()

Parameters:

updateDeviceStatusRequest - A Consumer that will call methods on UpdateDeviceStatusRequest.Builder to create a request. Represents the request to update the device status.

Returns:

Result of the UpdateDeviceStatus operation returned by the service.

See Also:

• AWS API Documentation

updateGroup

default UpdateGroupResponse updateGroup(UpdateGroupRequest updateGroupRequest)
                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the name of a user pool group, updates any of the properties for precedence, IAM role, or description. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

updateGroupRequest -

Returns:

Result of the UpdateGroup operation returned by the service.

See Also:

• AWS API Documentation

updateGroup

default UpdateGroupResponse updateGroup(Consumer<UpdateGroupRequest.Builder> updateGroupRequest)
                                 throws ResourceNotFoundException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given the name of a user pool group, updates any of the properties for precedence, IAM role, or description. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the UpdateGroupRequest.Builder avoiding the need to create one manually via UpdateGroupRequest.builder()

Parameters:

updateGroupRequest - A Consumer that will call methods on UpdateGroupRequest.Builder to create a request.

Returns:

Result of the UpdateGroup operation returned by the service.

See Also:

• AWS API Documentation

updateIdentityProvider

default UpdateIdentityProviderResponse updateIdentityProvider(UpdateIdentityProviderRequest updateIdentityProviderRequest)
                                                       throws InvalidParameterException,
UnsupportedIdentityProviderException,
ResourceNotFoundException,
ConcurrentModificationException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Modifies the configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

updateIdentityProviderRequest -

Returns:

Result of the UpdateIdentityProvider operation returned by the service.

See Also:

• AWS API Documentation

updateIdentityProvider

default UpdateIdentityProviderResponse updateIdentityProvider(Consumer<UpdateIdentityProviderRequest.Builder> updateIdentityProviderRequest)
                                                       throws InvalidParameterException,
UnsupportedIdentityProviderException,
ResourceNotFoundException,
ConcurrentModificationException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Modifies the configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the UpdateIdentityProviderRequest.Builder avoiding the need to create one manually via UpdateIdentityProviderRequest.builder()

Parameters:

updateIdentityProviderRequest - A Consumer that will call methods on UpdateIdentityProviderRequest.Builder to create a request.

Returns:

Result of the UpdateIdentityProvider operation returned by the service.

See Also:

• AWS API Documentation

updateManagedLoginBranding

default UpdateManagedLoginBrandingResponse updateManagedLoginBranding(UpdateManagedLoginBrandingRequest updateManagedLoginBrandingRequest)
                                                               throws ResourceNotFoundException,
ConcurrentModificationException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Configures the branding settings for a user pool style. This operation is the programmatic option for the configuration of a style in the branding editor.

Provides values for UI customization in a Settings JSON object and image files in an Assets array.

This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

updateManagedLoginBrandingRequest -

Returns:

Result of the UpdateManagedLoginBranding operation returned by the service.

See Also:

• AWS API Documentation

updateManagedLoginBranding

default UpdateManagedLoginBrandingResponse updateManagedLoginBranding(Consumer<UpdateManagedLoginBrandingRequest.Builder> updateManagedLoginBrandingRequest)
                                                               throws ResourceNotFoundException,
ConcurrentModificationException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Configures the branding settings for a user pool style. This operation is the programmatic option for the configuration of a style in the branding editor.

Provides values for UI customization in a Settings JSON object and image files in an Assets array.

This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the UpdateManagedLoginBrandingRequest.Builder avoiding the need to create one manually via UpdateManagedLoginBrandingRequest.builder()

Parameters:

updateManagedLoginBrandingRequest - A Consumer that will call methods on UpdateManagedLoginBrandingRequest.Builder to create a request.

Returns:

Result of the UpdateManagedLoginBranding operation returned by the service.

