Skip to content

Client

cognitoidentityprovider R Documentation

Amazon Cognito Identity Provider

Description

With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and managed login reference.

This API reference provides detailed information about API operations and object types in Amazon Cognito.

Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.

  1. An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.

  2. A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.

  3. A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.

For more information, see Understanding API, OIDC, and managed login pages authentication in the Amazon Cognito Developer Guide.

With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in supported Amazon Web Services SDKs.

To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.

Usage

cognitoidentityprovider(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

  • credentials:

    • creds:

      • access_key_id: AWS access key ID

      • secret_access_key: AWS secret access key

      • session_token: AWS temporary session token

    • profile: The name of a profile to use. If not given, then the default profile is used.

    • anonymous: Set anonymous credentials.

  • endpoint: The complete URL to use for the constructed client.

  • region: The AWS Region used in instantiating the client.

  • close_connection: Immediately close all HTTP connections.

  • timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.

  • s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. ⁠http://s3.amazonaws.com/BUCKET/KEY⁠.

  • sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html
credentials

Optional credentials shorthand for the config parameter

  • creds:

    • access_key_id: AWS access key ID

    • secret_access_key: AWS secret access key

    • session_token: AWS temporary session token

  • profile: The name of a profile to use. If not given, then the default profile is used.

  • anonymous: Set anonymous credentials.
endpoint

Optional shorthand for complete URL to use for the constructed client.
region

Optional shorthand for AWS Region used in instantiating the client.

Value

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Service syntax

svc <- cognitoidentityprovider(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations

add_custom_attributes Adds additional user attributes to the user pool schema
admin_add_user_to_group Adds a user to a group
admin_confirm_sign_up Confirms user sign-up as an administrator
admin_create_user Creates a new user in the specified user pool
admin_delete_user Deletes a user profile in your user pool
admin_delete_user_attributes Deletes attribute values from a user
admin_disable_provider_for_user Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP)
admin_disable_user Deactivates a user profile and revokes all access tokens for the user
admin_enable_user Activates sign-in for a user profile that previously had sign-in access disabled
admin_forget_device Forgets, or deletes, a remembered device from a user's profile
admin_get_device Given the device key, returns details for a user's device
admin_get_user Given a username, returns details about a user profile in a user pool
admin_initiate_auth Starts sign-in for applications with a server-side component, for example a traditional web application
admin_link_provider_for_user Links an existing user account in a user pool, or DestinationUser, to an identity from an external IdP, or SourceUser, based on a specified attribute name and value from the external IdP
admin_list_devices Lists a user's registered devices
admin_list_groups_for_user Lists the groups that a user belongs to
admin_list_user_auth_events Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection
admin_remove_user_from_group Given a username and a group name, removes them from the group
admin_reset_user_password Resets the specified user's password in a user pool
admin_respond_to_auth_challenge Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge
admin_set_user_mfa_preference Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred
admin_set_user_password Sets the specified user's password in a user pool
admin_set_user_settings This action is no longer supported
admin_update_auth_event_feedback Provides the feedback for an authentication event generated by threat protection features
admin_update_device_status Updates the status of a user's device so that it is marked as remembered or not remembered for the purpose of device authentication
admin_update_user_attributes Updates the specified user's attributes
admin_user_global_sign_out Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user
associate_software_token Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response
change_password Changes the password for the currently signed-in user
complete_web_authn_registration Completes registration of a passkey authenticator for the currently signed-in user
confirm_device Confirms a device that a user wants to remember
confirm_forgot_password This public API operation accepts a confirmation code that Amazon Cognito sent to a user and accepts a new password for that user
confirm_sign_up Confirms the account of a new user
create_group Creates a new group in the specified user pool
create_identity_provider Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool
create_managed_login_branding Creates a new set of branding settings for a user pool style and associates it with an app client
create_resource_server Creates a new OAuth2
create_user_import_job Creates a user import job
create_user_pool Creates a new Amazon Cognito user pool
create_user_pool_client Creates an app client in a user pool
create_user_pool_domain A user pool domain hosts managed login, an authorization server and web server for authentication in your application
delete_group Deletes a group from the specified user pool
delete_identity_provider Deletes a user pool identity provider (IdP)
delete_managed_login_branding Deletes a managed login branding style
delete_resource_server Deletes a resource server
delete_user Deletes the profile of the currently signed-in user
delete_user_attributes Deletes attributes from the currently signed-in user
delete_user_pool Deletes a user pool
delete_user_pool_client Deletes a user pool app client
delete_user_pool_domain Given a user pool ID and domain identifier, deletes a user pool domain
delete_web_authn_credential Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user
describe_identity_provider Given a user pool ID and identity provider (IdP) name, returns details about the IdP
describe_managed_login_branding Given the ID of a managed login branding style, returns detailed information about the style
describe_managed_login_branding_by_client Given the ID of a user pool app client, returns detailed information about the style assigned to the app client
describe_resource_server Describes a resource server
describe_risk_configuration Given an app client or user pool ID where threat protection is configured, describes the risk configuration
describe_user_import_job Describes a user import job
describe_user_pool Given a user pool ID, returns configuration information
describe_user_pool_client Given an app client ID, returns configuration information
describe_user_pool_domain Given a user pool domain name, returns information about the domain configuration
forget_device Given a device key, deletes a remembered device as the currently signed-in user
forgot_password Sends a password-reset confirmation code for the currently signed-in user
get_csv_header Given a user pool ID, generates a comma-separated value (CSV) list populated with available user attributes in the user pool
get_device Given a device key, returns information about a remembered device for the current user
get_group Given a user pool ID and a group name, returns information about the user group
get_identity_provider_by_identifier Given the identifier of an identity provider (IdP), for example examplecorp, returns information about the user pool configuration for that IdP
get_log_delivery_configuration Given a user pool ID, returns the logging configuration
get_signing_certificate Given a user pool ID, returns the signing certificate for SAML 2
get_tokens_from_refresh_token Given a refresh token, issues new ID, access, and optionally refresh tokens for the user who owns the submitted token
get_ui_customization Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any
get_user Gets user attributes and and MFA settings for the currently signed-in user
get_user_attribute_verification_code Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user
get_user_auth_factors Lists the authentication options for the currently signed-in user
get_user_pool_mfa_config Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA)
global_sign_out Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user
initiate_auth Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user directory
list_devices Lists the devices that Amazon Cognito has registered to the currently signed-in user
list_groups Given a user pool ID, returns user pool groups and their details
list_identity_providers Given a user pool ID, returns information about configured identity providers (IdPs)
list_resource_servers Given a user pool ID, returns all resource servers and their details
list_tags_for_resource Lists the tags that are assigned to an Amazon Cognito user pool
list_user_import_jobs Given a user pool ID, returns user import jobs and their details
list_user_pool_clients Given a user pool ID, lists app clients
list_user_pools Lists user pools and their details in the current Amazon Web Services account
list_users Given a user pool ID, returns a list of users and their basic details in a user pool
list_users_in_group Given a user pool ID and a group name, returns a list of users in the group
list_web_authn_credentials Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials
resend_confirmation_code Resends the code that confirms a new account for a user who has signed up in your user pool
respond_to_auth_challenge Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge
revoke_token Revokes all of the access tokens generated by, and at the same time as, the specified refresh token
set_log_delivery_configuration Sets up or modifies the logging configuration of a user pool
set_risk_configuration Configures threat protection for a user pool or app client
set_ui_customization Configures UI branding settings for domains with the hosted UI (classic) branding version
set_user_mfa_preference Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred
set_user_pool_mfa_config Sets user pool multi-factor authentication (MFA) and passkey configuration
set_user_settings This action is no longer supported
sign_up Registers a user with an app client and requests a user name, password, and user attributes in the user pool
start_user_import_job Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes
start_web_authn_registration Requests credential creation options from your user pool for the currently signed-in user
stop_user_import_job Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes
tag_resource Assigns a set of tags to an Amazon Cognito user pool
untag_resource Given tag IDs that you previously assigned to a user pool, removes them
update_auth_event_feedback Provides the feedback for an authentication event generated by threat protection features
update_device_status Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication
update_group Given the name of a user pool group, updates any of the properties for precedence, IAM role, or description
update_identity_provider Modifies the configuration and trust relationship between a third-party identity provider (IdP) and a user pool
update_managed_login_branding Configures the branding settings for a user pool style
update_resource_server Updates the name and scopes of a resource server
update_user_attributes Updates the currently signed-in user's attributes
update_user_pool Updates the configuration of a user pool
update_user_pool_client Given a user pool app client ID, updates the configuration
update_user_pool_domain A user pool domain hosts managed login, an authorization server and web server for authentication in your application
verify_software_token Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool
verify_user_attribute Submits a verification code for a signed-in user who has added or changed a value of an auto-verified attribute

Examples

## Not run: 
svc <- cognitoidentityprovider()
svc$add_custom_attributes(
  Foo = 123
)

## End(Not run)