| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.CognitoIdentity
Contents
- Service Configuration
- Errors
- InvalidIdentityPoolConfigurationException
- InvalidParameterException
- NotAuthorizedException
- InternalErrorException
- ExternalServiceException
- TooManyRequestsException
- ConcurrentModificationException
- ResourceConflictException
- DeveloperUserAlreadyRegisteredException
- ResourceNotFoundException
- LimitExceededException
- Waiters
- Operations
- GetOpenIdToken
- GetOpenIdTokenForDeveloperIdentity
- DescribeIdentityPool
- SetPrincipalTagAttributeMap
- ListTagsForResource
- GetId
- DeleteIdentityPool
- UpdateIdentityPool
- UnlinkDeveloperIdentity
- GetIdentityPoolRoles
- ListIdentityPools (Paginated)
- GetCredentialsForIdentity
- GetPrincipalTagAttributeMap
- DeleteIdentities
- SetIdentityPoolRoles
- ListIdentities
- LookupDeveloperIdentity
- UnlinkIdentity
- TagResource
- DescribeIdentity
- UntagResource
- CreateIdentityPool
- MergeDeveloperIdentities
- Types
Description
Derived from API version 2014-06-30 of the AWS service descriptions, licensed under Apache 2.0.
Amazon Cognito Federated Identities
Amazon Cognito Federated Identities is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. It uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.
Using Amazon Cognito Federated Identities, you can enable authentication with one or more third-party identity providers (Facebook, Google, or Login with Amazon) or an Amazon Cognito user pool, and you can also choose to support unauthenticated access from your app. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by AWS Security Token Service (STS) to access temporary, limited-privilege AWS credentials.
For a description of the authentication flow from the Amazon Cognito Developer Guide see Authentication Flow.
For more information see Amazon Cognito Federated Identities.
Synopsis
- defaultService :: Service
- _InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError
- _NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError
- _InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
- _ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError
- _TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError
- _DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- data GetOpenIdToken = GetOpenIdToken' (Maybe (HashMap Text Text)) Text
- newGetOpenIdToken :: Text -> GetOpenIdToken
- data GetOpenIdTokenResponse = GetOpenIdTokenResponse' (Maybe Text) (Maybe Text) Int
- newGetOpenIdTokenResponse :: Int -> GetOpenIdTokenResponse
- data GetOpenIdTokenForDeveloperIdentity = GetOpenIdTokenForDeveloperIdentity' (Maybe Natural) (Maybe (HashMap Text Text)) (Maybe Text) Text (HashMap Text Text)
- newGetOpenIdTokenForDeveloperIdentity :: Text -> GetOpenIdTokenForDeveloperIdentity
- data GetOpenIdTokenForDeveloperIdentityResponse = GetOpenIdTokenForDeveloperIdentityResponse' (Maybe Text) (Maybe Text) Int
- newGetOpenIdTokenForDeveloperIdentityResponse :: Int -> GetOpenIdTokenForDeveloperIdentityResponse
- data DescribeIdentityPool = DescribeIdentityPool' Text
- newDescribeIdentityPool :: Text -> DescribeIdentityPool
- data IdentityPool = IdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool
- newIdentityPool :: Text -> Text -> Bool -> IdentityPool
- data SetPrincipalTagAttributeMap = SetPrincipalTagAttributeMap' (Maybe (HashMap Text Text)) (Maybe Bool) Text Text
- newSetPrincipalTagAttributeMap :: Text -> Text -> SetPrincipalTagAttributeMap
- data SetPrincipalTagAttributeMapResponse = SetPrincipalTagAttributeMapResponse' (Maybe Text) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe Bool) Int
- newSetPrincipalTagAttributeMapResponse :: Int -> SetPrincipalTagAttributeMapResponse
- data ListTagsForResource = ListTagsForResource' Text
- newListTagsForResource :: Text -> ListTagsForResource
- data ListTagsForResourceResponse = ListTagsForResourceResponse' (Maybe (HashMap Text Text)) Int
- newListTagsForResourceResponse :: Int -> ListTagsForResourceResponse
- data GetId = GetId' (Maybe Text) (Maybe (HashMap Text Text)) Text
- newGetId :: Text -> GetId
- data GetIdResponse = GetIdResponse' (Maybe Text) Int
- newGetIdResponse :: Int -> GetIdResponse
- data DeleteIdentityPool = DeleteIdentityPool' Text
- newDeleteIdentityPool :: Text -> DeleteIdentityPool
- data DeleteIdentityPoolResponse = DeleteIdentityPoolResponse' {
- newDeleteIdentityPoolResponse :: DeleteIdentityPoolResponse
- data UpdateIdentityPool = UpdateIdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool
- newUpdateIdentityPool :: Text -> Text -> Bool -> UpdateIdentityPool
- data IdentityPool = IdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool
- newIdentityPool :: Text -> Text -> Bool -> IdentityPool
- data UnlinkDeveloperIdentity = UnlinkDeveloperIdentity' Text Text Text Text
- newUnlinkDeveloperIdentity :: Text -> Text -> Text -> Text -> UnlinkDeveloperIdentity
- data UnlinkDeveloperIdentityResponse = UnlinkDeveloperIdentityResponse' {
- newUnlinkDeveloperIdentityResponse :: UnlinkDeveloperIdentityResponse
- data GetIdentityPoolRoles = GetIdentityPoolRoles' Text
- newGetIdentityPoolRoles :: Text -> GetIdentityPoolRoles
- data GetIdentityPoolRolesResponse = GetIdentityPoolRolesResponse' (Maybe (HashMap Text Text)) (Maybe Text) (Maybe (HashMap Text RoleMapping)) Int
- newGetIdentityPoolRolesResponse :: Int -> GetIdentityPoolRolesResponse
- data ListIdentityPools = ListIdentityPools' (Maybe Text) Natural
- newListIdentityPools :: Natural -> ListIdentityPools
- data ListIdentityPoolsResponse = ListIdentityPoolsResponse' (Maybe [IdentityPoolShortDescription]) (Maybe Text) Int
- newListIdentityPoolsResponse :: Int -> ListIdentityPoolsResponse
- data GetCredentialsForIdentity = GetCredentialsForIdentity' (Maybe Text) (Maybe (HashMap Text Text)) Text
- newGetCredentialsForIdentity :: Text -> GetCredentialsForIdentity
- data GetCredentialsForIdentityResponse = GetCredentialsForIdentityResponse' (Maybe Credentials) (Maybe Text) Int
- newGetCredentialsForIdentityResponse :: Int -> GetCredentialsForIdentityResponse
- data GetPrincipalTagAttributeMap = GetPrincipalTagAttributeMap' Text Text
- newGetPrincipalTagAttributeMap :: Text -> Text -> GetPrincipalTagAttributeMap
- data GetPrincipalTagAttributeMapResponse = GetPrincipalTagAttributeMapResponse' (Maybe Text) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe Bool) Int
- newGetPrincipalTagAttributeMapResponse :: Int -> GetPrincipalTagAttributeMapResponse
- data DeleteIdentities = DeleteIdentities' (NonEmpty Text)
- newDeleteIdentities :: NonEmpty Text -> DeleteIdentities
- data DeleteIdentitiesResponse = DeleteIdentitiesResponse' (Maybe [UnprocessedIdentityId]) Int
- newDeleteIdentitiesResponse :: Int -> DeleteIdentitiesResponse
- data SetIdentityPoolRoles = SetIdentityPoolRoles' (Maybe (HashMap Text RoleMapping)) Text (HashMap Text Text)
- newSetIdentityPoolRoles :: Text -> SetIdentityPoolRoles
- data SetIdentityPoolRolesResponse = SetIdentityPoolRolesResponse' {
- newSetIdentityPoolRolesResponse :: SetIdentityPoolRolesResponse
- data ListIdentities = ListIdentities' (Maybe Bool) (Maybe Text) Text Natural
- newListIdentities :: Text -> Natural -> ListIdentities
- data ListIdentitiesResponse = ListIdentitiesResponse' (Maybe Text) (Maybe Text) (Maybe [IdentityDescription]) Int
- newListIdentitiesResponse :: Int -> ListIdentitiesResponse
- data LookupDeveloperIdentity = LookupDeveloperIdentity' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Natural) Text
- newLookupDeveloperIdentity :: Text -> LookupDeveloperIdentity
- data LookupDeveloperIdentityResponse = LookupDeveloperIdentityResponse' (Maybe Text) (Maybe Text) (Maybe [Text]) Int
- newLookupDeveloperIdentityResponse :: Int -> LookupDeveloperIdentityResponse
- data UnlinkIdentity = UnlinkIdentity' Text (HashMap Text Text) [Text]
- newUnlinkIdentity :: Text -> UnlinkIdentity
