From 540280ff25b1a7b51c39e66c1bd57627c378e4b1 Mon Sep 17 00:00:00 2001 From: AsyncAws Bot Date: Thu, 12 Dec 2024 06:32:21 +0000 Subject: [PATCH] update generated code --- manifest.json | 2 +- .../CognitoIdentityProvider/CHANGELOG.md | 4 + .../src/CognitoIdentityProviderClient.php | 169 +++++++++++------- .../src/Input/AdminAddUserToGroupRequest.php | 2 +- .../src/Input/AdminConfirmSignUpRequest.php | 12 +- .../src/Input/AdminCreateUserRequest.php | 29 +-- .../src/Input/AdminDeleteUserRequest.php | 2 +- .../src/Input/AdminDisableUserRequest.php | 2 +- .../src/Input/AdminEnableUserRequest.php | 2 +- .../src/Input/AdminGetUserRequest.php | 2 +- .../src/Input/AdminInitiateAuthRequest.php | 31 ++-- .../Input/AdminRemoveUserFromGroupRequest.php | 4 +- .../Input/AdminResetUserPasswordRequest.php | 24 +-- .../src/Input/AdminSetUserPasswordRequest.php | 9 +- .../AdminUpdateUserAttributesRequest.php | 12 +- .../Input/AdminUserGlobalSignOutRequest.php | 2 +- .../Input/AssociateSoftwareTokenRequest.php | 8 +- .../src/Input/ChangePasswordRequest.php | 2 +- .../Input/ConfirmForgotPasswordRequest.php | 25 ++- .../src/Input/ConfirmSignUpRequest.php | 38 ++-- .../src/Input/CreateGroupRequest.php | 11 +- .../src/Input/ForgotPasswordRequest.php | 18 +- .../src/Input/InitiateAuthRequest.php | 22 ++- .../src/Input/ListGroupsRequest.php | 2 +- .../src/Input/ListUsersRequest.php | 2 +- .../Input/ResendConfirmationCodeRequest.php | 18 +- .../Input/RespondToAuthChallengeRequest.php | 14 +- .../src/Input/SignUpRequest.php | 18 +- .../src/Result/AdminCreateUserResponse.php | 2 +- .../src/Result/AdminGetUserResponse.php | 22 ++- .../src/Result/AdminInitiateAuthResponse.php | 14 +- .../Result/AssociateSoftwareTokenResponse.php | 8 +- .../src/Result/ConfirmSignUpResponse.php | 6 +- .../src/Result/CreateGroupResponse.php | 2 +- src/Service/Ses/CHANGELOG.md | 5 + src/Service/Ses/composer.json | 2 +- .../Ses/src/Input/SendEmailRequest.php | 25 +++ src/Service/Ses/src/SesClient.php | 1 + 38 files changed, 359 insertions(+), 214 deletions(-) diff --git a/manifest.json b/manifest.json index 7a0da7c34..17c433ede 100644 --- a/manifest.json +++ b/manifest.json @@ -1,6 +1,6 @@ { "variables": { - "${LATEST}": "3.334.2" + "${LATEST}": "3.334.4" }, "endpoints": "https://raw.githubusercontent.com/aws/aws-sdk-php/${LATEST}/src/data/endpoints.json", "services": { diff --git a/src/Service/CognitoIdentityProvider/CHANGELOG.md b/src/Service/CognitoIdentityProvider/CHANGELOG.md index 977ad3f93..a9af33a53 100644 --- a/src/Service/CognitoIdentityProvider/CHANGELOG.md +++ b/src/Service/CognitoIdentityProvider/CHANGELOG.md @@ -2,6 +2,10 @@ ## NOT RELEASED +### Changed + +- AWS enhancement: Documentation updates. + ## 1.10.0 ### Added diff --git a/src/Service/CognitoIdentityProvider/src/CognitoIdentityProviderClient.php b/src/Service/CognitoIdentityProvider/src/CognitoIdentityProviderClient.php index afde3ac8d..25800d400 100644 --- a/src/Service/CognitoIdentityProvider/src/CognitoIdentityProviderClient.php +++ b/src/Service/CognitoIdentityProvider/src/CognitoIdentityProviderClient.php @@ -162,8 +162,8 @@ public function adminAddUserToGroup($input): Result } /** - * This IAM-authenticated API operation confirms user sign-up as an administrator. Unlike ConfirmSignUp [^1], your IAM - * credentials authorize user account confirmation. No confirmation code is required. + * Confirms user sign-up as an administrator. Unlike ConfirmSignUp [^1], your IAM credentials authorize user account + * confirmation. No confirmation code is required. * * This request sets a user account active in a user pool that requires confirmation of new user accounts [^2] before * they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm @@ -179,6 +179,9 @@ public function adminAddUserToGroup($input): Result * > - Using the Amazon Cognito user pools API and user pool endpoints [^4] * > * + * To configure your user pool to require administrative confirmation of users, set `AllowAdminCreateUserOnly` to `true` + * in a `CreateUserPool` or `UpdateUserPool` request. + * * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html * [^2]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#signing-up-users-in-your-app-and-confirming-them-as-admin * [^3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html @@ -330,7 +333,7 @@ public function adminCreateUser($input): AdminCreateUserResponse } /** - * Deletes a user as an administrator. Works on any user. + * Deletes a user profile in your user pool. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -377,8 +380,8 @@ public function adminDeleteUser($input): Result } /** - * Deactivates a user and revokes all access tokens for the user. A deactivated user can't sign in, but still appears in - * the responses to `GetUser` and `ListUsers` API requests. + * Deactivates a user profile and revokes all access tokens for the user. A deactivated user can't sign in, but still + * appears in the responses to `ListUsers` API requests. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -425,7 +428,7 @@ public function adminDisableUser($input): AdminDisableUserResponse } /** - * Enables the specified user as an administrator. Works on any user. + * Activate sign-in for a user profile that previously had sign-in access disabled. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -472,8 +475,8 @@ public function adminEnableUser($input): AdminEnableUserResponse } /** - * Gets the specified user by user name in a user pool as an administrator. Works on any user. This operation - * contributes to your monthly active user (MAU) count for the purpose of billing. + * Given the username, returns details about a user profile in a user pool. This operation contributes to your monthly + * active user (MAU) count for the purpose of billing. You can specify alias attributes in the `Username` parameter. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -520,19 +523,22 @@ public function adminGetUser($input): AdminGetUserResponse } /** - * Initiates the authentication flow, as an administrator. + * Starts sign-in for applications with a server-side component, for example a traditional web application. This + * operation specifies the authentication flow that you'd like to begin. The authentication flow that you specify must + * be supported in your app client configuration. For more information about authentication flows, see Authentication + * flows [^1]. * * > This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register * > an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in - * > Amazon Cognito, you must register a phone number with Amazon Pinpoint [^1]. Amazon Cognito uses the registered + * > Amazon Cognito, you must register a phone number with Amazon Pinpoint [^2]. Amazon Cognito uses the registered * > number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * > activate their accounts, or sign in. * > * > If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon - * > Simple Notification Service might place your account in the SMS sandbox. In *sandbox mode [^2]*, you can send + * > Simple Notification Service might place your account in the SMS sandbox. In *sandbox mode [^3]*, you can send * > messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out * > of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools - * > [^3] in the *Amazon Cognito Developer Guide*. + * > [^4] in the *Amazon Cognito Developer Guide*. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -540,15 +546,16 @@ public function adminGetUser($input): AdminGetUserResponse * > * > **Learn more** * > - * > - Signing Amazon Web Services API Requests [^4] - * > - Using the Amazon Cognito user pools API and user pool endpoints [^5] + * > - Signing Amazon Web Services API Requests [^5] + * > - Using the Amazon Cognito user pools API and user pool endpoints [^6] * > * - * [^1]: https://console.aws.amazon.com/pinpoint/home/ - * [^2]: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html - * [^3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html - * [^4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html - * [^5]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html + * [^2]: https://console.aws.amazon.com/pinpoint/home/ + * [^3]: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html + * [^4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html + * [^5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html + * [^6]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html * * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#admininitiateauth @@ -608,7 +615,9 @@ public function adminInitiateAuth($input): AdminInitiateAuthResponse } /** - * Removes the specified user from the specified group. + * Given a username and a group name. removes them from the group. User pool groups are identifiers that you can + * reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. + * For more information, see Adding groups to a user pool [^1]. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -616,12 +625,13 @@ public function adminInitiateAuth($input): AdminInitiateAuthResponse * > * > **Learn more** * > - * > - Signing Amazon Web Services API Requests [^1] - * > - Using the Amazon Cognito user pools API and user pool endpoints [^2] + * > - Signing Amazon Web Services API Requests [^2] + * > - Using the Amazon Cognito user pools API and user pool endpoints [^3] * > * - * [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html - * [^2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html + * [^2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html + * [^3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html * * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRemoveUserFromGroup.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#adminremoveuserfromgroup @@ -656,29 +666,30 @@ public function adminRemoveUserFromGroup($input): Result } /** - * Resets the specified user's password in a user pool as an administrator. Works on any user. + * Resets the specified user's password in a user pool. This operation doesn't change the user's password, but sends a + * password-reset code. This operation is the administrative authentication API equivalent to ForgotPassword [^1]. + * + * This operation deactivates a user's password, requiring them to change it. If a user tries to sign in after the API + * request, Amazon Cognito responds with a `PasswordResetRequiredException` error. Your app must then complete the + * forgot-password flow by prompting the user for their code and a new password, then submitting those values in a + * ConfirmForgotPassword [^2] request. In addition, if the user pool has phone verification selected and a verified + * phone number exists for the user, or if email verification is selected and a verified email exists for the user, + * calling this API will also result in sending a message to the end user with the code to change their password. * * To use this API operation, your user pool must have self-service account recovery configured. Use - * AdminSetUserPassword [^1] if you manage passwords as an administrator. + * AdminSetUserPassword [^3] if you manage passwords as an administrator. * * > This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register * > an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in - * > Amazon Cognito, you must register a phone number with Amazon Pinpoint [^2]. Amazon Cognito uses the registered + * > Amazon Cognito, you must register a phone number with Amazon Pinpoint [^4]. Amazon Cognito uses the registered * > number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, * > activate their accounts, or sign in. * > * > If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon - * > Simple Notification Service might place your account in the SMS sandbox. In *sandbox mode [^3]*, you can send + * > Simple Notification Service might place your account in the SMS sandbox. In *sandbox mode [^5]*, you can send * > messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out * > of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools - * > [^4] in the *Amazon Cognito Developer Guide*. - * - * Deactivates a user's password, requiring them to change it. If a user tries to sign in after the API is called, - * Amazon Cognito responds with a `PasswordResetRequiredException` error. Your app must then perform the actions that - * reset your user's password: the forgot-password flow. In addition, if the user pool has phone verification selected - * and a verified phone number exists for the user, or if email verification is selected and a verified email exists for - * the user, calling this API will also result in sending a message to the end user with the code to change their - * password. + * > [^6] in the *Amazon Cognito Developer Guide*. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -686,16 +697,18 @@ public function adminRemoveUserFromGroup($input): Result * > * > **Learn more** * > - * > - Signing Amazon Web Services API Requests [^5] - * > - Using the Amazon Cognito user pools API and user pool endpoints [^6] + * > - Signing Amazon Web Services API Requests [^7] + * > - Using the Amazon Cognito user pools API and user pool endpoints [^8] * > * - * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html - * [^2]: https://console.aws.amazon.com/pinpoint/home/ - * [^3]: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html - * [^4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html - * [^5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html - * [^6]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html + * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html + * [^2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html + * [^3]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html + * [^4]: https://console.aws.amazon.com/pinpoint/home/ + * [^5]: https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html + * [^6]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html + * [^7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html + * [^8]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html * * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminResetUserPassword.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#adminresetuserpassword @@ -744,14 +757,19 @@ public function adminResetUserPassword($input): AdminResetUserPasswordResponse } /** - * Sets the specified user's password in a user pool as an administrator. Works on any user. + * Sets the specified user's password in a user pool. This operation administratively sets a temporary or permanent + * password for a user. With this operation, you can bypass self-service password changes and permit immediate sign-in + * with the password that you set. To do this, set `Permanent` to `true`. + * + * You can also set a new temporary password in this request, send it to a user, and require them to choose a new + * password on their next sign-in. To do this, set `Permanent` to `false`. * - * The password can be temporary or permanent. If it is temporary, the user status enters the `FORCE_CHANGE_PASSWORD` - * state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the - * `NEW_PASSWORD_REQUIRED` challenge. If the user doesn't sign in before it expires, the user won't be able to sign in, - * and an administrator must reset their password. + * If the password is temporary, the user's `Status` becomes `FORCE_CHANGE_PASSWORD`. When the user next tries to sign + * in, the `InitiateAuth` or `AdminInitiateAuth` response includes the `NEW_PASSWORD_REQUIRED` challenge. If the user + * doesn't sign in before the temporary password expires, they can no longer sign in and you must repeat this operation + * to set a temporary or permanent password for them. * - * Once the user has set a new password, or the password is permanent, the user status is set to `Confirmed`. + * After the user sets a new password, or if you set a permanent password, their status becomes `Confirmed`. * * `AdminSetUserPassword` can set a password for the user profile that Amazon Cognito creates for third-party federated * users. When you set a password, the federated user's status changes from `EXTERNAL_PROVIDER` to `CONFIRMED`. A user @@ -825,12 +843,14 @@ public function adminSetUserPassword($input): AdminSetUserPasswordResponse * > of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools * > [^3] in the *Amazon Cognito Developer Guide*. * - * Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user. To - * delete an attribute from your user, submit the attribute in your API request with a blank value. + * Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API + * request with a blank value. * * For custom attributes, you must prepend the `custom:` prefix to the attribute name. * - * In addition to updating user attributes, this API can also be used to mark phone and email as verified. + * This operation can set a user's email address or phone number as verified and permit immediate sign-in in user pools + * that require verification of these attributes. To do this, set the `email_verified` or `phone_number_verified` + * attribute to `true`. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -908,7 +928,9 @@ public function adminUpdateUserAttributes($input): AdminUpdateUserAttributesResp * `ServerSideTokenCheck` enabled for its user pool IdP configuration in CognitoIdentityProvider [^3]. * - Amazon Cognito no longer accepts a signed-out user's refresh tokens in refresh requests. * - * Other requests might be valid until your user's token expires. + * Other requests might be valid until your user's token expires. This operation doesn't clear the managed login [^4] + * session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct + * their browser session to the logout endpoint [^5]. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -916,15 +938,17 @@ public function adminUpdateUserAttributes($input): AdminUpdateUserAttributesResp * > * > **Learn more** * > - * > - Signing Amazon Web Services API Requests [^4] - * > - Using the Amazon Cognito user pools API and user pool endpoints [^5] + * > - Signing Amazon Web Services API Requests [^6] + * > - Using the Amazon Cognito user pools API and user pool endpoints [^7] * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html * [^2]: https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetId.html * [^3]: https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_CognitoIdentityProvider.html - * [^4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html - * [^5]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html + * [^4]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html + * [^5]: https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html + * [^6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html + * [^7]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html * * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUserGlobalSignOut.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#adminuserglobalsignout @@ -977,6 +1001,9 @@ public function adminUserGlobalSignOut($input): AdminUserGlobalSignOutResponse * > policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user * > pools API and user pool endpoints [^2]. * + * Authorize this action with a signed-in user's access token. It must include the scope + * `aws.cognito.signin.user.admin`. + * * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html * [^2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html * @@ -1071,7 +1098,8 @@ public function changePassword($input): ChangePasswordResponse } /** - * Allows a user to enter a confirmation code to reset a forgotten password. + * This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password + * for that user. * * > Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * > For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in @@ -1140,7 +1168,7 @@ public function confirmForgotPassword($input): ConfirmForgotPasswordResponse } /** - * This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool + * This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool * via the SignUp [^1] API operation. After your user enters their code, they confirm ownership of the email address or * phone number that they provided, and their user account becomes active. Depending on your user pool configuration, * your users will receive their confirmation code in an email or SMS message. @@ -1217,7 +1245,8 @@ public function confirmSignUp($input): ConfirmSignUpResponse } /** - * Creates a new group in the specified user pool. + * Creates a new group in the specified user pool. For more information about user pool groups see Adding groups to a + * user pool [^1]. * * > Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this * > operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM @@ -1225,12 +1254,13 @@ public function confirmSignUp($input): ConfirmSignUpResponse * > * > **Learn more** * > - * > - Signing Amazon Web Services API Requests [^1] - * > - Using the Amazon Cognito user pools API and user pool endpoints [^2] + * > - Signing Amazon Web Services API Requests [^2] + * > - Using the Amazon Cognito user pools API and user pool endpoints [^3] * > * - * [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html - * [^2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html + * [^2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html + * [^3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html * * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#creategroup @@ -1821,15 +1851,20 @@ public function revokeToken($input): RevokeTokenResponse * you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users * and turn on Adaptive Authentication for the user pool. * + * This operation doesn't reset an existing TOTP MFA for a user. To register a new TOTP factor for a user, make an + * AssociateSoftwareToken [^1] request. For more information, see TOTP software token MFA [^2]. + * * Authorize this action with a signed-in user's access token. It must include the scope * `aws.cognito.signin.user.admin`. * * > Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. * > For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in * > policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user - * > pools API and user pool endpoints [^1]. + * > pools API and user pool endpoints [^3]. * - * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html + * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html + * [^2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html + * [^3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html * * @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#setusermfapreference diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminAddUserToGroupRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminAddUserToGroupRequest.php index 8ba8ad5ef..553be217c 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminAddUserToGroupRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminAddUserToGroupRequest.php @@ -10,7 +10,7 @@ final class AdminAddUserToGroupRequest extends Input { /** - * The user pool ID for the user pool. + * The ID of the user pool that contains the group that you want to add the user to. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminConfirmSignUpRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminConfirmSignUpRequest.php index 1f11d9644..52731b46c 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminConfirmSignUpRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminConfirmSignUpRequest.php @@ -13,7 +13,7 @@ final class AdminConfirmSignUpRequest extends Input { /** - * The user pool ID for which you want to confirm user registration. + * The ID of the user pool where you want to confirm a user's sign-up request. * * @required * @@ -44,13 +44,13 @@ final class AdminConfirmSignUpRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminCreateUserRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminCreateUserRequest.php index 796547f5a..204ff2815 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminCreateUserRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminCreateUserRequest.php @@ -16,7 +16,7 @@ final class AdminCreateUserRequest extends Input { /** - * The user pool ID for the user pool where the user will be created. + * The ID of the user pool where you want to create a user. * * @required * @@ -123,9 +123,9 @@ final class AdminCreateUserRequest extends Input * This parameter is used only if the `phone_number_verified` or `email_verified` attribute is set to `True`. Otherwise, * it is ignored. * - * If this parameter is set to `True` and the phone number or email address specified in the UserAttributes parameter - * already exists as an alias with a different user, the API call will migrate the alias from the previous user to the - * newly created user. The