See Also:

• AWS API Documentation

updateResourceServer

default UpdateResourceServerResponse updateResourceServer(UpdateResourceServerRequest updateResourceServerRequest)
                                                   throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the name and scopes of a resource server. All other fields are read-only. For more information about resource servers, see Access control with resource servers.

If you don't provide a value for an attribute, it is set to the default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

updateResourceServerRequest -

Returns:

Result of the UpdateResourceServer operation returned by the service.

See Also:

• AWS API Documentation

updateResourceServer

default UpdateResourceServerResponse updateResourceServer(Consumer<UpdateResourceServerRequest.Builder> updateResourceServerRequest)
                                                   throws InvalidParameterException,
ResourceNotFoundException,
NotAuthorizedException,
TooManyRequestsException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the name and scopes of a resource server. All other fields are read-only. For more information about resource servers, see Access control with resource servers.

If you don't provide a value for an attribute, it is set to the default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the UpdateResourceServerRequest.Builder avoiding the need to create one manually via UpdateResourceServerRequest.builder()

Parameters:

updateResourceServerRequest - A Consumer that will call methods on UpdateResourceServerRequest.Builder to create a request.

Returns:

Result of the UpdateResourceServer operation returned by the service.

See Also:

• AWS API Documentation

updateTerms

default UpdateTermsResponse updateTerms(UpdateTermsRequest updateTermsRequest)
                                 throws ResourceNotFoundException,
ConcurrentModificationException,
TermsExistsException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Modifies existing terms documents for the requested app client. When Terms and conditions and Privacy policy documents are configured, the app client displays links to them in the sign-up page of managed login for the app client.

You can provide URLs for terms documents in the languages that are supported by managed login localization. Amazon Cognito directs users to the terms documents for their current language, with fallback to default if no document exists for the language.

Each request accepts one type of terms document and a map of language-to-link for that document type. You must provide both types of terms documents in at least one language before Amazon Cognito displays your terms documents. Supply each type in separate requests.

For more information, see Terms documents.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

updateTermsRequest -

Returns:

Result of the UpdateTerms operation returned by the service.

See Also:

• AWS API Documentation

updateTerms

default UpdateTermsResponse updateTerms(Consumer<UpdateTermsRequest.Builder> updateTermsRequest)
                                 throws ResourceNotFoundException,
ConcurrentModificationException,
TermsExistsException,
InvalidParameterException,
TooManyRequestsException,
NotAuthorizedException,
InternalErrorException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Modifies existing terms documents for the requested app client. When Terms and conditions and Privacy policy documents are configured, the app client displays links to them in the sign-up page of managed login for the app client.

You can provide URLs for terms documents in the languages that are supported by managed login localization. Amazon Cognito directs users to the terms documents for their current language, with fallback to default if no document exists for the language.

Each request accepts one type of terms document and a map of language-to-link for that document type. You must provide both types of terms documents in at least one language before Amazon Cognito displays your terms documents. Supply each type in separate requests.

For more information, see Terms documents.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the UpdateTermsRequest.Builder avoiding the need to create one manually via UpdateTermsRequest.builder()

Parameters:

updateTermsRequest - A Consumer that will call methods on UpdateTermsRequest.Builder to create a request.

Returns:

Result of the UpdateTerms operation returned by the service.

See Also:

• AWS API Documentation

updateUserAttributes

default UpdateUserAttributesResponse updateUserAttributes(UpdateUserAttributesRequest updateUserAttributesRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
CodeMismatchException,
ExpiredCodeException,
NotAuthorizedException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
TooManyRequestsException,
AliasExistsException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the currently signed-in user's attributes. To delete an attribute from the user, submit the attribute in your API request with a blank value.

For custom attributes, you must add a custom: prefix to the attribute name, for example custom:department.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Parameters:

updateUserAttributesRequest - Represents the request to update user attributes.

Returns:

Result of the UpdateUserAttributes operation returned by the service.

