Client

cognitoidentityprovider

R Documentation

Amazon Cognito Identity Provider

Description

With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and hosted UI reference.

This API reference provides detailed information about API operations and object types in Amazon Cognito.

Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.

1. An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.

2. A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.

3. A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.

For more information, see Using the Amazon Cognito user pools API and user pool endpoints in the Amazon Cognito Developer Guide.

With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in other supported Amazon Web Services SDKs.

• Amazon Web Services Command Line Interface

• Amazon Web Services SDK for .NET

• Amazon Web Services SDK for C++

• Amazon Web Services SDK for Go

• Amazon Web Services SDK for Java V2

• Amazon Web Services SDK for JavaScript

• Amazon Web Services SDK for PHP V3

• Amazon Web Services SDK for Python

• Amazon Web Services SDK for Ruby V3

• Amazon Web Services SDK for Kotlin

To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.

Usage

cognitoidentityprovider(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

• credentials:

  • creds:

    • access_key_id: AWS access key ID

    • secret_access_key: AWS secret access key

    • session_token: AWS temporary session token

  • profile: The name of a profile to use. If not given, then the default profile is used.

  • anonymous: Set anonymous credentials.

• endpoint: The complete URL to use for the constructed client.

• region: The AWS Region used in instantiating the client.

• close_connection: Immediately close all HTTP connections.

• timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.

• s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. ⁠http://s3.amazonaws.com/BUCKET/KEY⁠.

• sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

credentials

Optional credentials shorthand for the config parameter

• creds:

  • access_key_id: AWS access key ID

  • secret_access_key: AWS secret access key

  • session_token: AWS temporary session token

• profile: The name of a profile to use. If not given, then the default profile is used.

• anonymous: Set anonymous credentials.

endpoint

Optional shorthand for complete URL to use for the constructed client.

region

Optional shorthand for AWS Region used in instantiating the client.

Value

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Service syntax

svc <- cognitoidentityprovider(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations

add_custom_attributes

Adds additional user attributes to the user pool schema

admin_add_user_to_group

Adds a user to a group

admin_confirm_sign_up

Confirms user sign-up as an administrator

admin_create_user

Creates a new user in the specified user pool

admin_delete_user

Deletes a user profile in your user pool

admin_delete_user_attributes

Deletes attribute values from a user

admin_disable_provider_for_user

Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP)

admin_disable_user

Deactivates a user profile and revokes all access tokens for the user

admin_enable_user

Activate sign-in for a user profile that previously had sign-in access disabled

admin_forget_device

Forgets, or deletes, a remembered device from a user's profile

admin_get_device

Given the device key, returns details for a user' device

admin_get_user

Given the username, returns details about a user profile in a user pool

admin_initiate_auth

Starts sign-in for applications with a server-side component, for example a traditional web application

admin_link_provider_for_user

Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP

admin_list_devices

Lists a user's registered devices

admin_list_groups_for_user

Lists the groups that a user belongs to

admin_list_user_auth_events

Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection

admin_remove_user_from_group

Given a username and a group name

admin_reset_user_password

Resets the specified user's password in a user pool

admin_respond_to_auth_challenge

Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge

admin_set_user_mfa_preference

Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred

admin_set_user_password

Sets the specified user's password in a user pool

admin_set_user_settings

This action is no longer supported

admin_update_auth_event_feedback

Provides feedback for an authentication event indicating if it was from a valid user

admin_update_device_status

Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication

admin_update_user_attributes

This action might generate an SMS text message

admin_user_global_sign_out

Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user

associate_software_token

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response

change_password

Changes the password for a specified user in a user pool

complete_web_authn_registration

Completes registration of a passkey authenticator for the current user

confirm_device

Confirms a device that a user wants to remember

confirm_forgot_password

This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user

confirm_sign_up

This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation

create_group

Creates a new group in the specified user pool

create_identity_provider

Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool

create_managed_login_branding

Creates a new set of branding settings for a user pool style and associates it with an app client

create_resource_server

Creates a new OAuth2

create_user_import_job

Creates a user import job

create_user_pool

This action might generate an SMS text message

create_user_pool_client

Creates an app client in a user pool

create_user_pool_domain

A user pool domain hosts managed login, an authorization server and web server for authentication in your application

delete_group

Deletes a group from the specified user pool

delete_identity_provider

Deletes a user pool identity provider (IdP)

