{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CognitoIdentityProvider.AdminDisableProviderForUser
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Disables the user from signing in with the specified external (SAML or
-- social) identity provider. If the user to disable is a Cognito User
-- Pools native username + password user, they are not permitted to use
-- their password to sign-in. If the user to disable is a linked external
-- IdP user, any link between that user and an existing user is removed.
-- The next time the external user (no longer attached to the previously
-- linked @DestinationUser@) signs in, they must create a new user account.
-- See
-- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html AdminLinkProviderForUser>.
--
-- This action is enabled only for admin access and requires developer
-- credentials.
--
-- The @ProviderName@ must match the value specified when creating an IdP
-- for the pool.
--
-- To disable a native username + password user, the @ProviderName@ value
-- must be @Cognito@ and the @ProviderAttributeName@ must be
-- @Cognito_Subject@, with the @ProviderAttributeValue@ being the name that
-- is used in the user pool for the user.
--
-- The @ProviderAttributeName@ must always be @Cognito_Subject@ for social
-- identity providers. The @ProviderAttributeValue@ must always be the
-- exact subject that was used when the user was originally linked as a
-- source user.
--
-- For de-linking a SAML identity, there are two scenarios. If the linked
-- identity has not yet been used to sign-in, the @ProviderAttributeName@
-- and @ProviderAttributeValue@ must be the same values that were used for
-- the @SourceUser@ when the identities were originally linked using
-- @ AdminLinkProviderForUser@ call. (If the linking was done with
-- @ProviderAttributeName@ set to @Cognito_Subject@, the same applies
-- here). However, if the user has already signed in, the
-- @ProviderAttributeName@ must be @Cognito_Subject@ and
-- @ProviderAttributeValue@ must be the subject of the SAML assertion.
module Amazonka.CognitoIdentityProvider.AdminDisableProviderForUser
  ( -- * Creating a Request
    AdminDisableProviderForUser (..),
    newAdminDisableProviderForUser,

    -- * Request Lenses
    adminDisableProviderForUser_userPoolId,
    adminDisableProviderForUser_user,

    -- * Destructuring the Response
    AdminDisableProviderForUserResponse (..),
    newAdminDisableProviderForUserResponse,

    -- * Response Lenses
    adminDisableProviderForUserResponse_httpStatus,
  )
where

import Amazonka.CognitoIdentityProvider.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newAdminDisableProviderForUser' smart constructor.
data AdminDisableProviderForUser = AdminDisableProviderForUser'
  { -- | The user pool ID for the user pool.
    AdminDisableProviderForUser -> Text
userPoolId :: Prelude.Text,
    -- | The user to be disabled.
    AdminDisableProviderForUser -> ProviderUserIdentifierType
user :: ProviderUserIdentifierType
  }
  deriving (AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
(AdminDisableProviderForUser
 -> AdminDisableProviderForUser -> Bool)
-> (AdminDisableProviderForUser
    -> AdminDisableProviderForUser -> Bool)
-> Eq AdminDisableProviderForUser
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
$c/= :: AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
== :: AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
$c== :: AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
Prelude.Eq, ReadPrec [AdminDisableProviderForUser]
ReadPrec AdminDisableProviderForUser
Int -> ReadS AdminDisableProviderForUser
ReadS [AdminDisableProviderForUser]
(Int -> ReadS AdminDisableProviderForUser)
-> ReadS [AdminDisableProviderForUser]
-> ReadPrec AdminDisableProviderForUser
-> ReadPrec [AdminDisableProviderForUser]
-> Read AdminDisableProviderForUser
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [AdminDisableProviderForUser]
$creadListPrec :: ReadPrec [AdminDisableProviderForUser]
readPrec :: ReadPrec AdminDisableProviderForUser
$creadPrec :: ReadPrec AdminDisableProviderForUser
readList :: ReadS [AdminDisableProviderForUser]
$creadList :: ReadS [AdminDisableProviderForUser]
readsPrec :: Int -> ReadS AdminDisableProviderForUser
$creadsPrec :: Int -> ReadS AdminDisableProviderForUser
Prelude.Read, Int -> AdminDisableProviderForUser -> ShowS
[AdminDisableProviderForUser] -> ShowS
AdminDisableProviderForUser -> String
(Int -> AdminDisableProviderForUser -> ShowS)
-> (AdminDisableProviderForUser -> String)
-> ([AdminDisableProviderForUser] -> ShowS)
-> Show AdminDisableProviderForUser
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AdminDisableProviderForUser] -> ShowS
$cshowList :: [AdminDisableProviderForUser] -> ShowS
show :: AdminDisableProviderForUser -> String
$cshow :: AdminDisableProviderForUser -> String
showsPrec :: Int -> AdminDisableProviderForUser -> ShowS
$cshowsPrec :: Int -> AdminDisableProviderForUser -> ShowS
Prelude.Show, (forall x.
 AdminDisableProviderForUser -> Rep AdminDisableProviderForUser x)
-> (forall x.
    Rep AdminDisableProviderForUser x -> AdminDisableProviderForUser)
-> Generic AdminDisableProviderForUser
forall x.
Rep AdminDisableProviderForUser x -> AdminDisableProviderForUser
forall x.
AdminDisableProviderForUser -> Rep AdminDisableProviderForUser x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep AdminDisableProviderForUser x -> AdminDisableProviderForUser
$cfrom :: forall x.
AdminDisableProviderForUser -> Rep AdminDisableProviderForUser x
Prelude.Generic)