- data UnlinkIdentityResponse = UnlinkIdentityResponse' {
- newUnlinkIdentityResponse :: UnlinkIdentityResponse
- data TagResource = TagResource' Text (HashMap Text Text)
- newTagResource :: Text -> TagResource
- data TagResourceResponse = TagResourceResponse' Int
- newTagResourceResponse :: Int -> TagResourceResponse
- data DescribeIdentity = DescribeIdentity' Text
- newDescribeIdentity :: Text -> DescribeIdentity
- data IdentityDescription = IdentityDescription' (Maybe POSIX) (Maybe POSIX) (Maybe [Text]) (Maybe Text)
- newIdentityDescription :: IdentityDescription
- data UntagResource = UntagResource' Text [Text]
- newUntagResource :: Text -> UntagResource
- data UntagResourceResponse = UntagResourceResponse' Int
- newUntagResourceResponse :: Int -> UntagResourceResponse
- data CreateIdentityPool = CreateIdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Bool
- newCreateIdentityPool :: Text -> Bool -> CreateIdentityPool
- data IdentityPool = IdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool
- newIdentityPool :: Text -> Text -> Bool -> IdentityPool
- data MergeDeveloperIdentities = MergeDeveloperIdentities' Text Text Text Text
- newMergeDeveloperIdentities :: Text -> Text -> Text -> Text -> MergeDeveloperIdentities
- data MergeDeveloperIdentitiesResponse = MergeDeveloperIdentitiesResponse' (Maybe Text) Int
- newMergeDeveloperIdentitiesResponse :: Int -> MergeDeveloperIdentitiesResponse
- newtype AmbiguousRoleResolutionType where
- newtype CognitoErrorCode where
- newtype MappingRuleMatchType where
- newtype RoleMappingType where
- RoleMappingType' { }
- pattern RoleMappingType_Rules :: RoleMappingType
- pattern RoleMappingType_Token :: RoleMappingType
- data CognitoIdentityProvider = CognitoIdentityProvider' (Maybe Text) (Maybe Bool) (Maybe Text)
- newCognitoIdentityProvider :: CognitoIdentityProvider
- data Credentials = Credentials' (Maybe Text) (Maybe POSIX) (Maybe Text) (Maybe Text)
- newCredentials :: Credentials
- data IdentityDescription = IdentityDescription' (Maybe POSIX) (Maybe POSIX) (Maybe [Text]) (Maybe Text)
- newIdentityDescription :: IdentityDescription
- data IdentityPool = IdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool
- newIdentityPool :: Text -> Text -> Bool -> IdentityPool
- data IdentityPoolShortDescription = IdentityPoolShortDescription' (Maybe Text) (Maybe Text)
- newIdentityPoolShortDescription :: IdentityPoolShortDescription
- data MappingRule = MappingRule' Text MappingRuleMatchType Text Text
- newMappingRule :: Text -> MappingRuleMatchType -> Text -> Text -> MappingRule
- data RoleMapping = RoleMapping' (Maybe RulesConfigurationType) (Maybe AmbiguousRoleResolutionType) RoleMappingType
- newRoleMapping :: RoleMappingType -> RoleMapping
- data RulesConfigurationType = RulesConfigurationType' (NonEmpty MappingRule)
- newRulesConfigurationType :: NonEmpty MappingRule -> RulesConfigurationType
- data UnprocessedIdentityId = UnprocessedIdentityId' (Maybe CognitoErrorCode) (Maybe Text)
- newUnprocessedIdentityId :: UnprocessedIdentityId
Service Configuration
defaultService :: Service Source #
API version 2014-06-30 of the Amazon Cognito Identity SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by CognitoIdentity.
InvalidIdentityPoolConfigurationException
_InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown if the identity pool has no role associated for the given auth type (auth/unauth) or if the AssumeRole fails.
InvalidParameterException
_InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown for missing or bad input parameter(s).
NotAuthorizedException
_NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when a user is not authorized to access the requested resource.
InternalErrorException
_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when the service encounters an error during processing the request.
ExternalServiceException
_ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError Source #
An exception thrown when a dependent service such as Facebook or Twitter is not responding
TooManyRequestsException
_TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when a request is throttled.
ConcurrentModificationException
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown if there are parallel requests to modify a resource.
ResourceConflictException
_ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when a user tries to use a login which is already linked to another account.
DeveloperUserAlreadyRegisteredException
_DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The provided developer user identifier is already registered with Cognito under a different identity ID.
ResourceNotFoundException
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when the requested resource (for example, a dataset or record) does not exist.
LimitExceededException
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Thrown when the total number of user pools has exceeded a preset limit.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait specification is fulfilled. The Wait specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
GetOpenIdToken
data GetOpenIdToken Source #
Input to the GetOpenIdToken action.
See: newGetOpenIdToken smart constructor.
Instances
Arguments
| :: Text | |
| -> GetOpenIdToken |
Create a value of GetOpenIdToken with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:logins:GetOpenIdToken', getOpenIdToken_logins - A set of optional name-value pairs that map provider names to provider
tokens. When using graph.facebook.com and www.amazon.com, supply the
access_token returned from the provider's authflow. For
accounts.google.com, an Amazon Cognito user pool provider, or any other
OpenID Connect provider, always include the id_token.
$sel:identityId:GetOpenIdToken', getOpenIdToken_identityId - A unique identifier in the format REGION:GUID.
data GetOpenIdTokenResponse Source #
Returned in response to a successful GetOpenIdToken request.
See: newGetOpenIdTokenResponse smart constructor.
Instances
newGetOpenIdTokenResponse Source #
Create a value of GetOpenIdTokenResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:token:GetOpenIdTokenResponse', getOpenIdTokenResponse_token - An OpenID token, valid for 10 minutes.
$sel:identityId:GetOpenIdToken', getOpenIdTokenResponse_identityId - A unique identifier in the format REGION:GUID. Note that the IdentityId
returned may not match the one passed on input.
$sel:httpStatus:GetOpenIdTokenResponse', getOpenIdTokenResponse_httpStatus - The response's http status code.
GetOpenIdTokenForDeveloperIdentity
data GetOpenIdTokenForDeveloperIdentity Source #
Input to the GetOpenIdTokenForDeveloperIdentity action.
See: newGetOpenIdTokenForDeveloperIdentity smart constructor.
Constructors
| GetOpenIdTokenForDeveloperIdentity' (Maybe Natural) (Maybe (HashMap Text Text)) (Maybe Text) Text (HashMap Text Text) |
Instances
newGetOpenIdTokenForDeveloperIdentity Source #
Arguments
| :: Text | |
| -> GetOpenIdTokenForDeveloperIdentity |
Create a value of GetOpenIdTokenForDeveloperIdentity with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tokenDuration:GetOpenIdTokenForDeveloperIdentity', getOpenIdTokenForDeveloperIdentity_tokenDuration - The expiration time of the token, in seconds. You can specify a custom
expiration time for the token so that you can cache it. If you don't
provide an expiration time, the token is valid for 15 minutes. You can
exchange the token with Amazon STS for temporary AWS credentials, which
are valid for a maximum of one hour. The maximum token duration you can
set is 24 hours. You should take care in setting the expiration time for
a token, as there are significant security implications: an attacker
could use a leaked token to access your AWS resources for the token's
duration.
Please provide for a small grace period, usually no more than 5 minutes, to account for clock skew.
