Amazon Cognito Identity Provider
With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party
and in the User pool federation endpoints and hosted UI reference.
This API reference provides detailed information about API operations and object types in Amazon Cognito.
Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.
For more information, see Using the Amazon Cognito user pools API and user pool endpoints
in the Amazon Cognito Developer Guide.
With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in other supported Amazon Web Services SDKs.
To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.
cognitoidentityprovider( config = list(), credentials = list(), endpoint = NULL, region = NULL )
config: Optional configuration of credentials, endpoint, and/or region.
credentials :
creds :
profile : The name of a profile to use. If not given, then the default profile is used.
anonymous : Set anonymous credentials.
endpoint : The complete URL to use for the constructed client.
region : The AWS Region used in instantiating the client.
close_connection : Immediately close all HTTP connections.
timeout : The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.
s3_force_path_style : Set this to true to force the request to use path-style addressing, i.e. http://s3.amazonaws.com/BUCKET/KEY.
sts_regional_endpoint : Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html
credentials: Optional credentials shorthand for the config parameter
creds :
profile : The name of a profile to use. If not given, then the default profile is used.
anonymous : Set anonymous credentials.
endpoint: Optional shorthand for complete URL to use for the constructed client.
region: Optional shorthand for AWS Region used in instantiating the client.
A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.
svc <- cognitoidentityprovider(
config = list(
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string",
close_connection = "logical",
timeout = "numeric",
s3_force_path_style = "logical",
sts_regional_endpoint = "string"
),
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string"
)
| add_custom_attributes | Adds additional user attributes to the user pool schema |
| admin_add_user_to_group | Adds a user to a group |
| admin_confirm_sign_up | Confirms user sign-up as an administrator |
| admin_create_user | Creates a new user in the specified user pool |
| admin_delete_user | Deletes a user profile in your user pool |
| admin_delete_user_attributes | Deletes attribute values from a user |
| admin_disable_provider_for_user | Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP) |
| admin_disable_user | Deactivates a user profile and revokes all access tokens for the user |
| admin_enable_user | Activate sign-in for a user profile that previously had sign-in access disabled |
| admin_forget_device | Forgets, or deletes, a remembered device from a user's profile |
| admin_get_device | Given the device key, returns details for a user' device |
| admin_get_user | Given the username, returns details about a user profile in a user pool |
| admin_initiate_auth | Starts sign-in for applications with a server-side component, for example a traditional web application |
| admin_link_provider_for_user | Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP |
| admin_list_devices | Lists a user's registered devices |
| admin_list_groups_for_user | Lists the groups that a user belongs to |
| admin_list_user_auth_events | Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection |
| admin_remove_user_from_group | Given a username and a group name |
| admin_reset_user_password | Resets the specified user's password in a user pool |
| admin_respond_to_auth_challenge | Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge |
| admin_set_user_mfa_preference | Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred |
| admin_set_user_password | Sets the specified user's password in a user pool |
| admin_set_user_settings | This action is no longer supported |
| admin_update_auth_event_feedback | Provides feedback for an authentication event indicating if it was from a valid user |
| admin_update_device_status | Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication |
| admin_update_user_attributes | This action might generate an SMS text message |
| admin_user_global_sign_out | Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user |
| associate_software_token | Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response |
| change_password | Changes the password for a specified user in a user pool |
| complete_web_authn_registration | Completes registration of a passkey authenticator for the current user |
| confirm_device | Confirms a device that a user wants to remember |
| confirm_forgot_password | This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user |
| confirm_sign_up | This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation |
| create_group | Creates a new group in the specified user pool |
| create_identity_provider | Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool |
| create_managed_login_branding | Creates a new set of branding settings for a user pool style and associates it with an app client |
| create_resource_server | Creates a new OAuth2 |
| create_user_import_job | Creates a user import job |
| create_user_pool | This action might generate an SMS text message |
| create_user_pool_client | Creates an app client in a user pool |
| create_user_pool_domain | A user pool domain hosts managed login, an authorization server and web server for authentication in your application |
| delete_group | Deletes a group from the specified user pool |
| delete_identity_provider | Deletes a user pool identity provider (IdP) |
| delete_managed_login_branding | Deletes a managed login branding style |
| delete_resource_server | Deletes a resource server |
| delete_user | Self-deletes a user profile |
| delete_user_attributes | Self-deletes attributes for a user |
