Update generated code

manifest.json

@@ -1,6 +1,6 @@
 {
     "variables": {
-        "${LATEST}": "3.340.4"
+        "${LATEST}": "3.340.5"
     },
     "endpoints": "https://raw.githubusercontent.com/aws/aws-sdk-php/${LATEST}/src/data/endpoints.json",
     "services": {

psalm.baseline.xml

@@ -315,6 +315,14 @@
       <code><![CDATA[list<ChallengeNameType::*>]]></code>
     </MoreSpecificReturnType>
   </file>
+  <file src="src/Service/CognitoIdentityProvider/src/Result/AdminInitiateAuthResponse.php">
+    <LessSpecificReturnStatement>
+      <code><![CDATA[$items]]></code>
+    </LessSpecificReturnStatement>
+    <MoreSpecificReturnType>
+      <code><![CDATA[list<ChallengeNameType::*>]]></code>
+    </MoreSpecificReturnType>
+  </file>
   <file src="src/Service/Kms/src/Result/GetPublicKeyResponse.php">
     <LessSpecificReturnStatement>
       <code><![CDATA[$items]]></code>

src/Service/CognitoIdentityProvider/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## NOT RELEASED
 
+### Added
+
+- AWS api-change: Added the capacity to return available challenges in admin authentication and to set version 3 of the pre token generation event for M2M ATC.
+
 ## 1.11.0
 
 ### Added

src/Service/CognitoIdentityProvider/composer.json

@@ -28,7 +28,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "1.11-dev"
+            "dev-master": "1.12-dev"
         }
     }
 }

src/Service/CognitoIdentityProvider/src/Input/AdminAddUserToGroupRequest.php

@@ -19,9 +19,9 @@ final class AdminAddUserToGroupRequest extends Input
     private $userPoolId;
 
     /**
-     * The username of the user that you want to query or modify. The value of this parameter is typically your user's
-     * username, but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this
-     * value must be the `sub` of a local user or the username of a user from a third-party IdP.
+     * The name of the user that you want to query or modify. The value of this parameter is typically your user's username,
+     * but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this value
+     * must be the `sub` of a local user or the username of a user from a third-party IdP.
      *
      * @required
      *

src/Service/CognitoIdentityProvider/src/Input/AdminConfirmSignUpRequest.php

@@ -22,9 +22,9 @@ final class AdminConfirmSignUpRequest extends Input
     private $userPoolId;
 
     /**
-     * The username of the user that you want to query or modify. The value of this parameter is typically your user's
-     * username, but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this
-     * value must be the `sub` of a local user or the username of a user from a third-party IdP.
+     * The name of the user that you want to query or modify. The value of this parameter is typically your user's username,
+     * but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this value
+     * must be the `sub` of a local user or the username of a user from a third-party IdP.
      *
      * @required
      *
@@ -41,8 +41,7 @@ final class AdminConfirmSignUpRequest extends Input
      * you assigned to the ClientMetadata parameter in your AdminConfirmSignUp request. In your function code in Lambda, you
      * can process the ClientMetadata value to enhance your workflow for your specific needs.
      *
-     * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer
-     * Guide*.
+     * For more information, see Using Lambda triggers [^1] in the *Amazon Cognito Developer Guide*.
      *
      * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following:
      * >

src/Service/CognitoIdentityProvider/src/Input/AdminCreateUserRequest.php

@@ -59,17 +59,19 @@ final class AdminCreateUserRequest extends Input
      * email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you
      * don't submit a `TemporaryPassword`.
      *
-     * In your call to `AdminCreateUser`, you can set the `email_verified` attribute to `True`, and you can set the
-     * `phone_number_verified` attribute to `True`. You can also do this by calling AdminUpdateUserAttributes [^1].
+     * In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true`.
+     * The following conditions apply:
      *
-     * - **email**: The email address of the user to whom the message that contains the code and username will be sent.
-     *   Required if the `email_verified` attribute is set to `True`, or if `"EMAIL"` is specified in the
-     *   `DesiredDeliveryMediums` parameter.
-     * - **phone_number**: The phone number of the user to whom the message that contains the code and username will be
-     *   sent. Required if the `phone_number_verified` attribute is set to `True`, or if `"SMS"` is specified in the
+     * - `email`:
+     *
+     *   The email address where you want the user to receive their confirmation code and username. You must provide a value
+     *   for the `email` when you want to set `email_verified` to `true`, or if you set `EMAIL` in the
      *   `DesiredDeliveryMediums` parameter.
+     * - `phone_number`:
      *
-     * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
+     *   The phone number where you want the user to receive their confirmation code and username. You must provide a value
+     *   for the `email` when you want to set `phone_number` to `true`, or if you set `SMS` in the `DesiredDeliveryMediums`
+     *   parameter.
      *
      * @var AttributeType[]|null
      */
@@ -79,10 +81,9 @@ final class AdminCreateUserRequest extends Input
      * Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value
      * pairs are for custom validation of information that you collect from your users but don't need to retain.
      *
-     * Your Lambda function can analyze this additional data and act on it. Your function might perform external API
-     * operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also
-     * affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign
-     * up from within your network.
+     * Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and
+     * verify select users or perform external API operations like logging user attributes and validation data to Amazon
+     * CloudWatch Logs.
      *
      * For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger [^1].
      *
@@ -98,8 +99,7 @@ final class AdminCreateUserRequest extends Input
      *
      * The exception to the requirement for a password is when your user pool supports passwordless sign-in with email or
      * SMS OTPs. To create a user with no password, omit this parameter or submit a blank value. You can only create a
-     * passwordless user when passwordless sign-in is available. See the SignInPolicyType [^1] property of CreateUserPool
-     * [^2] and UpdateUserPool [^3].
+     * passwordless user when passwordless sign-in is available.
      *
      * The temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary
      * password in the sign-in page, along with a new password to be used in all future sign-ins.
@@ -111,10 +111,6 @@ final class AdminCreateUserRequest extends Input
      * reset the account after that time limit, you must call `AdminCreateUser` again and specify `RESEND` for the
      * `MessageAction` parameter.
      *
-     * [^1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignInPolicyType.html
-     * [^2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html
-     * [^3]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html
-     *
      * @var string|null
      */
     private $temporaryPassword;
@@ -161,8 +157,7 @@ final class AdminCreateUserRequest extends Input
      * AdminCreateUser request. In your function code in Lambda, you can process the `clientMetadata` value to enhance your
      * workflow for your specific needs.
      *
-     * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer
-     * Guide*.
+     * For more information, see Using Lambda triggers [^1] in the *Amazon Cognito Developer Guide*.
      *
      * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following:
      * >

