Skip to content

Commit

Permalink
feat(client-cognito-identity-provider): Added email MFA option to use…
Browse files Browse the repository at this point in the history
…r pools with advanced security features.
  • Loading branch information
awstools committed Sep 12, 2024
1 parent 89e6e2f commit b2fefb3
Show file tree
Hide file tree
Showing 23 changed files with 499 additions and 209 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ export interface AdminCreateUserCommandOutput extends AdminCreateUserResponse, _
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ export interface AdminInitiateAuthCommandOutput extends AdminInitiateAuthRespons
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down Expand Up @@ -110,7 +110,7 @@ export interface AdminInitiateAuthCommandOutput extends AdminInitiateAuthRespons
* const command = new AdminInitiateAuthCommand(input);
* const response = await client.send(command);
* // { // AdminInitiateAuthResponse
* // ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
* // ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
* // Session: "STRING_VALUE",
* // ChallengeParameters: { // ChallengeParametersType
* // "<keys>": "STRING_VALUE",
Expand Down Expand Up @@ -139,6 +139,10 @@ export interface AdminInitiateAuthCommandOutput extends AdminInitiateAuthRespons
* @throws {@link InternalErrorException} (server fault)
* <p>This exception is thrown when Amazon Cognito encounters an internal error.</p>
*
* @throws {@link InvalidEmailRoleAccessPolicyException} (client fault)
* <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
* status code: 400.</p>
*
* @throws {@link InvalidLambdaResponseException} (client fault)
* <p>This exception is thrown when Amazon Cognito encounters an invalid Lambda response.</p>
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ export interface AdminResetUserPasswordCommandOutput extends AdminResetUserPassw
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ export interface AdminRespondToAuthChallengeCommandOutput
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down Expand Up @@ -92,7 +92,7 @@ export interface AdminRespondToAuthChallengeCommandOutput
* const input = { // AdminRespondToAuthChallengeRequest
* UserPoolId: "STRING_VALUE", // required
* ClientId: "STRING_VALUE", // required
* ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED", // required
* ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED", // required
* ChallengeResponses: { // ChallengeResponsesType
* "<keys>": "STRING_VALUE",
* },
Expand All @@ -119,7 +119,7 @@ export interface AdminRespondToAuthChallengeCommandOutput
* const command = new AdminRespondToAuthChallengeCommand(input);
* const response = await client.send(command);
* // { // AdminRespondToAuthChallengeResponse
* // ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
* // ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
* // Session: "STRING_VALUE",
* // ChallengeParameters: { // ChallengeParametersType
* // "<keys>": "STRING_VALUE",
Expand Down Expand Up @@ -162,6 +162,10 @@ export interface AdminRespondToAuthChallengeCommandOutput
* @throws {@link InternalErrorException} (server fault)
* <p>This exception is thrown when Amazon Cognito encounters an internal error.</p>
*
* @throws {@link InvalidEmailRoleAccessPolicyException} (client fault)
* <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
* status code: 400.</p>
*
* @throws {@link InvalidLambdaResponseException} (client fault)
* <p>This exception is thrown when Amazon Cognito encounters an invalid Lambda response.</p>
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ export interface AdminSetUserMFAPreferenceCommandInput extends AdminSetUserMFAPr
export interface AdminSetUserMFAPreferenceCommandOutput extends AdminSetUserMFAPreferenceResponse, __MetadataBearer {}

/**
* <p>The user's multi-factor authentication (MFA) preference, including which MFA options
* are activated, and if any are preferred. Only one factor can be set as preferred. The
* preferred MFA factor will be used to authenticate a user if multiple factors are
* activated. If multiple options are activated and no preference is set, a challenge to
* choose an MFA option will be returned during sign-in.</p>
* <p>Sets the user's multi-factor authentication (MFA) preference, including which MFA
* options are activated, and if any are preferred. Only one factor can be set as
* preferred. The preferred MFA factor will be used to authenticate a user if multiple
* factors are activated. If multiple options are activated and no preference is set, a
* challenge to choose an MFA option will be returned during sign-in.</p>
* <note>
* <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
* this operation, you must use IAM credentials to authorize requests, and you must
Expand Down Expand Up @@ -76,6 +76,10 @@ export interface AdminSetUserMFAPreferenceCommandOutput extends AdminSetUserMFAP
* Enabled: true || false,
* PreferredMfa: true || false,
* },
* EmailMfaSettings: { // EmailMfaSettingsType
* Enabled: true || false,
* PreferredMfa: true || false,
* },
* Username: "STRING_VALUE", // required
* UserPoolId: "STRING_VALUE", // required
* };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ export interface AdminUpdateUserAttributesCommandOutput extends AdminUpdateUserA
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ export interface CreateUserPoolCommandOutput extends CreateUserPoolResponse, __M
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ export interface ForgotPasswordCommandOutput extends ForgotPasswordResponse, __M
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ export interface GetUserAttributeVerificationCodeCommandOutput
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,10 @@ export interface GetUserPoolMfaConfigCommandOutput extends GetUserPoolMfaConfigR
* // SoftwareTokenMfaConfiguration: { // SoftwareTokenMfaConfigType
* // Enabled: true || false,
* // },
* // EmailMfaConfiguration: { // EmailMfaConfigType
* // Message: "STRING_VALUE",
* // Subject: "STRING_VALUE",
* // },
* // MfaConfiguration: "OFF" || "ON" || "OPTIONAL",
* // };
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ export interface InitiateAuthCommandOutput extends InitiateAuthResponse, __Metad
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down Expand Up @@ -88,7 +88,7 @@ export interface InitiateAuthCommandOutput extends InitiateAuthResponse, __Metad
* const command = new InitiateAuthCommand(input);
* const response = await client.send(command);
* // { // InitiateAuthResponse
* // ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
* // ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
* // Session: "STRING_VALUE",
* // ChallengeParameters: { // ChallengeParametersType
* // "<keys>": "STRING_VALUE",
Expand Down Expand Up @@ -121,6 +121,10 @@ export interface InitiateAuthCommandOutput extends InitiateAuthResponse, __Metad
* @throws {@link InternalErrorException} (server fault)
* <p>This exception is thrown when Amazon Cognito encounters an internal error.</p>
*
* @throws {@link InvalidEmailRoleAccessPolicyException} (client fault)
* <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
* status code: 400.</p>
*
* @throws {@link InvalidLambdaResponseException} (client fault)
* <p>This exception is thrown when Amazon Cognito encounters an invalid Lambda response.</p>
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ export interface ResendConfirmationCodeCommandOutput extends ResendConfirmationC
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,8 @@ import {
ServiceOutputTypes,
} from "../CognitoIdentityProviderClient";
import { commonParams } from "../endpoint/EndpointParameters";
import {
RespondToAuthChallengeRequest,
RespondToAuthChallengeRequestFilterSensitiveLog,
RespondToAuthChallengeResponse,
RespondToAuthChallengeResponseFilterSensitiveLog,
} from "../models/models_0";
import { RespondToAuthChallengeRequest, RespondToAuthChallengeRequestFilterSensitiveLog } from "../models/models_0";
import { RespondToAuthChallengeResponse, RespondToAuthChallengeResponseFilterSensitiveLog } from "../models/models_1";
import { de_RespondToAuthChallengeCommand, se_RespondToAuthChallengeCommand } from "../protocols/Aws_json1_1";

/**
Expand Down Expand Up @@ -58,7 +54,7 @@ export interface RespondToAuthChallengeCommandOutput extends RespondToAuthChalle
* Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
* receive SMS messages might not be able to sign up, activate their accounts, or sign
* in.</p>
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
* <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
* Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
* <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
* mode</a>
Expand All @@ -75,7 +71,7 @@ export interface RespondToAuthChallengeCommandOutput extends RespondToAuthChalle
* const client = new CognitoIdentityProviderClient(config);
* const input = { // RespondToAuthChallengeRequest
* ClientId: "STRING_VALUE", // required
* ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED", // required
* ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED", // required
* Session: "STRING_VALUE",
* ChallengeResponses: { // ChallengeResponsesType
* "<keys>": "STRING_VALUE",
Expand All @@ -94,7 +90,7 @@ export interface RespondToAuthChallengeCommandOutput extends RespondToAuthChalle
* const command = new RespondToAuthChallengeCommand(input);
* const response = await client.send(command);
* // { // RespondToAuthChallengeResponse
* // ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
* // ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
* // Session: "STRING_VALUE",
* // ChallengeParameters: { // ChallengeParametersType
* // "<keys>": "STRING_VALUE",
Expand Down Expand Up @@ -141,6 +137,10 @@ export interface RespondToAuthChallengeCommandOutput extends RespondToAuthChalle
* @throws {@link InternalErrorException} (server fault)
* <p>This exception is thrown when Amazon Cognito encounters an internal error.</p>
*
* @throws {@link InvalidEmailRoleAccessPolicyException} (client fault)
* <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
* status code: 400.</p>
*
* @throws {@link InvalidLambdaResponseException} (client fault)
* <p>This exception is thrown when Amazon Cognito encounters an invalid Lambda response.</p>
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@ import {
ServiceOutputTypes,
} from "../CognitoIdentityProviderClient";
import { commonParams } from "../endpoint/EndpointParameters";
import { RevokeTokenRequest, RevokeTokenRequestFilterSensitiveLog } from "../models/models_0";
import { RevokeTokenResponse } from "../models/models_1";
import { RevokeTokenRequest, RevokeTokenRequestFilterSensitiveLog, RevokeTokenResponse } from "../models/models_1";
import { de_RevokeTokenCommand, se_RevokeTokenCommand } from "../protocols/Aws_json1_1";

/**
Expand Down
Loading

0 comments on commit b2fefb3

Please sign in to comment.