previous user will no longer be able to log in using that alias. + * If this parameter is set to `True` and the phone number or email address specified in the `UserAttributes` parameter + * already exists as an alias with a different user, this request migrates the alias from the previous user to the + * newly-created user. The previous user will no longer be able to log in using that alias. * * If this parameter is set to `False`, the API throws an `AliasExistsException` error if the alias already exists. The * default value is `False`. @@ -135,16 +135,17 @@ final class AdminCreateUserRequest extends Input private $forceAliasCreation; /** - * Set to `RESEND` to resend the invitation message to a user that already exists and reset the expiration limit on the - * user's account. Set to `SUPPRESS` to suppress sending the message. You can specify only one value. + * Set to `RESEND` to resend the invitation message to a user that already exists, and to reset the temporary-password + * duration with a new temporary password. Set to `SUPPRESS` to suppress sending the message. You can specify only one + * value. * * @var MessageActionType::*|null */ private $messageAction; /** - * Specify `"EMAIL"` if email will be used to send the welcome message. Specify `"SMS"` if the phone number will be - * used. The default value is `"SMS"`. You can specify more than one value. + * Specify `EMAIL` if email will be used to send the welcome message. Specify `SMS` if the phone number will be used. + * The default value is `SMS`. You can specify more than one value. * * @var list|null */ @@ -156,20 +157,20 @@ final class AdminCreateUserRequest extends Input * You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminCreateUser API * action, Amazon Cognito invokes the function that is assigned to the *pre sign-up* trigger. When Amazon Cognito * invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a - * `clientMetadata` attribute, which provides the data that you assigned to the ClientMetadata parameter in your + * `ClientMetadata` attribute, which provides the data that you assigned to the ClientMetadata parameter in your * AdminCreateUser request. In your function code in Lambda, you can process the `clientMetadata` value to enhance your * workflow for your specific needs. * * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminDeleteUserRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminDeleteUserRequest.php index 85b63a41b..dcd2b2717 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminDeleteUserRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminDeleteUserRequest.php @@ -13,7 +13,7 @@ final class AdminDeleteUserRequest extends Input { /** - * The user pool ID for the user pool where you want to delete the user. + * The ID of the user pool where you want to delete the user. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminDisableUserRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminDisableUserRequest.php index a7e68f3b5..413317e23 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminDisableUserRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminDisableUserRequest.php @@ -13,7 +13,7 @@ final class AdminDisableUserRequest extends Input { /** - * The user pool ID for the user pool where you want to disable the user. + * The ID of the user pool where you want to disable the user. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminEnableUserRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminEnableUserRequest.php index 41c88f5a1..d9793250b 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminEnableUserRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminEnableUserRequest.php @@ -13,7 +13,7 @@ final class AdminEnableUserRequest extends Input { /** - * The user pool ID for the user pool where you want to enable the user. + * The ID of the user pool where you want to activate sign-in for the user. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminGetUserRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminGetUserRequest.php index 538e4e183..c7baae5a1 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminGetUserRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminGetUserRequest.php @@ -13,7 +13,7 @@ final class AdminGetUserRequest extends Input { /** - * The user pool ID for the user pool where you want to get information about the user. + * The ID of the user pool where you want to get information about the user. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminInitiateAuthRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminInitiateAuthRequest.php index d209e958c..b77d567b3 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminInitiateAuthRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminInitiateAuthRequest.php @@ -16,7 +16,7 @@ final class AdminInitiateAuthRequest extends Input { /** - * The ID of the Amazon Cognito user pool. + * The ID of the user pool where the user wants to sign in. * * @required * @@ -25,7 +25,7 @@ final class AdminInitiateAuthRequest extends Input private $userPoolId; /** - * The app client ID. + * The ID of the app client where the user wants to sign in. * * @required * @@ -34,8 +34,8 @@ final class AdminInitiateAuthRequest extends Input private $clientId; /** - * The authentication flow that you want to initiate. The `AuthParameters` that you must submit are linked to the flow - * that you submit. For example: + * The authentication flow that you want to initiate. Each `AuthFlow` has linked `AuthParameters` that you must submit. + * The following are some example flows and their parameters. * * - `USER_AUTH`: Request a preferred authentication type or review available authentication types. From the offered * authentication types, select one in a challenge response and then authenticate with that method in an additional @@ -47,11 +47,11 @@ final class AdminInitiateAuthRequest extends Input * - `ADMIN_USER_PASSWORD_AUTH`: Receive new tokens or the next challenge, for example `SOFTWARE_TOKEN_MFA`, when you * pass `USERNAME` and `PASSWORD` parameters. * - * Valid values include the following: + * *All flows* * * - `USER_AUTH`: * - * The entry point for sign-in with passwords, one-time passwords, biometric devices, and security keys. + * The entry point for sign-in with passwords, one-time passwords, and WebAuthN authenticators. * - `USER_SRP_AUTH`: * * Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP @@ -140,13 +140,13 @@ final class AdminInitiateAuthRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html @@ -156,7 +156,7 @@ final class AdminInitiateAuthRequest extends Input private $clientMetadata; /** - * The analytics metadata for collecting Amazon Pinpoint metrics for `AdminInitiateAuth` calls. + * The analytics metadata for collecting Amazon Pinpoint metrics. * * @var AnalyticsMetadataType|null */ @@ -167,13 +167,18 @@ final class AdminInitiateAuthRequest extends Input * advanced security evaluates the risk of an authentication event based on the context that your app generates and * passes to Amazon Cognito when it makes API requests. * + * For more information, see Collecting data for threat protection in applications [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html + * * @var ContextDataType|null */ private $contextData; /** * The optional session ID from a `ConfirmSignUp` API request. You can sign in a user directly from the sign-up process - * with the `USER_AUTH` authentication flow. + * with an `AuthFlow` of `USER_AUTH` and `AuthParameters` of `EMAIL_OTP` or `SMS_OTP`, depending on how your user pool + * sent the confirmation-code message. * * @var string|null */ diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminRemoveUserFromGroupRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminRemoveUserFromGroupRequest.php index f3764159e..dcd8e9bb5 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminRemoveUserFromGroupRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminRemoveUserFromGroupRequest.php @@ -10,7 +10,7 @@ final class AdminRemoveUserFromGroupRequest extends Input { /** - * The user pool ID for the user pool. + * The ID of the user pool that contains the group and the user that you want to remove. * * @required * @@ -30,7 +30,7 @@ final class AdminRemoveUserFromGroupRequest extends Input private $username; /** - * The group name. + * The name of the group that you want to remove the user from, for example `MyTestGroup`. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminResetUserPasswordRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminResetUserPasswordRequest.php index 384fbbf24..6a632dec4 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminResetUserPasswordRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminResetUserPasswordRequest.php @@ -13,7 +13,7 @@ final class AdminResetUserPasswordRequest extends Input { /** - * The user pool ID for the user pool where you want to reset the user's password. + * The ID of the user pool where you want to reset the user's password. * * @required * @@ -35,23 +35,23 @@ final class AdminResetUserPasswordRequest extends Input /** * A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. * - * You create custom workflows by assigning Lambda functions to user pool triggers. When you use the - * AdminResetUserPassword API action, Amazon Cognito invokes the function that is assigned to the *custom message* - * trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. - * This payload contains a `clientMetadata` attribute, which provides the data that you assigned to the ClientMetadata - * parameter in your AdminResetUserPassword request. In your function code in Lambda, you can process the - * `clientMetadata` value to enhance your workflow for your specific needs. + * You create custom workflows by assigning Lambda functions to user pool triggers. The `AdminResetUserPassword` API + * operation invokes the function that is assigned to the *custom message* trigger. When Amazon Cognito invokes this + * function, it passes a JSON payload, which the function receives as input. This payload contains a `clientMetadata` + * attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminResetUserPassword + * request. In your function code in Lambda, you can process the `clientMetadata` value to enhance your workflow for + * your specific needs. * * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminSetUserPasswordRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminSetUserPasswordRequest.php index cf5ee96e2..2fb63dc28 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminSetUserPasswordRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminSetUserPasswordRequest.php @@ -10,7 +10,7 @@ final class AdminSetUserPasswordRequest extends Input { /** - * The user pool ID for the user pool where you want to set the user's password. + * The ID of the user pool where you want to set the user's password. * * @required * @@ -30,7 +30,9 @@ final class AdminSetUserPasswordRequest extends Input private $username; /** - * The password for the user. + * The new temporary or permanent password that you want to set for the user. You can't remove the password for a user + * who already has a password so that they can only sign in with passwordless methods. In this scenario, you must create + * a new user without a password. * * @required * @@ -39,7 +41,8 @@ final class AdminSetUserPasswordRequest extends Input private $password; /** - * `True` if the password is permanent, `False` if it is temporary. + * Set to `true` to set a password that the user can immediately sign in with. Set to `false` to set a temporary + * password that the user must change on their next sign-in. * * @var bool|null */ diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminUpdateUserAttributesRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminUpdateUserAttributesRequest.php index 6228cb27d..da54c5e2f 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminUpdateUserAttributesRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminUpdateUserAttributesRequest.php @@ -14,7 +14,7 @@ final class AdminUpdateUserAttributesRequest extends Input { /** - * The user pool ID for the user pool where you want to update user attributes. + * The ID of the user pool where you want to update user attributes. * * @required * @@ -67,13 +67,13 @@ final class AdminUpdateUserAttributesRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Input/AdminUserGlobalSignOutRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AdminUserGlobalSignOutRequest.php index eefcb1a2d..7c812c73f 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AdminUserGlobalSignOutRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AdminUserGlobalSignOutRequest.php @@ -13,7 +13,7 @@ final class AdminUserGlobalSignOutRequest extends Input { /** - * The user pool ID. + * The ID of the user pool where you want to sign out a user. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/AssociateSoftwareTokenRequest.php b/src/Service/CognitoIdentityProvider/src/Input/AssociateSoftwareTokenRequest.php index 5ec2f22fd..6e07cf61d 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/AssociateSoftwareTokenRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/AssociateSoftwareTokenRequest.php @@ -9,15 +9,17 @@ final class AssociateSoftwareTokenRequest extends Input { /** - * A valid access token that Amazon Cognito issued to the user whose software token you want to generate. + * A valid access token that Amazon Cognito issued to the user whose software token you want to generate. You can + * provide either an access token or a session ID in the request. * * @var string|null */ private $accessToken; /** - * The session that should be passed both ways in challenge-response calls to the service. This allows authentication of - * the user as part of the MFA setup process. + * The session identifier that maintains the state of authentication requests and challenge responses. In + * `AssociateSoftwareToken`, this is the session ID from a successful sign-in. You can provide either an access token or + * a session ID in the request. * * @var string|null */ diff --git a/src/Service/CognitoIdentityProvider/src/Input/ChangePasswordRequest.php b/src/Service/CognitoIdentityProvider/src/Input/ChangePasswordRequest.php index 252e186ee..805a17742 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/ChangePasswordRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/ChangePasswordRequest.php @@ -21,7 +21,7 @@ final class ChangePasswordRequest extends Input private $previousPassword; /** - * The new password. + * A new password that you prompted the user to enter in your application. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/ConfirmForgotPasswordRequest.php b/src/Service/CognitoIdentityProvider/src/Input/ConfirmForgotPasswordRequest.php index 121f15411..80d4362f5 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/ConfirmForgotPasswordRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/ConfirmForgotPasswordRequest.php @@ -15,7 +15,9 @@ final class ConfirmForgotPasswordRequest extends Input { /** - * The app client ID of the app associated with the user pool. + * The ID of the app client where the user wants to reset their password. This parameter is an identifier of the client + * application that users are resetting their password from, but this operation resets users' passwords for all app + * clients in the user pool. * * @required * @@ -45,10 +47,11 @@ final class ConfirmForgotPasswordRequest extends Input private $username; /** - * The confirmation code from your user's request to reset their password. For more information, see ForgotPassword - * [^1]. + * The confirmation code that your user pool sent in response to an AdminResetUserPassword [^1] or a ForgotPassword [^2] + * request. * - * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html + * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminResetUserPassword.html + * [^2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html * * @required * @@ -77,6 +80,10 @@ final class ConfirmForgotPasswordRequest extends Input * advanced security evaluates the risk of an authentication event based on the context that your app generates and * passes to Amazon Cognito when it makes API requests. * + * For more information, see Collecting data for threat protection in applications [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html + * * @var UserContextDataType|null */ private $userContextData; @@ -94,13 +101,13 @@ final class ConfirmForgotPasswordRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Input/ConfirmSignUpRequest.php