With the Amazon Cognito user pools API, you can set up user pools and app clients, and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users in the Using the Amazon Cognito user pools API and user pool endpoints.
This API reference provides detailed information about API operations and object types in Amazon Cognito. At the bottom of the page for each API operation and object, under See Also, you can learn how to use it in an Amazon Web Services SDK in the language of your choice.
Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side user operations. For more information, see Using the Amazon Cognito native and OIDC APIs in the Amazon Cognito Developer Guide.
You can also start reading about the CognitoIdentityProvider client in
the following SDK guides.
To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.
cognitoidentityprovider(
config = list(),
credentials = list(),
endpoint = NULL,
region = NULL
)A client for the service. You can call the service's operations using
syntax like svc$operation(...), where svc is the name you've assigned
to the client. The available operations are listed in the
Operations section.
Optional configuration of credentials, endpoint, and/or region.
credentials:
creds:
access_key_id: AWS access key ID
secret_access_key: AWS secret access key
session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.
endpoint: The complete URL to use for the constructed client.
region: The AWS Region used in instantiating the client.
close_connection: Immediately close all HTTP connections.
timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.
s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. http://s3.amazonaws.com/BUCKET/KEY.
sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html
Optional credentials shorthand for the config parameter
creds:
access_key_id: AWS access key ID
secret_access_key: AWS secret access key
session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.
Optional shorthand for complete URL to use for the constructed client.
Optional shorthand for AWS Region used in instantiating the client.
svc <- cognitoidentityprovider(
config = list(
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string",
close_connection = "logical",
timeout = "numeric",
s3_force_path_style = "logical",
sts_regional_endpoint = "string"
),
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string"
)
| add_custom_attributes | Adds additional user attributes to the user pool schema |
| admin_add_user_to_group | Adds the specified user to the specified group |
| admin_confirm_sign_up | Confirms user registration as an admin without using a confirmation code |
| admin_create_user | Creates a new user in the specified user pool |
| admin_delete_user | Deletes a user as an administrator |
| admin_delete_user_attributes | Deletes the user attributes in a user pool as an administrator |
| admin_disable_provider_for_user | Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP) |
| admin_disable_user | Deactivates a user and revokes all access tokens for the user |
| admin_enable_user | Enables the specified user as an administrator |
| admin_forget_device | Forgets the device, as an administrator |
| admin_get_device | Gets the device, as an administrator |
| admin_get_user | Gets the specified user by user name in a user pool as an administrator |
| admin_initiate_auth | Initiates the authentication flow, as an administrator |
| admin_link_provider_for_user | Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP |
| admin_list_devices | Lists devices, as an administrator |
| admin_list_groups_for_user | Lists the groups that the user belongs to |
| admin_list_user_auth_events | A history of user activity and any risks detected as part of Amazon Cognito advanced security |
| admin_remove_user_from_group | Removes the specified user from the specified group |
| admin_reset_user_password | Resets the specified user's password in a user pool as an administrator |
| admin_respond_to_auth_challenge | Responds to an authentication challenge, as an administrator |
| admin_set_user_mfa_preference | The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred |
| admin_set_user_password | Sets the specified user's password in a user pool as an administrator |
| admin_set_user_settings | This action is no longer supported |
| admin_update_auth_event_feedback | Provides feedback for an authentication event indicating if it was from a valid user |
| admin_update_device_status | Updates the device status as an administrator |
| admin_update_user_attributes | This action might generate an SMS text message |
| admin_user_global_sign_out | Signs out a user from all devices |
| associate_software_token | Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response |
| change_password | Changes the password for a specified user in a user pool |
| confirm_device | Confirms tracking of the device |
| confirm_forgot_password | Allows a user to enter a confirmation code to reset a forgotten password |
| confirm_sign_up | Confirms registration of a new user |
| create_group | Creates a new group in the specified user pool |
| create_identity_provider | Creates an IdP for a user pool |
| create_resource_server | Creates a new OAuth2 |
| create_user_import_job | Creates a user import job |
| create_user_pool | This action might generate an SMS text message |
| create_user_pool_client | Creates the user pool client |
| create_user_pool_domain | Creates a new domain for a user pool |
| delete_group | Deletes a group |