See Also:

• AWS API Documentation

updateUserAttributes

default UpdateUserAttributesResponse updateUserAttributes(Consumer<UpdateUserAttributesRequest.Builder> updateUserAttributesRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
CodeMismatchException,
ExpiredCodeException,
NotAuthorizedException,
UnexpectedLambdaException,
UserLambdaValidationException,
InvalidLambdaResponseException,
TooManyRequestsException,
AliasExistsException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
InvalidEmailRoleAccessPolicyException,
CodeDeliveryFailureException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the currently signed-in user's attributes. To delete an attribute from the user, submit the attribute in your API request with a blank value.

For custom attributes, you must add a custom: prefix to the attribute name, for example custom:department.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This is a convenience which creates an instance of the UpdateUserAttributesRequest.Builder avoiding the need to create one manually via UpdateUserAttributesRequest.builder()

Parameters:

updateUserAttributesRequest - A Consumer that will call methods on UpdateUserAttributesRequest.Builder to create a request. Represents the request to update user attributes.

Returns:

Result of the UpdateUserAttributes operation returned by the service.

See Also:

• AWS API Documentation

updateUserPool

default UpdateUserPoolResponse updateUserPool(UpdateUserPoolRequest updateUserPoolRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
ConcurrentModificationException,
TooManyRequestsException,
NotAuthorizedException,
UserImportInProgressException,
InternalErrorException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
UserPoolTaggingException,
InvalidEmailRoleAccessPolicyException,
TierChangeNotAllowedException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the configuration of a user pool. To avoid setting parameters to Amazon Cognito defaults, construct this API request to pass the existing configuration of your user pool, modified to include the changes that you want to make.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

updateUserPoolRequest - Represents the request to update the user pool.

Returns:

Result of the UpdateUserPool operation returned by the service.

See Also:

• AWS API Documentation

updateUserPool

default UpdateUserPoolResponse updateUserPool(Consumer<UpdateUserPoolRequest.Builder> updateUserPoolRequest)
                                       throws ResourceNotFoundException,
InvalidParameterException,
ConcurrentModificationException,
TooManyRequestsException,
NotAuthorizedException,
UserImportInProgressException,
InternalErrorException,
InvalidSmsRoleAccessPolicyException,
InvalidSmsRoleTrustRelationshipException,
UserPoolTaggingException,
InvalidEmailRoleAccessPolicyException,
TierChangeNotAllowedException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Updates the configuration of a user pool. To avoid setting parameters to Amazon Cognito defaults, construct this API request to pass the existing configuration of your user pool, modified to include the changes that you want to make.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the UpdateUserPoolRequest.Builder avoiding the need to create one manually via UpdateUserPoolRequest.builder()

Parameters:

updateUserPoolRequest - A Consumer that will call methods on UpdateUserPoolRequest.Builder to create a request. Represents the request to update the user pool.

Returns:

Result of the UpdateUserPool operation returned by the service.

See Also:

• AWS API Documentation

updateUserPoolClient

default UpdateUserPoolClientResponse updateUserPoolClient(UpdateUserPoolClientRequest updateUserPoolClientRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
ConcurrentModificationException,
TooManyRequestsException,
NotAuthorizedException,
ScopeDoesNotExistException,
InvalidOAuthFlowException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool app client ID, updates the configuration. To avoid setting parameters to Amazon Cognito defaults, construct this API request to pass the existing configuration of your app client, modified to include the changes that you want to make.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

updateUserPoolClientRequest - Represents the request to update the user pool client.

Returns:

Result of the UpdateUserPoolClient operation returned by the service.

See Also:

• AWS API Documentation

updateUserPoolClient

default UpdateUserPoolClientResponse updateUserPoolClient(Consumer<UpdateUserPoolClientRequest.Builder> updateUserPoolClientRequest)
                                                   throws ResourceNotFoundException,
InvalidParameterException,
ConcurrentModificationException,
TooManyRequestsException,
NotAuthorizedException,
ScopeDoesNotExistException,
InvalidOAuthFlowException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Given a user pool app client ID, updates the configuration. To avoid setting parameters to Amazon Cognito defaults, construct this API request to pass the existing configuration of your app client, modified to include the changes that you want to make.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the UpdateUserPoolClientRequest.Builder avoiding the need to create one manually via UpdateUserPoolClientRequest.builder()

Parameters:

updateUserPoolClientRequest - A Consumer that will call methods on UpdateUserPoolClientRequest.Builder to create a request. Represents the request to update the user pool client.