b/src/Service/CognitoIdentityProvider/src/Input/ConfirmSignUpRequest.php index f9e1f39b9..7b7629c89 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/ConfirmSignUpRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/ConfirmSignUpRequest.php @@ -25,7 +25,9 @@ final class ConfirmSignUpRequest extends Input /** * A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username - * plus the client ID in the message. + * plus the client ID in the message. For more information about `SecretHash`, see Computing secret hash values [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash * * @var string|null */ @@ -43,7 +45,7 @@ final class ConfirmSignUpRequest extends Input private $username; /** - * The confirmation code sent by a user's request to confirm registration. + * The confirmation code that your user pool sent in response to the `SignUp` request. * * @required * @@ -52,10 +54,20 @@ final class ConfirmSignUpRequest extends Input private $confirmationCode; /** - * Boolean to be specified to force user confirmation irrespective of existing alias. By default set to `False`. If this - * parameter is set to `True` and the phone number/email used for sign up confirmation already exists as an alias with a - * different user, the API call will migrate the alias from the previous user to the newly created user being confirmed. - * If set to `False`, the API will throw an **AliasExistsException** error. + * When `true`, forces user confirmation despite any existing aliases. Defaults to `false`. A value of `true` migrates + * the alias from an existing user to the new user if an existing user already has the phone number or email address as + * an alias. + * + * Say, for example, that an existing user has an `email` attribute of `bob@example.com` and email is an alias in your + * user pool. If the new user also has an email of `bob@example.com` and your `ConfirmSignUp` response sets + * `ForceAliasCreation` to `true`, the new user can sign in with a username of `bob@example.com` and the existing user + * can no longer do so. + * + * If `false` and an attribute belongs to an existing alias, this request returns an **AliasExistsException** error. + * + * For more information about sign-in aliases, see Customizing sign-in attributes [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases * * @var bool|null */ @@ -73,6 +85,10 @@ final class ConfirmSignUpRequest extends Input * advanced security evaluates the risk of an authentication event based on the context that your app generates and * passes to Amazon Cognito when it makes API requests. * + * For more information, see Collecting data for threat protection in applications [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html + * * @var UserContextDataType|null */ private $userContextData; @@ -90,13 +106,13 @@ final class ConfirmSignUpRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Input/CreateGroupRequest.php b/src/Service/CognitoIdentityProvider/src/Input/CreateGroupRequest.php index 30e23242a..44bfc7c1f 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/CreateGroupRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/CreateGroupRequest.php @@ -10,7 +10,7 @@ final class CreateGroupRequest extends Input { /** - * The name of the group. Must be unique. + * A name for the group. This name must be unique in your user pool. * * @required * @@ -19,7 +19,7 @@ final class CreateGroupRequest extends Input private $groupName; /** - * The user pool ID for the user pool. + * The ID of the user pool where you want to create a user group. * * @required * @@ -28,14 +28,17 @@ final class CreateGroupRequest extends Input private $userPoolId; /** - * A string containing the description of the group. + * A description of the group that you're creating. * * @var string|null */ private $description; /** - * The role Amazon Resource Name (ARN) for the group. + * The Amazon Resource Name (ARN) for the IAM role that you want to associate with the group. A group role primarily + * declares a preferred role for the credentials that you get from an identity pool. Amazon Cognito ID tokens have a + * `cognito:preferred_role` claim that presents the highest-precedence group that a user belongs to. Both ID and access + * tokens also contain a `cognito:groups` claim that list all the groups that a user is a member of. * * @var string|null */ diff --git a/src/Service/CognitoIdentityProvider/src/Input/ForgotPasswordRequest.php b/src/Service/CognitoIdentityProvider/src/Input/ForgotPasswordRequest.php index f2f8cfb7d..c67c62855 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/ForgotPasswordRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/ForgotPasswordRequest.php @@ -25,7 +25,9 @@ final class ForgotPasswordRequest extends Input /** * A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username - * plus the client ID in the message. + * plus the client ID in the message. For more information about `SecretHash`, see Computing secret hash values [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash * * @var string|null */ @@ -36,6 +38,10 @@ final class ForgotPasswordRequest extends Input * advanced security evaluates the risk of an authentication event based on the context that your app generates and * passes to Amazon Cognito when it makes API requests. * + * For more information, see Collecting data for threat protection in applications [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html + * * @var UserContextDataType|null */ private $userContextData; @@ -71,13 +77,13 @@ final class ForgotPasswordRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Input/InitiateAuthRequest.php b/src/Service/CognitoIdentityProvider/src/Input/InitiateAuthRequest.php index e288b8130..3e14dd00f 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/InitiateAuthRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/InitiateAuthRequest.php @@ -16,8 +16,8 @@ final class InitiateAuthRequest extends Input { /** - * The authentication flow that you want to initiate. The `AuthParameters` that you must submit are linked to the flow - * that you submit. For example: + * The authentication flow that you want to initiate. Each `AuthFlow` has linked `AuthParameters` that you must submit. + * The following are some example flows and their parameters. * * - `USER_AUTH`: Request a preferred authentication type or review available authentication types. From the offered * authentication types, select one in a challenge response and then authenticate with that method in an additional @@ -29,11 +29,11 @@ final class InitiateAuthRequest extends Input * - `USER_PASSWORD_AUTH`: Receive new tokens or the next challenge, for example `SOFTWARE_TOKEN_MFA`, when you pass * `USERNAME` and `PASSWORD` parameters. * - * Valid values include the following: + * *All flows* * * - `USER_AUTH`: * - * The entry point for sign-in with passwords, one-time passwords, biometric devices, and security keys. + * The entry point for sign-in with passwords, one-time passwords, and WebAuthN authenticators. * - `USER_SRP_AUTH`: * * Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP @@ -123,13 +123,13 @@ final class InitiateAuthRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html @@ -159,6 +159,10 @@ final class InitiateAuthRequest extends Input * advanced security evaluates the risk of an authentication event based on the context that your app generates and * passes to Amazon Cognito when it makes API requests. * + * For more information, see Collecting data for threat protection in applications [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html + * * @var UserContextDataType|null */ private $userContextData; diff --git a/src/Service/CognitoIdentityProvider/src/Input/ListGroupsRequest.php b/src/Service/CognitoIdentityProvider/src/Input/ListGroupsRequest.php index 3b947cb02..73a309d1a 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/ListGroupsRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/ListGroupsRequest.php @@ -10,7 +10,7 @@ final class ListGroupsRequest extends Input { /** - * The user pool ID for the user pool. + * The ID of the user pool. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/ListUsersRequest.php b/src/Service/CognitoIdentityProvider/src/Input/ListUsersRequest.php index aea06b837..d74d5c1cf 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/ListUsersRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/ListUsersRequest.php @@ -13,7 +13,7 @@ final class ListUsersRequest extends Input { /** - * The user pool ID for the user pool on which the search should be performed. + * The ID of the user pool on which the search should be performed. * * @required * diff --git a/src/Service/CognitoIdentityProvider/src/Input/ResendConfirmationCodeRequest.php b/src/Service/CognitoIdentityProvider/src/Input/ResendConfirmationCodeRequest.php index 6e5b7360f..b600734b0 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/ResendConfirmationCodeRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/ResendConfirmationCodeRequest.php @@ -25,7 +25,9 @@ final class ResendConfirmationCodeRequest extends Input /** * A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username - * plus the client ID in the message. + * plus the client ID in the message. For more information about `SecretHash`, see Computing secret hash values [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash * * @var string|null */ @@ -36,6 +38,10 @@ final class ResendConfirmationCodeRequest extends Input * advanced security evaluates the risk of an authentication event based on the context that your app generates and * passes to Amazon Cognito when it makes API requests. * + * For more information, see Collecting data for threat protection in applications [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html + * * @var UserContextDataType|null */ private $userContextData; @@ -71,13 +77,13 @@ final class ResendConfirmationCodeRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Input/RespondToAuthChallengeRequest.php b/src/Service/CognitoIdentityProvider/src/Input/RespondToAuthChallengeRequest.php index 2578ea88e..44a3c05f8 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/RespondToAuthChallengeRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/RespondToAuthChallengeRequest.php @@ -161,6 +161,10 @@ final class RespondToAuthChallengeRequest extends Input * advanced security evaluates the risk of an authentication event based on the context that your app generates and * passes to Amazon Cognito when it makes API requests. * + * For more information, see Collecting data for threat protection in applications [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html + * * @var UserContextDataType|null */ private $userContextData; @@ -179,13 +183,13 @@ final class RespondToAuthChallengeRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Input/SignUpRequest.php b/src/Service/CognitoIdentityProvider/src/Input/SignUpRequest.php index 24fef509a..505977b65 100644 --- a/src/Service/CognitoIdentityProvider/src/Input/SignUpRequest.php +++ b/src/Service/CognitoIdentityProvider/src/Input/SignUpRequest.php @@ -26,7 +26,9 @@ final class SignUpRequest extends Input /** * A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username - * plus the client ID in the message. + * plus the client ID in the message. For more information about `SecretHash`, see Computing secret hash values [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash * * @var string|null */ @@ -96,6 +98,10 @@ final class SignUpRequest extends Input * advanced security evaluates the risk of an authentication event based on the context that your app generates and * passes to Amazon Cognito when it makes API requests. * + * For more information, see Collecting data for threat protection in applications [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-threat-protection-app.html + * * @var UserContextDataType|null */ private $userContextData; @@ -113,13 +119,13 @@ final class SignUpRequest extends Input * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer * Guide*. * - * > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following: + * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following: * > - * > - Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool - * > to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata + * > - Store the `ClientMetadata` value. This data is available only to Lambda triggers that are assigned to a user pool + * > to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` * > parameter serves no purpose. - * > - Validate the ClientMetadata value. - * > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information. + * > - Validate the `ClientMetadata` value. + * > - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter. * > * * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html diff --git a/src/Service/CognitoIdentityProvider/src/Result/AdminCreateUserResponse.php b/src/Service/CognitoIdentityProvider/src/Result/AdminCreateUserResponse.php index c266147c6..b83843cc8 100644 --- a/src/Service/CognitoIdentityProvider/src/Result/AdminCreateUserResponse.php +++ b/src/Service/CognitoIdentityProvider/src/Result/AdminCreateUserResponse.php @@ -14,7 +14,7 @@ class AdminCreateUserResponse extends Result { /** - * The newly created user. + * The new user's profile details. * * @var UserType|null */ diff --git a/src/Service/CognitoIdentityProvider/src/Result/AdminGetUserResponse.php b/src/Service/CognitoIdentityProvider/src/Result/AdminGetUserResponse.php index 1e2da15ba..9138ace19 100644 --- a/src/Service/CognitoIdentityProvider/src/Result/AdminGetUserResponse.php +++ b/src/Service/CognitoIdentityProvider/src/Result/AdminGetUserResponse.php @@ -21,14 +21,15 @@ class AdminGetUserResponse extends Result private $username; /** - * An array of name-value pairs representing user attributes. + * An array of name-value pairs of user attributes and their values, for example `"email": "testuser@example.com"`. * * @var AttributeType[] */ private $userAttributes; /** - * The date the user was created. + * The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your + * SDK might render the output in a human-readable format like ISO 8601 or a Java `Date` object. * * @var \DateTimeImmutable|null */ @@ -43,14 +44,18 @@ class AdminGetUserResponse extends Result private $userLastModifiedDate; /** - * Indicates that the status is `enabled`. + * Indicates whether the user is activated for sign-in. The AdminDisableUser [^1] and AdminEnableUser [^2] API + * operations deactivate and activate user sign-in, respectively. + * + * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDisableUser.html + * [^2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminEnableUser.html * * @var bool|null */ private $enabled; /** - * The user status. Can be one of the following: + * The user's status. Can be one of the following: * * - UNCONFIRMED - User has been created but not confirmed. * - CONFIRMED - User has been confirmed. @@ -59,6 +64,7 @@ class AdminGetUserResponse extends Result * in. * - FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first * sign-in, the user must change their password to a new value before doing anything else. + * - EXTERNAL_PROVIDER - The user signed in with a third-party identity provider. * * @var UserStatusType::*|null */ @@ -74,7 +80,7 @@ class AdminGetUserResponse extends Result private $mfaOptions; /** - * The user's preferred MFA setting. + * The user's preferred MFA. Users can prefer SMS message, email message, or TOTP MFA. * * @var string|null */ @@ -82,7 +88,11 @@ class AdminGetUserResponse extends Result /** * The MFA options that are activated for the user. The possible values in this list are `SMS_MFA`, `EMAIL_OTP`, and - * `SOFTWARE_TOKEN_MFA`. + * `SOFTWARE_TOKEN_MFA`. You can change the MFA preference for users who have more than one available MFA factor with + * AdminSetUserMFAPreference [^1] or SetUserMFAPreference [^2]. + * + * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html + * [^2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html * * @var string[] */ diff --git a/src/Service/CognitoIdentityProvider/src/Result/AdminInitiateAuthResponse.php b/src/Service/CognitoIdentityProvider/src/Result/AdminInitiateAuthResponse.php index 475500a31..8a375ab0a 100644 --- a/src/Service/CognitoIdentityProvider/src/Result/AdminInitiateAuthResponse.php +++ b/src/Service/CognitoIdentityProvider/src/Result/AdminInitiateAuthResponse.php @@ -72,10 +72,10 @@ class AdminInitiateAuthResponse extends Result