From e2e4cccb7a504ee0578ba36d7152eafa61494613 Mon Sep 17 00:00:00 2001 From: awstools Date: Thu, 8 Aug 2024 18:14:34 +0000 Subject: [PATCH] feat(client-cognito-identity-provider): Added support for threat protection for custom authentication in Amazon Cognito user pools. --- .../src/commands/CreateUserPoolCommand.ts | 6 ++ .../src/commands/DescribeUserPoolCommand.ts | 3 + .../src/commands/RevokeTokenCommand.ts | 3 +- .../src/commands/UpdateUserPoolCommand.ts | 3 + .../src/models/models_0.ts | 73 ++++++++++++------- .../src/models/models_1.ts | 26 +++++++ .../src/protocols/Aws_json1_1.ts | 7 +- .../aws-models/cognito-identity-provider.json | 39 +++++++++- 8 files changed, 130 insertions(+), 30 deletions(-) diff --git a/clients/client-cognito-identity-provider/src/commands/CreateUserPoolCommand.ts b/clients/client-cognito-identity-provider/src/commands/CreateUserPoolCommand.ts index 9faf64fc5bc9..676b56e5eff8 100644 --- a/clients/client-cognito-identity-provider/src/commands/CreateUserPoolCommand.ts +++ b/clients/client-cognito-identity-provider/src/commands/CreateUserPoolCommand.ts @@ -193,6 +193,9 @@ export interface CreateUserPoolCommandOutput extends CreateUserPoolResponse, __M * ], * UserPoolAddOns: { // UserPoolAddOnsType * AdvancedSecurityMode: "OFF" || "AUDIT" || "ENFORCED", // required + * AdvancedSecurityAdditionalFlows: { // AdvancedSecurityAdditionalFlowsType + * CustomAuthMode: "AUDIT" || "ENFORCED", + * }, * }, * UsernameConfiguration: { // UsernameConfigurationType * CaseSensitive: true || false, // required @@ -331,6 +334,9 @@ export interface CreateUserPoolCommandOutput extends CreateUserPoolResponse, __M * // }, * // UserPoolAddOns: { // UserPoolAddOnsType * // AdvancedSecurityMode: "OFF" || "AUDIT" || "ENFORCED", // required + * // AdvancedSecurityAdditionalFlows: { // AdvancedSecurityAdditionalFlowsType + * // CustomAuthMode: "AUDIT" || "ENFORCED", + * // }, * // }, * // UsernameConfiguration: { // UsernameConfigurationType * // CaseSensitive: true || false, // required diff --git a/clients/client-cognito-identity-provider/src/commands/DescribeUserPoolCommand.ts b/clients/client-cognito-identity-provider/src/commands/DescribeUserPoolCommand.ts index acadfdfb285b..c9e75e41e9ab 100644 --- a/clients/client-cognito-identity-provider/src/commands/DescribeUserPoolCommand.ts +++ b/clients/client-cognito-identity-provider/src/commands/DescribeUserPoolCommand.ts @@ -187,6 +187,9 @@ export interface DescribeUserPoolCommandOutput extends DescribeUserPoolResponse, * // }, * // UserPoolAddOns: { // UserPoolAddOnsType * // AdvancedSecurityMode: "OFF" || "AUDIT" || "ENFORCED", // required + * // AdvancedSecurityAdditionalFlows: { // AdvancedSecurityAdditionalFlowsType + * // CustomAuthMode: "AUDIT" || "ENFORCED", + * // }, * // }, * // UsernameConfiguration: { // UsernameConfigurationType * // CaseSensitive: true || false, // required diff --git a/clients/client-cognito-identity-provider/src/commands/RevokeTokenCommand.ts b/clients/client-cognito-identity-provider/src/commands/RevokeTokenCommand.ts index caf2641aa270..fa6607cfa5db 100644 --- a/clients/client-cognito-identity-provider/src/commands/RevokeTokenCommand.ts +++ b/clients/client-cognito-identity-provider/src/commands/RevokeTokenCommand.ts @@ -10,7 +10,8 @@ import { ServiceOutputTypes, } from "../CognitoIdentityProviderClient"; import { commonParams } from "../endpoint/EndpointParameters"; -import { RevokeTokenRequest, RevokeTokenRequestFilterSensitiveLog, RevokeTokenResponse } from "../models/models_0"; +import { RevokeTokenRequest, RevokeTokenRequestFilterSensitiveLog } from "../models/models_0"; +import { RevokeTokenResponse } from "../models/models_1"; import { de_RevokeTokenCommand, se_RevokeTokenCommand } from "../protocols/Aws_json1_1"; /** diff --git a/clients/client-cognito-identity-provider/src/commands/UpdateUserPoolCommand.ts b/clients/client-cognito-identity-provider/src/commands/UpdateUserPoolCommand.ts index 15b63e2bee7b..b914325cf403 100644 --- a/clients/client-cognito-identity-provider/src/commands/UpdateUserPoolCommand.ts +++ b/clients/client-cognito-identity-provider/src/commands/UpdateUserPoolCommand.ts @@ -170,6 +170,9 @@ export interface UpdateUserPoolCommandOutput extends UpdateUserPoolResponse, __M * }, * UserPoolAddOns: { // UserPoolAddOnsType * AdvancedSecurityMode: "OFF" || "AUDIT" || "ENFORCED", // required + * AdvancedSecurityAdditionalFlows: { // AdvancedSecurityAdditionalFlowsType + * CustomAuthMode: "AUDIT" || "ENFORCED", + * }, * }, * AccountRecoverySetting: { // AccountRecoverySettingType * RecoveryMechanisms: [ // RecoveryMechanismsType diff --git a/clients/client-cognito-identity-provider/src/models/models_0.ts b/clients/client-cognito-identity-provider/src/models/models_0.ts index a9ff331ab590..9b54c7a8d1ed 100644 --- a/clients/client-cognito-identity-provider/src/models/models_0.ts +++ b/clients/client-cognito-identity-provider/src/models/models_0.ts @@ -3644,6 +3644,39 @@ export interface AdminUserGlobalSignOutRequest { */ export interface AdminUserGlobalSignOutResponse {} +/** + * @public + * @enum + */ +export const AdvancedSecurityEnabledModeType = { + AUDIT: "AUDIT", + ENFORCED: "ENFORCED", +} as const; + +/** + * @public + */ +export type AdvancedSecurityEnabledModeType = + (typeof AdvancedSecurityEnabledModeType)[keyof typeof AdvancedSecurityEnabledModeType]; + +/** + *

