2016/10/06 - Amazon Cognito Identity Provider - 1 new 9 updated api methods
Creates a new user in the specified user pool and sends a welcome message via email or phone (SMS). This message is based on a template that you configured in your call to CreateUserPool or UpdateUserPool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Requires developer credentials.
Request Syntax
client.admin_create_user(
UserPoolId='string',
Username='string',
UserAttributes=[
{
'Name': 'string',
'Value': 'string'
},
],
ValidationData=[
{
'Name': 'string',
'Value': 'string'
},
],
TemporaryPassword='string',
ForceAliasCreation=True|False,
MessageAction='RESEND'|'SUPPRESS',
DesiredDeliveryMediums=[
'SMS'|'EMAIL',
]
)
string
[REQUIRED]
The user pool ID for the user pool where the user will be created.
string
[REQUIRED]
The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.
list
An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than Username. However, any attributes that you specify as required (in CreateUserPool or in the Attributes tab of the console) must be supplied either by you (in your call to AdminCreateUser) or by the user (when he or she signs up in response to your welcome message).
To send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.
In your call to AdminCreateUser, you can set the email_verified attribute to True, and you can set the phone_number_verified attribute to True. (You cannot do this by calling other operations such as AdminUpdateUserAttributes.)
email : The email address of the user to whom the message that contains the code and username will be sent. Required if the email_verified attribute is set to True, or if "EMAIL" is specified in the DesiredDeliveryMediums parameter.
phone_number : The phone number of the user to whom the message that contains the code and username will be sent. Required if the phone_number_verified attribute is set to True, or if "SMS" is specified in the DesiredDeliveryMediums parameter.
(dict) --
Specifies whether the attribute is standard or custom.
Name (string) -- [REQUIRED]
The name of the attribute.
Value (string) --
The value of the attribute.
list
The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain.
To configure custom validation, you must create a Pre Sign-up Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process.
The user's validation data is not persisted.
(dict) --
Specifies whether the attribute is standard or custom.
Name (string) -- [REQUIRED]
The name of the attribute.
Value (string) --
The value of the attribute.
string
The user's temporary password. This password must conform to the password policy that you specified when you created the user pool.
The temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary password in the sign-in page along with a new password to be used in all future sign-ins.
This parameter is not required. If you do not specify a value, Amazon Cognito generates one for you.
The temporary password can only be used until the user account expiration limit that you specified when you created the user pool. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.
boolean
This parameter is only used if the phone_number_verified or email_verified attribute is set to True. Otherwise, it is ignored.
If this parameter is set to True and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias.
If this parameter is set to False, the API throws an AliasExistsException error if the alias already exists. The default value is False.
string
Set to "RESEND" to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to "SUPPRESS" to suppress sending the message. Only one value can be specified.
list
Specify "EMAIL" if email will be used to send the welcome message. Specify "SMS" if the phone number will be used. The default value is "SMS". More than one value can be specified.
(string) --
dict
Response Syntax
{
'User': {
'Username': 'string',
'Attributes': [
{
'Name': 'string',
'Value': 'string'
},
],
'UserCreateDate': datetime(2015, 1, 1),
'UserLastModifiedDate': datetime(2015, 1, 1),
'Enabled': True|False,
'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD',
'MFAOptions': [
{
'DeliveryMedium': 'SMS'|'EMAIL',
'AttributeName': 'string'
},
]
}
}
Response Structure
(dict) --
Represents the response from the server to the request to create the user.
User (dict) --
The user returned in the request to create a new user.
Username (string) --
The user name of the user you wish to describe.
Attributes (list) --
A container with information about the user type attributes.
(dict) --
Specifies whether the attribute is standard or custom.
Name (string) --
The name of the attribute.
Value (string) --
The value of the attribute.
UserCreateDate (datetime) --
The creation date of the user.
UserLastModifiedDate (datetime) --
The last modified date of the user.
Enabled (boolean) --
Specifies whether the user is enabled.
UserStatus (string) --
The user status. Can be one of the following:
UNCONFIRMED - User has been created but not confirmed.
CONFIRMED - User has been confirmed.
ARCHIVED - User is no longer active.
COMPROMISED - User is disabled due to a potential security threat.
UNKNOWN - User status is not known.
MFAOptions (list) --
The MFA options for the user.
(dict) --
Specifies the different settings for multi-factor authentication (MFA).
DeliveryMedium (string) --
The delivery medium (email message or SMS message) to send the MFA code.
AttributeName (string) --
The attribute name of the MFA option type.
{'UserStatus': {'FORCE_CHANGE_PASSWORD'}}
Gets the specified user by user name in a user pool as an administrator. Works on any user.