src/Service/CognitoIdentityProvider/src/Input/AdminDeleteUserRequest.php

@@ -22,9 +22,9 @@ final class AdminDeleteUserRequest extends Input
     private $userPoolId;
 
     /**
-     * The username of the user that you want to query or modify. The value of this parameter is typically your user's
-     * username, but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this
-     * value must be the `sub` of a local user or the username of a user from a third-party IdP.
+     * The name of the user that you want to query or modify. The value of this parameter is typically your user's username,
+     * but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this value
+     * must be the `sub` of a local user or the username of a user from a third-party IdP.
      *
      * @required
      *

src/Service/CognitoIdentityProvider/src/Input/AdminDisableUserRequest.php

@@ -22,9 +22,9 @@ final class AdminDisableUserRequest extends Input
     private $userPoolId;
 
     /**
-     * The username of the user that you want to query or modify. The value of this parameter is typically your user's
-     * username, but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this
-     * value must be the `sub` of a local user or the username of a user from a third-party IdP.
+     * The name of the user that you want to query or modify. The value of this parameter is typically your user's username,
+     * but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this value
+     * must be the `sub` of a local user or the username of a user from a third-party IdP.
      *
      * @required
      *

src/Service/CognitoIdentityProvider/src/Input/AdminEnableUserRequest.php

@@ -22,9 +22,9 @@ final class AdminEnableUserRequest extends Input
     private $userPoolId;
 
     /**
-     * The username of the user that you want to query or modify. The value of this parameter is typically your user's
-     * username, but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this
-     * value must be the `sub` of a local user or the username of a user from a third-party IdP.
+     * The name of the user that you want to query or modify. The value of this parameter is typically your user's username,
+     * but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this value
+     * must be the `sub` of a local user or the username of a user from a third-party IdP.
      *
      * @required
      *

src/Service/CognitoIdentityProvider/src/Input/AdminGetUserRequest.php

@@ -22,9 +22,9 @@ final class AdminGetUserRequest extends Input
     private $userPoolId;
 
     /**
-     * The username of the user that you want to query or modify. The value of this parameter is typically your user's
-     * username, but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this
-     * value must be the `sub` of a local user or the username of a user from a third-party IdP.
+     * The name of the user that you want to query or modify. The value of this parameter is typically your user's username,
+     * but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this value
+     * must be the `sub` of a local user or the username of a user from a third-party IdP.
      *
      * @required
      *