$sel:principalTags:GetOpenIdTokenForDeveloperIdentity', getOpenIdTokenForDeveloperIdentity_principalTags - Use this operation to configure attribute mappings for custom providers.
$sel:identityId:GetOpenIdTokenForDeveloperIdentity', getOpenIdTokenForDeveloperIdentity_identityId - A unique identifier in the format REGION:GUID.
$sel:identityPoolId:GetOpenIdTokenForDeveloperIdentity', getOpenIdTokenForDeveloperIdentity_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:logins:GetOpenIdTokenForDeveloperIdentity', getOpenIdTokenForDeveloperIdentity_logins - A set of optional name-value pairs that map provider names to provider
tokens. Each name-value pair represents a user from a public provider or
developer provider. If the user is from a developer provider, the
name-value pair will follow the syntax
"developer_provider_name": "developer_user_identifier". The
developer provider is the "domain" by which Cognito will refer to your
users; you provided this domain while creating/updating the identity
pool. The developer user identifier is an identifier from your backend
that uniquely identifies a user. When you create an identity pool, you
can specify the supported logins.
data GetOpenIdTokenForDeveloperIdentityResponse Source #
Returned in response to a successful
GetOpenIdTokenForDeveloperIdentity request.
See: newGetOpenIdTokenForDeveloperIdentityResponse smart constructor.
Instances
newGetOpenIdTokenForDeveloperIdentityResponse Source #
Arguments
| :: Int | |
| -> GetOpenIdTokenForDeveloperIdentityResponse |
Create a value of GetOpenIdTokenForDeveloperIdentityResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:token:GetOpenIdTokenForDeveloperIdentityResponse', getOpenIdTokenForDeveloperIdentityResponse_token - An OpenID token.
$sel:identityId:GetOpenIdTokenForDeveloperIdentity', getOpenIdTokenForDeveloperIdentityResponse_identityId - A unique identifier in the format REGION:GUID.
$sel:httpStatus:GetOpenIdTokenForDeveloperIdentityResponse', getOpenIdTokenForDeveloperIdentityResponse_httpStatus - The response's http status code.
DescribeIdentityPool
data DescribeIdentityPool Source #
Input to the DescribeIdentityPool action.
See: newDescribeIdentityPool smart constructor.
Constructors
| DescribeIdentityPool' Text |
Instances
newDescribeIdentityPool Source #
Create a value of DescribeIdentityPool with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPoolId:DescribeIdentityPool', describeIdentityPool_identityPoolId - An identity pool ID in the format REGION:GUID.
data IdentityPool Source #
An object representing an Amazon Cognito identity pool.
See: newIdentityPool smart constructor.
Constructors
| IdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Bool | |
| -> IdentityPool |
Create a value of IdentityPool with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:samlProviderARNs:IdentityPool', identityPool_samlProviderARNs - An array of Amazon Resource Names (ARNs) of the SAML provider for your
identity pool.
$sel:supportedLoginProviders:IdentityPool', identityPool_supportedLoginProviders - Optional key:value pairs mapping provider names to provider app IDs.
$sel:allowClassicFlow:IdentityPool', identityPool_allowClassicFlow - Enables or disables the Basic (Classic) authentication flow. For more
information, see
Identity Pools (Federated Identities) Authentication Flow
in the Amazon Cognito Developer Guide.
$sel:developerProviderName:IdentityPool', identityPool_developerProviderName - The "domain" by which Cognito will refer to your users.
$sel:identityPoolTags:IdentityPool', identityPool_identityPoolTags - The tags that are assigned to the identity pool. A tag is a label that
you can apply to identity pools to categorize and manage them in
different ways, such as by purpose, owner, environment, or other
criteria.
$sel:openIdConnectProviderARNs:IdentityPool', identityPool_openIdConnectProviderARNs - The ARNs of the OpenID Connect providers.
$sel:cognitoIdentityProviders:IdentityPool', identityPool_cognitoIdentityProviders - A list representing an Amazon Cognito user pool and its client ID.
$sel:identityPoolId:IdentityPool', identityPool_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:identityPoolName:IdentityPool', identityPool_identityPoolName - A string that you provide.
$sel:allowUnauthenticatedIdentities:IdentityPool', identityPool_allowUnauthenticatedIdentities - TRUE if the identity pool supports unauthenticated logins.
SetPrincipalTagAttributeMap
data SetPrincipalTagAttributeMap Source #
See: newSetPrincipalTagAttributeMap smart constructor.
Instances
newSetPrincipalTagAttributeMap Source #
Arguments
| :: Text | |
| -> Text | |
| -> SetPrincipalTagAttributeMap |
Create a value of SetPrincipalTagAttributeMap with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:principalTags:SetPrincipalTagAttributeMap', setPrincipalTagAttributeMap_principalTags - You can use this operation to add principal tags.
$sel:useDefaults:SetPrincipalTagAttributeMap', setPrincipalTagAttributeMap_useDefaults - You can use this operation to use default (username and clientID)
attribute mappings.
$sel:identityPoolId:SetPrincipalTagAttributeMap', setPrincipalTagAttributeMap_identityPoolId - The ID of the Identity Pool you want to set attribute mappings for.
$sel:identityProviderName:SetPrincipalTagAttributeMap', setPrincipalTagAttributeMap_identityProviderName - The provider name you want to use for attribute mappings.
data SetPrincipalTagAttributeMapResponse Source #
See: newSetPrincipalTagAttributeMapResponse smart constructor.
Constructors
| SetPrincipalTagAttributeMapResponse' (Maybe Text) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe Bool) Int |
Instances
newSetPrincipalTagAttributeMapResponse Source #
Arguments
| :: Int | |
| -> SetPrincipalTagAttributeMapResponse |
Create a value of SetPrincipalTagAttributeMapResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPoolId:SetPrincipalTagAttributeMap', setPrincipalTagAttributeMapResponse_identityPoolId - The ID of the Identity Pool you want to set attribute mappings for.
$sel:identityProviderName:SetPrincipalTagAttributeMap', setPrincipalTagAttributeMapResponse_identityProviderName - The provider name you want to use for attribute mappings.
$sel:principalTags:SetPrincipalTagAttributeMap', setPrincipalTagAttributeMapResponse_principalTags - You can use this operation to add principal tags. The
PrincipalTagsoperation enables you to reference user attributes in
your IAM permissions policy.
$sel:useDefaults:SetPrincipalTagAttributeMap', setPrincipalTagAttributeMapResponse_useDefaults - You can use this operation to select default (username and clientID)
attribute mappings.
$sel:httpStatus:SetPrincipalTagAttributeMapResponse', setPrincipalTagAttributeMapResponse_httpStatus - The response's http status code.
ListTagsForResource
data ListTagsForResource Source #
See: newListTagsForResource smart constructor.
Constructors
| ListTagsForResource' Text |
Instances
newListTagsForResource Source #
Arguments
| :: Text | |
| -> ListTagsForResource |
Create a value of ListTagsForResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:ListTagsForResource', listTagsForResource_resourceArn - The Amazon Resource Name (ARN) of the identity pool that the tags are
assigned to.
data ListTagsForResourceResponse Source #
See: newListTagsForResourceResponse smart constructor.
Instances
newListTagsForResourceResponse Source #
Create a value of ListTagsForResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tags:ListTagsForResourceResponse', listTagsForResourceResponse_tags - The tags that are assigned to the identity pool.
$sel:httpStatus:ListTagsForResourceResponse', listTagsForResourceResponse_httpStatus - The response's http status code.
GetId
Input to the GetId action.
See: newGetId smart constructor.
Instances
Create a value of GetId with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:GetId', getId_accountId - A standard AWS account ID (9+ digits).
$sel:logins:GetId', getId_logins - A set of optional name-value pairs that map provider names to provider
tokens. The available provider names for Logins are as follows:
- Facebook:
graph.facebook.com - Amazon Cognito user pool:
cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>, for example,cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789. - Google:
accounts.google.com - Amazon:
www.amazon.com - Twitter:
api.twitter.com - Digits:
www.digits.com
$sel:identityPoolId:GetId', getId_identityPoolId - An identity pool ID in the format REGION:GUID.
data GetIdResponse Source #
Returned in response to a GetId request.