delete_managed_login_branding

Deletes a managed login branding style

delete_resource_server

Deletes a resource server

delete_user

Self-deletes a user profile

delete_user_attributes

Self-deletes attributes for a user

delete_user_pool

Deletes a user pool

delete_user_pool_client

Deletes a user pool app client

delete_user_pool_domain

Given a user pool ID and domain identifier, deletes a user pool domain

delete_web_authn_credential

Deletes a registered passkey, or webauthN, authenticator for the currently signed-in user

describe_identity_provider

Given a user pool ID and identity provider (IdP) name, returns details about the IdP

describe_managed_login_branding

Given the ID of a managed login branding style, returns detailed information about the style

describe_managed_login_branding_by_client

Given the ID of a user pool app client, returns detailed information about the style assigned to the app client

describe_resource_server

Describes a resource server

describe_risk_configuration

Given an app client or user pool ID where threat protection is configured, describes the risk configuration

describe_user_import_job

Describes a user import job

describe_user_pool

Given a user pool ID, returns configuration information

describe_user_pool_client

Given an app client ID, returns configuration information

describe_user_pool_domain

Given a user pool domain name, returns information about the domain configuration

forget_device

Forgets the specified device

forgot_password

Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password

get_csv_header

Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job

get_device

Gets the device

get_group

Gets a group

get_identity_provider_by_identifier

Gets the specified IdP

get_log_delivery_configuration

Gets the logging configuration of a user pool

get_signing_certificate

This method takes a user pool ID, and returns the signing certificate

get_ui_customization

Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client

get_user

Gets the user attributes and metadata for a user

get_user_attribute_verification_code

Generates a user attribute verification code for the specified attribute name

get_user_auth_factors

Lists the authentication options for the currently signed-in user

get_user_pool_mfa_config

Gets the user pool multi-factor authentication (MFA) configuration

global_sign_out

Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user

initiate_auth

Initiates sign-in for a user in the Amazon Cognito user directory

list_devices

Lists the sign-in devices that Amazon Cognito has registered to the current user

list_groups

Lists the groups associated with a user pool

list_identity_providers

Lists information about all IdPs for a user pool

list_resource_servers

Lists the resource servers for a user pool

list_tags_for_resource

Lists the tags that are assigned to an Amazon Cognito user pool

list_user_import_jobs

Lists user import jobs for a user pool

list_user_pool_clients

Lists the clients that have been created for the specified user pool

list_user_pools

Lists the user pools associated with an Amazon Web Services account

list_users

Lists users and their basic details in a user pool

list_users_in_group

Lists the users in the specified group

list_web_authn_credentials

Generates a list of the current user's registered passkey, or webauthN, credentials

resend_confirmation_code

Resends the confirmation (for confirmation of registration) to a specific user in the user pool

respond_to_auth_challenge

Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge

revoke_token

Revokes all of the access tokens generated by, and at the same time as, the specified refresh token

set_log_delivery_configuration

Sets up or modifies the logging configuration of a user pool

set_risk_configuration

Configures actions on detected risks

set_ui_customization

Sets the user interface (UI) customization information for a user pool's built-in app UI

set_user_mfa_preference

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred

set_user_pool_mfa_config

Sets the user pool multi-factor authentication (MFA) and passkey configuration

set_user_settings

This action is no longer supported

sign_up

Registers the user in the specified user pool and creates a user name, password, and user attributes

start_user_import_job

Starts the user import

start_web_authn_registration

Requests credential creation options from your user pool for registration of a passkey authenticator

stop_user_import_job

Stops the user import job

tag_resource

Assigns a set of tags to an Amazon Cognito user pool

untag_resource

Removes the specified tags from an Amazon Cognito user pool

update_auth_event_feedback

Provides the feedback for an authentication event, whether it was from a valid user or not

update_device_status

Updates the device status

update_group

Updates the specified group with the specified attributes

update_identity_provider

Updates IdP information for a user pool

update_managed_login_branding

Configures the branding settings for a user pool style

update_resource_server

Updates the name and scopes of resource server

update_user_attributes

With this operation, your users can update one or more of their attributes with their own credentials

update_user_pool

This action might generate an SMS text message

update_user_pool_client

Updates the specified user pool app client with the specified attributes

update_user_pool_domain

A user pool domain hosts managed login, an authorization server and web server for authentication in your application

verify_software_token

Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful

verify_user_attribute

Verifies the specified user attributes in the user pool

Examples

## Not run: 
svc <- cognitoidentityprovider()
svc$add_custom_attributes(
  Foo = 123
)

## End(Not run)