Advanced security configuration options for additional authentication types + * in your user pool, including custom authentication and refresh-token + * authentication. + *

+ * @public + */ +export interface AdvancedSecurityAdditionalFlowsType { + /** + *

The operating mode of advanced security features in custom authentication with + * + * Custom authentication challenge Lambda triggers. + *

+ * @public + */ + CustomAuthMode?: AdvancedSecurityEnabledModeType; +} + /** * @public * @enum @@ -5502,10 +5535,22 @@ export interface UsernameConfigurationType { */ export interface UserPoolAddOnsType { /** - *

The operating mode of advanced security features in your user pool.

+ *

The operating mode of advanced security features for standard authentication types + * in your user pool, including username-password and secure remote password (SRP) + * authentication. + *

* @public */ AdvancedSecurityMode: AdvancedSecurityModeType | undefined; + + /** + *

Advanced security configuration options for additional authentication types + * in your user pool, including custom authentication and refresh-token + * authentication. + *

+ * @public + */ + AdvancedSecurityAdditionalFlows?: AdvancedSecurityAdditionalFlowsType; } /** @@ -9662,32 +9707,6 @@ export interface RevokeTokenRequest { ClientSecret?: string; } -/** - * @public - */ -export interface RevokeTokenResponse {} - -/** - *

Exception that is thrown when the request isn't authorized. This can happen due to an - * invalid access token in the request.

- * @public - */ -export class UnauthorizedException extends __BaseException { - readonly name: "UnauthorizedException" = "UnauthorizedException"; - readonly $fault: "client" = "client"; - /** - * @internal - */ - constructor(opts: __ExceptionOptionType) { - super({ - name: "UnauthorizedException", - $fault: "client", - ...opts, - }); - Object.setPrototypeOf(this, UnauthorizedException.prototype); - } -} - /** * @internal */ diff --git a/clients/client-cognito-identity-provider/src/models/models_1.ts b/clients/client-cognito-identity-provider/src/models/models_1.ts index c0ba8eab7016..642c4696b01c 100644 --- a/clients/client-cognito-identity-provider/src/models/models_1.ts +++ b/clients/client-cognito-identity-provider/src/models/models_1.ts @@ -53,6 +53,32 @@ import { VerifiedAttributeType, } from "./models_0"; +/** + * @public + */ +export interface RevokeTokenResponse {} + +/** + *

Exception that is thrown when the request isn't authorized. This can happen due to an + * invalid access token in the request.

