| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.CognitoIdentity.Types
Description
Synopsis
- defaultService :: Service
- _InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError
- _NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError
- _InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
- _ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError
- _TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError
- _DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- newtype AmbiguousRoleResolutionType where
- newtype CognitoErrorCode where
- newtype MappingRuleMatchType where
- newtype RoleMappingType where
- RoleMappingType' { }
- pattern RoleMappingType_Rules :: RoleMappingType
- pattern RoleMappingType_Token :: RoleMappingType
- data CognitoIdentityProvider = CognitoIdentityProvider' {}
- newCognitoIdentityProvider :: CognitoIdentityProvider
- cognitoIdentityProvider_clientId :: Lens' CognitoIdentityProvider (Maybe Text)
- cognitoIdentityProvider_serverSideTokenCheck :: Lens' CognitoIdentityProvider (Maybe Bool)
- cognitoIdentityProvider_providerName :: Lens' CognitoIdentityProvider (Maybe Text)
- data Credentials = Credentials' {
- sessionToken :: Maybe Text
- expiration :: Maybe POSIX
- secretKey :: Maybe Text
- accessKeyId :: Maybe Text
- newCredentials :: Credentials
- credentials_sessionToken :: Lens' Credentials (Maybe Text)
- credentials_expiration :: Lens' Credentials (Maybe UTCTime)
- credentials_secretKey :: Lens' Credentials (Maybe Text)
- credentials_accessKeyId :: Lens' Credentials (Maybe Text)
- data IdentityDescription = IdentityDescription' {
- lastModifiedDate :: Maybe POSIX
- creationDate :: Maybe POSIX
- logins :: Maybe [Text]
- identityId :: Maybe Text
- newIdentityDescription :: IdentityDescription
- identityDescription_lastModifiedDate :: Lens' IdentityDescription (Maybe UTCTime)
- identityDescription_creationDate :: Lens' IdentityDescription (Maybe UTCTime)
- identityDescription_logins :: Lens' IdentityDescription (Maybe [Text])
- identityDescription_identityId :: Lens' IdentityDescription (Maybe Text)
- data IdentityPool = IdentityPool' {
- samlProviderARNs :: Maybe [Text]
- supportedLoginProviders :: Maybe (HashMap Text Text)
- allowClassicFlow :: Maybe Bool
- developerProviderName :: Maybe Text
- identityPoolTags :: Maybe (HashMap Text Text)
- openIdConnectProviderARNs :: Maybe [Text]
- cognitoIdentityProviders :: Maybe [CognitoIdentityProvider]
- identityPoolId :: Text
- identityPoolName :: Text
- allowUnauthenticatedIdentities :: Bool
- newIdentityPool :: Text -> Text -> Bool -> IdentityPool
- identityPool_samlProviderARNs :: Lens' IdentityPool (Maybe [Text])
- identityPool_supportedLoginProviders :: Lens' IdentityPool (Maybe (HashMap Text Text))
- identityPool_allowClassicFlow :: Lens' IdentityPool (Maybe Bool)
- identityPool_developerProviderName :: Lens' IdentityPool (Maybe Text)
- identityPool_identityPoolTags :: Lens' IdentityPool (Maybe (HashMap Text Text))
- identityPool_openIdConnectProviderARNs :: Lens' IdentityPool (Maybe [Text])
- identityPool_cognitoIdentityProviders :: Lens' IdentityPool (Maybe [CognitoIdentityProvider])
- identityPool_identityPoolId :: Lens' IdentityPool Text
- identityPool_identityPoolName :: Lens' IdentityPool Text
- identityPool_allowUnauthenticatedIdentities :: Lens' IdentityPool Bool
- data IdentityPoolShortDescription = IdentityPoolShortDescription' {}
- newIdentityPoolShortDescription :: IdentityPoolShortDescription
- identityPoolShortDescription_identityPoolId :: Lens' IdentityPoolShortDescription (Maybe Text)
- identityPoolShortDescription_identityPoolName :: Lens' IdentityPoolShortDescription (Maybe Text)
- data MappingRule = MappingRule' {}
- newMappingRule :: Text -> MappingRuleMatchType -> Text -> Text -> MappingRule
- mappingRule_claim :: Lens' MappingRule Text
- mappingRule_matchType :: Lens' MappingRule MappingRuleMatchType
- mappingRule_value :: Lens' MappingRule Text
- mappingRule_roleARN :: Lens' MappingRule Text
- data RoleMapping = RoleMapping' {}
- newRoleMapping :: RoleMappingType -> RoleMapping
- roleMapping_rulesConfiguration :: Lens' RoleMapping (Maybe RulesConfigurationType)