Request Syntax
client.admin_get_user(
UserPoolId='string',
Username='string'
)
string
[REQUIRED]
The user pool ID for the user pool where you want to get information about the user.
string
[REQUIRED]
The user name of the user you wish to retrieve.
dict
Response Syntax
{
'Username': 'string',
'UserAttributes': [
{
'Name': 'string',
'Value': 'string'
},
],
'UserCreateDate': datetime(2015, 1, 1),
'UserLastModifiedDate': datetime(2015, 1, 1),
'Enabled': True|False,
'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD',
'MFAOptions': [
{
'DeliveryMedium': 'SMS'|'EMAIL',
'AttributeName': 'string'
},
]
}
Response Structure
(dict) --
Represents the response from the server from the request to get the specified user as an administrator.
Username (string) --
The user name of the user about whom you are receiving information.
UserAttributes (list) --
An array of name-value pairs representing user attributes.
(dict) --
Specifies whether the attribute is standard or custom.
Name (string) --
The name of the attribute.
Value (string) --
The value of the attribute.
UserCreateDate (datetime) --
The date the user was created.
UserLastModifiedDate (datetime) --
The date the user was last modified.
Enabled (boolean) --
Indicates that the status is enabled.
UserStatus (string) --
The user status. Can be one of the following:
UNCONFIRMED - User has been created but not confirmed.
CONFIRMED - User has been confirmed.
ARCHIVED - User is no longer active.
COMPROMISED - User is disabled due to a potential security threat.
UNKNOWN - User status is not known.
MFAOptions (list) --
Specifies the options for MFA (e.g., email or phone number).
(dict) --
Specifies the different settings for multi-factor authentication (MFA).
DeliveryMedium (string) --
The delivery medium (email message or SMS message) to send the MFA code.
AttributeName (string) --
The attribute name of the MFA option type.
{'ChallengeName': {'NEW_PASSWORD_REQUIRED'}}
Initiates the authentication flow, as an administrator.
Request Syntax
client.admin_initiate_auth(
UserPoolId='string',
ClientId='string',
AuthFlow='USER_SRP_AUTH'|'REFRESH_TOKEN_AUTH'|'REFRESH_TOKEN'|'CUSTOM_AUTH'|'ADMIN_NO_SRP_AUTH',
AuthParameters={
'string': 'string'
},
ClientMetadata={
'string': 'string'
}
)
string
[REQUIRED]
The ID of the Amazon Cognito user pool.
string
[REQUIRED]
The client app ID.
string
[REQUIRED]
The authentication flow.
dict
The authentication parameters.
(string) --
(string) --
dict
The client app metadata.
(string) --
(string) --
dict
Response Syntax
{
'ChallengeName': 'SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
'Session': 'string',
'ChallengeParameters': {
'string': 'string'
},
'AuthenticationResult': {
'AccessToken': 'string',
'ExpiresIn': 123,
'TokenType': 'string',
'RefreshToken': 'string',
'IdToken': 'string',
'NewDeviceMetadata': {
'DeviceKey': 'string',
'DeviceGroupKey': 'string'
}
}
}
Response Structure
(dict) --
Initiates the authentication response, as an administrator.
ChallengeName (string) --
The name of the challenge.
Session (string) --
The session.
ChallengeParameters (dict) --
The challenge parameters.
(string) --
(string) --
AuthenticationResult (dict) --
The result type of the authentication result.
AccessToken (string) --
The access token of the authentication result.
ExpiresIn (integer) --
The expiration period of the authentication result.
TokenType (string) --
The token type of the authentication result.
RefreshToken (string) --
The refresh token of the authentication result.
IdToken (string) --
The ID token of the authentication result.
NewDeviceMetadata (dict) --
The new device metadata from an authentication result.
DeviceKey (string) --
The device key.
DeviceGroupKey (string) --
The device group key.
{'ChallengeName': {'NEW_PASSWORD_REQUIRED'}}
Responds to an authentication challenge, as an administrator.
Request Syntax
client.admin_respond_to_auth_challenge(
UserPoolId='string',
ClientId='string',
ChallengeName='SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
ChallengeResponses={
'string': 'string'
},
Session='string'
)
string
[REQUIRED]
The ID of the Amazon Cognito user pool.
string
[REQUIRED]
The client ID.
string
[REQUIRED]
The name of the challenge.
dict
The challenge response.
(string) --
(string) --
string
The session.
dict
Response Syntax
{
'ChallengeName': 'SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
'Session': 'string',
'ChallengeParameters': {
'string': 'string'
},
'AuthenticationResult': {
'AccessToken': 'string',
'ExpiresIn': 123,
'TokenType': 'string',
'RefreshToken': 'string',
'IdToken': 'string',
'NewDeviceMetadata': {
'DeviceKey': 'string',
'DeviceGroupKey': 'string'
}
}
}
Response Structure
(dict) --
Responds to the authentication challenge, as an administrator.
ChallengeName (string) --
The name of the challenge.
Session (string) --
The session.
ChallengeParameters (dict) --
The challenge parameters.
(string) --
(string) --
AuthenticationResult (dict) --
The result type of the authentication result.
AccessToken (string) --
The access token of the authentication result.
ExpiresIn (integer) --
The expiration period of the authentication result.