See: newGetIdResponse smart constructor.
Constructors
| GetIdResponse' (Maybe Text) Int |
Instances
Arguments
| :: Int | |
| -> GetIdResponse |
Create a value of GetIdResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityId:GetIdResponse', getIdResponse_identityId - A unique identifier in the format REGION:GUID.
$sel:httpStatus:GetIdResponse', getIdResponse_httpStatus - The response's http status code.
DeleteIdentityPool
data DeleteIdentityPool Source #
Input to the DeleteIdentityPool action.
See: newDeleteIdentityPool smart constructor.
Constructors
| DeleteIdentityPool' Text |
Instances
newDeleteIdentityPool Source #
Create a value of DeleteIdentityPool with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPoolId:DeleteIdentityPool', deleteIdentityPool_identityPoolId - An identity pool ID in the format REGION:GUID.
data DeleteIdentityPoolResponse Source #
See: newDeleteIdentityPoolResponse smart constructor.
Constructors
| DeleteIdentityPoolResponse' | |
Instances
newDeleteIdentityPoolResponse :: DeleteIdentityPoolResponse Source #
Create a value of DeleteIdentityPoolResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
UpdateIdentityPool
data UpdateIdentityPool Source #
An object representing an Amazon Cognito identity pool.
See: newUpdateIdentityPool smart constructor.
Constructors
| UpdateIdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool |
Instances
newUpdateIdentityPool Source #
Arguments
| :: Text | |
| -> Text | |
| -> Bool | |
| -> UpdateIdentityPool |
Create a value of UpdateIdentityPool with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:samlProviderARNs:UpdateIdentityPool', updateIdentityPool_samlProviderARNs - An array of Amazon Resource Names (ARNs) of the SAML provider for your
identity pool.
$sel:supportedLoginProviders:UpdateIdentityPool', updateIdentityPool_supportedLoginProviders - Optional key:value pairs mapping provider names to provider app IDs.
$sel:allowClassicFlow:UpdateIdentityPool', updateIdentityPool_allowClassicFlow - Enables or disables the Basic (Classic) authentication flow. For more
information, see
Identity Pools (Federated Identities) Authentication Flow
in the Amazon Cognito Developer Guide.
$sel:developerProviderName:UpdateIdentityPool', updateIdentityPool_developerProviderName - The "domain" by which Cognito will refer to your users.
$sel:identityPoolTags:UpdateIdentityPool', updateIdentityPool_identityPoolTags - The tags that are assigned to the identity pool. A tag is a label that
you can apply to identity pools to categorize and manage them in
different ways, such as by purpose, owner, environment, or other
criteria.
$sel:openIdConnectProviderARNs:UpdateIdentityPool', updateIdentityPool_openIdConnectProviderARNs - The ARNs of the OpenID Connect providers.
$sel:cognitoIdentityProviders:UpdateIdentityPool', updateIdentityPool_cognitoIdentityProviders - A list representing an Amazon Cognito user pool and its client ID.
$sel:identityPoolId:UpdateIdentityPool', updateIdentityPool_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:identityPoolName:UpdateIdentityPool', updateIdentityPool_identityPoolName - A string that you provide.
$sel:allowUnauthenticatedIdentities:UpdateIdentityPool', updateIdentityPool_allowUnauthenticatedIdentities - TRUE if the identity pool supports unauthenticated logins.
data IdentityPool Source #
An object representing an Amazon Cognito identity pool.
See: newIdentityPool smart constructor.
Constructors
| IdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Bool | |
| -> IdentityPool |
Create a value of IdentityPool with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:samlProviderARNs:IdentityPool', identityPool_samlProviderARNs - An array of Amazon Resource Names (ARNs) of the SAML provider for your
identity pool.
$sel:supportedLoginProviders:IdentityPool', identityPool_supportedLoginProviders - Optional key:value pairs mapping provider names to provider app IDs.
$sel:allowClassicFlow:IdentityPool', identityPool_allowClassicFlow - Enables or disables the Basic (Classic) authentication flow. For more
information, see
Identity Pools (Federated Identities) Authentication Flow
in the Amazon Cognito Developer Guide.
$sel:developerProviderName:IdentityPool', identityPool_developerProviderName - The "domain" by which Cognito will refer to your users.
$sel:identityPoolTags:IdentityPool', identityPool_identityPoolTags - The tags that are assigned to the identity pool. A tag is a label that
you can apply to identity pools to categorize and manage them in
different ways, such as by purpose, owner, environment, or other
criteria.
$sel:openIdConnectProviderARNs:IdentityPool', identityPool_openIdConnectProviderARNs - The ARNs of the OpenID Connect providers.
$sel:cognitoIdentityProviders:IdentityPool', identityPool_cognitoIdentityProviders - A list representing an Amazon Cognito user pool and its client ID.
$sel:identityPoolId:IdentityPool', identityPool_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:identityPoolName:IdentityPool', identityPool_identityPoolName - A string that you provide.
$sel:allowUnauthenticatedIdentities:IdentityPool', identityPool_allowUnauthenticatedIdentities - TRUE if the identity pool supports unauthenticated logins.
UnlinkDeveloperIdentity
data UnlinkDeveloperIdentity Source #
Input to the UnlinkDeveloperIdentity action.
See: newUnlinkDeveloperIdentity smart constructor.
Constructors
| UnlinkDeveloperIdentity' Text Text Text Text |
Instances
newUnlinkDeveloperIdentity Source #
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> UnlinkDeveloperIdentity |
Create a value of UnlinkDeveloperIdentity with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityId:UnlinkDeveloperIdentity', unlinkDeveloperIdentity_identityId - A unique identifier in the format REGION:GUID.
$sel:identityPoolId:UnlinkDeveloperIdentity', unlinkDeveloperIdentity_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:developerProviderName:UnlinkDeveloperIdentity', unlinkDeveloperIdentity_developerProviderName - The "domain" by which Cognito will refer to your users.
$sel:developerUserIdentifier:UnlinkDeveloperIdentity', unlinkDeveloperIdentity_developerUserIdentifier - A unique ID used by your backend authentication process to identify a
user.
data UnlinkDeveloperIdentityResponse Source #
See: newUnlinkDeveloperIdentityResponse smart constructor.
Constructors
| UnlinkDeveloperIdentityResponse' | |
Instances
newUnlinkDeveloperIdentityResponse :: UnlinkDeveloperIdentityResponse Source #
Create a value of UnlinkDeveloperIdentityResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
GetIdentityPoolRoles
data GetIdentityPoolRoles Source #
Input to the GetIdentityPoolRoles action.
See: newGetIdentityPoolRoles smart constructor.
Constructors
| GetIdentityPoolRoles' Text |
Instances
newGetIdentityPoolRoles Source #
Create a value of GetIdentityPoolRoles with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPoolId:GetIdentityPoolRoles', getIdentityPoolRoles_identityPoolId - An identity pool ID in the format REGION:GUID.
data GetIdentityPoolRolesResponse Source #
Returned in response to a successful GetIdentityPoolRoles operation.
See: newGetIdentityPoolRolesResponse smart constructor.
Constructors
| GetIdentityPoolRolesResponse' (Maybe (HashMap Text Text)) (Maybe Text) (Maybe (HashMap Text RoleMapping)) Int |
Instances
newGetIdentityPoolRolesResponse Source #
Create a value of GetIdentityPoolRolesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:roles:GetIdentityPoolRolesResponse', getIdentityPoolRolesResponse_roles - The map of roles associated with this pool. Currently only authenticated
and unauthenticated roles are supported.
$sel:identityPoolId:GetIdentityPoolRoles', getIdentityPoolRolesResponse_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:roleMappings:GetIdentityPoolRolesResponse', getIdentityPoolRolesResponse_roleMappings - How users for a specific identity provider are to mapped to roles. This
is a String-to-RoleMapping object map. The string identifies the
identity provider, for example, "graph.facebook.com" or
"cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id".
