Skip to content

Client

cognitoidentityprovider R Documentation

Amazon Cognito Identity Provider

Description

With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and hosted UI reference.

This API reference provides detailed information about API operations and object types in Amazon Cognito.

Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.

  1. An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.

  2. A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.

  3. A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.

For more information, see Using the Amazon Cognito user pools API and user pool endpoints in the Amazon Cognito Developer Guide.

With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in other supported Amazon Web Services SDKs.

To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.

Usage

cognitoidentityprovider(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

  • credentials:

    • creds:

      • access_key_id: AWS access key ID

      • secret_access_key: AWS secret access key

      • session_token: AWS temporary session token

    • profile: The name of a profile to use. If not given, then the default profile is used.

    • anonymous: Set anonymous credentials.

  • endpoint: The complete URL to use for the constructed client.

  • region: The AWS Region used in instantiating the client.

  • close_connection: Immediately close all HTTP connections.

  • timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.

  • s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. ⁠http://s3.amazonaws.com/BUCKET/KEY⁠.

  • sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

credentials

Optional credentials shorthand for the config parameter

  • creds:

    • access_key_id: AWS access key ID

    • secret_access_key: AWS secret access key

    • session_token: AWS temporary session token

  • profile: The name of a profile to use. If not given, then the default profile is used.

  • anonymous: Set anonymous credentials.

endpoint

Optional shorthand for complete URL to use for the constructed client.

region

Optional shorthand for AWS Region used in instantiating the client.

Value

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Service syntax

svc <- cognitoidentityprovider(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations

add_custom_attributes
Adds additional user attributes to the user pool schema
admin_add_user_to_group
Adds a user to a group
admin_confirm_sign_up
This IAM-authenticated API operation confirms user sign-up as an administrator
admin_create_user
Creates a new user in the specified user pool
admin_delete_user
Deletes a user as an administrator
admin_delete_user_attributes
Deletes the user attributes in a user pool as an administrator
admin_disable_provider_for_user
Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP)
admin_disable_user
Deactivates a user and revokes all access tokens for the user
admin_enable_user
Enables the specified user as an administrator
admin_forget_device
Forgets the device, as an administrator
admin_get_device
Gets the device, as an administrator
admin_get_user
Gets the specified user by user name in a user pool as an administrator
admin_initiate_auth
Initiates the authentication flow, as an administrator
admin_link_provider_for_user
Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP
admin_list_devices
Lists devices, as an administrator
admin_list_groups_for_user
Lists the groups that a user belongs to
admin_list_user_auth_events
A history of user activity and any risks detected as part of Amazon Cognito advanced security
admin_remove_user_from_group
Removes the specified user from the specified group
admin_reset_user_password
Resets the specified user's password in a user pool as an administrator
admin_respond_to_auth_challenge
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge
admin_set_user_mfa_preference
The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred
admin_set_user_password
Sets the specified user's password in a user pool as an administrator
admin_set_user_settings
This action is no longer supported
admin_update_auth_event_feedback
Provides feedback for an authentication event indicating if it was from a valid user
admin_update_device_status
Updates the device status as an administrator
admin_update_user_attributes
This action might generate an SMS text message
admin_user_global_sign_out
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user
associate_software_token
Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response
change_password
Changes the password for a specified user in a user pool
confirm_device
Confirms tracking of the device
confirm_forgot_password
Allows a user to enter a confirmation code to reset a forgotten password
confirm_sign_up
This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation
create_group
Creates a new group in the specified user pool
create_identity_provider
Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool
create_resource_server
Creates a new OAuth2
create_user_import_job
Creates a user import job
create_user_pool
This action might generate an SMS text message
create_user_pool_client
Creates the user pool client
create_user_pool_domain
Creates a new domain for a user pool
delete_group
Deletes a group
delete_identity_provider
Deletes an IdP for a user pool
delete_resource_server
Deletes a resource server
delete_user
Allows a user to delete their own user profile
delete_user_attributes
Deletes the attributes for a user
delete_user_pool
Deletes the specified Amazon Cognito user pool
delete_user_pool_client
Allows the developer to delete the user pool client
delete_user_pool_domain
Deletes a domain for a user pool
describe_identity_provider
Gets information about a specific IdP
describe_resource_server
Describes a resource server
describe_risk_configuration
Describes the risk configuration
describe_user_import_job
Describes the user import job
describe_user_pool
Returns the configuration information and metadata of the specified user pool
describe_user_pool_client
Client method for returning the configuration information and metadata of the specified user pool app client
describe_user_pool_domain
Gets information about a domain
forget_device
Forgets the specified device
forgot_password
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password
get_csv_header
Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job
get_device
Gets the device
get_group
Gets a group
get_identity_provider_by_identifier
Gets the specified IdP
get_log_delivery_configuration
Gets the logging configuration of a user pool
get_signing_certificate
This method takes a user pool ID, and returns the signing certificate
get_ui_customization
Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client
get_user
Gets the user attributes and metadata for a user
get_user_attribute_verification_code
Generates a user attribute verification code for the specified attribute name
get_user_pool_mfa_config
Gets the user pool multi-factor authentication (MFA) configuration
global_sign_out
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user
initiate_auth
Initiates sign-in for a user in the Amazon Cognito user directory
list_devices
Lists the sign-in devices that Amazon Cognito has registered to the current user
list_groups
Lists the groups associated with a user pool
list_identity_providers
Lists information about all IdPs for a user pool
list_resource_servers
Lists the resource servers for a user pool
list_tags_for_resource
Lists the tags that are assigned to an Amazon Cognito user pool
list_user_import_jobs
Lists user import jobs for a user pool
list_user_pool_clients
Lists the clients that have been created for the specified user pool
list_user_pools
Lists the user pools associated with an Amazon Web Services account
list_users
Lists users and their basic details in a user pool
list_users_in_group
Lists the users in the specified group
resend_confirmation_code
Resends the confirmation (for confirmation of registration) to a specific user in the user pool
respond_to_auth_challenge
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge
revoke_token
Revokes all of the access tokens generated by, and at the same time as, the specified refresh token
set_log_delivery_configuration
Sets up or modifies the logging configuration of a user pool
set_risk_configuration
Configures actions on detected risks
set_ui_customization
Sets the user interface (UI) customization information for a user pool's built-in app UI
set_user_mfa_preference
Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred
set_user_pool_mfa_config
Sets the user pool multi-factor authentication (MFA) configuration
set_user_settings
This action is no longer supported
sign_up
Registers the user in the specified user pool and creates a user name, password, and user attributes
start_user_import_job
Starts the user import
stop_user_import_job
Stops the user import job
tag_resource
Assigns a set of tags to an Amazon Cognito user pool
untag_resource
Removes the specified tags from an Amazon Cognito user pool
update_auth_event_feedback
Provides the feedback for an authentication event, whether it was from a valid user or not
update_device_status
Updates the device status
update_group
Updates the specified group with the specified attributes
update_identity_provider
Updates IdP information for a user pool
update_resource_server
Updates the name and scopes of resource server
update_user_attributes
With this operation, your users can update one or more of their attributes with their own credentials
update_user_pool
This action might generate an SMS text message
update_user_pool_client
Updates the specified user pool app client with the specified attributes
update_user_pool_domain
Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool
verify_software_token
Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful
verify_user_attribute
Verifies the specified user attributes in the user pool

Examples

## Not run: 
svc <- cognitoidentityprovider()
# This request submits a value for all possible parameters for
# AdminCreateUser.
svc$admin_create_user(
  DesiredDeliveryMediums = list(
    "SMS"
  ),
  MessageAction = "SUPPRESS",
  TemporaryPassword = "This-is-my-test-99!",
  UserAttributes = list(
    list(
      Name = "name",
      Value = "John"
    ),
    list(
      Name = "phone_number",
      Value = "+12065551212"
    ),
    list(
      Name = "email",
      Value = "testuser@example.com"
    )
  ),
  UserPoolId = "us-east-1_EXAMPLE",
  Username = "testuser"
)

## End(Not run)