TokenType (string) --
The token type of the authentication result.
RefreshToken (string) --
The refresh token of the authentication result.
IdToken (string) --
The ID token of the authentication result.
NewDeviceMetadata (dict) --
The new device metadata from an authentication result.
DeviceKey (string) --
The device key.
DeviceGroupKey (string) --
The device group key.
{'AdminCreateUserConfig': {'AllowAdminCreateUserOnly': 'boolean',
'InviteMessageTemplate': {'EmailMessage': 'string',
'EmailSubject': 'string',
'SMSMessage': 'string'},
'UnusedAccountValidityDays': 'integer'}}
Response {'UserPool': {'AdminCreateUserConfig': {'AllowAdminCreateUserOnly': 'boolean',
'InviteMessageTemplate': {'EmailMessage': 'string',
'EmailSubject': 'string',
'SMSMessage': 'string'},
'UnusedAccountValidityDays': 'integer'}}}
Creates a new Amazon Cognito user pool and sets the password policy for the pool.
Request Syntax
client.create_user_pool(
PoolName='string',
Policies={
'PasswordPolicy': {
'MinimumLength': 123,
'RequireUppercase': True|False,
'RequireLowercase': True|False,
'RequireNumbers': True|False,
'RequireSymbols': True|False
}
},
LambdaConfig={
'PreSignUp': 'string',
'CustomMessage': 'string',
'PostConfirmation': 'string',
'PreAuthentication': 'string',
'PostAuthentication': 'string',
'DefineAuthChallenge': 'string',
'CreateAuthChallenge': 'string',
'VerifyAuthChallengeResponse': 'string'
},
AutoVerifiedAttributes=[
'phone_number'|'email',
],
AliasAttributes=[
'phone_number'|'email'|'preferred_username',
],
SmsVerificationMessage='string',
EmailVerificationMessage='string',
EmailVerificationSubject='string',
SmsAuthenticationMessage='string',
MfaConfiguration='OFF'|'ON'|'OPTIONAL',
DeviceConfiguration={
'ChallengeRequiredOnNewDevice': True|False,
'DeviceOnlyRememberedOnUserPrompt': True|False
},
EmailConfiguration={
'SourceArn': 'string',
'ReplyToEmailAddress': 'string'
},
SmsConfiguration={
'SnsCallerArn': 'string',
'ExternalId': 'string'
},
AdminCreateUserConfig={
'AllowAdminCreateUserOnly': True|False,
'UnusedAccountValidityDays': 123,
'InviteMessageTemplate': {
'SMSMessage': 'string',
'EmailMessage': 'string',
'EmailSubject': 'string'
}
}
)
string
[REQUIRED]
A string used to name the user pool.
dict
The policies associated with the new user pool.
PasswordPolicy (dict) --
A container with information about the user pool password policy.
MinimumLength (integer) --
The minimum length of the password policy that you have set. Cannot be less than 6.
RequireUppercase (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.
RequireLowercase (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.
RequireNumbers (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one number in their password.
RequireSymbols (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.
dict
The Lambda trigger configuration information for the new user pool.
PreSignUp (string) --
A pre-registration AWS Lambda trigger.
CustomMessage (string) --
A custom Message AWS Lambda trigger.
PostConfirmation (string) --
A post-confirmation AWS Lambda trigger.
PreAuthentication (string) --
A pre-authentication AWS Lambda trigger.
PostAuthentication (string) --
A post-authentication AWS Lambda trigger.
DefineAuthChallenge (string) --
Defines the authentication challenge.
CreateAuthChallenge (string) --
Creates an authentication challenge.
VerifyAuthChallengeResponse (string) --
Verifies the authentication challenge response.
list
The attributes to be auto-verified. Possible values: email , phone_number .
(string) --
list
Attributes supported as an alias for this user pool. Possible values: phone_number , email , or preferred_username .
(string) --
string
A string representing the SMS verification message.
string
A string representing the email verification message.
string
A string representing the email verification subject.
string
A string representing the SMS authentication message.
string
Specifies MFA configuration details.
dict
The device configuration.
ChallengeRequiredOnNewDevice (boolean) --
Indicates whether a challenge is required on a new device. Only applicable to a new device.
DeviceOnlyRememberedOnUserPrompt (boolean) --
If true, a device is only remembered on user prompt.
dict
The email configuration.
SourceArn (string) --
The Amazon Resource Name (ARN) of the email source.
ReplyToEmailAddress (string) --
The REPLY-TO email address.
dict
The SMS configuration.
SnsCallerArn (string) --
The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.
ExternalId (string) --
The external ID.
dict
The configuration for AdminCreateUser requests.
AllowAdminCreateUserOnly (boolean) --
Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
UnusedAccountValidityDays (integer) --
The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.
InviteMessageTemplate (dict) --
The message template to be used for the welcome message to new users.
SMSMessage (string) --
The message template for SMS messages.
EmailMessage (string) --
The message template for email messages.
