feat(client-cognito-identity-provider): Amazon Cognito now supports requiring attribute verification (ex. email and phone number) before update.

Author: awstools

clients/client-cognito-identity-provider/README.md

@@ -9,9 +9,12 @@
 
 AWS SDK for JavaScript CognitoIdentityProvider Client for Node.js, Browser and React Native.
 
-<p>Using the Amazon Cognito user pools API, you can create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.</p>
+<p>Using the Amazon Cognito user pools API, you can create a user pool to manage directories and
+users. You can authenticate a user to obtain tokens related to user identity and access
+policies.</p>
 <p>This API reference provides information about user pools in Amazon Cognito user pools.</p>
-<p>For more information, see the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html">Amazon Cognito Documentation</a>.</p>
+<p>For more information, see the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html">Amazon Cognito
+Documentation</a>.</p>
 
 ## Installing
 

clients/client-cognito-identity-provider/src/CognitoIdentityProvider.ts

@@ -678,9 +678,12 @@ type CognitoIdentityProviderClientResolvedConfigType = __SmithyResolvedConfigura
 export interface CognitoIdentityProviderClientResolvedConfig extends CognitoIdentityProviderClientResolvedConfigType {}
 
 /**
- * <p>Using the Amazon Cognito user pools API, you can create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.</p>
+ * <p>Using the Amazon Cognito user pools API, you can create a user pool to manage directories and
+ *             users. You can authenticate a user to obtain tokens related to user identity and access
+ *             policies.</p>
  *         <p>This API reference provides information about user pools in Amazon Cognito user pools.</p>
- *         <p>For more information, see the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html">Amazon Cognito Documentation</a>.</p>
+ *         <p>For more information, see the <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html">Amazon Cognito
+ *                 Documentation</a>.</p>
  */
 export class CognitoIdentityProviderClient extends __Client<
   __HttpHandlerOptions,

clients/client-cognito-identity-provider/src/CognitoIdentityProviderClient.ts

@@ -28,7 +28,8 @@ export interface AdminConfirmSignUpCommandInput extends AdminConfirmSignUpReques
 export interface AdminConfirmSignUpCommandOutput extends AdminConfirmSignUpResponse, __MetadataBearer {}
 
 /**
- * <p>Confirms user registration as an admin without using a confirmation code. Works on any user.</p>
+ * <p>Confirms user registration as an admin without using a confirmation code. Works on any
+ *             user.</p>
  *         <p>Calling this action requires developer credentials.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-cognito-identity-provider/src/commands/AdminConfirmSignUpCommand.ts

@@ -29,9 +29,8 @@ export interface AdminCreateUserCommandOutput extends AdminCreateUserResponse, _
 
 /**
  * <p>Creates a new user in the specified user pool.</p>
- *         <p>If <code>MessageAction</code> isn't set, the default is to send a welcome message via email or phone (SMS).</p>
- *
- *
+ *         <p>If <code>MessageAction</code> isn't set, the default is to send a welcome message via
+ *             email or phone (SMS).</p>
  *
  *          <note>
  *             <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers
@@ -51,10 +50,13 @@ export interface AdminCreateUserCommandOutput extends AdminCreateUserResponse, _
  *                     Developer Guide</i>.</p>
  *          </note>
  *
- *         <p>This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for
- *             user name and temporary password.</p>
- *         <p>Alternatively, you can call <code>AdminCreateUser</code> with <code>SUPPRESS</code> for the <code>MessageAction</code> parameter, and Amazon Cognito won't send any email. </p>
- *         <p>In either case, the user will be in the <code>FORCE_CHANGE_PASSWORD</code> state until they sign in and change their password.</p>
+ *         <p>This message is based on a template that you configured in your call to create or
+ *             update a user pool. This template includes your custom sign-up instructions and
+ *             placeholders for user name and temporary password.</p>
+ *         <p>Alternatively, you can call <code>AdminCreateUser</code> with <code>SUPPRESS</code>
+ *             for the <code>MessageAction</code> parameter, and Amazon Cognito won't send any email. </p>
+ *         <p>In either case, the user will be in the <code>FORCE_CHANGE_PASSWORD</code> state until
+ *             they sign in and change their password.</p>
  *         <p>
  *             <code>AdminCreateUser</code> requires developer credentials.</p>
  * @example

clients/client-cognito-identity-provider/src/commands/AdminCreateUserCommand.ts

@@ -28,7 +28,8 @@ export interface AdminDeleteUserAttributesCommandInput extends AdminDeleteUserAt
 export interface AdminDeleteUserAttributesCommandOutput extends AdminDeleteUserAttributesResponse, __MetadataBearer {}
 