private $challengeName; /** - * The session that should be passed both ways in challenge-response calls to the service. If `AdminInitiateAuth` or - * `AdminRespondToAuthChallenge` API call determines that the caller must pass another challenge, they return a session - * with other challenge parameters. This session should be passed as it is to the next `AdminRespondToAuthChallenge` API - * call. + * The session that must be passed to challenge-response requests. If an `AdminInitiateAuth` or + * `AdminRespondToAuthChallenge` API request determines that the caller must pass another challenge, Amazon Cognito + * returns a session ID and the parameters of the next challenge. Pass this session Id in the `Session` parameter of + * `AdminRespondToAuthChallenge`. * * @var string|null */ @@ -97,9 +97,9 @@ class AdminInitiateAuthResponse extends Result private $challengeParameters; /** - * The result of the authentication response. This is only returned if the caller doesn't need to pass another - * challenge. If the caller does need to pass another challenge before it gets tokens, `ChallengeName`, - * `ChallengeParameters`, and `Session` are returned. + * The outcome of successful authentication. This is only returned if the user pool has no additional challenges to + * return. If Amazon Cognito returns another challenge, the response includes `ChallengeName`, `ChallengeParameters`, + * and `Session` so that your user can answer the challenge. * * @var AuthenticationResultType|null */ diff --git a/src/Service/CognitoIdentityProvider/src/Result/AssociateSoftwareTokenResponse.php b/src/Service/CognitoIdentityProvider/src/Result/AssociateSoftwareTokenResponse.php index a777e22ff..fd2eae7b8 100644 --- a/src/Service/CognitoIdentityProvider/src/Result/AssociateSoftwareTokenResponse.php +++ b/src/Service/CognitoIdentityProvider/src/Result/AssociateSoftwareTokenResponse.php @@ -8,15 +8,17 @@ class AssociateSoftwareTokenResponse extends Result { /** - * A unique generated shared secret code that is used in the TOTP algorithm to generate a one-time code. + * A unique generated shared secret code that is used by the TOTP algorithm to generate a one-time code. * * @var string|null */ private $secretCode; /** - * The session that should be passed both ways in challenge-response calls to the service. This allows authentication of - * the user as part of the MFA setup process. + * The session identifier that maintains the state of authentication requests and challenge responses. This session ID + * is valid for the next request in this flow, VerifySoftwareToken [^1]. + * + * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html * * @var string|null */ diff --git a/src/Service/CognitoIdentityProvider/src/Result/ConfirmSignUpResponse.php b/src/Service/CognitoIdentityProvider/src/Result/ConfirmSignUpResponse.php index 28840e112..e5b74223e 100644 --- a/src/Service/CognitoIdentityProvider/src/Result/ConfirmSignUpResponse.php +++ b/src/Service/CognitoIdentityProvider/src/Result/ConfirmSignUpResponse.php @@ -11,9 +11,9 @@ class ConfirmSignUpResponse extends Result { /** - * You can automatically sign users in with the one-time password that they provided in a successful `ConfirmSignUp` - * request. To do this, pass the `Session` parameter from the `ConfirmSignUp` response in the `Session` parameter of an - * InitiateAuth [^1] or AdminInitiateAuth [^2] request. + * A session identifier that you can use to immediately sign in the confirmed user. You can automatically sign users in + * with the one-time password that they provided in a successful `ConfirmSignUp` request. To do this, pass the `Session` + * parameter from this response in the `Session` parameter of an InitiateAuth [^1] or AdminInitiateAuth [^2] request. * * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html * [^2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html diff --git a/src/Service/CognitoIdentityProvider/src/Result/CreateGroupResponse.php b/src/Service/CognitoIdentityProvider/src/Result/CreateGroupResponse.php index 180ecf39e..85a7f2daa 100644 --- a/src/Service/CognitoIdentityProvider/src/Result/CreateGroupResponse.php +++ b/src/Service/CognitoIdentityProvider/src/Result/CreateGroupResponse.php @@ -9,7 +9,7 @@ class CreateGroupResponse extends Result { /** - * The group object for the group. + * The response object for a created group. * * @var GroupType|null */ diff --git a/src/Service/Ses/CHANGELOG.md b/src/Service/Ses/CHANGELOG.md index 8a679600d..aa4f11410 100644 --- a/src/Service/Ses/CHANGELOG.md +++ b/src/Service/Ses/CHANGELOG.md @@ -2,6 +2,11 @@ ## NOT RELEASED +### Added + +- AWS api-change: Introduces support for multi-region endpoint. +- AWS api-change: Introduces support for creating DEED (Deterministic Easy-DKIM) identities. + ## 1.9.0 ### Added diff --git a/src/Service/Ses/composer.json b/src/Service/Ses/composer.json index 2defcc28d..4d87c4f5e 100644 --- a/src/Service/Ses/composer.json +++ b/src/Service/Ses/composer.json @@ -27,7 +27,7 @@ }, "extra": { "branch-alias": { - "dev-master": "1.9-dev" + "dev-master": "1.10-dev" } } } diff --git a/src/Service/Ses/src/Input/SendEmailRequest.php b/src/Service/Ses/src/Input/SendEmailRequest.php index a786da329..bd19d2f4b 100644 --- a/src/Service/Ses/src/Input/SendEmailRequest.php +++ b/src/Service/Ses/src/Input/SendEmailRequest.php @@ -114,6 +114,13 @@ final class SendEmailRequest extends Input */ private $configurationSetName; + /** + * The ID of the multi-region endpoint (global-endpoint). + * + * @var string|null + */ + private $endpointId; + /** * An object used to specify a list or topic to which an email belongs, which will be used when a contact chooses to * unsubscribe. @@ -133,6 +140,7 @@ final class SendEmailRequest extends Input * Content?: EmailContent|array, * EmailTags?: null|array, * ConfigurationSetName?: null|string, + * EndpointId?: null|string, * ListManagementOptions?: null|ListManagementOptions|array, * '@region'?: string|null, * } $input @@ -148,6 +156,7 @@ public function __construct(array $input = []) $this->content = isset($input['Content']) ? EmailContent::create($input['Content']) : null; $this->emailTags = isset($input['EmailTags']) ? array_map([MessageTag::class, 'create'], $input['EmailTags']) : null; $this->configurationSetName = $input['ConfigurationSetName'] ?? null; + $this->endpointId = $input['EndpointId'] ?? null; $this->listManagementOptions = isset($input['ListManagementOptions']) ? ListManagementOptions::create($input['ListManagementOptions']) : null; parent::__construct($input); } @@ -163,6 +172,7 @@ public function __construct(array $input = []) * Content?: EmailContent|array, * EmailTags?: null|array, * ConfigurationSetName?: null|string, + * EndpointId?: null|string, * ListManagementOptions?: null|ListManagementOptions|array, * '@region'?: string|null, * }|SendEmailRequest $input @@ -195,6 +205,11 @@ public function getEmailTags(): array return $this->emailTags ?? []; } + public function getEndpointId(): ?string + { + return $this->endpointId; + } + public function getFeedbackForwardingEmailAddress(): ?string { return $this->feedbackForwardingEmailAddress; @@ -284,6 +299,13 @@ public function setEmailTags(array $value): self return $this; } + public function setEndpointId(?string $value): self + { + $this->endpointId = $value; + + return $this; + } + public function setFeedbackForwardingEmailAddress(?string $value): self { $this->feedbackForwardingEmailAddress = $value; @@ -370,6 +392,9 @@ private function requestBody(): array if (null !== $v = $this->configurationSetName) { $payload['ConfigurationSetName'] = $v; } + if (null !== $v = $this->endpointId) { + $payload['EndpointId'] = $v; + } if (null !== $v = $this->listManagementOptions) { $payload['ListManagementOptions'] = $v->requestBody(); } diff --git a/src/Service/Ses/src/SesClient.php b/src/Service/Ses/src/SesClient.php index f44cf14fc..6e40fa32c 100644 --- a/src/Service/Ses/src/SesClient.php +++ b/src/Service/Ses/src/SesClient.php @@ -48,6 +48,7 @@ class SesClient extends AbstractApi * Content: EmailContent|array, * EmailTags?: null|array, * ConfigurationSetName?: null|string, + * EndpointId?: null|string, * ListManagementOptions?: null|ListManagementOptions|array, * '@region'?: string|null, * }|SendEmailRequest $input