$sel:httpStatus:GetIdentityPoolRolesResponse', getIdentityPoolRolesResponse_httpStatus - The response's http status code.
ListIdentityPools (Paginated)
data ListIdentityPools Source #
Input to the ListIdentityPools action.
See: newListIdentityPools smart constructor.
Constructors
| ListIdentityPools' (Maybe Text) Natural |
Instances
Arguments
| :: Natural | |
| -> ListIdentityPools |
Create a value of ListIdentityPools with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:nextToken:ListIdentityPools', listIdentityPools_nextToken - A pagination token.
$sel:maxResults:ListIdentityPools', listIdentityPools_maxResults - The maximum number of identities to return.
data ListIdentityPoolsResponse Source #
The result of a successful ListIdentityPools action.
See: newListIdentityPoolsResponse smart constructor.
Constructors
| ListIdentityPoolsResponse' (Maybe [IdentityPoolShortDescription]) (Maybe Text) Int |
Instances
newListIdentityPoolsResponse Source #
Create a value of ListIdentityPoolsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPools:ListIdentityPoolsResponse', listIdentityPoolsResponse_identityPools - The identity pools returned by the ListIdentityPools action.
$sel:nextToken:ListIdentityPools', listIdentityPoolsResponse_nextToken - A pagination token.
$sel:httpStatus:ListIdentityPoolsResponse', listIdentityPoolsResponse_httpStatus - The response's http status code.
GetCredentialsForIdentity
data GetCredentialsForIdentity Source #
Input to the GetCredentialsForIdentity action.
See: newGetCredentialsForIdentity smart constructor.
Instances
newGetCredentialsForIdentity Source #
Create a value of GetCredentialsForIdentity with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:customRoleArn:GetCredentialsForIdentity', getCredentialsForIdentity_customRoleArn - The Amazon Resource Name (ARN) of the role to be assumed when multiple
roles were received in the token from the identity provider. For
example, a SAML-based identity provider. This parameter is optional for
identity providers that do not support role customization.
$sel:logins:GetCredentialsForIdentity', getCredentialsForIdentity_logins - A set of optional name-value pairs that map provider names to provider
tokens. The name-value pair will follow the syntax "provider_name":
"provider_user_identifier".
Logins should not be specified when trying to get credentials for an unauthenticated identity.
The Logins parameter is required when using identities associated with
external identity providers such as Facebook. For examples of Logins
maps, see the code examples in the
External Identity Providers
section of the Amazon Cognito Developer Guide.
$sel:identityId:GetCredentialsForIdentity', getCredentialsForIdentity_identityId - A unique identifier in the format REGION:GUID.
data GetCredentialsForIdentityResponse Source #
Returned in response to a successful GetCredentialsForIdentity
operation.
See: newGetCredentialsForIdentityResponse smart constructor.
Constructors
| GetCredentialsForIdentityResponse' (Maybe Credentials) (Maybe Text) Int |
Instances
newGetCredentialsForIdentityResponse Source #
Arguments
| :: Int | |
| -> GetCredentialsForIdentityResponse |
Create a value of GetCredentialsForIdentityResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:credentials:GetCredentialsForIdentityResponse', getCredentialsForIdentityResponse_credentials - Credentials for the provided identity ID.
$sel:identityId:GetCredentialsForIdentity', getCredentialsForIdentityResponse_identityId - A unique identifier in the format REGION:GUID.
$sel:httpStatus:GetCredentialsForIdentityResponse', getCredentialsForIdentityResponse_httpStatus - The response's http status code.
GetPrincipalTagAttributeMap
data GetPrincipalTagAttributeMap Source #
See: newGetPrincipalTagAttributeMap smart constructor.
Constructors
| GetPrincipalTagAttributeMap' Text Text |
Instances
newGetPrincipalTagAttributeMap Source #
Arguments
| :: Text | |
| -> Text | |
| -> GetPrincipalTagAttributeMap |
Create a value of GetPrincipalTagAttributeMap with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPoolId:GetPrincipalTagAttributeMap', getPrincipalTagAttributeMap_identityPoolId - You can use this operation to get the ID of the Identity Pool you setup
attribute mappings for.
$sel:identityProviderName:GetPrincipalTagAttributeMap', getPrincipalTagAttributeMap_identityProviderName - You can use this operation to get the provider name.
data GetPrincipalTagAttributeMapResponse Source #
See: newGetPrincipalTagAttributeMapResponse smart constructor.
Constructors
| GetPrincipalTagAttributeMapResponse' (Maybe Text) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe Bool) Int |
Instances
newGetPrincipalTagAttributeMapResponse Source #
Arguments
| :: Int | |
| -> GetPrincipalTagAttributeMapResponse |
Create a value of GetPrincipalTagAttributeMapResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPoolId:GetPrincipalTagAttributeMap', getPrincipalTagAttributeMapResponse_identityPoolId - You can use this operation to get the ID of the Identity Pool you setup
attribute mappings for.
$sel:identityProviderName:GetPrincipalTagAttributeMap', getPrincipalTagAttributeMapResponse_identityProviderName - You can use this operation to get the provider name.
$sel:principalTags:GetPrincipalTagAttributeMapResponse', getPrincipalTagAttributeMapResponse_principalTags - You can use this operation to add principal tags. The
PrincipalTagsoperation enables you to reference user attributes in
your IAM permissions policy.
$sel:useDefaults:GetPrincipalTagAttributeMapResponse', getPrincipalTagAttributeMapResponse_useDefaults - You can use this operation to list
$sel:httpStatus:GetPrincipalTagAttributeMapResponse', getPrincipalTagAttributeMapResponse_httpStatus - The response's http status code.
DeleteIdentities
data DeleteIdentities Source #
Input to the DeleteIdentities action.
See: newDeleteIdentities smart constructor.
Constructors
| DeleteIdentities' (NonEmpty Text) |
Instances
Create a value of DeleteIdentities with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityIdsToDelete:DeleteIdentities', deleteIdentities_identityIdsToDelete - A list of 1-60 identities that you want to delete.
data DeleteIdentitiesResponse Source #
Returned in response to a successful DeleteIdentities operation.
See: newDeleteIdentitiesResponse smart constructor.
Constructors
| DeleteIdentitiesResponse' (Maybe [UnprocessedIdentityId]) Int |
Instances
newDeleteIdentitiesResponse Source #
Create a value of DeleteIdentitiesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:unprocessedIdentityIds:DeleteIdentitiesResponse', deleteIdentitiesResponse_unprocessedIdentityIds - An array of UnprocessedIdentityId objects, each of which contains an
ErrorCode and IdentityId.
$sel:httpStatus:DeleteIdentitiesResponse', deleteIdentitiesResponse_httpStatus - The response's http status code.
SetIdentityPoolRoles
data SetIdentityPoolRoles Source #
Input to the SetIdentityPoolRoles action.
See: newSetIdentityPoolRoles smart constructor.
Constructors
| SetIdentityPoolRoles' (Maybe (HashMap Text RoleMapping)) Text (HashMap Text Text) |
Instances
newSetIdentityPoolRoles Source #
Create a value of SetIdentityPoolRoles with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:roleMappings:SetIdentityPoolRoles', setIdentityPoolRoles_roleMappings - How users for a specific identity provider are to mapped to roles. This
is a string to RoleMapping object map. The string identifies the
identity provider, for example, "graph.facebook.com" or
"cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id".
Up to 25 rules can be specified per identity provider.
$sel:identityPoolId:SetIdentityPoolRoles', setIdentityPoolRoles_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:roles:SetIdentityPoolRoles', setIdentityPoolRoles_roles - The map of roles associated with this pool. For a given role, the key
will be either "authenticated" or "unauthenticated" and the value
will be the Role ARN.
data SetIdentityPoolRolesResponse Source #
See: newSetIdentityPoolRolesResponse smart constructor.