- roleMapping_ambiguousRoleResolution :: Lens' RoleMapping (Maybe AmbiguousRoleResolutionType)
- roleMapping_type :: Lens' RoleMapping RoleMappingType
- data RulesConfigurationType = RulesConfigurationType' {}
- newRulesConfigurationType :: NonEmpty MappingRule -> RulesConfigurationType
- rulesConfigurationType_rules :: Lens' RulesConfigurationType (NonEmpty MappingRule)
- data UnprocessedIdentityId = UnprocessedIdentityId' {}
- newUnprocessedIdentityId :: UnprocessedIdentityId
- unprocessedIdentityId_errorCode :: Lens' UnprocessedIdentityId (Maybe CognitoErrorCode)
- unprocessedIdentityId_identityId :: Lens' UnprocessedIdentityId (Maybe Text)
Service Configuration
defaultService :: Service Source #
API version 2014-06-30 of the Amazon Cognito Identity SDK configuration.
Errors
_InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown if the identity pool has no role associated for the given auth type (auth/unauth) or if the AssumeRole fails.
_InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown for missing or bad input parameter(s).
_NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when a user is not authorized to access the requested resource.
_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when the service encounters an error during processing the request.
_ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError Source #
An exception thrown when a dependent service such as Facebook or Twitter is not responding
_TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when a request is throttled.
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown if there are parallel requests to modify a resource.
_ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when a user tries to use a login which is already linked to another account.
_DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The provided developer user identifier is already registered with Cognito under a different identity ID.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when the requested resource (for example, a dataset or record) does not exist.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when the total number of user pools has exceeded a preset limit.
AmbiguousRoleResolutionType
newtype AmbiguousRoleResolutionType Source #
Constructors
| AmbiguousRoleResolutionType' | |
Fields | |
Bundled Patterns
| pattern AmbiguousRoleResolutionType_AuthenticatedRole :: AmbiguousRoleResolutionType | |
| pattern AmbiguousRoleResolutionType_Deny :: AmbiguousRoleResolutionType |
Instances
CognitoErrorCode
newtype CognitoErrorCode Source #
Constructors
| CognitoErrorCode' | |
Fields | |
Bundled Patterns
| pattern CognitoErrorCode_AccessDenied :: CognitoErrorCode | |
| pattern CognitoErrorCode_InternalServerError :: CognitoErrorCode |
Instances
MappingRuleMatchType
newtype MappingRuleMatchType Source #
Constructors
| MappingRuleMatchType' | |
Fields | |
Bundled Patterns
| pattern MappingRuleMatchType_Contains :: MappingRuleMatchType | |
| pattern MappingRuleMatchType_Equals :: MappingRuleMatchType | |
| pattern MappingRuleMatchType_NotEqual :: MappingRuleMatchType | |
| pattern MappingRuleMatchType_StartsWith :: MappingRuleMatchType |
Instances
RoleMappingType
newtype RoleMappingType Source #
Constructors
| RoleMappingType' | |
Fields | |
Bundled Patterns
| pattern RoleMappingType_Rules :: RoleMappingType | |
| pattern RoleMappingType_Token :: RoleMappingType |
Instances
CognitoIdentityProvider
data CognitoIdentityProvider Source #
A provider representing an Amazon Cognito user pool and its client ID.
See: newCognitoIdentityProvider smart constructor.
Constructors
| CognitoIdentityProvider' | |
Fields
| |
Instances
newCognitoIdentityProvider :: CognitoIdentityProvider Source #
Create a value of CognitoIdentityProvider with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:clientId:CognitoIdentityProvider', cognitoIdentityProvider_clientId - The client ID for the Amazon Cognito user pool.
$sel:serverSideTokenCheck:CognitoIdentityProvider', cognitoIdentityProvider_serverSideTokenCheck - TRUE if server-side token validation is enabled for the identity
provider’s token.