EmailSubject (string) --
The subject line for email messages.
dict
Response Syntax
{
'UserPool': {
'Id': 'string',
'Name': 'string',
'Policies': {
'PasswordPolicy': {
'MinimumLength': 123,
'RequireUppercase': True|False,
'RequireLowercase': True|False,
'RequireNumbers': True|False,
'RequireSymbols': True|False
}
},
'LambdaConfig': {
'PreSignUp': 'string',
'CustomMessage': 'string',
'PostConfirmation': 'string',
'PreAuthentication': 'string',
'PostAuthentication': 'string',
'DefineAuthChallenge': 'string',
'CreateAuthChallenge': 'string',
'VerifyAuthChallengeResponse': 'string'
},
'Status': 'Enabled'|'Disabled',
'LastModifiedDate': datetime(2015, 1, 1),
'CreationDate': datetime(2015, 1, 1),
'SchemaAttributes': [
{
'Name': 'string',
'AttributeDataType': 'String'|'Number'|'DateTime'|'Boolean',
'DeveloperOnlyAttribute': True|False,
'Mutable': True|False,
'Required': True|False,
'NumberAttributeConstraints': {
'MinValue': 'string',
'MaxValue': 'string'
},
'StringAttributeConstraints': {
'MinLength': 'string',
'MaxLength': 'string'
}
},
],
'AutoVerifiedAttributes': [
'phone_number'|'email',
],
'AliasAttributes': [
'phone_number'|'email'|'preferred_username',
],
'SmsVerificationMessage': 'string',
'EmailVerificationMessage': 'string',
'EmailVerificationSubject': 'string',
'SmsAuthenticationMessage': 'string',
'MfaConfiguration': 'OFF'|'ON'|'OPTIONAL',
'DeviceConfiguration': {
'ChallengeRequiredOnNewDevice': True|False,
'DeviceOnlyRememberedOnUserPrompt': True|False
},
'EstimatedNumberOfUsers': 123,
'EmailConfiguration': {
'SourceArn': 'string',
'ReplyToEmailAddress': 'string'
},
'SmsConfiguration': {
'SnsCallerArn': 'string',
'ExternalId': 'string'
},
'SmsConfigurationFailure': 'string',
'EmailConfigurationFailure': 'string',
'AdminCreateUserConfig': {
'AllowAdminCreateUserOnly': True|False,
'UnusedAccountValidityDays': 123,
'InviteMessageTemplate': {
'SMSMessage': 'string',
'EmailMessage': 'string',
'EmailSubject': 'string'
}
}
}
}
Response Structure
(dict) --
Represents the response from the server for the request to create a user pool.
UserPool (dict) --
A container for the user pool details.
Id (string) --
The ID of the user pool.
Name (string) --
The name of the user pool.
Policies (dict) --
A container describing the policies associated with a user pool.
PasswordPolicy (dict) --
A container with information about the user pool password policy.
MinimumLength (integer) --
The minimum length of the password policy that you have set. Cannot be less than 6.
RequireUppercase (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.
RequireLowercase (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.
RequireNumbers (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one number in their password.
RequireSymbols (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.
LambdaConfig (dict) --
A container describing the AWS Lambda triggers associated with a user pool.
PreSignUp (string) --
A pre-registration AWS Lambda trigger.
CustomMessage (string) --
A custom Message AWS Lambda trigger.
PostConfirmation (string) --
A post-confirmation AWS Lambda trigger.
PreAuthentication (string) --
A pre-authentication AWS Lambda trigger.
PostAuthentication (string) --
A post-authentication AWS Lambda trigger.
DefineAuthChallenge (string) --
Defines the authentication challenge.
CreateAuthChallenge (string) --
Creates an authentication challenge.
VerifyAuthChallengeResponse (string) --
Verifies the authentication challenge response.
Status (string) --
The status of a user pool.
LastModifiedDate (datetime) --
The last modified date of a user pool.
CreationDate (datetime) --
The creation date of a user pool.
SchemaAttributes (list) --
A container with the schema attributes of a user pool.
(dict) --
Contains information about the schema attribute.
Name (string) --
A schema attribute of the name type.
AttributeDataType (string) --
The attribute data type.
DeveloperOnlyAttribute (boolean) --
Specifies whether the attribute type is developer only.
Mutable (boolean) --
Specifies whether the attribute can be changed once it has been created.
Required (boolean) --
Specifies whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
NumberAttributeConstraints (dict) --
Specifies the constraints for an attribute of the number type.
MinValue (string) --
The minimum value of an attribute that is of the number data type.
MaxValue (string) --
The maximum value of an attribute that is of the number data type.
StringAttributeConstraints (dict) --
Specifies the constraints for an attribute of the string type.
MinLength (string) --
The minimum length of an attribute value of the string type.
MaxLength (string) --
The maximum length of an attribute value of the string type.
AutoVerifiedAttributes (list) --
Specifies the attributes that are auto-verified in a user pool.