-- |
-- Create a value of 'AdminDisableProviderForUser' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'userPoolId', 'adminDisableProviderForUser_userPoolId' - The user pool ID for the user pool.
--
-- 'user', 'adminDisableProviderForUser_user' - The user to be disabled.
newAdminDisableProviderForUser ::
  -- | 'userPoolId'
  Prelude.Text ->
  -- | 'user'
  ProviderUserIdentifierType ->
  AdminDisableProviderForUser
newAdminDisableProviderForUser :: Text -> ProviderUserIdentifierType -> AdminDisableProviderForUser
newAdminDisableProviderForUser Text
pUserPoolId_ ProviderUserIdentifierType
pUser_ =
  AdminDisableProviderForUser' :: Text -> ProviderUserIdentifierType -> AdminDisableProviderForUser
AdminDisableProviderForUser'
    { $sel:userPoolId:AdminDisableProviderForUser' :: Text
userPoolId =
        Text
pUserPoolId_,
      $sel:user:AdminDisableProviderForUser' :: ProviderUserIdentifierType
user = ProviderUserIdentifierType
pUser_
    }

-- | The user pool ID for the user pool.
adminDisableProviderForUser_userPoolId :: Lens.Lens' AdminDisableProviderForUser Prelude.Text
adminDisableProviderForUser_userPoolId :: (Text -> f Text)
-> AdminDisableProviderForUser -> f AdminDisableProviderForUser
adminDisableProviderForUser_userPoolId = (AdminDisableProviderForUser -> Text)
-> (AdminDisableProviderForUser
    -> Text -> AdminDisableProviderForUser)
-> Lens
     AdminDisableProviderForUser AdminDisableProviderForUser Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminDisableProviderForUser' {Text
userPoolId :: Text
$sel:userPoolId:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> Text
userPoolId} -> Text
userPoolId) (\s :: AdminDisableProviderForUser
s@AdminDisableProviderForUser' {} Text
a -> AdminDisableProviderForUser
s {$sel:userPoolId:AdminDisableProviderForUser' :: Text
userPoolId = Text
a} :: AdminDisableProviderForUser)