Constructors
| SetIdentityPoolRolesResponse' | |
Instances
| Eq SetIdentityPoolRolesResponse Source # | |
Defined in Amazonka.CognitoIdentity.SetIdentityPoolRoles Methods (==) :: SetIdentityPoolRolesResponse -> SetIdentityPoolRolesResponse -> Bool # (/=) :: SetIdentityPoolRolesResponse -> SetIdentityPoolRolesResponse -> Bool # | |
| Read SetIdentityPoolRolesResponse Source # | |
| Show SetIdentityPoolRolesResponse Source # | |
Defined in Amazonka.CognitoIdentity.SetIdentityPoolRoles Methods showsPrec :: Int -> SetIdentityPoolRolesResponse -> ShowS # show :: SetIdentityPoolRolesResponse -> String # showList :: [SetIdentityPoolRolesResponse] -> ShowS # | |
| Generic SetIdentityPoolRolesResponse Source # | |
Defined in Amazonka.CognitoIdentity.SetIdentityPoolRoles Associated Types type Rep SetIdentityPoolRolesResponse :: Type -> Type # | |
| NFData SetIdentityPoolRolesResponse Source # | |
Defined in Amazonka.CognitoIdentity.SetIdentityPoolRoles Methods rnf :: SetIdentityPoolRolesResponse -> () # | |
| type Rep SetIdentityPoolRolesResponse Source # | |
newSetIdentityPoolRolesResponse :: SetIdentityPoolRolesResponse Source #
Create a value of SetIdentityPoolRolesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
ListIdentities
data ListIdentities Source #
Input to the ListIdentities action.
See: newListIdentities smart constructor.
Instances
Arguments
| :: Text | |
| -> Natural | |
| -> ListIdentities |
Create a value of ListIdentities with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:hideDisabled:ListIdentities', listIdentities_hideDisabled - An optional boolean parameter that allows you to hide disabled
identities. If omitted, the ListIdentities API will include disabled
identities in the response.
$sel:nextToken:ListIdentities', listIdentities_nextToken - A pagination token.
$sel:identityPoolId:ListIdentities', listIdentities_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:maxResults:ListIdentities', listIdentities_maxResults - The maximum number of identities to return.
data ListIdentitiesResponse Source #
The response to a ListIdentities request.
See: newListIdentitiesResponse smart constructor.
Constructors
| ListIdentitiesResponse' (Maybe Text) (Maybe Text) (Maybe [IdentityDescription]) Int |
Instances
newListIdentitiesResponse Source #
Create a value of ListIdentitiesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPoolId:ListIdentities', listIdentitiesResponse_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:nextToken:ListIdentities', listIdentitiesResponse_nextToken - A pagination token.
$sel:identities:ListIdentitiesResponse', listIdentitiesResponse_identities - An object containing a set of identities and associated mappings.
$sel:httpStatus:ListIdentitiesResponse', listIdentitiesResponse_httpStatus - The response's http status code.
LookupDeveloperIdentity
data LookupDeveloperIdentity Source #
Input to the LookupDeveloperIdentityInput action.
See: newLookupDeveloperIdentity smart constructor.
Instances
newLookupDeveloperIdentity Source #
Create a value of LookupDeveloperIdentity with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:developerUserIdentifier:LookupDeveloperIdentity', lookupDeveloperIdentity_developerUserIdentifier - A unique ID used by your backend authentication process to identify a
user. Typically, a developer identity provider would issue many
developer user identifiers, in keeping with the number of users.
$sel:nextToken:LookupDeveloperIdentity', lookupDeveloperIdentity_nextToken - A pagination token. The first call you make will have NextToken set to
null. After that the service will return NextToken values as needed.
For example, let's say you make a request with MaxResults set to 10,
and there are 20 matches in the database. The service will return a
pagination token as a part of the response. This token can be used to
call the API again and get results starting from the 11th match.
$sel:identityId:LookupDeveloperIdentity', lookupDeveloperIdentity_identityId - A unique identifier in the format REGION:GUID.
$sel:maxResults:LookupDeveloperIdentity', lookupDeveloperIdentity_maxResults - The maximum number of identities to return.
$sel:identityPoolId:LookupDeveloperIdentity', lookupDeveloperIdentity_identityPoolId - An identity pool ID in the format REGION:GUID.
data LookupDeveloperIdentityResponse Source #
Returned in response to a successful LookupDeveloperIdentity action.
See: newLookupDeveloperIdentityResponse smart constructor.
Instances
newLookupDeveloperIdentityResponse Source #
Create a value of LookupDeveloperIdentityResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:nextToken:LookupDeveloperIdentity', lookupDeveloperIdentityResponse_nextToken - A pagination token. The first call you make will have NextToken set to
null. After that the service will return NextToken values as needed.
For example, let's say you make a request with MaxResults set to 10,
and there are 20 matches in the database. The service will return a
pagination token as a part of the response. This token can be used to
call the API again and get results starting from the 11th match.
$sel:identityId:LookupDeveloperIdentity', lookupDeveloperIdentityResponse_identityId - A unique identifier in the format REGION:GUID.
$sel:developerUserIdentifierList:LookupDeveloperIdentityResponse', lookupDeveloperIdentityResponse_developerUserIdentifierList - This is the list of developer user identifiers associated with an
identity ID. Cognito supports the association of multiple developer user
identifiers with an identity ID.
$sel:httpStatus:LookupDeveloperIdentityResponse', lookupDeveloperIdentityResponse_httpStatus - The response's http status code.
UnlinkIdentity
data UnlinkIdentity Source #
Input to the UnlinkIdentity action.
See: newUnlinkIdentity smart constructor.
Instances
Arguments
| :: Text | |
| -> UnlinkIdentity |
Create a value of UnlinkIdentity with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityId:UnlinkIdentity', unlinkIdentity_identityId - A unique identifier in the format REGION:GUID.
$sel:logins:UnlinkIdentity', unlinkIdentity_logins - A set of optional name-value pairs that map provider names to provider
tokens.
$sel:loginsToRemove:UnlinkIdentity', unlinkIdentity_loginsToRemove - Provider names to unlink from this identity.
data UnlinkIdentityResponse Source #
See: newUnlinkIdentityResponse smart constructor.
Constructors
| UnlinkIdentityResponse' | |
Instances
newUnlinkIdentityResponse :: UnlinkIdentityResponse Source #
Create a value of UnlinkIdentityResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
TagResource
data TagResource Source #
See: newTagResource smart constructor.
Constructors
| TagResource' Text (HashMap Text Text) |
Instances
Arguments
| :: Text | |
| -> TagResource |
Create a value of TagResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:TagResource', tagResource_resourceArn - The Amazon Resource Name (ARN) of the identity pool.
$sel:tags:TagResource', tagResource_tags - The tags to assign to the identity pool.
data TagResourceResponse Source #
See: newTagResourceResponse smart constructor.
Constructors
| TagResourceResponse' Int |
Instances
newTagResourceResponse Source #
Arguments
| :: Int | |
| -> TagResourceResponse |
Create a value of TagResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:TagResourceResponse', tagResourceResponse_httpStatus - The response's http status code.
DescribeIdentity
data DescribeIdentity Source #
Input to the DescribeIdentity action.
See: newDescribeIdentity smart constructor.
Constructors
| DescribeIdentity' Text |
Instances
Arguments
| :: Text | |
| -> DescribeIdentity |
Create a value of DescribeIdentity with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityId:DescribeIdentity', describeIdentity_identityId - A unique identifier in the format REGION:GUID.
data IdentityDescription Source #
A description of the identity.
See: newIdentityDescription smart constructor.
Instances
newIdentityDescription :: IdentityDescription Source #
Create a value of IdentityDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lastModifiedDate:IdentityDescription', identityDescription_lastModifiedDate - Date on which the identity was last modified.
$sel:creationDate:IdentityDescription', identityDescription_creationDate - Date on which the identity was created.
$sel:logins:IdentityDescription', identityDescription_logins - The provider names.
$sel:identityId:IdentityDescription', identityDescription_identityId - A unique identifier in the format REGION:GUID.
UntagResource
data UntagResource Source #
See: newUntagResource smart constructor.
Constructors
| UntagResource' Text [Text] |
Instances
Arguments
| :: Text | |
| -> UntagResource |
Create a value of UntagResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:UntagResource', untagResource_resourceArn - The Amazon Resource Name (ARN) of the identity pool.