(string) --
AliasAttributes (list) --
Specifies the attributes that are aliased in a user pool.
(string) --
SmsVerificationMessage (string) --
The contents of the SMS verification message.
EmailVerificationMessage (string) --
The contents of the email verification message.
EmailVerificationSubject (string) --
The subject of the email verification message.
SmsAuthenticationMessage (string) --
The contents of the SMS authentication message.
MfaConfiguration (string) --
Can be one of the following values:
OFF - MFA tokens are not required and cannot be specified during user registration.
ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.
OPTIONAL - Users have the option when registering to create an MFA token.
DeviceConfiguration (dict) --
The device configuration.
ChallengeRequiredOnNewDevice (boolean) --
Indicates whether a challenge is required on a new device. Only applicable to a new device.
DeviceOnlyRememberedOnUserPrompt (boolean) --
If true, a device is only remembered on user prompt.
EstimatedNumberOfUsers (integer) --
A number estimating the size of the user pool.
EmailConfiguration (dict) --
The email configuration.
SourceArn (string) --
The Amazon Resource Name (ARN) of the email source.
ReplyToEmailAddress (string) --
The REPLY-TO email address.
SmsConfiguration (dict) --
The SMS configuration.
SnsCallerArn (string) --
The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.
ExternalId (string) --
The external ID.
SmsConfigurationFailure (string) --
The reason why the SMS configuration cannot send the message(s) to your users.
EmailConfigurationFailure (string) --
The reason why the email configuration cannot send the messages to your users.
AdminCreateUserConfig (dict) --
The configuration for AdminCreateUser requests.
AllowAdminCreateUserOnly (boolean) --
Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
UnusedAccountValidityDays (integer) --
The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.
InviteMessageTemplate (dict) --
The message template to be used for the welcome message to new users.
SMSMessage (string) --
The message template for SMS messages.
EmailMessage (string) --
The message template for email messages.
EmailSubject (string) --
The subject line for email messages.
{'UserPool': {'AdminCreateUserConfig': {'AllowAdminCreateUserOnly': 'boolean',
'InviteMessageTemplate': {'EmailMessage': 'string',
'EmailSubject': 'string',
'SMSMessage': 'string'},
'UnusedAccountValidityDays': 'integer'}}}
Returns the configuration information and metadata of the specified user pool.
Request Syntax
client.describe_user_pool(
UserPoolId='string'
)
string
[REQUIRED]
The user pool ID for the user pool you want to describe.
dict
Response Syntax
{
'UserPool': {
'Id': 'string',
'Name': 'string',
'Policies': {
'PasswordPolicy': {
'MinimumLength': 123,
'RequireUppercase': True|False,
'RequireLowercase': True|False,
'RequireNumbers': True|False,
'RequireSymbols': True|False
}
},
'LambdaConfig': {
'PreSignUp': 'string',
'CustomMessage': 'string',
'PostConfirmation': 'string',
'PreAuthentication': 'string',
'PostAuthentication': 'string',
'DefineAuthChallenge': 'string',
'CreateAuthChallenge': 'string',
'VerifyAuthChallengeResponse': 'string'
},
'Status': 'Enabled'|'Disabled',
'LastModifiedDate': datetime(2015, 1, 1),
'CreationDate': datetime(2015, 1, 1),
'SchemaAttributes': [
{
'Name': 'string',
'AttributeDataType': 'String'|'Number'|'DateTime'|'Boolean',
'DeveloperOnlyAttribute': True|False,
'Mutable': True|False,
'Required': True|False,
'NumberAttributeConstraints': {
'MinValue': 'string',
'MaxValue': 'string'
},
'StringAttributeConstraints': {
'MinLength': 'string',
'MaxLength': 'string'
}
},
],
'AutoVerifiedAttributes': [
'phone_number'|'email',
],
'AliasAttributes': [
'phone_number'|'email'|'preferred_username',
],
'SmsVerificationMessage': 'string',
'EmailVerificationMessage': 'string',
'EmailVerificationSubject': 'string',
'SmsAuthenticationMessage': 'string',
'MfaConfiguration': 'OFF'|'ON'|'OPTIONAL',
'DeviceConfiguration': {
'ChallengeRequiredOnNewDevice': True|False,
'DeviceOnlyRememberedOnUserPrompt': True|False
},
'EstimatedNumberOfUsers': 123,
'EmailConfiguration': {
'SourceArn': 'string',
'ReplyToEmailAddress': 'string'
},
'SmsConfiguration': {
'SnsCallerArn': 'string',
'ExternalId': 'string'
},
'SmsConfigurationFailure': 'string',
'EmailConfigurationFailure': 'string',
'AdminCreateUserConfig': {
'AllowAdminCreateUserOnly': True|False,
'UnusedAccountValidityDays': 123,
'InviteMessageTemplate': {
'SMSMessage': 'string',
'EmailMessage': 'string',
'EmailSubject': 'string'
}
}
}
}
Response Structure
(dict) --
Represents the response to describe the user pool.