Returns:

Result of the UpdateUserPoolClient operation returned by the service.

See Also:

• AWS API Documentation

updateUserPoolDomain

default UpdateUserPoolDomainResponse updateUserPoolDomain(UpdateUserPoolDomainRequest updateUserPoolDomainRequest)
                                                   throws InvalidParameterException,
NotAuthorizedException,
ConcurrentModificationException,
ResourceNotFoundException,
TooManyRequestsException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation updates the branding version for user pool domains between 1 for hosted UI (classic) and 2 for managed login. It also updates the SSL certificate for user pool custom domains.

Changes to the domain branding version take up to one minute to take effect for a prefix domain and up to five minutes for a custom domain.

This operation doesn't change the name of your user pool domain. To change your domain, delete it with DeleteUserPoolDomain and create a new domain with CreateUserPoolDomain.

You can pass the ARN of a new Certificate Manager certificate in this request. Typically, ACM certificates automatically renew and you user pool can continue to use the same ARN. But if you generate a new certificate for your custom domain name, replace the original configuration with the new ARN in this request.

ACM certificates for custom domains must be in the US East (N. Virginia) Amazon Web Services Region. After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

Parameters:

updateUserPoolDomainRequest - The UpdateUserPoolDomain request input.

Returns:

Result of the UpdateUserPoolDomain operation returned by the service.

See Also:

• AWS API Documentation

updateUserPoolDomain

default UpdateUserPoolDomainResponse updateUserPoolDomain(Consumer<UpdateUserPoolDomainRequest.Builder> updateUserPoolDomainRequest)
                                                   throws InvalidParameterException,
NotAuthorizedException,
ConcurrentModificationException,
ResourceNotFoundException,
TooManyRequestsException,
InternalErrorException,
FeatureUnavailableInTierException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation updates the branding version for user pool domains between 1 for hosted UI (classic) and 2 for managed login. It also updates the SSL certificate for user pool custom domains.

Changes to the domain branding version take up to one minute to take effect for a prefix domain and up to five minutes for a custom domain.

This operation doesn't change the name of your user pool domain. To change your domain, delete it with DeleteUserPoolDomain and create a new domain with CreateUserPoolDomain.

You can pass the ARN of a new Certificate Manager certificate in this request. Typically, ACM certificates automatically renew and you user pool can continue to use the same ARN. But if you generate a new certificate for your custom domain name, replace the original configuration with the new ARN in this request.

ACM certificates for custom domains must be in the US East (N. Virginia) Amazon Web Services Region. After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

This is a convenience which creates an instance of the UpdateUserPoolDomainRequest.Builder avoiding the need to create one manually via UpdateUserPoolDomainRequest.builder()

Parameters:

updateUserPoolDomainRequest - A Consumer that will call methods on UpdateUserPoolDomainRequest.Builder to create a request. The UpdateUserPoolDomain request input.

Returns:

Result of the UpdateUserPoolDomain operation returned by the service.

See Also:

• AWS API Documentation

verifySoftwareToken

default VerifySoftwareTokenResponse verifySoftwareToken(VerifySoftwareTokenRequest verifySoftwareTokenRequest)
                                                 throws InvalidParameterException,
ResourceNotFoundException,
InvalidUserPoolConfigurationException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
EnableSoftwareTokenMfaException,
SoftwareTokenMfaNotFoundException,
CodeMismatchException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool. Marks the user's software token MFA status as "verified" if successful. The request takes an access token or a session string, but not both.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

verifySoftwareTokenRequest -

Returns:

Result of the VerifySoftwareToken operation returned by the service.