$sel:tagKeys:UntagResource', untagResource_tagKeys - The keys of the tags to remove from the user pool.
data UntagResourceResponse Source #
See: newUntagResourceResponse smart constructor.
Constructors
| UntagResourceResponse' Int |
Instances
newUntagResourceResponse Source #
Create a value of UntagResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:UntagResourceResponse', untagResourceResponse_httpStatus - The response's http status code.
CreateIdentityPool
data CreateIdentityPool Source #
Input to the CreateIdentityPool action.
See: newCreateIdentityPool smart constructor.
Constructors
| CreateIdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Bool |
Instances
newCreateIdentityPool Source #
Arguments
| :: Text | |
| -> Bool | |
| -> CreateIdentityPool |
Create a value of CreateIdentityPool with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:samlProviderARNs:CreateIdentityPool', createIdentityPool_samlProviderARNs - An array of Amazon Resource Names (ARNs) of the SAML provider for your
identity pool.
$sel:supportedLoginProviders:CreateIdentityPool', createIdentityPool_supportedLoginProviders - Optional key:value pairs mapping provider names to provider app IDs.
$sel:allowClassicFlow:CreateIdentityPool', createIdentityPool_allowClassicFlow - Enables or disables the Basic (Classic) authentication flow. For more
information, see
Identity Pools (Federated Identities) Authentication Flow
in the Amazon Cognito Developer Guide.
$sel:developerProviderName:CreateIdentityPool', createIdentityPool_developerProviderName - The "domain" by which Cognito will refer to your users. This name acts
as a placeholder that allows your backend and the Cognito service to
communicate about the developer provider. For the
DeveloperProviderName, you can use letters as well as period (.),
underscore (_), and dash (-).
Once you have set a developer provider name, you cannot change it. Please take care in setting this parameter.
$sel:identityPoolTags:CreateIdentityPool', createIdentityPool_identityPoolTags - Tags to assign to the identity pool. A tag is a label that you can apply
to identity pools to categorize and manage them in different ways, such
as by purpose, owner, environment, or other criteria.
$sel:openIdConnectProviderARNs:CreateIdentityPool', createIdentityPool_openIdConnectProviderARNs - The Amazon Resource Names (ARN) of the OpenID Connect providers.
$sel:cognitoIdentityProviders:CreateIdentityPool', createIdentityPool_cognitoIdentityProviders - An array of Amazon Cognito user pools and their client IDs.
$sel:identityPoolName:CreateIdentityPool', createIdentityPool_identityPoolName - A string that you provide.
$sel:allowUnauthenticatedIdentities:CreateIdentityPool', createIdentityPool_allowUnauthenticatedIdentities - TRUE if the identity pool supports unauthenticated logins.
data IdentityPool Source #
An object representing an Amazon Cognito identity pool.
See: newIdentityPool smart constructor.
Constructors
| IdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Bool | |
| -> IdentityPool |
Create a value of IdentityPool with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:samlProviderARNs:IdentityPool', identityPool_samlProviderARNs - An array of Amazon Resource Names (ARNs) of the SAML provider for your
identity pool.
$sel:supportedLoginProviders:IdentityPool', identityPool_supportedLoginProviders - Optional key:value pairs mapping provider names to provider app IDs.
$sel:allowClassicFlow:IdentityPool', identityPool_allowClassicFlow - Enables or disables the Basic (Classic) authentication flow. For more
information, see
Identity Pools (Federated Identities) Authentication Flow
in the Amazon Cognito Developer Guide.
$sel:developerProviderName:IdentityPool', identityPool_developerProviderName - The "domain" by which Cognito will refer to your users.
$sel:identityPoolTags:IdentityPool', identityPool_identityPoolTags - The tags that are assigned to the identity pool. A tag is a label that
you can apply to identity pools to categorize and manage them in
different ways, such as by purpose, owner, environment, or other
criteria.
$sel:openIdConnectProviderARNs:IdentityPool', identityPool_openIdConnectProviderARNs - The ARNs of the OpenID Connect providers.
$sel:cognitoIdentityProviders:IdentityPool', identityPool_cognitoIdentityProviders - A list representing an Amazon Cognito user pool and its client ID.
$sel:identityPoolId:IdentityPool', identityPool_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:identityPoolName:IdentityPool', identityPool_identityPoolName - A string that you provide.
$sel:allowUnauthenticatedIdentities:IdentityPool', identityPool_allowUnauthenticatedIdentities - TRUE if the identity pool supports unauthenticated logins.
MergeDeveloperIdentities
data MergeDeveloperIdentities Source #
Input to the MergeDeveloperIdentities action.
See: newMergeDeveloperIdentities smart constructor.
Constructors
| MergeDeveloperIdentities' Text Text Text Text |
Instances
newMergeDeveloperIdentities Source #
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> MergeDeveloperIdentities |
Create a value of MergeDeveloperIdentities with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:sourceUserIdentifier:MergeDeveloperIdentities', mergeDeveloperIdentities_sourceUserIdentifier - User identifier for the source user. The value should be a
DeveloperUserIdentifier.
$sel:destinationUserIdentifier:MergeDeveloperIdentities', mergeDeveloperIdentities_destinationUserIdentifier - User identifier for the destination user. The value should be a
DeveloperUserIdentifier.
$sel:developerProviderName:MergeDeveloperIdentities', mergeDeveloperIdentities_developerProviderName - The "domain" by which Cognito will refer to your users. This is a
(pseudo) domain name that you provide while creating an identity pool.
This name acts as a placeholder that allows your backend and the Cognito
service to communicate about the developer provider. For the
DeveloperProviderName, you can use letters as well as period (.),
underscore (_), and dash (-).
$sel:identityPoolId:MergeDeveloperIdentities', mergeDeveloperIdentities_identityPoolId - An identity pool ID in the format REGION:GUID.
data MergeDeveloperIdentitiesResponse Source #
Returned in response to a successful MergeDeveloperIdentities action.
See: newMergeDeveloperIdentitiesResponse smart constructor.
Constructors
| MergeDeveloperIdentitiesResponse' (Maybe Text) Int |
Instances
newMergeDeveloperIdentitiesResponse Source #
Create a value of MergeDeveloperIdentitiesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityId:MergeDeveloperIdentitiesResponse', mergeDeveloperIdentitiesResponse_identityId - A unique identifier in the format REGION:GUID.
$sel:httpStatus:MergeDeveloperIdentitiesResponse', mergeDeveloperIdentitiesResponse_httpStatus - The response's http status code.
Types
AmbiguousRoleResolutionType
newtype AmbiguousRoleResolutionType Source #
Constructors
| AmbiguousRoleResolutionType' | |
Fields | |
Bundled Patterns
| pattern AmbiguousRoleResolutionType_AuthenticatedRole :: AmbiguousRoleResolutionType | |
| pattern AmbiguousRoleResolutionType_Deny :: AmbiguousRoleResolutionType |
Instances
CognitoErrorCode
newtype CognitoErrorCode Source #
Constructors
| CognitoErrorCode' | |
Fields | |
Bundled Patterns
| pattern CognitoErrorCode_AccessDenied :: CognitoErrorCode | |
| pattern CognitoErrorCode_InternalServerError :: CognitoErrorCode |
Instances
MappingRuleMatchType
newtype MappingRuleMatchType Source #
Constructors
| MappingRuleMatchType' | |
Fields | |
Bundled Patterns
| pattern MappingRuleMatchType_Contains :: MappingRuleMatchType | |
| pattern MappingRuleMatchType_Equals :: MappingRuleMatchType | |
| pattern MappingRuleMatchType_NotEqual :: MappingRuleMatchType | |
| pattern MappingRuleMatchType_StartsWith :: MappingRuleMatchType |
Instances
RoleMappingType
newtype RoleMappingType Source #
Constructors
| RoleMappingType' | |
Fields | |
Bundled Patterns
| pattern RoleMappingType_Rules :: RoleMappingType | |
| pattern RoleMappingType_Token :: RoleMappingType |
Instances
CognitoIdentityProvider
data CognitoIdentityProvider Source #
A provider representing an Amazon Cognito user pool and its client ID.
