Learn R Programming

paws.security.identity (version 0.7.0)

cognitoidentityprovider: Amazon Cognito Identity Provider

Description

With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and hosted UI reference.

This API reference provides detailed information about API operations and object types in Amazon Cognito.

Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.

  1. An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.

  2. A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.

  3. A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.

For more information, see Using the Amazon Cognito user pools API and user pool endpoints in the Amazon Cognito Developer Guide.

With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in other supported Amazon Web Services SDKs.

To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.

Usage

cognitoidentityprovider(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Value

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

  • credentials:

    • creds:

      • access_key_id: AWS access key ID

      • secret_access_key: AWS secret access key

      • session_token: AWS temporary session token

    • profile: The name of a profile to use. If not given, then the default profile is used.

    • anonymous: Set anonymous credentials.

  • endpoint: The complete URL to use for the constructed client.

  • region: The AWS Region used in instantiating the client.

  • close_connection: Immediately close all HTTP connections.

  • timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.

  • s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. http://s3.amazonaws.com/BUCKET/KEY.

  • sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

credentials

Optional credentials shorthand for the config parameter

  • creds:

    • access_key_id: AWS access key ID

    • secret_access_key: AWS secret access key

    • session_token: AWS temporary session token

  • profile: The name of a profile to use. If not given, then the default profile is used.

  • anonymous: Set anonymous credentials.

endpoint

Optional shorthand for complete URL to use for the constructed client.

region

Optional shorthand for AWS Region used in instantiating the client.

Service syntax

svc <- cognitoidentityprovider(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations

add_custom_attributesAdds additional user attributes to the user pool schema
admin_add_user_to_groupAdds a user to a group
admin_confirm_sign_upThis IAM-authenticated API operation confirms user sign-up as an administrator
admin_create_userCreates a new user in the specified user pool
admin_delete_userDeletes a user as an administrator
admin_delete_user_attributesDeletes the user attributes in a user pool as an administrator
admin_disable_provider_for_userPrevents the user from signing in with the specified external (SAML or social) identity provider (IdP)
admin_disable_userDeactivates a user and revokes all access tokens for the user
admin_enable_userEnables the specified user as an administrator
admin_forget_deviceForgets the device, as an administrator
admin_get_deviceGets the device, as an administrator
admin_get_userGets the specified user by user name in a user pool as an administrator
admin_initiate_authInitiates the authentication flow, as an administrator
admin_link_provider_for_userLinks an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP
admin_list_devicesLists devices, as an administrator
admin_list_groups_for_userLists the groups that a user belongs to
admin_list_user_auth_eventsA history of user activity and any risks detected as part of Amazon Cognito advanced security
admin_remove_user_from_groupRemoves the specified user from the specified group
admin_reset_user_passwordResets the specified user's password in a user pool as an administrator
admin_respond_to_auth_challengeSome API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge
admin_set_user_mfa_preferenceThe user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred
admin_set_user_passwordSets the specified user's password in a user pool as an administrator
admin_set_user_settingsThis action is no longer supported
admin_update_auth_event_feedbackProvides feedback for an authentication event indicating if it was from a valid user
admin_update_device_statusUpdates the device status as an administrator
admin_update_user_attributesThis action might generate an SMS text message
admin_user_global_sign_outInvalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user
associate_software_tokenBegins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response
change_passwordChanges the password for a specified user in a user pool
confirm_deviceConfirms tracking of the device
confirm_forgot_passwordAllows a user to enter a confirmation code to reset a forgotten password
confirm_sign_upThis public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation
create_groupCreates a new group in the specified user pool
create_identity_providerAdds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool
create_resource_serverCreates a new OAuth2
create_user_import_jobCreates a user import job
create_user_poolThis action might generate an SMS text message
create_user_pool_clientCreates the user pool client
create_user_pool_domainCreates a new domain for a user pool
delete_groupDeletes a group
delete_identity_providerDeletes an IdP for a user pool
delete_resource_serverDeletes a resource server
delete_userAllows a user to delete their own user profile
delete_user_attributesDeletes the attributes for a user
delete_user_poolDeletes the specified Amazon Cognito user pool
delete_user_pool_clientAllows the developer to delete the user pool client
delete_user_pool_domainDeletes a domain for a user pool
describe_identity_providerGets information about a specific IdP
describe_resource_serverDescribes a resource server
describe_risk_configurationDescribes the risk configuration
describe_user_import_jobDescribes the user import job
describe_user_poolReturns the configuration information and metadata of the specified user pool
describe_user_pool_clientClient method for returning the configuration information and metadata of the specified user pool app client
describe_user_pool_domainGets information about a domain
forget_deviceForgets the specified device
forgot_passwordCalling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password
get_csv_headerGets the header information for the comma-separated value (CSV) file to be used as input for the user import job
get_deviceGets the device
get_groupGets a group
get_identity_provider_by_identifierGets the specified IdP
get_log_delivery_configurationGets the logging configuration of a user pool
get_signing_certificateThis method takes a user pool ID, and returns the signing certificate
get_ui_customizationGets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client
get_userGets the user attributes and metadata for a user
get_user_attribute_verification_codeGenerates a user attribute verification code for the specified attribute name
get_user_pool_mfa_configGets the user pool multi-factor authentication (MFA) configuration
global_sign_outInvalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user
initiate_authInitiates sign-in for a user in the Amazon Cognito user directory
list_devicesLists the sign-in devices that Amazon Cognito has registered to the current user
list_groupsLists the groups associated with a user pool
list_identity_providersLists information about all IdPs for a user pool
list_resource_serversLists the resource servers for a user pool
list_tags_for_resourceLists the tags that are assigned to an Amazon Cognito user pool
list_user_import_jobsLists user import jobs for a user pool
list_user_pool_clientsLists the clients that have been created for the specified user pool
list_user_poolsLists the user pools associated with an Amazon Web Services account
list_usersLists users and their basic details in a user pool
list_users_in_groupLists the users in the specified group
resend_confirmation_codeResends the confirmation (for confirmation of registration) to a specific user in the user pool
respond_to_auth_challengeSome API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge
revoke_tokenRevokes all of the access tokens generated by, and at the same time as, the specified refresh token
set_log_delivery_configurationSets up or modifies the logging configuration of a user pool
set_risk_configurationConfigures actions on detected risks
set_ui_customizationSets the user interface (UI) customization information for a user pool's built-in app UI
set_user_mfa_preferenceSet the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred
set_user_pool_mfa_configSets the user pool multi-factor authentication (MFA) configuration
set_user_settingsThis action is no longer supported
sign_upRegisters the user in the specified user pool and creates a user name, password, and user attributes
start_user_import_jobStarts the user import
stop_user_import_jobStops the user import job
tag_resourceAssigns a set of tags to an Amazon Cognito user pool
untag_resourceRemoves the specified tags from an Amazon Cognito user pool
update_auth_event_feedbackProvides the feedback for an authentication event, whether it was from a valid user or not
update_device_statusUpdates the device status
update_groupUpdates the specified group with the specified attributes
update_identity_providerUpdates IdP information for a user pool
update_resource_serverUpdates the name and scopes of resource server
update_user_attributesWith this operation, your users can update one or more of their attributes with their own credentials
update_user_poolThis action might generate an SMS text message
update_user_pool_clientUpdates the specified user pool app client with the specified attributes
update_user_pool_domainUpdates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool
verify_software_tokenUse this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful
verify_user_attributeVerifies the specified user attributes in the user pool

Examples

Run this code
if (FALSE) {
svc <- cognitoidentityprovider()
# This request submits a value for all possible parameters for
# AdminCreateUser.
svc$admin_create_user(
  DesiredDeliveryMediums = list(
    "SMS"
  ),
  MessageAction = "SUPPRESS",
  TemporaryPassword = "This-is-my-test-99!",
  UserAttributes = list(
    list(
      Name = "name",
      Value = "John"
    ),
    list(
      Name = "phone_number",
      Value = "+12065551212"
    ),
    list(
      Name = "email",
      Value = "testuser@example.com"
    )
  ),
  UserPoolId = "us-east-1_EXAMPLE",
  Username = "testuser"
)
}

Run the code above in your browser using DataLab