Advanced security configuration options for additional authentication types + * in your user pool, including custom authentication and refresh-token + * authentication. + *
+ * @public + */ +export interface AdvancedSecurityAdditionalFlowsType { + /** + *The operating mode of advanced security features in custom authentication with + * + * Custom authentication challenge Lambda triggers. + *
+ * @public + */ + CustomAuthMode?: AdvancedSecurityEnabledModeType; +} + /** * @public * @enum @@ -5502,10 +5535,22 @@ export interface UsernameConfigurationType { */ export interface UserPoolAddOnsType { /** - *The operating mode of advanced security features in your user pool.
+ *The operating mode of advanced security features for standard authentication types + * in your user pool, including username-password and secure remote password (SRP) + * authentication. + *
* @public */ AdvancedSecurityMode: AdvancedSecurityModeType | undefined; + + /** + *Advanced security configuration options for additional authentication types + * in your user pool, including custom authentication and refresh-token + * authentication. + *
+ * @public + */ + AdvancedSecurityAdditionalFlows?: AdvancedSecurityAdditionalFlowsType; } /** @@ -9662,32 +9707,6 @@ export interface RevokeTokenRequest { ClientSecret?: string; } -/** - * @public - */ -export interface RevokeTokenResponse {} - -/** - *Exception that is thrown when the request isn't authorized. This can happen due to an - * invalid access token in the request.
- * @public - */ -export class UnauthorizedException extends __BaseException { - readonly name: "UnauthorizedException" = "UnauthorizedException"; - readonly $fault: "client" = "client"; - /** - * @internal - */ - constructor(opts: __ExceptionOptionTypeException that is thrown when the request isn't authorized. This can happen due to an + * invalid access token in the request.
+ * @public + */ +export class UnauthorizedException extends __BaseException { + readonly name: "UnauthorizedException" = "UnauthorizedException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionTypeException that is thrown when you attempt to perform an operation that isn't enabled * for the user pool client.
diff --git a/clients/client-cognito-identity-provider/src/protocols/Aws_json1_1.ts b/clients/client-cognito-identity-provider/src/protocols/Aws_json1_1.ts index 1a58788678289..fa2ec0f7e12df 100644 --- a/clients/client-cognito-identity-provider/src/protocols/Aws_json1_1.ts +++ b/clients/client-cognito-identity-provider/src/protocols/Aws_json1_1.ts @@ -339,6 +339,7 @@ import { AdminUpdateDeviceStatusRequest, AdminUpdateUserAttributesRequest, AdminUserGlobalSignOutRequest, + AdvancedSecurityAdditionalFlowsType, AliasAttributeType, AliasExistsException, AnalyticsConfigurationType, @@ -492,7 +493,6 @@ import { TooManyFailedAttemptsException, TooManyRequestsException, UICustomizationType, - UnauthorizedException, UnexpectedLambdaException, UnsupportedIdentityProviderException, UnsupportedUserStateException, @@ -533,6 +533,7 @@ import { StopUserImportJobRequest, StopUserImportJobResponse, TagResourceRequest, + UnauthorizedException, UnsupportedOperationException, UnsupportedTokenTypeException, UntagResourceRequest, @@ -4794,6 +4795,8 @@ const de_UserPoolTaggingExceptionRes = async ( // se_AdminUserGlobalSignOutRequest omitted. +// se_AdvancedSecurityAdditionalFlowsType omitted. + // se_AliasAttributesListType omitted. // se_AnalyticsConfigurationType omitted. @@ -5217,6 +5220,8 @@ const de_AdminListUserAuthEventsResponse = (output: any, context: __SerdeContext // de_AdminUserGlobalSignOutResponse omitted. +// de_AdvancedSecurityAdditionalFlowsType omitted. + // de_AliasAttributesListType omitted. // de_AliasExistsException omitted. diff --git a/codegen/sdk-codegen/aws-models/cognito-identity-provider.json b/codegen/sdk-codegen/aws-models/cognito-identity-provider.json index 677624d82548f..ef4667fd40d10 100644 --- a/codegen/sdk-codegen/aws-models/cognito-identity-provider.json +++ b/codegen/sdk-codegen/aws-models/cognito-identity-provider.json @@ -3780,6 +3780,37 @@ "smithy.api#output": {} } }, + "com.amazonaws.cognitoidentityprovider#AdvancedSecurityAdditionalFlowsType": { + "type": "structure", + "members": { + "CustomAuthMode": { + "target": "com.amazonaws.cognitoidentityprovider#AdvancedSecurityEnabledModeType", + "traits": { + "smithy.api#documentation": "The operating mode of advanced security features in custom authentication with \n \n Custom authentication challenge Lambda triggers.\n
" + } + } + }, + "traits": { + "smithy.api#documentation": "Advanced security configuration options for additional authentication types\n in your user pool, including custom authentication and refresh-token \n authentication.\n
" + } + }, + "com.amazonaws.cognitoidentityprovider#AdvancedSecurityEnabledModeType": { + "type": "enum", + "members": { + "AUDIT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AUDIT" + } + }, + "ENFORCED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENFORCED" + } + } + } + }, "com.amazonaws.cognitoidentityprovider#AdvancedSecurityModeType": { "type": "enum", "members": { @@ -15168,9 +15199,15 @@ "AdvancedSecurityMode": { "target": "com.amazonaws.cognitoidentityprovider#AdvancedSecurityModeType", "traits": { - "smithy.api#documentation": "The operating mode of advanced security features in your user pool.
", + "smithy.api#documentation": "The operating mode of advanced security features for standard authentication types\n in your user pool, including username-password and secure remote password (SRP)\n authentication.\n
", "smithy.api#required": {} } + }, + "AdvancedSecurityAdditionalFlows": { + "target": "com.amazonaws.cognitoidentityprovider#AdvancedSecurityAdditionalFlowsType", + "traits": { + "smithy.api#documentation": "Advanced security configuration options for additional authentication types\n in your user pool, including custom authentication and refresh-token \n authentication.\n
" + } } }, "traits": {