Once you set ServerSideTokenCheck to TRUE for an identity pool, that
identity pool will check with the integrated user pools to make sure
that the user has not been globally signed out or deleted before the
identity pool provides an OIDC token or AWS credentials for the user.
If the user is signed out or deleted, the identity pool will return a 400 Not Authorized error.
$sel:providerName:CognitoIdentityProvider', cognitoIdentityProvider_providerName - The provider name for an Amazon Cognito user pool. For example,
cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.
cognitoIdentityProvider_clientId :: Lens' CognitoIdentityProvider (Maybe Text) Source #
The client ID for the Amazon Cognito user pool.
cognitoIdentityProvider_serverSideTokenCheck :: Lens' CognitoIdentityProvider (Maybe Bool) Source #
TRUE if server-side token validation is enabled for the identity provider’s token.
Once you set ServerSideTokenCheck to TRUE for an identity pool, that
identity pool will check with the integrated user pools to make sure
that the user has not been globally signed out or deleted before the
identity pool provides an OIDC token or AWS credentials for the user.
If the user is signed out or deleted, the identity pool will return a 400 Not Authorized error.
cognitoIdentityProvider_providerName :: Lens' CognitoIdentityProvider (Maybe Text) Source #
The provider name for an Amazon Cognito user pool. For example,
cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.
Credentials
data Credentials Source #
Credentials for the provided identity ID.
See: newCredentials smart constructor.
Constructors
| Credentials' | |
Fields
| |
Instances
newCredentials :: Credentials Source #
Create a value of Credentials with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:sessionToken:Credentials', credentials_sessionToken - The Session Token portion of the credentials
$sel:expiration:Credentials', credentials_expiration - The date at which these credentials will expire.
$sel:secretKey:Credentials', credentials_secretKey - The Secret Access Key portion of the credentials
$sel:accessKeyId:Credentials', credentials_accessKeyId - The Access Key portion of the credentials.
credentials_sessionToken :: Lens' Credentials (Maybe Text) Source #
The Session Token portion of the credentials
credentials_expiration :: Lens' Credentials (Maybe UTCTime) Source #
The date at which these credentials will expire.
credentials_secretKey :: Lens' Credentials (Maybe Text) Source #
The Secret Access Key portion of the credentials
credentials_accessKeyId :: Lens' Credentials (Maybe Text) Source #
The Access Key portion of the credentials.
IdentityDescription
data IdentityDescription Source #
A description of the identity.
See: newIdentityDescription smart constructor.
Constructors
| IdentityDescription' | |
Fields
| |
Instances
newIdentityDescription :: IdentityDescription Source #
Create a value of IdentityDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lastModifiedDate:IdentityDescription', identityDescription_lastModifiedDate - Date on which the identity was last modified.
$sel:creationDate:IdentityDescription', identityDescription_creationDate - Date on which the identity was created.
$sel:logins:IdentityDescription', identityDescription_logins - The provider names.
$sel:identityId:IdentityDescription', identityDescription_identityId - A unique identifier in the format REGION:GUID.
identityDescription_lastModifiedDate :: Lens' IdentityDescription (Maybe UTCTime) Source #
Date on which the identity was last modified.
identityDescription_creationDate :: Lens' IdentityDescription (Maybe UTCTime) Source #
Date on which the identity was created.
identityDescription_logins :: Lens' IdentityDescription (Maybe [Text]) Source #
The provider names.
identityDescription_identityId :: Lens' IdentityDescription (Maybe Text) Source #
A unique identifier in the format REGION:GUID.
IdentityPool
data IdentityPool Source #
An object representing an Amazon Cognito identity pool.
See: newIdentityPool smart constructor.
Constructors
| IdentityPool' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Bool | |
| -> IdentityPool |
Create a value of IdentityPool with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:samlProviderARNs:IdentityPool', identityPool_samlProviderARNs - An array of Amazon Resource Names (ARNs) of the SAML provider for your
identity pool.
$sel:supportedLoginProviders:IdentityPool', identityPool_supportedLoginProviders - Optional key:value pairs mapping provider names to provider app IDs.