+ * @public + */ +export class UnauthorizedException extends __BaseException { + readonly name: "UnauthorizedException" = "UnauthorizedException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "UnauthorizedException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, UnauthorizedException.prototype); + } +} + /** *

Exception that is thrown when you attempt to perform an operation that isn't enabled * for the user pool client.

diff --git a/clients/client-cognito-identity-provider/src/protocols/Aws_json1_1.ts b/clients/client-cognito-identity-provider/src/protocols/Aws_json1_1.ts index 1a5878867828..fa2ec0f7e12d 100644 --- a/clients/client-cognito-identity-provider/src/protocols/Aws_json1_1.ts +++ b/clients/client-cognito-identity-provider/src/protocols/Aws_json1_1.ts @@ -339,6 +339,7 @@ import { AdminUpdateDeviceStatusRequest, AdminUpdateUserAttributesRequest, AdminUserGlobalSignOutRequest, + AdvancedSecurityAdditionalFlowsType, AliasAttributeType, AliasExistsException, AnalyticsConfigurationType, @@ -492,7 +493,6 @@ import { TooManyFailedAttemptsException, TooManyRequestsException, UICustomizationType, - UnauthorizedException, UnexpectedLambdaException, UnsupportedIdentityProviderException, UnsupportedUserStateException, @@ -533,6 +533,7 @@ import { StopUserImportJobRequest, StopUserImportJobResponse, TagResourceRequest, + UnauthorizedException, UnsupportedOperationException, UnsupportedTokenTypeException, UntagResourceRequest, @@ -4794,6 +4795,8 @@ const de_UserPoolTaggingExceptionRes = async ( // se_AdminUserGlobalSignOutRequest omitted. +// se_AdvancedSecurityAdditionalFlowsType omitted. + // se_AliasAttributesListType omitted. // se_AnalyticsConfigurationType omitted. @@ -5217,6 +5220,8 @@ const de_AdminListUserAuthEventsResponse = (output: any, context: __SerdeContext // de_AdminUserGlobalSignOutResponse omitted. +// de_AdvancedSecurityAdditionalFlowsType omitted. + // de_AliasAttributesListType omitted. // de_AliasExistsException omitted. diff --git a/codegen/sdk-codegen/aws-models/cognito-identity-provider.json b/codegen/sdk-codegen/aws-models/cognito-identity-provider.json index 677624d82548..ef4667fd40d1 100644 --- a/codegen/sdk-codegen/aws-models/cognito-identity-provider.json +++ b/codegen/sdk-codegen/aws-models/cognito-identity-provider.json @@ -3780,6 +3780,37 @@ "smithy.api#output": {} } }, + "com.amazonaws.cognitoidentityprovider#AdvancedSecurityAdditionalFlowsType": { + "type": "structure", + "members": { + "CustomAuthMode": { + "target": "com.amazonaws.cognitoidentityprovider#AdvancedSecurityEnabledModeType", + "traits": { + "smithy.api#documentation": "

The operating mode of advanced security features in custom authentication with \n \n Custom authentication challenge Lambda triggers.\n

" + } + } + }, + "traits": { + "smithy.api#documentation": "

Advanced security configuration options for additional authentication types\n in your user pool, including custom authentication and refresh-token \n authentication.\n

" + } + }, + "com.amazonaws.cognitoidentityprovider#AdvancedSecurityEnabledModeType": { + "type": "enum", + "members": { + "AUDIT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AUDIT" + } + }, + "ENFORCED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENFORCED" + } + } + } + }, "com.amazonaws.cognitoidentityprovider#AdvancedSecurityModeType": { "type": "enum", "members": { @@ -15168,9 +15199,15 @@ "AdvancedSecurityMode": { "target": "com.amazonaws.cognitoidentityprovider#AdvancedSecurityModeType", "traits": { - "smithy.api#documentation": "

The operating mode of advanced security features in your user pool.

", + "smithy.api#documentation": "

The operating mode of advanced security features for standard authentication types\n in your user pool, including username-password and secure remote password (SRP)\n authentication.\n

", "smithy.api#required": {} } + }, + "AdvancedSecurityAdditionalFlows": { + "target": "com.amazonaws.cognitoidentityprovider#AdvancedSecurityAdditionalFlowsType", + "traits": { + "smithy.api#documentation": "

Advanced security configuration options for additional authentication types\n in your user pool, including custom authentication and refresh-token \n authentication.\n

" + } } }, "traits": {