UserPool (dict) --
The container of metadata returned by the server to describe the pool.
Id (string) --
The ID of the user pool.
Name (string) --
The name of the user pool.
Policies (dict) --
A container describing the policies associated with a user pool.
PasswordPolicy (dict) --
A container with information about the user pool password policy.
MinimumLength (integer) --
The minimum length of the password policy that you have set. Cannot be less than 6.
RequireUppercase (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.
RequireLowercase (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.
RequireNumbers (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one number in their password.
RequireSymbols (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.
LambdaConfig (dict) --
A container describing the AWS Lambda triggers associated with a user pool.
PreSignUp (string) --
A pre-registration AWS Lambda trigger.
CustomMessage (string) --
A custom Message AWS Lambda trigger.
PostConfirmation (string) --
A post-confirmation AWS Lambda trigger.
PreAuthentication (string) --
A pre-authentication AWS Lambda trigger.
PostAuthentication (string) --
A post-authentication AWS Lambda trigger.
DefineAuthChallenge (string) --
Defines the authentication challenge.
CreateAuthChallenge (string) --
Creates an authentication challenge.
VerifyAuthChallengeResponse (string) --
Verifies the authentication challenge response.
Status (string) --
The status of a user pool.
LastModifiedDate (datetime) --
The last modified date of a user pool.
CreationDate (datetime) --
The creation date of a user pool.
SchemaAttributes (list) --
A container with the schema attributes of a user pool.
(dict) --
Contains information about the schema attribute.
Name (string) --
A schema attribute of the name type.
AttributeDataType (string) --
The attribute data type.
DeveloperOnlyAttribute (boolean) --
Specifies whether the attribute type is developer only.
Mutable (boolean) --
Specifies whether the attribute can be changed once it has been created.
Required (boolean) --
Specifies whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
NumberAttributeConstraints (dict) --
Specifies the constraints for an attribute of the number type.
MinValue (string) --
The minimum value of an attribute that is of the number data type.
MaxValue (string) --
The maximum value of an attribute that is of the number data type.
StringAttributeConstraints (dict) --
Specifies the constraints for an attribute of the string type.
MinLength (string) --
The minimum length of an attribute value of the string type.
MaxLength (string) --
The maximum length of an attribute value of the string type.
AutoVerifiedAttributes (list) --
Specifies the attributes that are auto-verified in a user pool.
(string) --
AliasAttributes (list) --
Specifies the attributes that are aliased in a user pool.
(string) --
SmsVerificationMessage (string) --
The contents of the SMS verification message.
EmailVerificationMessage (string) --
The contents of the email verification message.
EmailVerificationSubject (string) --
The subject of the email verification message.
SmsAuthenticationMessage (string) --
The contents of the SMS authentication message.
MfaConfiguration (string) --
Can be one of the following values:
OFF - MFA tokens are not required and cannot be specified during user registration.
ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.
OPTIONAL - Users have the option when registering to create an MFA token.
DeviceConfiguration (dict) --
The device configuration.
ChallengeRequiredOnNewDevice (boolean) --
Indicates whether a challenge is required on a new device. Only applicable to a new device.
DeviceOnlyRememberedOnUserPrompt (boolean) --
If true, a device is only remembered on user prompt.
EstimatedNumberOfUsers (integer) --
A number estimating the size of the user pool.
EmailConfiguration (dict) --
The email configuration.
SourceArn (string) --
The Amazon Resource Name (ARN) of the email source.
ReplyToEmailAddress (string) --
The REPLY-TO email address.
SmsConfiguration (dict) --
The SMS configuration.
SnsCallerArn (string) --
The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.
ExternalId (string) --
The external ID.
SmsConfigurationFailure (string) --
The reason why the SMS configuration cannot send the message(s) to your users.
EmailConfigurationFailure (string) --
The reason why the email configuration cannot send the messages to your users.
AdminCreateUserConfig (dict) --
The configuration for AdminCreateUser requests.
AllowAdminCreateUserOnly (boolean) --
Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
UnusedAccountValidityDays (integer) --
The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.
InviteMessageTemplate (dict) --
The message template to be used for the welcome message to new users.
SMSMessage (string) --
The message template for SMS messages.
EmailMessage (string) --
The message template for email messages.
EmailSubject (string) --
The subject line for email messages.
{'ChallengeName': {'NEW_PASSWORD_REQUIRED'}}
Initiates the authentication flow.
Request Syntax
client.initiate_auth(
AuthFlow='USER_SRP_AUTH'|'REFRESH_TOKEN_AUTH'|'REFRESH_TOKEN'|'CUSTOM_AUTH'|'ADMIN_NO_SRP_AUTH',
AuthParameters={
'string': 'string'
},
ClientMetadata={
'string': 'string'
},
ClientId='string'
)
string
[REQUIRED]
The authentication flow.
dict
The authentication parameters.
(string) --
(string) --
dict
The client app's metadata.