| delete_user_pool | Deletes a user pool |
| delete_user_pool_client | Deletes a user pool app client |
| delete_user_pool_domain | Given a user pool ID and domain identifier, deletes a user pool domain |
| delete_web_authn_credential | Deletes a registered passkey, or webauthN, authenticator for the currently signed-in user |
| describe_identity_provider | Given a user pool ID and identity provider (IdP) name, returns details about the IdP |
| describe_managed_login_branding | Given the ID of a managed login branding style, returns detailed information about the style |
| describe_managed_login_branding_by_client | Given the ID of a user pool app client, returns detailed information about the style assigned to the app client |
| describe_resource_server | Describes a resource server |
| describe_risk_configuration | Given an app client or user pool ID where threat protection is configured, describes the risk configuration |
| describe_user_import_job | Describes a user import job |
| describe_user_pool | Given a user pool ID, returns configuration information |
| describe_user_pool_client | Given an app client ID, returns configuration information |
| describe_user_pool_domain | Given a user pool domain name, returns information about the domain configuration |
| forget_device | Forgets the specified device |
| forgot_password | Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password |
| get_csv_header | Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job |
| get_device | Gets the device |
| get_group | Gets a group |
| get_identity_provider_by_identifier | Gets the specified IdP |
| get_log_delivery_configuration | Gets the logging configuration of a user pool |
| get_signing_certificate | This method takes a user pool ID, and returns the signing certificate |
| get_ui_customization | Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client |
| get_user | Gets the user attributes and metadata for a user |
| get_user_attribute_verification_code | Generates a user attribute verification code for the specified attribute name |
| get_user_auth_factors | Lists the authentication options for the currently signed-in user |
| get_user_pool_mfa_config | Gets the user pool multi-factor authentication (MFA) configuration |
| global_sign_out | Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user |
| initiate_auth | Initiates sign-in for a user in the Amazon Cognito user directory |
| list_devices | Lists the sign-in devices that Amazon Cognito has registered to the current user |
| list_groups | Lists the groups associated with a user pool |
| list_identity_providers | Lists information about all IdPs for a user pool |
| list_resource_servers | Lists the resource servers for a user pool |
| list_tags_for_resource | Lists the tags that are assigned to an Amazon Cognito user pool |
| list_user_import_jobs | Lists user import jobs for a user pool |
| list_user_pool_clients | Lists the clients that have been created for the specified user pool |
| list_user_pools | Lists the user pools associated with an Amazon Web Services account |
| list_users | Lists users and their basic details in a user pool |
| list_users_in_group | Lists the users in the specified group |
| list_web_authn_credentials | Generates a list of the current user's registered passkey, or webauthN, credentials |
| resend_confirmation_code | Resends the confirmation (for confirmation of registration) to a specific user in the user pool |
| respond_to_auth_challenge | Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge |
| revoke_token | Revokes all of the access tokens generated by, and at the same time as, the specified refresh token |
| set_log_delivery_configuration | Sets up or modifies the logging configuration of a user pool |
| set_risk_configuration | Configures actions on detected risks |
| set_ui_customization | Sets the user interface (UI) customization information for a user pool's built-in app UI |
| set_user_mfa_preference | Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred |
| set_user_pool_mfa_config | Sets the user pool multi-factor authentication (MFA) and passkey configuration |
| set_user_settings | This action is no longer supported |
| sign_up | Registers the user in the specified user pool and creates a user name, password, and user attributes |
| start_user_import_job | Starts the user import |
| start_web_authn_registration | Requests credential creation options from your user pool for registration of a passkey authenticator |
| stop_user_import_job | Stops the user import job |
| tag_resource | Assigns a set of tags to an Amazon Cognito user pool |
| untag_resource | Removes the specified tags from an Amazon Cognito user pool |
| update_auth_event_feedback | Provides the feedback for an authentication event, whether it was from a valid user or not |
| update_device_status | Updates the device status |
| update_group | Updates the specified group with the specified attributes |
| update_identity_provider | Updates IdP information for a user pool |
| update_managed_login_branding | Configures the branding settings for a user pool style |
| update_resource_server | Updates the name and scopes of resource server |
| update_user_attributes | With this operation, your users can update one or more of their attributes with their own credentials |
| update_user_pool | This action might generate an SMS text message |
| update_user_pool_client | Updates the specified user pool app client with the specified attributes |
| update_user_pool_domain | A user pool domain hosts managed login, an authorization server and web server for authentication in your application |
| verify_software_token | Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful |
| verify_user_attribute | Verifies the specified user attributes in the user pool |
## Not run: svc <- cognitoidentityprovider() svc$add_custom_attributes( Foo = 123 ) ## End(Not run)
Useful links