-- | The user to be disabled.
adminDisableProviderForUser_user :: Lens.Lens' AdminDisableProviderForUser ProviderUserIdentifierType
adminDisableProviderForUser_user :: (ProviderUserIdentifierType -> f ProviderUserIdentifierType)
-> AdminDisableProviderForUser -> f AdminDisableProviderForUser
adminDisableProviderForUser_user = (AdminDisableProviderForUser -> ProviderUserIdentifierType)
-> (AdminDisableProviderForUser
    -> ProviderUserIdentifierType -> AdminDisableProviderForUser)
-> Lens
     AdminDisableProviderForUser
     AdminDisableProviderForUser
     ProviderUserIdentifierType
     ProviderUserIdentifierType
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminDisableProviderForUser' {ProviderUserIdentifierType
user :: ProviderUserIdentifierType
$sel:user:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> ProviderUserIdentifierType
user} -> ProviderUserIdentifierType
user) (\s :: AdminDisableProviderForUser
s@AdminDisableProviderForUser' {} ProviderUserIdentifierType
a -> AdminDisableProviderForUser
s {$sel:user:AdminDisableProviderForUser' :: ProviderUserIdentifierType
user = ProviderUserIdentifierType
a} :: AdminDisableProviderForUser)

instance Core.AWSRequest AdminDisableProviderForUser where
  type
    AWSResponse AdminDisableProviderForUser =
      AdminDisableProviderForUserResponse
  request :: AdminDisableProviderForUser -> Request AdminDisableProviderForUser
request = Service
-> AdminDisableProviderForUser
-> Request AdminDisableProviderForUser
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy AdminDisableProviderForUser
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse AdminDisableProviderForUser)))
response =
    (Int
 -> ResponseHeaders
 -> ()
 -> Either String (AWSResponse AdminDisableProviderForUser))
-> Logger
-> Service
-> Proxy AdminDisableProviderForUser
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse AdminDisableProviderForUser)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> () -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveEmpty
      ( \Int
s ResponseHeaders
h ()
x ->
          Int -> AdminDisableProviderForUserResponse
AdminDisableProviderForUserResponse'
            (Int -> AdminDisableProviderForUserResponse)
-> Either String Int
-> Either String AdminDisableProviderForUserResponse
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable AdminDisableProviderForUser

instance Prelude.NFData AdminDisableProviderForUser

instance Core.ToHeaders AdminDisableProviderForUser where
  toHeaders :: AdminDisableProviderForUser -> ResponseHeaders
toHeaders =
    ResponseHeaders -> AdminDisableProviderForUser -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"AWSCognitoIdentityProviderService.AdminDisableProviderForUser" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON AdminDisableProviderForUser where
  toJSON :: AdminDisableProviderForUser -> Value
toJSON AdminDisableProviderForUser' {Text
ProviderUserIdentifierType
user :: ProviderUserIdentifierType
userPoolId :: Text
$sel:user:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> ProviderUserIdentifierType
$sel:userPoolId:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"UserPoolId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
userPoolId),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"User" Text -> ProviderUserIdentifierType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= ProviderUserIdentifierType
user)
          ]
      )