| delete_identity_provider | Deletes an IdP for a user pool |
| delete_resource_server | Deletes a resource server |
| delete_user | Allows a user to delete their own user profile |
| delete_user_attributes | Deletes the attributes for a user |
| delete_user_pool | Deletes the specified Amazon Cognito user pool |
| delete_user_pool_client | Allows the developer to delete the user pool client |
| delete_user_pool_domain | Deletes a domain for a user pool |
| describe_identity_provider | Gets information about a specific IdP |
| describe_resource_server | Describes a resource server |
| describe_risk_configuration | Describes the risk configuration |
| describe_user_import_job | Describes the user import job |
| describe_user_pool | Returns the configuration information and metadata of the specified user pool |
| describe_user_pool_client | Client method for returning the configuration information and metadata of the specified user pool app client |
| describe_user_pool_domain | Gets information about a domain |
| forget_device | Forgets the specified device |
| forgot_password | Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password |
| get_csv_header | Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job |
| get_device | Gets the device |
| get_group | Gets a group |
| get_identity_provider_by_identifier | Gets the specified IdP |
| get_log_delivery_configuration | Gets the detailed activity logging configuration for a user pool |
| get_signing_certificate | This method takes a user pool ID, and returns the signing certificate |
| get_ui_customization | Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client |
| get_user | Gets the user attributes and metadata for a user |
| get_user_attribute_verification_code | Generates a user attribute verification code for the specified attribute name |
| get_user_pool_mfa_config | Gets the user pool multi-factor authentication (MFA) configuration |
| global_sign_out | Signs out a user from all devices |
| initiate_auth | Initiates sign-in for a user in the Amazon Cognito user directory |
| list_devices | Lists the sign-in devices that Amazon Cognito has registered to the current user |
| list_groups | Lists the groups associated with a user pool |
| list_identity_providers | Lists information about all IdPs for a user pool |
| list_resource_servers | Lists the resource servers for a user pool |
| list_tags_for_resource | Lists the tags that are assigned to an Amazon Cognito user pool |
| list_user_import_jobs | Lists user import jobs for a user pool |
| list_user_pool_clients | Lists the clients that have been created for the specified user pool |
| list_user_pools | Lists the user pools associated with an Amazon Web Services account |
| list_users | Lists users and their basic details in a user pool |
| list_users_in_group | Lists the users in the specified group |
| resend_confirmation_code | Resends the confirmation (for confirmation of registration) to a specific user in the user pool |
| respond_to_auth_challenge | Responds to the authentication challenge |
| revoke_token | Revokes all of the access tokens generated by, and at the same time as, the specified refresh token |
| set_log_delivery_configuration | Sets up or modifies the detailed activity logging configuration of a user pool |
| set_risk_configuration | Configures actions on detected risks |
| set_ui_customization | Sets the user interface (UI) customization information for a user pool's built-in app UI |
| set_user_mfa_preference | Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred |
| set_user_pool_mfa_config | Sets the user pool multi-factor authentication (MFA) configuration |
| set_user_settings | This action is no longer supported |
| sign_up | Registers the user in the specified user pool and creates a user name, password, and user attributes |
| start_user_import_job | Starts the user import |
| stop_user_import_job | Stops the user import job |
| tag_resource | Assigns a set of tags to an Amazon Cognito user pool |
| untag_resource | Removes the specified tags from an Amazon Cognito user pool |
| update_auth_event_feedback | Provides the feedback for an authentication event, whether it was from a valid user or not |
| update_device_status | Updates the device status |
| update_group | Updates the specified group with the specified attributes |
| update_identity_provider | Updates IdP information for a user pool |
| update_resource_server | Updates the name and scopes of resource server |
| update_user_attributes | Allows a user to update a specific attribute (one at a time) |
| update_user_pool | This action might generate an SMS text message |
| update_user_pool_client | Updates the specified user pool app client with the specified attributes |
| update_user_pool_domain | Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool |
| verify_software_token | Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful |
| verify_user_attribute | Verifies the specified user attributes in the user pool |
if (FALSE) {
svc <- cognitoidentityprovider()
# This request submits a value for all possible parameters for
# AdminCreateUser.
svc$admin_create_user(
DesiredDeliveryMediums = list(
"SMS"
),
MessageAction = "SUPPRESS",
TemporaryPassword = "This-is-my-test-99!",
UserAttributes = list(
list(
Name = "name",
Value = "John"
),
list(
Name = "phone_number",
Value = "+12065551212"
),
list(
Name = "email",
Value = "testuser@example.com"
)
),
UserPoolId = "us-east-1_EXAMPLE",
Username = "testuser"
)
}
Run the code above in your browser using DataLab