(string) --
(string) --
string
[REQUIRED]
The client ID.
dict
Response Syntax
{
'ChallengeName': 'SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
'Session': 'string',
'ChallengeParameters': {
'string': 'string'
},
'AuthenticationResult': {
'AccessToken': 'string',
'ExpiresIn': 123,
'TokenType': 'string',
'RefreshToken': 'string',
'IdToken': 'string',
'NewDeviceMetadata': {
'DeviceKey': 'string',
'DeviceGroupKey': 'string'
}
}
}
Response Structure
(dict) --
Initiates the authentication response.
ChallengeName (string) --
The name of the challenge.
Session (string) --
The session.
ChallengeParameters (dict) --
The challenge parameters.
(string) --
(string) --
AuthenticationResult (dict) --
The result type of the authentication result.
AccessToken (string) --
The access token of the authentication result.
ExpiresIn (integer) --
The expiration period of the authentication result.
TokenType (string) --
The token type of the authentication result.
RefreshToken (string) --
The refresh token of the authentication result.
IdToken (string) --
The ID token of the authentication result.
NewDeviceMetadata (dict) --
The new device metadata from an authentication result.
DeviceKey (string) --
The device key.
DeviceGroupKey (string) --
The device group key.
{'Users': {'MFAOptions': [{'AttributeName': 'string',
'DeliveryMedium': 'SMS | EMAIL'}],
'UserStatus': {'FORCE_CHANGE_PASSWORD'}}}
Lists the users in the Amazon Cognito user pool.
Request Syntax
client.list_users(
UserPoolId='string',
AttributesToGet=[
'string',
],
Limit=123,
PaginationToken='string',
Filter='string'
)
string
[REQUIRED]
The user pool ID for which you want to list users.
list
The attributes to get from the request to list users.
(string) --
integer
The limit of the request to list users.
string
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
string
The filter for the list users request.
dict
Response Syntax
{
'Users': [
{
'Username': 'string',
'Attributes': [
{
'Name': 'string',
'Value': 'string'
},
],
'UserCreateDate': datetime(2015, 1, 1),
'UserLastModifiedDate': datetime(2015, 1, 1),
'Enabled': True|False,
'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD',
'MFAOptions': [
{
'DeliveryMedium': 'SMS'|'EMAIL',
'AttributeName': 'string'
},
]
},
],
'PaginationToken': 'string'
}
Response Structure
(dict) --
The response from the request to list users.
Users (list) --
The users returned in the request to list users.
(dict) --
The user type.
Username (string) --
The user name of the user you wish to describe.
Attributes (list) --
A container with information about the user type attributes.
(dict) --
Specifies whether the attribute is standard or custom.
Name (string) --
The name of the attribute.
Value (string) --
The value of the attribute.
UserCreateDate (datetime) --
The creation date of the user.
UserLastModifiedDate (datetime) --
The last modified date of the user.
Enabled (boolean) --
Specifies whether the user is enabled.
UserStatus (string) --
The user status. Can be one of the following:
UNCONFIRMED - User has been created but not confirmed.
CONFIRMED - User has been confirmed.
ARCHIVED - User is no longer active.
COMPROMISED - User is disabled due to a potential security threat.
UNKNOWN - User status is not known.
MFAOptions (list) --
The MFA options for the user.
(dict) --
Specifies the different settings for multi-factor authentication (MFA).
DeliveryMedium (string) --
The delivery medium (email message or SMS message) to send the MFA code.
AttributeName (string) --
The attribute name of the MFA option type.
PaginationToken (string) --
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
{'ChallengeName': {'NEW_PASSWORD_REQUIRED'}}
Responds to the authentication challenge.
Request Syntax
client.respond_to_auth_challenge(
ClientId='string',
ChallengeName='SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
Session='string',
ChallengeResponses={
'string': 'string'
}
)
string
[REQUIRED]
The client ID.
string
[REQUIRED]
The name of the challenge.
string
The session.
dict
The responses to the authentication challenge.
(string) --
(string) --
dict
Response Syntax
{
'ChallengeName': 'SMS_MFA'|'PASSWORD_VERIFIER'|'CUSTOM_CHALLENGE'|'DEVICE_SRP_AUTH'|'DEVICE_PASSWORD_VERIFIER'|'ADMIN_NO_SRP_AUTH'|'NEW_PASSWORD_REQUIRED',
'Session': 'string',
'ChallengeParameters': {
'string': 'string'
},
'AuthenticationResult': {
'AccessToken': 'string',
'ExpiresIn': 123,
'TokenType': 'string',
'RefreshToken': 'string',
'IdToken': 'string',
'NewDeviceMetadata': {
'DeviceKey': 'string',
'DeviceGroupKey': 'string'
}
}
}
Response Structure
(dict) --
The response to respond to the authentication challenge.
ChallengeName (string) --
The challenge name.
Session (string) --
The session.
ChallengeParameters (dict) --
The challenge parameters.
(string) --
(string) --
AuthenticationResult (dict) --
The result type of the authentication result.