instance Core.ToPath AdminDisableProviderForUser where
  toPath :: AdminDisableProviderForUser -> ByteString
toPath = ByteString -> AdminDisableProviderForUser -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery AdminDisableProviderForUser where
  toQuery :: AdminDisableProviderForUser -> QueryString
toQuery = QueryString -> AdminDisableProviderForUser -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newAdminDisableProviderForUserResponse' smart constructor.
data AdminDisableProviderForUserResponse = AdminDisableProviderForUserResponse'
  { -- | The response's http status code.
    AdminDisableProviderForUserResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
(AdminDisableProviderForUserResponse
 -> AdminDisableProviderForUserResponse -> Bool)
-> (AdminDisableProviderForUserResponse
    -> AdminDisableProviderForUserResponse -> Bool)
-> Eq AdminDisableProviderForUserResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
$c/= :: AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
== :: AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
$c== :: AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
Prelude.Eq, ReadPrec [AdminDisableProviderForUserResponse]
ReadPrec AdminDisableProviderForUserResponse
Int -> ReadS AdminDisableProviderForUserResponse
ReadS [AdminDisableProviderForUserResponse]
(Int -> ReadS AdminDisableProviderForUserResponse)
-> ReadS [AdminDisableProviderForUserResponse]
-> ReadPrec AdminDisableProviderForUserResponse
-> ReadPrec [AdminDisableProviderForUserResponse]
-> Read AdminDisableProviderForUserResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [AdminDisableProviderForUserResponse]
$creadListPrec :: ReadPrec [AdminDisableProviderForUserResponse]
readPrec :: ReadPrec AdminDisableProviderForUserResponse
$creadPrec :: ReadPrec AdminDisableProviderForUserResponse
readList :: ReadS [AdminDisableProviderForUserResponse]
$creadList :: ReadS [AdminDisableProviderForUserResponse]
readsPrec :: Int -> ReadS AdminDisableProviderForUserResponse
$creadsPrec :: Int -> ReadS AdminDisableProviderForUserResponse
Prelude.Read, Int -> AdminDisableProviderForUserResponse -> ShowS
[AdminDisableProviderForUserResponse] -> ShowS
AdminDisableProviderForUserResponse -> String
(Int -> AdminDisableProviderForUserResponse -> ShowS)
-> (AdminDisableProviderForUserResponse -> String)
-> ([AdminDisableProviderForUserResponse] -> ShowS)
-> Show AdminDisableProviderForUserResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AdminDisableProviderForUserResponse] -> ShowS
$cshowList :: [AdminDisableProviderForUserResponse] -> ShowS
show :: AdminDisableProviderForUserResponse -> String
$cshow :: AdminDisableProviderForUserResponse -> String
showsPrec :: Int -> AdminDisableProviderForUserResponse -> ShowS
$cshowsPrec :: Int -> AdminDisableProviderForUserResponse -> ShowS
Prelude.Show, (forall x.
 AdminDisableProviderForUserResponse
 -> Rep AdminDisableProviderForUserResponse x)
-> (forall x.
    Rep AdminDisableProviderForUserResponse x
    -> AdminDisableProviderForUserResponse)
-> Generic AdminDisableProviderForUserResponse
forall x.
Rep AdminDisableProviderForUserResponse x
-> AdminDisableProviderForUserResponse
forall x.
AdminDisableProviderForUserResponse
-> Rep AdminDisableProviderForUserResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep AdminDisableProviderForUserResponse x
-> AdminDisableProviderForUserResponse
$cfrom :: forall x.
AdminDisableProviderForUserResponse
-> Rep AdminDisableProviderForUserResponse x
Prelude.Generic)

-- |
-- Create a value of 'AdminDisableProviderForUserResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'adminDisableProviderForUserResponse_httpStatus' - The response's http status code.
newAdminDisableProviderForUserResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  AdminDisableProviderForUserResponse
newAdminDisableProviderForUserResponse :: Int -> AdminDisableProviderForUserResponse
newAdminDisableProviderForUserResponse Int
pHttpStatus_ =
  AdminDisableProviderForUserResponse' :: Int -> AdminDisableProviderForUserResponse
AdminDisableProviderForUserResponse'
    { $sel:httpStatus:AdminDisableProviderForUserResponse' :: Int
httpStatus =
        Int
pHttpStatus_
    }

-- | The response's http status code.
adminDisableProviderForUserResponse_httpStatus :: Lens.Lens' AdminDisableProviderForUserResponse Prelude.Int
adminDisableProviderForUserResponse_httpStatus :: (Int -> f Int)
-> AdminDisableProviderForUserResponse
-> f AdminDisableProviderForUserResponse
adminDisableProviderForUserResponse_httpStatus = (AdminDisableProviderForUserResponse -> Int)
-> (AdminDisableProviderForUserResponse
    -> Int -> AdminDisableProviderForUserResponse)
-> Lens
     AdminDisableProviderForUserResponse
     AdminDisableProviderForUserResponse
     Int
     Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminDisableProviderForUserResponse' {Int
httpStatus :: Int
$sel:httpStatus:AdminDisableProviderForUserResponse' :: AdminDisableProviderForUserResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: AdminDisableProviderForUserResponse
s@AdminDisableProviderForUserResponse' {} Int
a -> AdminDisableProviderForUserResponse
s {$sel:httpStatus:AdminDisableProviderForUserResponse' :: Int
httpStatus = Int
a} :: AdminDisableProviderForUserResponse)

instance
  Prelude.NFData
    AdminDisableProviderForUserResponse