 /**
- * <p>Deletes the user attributes in a user pool as an administrator. Works on any user.</p>
+ * <p>Deletes the user attributes in a user pool as an administrator. Works on any
+ *             user.</p>
  *         <p>Calling this action requires developer credentials.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-cognito-identity-provider/src/commands/AdminDeleteUserAttributesCommand.ts

@@ -31,22 +31,33 @@ export interface AdminDisableProviderForUserCommandOutput
 
 /**
  * <p>Prevents the user from signing in with the specified external (SAML or social)
- *             identity provider. If the user that you want to  deactivate is a Amazon Cognito user pools native
- *             username + password user, they can't use their password to sign in. If the user to
- *             deactivate is a linked external identity provider (IdP) user, any link between that user
- *             and an existing user is removed. When the external user signs in again, and the user is
- *             no longer attached to the previously linked <code>DestinationUser</code>, the user must
- *             create a new user account. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html">AdminLinkProviderForUser</a>.</p>
- *         <p>This action is enabled only for admin access and requires developer credentials.</p>
- *         <p>The <code>ProviderName</code> must match the value specified when creating an IdP for the pool. </p>
- *         <p>To deactivate a native username + password user, the <code>ProviderName</code> value must be <code>Cognito</code> and the <code>ProviderAttributeName</code> must be <code>Cognito_Subject</code>.
- *             The <code>ProviderAttributeValue</code> must be the name that is used in the user pool for the user.</p>
- *         <p>The <code>ProviderAttributeName</code> must always be <code>Cognito_Subject</code> for social identity providers. The <code>ProviderAttributeValue</code> must always be the exact
- *             subject that was used when the user was originally linked as a source user.</p>
- *         <p>For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the <code>ProviderAttributeName</code> and <code>ProviderAttributeValue</code>
- *             must be the same values that were used for the <code>SourceUser</code> when the identities were originally linked using <code> AdminLinkProviderForUser</code> call. (If the linking was done
- *             with <code>ProviderAttributeName</code> set to <code>Cognito_Subject</code>, the same applies here). However, if the user has already signed in, the <code>ProviderAttributeName</code> must
- *             be <code>Cognito_Subject</code> and <code>ProviderAttributeValue</code> must be the subject of the SAML assertion.</p>
+ *             identity provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools
+ *             native username + password user, they can't use their password to sign in. If the user
+ *             to deactivate is a linked external IdP user, any link between that user and an existing
+ *             user is removed. When the external user signs in again, and the user is no longer
+ *             attached to the previously linked <code>DestinationUser</code>, the user must create a
+ *             new user account. See <a href="https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html">AdminLinkProviderForUser</a>.</p>
+ *         <p>This action is enabled only for admin access and requires developer
+ *             credentials.</p>
+ *         <p>The <code>ProviderName</code> must match the value specified when creating an IdP for
+ *             the pool. </p>
+ *         <p>To deactivate a native username + password user, the <code>ProviderName</code> value
+ *             must be <code>Cognito</code> and the <code>ProviderAttributeName</code> must be
+ *                 <code>Cognito_Subject</code>. The <code>ProviderAttributeValue</code> must be the
+ *             name that is used in the user pool for the user.</p>
+ *         <p>The <code>ProviderAttributeName</code> must always be <code>Cognito_Subject</code> for
+ *             social IdPs. The <code>ProviderAttributeValue</code> must always be the exact subject
+ *             that was used when the user was originally linked as a source user.</p>
+ *         <p>For de-linking a SAML identity, there are two scenarios. If the linked identity has
+ *             not yet been used to sign in, the <code>ProviderAttributeName</code> and
+ *                 <code>ProviderAttributeValue</code> must be the same values that were used for the
+ *                 <code>SourceUser</code> when the identities were originally linked using <code>
+ *                 AdminLinkProviderForUser</code> call. (If the linking was done with
+ *                 <code>ProviderAttributeName</code> set to <code>Cognito_Subject</code>, the same
+ *             applies here). However, if the user has already signed in, the
+ *                 <code>ProviderAttributeName</code> must be <code>Cognito_Subject</code> and
+ *                 <code>ProviderAttributeValue</code> must be the subject of the SAML
+ *             assertion.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-cognito-identity-provider/src/commands/AdminDisableProviderForUserCommand.ts