$sel:allowClassicFlow:IdentityPool', identityPool_allowClassicFlow - Enables or disables the Basic (Classic) authentication flow. For more
information, see
Identity Pools (Federated Identities) Authentication Flow
in the Amazon Cognito Developer Guide.
$sel:developerProviderName:IdentityPool', identityPool_developerProviderName - The "domain" by which Cognito will refer to your users.
$sel:identityPoolTags:IdentityPool', identityPool_identityPoolTags - The tags that are assigned to the identity pool. A tag is a label that
you can apply to identity pools to categorize and manage them in
different ways, such as by purpose, owner, environment, or other
criteria.
$sel:openIdConnectProviderARNs:IdentityPool', identityPool_openIdConnectProviderARNs - The ARNs of the OpenID Connect providers.
$sel:cognitoIdentityProviders:IdentityPool', identityPool_cognitoIdentityProviders - A list representing an Amazon Cognito user pool and its client ID.
$sel:identityPoolId:IdentityPool', identityPool_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:identityPoolName:IdentityPool', identityPool_identityPoolName - A string that you provide.
$sel:allowUnauthenticatedIdentities:IdentityPool', identityPool_allowUnauthenticatedIdentities - TRUE if the identity pool supports unauthenticated logins.
identityPool_samlProviderARNs :: Lens' IdentityPool (Maybe [Text]) Source #
An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.
identityPool_supportedLoginProviders :: Lens' IdentityPool (Maybe (HashMap Text Text)) Source #
Optional key:value pairs mapping provider names to provider app IDs.
identityPool_allowClassicFlow :: Lens' IdentityPool (Maybe Bool) Source #
Enables or disables the Basic (Classic) authentication flow. For more information, see Identity Pools (Federated Identities) Authentication Flow in the Amazon Cognito Developer Guide.
identityPool_developerProviderName :: Lens' IdentityPool (Maybe Text) Source #
The "domain" by which Cognito will refer to your users.
identityPool_identityPoolTags :: Lens' IdentityPool (Maybe (HashMap Text Text)) Source #
The tags that are assigned to the identity pool. A tag is a label that you can apply to identity pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
identityPool_openIdConnectProviderARNs :: Lens' IdentityPool (Maybe [Text]) Source #
The ARNs of the OpenID Connect providers.
identityPool_cognitoIdentityProviders :: Lens' IdentityPool (Maybe [CognitoIdentityProvider]) Source #
A list representing an Amazon Cognito user pool and its client ID.
identityPool_identityPoolId :: Lens' IdentityPool Text Source #
An identity pool ID in the format REGION:GUID.
identityPool_identityPoolName :: Lens' IdentityPool Text Source #
A string that you provide.
identityPool_allowUnauthenticatedIdentities :: Lens' IdentityPool Bool Source #
TRUE if the identity pool supports unauthenticated logins.
IdentityPoolShortDescription
data IdentityPoolShortDescription Source #
A description of the identity pool.
See: newIdentityPoolShortDescription smart constructor.
Constructors
| IdentityPoolShortDescription' | |
Fields
| |
Instances
newIdentityPoolShortDescription :: IdentityPoolShortDescription Source #
Create a value of IdentityPoolShortDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPoolId:IdentityPoolShortDescription', identityPoolShortDescription_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:identityPoolName:IdentityPoolShortDescription', identityPoolShortDescription_identityPoolName - A string that you provide.
identityPoolShortDescription_identityPoolId :: Lens' IdentityPoolShortDescription (Maybe Text) Source #
An identity pool ID in the format REGION:GUID.
identityPoolShortDescription_identityPoolName :: Lens' IdentityPoolShortDescription (Maybe Text) Source #
A string that you provide.
MappingRule
data MappingRule Source #
A rule that maps a claim name, a claim value, and a match type to a role ARN.
See: newMappingRule smart constructor.
Constructors
| MappingRule' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> MappingRuleMatchType | |
| -> Text | |
| -> Text | |
| -> MappingRule |
Create a value of MappingRule with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:claim:MappingRule', mappingRule_claim - The claim name that must be present in the token, for example,
"isAdmin" or "paid".
$sel:matchType:MappingRule', mappingRule_matchType - The match condition that specifies how closely the claim value in the
IdP token must match Value.
$sel:value:MappingRule', mappingRule_value - A brief string that the claim must match, for example, "paid" or
"yes".
$sel:roleARN:MappingRule', mappingRule_roleARN - The role ARN.
mappingRule_claim :: Lens' MappingRule Text Source #
The claim name that must be present in the token, for example, "isAdmin" or "paid".
mappingRule_matchType :: Lens' MappingRule MappingRuleMatchType Source #
The match condition that specifies how closely the claim value in the
IdP token must match Value.
mappingRule_value :: Lens' MappingRule Text Source #
A brief string that the claim must match, for example, "paid" or "yes".
mappingRule_roleARN :: Lens' MappingRule Text Source #
The role ARN.
RoleMapping
data RoleMapping Source #
A role mapping.
See: newRoleMapping smart constructor.
Constructors
| RoleMapping' | |
Fields
| |
Instances
Arguments
| :: RoleMappingType | |
| -> RoleMapping |
Create a value of RoleMapping with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:rulesConfiguration:RoleMapping', roleMapping_rulesConfiguration - The rules to be used for mapping users to roles.
If you specify Rules as the role mapping type, RulesConfiguration is
required.
$sel:ambiguousRoleResolution:RoleMapping', roleMapping_ambiguousRoleResolution - If you specify Token or Rules as the Type, AmbiguousRoleResolution
is required.
Specifies the action to be taken if either no rules match the claim
value for the Rules type, or there is no cognito:preferred_role
claim and there are multiple cognito:roles matches for the Token
type.
$sel:type':RoleMapping', roleMapping_type - The role mapping type. Token will use cognito:roles and
cognito:preferred_role claims from the Cognito identity provider token
to map groups to roles. Rules will attempt to match claims from the
token to map to a role.
roleMapping_rulesConfiguration :: Lens' RoleMapping (Maybe RulesConfigurationType) Source #
The rules to be used for mapping users to roles.
If you specify Rules as the role mapping type, RulesConfiguration is
required.
roleMapping_ambiguousRoleResolution :: Lens' RoleMapping (Maybe AmbiguousRoleResolutionType) Source #
If you specify Token or Rules as the Type, AmbiguousRoleResolution
is required.
Specifies the action to be taken if either no rules match the claim
value for the Rules type, or there is no cognito:preferred_role
claim and there are multiple cognito:roles matches for the Token
type.
roleMapping_type :: Lens' RoleMapping RoleMappingType Source #
The role mapping type. Token will use cognito:roles and
cognito:preferred_role claims from the Cognito identity provider token
to map groups to roles. Rules will attempt to match claims from the
token to map to a role.
RulesConfigurationType
data RulesConfigurationType Source #
A container for rules.
See: newRulesConfigurationType smart constructor.
Constructors
| RulesConfigurationType' | |
Fields
| |
Instances
newRulesConfigurationType Source #
Create a value of RulesConfigurationType with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:rules:RulesConfigurationType', rulesConfigurationType_rules - An array of rules. You can specify up to 25 rules per identity provider.
Rules are evaluated in order. The first one to match specifies the role.
rulesConfigurationType_rules :: Lens' RulesConfigurationType (NonEmpty MappingRule) Source #
An array of rules. You can specify up to 25 rules per identity provider.
Rules are evaluated in order. The first one to match specifies the role.
UnprocessedIdentityId
data UnprocessedIdentityId Source #
An array of UnprocessedIdentityId objects, each of which contains an ErrorCode and IdentityId.
See: newUnprocessedIdentityId smart constructor.
Constructors
| UnprocessedIdentityId' | |
Fields
| |
Instances
newUnprocessedIdentityId :: UnprocessedIdentityId Source #
Create a value of UnprocessedIdentityId with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:errorCode:UnprocessedIdentityId', unprocessedIdentityId_errorCode - The error code indicating the type of error that occurred.
$sel:identityId:UnprocessedIdentityId', unprocessedIdentityId_identityId - A unique identifier in the format REGION:GUID.
unprocessedIdentityId_errorCode :: Lens' UnprocessedIdentityId (Maybe CognitoErrorCode) Source #
The error code indicating the type of error that occurred.
unprocessedIdentityId_identityId :: Lens' UnprocessedIdentityId (Maybe Text) Source #
A unique identifier in the format REGION:GUID.