src/Service/CognitoIdentityProvider/src/Input/AdminInitiateAuthRequest.php

@@ -35,47 +35,37 @@ final class AdminInitiateAuthRequest extends Input
 
     /**
      * The authentication flow that you want to initiate. Each `AuthFlow` has linked `AuthParameters` that you must submit.
-     * The following are some example flows and their parameters.
-     *
-     * - `USER_AUTH`: Request a preferred authentication type or review available authentication types. From the offered
-     *   authentication types, select one in a challenge response and then authenticate with that method in an additional
-     *   challenge response.
-     * - `REFRESH_TOKEN_AUTH`: Receive new ID and access tokens when you pass a `REFRESH_TOKEN` parameter with a valid
-     *   refresh token as the value.
-     * - `USER_SRP_AUTH`: Receive secure remote password (SRP) variables for the next challenge, `PASSWORD_VERIFIER`, when
-     *   you pass `USERNAME` and `SRP_A` parameters..
-     * - `ADMIN_USER_PASSWORD_AUTH`: Receive new tokens or the next challenge, for example `SOFTWARE_TOKEN_MFA`, when you
-     *   pass `USERNAME` and `PASSWORD` parameters.
-     *
-     * *All flows*
+     * The following are some example flows.
      *
      * - `USER_AUTH`:
      *
-     *   The entry point for sign-in with passwords, one-time passwords, and WebAuthN authenticators.
+     *   The entry point for choice-based authentication [^1] with passwords, one-time passwords, and WebAuthn
+     *   authenticators. Request a preferred authentication type or review available authentication types. From the offered
+     *   authentication types, select one in a challenge response and then authenticate with that method in an additional
+     *   challenge response. To activate this setting, your user pool must be in the Essentials tier [^2] or higher.
      * - `USER_SRP_AUTH`:
      *
      *   Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP
-     *   password verification in custom authentication flow [^1].
+     *   password verification in custom authentication flow [^3].
      * - `REFRESH_TOKEN_AUTH and REFRESH_TOKEN`:
      *
-     *   Provide a valid refresh token and receive new ID and access tokens. For more information, see Using the refresh
-     *   token [^2].
+     *   Receive new ID and access tokens when you pass a `REFRESH_TOKEN` parameter with a valid refresh token as the value.
+     *   For more information, see Using the refresh token [^4].
      * - `CUSTOM_AUTH`:
      *
      *   Custom authentication with Lambda triggers. For more information, see Custom authentication challenge Lambda
-     *   triggers [^3].
+     *   triggers [^5].
      * - `ADMIN_USER_PASSWORD_AUTH`:
      *
-     *   Username-password authentication with the password sent directly in the request. For more information, see Admin
-     *   authentication flow [^4].
-     *
-     * `USER_PASSWORD_AUTH` is a flow type of InitiateAuth [^5] and isn't valid for AdminInitiateAuth.
+     *   Server-side username-password authentication with the password sent directly in the request. For more information
+     *   about client-side and server-side authentication, see SDK authorization models [^6].
      *
-     * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#Using-SRP-password-verification-in-custom-authentication-flow
-     * [^2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html
-     * [^3]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html
-     * [^4]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#Built-in-authentication-flow-and-challenges
-     * [^5]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
+     * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flows-selection-sdk.html#authentication-flows-selection-choice
+     * [^2]: https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html
+     * [^3]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#Using-SRP-password-verification-in-custom-authentication-flow
+     * [^4]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html
+     * [^5]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html
+     * [^6]: https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flows-public-server-side.html
      *
      * @required
      *
@@ -85,7 +75,7 @@ final class AdminInitiateAuthRequest extends Input
 
     /**
      * The authentication parameters. These are inputs corresponding to the `AuthFlow` that you're invoking. The required
-     * values depend on the value of `AuthFlow`:
+     * values depend on the value of `AuthFlow` for example:
      *
      * - For `USER_AUTH`: `USERNAME` (required), `PREFERRED_CHALLENGE`. If you don't provide a value for
      *   `PREFERRED_CHALLENGE`, Amazon Cognito responds with the `AvailableChallenges` parameter that specifies the
@@ -137,8 +127,7 @@ final class AdminInitiateAuthRequest extends Input
      * - Custom email sender
      * - Custom SMS sender
      *
-     * For more information, see Customizing user pool Workflows with Lambda Triggers [^1] in the *Amazon Cognito Developer
-     * Guide*.
+     * For more information, see Using Lambda triggers [^1] in the *Amazon Cognito Developer Guide*.
      *
      * > When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following:
      * >
@@ -156,16 +145,18 @@ final class AdminInitiateAuthRequest extends Input
     private $clientMetadata;
 
     /**
-     * The analytics metadata for collecting Amazon Pinpoint metrics.
+     * Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID
+     * is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone
+     * number.
      *
      * @var AnalyticsMetadataType|null
      */
     private $analyticsMetadata;
 
     /**
-     * Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito
-     * advanced security evaluates the risk of an authentication event based on the context that your app generates and
-     * passes to Amazon Cognito when it makes API requests.
+     * Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat
+     * protection evaluates the risk of an authentication event based on the context that your app generates and passes to
+     * Amazon Cognito when it makes API requests.
      *
      * For more information, see Collecting data for threat protection in applications [^1].
      *

src/Service/CognitoIdentityProvider/src/Input/AdminRemoveUserFromGroupRequest.php

@@ -19,9 +19,9 @@ final class AdminRemoveUserFromGroupRequest extends Input
     private $userPoolId;
 
     /**
-     * The username of the user that you want to query or modify. The value of this parameter is typically your user's
-     * username, but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this
-     * value must be the `sub` of a local user or the username of a user from a third-party IdP.
+     * The name of the user that you want to query or modify. The value of this parameter is typically your user's username,
+     * but it can be any of their alias attributes. If `username` isn't an alias attribute in your user pool, this value
+     * must be the `sub` of a local user or the username of a user from a third-party IdP.
      *
      * @required
      *