@@ -28,7 +28,8 @@ export interface AdminGetUserCommandInput extends AdminGetUserRequest {}
 export interface AdminGetUserCommandOutput extends AdminGetUserResponse, __MetadataBearer {}
 
 /**
- * <p>Gets the specified user by user name in a user pool as an administrator. Works on any user.</p>
+ * <p>Gets the specified user by user name in a user pool as an administrator. Works on any
+ *             user.</p>
  *         <p>Calling this action requires developer credentials.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-cognito-identity-provider/src/commands/AdminGetUserCommand.ts

@@ -30,7 +30,6 @@ export interface AdminInitiateAuthCommandOutput extends AdminInitiateAuthRespons
 /**
  * <p>Initiates the authentication flow, as an administrator.</p>
  *
- *
  *          <note>
  *             <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers
  *                 require you to register an origination phone number before you can send SMS messages

clients/client-cognito-identity-provider/src/commands/AdminInitiateAuthCommand.ts

@@ -28,18 +28,23 @@ export interface AdminLinkProviderForUserCommandInput extends AdminLinkProviderF
 export interface AdminLinkProviderForUserCommandOutput extends AdminLinkProviderForUserResponse, __MetadataBearer {}
 
 /**
- * <p>Links an existing user account in a user pool (<code>DestinationUser</code>) to an identity from an external identity provider (<code>SourceUser</code>) based on a specified
- *             attribute name and value from the external identity provider. This allows you to create a link from the existing user account to an external federated user identity that has not
- *             yet been used to sign in. You can then use the federated user identity to sign in as the existing user account. </p>
- *         <p> For example, if there is an existing user with a username and password, this API links that user to a federated user identity.  When the user signs in with a federated user
- *             identity, they sign in as the existing user account.</p>
- *          <note>
- *             <p>The maximum number of federated identities linked to a user is 5.</p>
- *          </note>
- *          <important>
- *             <p>Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external
- *         identity providers and provider attributes that have been trusted by the application owner.</p>
- *          </important>
+ * <p>Links an existing user account in a user pool (<code>DestinationUser</code>) to an
+ *             identity from an external IdP (<code>SourceUser</code>) based on a specified attribute
+ *             name and value from the external IdP. This allows you to create a link from the existing
+ *             user account to an external federated user identity that has not yet been used to sign
+ *             in. You can then use the federated user identity to sign in as the existing user
+ *             account. </p>
+ *         <p> For example, if there is an existing user with a username and password, this API
+ *             links that user to a federated user identity. When the user signs in with a federated
+ *             user identity, they sign in as the existing user account.</p>
+ *         <note>
+ *             <p>The maximum number of federated identities linked to a user is five.</p>
+ *         </note>
+ *         <important>
+ *             <p>Because this API allows a user with an external federated identity to sign in as
+ *                 an existing user in the user pool, it is critical that it only be used with external
+ *                 IdPs and provider attributes that have been trusted by the application owner.</p>
+ *         </important>
  *
  *         <p>This action is administrative and requires developer credentials.</p>
  * @example

clients/client-cognito-identity-provider/src/commands/AdminLinkProviderForUserCommand.ts

@@ -28,7 +28,8 @@ export interface AdminListUserAuthEventsCommandInput extends AdminListUserAuthEv
 export interface AdminListUserAuthEventsCommandOutput extends AdminListUserAuthEventsResponse, __MetadataBearer {}
 