AccessToken (string) --
The access token of the authentication result.
ExpiresIn (integer) --
The expiration period of the authentication result.
TokenType (string) --
The token type of the authentication result.
RefreshToken (string) --
The refresh token of the authentication result.
IdToken (string) --
The ID token of the authentication result.
NewDeviceMetadata (dict) --
The new device metadata from an authentication result.
DeviceKey (string) --
The device key.
DeviceGroupKey (string) --
The device group key.
{'AdminCreateUserConfig': {'AllowAdminCreateUserOnly': 'boolean',
'InviteMessageTemplate': {'EmailMessage': 'string',
'EmailSubject': 'string',
'SMSMessage': 'string'},
'UnusedAccountValidityDays': 'integer'}}
Updates the specified user pool with the specified attributes.
Request Syntax
client.update_user_pool(
UserPoolId='string',
Policies={
'PasswordPolicy': {
'MinimumLength': 123,
'RequireUppercase': True|False,
'RequireLowercase': True|False,
'RequireNumbers': True|False,
'RequireSymbols': True|False
}
},
LambdaConfig={
'PreSignUp': 'string',
'CustomMessage': 'string',
'PostConfirmation': 'string',
'PreAuthentication': 'string',
'PostAuthentication': 'string',
'DefineAuthChallenge': 'string',
'CreateAuthChallenge': 'string',
'VerifyAuthChallengeResponse': 'string'
},
AutoVerifiedAttributes=[
'phone_number'|'email',
],
SmsVerificationMessage='string',
EmailVerificationMessage='string',
EmailVerificationSubject='string',
SmsAuthenticationMessage='string',
MfaConfiguration='OFF'|'ON'|'OPTIONAL',
DeviceConfiguration={
'ChallengeRequiredOnNewDevice': True|False,
'DeviceOnlyRememberedOnUserPrompt': True|False
},
EmailConfiguration={
'SourceArn': 'string',
'ReplyToEmailAddress': 'string'
},
SmsConfiguration={
'SnsCallerArn': 'string',
'ExternalId': 'string'
},
AdminCreateUserConfig={
'AllowAdminCreateUserOnly': True|False,
'UnusedAccountValidityDays': 123,
'InviteMessageTemplate': {
'SMSMessage': 'string',
'EmailMessage': 'string',
'EmailSubject': 'string'
}
}
)
string
[REQUIRED]
The user pool ID for the user pool you want to update.
dict
A container with the policies you wish to update in a user pool.
PasswordPolicy (dict) --
A container with information about the user pool password policy.
MinimumLength (integer) --
The minimum length of the password policy that you have set. Cannot be less than 6.
RequireUppercase (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.
RequireLowercase (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.
RequireNumbers (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one number in their password.
RequireSymbols (boolean) --
In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.
dict
The AWS Lambda configuration information from the request to update the user pool.
PreSignUp (string) --
A pre-registration AWS Lambda trigger.
CustomMessage (string) --
A custom Message AWS Lambda trigger.
PostConfirmation (string) --
A post-confirmation AWS Lambda trigger.
PreAuthentication (string) --
A pre-authentication AWS Lambda trigger.
PostAuthentication (string) --
A post-authentication AWS Lambda trigger.
DefineAuthChallenge (string) --
Defines the authentication challenge.
CreateAuthChallenge (string) --
Creates an authentication challenge.
VerifyAuthChallengeResponse (string) --
Verifies the authentication challenge response.
list
The attributes that are automatically verified when the Amazon Cognito service makes a request to update user pools.
(string) --
string
A container with information about the SMS verification message.
string
The contents of the email verification message.
string
The subject of the email verfication message.
string
The contents of the SMS authentication message.
string
Can be one of the following values:
OFF - MFA tokens are not required and cannot be specified during user registration.
ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.
OPTIONAL - Users have the option when registering to create an MFA token.
dict
Device configuration.
ChallengeRequiredOnNewDevice (boolean) --
Indicates whether a challenge is required on a new device. Only applicable to a new device.
DeviceOnlyRememberedOnUserPrompt (boolean) --
If true, a device is only remembered on user prompt.
dict
Email configuration.
SourceArn (string) --
The Amazon Resource Name (ARN) of the email source.
ReplyToEmailAddress (string) --
The REPLY-TO email address.
dict
SMS configuration.
SnsCallerArn (string) --
The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.
ExternalId (string) --
The external ID.
dict
The configuration for AdminCreateUser requests.
AllowAdminCreateUserOnly (boolean) --
Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
UnusedAccountValidityDays (integer) --
The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction parameter.
InviteMessageTemplate (dict) --
The message template to be used for the welcome message to new users.
SMSMessage (string) --
The message template for SMS messages.
EmailMessage (string) --
The message template for email messages.
EmailSubject (string) --
The subject line for email messages.
dict
Response Syntax
{}
Response Structure
(dict) --
Represents the response from the server when you make a request to update the user pool.