See: newCognitoIdentityProvider smart constructor.
Instances
newCognitoIdentityProvider :: CognitoIdentityProvider Source #
Create a value of CognitoIdentityProvider with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:clientId:CognitoIdentityProvider', cognitoIdentityProvider_clientId - The client ID for the Amazon Cognito user pool.
$sel:serverSideTokenCheck:CognitoIdentityProvider', cognitoIdentityProvider_serverSideTokenCheck - TRUE if server-side token validation is enabled for the identity
provider’s token.
Once you set ServerSideTokenCheck to TRUE for an identity pool, that
identity pool will check with the integrated user pools to make sure
that the user has not been globally signed out or deleted before the
identity pool provides an OIDC token or AWS credentials for the user.
If the user is signed out or deleted, the identity pool will return a 400 Not Authorized error.
$sel:providerName:CognitoIdentityProvider', cognitoIdentityProvider_providerName - The provider name for an Amazon Cognito user pool. For example,
cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.
Credentials
data Credentials Source #
Credentials for the provided identity ID.
See: newCredentials smart constructor.
Instances
newCredentials :: Credentials Source #
Create a value of Credentials with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:sessionToken:Credentials', credentials_sessionToken - The Session Token portion of the credentials
$sel:expiration:Credentials', credentials_expiration - The date at which these credentials will expire.
$sel:secretKey:Credentials', credentials_secretKey - The Secret Access Key portion of the credentials
$sel:accessKeyId:Credentials', credentials_accessKeyId - The Access Key portion of the credentials.
IdentityDescription
data IdentityDescription Source #
A description of the identity.
See: newIdentityDescription smart constructor.
Instances
newIdentityDescription :: IdentityDescription Source #
Create a value of IdentityDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lastModifiedDate:IdentityDescription', identityDescription_lastModifiedDate - Date on which the identity was last modified.
$sel:creationDate:IdentityDescription', identityDescription_creationDate - Date on which the identity was created.
$sel:logins:IdentityDescription', identityDescription_logins - The provider names.
$sel:identityId:IdentityDescription', identityDescription_identityId - A unique identifier in the format REGION:GUID.
IdentityPool
data IdentityPool Source #
An object representing an Amazon Cognito identity pool.
See: newIdentityPool smart constructor.
Constructors
| IdentityPool' (Maybe [Text]) (Maybe (HashMap Text Text)) (Maybe Bool) (Maybe Text) (Maybe (HashMap Text Text)) (Maybe [Text]) (Maybe [CognitoIdentityProvider]) Text Text Bool |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Bool | |
| -> IdentityPool |
Create a value of IdentityPool with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:samlProviderARNs:IdentityPool', identityPool_samlProviderARNs - An array of Amazon Resource Names (ARNs) of the SAML provider for your
identity pool.
$sel:supportedLoginProviders:IdentityPool', identityPool_supportedLoginProviders - Optional key:value pairs mapping provider names to provider app IDs.
$sel:allowClassicFlow:IdentityPool', identityPool_allowClassicFlow - Enables or disables the Basic (Classic) authentication flow. For more
information, see
Identity Pools (Federated Identities) Authentication Flow
in the Amazon Cognito Developer Guide.
$sel:developerProviderName:IdentityPool', identityPool_developerProviderName - The "domain" by which Cognito will refer to your users.
$sel:identityPoolTags:IdentityPool', identityPool_identityPoolTags - The tags that are assigned to the identity pool. A tag is a label that
you can apply to identity pools to categorize and manage them in
different ways, such as by purpose, owner, environment, or other
criteria.
$sel:openIdConnectProviderARNs:IdentityPool', identityPool_openIdConnectProviderARNs - The ARNs of the OpenID Connect providers.
$sel:cognitoIdentityProviders:IdentityPool', identityPool_cognitoIdentityProviders - A list representing an Amazon Cognito user pool and its client ID.
$sel:identityPoolId:IdentityPool', identityPool_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:identityPoolName:IdentityPool', identityPool_identityPoolName - A string that you provide.
$sel:allowUnauthenticatedIdentities:IdentityPool', identityPool_allowUnauthenticatedIdentities - TRUE if the identity pool supports unauthenticated logins.
IdentityPoolShortDescription
data IdentityPoolShortDescription Source #
A description of the identity pool.
See: newIdentityPoolShortDescription smart constructor.
Constructors
| IdentityPoolShortDescription' (Maybe Text) (Maybe Text) |
Instances
newIdentityPoolShortDescription :: IdentityPoolShortDescription Source #
Create a value of IdentityPoolShortDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityPoolId:IdentityPoolShortDescription', identityPoolShortDescription_identityPoolId - An identity pool ID in the format REGION:GUID.
$sel:identityPoolName:IdentityPoolShortDescription', identityPoolShortDescription_identityPoolName - A string that you provide.
MappingRule
data MappingRule Source #
A rule that maps a claim name, a claim value, and a match type to a role ARN.
See: newMappingRule smart constructor.
Constructors
| MappingRule' Text MappingRuleMatchType Text Text |
Instances
Arguments
| :: Text | |
| -> MappingRuleMatchType | |
| -> Text | |
| -> Text | |
| -> MappingRule |
Create a value of MappingRule with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:claim:MappingRule', mappingRule_claim - The claim name that must be present in the token, for example,
"isAdmin" or "paid".
$sel:matchType:MappingRule', mappingRule_matchType - The match condition that specifies how closely the claim value in the
IdP token must match Value.
$sel:value:MappingRule', mappingRule_value - A brief string that the claim must match, for example, "paid" or
"yes".
$sel:roleARN:MappingRule', mappingRule_roleARN - The role ARN.
RoleMapping
data RoleMapping Source #
A role mapping.
See: newRoleMapping smart constructor.
Constructors
| RoleMapping' (Maybe RulesConfigurationType) (Maybe AmbiguousRoleResolutionType) RoleMappingType |
Instances
Arguments
| :: RoleMappingType | |
| -> RoleMapping |
Create a value of RoleMapping with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:rulesConfiguration:RoleMapping', roleMapping_rulesConfiguration - The rules to be used for mapping users to roles.
If you specify Rules as the role mapping type, RulesConfiguration is
required.
$sel:ambiguousRoleResolution:RoleMapping', roleMapping_ambiguousRoleResolution - If you specify Token or Rules as the Type, AmbiguousRoleResolution
is required.
Specifies the action to be taken if either no rules match the claim
value for the Rules type, or there is no cognito:preferred_role
claim and there are multiple cognito:roles matches for the Token
type.
$sel:type':RoleMapping', roleMapping_type - The role mapping type. Token will use cognito:roles and
cognito:preferred_role claims from the Cognito identity provider token
to map groups to roles. Rules will attempt to match claims from the
token to map to a role.
RulesConfigurationType
data RulesConfigurationType Source #
A container for rules.
See: newRulesConfigurationType smart constructor.
Constructors
| RulesConfigurationType' (NonEmpty MappingRule) |
Instances
newRulesConfigurationType Source #
Create a value of RulesConfigurationType with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:rules:RulesConfigurationType', rulesConfigurationType_rules - An array of rules. You can specify up to 25 rules per identity provider.
Rules are evaluated in order. The first one to match specifies the role.
UnprocessedIdentityId
data UnprocessedIdentityId Source #
An array of UnprocessedIdentityId objects, each of which contains an ErrorCode and IdentityId.
See: newUnprocessedIdentityId smart constructor.
Constructors
| UnprocessedIdentityId' (Maybe CognitoErrorCode) (Maybe Text) |
Instances
newUnprocessedIdentityId :: UnprocessedIdentityId Source #
Create a value of UnprocessedIdentityId with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:errorCode:UnprocessedIdentityId', unprocessedIdentityId_errorCode - The error code indicating the type of error that occurred.
$sel:identityId:UnprocessedIdentityId', unprocessedIdentityId_identityId - A unique identifier in the format REGION:GUID.