See Also:

• AWS API Documentation

verifySoftwareToken

default VerifySoftwareTokenResponse verifySoftwareToken(Consumer<VerifySoftwareTokenRequest.Builder> verifySoftwareTokenRequest)
                                                 throws InvalidParameterException,
ResourceNotFoundException,
InvalidUserPoolConfigurationException,
NotAuthorizedException,
TooManyRequestsException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
EnableSoftwareTokenMfaException,
SoftwareTokenMfaNotFoundException,
CodeMismatchException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool. Marks the user's software token MFA status as "verified" if successful. The request takes an access token or a session string, but not both.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the VerifySoftwareTokenRequest.Builder avoiding the need to create one manually via VerifySoftwareTokenRequest.builder()

Parameters:

verifySoftwareTokenRequest - A Consumer that will call methods on VerifySoftwareTokenRequest.Builder to create a request.

Returns:

Result of the VerifySoftwareToken operation returned by the service.

See Also:

• AWS API Documentation

verifyUserAttribute

default VerifyUserAttributeResponse verifyUserAttribute(VerifyUserAttributeRequest verifyUserAttributeRequest)
                                                 throws ResourceNotFoundException,
InvalidParameterException,
CodeMismatchException,
ExpiredCodeException,
NotAuthorizedException,
TooManyRequestsException,
LimitExceededException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
AliasExistsException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Submits a verification code for a signed-in user who has added or changed a value of an auto-verified attribute. When successful, the user's attribute becomes verified and the attribute email_verified or phone_number_verified becomes true.

If your user pool requires verification before Amazon Cognito updates the attribute value, this operation updates the affected attribute to its pending value.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Parameters:

verifyUserAttributeRequest - Represents the request to verify user attributes.

Returns:

Result of the VerifyUserAttribute operation returned by the service.

See Also:

• AWS API Documentation

verifyUserAttribute

default VerifyUserAttributeResponse verifyUserAttribute(Consumer<VerifyUserAttributeRequest.Builder> verifyUserAttributeRequest)
                                                 throws ResourceNotFoundException,
InvalidParameterException,
CodeMismatchException,
ExpiredCodeException,
NotAuthorizedException,
TooManyRequestsException,
LimitExceededException,
PasswordResetRequiredException,
UserNotFoundException,
UserNotConfirmedException,
InternalErrorException,
AliasExistsException,
ForbiddenException,
AwsServiceException,
SdkClientException,
CognitoIdentityProviderException

Submits a verification code for a signed-in user who has added or changed a value of an auto-verified attribute. When successful, the user's attribute becomes verified and the attribute email_verified or phone_number_verified becomes true.

If your user pool requires verification before Amazon Cognito updates the attribute value, this operation updates the affected attribute to its pending value.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This is a convenience which creates an instance of the VerifyUserAttributeRequest.Builder avoiding the need to create one manually via VerifyUserAttributeRequest.builder()

Parameters:

verifyUserAttributeRequest - A Consumer that will call methods on VerifyUserAttributeRequest.Builder to create a request. Represents the request to verify user attributes.

Returns:

Result of the VerifyUserAttribute operation returned by the service.

See Also:

• AWS API Documentation

create

static CognitoIdentityProviderClient create()

Create a CognitoIdentityProviderClient with the region loaded from the DefaultAwsRegionProviderChain and credentials loaded from the DefaultCredentialsProvider.

builder

static CognitoIdentityProviderClientBuilder builder()

Create a builder that can be used to configure and create a CognitoIdentityProviderClient.

serviceMetadata

static ServiceMetadata serviceMetadata()

serviceClientConfiguration

default CognitoIdentityProviderServiceClientConfiguration serviceClientConfiguration()

Description copied from interface: SdkClient

The SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfiguration

Specified by:

serviceClientConfiguration in interface AwsClient

Specified by:

serviceClientConfiguration in interface SdkClient

Returns:

SdkServiceClientConfiguration