 /**
- * <p>A history of user activity and any risks detected as part of Amazon Cognito advanced security.</p>
+ * <p>A history of user activity and any risks detected as part of Amazon Cognito advanced
+ *             security.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-cognito-identity-provider/src/commands/AdminListUserAuthEventsCommand.ts

@@ -28,12 +28,16 @@ export interface AdminResetUserPasswordCommandInput extends AdminResetUserPasswo
 export interface AdminResetUserPasswordCommandOutput extends AdminResetUserPasswordResponse, __MetadataBearer {}
 
 /**
- * <p>Resets the specified user's password in a user pool as an administrator. Works on any user.</p>
- *         <p>When a developer calls this API, the current password is invalidated, so it must be changed. If a user tries to sign in after the API is called,
- *             the app will get a PasswordResetRequiredException exception back and should direct the user down the flow to reset the password, which is the same
- *             as the forgot password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if
- *             email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user
- *             with the code to change their password.</p>
+ * <p>Resets the specified user's password in a user pool as an administrator. Works on any
+ *             user.</p>
+ *         <p>When a developer calls this API, the current password is invalidated, so it must be
+ *             changed. If a user tries to sign in after the API is called, the app will get a
+ *             PasswordResetRequiredException exception back and should direct the user down the flow
+ *             to reset the password, which is the same as the forgot password flow. In addition, if
+ *             the user pool has phone verification selected and a verified phone number exists for the
+ *             user, or if email verification is selected and a verified email exists for the user,
+ *             calling this API will also result in sending a message to the end user with the code to
+ *             change their password.</p>
  *
  *          <note>
  *             <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers

clients/client-cognito-identity-provider/src/commands/AdminResetUserPasswordCommand.ts

@@ -28,9 +28,11 @@ export interface AdminSetUserMFAPreferenceCommandInput extends AdminSetUserMFAPr
 export interface AdminSetUserMFAPreferenceCommandOutput extends AdminSetUserMFAPreferenceResponse, __MetadataBearer {}
 
 /**
- * <p>The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred
- *             MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will
- *             be returned during sign-in.</p>
+ * <p>The user's multi-factor authentication (MFA) preference, including which MFA options
+ *             are activated, and if any are preferred. Only one factor can be set as preferred. The
+ *             preferred MFA factor will be used to authenticate a user if multiple factors are
+ *             activated. If multiple options are activated and no preference is set, a challenge to
+ *             choose an MFA option will be returned during sign-in.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-cognito-identity-provider/src/commands/AdminSetUserMFAPreferenceCommand.ts

@@ -28,11 +28,16 @@ export interface AdminSetUserPasswordCommandInput extends AdminSetUserPasswordRe
 export interface AdminSetUserPasswordCommandOutput extends AdminSetUserPasswordResponse, __MetadataBearer {}
 
 /**
- * <p>Sets the specified user's password in a user pool as an administrator. Works on any user. </p>
- *         <p>The password can be temporary or permanent. If it is temporary, the user status enters the <code>FORCE_CHANGE_PASSWORD</code> state. When the user next tries to sign in,
- *             the InitiateAuth/AdminInitiateAuth response will contain the <code>NEW_PASSWORD_REQUIRED</code> challenge. If the user doesn't sign in before it expires, the user won't be
- *             able to sign in, and an administrator must reset their password. </p>
- *         <p>Once the user has set a new password, or the password is permanent, the user status is set to <code>Confirmed</code>.</p>
+ * <p>Sets the specified user's password in a user pool as an administrator. Works on any
+ *             user. </p>
+ *         <p>The password can be temporary or permanent. If it is temporary, the user status enters
+ *             the <code>FORCE_CHANGE_PASSWORD</code> state. When the user next tries to sign in, the
+ *             InitiateAuth/AdminInitiateAuth response will contain the
+ *                 <code>NEW_PASSWORD_REQUIRED</code> challenge. If the user doesn't sign in before it
+ *             expires, the user won't be able to sign in, and an administrator must reset their
+ *             password. </p>
+ *         <p>Once the user has set a new password, or the password is permanent, the user status is
+ *             set to <code>Confirmed</code>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript