cognitoidentityprovider

type AddCustomAttributesInput struct {

	// An array of custom attributes, such as Mutable and Name.
	//
	// This member is required.
	CustomAttributes []types.SchemaAttributeType

	// The user pool ID for the user pool where you want to add custom attributes.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type AddCustomAttributesOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminAddUserToGroupInput struct {

	// The name of the group that you want to add your user to.
	//
	// This member is required.
	GroupName *string

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminAddUserToGroupOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminConfirmSignUpInput struct {

	// The user pool ID for which you want to confirm user registration.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. If your user pool configuration includes
	// triggers, the AdminConfirmSignUp API action invokes the Lambda function that is
	// specified for the post confirmation trigger. When Amazon Cognito invokes this
	// function, it passes a JSON payload, which the function receives as input. In
	// this payload, the clientMetadata attribute provides the data that you assigned
	// to the ClientMetadata parameter in your AdminConfirmSignUp request. In your
	// function code in Lambda, you can process the ClientMetadata value to enhance
	// your workflow for your specific needs. For more information, see Customizing
	// user pool Workflows with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string
	// contains filtered or unexported fields
}

type AdminConfirmSignUpOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminCreateUserInput struct {

	// The user pool ID for the user pool where the user will be created.
	//
	// This member is required.
	UserPoolId *string

	// The value that you want to set as the username sign-in attribute. The following
	// conditions apply to the username parameter.
	//   - The username can't be a duplicate of another username in the same user
	//   pool.
	//   - You can't change the value of a username after you create it.
	//   - You can only provide a value if usernames are a valid sign-in attribute for
	//   your user pool. If your user pool only supports phone numbers or email addresses
	//   as sign-in attributes, Amazon Cognito automatically generates a username value.
	//   For more information, see Customizing sign-in attributes (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases)
	//   .
	//
	// This member is required.
	Username *string

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the AdminCreateUser API
	// action, Amazon Cognito invokes the function that is assigned to the pre sign-up
	// trigger. When Amazon Cognito invokes this function, it passes a JSON payload,
	// which the function receives as input. This payload contains a clientMetadata
	// attribute, which provides the data that you assigned to the ClientMetadata
	// parameter in your AdminCreateUser request. In your function code in Lambda, you
	// can process the clientMetadata value to enhance your workflow for your specific
	// needs. For more information, see Customizing user pool Workflows with Lambda
	// Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string

	// Specify "EMAIL" if email will be used to send the welcome message. Specify "SMS"
	// if the phone number will be used. The default value is "SMS" . You can specify
	// more than one value.
	DesiredDeliveryMediums []types.DeliveryMediumType

	// This parameter is used only if the phone_number_verified or email_verified
	// attribute is set to True . Otherwise, it is ignored. If this parameter is set to
	// True and the phone number or email address specified in the UserAttributes
	// parameter already exists as an alias with a different user, the API call will
	// migrate the alias from the previous user to the newly created user. The previous
	// user will no longer be able to log in using that alias. If this parameter is set
	// to False , the API throws an AliasExistsException error if the alias already
	// exists. The default value is False .
	ForceAliasCreation bool

	// Set to RESEND to resend the invitation message to a user that already exists
	// and reset the expiration limit on the user's account. Set to SUPPRESS to
	// suppress sending the message. You can specify only one value.
	MessageAction types.MessageActionType

	// The user's temporary password. This password must conform to the password
	// policy that you specified when you created the user pool. The temporary password
	// is valid only once. To complete the Admin Create User flow, the user must enter
	// the temporary password in the sign-in page, along with a new password to be used
	// in all future sign-ins. This parameter isn't required. If you don't specify a
	// value, Amazon Cognito generates one for you. The temporary password can only be
	// used until the user account expiration limit that you set for your user pool. To
	// reset the account after that time limit, you must call AdminCreateUser again
	// and specify RESEND for the MessageAction parameter.
	TemporaryPassword *string

	// An array of name-value pairs that contain user attributes and attribute values
	// to be set for the user to be created. You can create a user without specifying
	// any attributes other than Username . However, any attributes that you specify as
	// required (when creating a user pool or in the Attributes tab of the console)
	// either you should supply (in your call to AdminCreateUser ) or the user should
	// supply (when they sign up in response to your welcome message). For custom
	// attributes, you must prepend the custom: prefix to the attribute name. To send
	// a message inviting the user to sign up, you must specify the user's email
	// address or phone number. You can do this in your call to AdminCreateUser or in
	// the Users tab of the Amazon Cognito console for managing your user pools. In
	// your call to AdminCreateUser , you can set the email_verified attribute to True
	// , and you can set the phone_number_verified attribute to True . You can also do
	// this by calling AdminUpdateUserAttributes (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html)
	// .
	//   - email: The email address of the user to whom the message that contains the
	//   code and username will be sent. Required if the email_verified attribute is
	//   set to True , or if "EMAIL" is specified in the DesiredDeliveryMediums
	//   parameter.
	//   - phone_number: The phone number of the user to whom the message that
	//   contains the code and username will be sent. Required if the
	//   phone_number_verified attribute is set to True , or if "SMS" is specified in
	//   the DesiredDeliveryMediums parameter.
	UserAttributes []types.AttributeType

	// Temporary user attributes that contribute to the outcomes of your pre sign-up
	// Lambda trigger. This set of key-value pairs are for custom validation of
	// information that you collect from your users but don't need to retain. Your
	// Lambda function can analyze this additional data and act on it. Your function
	// might perform external API operations like logging user attributes and
	// validation data to Amazon CloudWatch Logs. Validation data might also affect the
	// response that your function returns to Amazon Cognito, like automatically
	// confirming the user if they sign up from within your network. For more
	// information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html)
	// .
	ValidationData []types.AttributeType
	// contains filtered or unexported fields
}

type AdminCreateUserOutput struct {

	// The newly created user.
	User *types.UserType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminDeleteUserAttributesInput struct {

	// An array of strings representing the user attribute names you want to delete.
	// For custom attributes, you must prepend the custom: prefix to the attribute
	// name.
	//
	// This member is required.
	UserAttributeNames []string

	// The user pool ID for the user pool where you want to delete user attributes.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminDeleteUserAttributesOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminDeleteUserInput struct {

	// The user pool ID for the user pool where you want to delete the user.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminDeleteUserOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminDisableProviderForUserInput struct {

	// The user to be disabled.
	//
	// This member is required.
	User *types.ProviderUserIdentifierType

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type AdminDisableProviderForUserOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminDisableUserInput struct {

	// The user pool ID for the user pool where you want to disable the user.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminDisableUserOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminEnableUserInput struct {

	// The user pool ID for the user pool where you want to enable the user.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminEnableUserOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminForgetDeviceInput struct {

	// The device key.
	//
	// This member is required.
	DeviceKey *string

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminForgetDeviceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminGetDeviceInput struct {

	// The device key.
	//
	// This member is required.
	DeviceKey *string

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminGetDeviceOutput struct {

	// The device.
	//
	// This member is required.
	Device *types.DeviceType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminGetUserInput struct {

	// The user pool ID for the user pool where you want to get information about the
	// user.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminGetUserOutput struct {

	// The username of the user that you requested.
	//
	// This member is required.
	Username *string

	// Indicates that the status is enabled .
	Enabled bool

	// This response parameter is no longer supported. It provides information only
	// about SMS MFA configurations. It doesn't provide information about time-based
	// one-time password (TOTP) software token MFA configurations. To look up
	// information about either type of MFA configuration, use UserMFASettingList
	// instead.
	MFAOptions []types.MFAOptionType

	// The user's preferred MFA setting.
	PreferredMfaSetting *string

	// An array of name-value pairs representing user attributes.
	UserAttributes []types.AttributeType

	// The date the user was created.
	UserCreateDate *time.Time

	// The date and time, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html)
	// format, when the item was modified.
	UserLastModifiedDate *time.Time

	// The MFA options that are activated for the user. The possible values in this
	// list are SMS_MFA and SOFTWARE_TOKEN_MFA .
	UserMFASettingList []string

	// The user status. Can be one of the following:
	//   - UNCONFIRMED - User has been created but not confirmed.
	//   - CONFIRMED - User has been confirmed.
	//   - UNKNOWN - User status isn't known.
	//   - RESET_REQUIRED - User is confirmed, but the user must request a code and
	//   reset their password before they can sign in.
	//   - FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in
	//   using a temporary password, but on first sign-in, the user must change their
	//   password to a new value before doing anything else.
	UserStatus types.UserStatusType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminInitiateAuthInput struct {

	// The authentication flow for this call to run. The API action will depend on
	// this value. For example:
	//   - REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.
	//   - USER_SRP_AUTH will take in USERNAME and SRP_A and return the Secure Remote
	//   Password (SRP) protocol variables to be used for next challenge execution.
	//   - ADMIN_USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the
	//   next challenge or tokens.
	// Valid values include:
	//   - USER_SRP_AUTH : Authentication flow for the Secure Remote Password (SRP)
	//   protocol.
	//   - REFRESH_TOKEN_AUTH / REFRESH_TOKEN : Authentication flow for refreshing the
	//   access token and ID token by supplying a valid refresh token.
	//   - CUSTOM_AUTH : Custom authentication flow.
	//   - ADMIN_NO_SRP_AUTH : Non-SRP authentication flow; you can pass in the
	//   USERNAME and PASSWORD directly if the flow is enabled for calling the app
	//   client.
	//   - ADMIN_USER_PASSWORD_AUTH : Admin-based user password authentication. This
	//   replaces the ADMIN_NO_SRP_AUTH authentication flow. In this flow, Amazon
	//   Cognito receives the password in the request instead of using the SRP process to
	//   verify passwords.
	//
	// This member is required.
	AuthFlow types.AuthFlowType

	// The app client ID.
	//
	// This member is required.
	ClientId *string

	// The ID of the Amazon Cognito user pool.
	//
	// This member is required.
	UserPoolId *string

	// The analytics metadata for collecting Amazon Pinpoint metrics for
	// AdminInitiateAuth calls.
	AnalyticsMetadata *types.AnalyticsMetadataType

	// The authentication parameters. These are inputs corresponding to the AuthFlow
	// that you're invoking. The required values depend on the value of AuthFlow :
	//   - For USER_SRP_AUTH : USERNAME (required), SRP_A (required), SECRET_HASH
	//   (required if the app client is configured with a client secret), DEVICE_KEY .
	//   - For ADMIN_USER_PASSWORD_AUTH : USERNAME (required), PASSWORD (required),
	//   SECRET_HASH (required if the app client is configured with a client secret),
	//   DEVICE_KEY .
	//   - For REFRESH_TOKEN_AUTH/REFRESH_TOKEN : REFRESH_TOKEN (required), SECRET_HASH
	//   (required if the app client is configured with a client secret), DEVICE_KEY .
	//   - For CUSTOM_AUTH : USERNAME (required), SECRET_HASH (if app client is
	//   configured with client secret), DEVICE_KEY . To start the authentication flow
	//   with password verification, include ChallengeName: SRP_A and SRP_A: (The
	//   SRP_A Value) .
	// For more information about SECRET_HASH , see Computing secret hash values (https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash)
	// . For information about DEVICE_KEY , see Working with user devices in your user
	// pool (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)
	// .
	AuthParameters map[string]string

	// A map of custom key-value pairs that you can provide as input for certain
	// custom workflows that this action triggers. You create custom workflows by
	// assigning Lambda functions to user pool triggers. When you use the
	// AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that
	// are specified for various triggers. The ClientMetadata value is passed as input
	// to the functions for only the following triggers:
	//   - Pre signup
	//   - Pre authentication
	//   - User migration
	// When Amazon Cognito invokes the functions for these triggers, it passes a JSON
	// payload, which the function receives as input. This payload contains a
	// validationData attribute, which provides the data that you assigned to the
	// ClientMetadata parameter in your AdminInitiateAuth request. In your function
	// code in Lambda, you can process the validationData value to enhance your
	// workflow for your specific needs. When you use the AdminInitiateAuth API action,
	// Amazon Cognito also invokes the functions for the following triggers, but it
	// doesn't provide the ClientMetadata value as input:
	//   - Post authentication
	//   - Custom message
	//   - Pre token generation
	//   - Create auth challenge
	//   - Define auth challenge
	// For more information, see  Customizing user pool Workflows with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string

	// Contextual data about your user session, such as the device fingerprint, IP
	// address, or location. Amazon Cognito advanced security evaluates the risk of an
	// authentication event based on the context that your app generates and passes to
	// Amazon Cognito when it makes API requests.
	ContextData *types.ContextDataType
	// contains filtered or unexported fields
}

type AdminInitiateAuthOutput struct {

	// The result of the authentication response. This is only returned if the caller
	// doesn't need to pass another challenge. If the caller does need to pass another
	// challenge before it gets tokens, ChallengeName , ChallengeParameters , and
	// Session are returned.
	AuthenticationResult *types.AuthenticationResultType

	// The name of the challenge that you're responding to with this call. This is
	// returned in the AdminInitiateAuth response if you must pass another challenge.
	//   - MFA_SETUP : If MFA is required, users who don't have at least one of the MFA
	//   methods set up are presented with an MFA_SETUP challenge. The user must set up
	//   at least one MFA type to continue to authenticate.
	//   - SELECT_MFA_TYPE : Selects the MFA type. Valid MFA options are SMS_MFA for
	//   text SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP)
	//   software token MFA.
	//   - SMS_MFA : Next challenge is to supply an SMS_MFA_CODE , delivered via SMS.
	//   - PASSWORD_VERIFIER : Next challenge is to supply PASSWORD_CLAIM_SIGNATURE ,
	//   PASSWORD_CLAIM_SECRET_BLOCK , and TIMESTAMP after the client-side SRP
	//   calculations.
	//   - CUSTOM_CHALLENGE : This is returned if your custom authentication flow
	//   determines that the user should pass another challenge before tokens are issued.
	//
	//   - DEVICE_SRP_AUTH : If device tracking was activated in your user pool and the
	//   previous challenges were passed, this challenge is returned so that Amazon
	//   Cognito can start tracking this device.
	//   - DEVICE_PASSWORD_VERIFIER : Similar to PASSWORD_VERIFIER , but for devices
	//   only.
	//   - ADMIN_NO_SRP_AUTH : This is returned if you must authenticate with USERNAME
	//   and PASSWORD directly. An app client must be enabled to use this flow.
	//   - NEW_PASSWORD_REQUIRED : For users who are required to change their passwords
	//   after successful first login. Respond to this challenge with NEW_PASSWORD and
	//   any required attributes that Amazon Cognito returned in the requiredAttributes
	//   parameter. You can also set values for attributes that aren't required by your
	//   user pool and that your app client can write. For more information, see
	//   AdminRespondToAuthChallenge (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html)
	//   . In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required
	//   attribute that already has a value. In AdminRespondToAuthChallenge , set a
	//   value for any keys that Amazon Cognito returned in the requiredAttributes
	//   parameter, then use the AdminUpdateUserAttributes API operation to modify the
	//   value of any additional attributes.
	//   - MFA_SETUP : For users who are required to set up an MFA factor before they
	//   can sign in. The MFA types activated for the user pool will be listed in the
	//   challenge parameters MFAS_CAN_SETUP value. To set up software token MFA, use
	//   the session returned here from InitiateAuth as an input to
	//   AssociateSoftwareToken , and use the session returned by VerifySoftwareToken
	//   as an input to RespondToAuthChallenge with challenge name MFA_SETUP to
	//   complete sign-in. To set up SMS MFA, users will need help from an administrator
	//   to add a phone number to their account and then call InitiateAuth again to
	//   restart sign-in.
	ChallengeName types.ChallengeNameType

	// The challenge parameters. These are returned to you in the AdminInitiateAuth
	// response if you must pass another challenge. The responses in this parameter
	// should be used to compute inputs to the next call ( AdminRespondToAuthChallenge
	// ). All challenges require USERNAME and SECRET_HASH (if applicable). The value
	// of the USER_ID_FOR_SRP attribute is the user's actual username, not an alias
	// (such as email address or phone number), even if you specified an alias in your
	// call to AdminInitiateAuth . This happens because, in the
	// AdminRespondToAuthChallenge API ChallengeResponses , the USERNAME attribute
	// can't be an alias.
	ChallengeParameters map[string]string

	// The session that should be passed both ways in challenge-response calls to the
	// service. If AdminInitiateAuth or AdminRespondToAuthChallenge API call
	// determines that the caller must pass another challenge, they return a session
	// with other challenge parameters. This session should be passed as it is to the
	// next AdminRespondToAuthChallenge API call.
	Session *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminLinkProviderForUserInput struct {

	// The existing user in the user pool that you want to assign to the external IdP
	// user account. This user can be a local (Username + Password) Amazon Cognito user
	// pools user or a federated user (for example, a SAML or Facebook user). If the
	// user doesn't exist, Amazon Cognito generates an exception. Amazon Cognito
	// returns this user when the new user (with the linked IdP attribute) signs in.
	// For a native username + password user, the ProviderAttributeValue for the
	// DestinationUser should be the username in the user pool. For a federated user,
	// it should be the provider-specific user_id . The ProviderAttributeName of the
	// DestinationUser is ignored. The ProviderName should be set to Cognito for users
	// in Cognito user pools. All attributes in the DestinationUser profile must be
	// mutable. If you have assigned the user any immutable custom attributes, the
	// operation won't succeed.
	//
	// This member is required.
	DestinationUser *types.ProviderUserIdentifierType

	// An external IdP account for a user who doesn't exist yet in the user pool. This
	// user must be a federated user (for example, a SAML or Facebook user), not
	// another native user. If the SourceUser is using a federated social IdP, such as
	// Facebook, Google, or Login with Amazon, you must set the ProviderAttributeName
	// to Cognito_Subject . For social IdPs, the ProviderName will be Facebook , Google
	// , or LoginWithAmazon , and Amazon Cognito will automatically parse the Facebook,
	// Google, and Login with Amazon tokens for id , sub , and user_id , respectively.
	// The ProviderAttributeValue for the user must be the same value as the id , sub ,
	// or user_id value found in the social IdP token. For OIDC, the
	// ProviderAttributeName can be any value that matches a claim in the ID token, or
	// that your app retrieves from the userInfo endpoint. You must map the claim to a
	// user pool attribute in your IdP configuration, and set the user pool attribute
	// name as the value of ProviderAttributeName in your AdminLinkProviderForUser
	// request. For SAML, the ProviderAttributeName can be any value that matches a
	// claim in the SAML assertion. To link SAML users based on the subject of the SAML
	// assertion, map the subject to a claim through the SAML IdP and set that claim
	// name as the value of ProviderAttributeName in your AdminLinkProviderForUser
	// request. For both OIDC and SAML users, when you set ProviderAttributeName to
	// Cognito_Subject , Amazon Cognito will automatically parse the default unique
	// identifier found in the subject from the IdP token.
	//
	// This member is required.
	SourceUser *types.ProviderUserIdentifierType

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type AdminLinkProviderForUserOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminListDevicesInput struct {

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// The limit of the devices request.
	Limit *int32

	// This API operation returns a limited number of results. The pagination token is
	// an identifier that you can present in an additional API request with the same
	// parameters. When you include the pagination token, Amazon Cognito returns the
	// next set of items after the current list. Subsequent requests return a new
	// pagination token. By use of this token, you can paginate through the full list
	// of items.
	PaginationToken *string
	// contains filtered or unexported fields
}

type AdminListDevicesOutput struct {

	// The devices in the list of devices response.
	Devices []types.DeviceType

	// The identifier that Amazon Cognito returned with the previous request to this
	// operation. When you include a pagination token in your request, Amazon Cognito
	// returns the next set of items in the list. By use of this token, you can
	// paginate through the full list of items.
	PaginationToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminListGroupsForUserAPIClient interface {
	AdminListGroupsForUser(context.Context, *AdminListGroupsForUserInput, ...func(*Options)) (*AdminListGroupsForUserOutput, error)
}

type AdminListGroupsForUserInput struct {

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// The limit of the request to list groups.
	Limit *int32

	// An identifier that was returned from the previous call to this operation, which
	// can be used to return the next set of items in the list.
	NextToken *string
	// contains filtered or unexported fields
}

type AdminListGroupsForUserOutput struct {

	// The groups that the user belongs to.
	Groups []types.GroupType

	// An identifier that was returned from the previous call to this operation, which
	// can be used to return the next set of items in the list.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminListGroupsForUserPaginator struct {
	// contains filtered or unexported fields
}

type AdminListGroupsForUserPaginatorOptions struct {
	// The limit of the request to list groups.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

type AdminListUserAuthEventsAPIClient interface {
	AdminListUserAuthEvents(context.Context, *AdminListUserAuthEventsInput, ...func(*Options)) (*AdminListUserAuthEventsOutput, error)
}

type AdminListUserAuthEventsInput struct {

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// The maximum number of authentication events to return. Returns 60 events if you
	// set MaxResults to 0, or if you don't include a MaxResults parameter.
	MaxResults *int32

	// A pagination token.
	NextToken *string
	// contains filtered or unexported fields
}

type AdminListUserAuthEventsOutput struct {

	// The response object. It includes the EventID , EventType , CreationDate ,
	// EventRisk , and EventResponse .
	AuthEvents []types.AuthEventType

	// A pagination token.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminListUserAuthEventsPaginator struct {
	// contains filtered or unexported fields
}

type AdminListUserAuthEventsPaginatorOptions struct {
	// The maximum number of authentication events to return. Returns 60 events if you
	// set MaxResults to 0, or if you don't include a MaxResults parameter.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

type AdminRemoveUserFromGroupInput struct {

	// The group name.
	//
	// This member is required.
	GroupName *string

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminRemoveUserFromGroupOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminResetUserPasswordInput struct {

	// The user pool ID for the user pool where you want to reset the user's password.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the AdminResetUserPassword
	// API action, Amazon Cognito invokes the function that is assigned to the custom
	// message trigger. When Amazon Cognito invokes this function, it passes a JSON
	// payload, which the function receives as input. This payload contains a
	// clientMetadata attribute, which provides the data that you assigned to the
	// ClientMetadata parameter in your AdminResetUserPassword request. In your
	// function code in Lambda, you can process the clientMetadata value to enhance
	// your workflow for your specific needs. For more information, see Customizing
	// user pool Workflows with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string
	// contains filtered or unexported fields
}

type AdminResetUserPasswordOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminRespondToAuthChallengeInput struct {

	// The challenge name. For more information, see AdminInitiateAuth (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html)
	// .
	//
	// This member is required.
	ChallengeName types.ChallengeNameType

	// The app client ID.
	//
	// This member is required.
	ClientId *string

	// The ID of the Amazon Cognito user pool.
	//
	// This member is required.
	UserPoolId *string

	// The analytics metadata for collecting Amazon Pinpoint metrics for
	// AdminRespondToAuthChallenge calls.
	AnalyticsMetadata *types.AnalyticsMetadataType

	// The responses to the challenge that you received in the previous request. Each
	// challenge has its own required response parameters. The following examples are
	// partial JSON request bodies that highlight challenge-response parameters. You
	// must provide a SECRET_HASH parameter in all challenge responses to an app client
	// that has a client secret. SMS_MFA "ChallengeName": "SMS_MFA",
	// "ChallengeResponses": {"SMS_MFA_CODE": "[SMS_code]", "USERNAME": "[username]"}
	// PASSWORD_VERIFIER "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
	// {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK":
	// "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"} Add
	// "DEVICE_KEY" when you sign in with a remembered device. CUSTOM_CHALLENGE
	// "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME":
	// "[username]", "ANSWER": "[challenge_answer]"} Add "DEVICE_KEY" when you sign in
	// with a remembered device. NEW_PASSWORD_REQUIRED "ChallengeName":
	// "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD":
	// "[new_password]", "USERNAME": "[username]"} To set any required attributes that
	// InitiateAuth returned in an requiredAttributes parameter, add
	// "userAttributes.[attribute_name]": "[attribute_value]" . This parameter can also
	// set values for writable attributes that aren't required by your user pool. In a
	// NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute
	// that already has a value. In RespondToAuthChallenge , set a value for any keys
	// that Amazon Cognito returned in the requiredAttributes parameter, then use the
	// UpdateUserAttributes API operation to modify the value of any additional
	// attributes. SOFTWARE_TOKEN_MFA "ChallengeName": "SOFTWARE_TOKEN_MFA",
	// "ChallengeResponses": {"USERNAME": "[username]", "SOFTWARE_TOKEN_MFA_CODE":
	// [authenticator_code]} DEVICE_SRP_AUTH "ChallengeName": "DEVICE_SRP_AUTH",
	// "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]",
	// "SRP_A": "[srp_a]"} DEVICE_PASSWORD_VERIFIER "ChallengeName":
	// "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY": "[device_key]",
	// "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK":
	// "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"} MFA_SETUP
	// "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"},
	// "SESSION": "[Session ID from VerifySoftwareToken]" SELECT_MFA_TYPE
	// "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME":
	// "[username]", "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"} For more information
	// about SECRET_HASH , see Computing secret hash values (https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash)
	// . For information about DEVICE_KEY , see Working with user devices in your user
	// pool (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)
	// .
	ChallengeResponses map[string]string

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the
	// AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions
	// that you have assigned to the following triggers:
	//   - pre sign-up
	//   - custom message
	//   - post authentication
	//   - user migration
	//   - pre token generation
	//   - define auth challenge
	//   - create auth challenge
	//   - verify auth challenge response
	// When Amazon Cognito invokes any of these functions, it passes a JSON payload,
	// which the function receives as input. This payload contains a clientMetadata
	// attribute that provides the data that you assigned to the ClientMetadata
	// parameter in your AdminRespondToAuthChallenge request. In your function code in
	// Lambda, you can process the clientMetadata value to enhance your workflow for
	// your specific needs. For more information, see Customizing user pool Workflows
	// with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string

	// Contextual data about your user session, such as the device fingerprint, IP
	// address, or location. Amazon Cognito advanced security evaluates the risk of an
	// authentication event based on the context that your app generates and passes to
	// Amazon Cognito when it makes API requests.
	ContextData *types.ContextDataType

	// The session that should be passed both ways in challenge-response calls to the
	// service. If an InitiateAuth or RespondToAuthChallenge API call determines that
	// the caller must pass another challenge, it returns a session with other
	// challenge parameters. This session should be passed as it is to the next
	// RespondToAuthChallenge API call.
	Session *string
	// contains filtered or unexported fields
}

type AdminRespondToAuthChallengeOutput struct {

	// The result returned by the server in response to the authentication request.
	AuthenticationResult *types.AuthenticationResultType

	// The name of the challenge. For more information, see AdminInitiateAuth (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html)
	// .
	ChallengeName types.ChallengeNameType

	// The challenge parameters. For more information, see AdminInitiateAuth (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html)
	// .
	ChallengeParameters map[string]string

	// The session that should be passed both ways in challenge-response calls to the
	// service. If the caller must pass another challenge, they return a session with
	// other challenge parameters. This session should be passed as it is to the next
	// RespondToAuthChallenge API call.
	Session *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminSetUserMFAPreferenceInput struct {

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// The SMS text message MFA settings.
	SMSMfaSettings *types.SMSMfaSettingsType

	// The time-based one-time password software token MFA settings.
	SoftwareTokenMfaSettings *types.SoftwareTokenMfaSettingsType
	// contains filtered or unexported fields
}

type AdminSetUserMFAPreferenceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminSetUserPasswordInput struct {

	// The password for the user.
	//
	// This member is required.
	Password *string

	// The user pool ID for the user pool where you want to set the user's password.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// True if the password is permanent, False if it is temporary.
	Permanent bool
	// contains filtered or unexported fields
}

type AdminSetUserPasswordOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminSetUserSettingsInput struct {

	// You can use this parameter only to set an SMS configuration that uses SMS for
	// delivery.
	//
	// This member is required.
	MFAOptions []types.MFAOptionType

	// The ID of the user pool that contains the user whose options you're setting.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminSetUserSettingsOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminUpdateAuthEventFeedbackInput struct {

	// The authentication event ID.
	//
	// This member is required.
	EventId *string

	// The authentication event feedback value. When you provide a FeedbackValue value
	// of valid , you tell Amazon Cognito that you trust a user session where Amazon
	// Cognito has evaluated some level of risk. When you provide a FeedbackValue
	// value of invalid , you tell Amazon Cognito that you don't trust a user session,
	// or you don't believe that Amazon Cognito evaluated a high-enough risk level.
	//
	// This member is required.
	FeedbackValue types.FeedbackValueType

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminUpdateAuthEventFeedbackOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminUpdateDeviceStatusInput struct {

	// The device key.
	//
	// This member is required.
	DeviceKey *string

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// The status indicating whether a device has been remembered or not.
	DeviceRememberedStatus types.DeviceRememberedStatusType
	// contains filtered or unexported fields
}

type AdminUpdateDeviceStatusOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminUpdateUserAttributesInput struct {

	// An array of name-value pairs representing user attributes. For custom
	// attributes, you must prepend the custom: prefix to the attribute name. If your
	// user pool requires verification before Amazon Cognito updates an attribute value
	// that you specify in this request, Amazon Cognito doesn’t immediately update the
	// value of that attribute. After your user receives and responds to a verification
	// message to verify the new value, Amazon Cognito updates the attribute value.
	// Your user can sign in and receive messages with the original attribute value
	// until they verify the new value. To update the value of an attribute that
	// requires verification in the same API request, include the email_verified or
	// phone_number_verified attribute, with a value of true . If you set the
	// email_verified or phone_number_verified value for an email or phone_number
	// attribute that requires verification to true , Amazon Cognito doesn’t send a
	// verification message to your user.
	//
	// This member is required.
	UserAttributes []types.AttributeType

	// The user pool ID for the user pool where you want to update user attributes.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the
	// AdminUpdateUserAttributes API action, Amazon Cognito invokes the function that
	// is assigned to the custom message trigger. When Amazon Cognito invokes this
	// function, it passes a JSON payload, which the function receives as input. This
	// payload contains a clientMetadata attribute, which provides the data that you
	// assigned to the ClientMetadata parameter in your AdminUpdateUserAttributes
	// request. In your function code in Lambda, you can process the clientMetadata
	// value to enhance your workflow for your specific needs. For more information,
	// see Customizing user pool Workflows with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string
	// contains filtered or unexported fields
}

type AdminUpdateUserAttributesOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AdminUserGlobalSignOutInput struct {

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string
	// contains filtered or unexported fields
}

type AdminUserGlobalSignOutOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AssociateSoftwareTokenInput struct {

	// A valid access token that Amazon Cognito issued to the user whose software
	// token you want to generate.
	AccessToken *string

	// The session that should be passed both ways in challenge-response calls to the
	// service. This allows authentication of the user as part of the MFA setup
	// process.
	Session *string
	// contains filtered or unexported fields
}

type AssociateSoftwareTokenOutput struct {

	// A unique generated shared secret code that is used in the TOTP algorithm to
	// generate a one-time code.
	SecretCode *string

	// The session that should be passed both ways in challenge-response calls to the
	// service. This allows authentication of the user as part of the MFA setup
	// process.
	Session *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AuthResolverParameters struct {
	// The name of the operation being invoked.
	Operation string

	// The region in which the operation is being invoked.
	Region string
}

type AuthSchemeResolver interface {
	ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}

type ChangePasswordInput struct {

	// A valid access token that Amazon Cognito issued to the user whose password you
	// want to change.
	//
	// This member is required.
	AccessToken *string

	// The old password.
	//
	// This member is required.
	PreviousPassword *string

	// The new password.
	//
	// This member is required.
	ProposedPassword *string
	// contains filtered or unexported fields
}

type ChangePasswordOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type Client struct {
	// contains filtered or unexported fields
}

type ConfirmDeviceInput struct {

	// A valid access token that Amazon Cognito issued to the user whose device you
	// want to confirm.
	//
	// This member is required.
	AccessToken *string

	// The device key.
	//
	// This member is required.
	DeviceKey *string

	// The device name.
	DeviceName *string

	// The configuration of the device secret verifier.
	DeviceSecretVerifierConfig *types.DeviceSecretVerifierConfigType
	// contains filtered or unexported fields
}

type ConfirmDeviceOutput struct {

	// Indicates whether the user confirmation must confirm the device response.
	UserConfirmationNecessary bool

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ConfirmForgotPasswordInput struct {

	// The app client ID of the app associated with the user pool.
	//
	// This member is required.
	ClientId *string

	// The confirmation code from your user's request to reset their password. For
	// more information, see ForgotPassword (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html)
	// .
	//
	// This member is required.
	ConfirmationCode *string

	// The new password that your user wants to set.
	//
	// This member is required.
	Password *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// The Amazon Pinpoint analytics metadata for collecting metrics for
	// ConfirmForgotPassword calls.
	AnalyticsMetadata *types.AnalyticsMetadataType

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the ConfirmForgotPassword
	// API action, Amazon Cognito invokes the function that is assigned to the post
	// confirmation trigger. When Amazon Cognito invokes this function, it passes a
	// JSON payload, which the function receives as input. This payload contains a
	// clientMetadata attribute, which provides the data that you assigned to the
	// ClientMetadata parameter in your ConfirmForgotPassword request. In your function
	// code in Lambda, you can process the clientMetadata value to enhance your
	// workflow for your specific needs. For more information, see Customizing user
	// pool Workflows with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string

	// A keyed-hash message authentication code (HMAC) calculated using the secret key
	// of a user pool client and username plus the client ID in the message. For more
	// information about SecretHash , see Computing secret hash values (https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash)
	// .
	SecretHash *string

	// Contextual data about your user session, such as the device fingerprint, IP
	// address, or location. Amazon Cognito advanced security evaluates the risk of an
	// authentication event based on the context that your app generates and passes to
	// Amazon Cognito when it makes API requests.
	UserContextData *types.UserContextDataType
	// contains filtered or unexported fields
}

type ConfirmForgotPasswordOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ConfirmSignUpInput struct {

	// The ID of the app client associated with the user pool.
	//
	// This member is required.
	ClientId *string

	// The confirmation code sent by a user's request to confirm registration.
	//
	// This member is required.
	ConfirmationCode *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// The Amazon Pinpoint analytics metadata for collecting metrics for ConfirmSignUp
	// calls.
	AnalyticsMetadata *types.AnalyticsMetadataType

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the ConfirmSignUp API
	// action, Amazon Cognito invokes the function that is assigned to the post
	// confirmation trigger. When Amazon Cognito invokes this function, it passes a
	// JSON payload, which the function receives as input. This payload contains a
	// clientMetadata attribute, which provides the data that you assigned to the
	// ClientMetadata parameter in your ConfirmSignUp request. In your function code in
	// Lambda, you can process the clientMetadata value to enhance your workflow for
	// your specific needs. For more information, see Customizing user pool Workflows
	// with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string

	// Boolean to be specified to force user confirmation irrespective of existing
	// alias. By default set to False . If this parameter is set to True and the phone
	// number/email used for sign up confirmation already exists as an alias with a
	// different user, the API call will migrate the alias from the previous user to
	// the newly created user being confirmed. If set to False , the API will throw an
	// AliasExistsException error.
	ForceAliasCreation bool

	// A keyed-hash message authentication code (HMAC) calculated using the secret key
	// of a user pool client and username plus the client ID in the message.
	SecretHash *string

	// Contextual data about your user session, such as the device fingerprint, IP
	// address, or location. Amazon Cognito advanced security evaluates the risk of an
	// authentication event based on the context that your app generates and passes to
	// Amazon Cognito when it makes API requests.
	UserContextData *types.UserContextDataType
	// contains filtered or unexported fields
}

type ConfirmSignUpOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateGroupInput struct {

	// The name of the group. Must be unique.
	//
	// This member is required.
	GroupName *string

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string

	// A string containing the description of the group.
	Description *string

	// A non-negative integer value that specifies the precedence of this group
	// relative to the other groups that a user can belong to in the user pool. Zero is
	// the highest precedence value. Groups with lower Precedence values take
	// precedence over groups with higher or null Precedence values. If a user belongs
	// to two or more groups, it is the group with the lowest precedence value whose
	// role ARN is given in the user's tokens for the cognito:roles and
	// cognito:preferred_role claims. Two groups can have the same Precedence value.
	// If this happens, neither group takes precedence over the other. If two groups
	// with the same Precedence have the same role ARN, that role is used in the
	// cognito:preferred_role claim in tokens for users in each group. If the two
	// groups have different role ARNs, the cognito:preferred_role claim isn't set in
	// users' tokens. The default Precedence value is null. The maximum Precedence
	// value is 2^31-1 .
	Precedence *int32

	// The role Amazon Resource Name (ARN) for the group.
	RoleArn *string
	// contains filtered or unexported fields
}

type CreateGroupOutput struct {

	// The group object for the group.
	Group *types.GroupType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateIdentityProviderInput struct {

	// The scopes, URLs, and identifiers for your external identity provider. The
	// following examples describe the provider detail keys for each IdP type. These
	// values and their schema are subject to change. Social IdP authorize_scopes
	// values must match the values listed here. OpenID Connect (OIDC) Amazon Cognito
	// accepts the following elements when it can't discover endpoint URLs from
	// oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url . Create or
	// update request: "ProviderDetails": { "attributes_request_method": "GET",
	// "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes":
	// "openid profile email", "authorize_url": "https://auth.example.com/authorize",
	// "client_id": "1example23456789", "client_secret": "provider-app-client-secret",
	// "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer":
	// "https://auth.example.com", "token_url": "https://example.com/token" } Describe
	// response: "ProviderDetails": { "attributes_request_method": "GET",
	// "attributes_url": "https://auth.example.com/userInfo",
	// "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile
	// email", "authorize_url": "https://auth.example.com/authorize", "client_id":
	// "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri":
	// "https://auth.example.com/.well-known/jwks.json", "oidc_issuer":
	// "https://auth.example.com", "token_url": "https://example.com/token" } SAML
	// Create or update request with Metadata URL: "ProviderDetails": { "IDPInit":
	// "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL":
	// "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm":
	// "rsa-sha256" } Create or update request with Metadata file: "ProviderDetails":
	// { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true",
	// "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" } The
	// value of MetadataFile must be the plaintext metadata document with all quote
	// (") characters escaped by backslashes. Describe response: "ProviderDetails": {
	// "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true",
	// "ActiveEncryptionCertificate": "[certificate]", "MetadataURL":
	// "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm":
	// "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml",
	// "SSORedirectBindingURI": "https://auth.example.com/sso/saml" } LoginWithAmazon
	// Create or update request: "ProviderDetails": { "authorize_scopes": "profile
	// postal_code", "client_id": "amzn1.application-oa2-client.1example23456789",
	// "client_secret": "provider-app-client-secret" Describe response:
	// "ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile",
	// "attributes_url_add_attributes": "false", "authorize_scopes": "profile
	// postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id":
	// "amzn1.application-oa2-client.1example23456789", "client_secret":
	// "provider-app-client-secret", "token_request_method": "POST", "token_url":
	// "https://api.amazon.com/auth/o2/token" } Google Create or update request:
	// "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id":
	// "1example23456789.apps.googleusercontent.com", "client_secret":
	// "provider-app-client-secret" } Describe response: "ProviderDetails": {
	// "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=",
	// "attributes_url_add_attributes": "true", "authorize_scopes": "email profile
	// openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth",
	// "client_id": "1example23456789.apps.googleusercontent.com", "client_secret":
	// "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com",
	// "token_request_method": "POST", "token_url":
	// "https://www.googleapis.com/oauth2/v4/token" } SignInWithApple Create or update
	// request: "ProviderDetails": { "authorize_scopes": "email name", "client_id":
	// "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE",
	// "team_id": "3EXAMPLE" } Describe response: "ProviderDetails": {
	// "attributes_url_add_attributes": "false", "authorize_scopes": "email name",
	// "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id":
	// "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer":
	// "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method":
	// "POST", "token_url": "https://appleid.apple.com/auth/token" } Facebook Create or
	// update request: "ProviderDetails": { "api_version": "v17.0",
	// "authorize_scopes": "public_profile, email", "client_id": "1example23456789",
	// "client_secret": "provider-app-client-secret" } Describe response:
	// "ProviderDetails": { "api_version": "v17.0", "attributes_url":
	// "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes":
	// "true", "authorize_scopes": "public_profile, email", "authorize_url":
	// "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789",
	// "client_secret": "provider-app-client-secret", "token_request_method": "GET",
	// "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }
	//
	// This member is required.
	ProviderDetails map[string]string

	// The IdP name.
	//
	// This member is required.
	ProviderName *string

	// The IdP type.
	//
	// This member is required.
	ProviderType types.IdentityProviderTypeType

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// A mapping of IdP attributes to standard and custom user pool attributes.
	AttributeMapping map[string]string

	// A list of IdP identifiers.
	IdpIdentifiers []string
	// contains filtered or unexported fields
}

type CreateIdentityProviderOutput struct {

	// The newly created IdP object.
	//
	// This member is required.
	IdentityProvider *types.IdentityProviderType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateResourceServerInput struct {

	// A unique resource server identifier for the resource server. This could be an
	// HTTPS endpoint where the resource server is located, such as
	// https://my-weather-api.example.com .
	//
	// This member is required.
	Identifier *string

	// A friendly name for the resource server.
	//
	// This member is required.
	Name *string

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string

	// A list of scopes. Each scope is a key-value map with the keys name and
	// description .
	Scopes []types.ResourceServerScopeType
	// contains filtered or unexported fields
}

type CreateResourceServerOutput struct {

	// The newly created resource server.
	//
	// This member is required.
	ResourceServer *types.ResourceServerType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateUserImportJobInput struct {

	// The role ARN for the Amazon CloudWatch Logs Logging role for the user import
	// job.
	//
	// This member is required.
	CloudWatchLogsRoleArn *string

	// The job name for the user import job.
	//
	// This member is required.
	JobName *string

	// The user pool ID for the user pool that the users are being imported into.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type CreateUserImportJobOutput struct {

	// The job object that represents the user import job.
	UserImportJob *types.UserImportJobType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateUserPoolClientInput struct {

	// The client name for the user pool client you would like to create.
	//
	// This member is required.
	ClientName *string

	// The user pool ID for the user pool where you want to create a user pool client.
	//
	// This member is required.
	UserPoolId *string

	// The access token time limit. After this limit expires, your user can't use
	// their access token. To specify the time unit for AccessTokenValidity as seconds
	// , minutes , hours , or days , set a TokenValidityUnits value in your API
	// request. For example, when you set AccessTokenValidity to 10 and
	// TokenValidityUnits to hours , your user can authorize access with their access
	// token for 10 hours. The default time unit for AccessTokenValidity in an API
	// request is hours. Valid range is displayed below in seconds. If you don't
	// specify otherwise in the configuration of your app client, your access tokens
	// are valid for one hour.
	AccessTokenValidity *int32

	// The OAuth grant types that you want your app client to generate. To create an
	// app client that generates client credentials grants, you must add
	// client_credentials as the only allowed OAuth flow. code Use a code grant flow,
	// which provides an authorization code as the response. This code can be exchanged
	// for access tokens with the /oauth2/token endpoint. implicit Issue the access
	// token (and, optionally, ID token, based on scopes) directly to your user.
	// client_credentials Issue the access token from the /oauth2/token endpoint
	// directly to a non-person user using a combination of the client ID and client
	// secret.
	AllowedOAuthFlows []types.OAuthFlowType

	// Set to true to use OAuth 2.0 features in your user pool app client.
	// AllowedOAuthFlowsUserPoolClient must be true before you can configure the
	// following features in your app client.
	//   - CallBackURLs : Callback URLs.
	//   - LogoutURLs : Sign-out redirect URLs.
	//   - AllowedOAuthScopes : OAuth 2.0 scopes.
	//   - AllowedOAuthFlows : Support for authorization code, implicit, and client
	//   credentials OAuth 2.0 grants.
	// To use OAuth 2.0 features, configure one of these features in the Amazon
	// Cognito console or set AllowedOAuthFlowsUserPoolClient to true in a
	// CreateUserPoolClient or UpdateUserPoolClient API request. If you don't set a
	// value for AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it
	// defaults to false .
	AllowedOAuthFlowsUserPoolClient bool

	// The allowed OAuth scopes. Possible values provided by OAuth are phone , email ,
	// openid , and profile . Possible values provided by Amazon Web Services are
	// aws.cognito.signin.user.admin . Custom scopes created in Resource Servers are
	// also supported.
	AllowedOAuthScopes []string

	// The user pool analytics configuration for collecting metrics and sending them
	// to your Amazon Pinpoint campaign. In Amazon Web Services Regions where Amazon
	// Pinpoint isn't available, user pools only support sending events to Amazon
	// Pinpoint projects in Amazon Web Services Region us-east-1. In Regions where
	// Amazon Pinpoint is available, user pools support sending events to Amazon
	// Pinpoint projects within that same Region.
	AnalyticsConfiguration *types.AnalyticsConfigurationType

	// Amazon Cognito creates a session token for each API request in an
	// authentication flow. AuthSessionValidity is the duration, in minutes, of that
	// session token. Your user pool native user must respond to each authentication
	// challenge before the session expires.
	AuthSessionValidity *int32

	// A list of allowed redirect (callback) URLs for the IdPs. A redirect URI must:
	//   - Be an absolute URI.
	//   - Be registered with the authorization server.
	//   - Not include a fragment component.
	// See OAuth 2.0 - Redirection Endpoint (https://tools.ietf.org/html/rfc6749#section-3.1.2)
	// . Amazon Cognito requires HTTPS over HTTP except for http://localhost for
	// testing purposes only. App callback URLs such as myapp://example are also
	// supported.
	CallbackURLs []string

	// The default redirect URI. Must be in the CallbackURLs list. A redirect URI
	// must:
	//   - Be an absolute URI.
	//   - Be registered with the authorization server.
	//   - Not include a fragment component.
	// See OAuth 2.0 - Redirection Endpoint (https://tools.ietf.org/html/rfc6749#section-3.1.2)
	// . Amazon Cognito requires HTTPS over HTTP except for http://localhost for
	// testing purposes only. App callback URLs such as myapp://example are also
	// supported.
	DefaultRedirectURI *string

	// Activates the propagation of additional user context data. For more information
	// about propagation of user context data, see Adding advanced security to a user
	// pool (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html)
	// . If you don’t include this parameter, you can't send device fingerprint
	// information, including source IP address, to Amazon Cognito advanced security.
	// You can only activate EnablePropagateAdditionalUserContextData in an app client
	// that has a client secret.
	EnablePropagateAdditionalUserContextData *bool

	// Activates or deactivates token revocation. For more information about revoking
	// tokens, see RevokeToken (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html)
	// . If you don't include this parameter, token revocation is automatically
	// activated for the new user pool client.
	EnableTokenRevocation *bool

	// The authentication flows that you want your user pool client to support. For
	// each app client in your user pool, you can sign in your users with any
	// combination of one or more flows, including with a user name and Secure Remote
	// Password (SRP), a user name and password, or a custom authentication process
	// that you define with Lambda functions. If you don't specify a value for
	// ExplicitAuthFlows , your user client supports ALLOW_REFRESH_TOKEN_AUTH ,
	// ALLOW_USER_SRP_AUTH , and ALLOW_CUSTOM_AUTH . Valid values include:
	//   - ALLOW_ADMIN_USER_PASSWORD_AUTH : Enable admin based user password
	//   authentication flow ADMIN_USER_PASSWORD_AUTH . This setting replaces the
	//   ADMIN_NO_SRP_AUTH setting. With this authentication flow, your app passes a
	//   user name and password to Amazon Cognito in the request, instead of using the
	//   Secure Remote Password (SRP) protocol to securely transmit the password.
	//   - ALLOW_CUSTOM_AUTH : Enable Lambda trigger based authentication.
	//   - ALLOW_USER_PASSWORD_AUTH : Enable user password-based authentication. In
	//   this flow, Amazon Cognito receives the password in the request instead of using
	//   the SRP protocol to verify passwords.
	//   - ALLOW_USER_SRP_AUTH : Enable SRP-based authentication.
	//   - ALLOW_REFRESH_TOKEN_AUTH : Enable authflow to refresh tokens.
	// In some environments, you will see the values ADMIN_NO_SRP_AUTH ,
	// CUSTOM_AUTH_FLOW_ONLY , or USER_PASSWORD_AUTH . You can't assign these legacy
	// ExplicitAuthFlows values to user pool clients at the same time as values that
	// begin with ALLOW_ , like ALLOW_USER_SRP_AUTH .
	ExplicitAuthFlows []types.ExplicitAuthFlowsType

	// Boolean to specify whether you want to generate a secret for the user pool
	// client being created.
	GenerateSecret bool

	// The ID token time limit. After this limit expires, your user can't use their ID
	// token. To specify the time unit for IdTokenValidity as seconds , minutes , hours
	// , or days , set a TokenValidityUnits value in your API request. For example,
	// when you set IdTokenValidity as 10 and TokenValidityUnits as hours , your user
	// can authenticate their session with their ID token for 10 hours. The default
	// time unit for IdTokenValidity in an API request is hours. Valid range is
	// displayed below in seconds. If you don't specify otherwise in the configuration
	// of your app client, your ID tokens are valid for one hour.
	IdTokenValidity *int32

	// A list of allowed logout URLs for the IdPs.
	LogoutURLs []string

	// Errors and responses that you want Amazon Cognito APIs to return during
	// authentication, account confirmation, and password recovery when the user
	// doesn't exist in the user pool. When set to ENABLED and the user doesn't exist,
	// authentication returns an error indicating either the username or password was
	// incorrect. Account confirmation and password recovery return a response
	// indicating a code was sent to a simulated destination. When set to LEGACY ,
	// those APIs return a UserNotFoundException exception if the user doesn't exist
	// in the user pool. Valid values include:
	//   - ENABLED - This prevents user existence-related errors.
	//   - LEGACY - This represents the early behavior of Amazon Cognito where user
	//   existence related errors aren't prevented.
	PreventUserExistenceErrors types.PreventUserExistenceErrorTypes

	// The list of user attributes that you want your app client to have read-only
	// access to. After your user authenticates in your app, their access token
	// authorizes them to read their own attribute value for any attribute in this
	// list. An example of this kind of activity is when your user selects a link to
	// view their profile information. Your app makes a GetUser (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html)
	// API request to retrieve and display your user's profile data. When you don't
	// specify the ReadAttributes for your app client, your app can read the values of
	// email_verified , phone_number_verified , and the Standard attributes of your
	// user pool. When your user pool has read access to these default attributes,
	// ReadAttributes doesn't return any information. Amazon Cognito only populates
	// ReadAttributes in the API response if you have specified your own custom set of
	// read attributes.
	ReadAttributes []string

	// The refresh token time limit. After this limit expires, your user can't use
	// their refresh token. To specify the time unit for RefreshTokenValidity as
	// seconds , minutes , hours , or days , set a TokenValidityUnits value in your
	// API request. For example, when you set RefreshTokenValidity as 10 and
	// TokenValidityUnits as days , your user can refresh their session and retrieve
	// new access and ID tokens for 10 days. The default time unit for
	// RefreshTokenValidity in an API request is days. You can't set
	// RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with
	// the default value of 30 days. Valid range is displayed below in seconds. If you
	// don't specify otherwise in the configuration of your app client, your refresh
	// tokens are valid for 30 days.
	RefreshTokenValidity int32

	// A list of provider names for the identity providers (IdPs) that are supported
	// on this client. The following are supported: COGNITO , Facebook , Google ,
	// SignInWithApple , and LoginWithAmazon . You can also specify the names that you
	// configured for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP
	// or MyOIDCIdP .
	SupportedIdentityProviders []string

	// The units in which the validity times are represented. The default unit for
	// RefreshToken is days, and default for ID and access tokens are hours.
	TokenValidityUnits *types.TokenValidityUnitsType

	// The list of user attributes that you want your app client to have write access
	// to. After your user authenticates in your app, their access token authorizes
	// them to set or modify their own attribute value for any attribute in this list.
	// An example of this kind of activity is when you present your user with a form to
	// update their profile information and they change their last name. Your app then
	// makes an UpdateUserAttributes (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html)
	// API request and sets family_name to the new value. When you don't specify the
	// WriteAttributes for your app client, your app can write the values of the
	// Standard attributes of your user pool. When your user pool has write access to
	// these default attributes, WriteAttributes doesn't return any information.
	// Amazon Cognito only populates WriteAttributes in the API response if you have
	// specified your own custom set of write attributes. If your app client allows
	// users to sign in through an IdP, this array must include all attributes that you
	// have mapped to IdP attributes. Amazon Cognito updates mapped attributes when
	// users sign in to your application through an IdP. If your app client does not
	// have write access to a mapped attribute, Amazon Cognito throws an error when it
	// tries to update the attribute. For more information, see Specifying IdP
	// Attribute Mappings for Your user pool (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html)
	// .
	WriteAttributes []string
	// contains filtered or unexported fields
}

type CreateUserPoolClientOutput struct {

	// The user pool client that was just created.
	UserPoolClient *types.UserPoolClientType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateUserPoolDomainInput struct {

	// The domain string. For custom domains, this is the fully-qualified domain name,
	// such as auth.example.com . For Amazon Cognito prefix domains, this is the prefix
	// alone, such as auth .
	//
	// This member is required.
	Domain *string

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The configuration for a custom domain that hosts the sign-up and sign-in
	// webpages for your application. Provide this parameter only if you want to use a
	// custom domain for your user pool. Otherwise, you can exclude this parameter and
	// use the Amazon Cognito hosted domain instead. For more information about the
	// hosted domain and custom domains, see Configuring a User Pool Domain (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html)
	// .
	CustomDomainConfig *types.CustomDomainConfigType
	// contains filtered or unexported fields
}

type CreateUserPoolDomainOutput struct {

	// The Amazon CloudFront endpoint that you use as the target of the alias that you
	// set up with your Domain Name Service (DNS) provider. Amazon Cognito returns this
	// value if you set a custom domain with CustomDomainConfig . If you set an Amazon
	// Cognito prefix domain, this operation returns a blank response.
	CloudFrontDomain *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateUserPoolInput struct {

	// A string used to name the user pool.
	//
	// This member is required.
	PoolName *string

	// The available verified method a user can use to recover their password when
	// they call ForgotPassword . You can use this setting to define a preferred method
	// when a user has more than one method available. With this setting, SMS doesn't
	// qualify for a valid password recovery mechanism if the user also has SMS
	// multi-factor authentication (MFA) activated. In the absence of this setting,
	// Amazon Cognito uses the legacy behavior to determine the recovery method where
	// SMS is preferred through email.
	AccountRecoverySetting *types.AccountRecoverySettingType

	// The configuration for AdminCreateUser requests.
	AdminCreateUserConfig *types.AdminCreateUserConfigType

	// Attributes supported as an alias for this user pool. Possible values:
	// phone_number, email, or preferred_username.
	AliasAttributes []types.AliasAttributeType

	// The attributes to be auto-verified. Possible values: email, phone_number.
	AutoVerifiedAttributes []types.VerifiedAttributeType

	// When active, DeletionProtection prevents accidental deletion of your user pool.
	// Before you can delete a user pool that you have protected against deletion, you
	// must deactivate this feature. When you try to delete a protected user pool in a
	// DeleteUserPool API request, Amazon Cognito returns an InvalidParameterException
	// error. To delete a protected user pool, send a new DeleteUserPool request after
	// you deactivate deletion protection in an UpdateUserPool API request.
	DeletionProtection types.DeletionProtectionType

	// The device-remembering configuration for a user pool. A null value indicates
	// that you have deactivated device remembering in your user pool. When you provide
	// a value for any DeviceConfiguration field, you activate the Amazon Cognito
	// device-remembering feature.
	DeviceConfiguration *types.DeviceConfigurationType

	// The email configuration of your user pool. The email configuration type sets
	// your preferred sending method, Amazon Web Services Region, and sender for
	// messages from your user pool.
	EmailConfiguration *types.EmailConfigurationType

	// This parameter is no longer used. See VerificationMessageTemplateType (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html)
	// .
	EmailVerificationMessage *string

	// This parameter is no longer used. See VerificationMessageTemplateType (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html)
	// .
	EmailVerificationSubject *string

	// The Lambda trigger configuration information for the new user pool. In a push
	// model, event sources (such as Amazon S3 and custom applications) need permission
	// to invoke a function. So you must make an extra call to add permission for these
	// event sources to invoke your Lambda function. For more information on using the
	// Lambda API to add permission, see AddPermission  (https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html)
	// . For adding permission using the CLI, see add-permission  (https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html)
	// .
	LambdaConfig *types.LambdaConfigType

	// Specifies MFA configuration details.
	MfaConfiguration types.UserPoolMfaType

	// The policies associated with the new user pool.
	Policies *types.UserPoolPolicyType

	// An array of schema attributes for the new user pool. These attributes can be
	// standard or custom attributes.
	Schema []types.SchemaAttributeType

	// A string representing the SMS authentication message.
	SmsAuthenticationMessage *string

	// The SMS configuration with the settings that your Amazon Cognito user pool must
	// use to send an SMS message from your Amazon Web Services account through Amazon
	// Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon
	// Web Services Region that you want, the Amazon Cognito user pool uses an Identity
	// and Access Management (IAM) role in your Amazon Web Services account.
	SmsConfiguration *types.SmsConfigurationType

	// This parameter is no longer used. See VerificationMessageTemplateType (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html)
	// .
	SmsVerificationMessage *string

	// The settings for updates to user attributes. These settings include the
	// property AttributesRequireVerificationBeforeUpdate , a user-pool setting that
	// tells Amazon Cognito how to handle changes to the value of your users' email
	// address and phone number attributes. For more information, see Verifying
	// updates to email addresses and phone numbers (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates)
	// .
	UserAttributeUpdateSettings *types.UserAttributeUpdateSettingsType

	// User pool add-ons. Contains settings for activation of advanced security
	// features. To log user security information but take no action, set to AUDIT . To
	// configure automatic security responses to risky traffic to your user pool, set
	// to ENFORCED . For more information, see Adding advanced security to a user pool (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html)
	// .
	UserPoolAddOns *types.UserPoolAddOnsType

	// The tag keys and values to assign to the user pool. A tag is a label that you
	// can use to categorize and manage user pools in different ways, such as by
	// purpose, owner, environment, or other criteria.
	UserPoolTags map[string]string

	// Specifies whether a user can use an email address or phone number as a username
	// when they sign up.
	UsernameAttributes []types.UsernameAttributeType

	// Case sensitivity on the username input for the selected sign-in option. When
	// case sensitivity is set to False (case insensitive), users can sign in with any
	// combination of capital and lowercase letters. For example, username , USERNAME ,
	// or UserName , or for email, email@example.com or EMaiL@eXamplE.Com . For most
	// use cases, set case sensitivity to False (case insensitive) as a best practice.
	// When usernames and email addresses are case insensitive, Amazon Cognito treats
	// any variation in case as the same user, and prevents a case variation from being
	// assigned to the same attribute for a different user. This configuration is
	// immutable after you set it. For more information, see UsernameConfigurationType (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html)
	// .
	UsernameConfiguration *types.UsernameConfigurationType

	// The template for the verification message that the user sees when the app
	// requests permission to access the user's information.
	VerificationMessageTemplate *types.VerificationMessageTemplateType
	// contains filtered or unexported fields
}

type CreateUserPoolOutput struct {

	// A container for the user pool details.
	UserPool *types.UserPoolType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteGroupInput struct {

	// The name of the group.
	//
	// This member is required.
	GroupName *string

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DeleteGroupOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteIdentityProviderInput struct {

	// The IdP name.
	//
	// This member is required.
	ProviderName *string

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DeleteIdentityProviderOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteResourceServerInput struct {

	// The identifier for the resource server.
	//
	// This member is required.
	Identifier *string

	// The user pool ID for the user pool that hosts the resource server.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DeleteResourceServerOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteUserAttributesInput struct {

	// A valid access token that Amazon Cognito issued to the user whose attributes
	// you want to delete.
	//
	// This member is required.
	AccessToken *string

	// An array of strings representing the user attribute names you want to delete.
	// For custom attributes, you must prependattach the custom: prefix to the front
	// of the attribute name.
	//
	// This member is required.
	UserAttributeNames []string
	// contains filtered or unexported fields
}

type DeleteUserAttributesOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteUserInput struct {

	// A valid access token that Amazon Cognito issued to the user whose user profile
	// you want to delete.
	//
	// This member is required.
	AccessToken *string
	// contains filtered or unexported fields
}

type DeleteUserOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteUserPoolClientInput struct {

	// The app client ID of the app associated with the user pool.
	//
	// This member is required.
	ClientId *string

	// The user pool ID for the user pool where you want to delete the client.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DeleteUserPoolClientOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteUserPoolDomainInput struct {

	// The domain string. For custom domains, this is the fully-qualified domain name,
	// such as auth.example.com . For Amazon Cognito prefix domains, this is the prefix
	// alone, such as auth .
	//
	// This member is required.
	Domain *string

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DeleteUserPoolDomainOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteUserPoolInput struct {

	// The user pool ID for the user pool you want to delete.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DeleteUserPoolOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeIdentityProviderInput struct {

	// The IdP name.
	//
	// This member is required.
	ProviderName *string

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DescribeIdentityProviderOutput struct {

	// The identity provider details.
	//
	// This member is required.
	IdentityProvider *types.IdentityProviderType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeResourceServerInput struct {

	// The identifier for the resource server
	//
	// This member is required.
	Identifier *string

	// The user pool ID for the user pool that hosts the resource server.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DescribeResourceServerOutput struct {

	// The resource server.
	//
	// This member is required.
	ResourceServer *types.ResourceServerType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeRiskConfigurationInput struct {

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The app client ID.
	ClientId *string
	// contains filtered or unexported fields
}

type DescribeRiskConfigurationOutput struct {

	// The risk configuration.
	//
	// This member is required.
	RiskConfiguration *types.RiskConfigurationType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeUserImportJobInput struct {

	// The job ID for the user import job.
	//
	// This member is required.
	JobId *string

	// The user pool ID for the user pool that the users are being imported into.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DescribeUserImportJobOutput struct {

	// The job object that represents the user import job.
	UserImportJob *types.UserImportJobType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeUserPoolClientInput struct {

	// The app client ID of the app associated with the user pool.
	//
	// This member is required.
	ClientId *string

	// The user pool ID for the user pool you want to describe.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DescribeUserPoolClientOutput struct {

	// The user pool client from a server response to describe the user pool client.
	UserPoolClient *types.UserPoolClientType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeUserPoolDomainInput struct {

	// The domain string. For custom domains, this is the fully-qualified domain name,
	// such as auth.example.com . For Amazon Cognito prefix domains, this is the prefix
	// alone, such as auth .
	//
	// This member is required.
	Domain *string
	// contains filtered or unexported fields
}

type DescribeUserPoolDomainOutput struct {

	// A domain description object containing information about the domain.
	DomainDescription *types.DomainDescriptionType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeUserPoolInput struct {

	// The user pool ID for the user pool you want to describe.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type DescribeUserPoolOutput struct {

	// The container of metadata returned by the server to describe the pool.
	UserPool *types.UserPoolType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EndpointParameters struct {
	// The AWS region used to dispatch the request.
	//
	// Parameter is
	// required.
	//
	// AWS::Region
	Region *string

	// When true, use the dual-stack endpoint. If the configured endpoint does not
	// support dual-stack, dispatching the request MAY return an error.
	//
	// Defaults to
	// false if no value is provided.
	//
	// AWS::UseDualStack
	UseDualStack *bool

	// When true, send this request to the FIPS-compliant regional endpoint. If the
	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
	// request will return an error.
	//
	// Defaults to false if no value is
	// provided.
	//
	// AWS::UseFIPS
	UseFIPS *bool

	// Override the endpoint used to send this request
	//
	// Parameter is
	// required.
	//
	// SDK::Endpoint
	Endpoint *string
}

type EndpointResolver interface {
	ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}

type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)

type EndpointResolverOptions = internalendpoints.Options

type EndpointResolverV2 interface {
	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
	// returning the endpoint if found. Otherwise an error is returned.
	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
		smithyendpoints.Endpoint, error,
	)
}

type ForgetDeviceInput struct {

	// The device key.
	//
	// This member is required.
	DeviceKey *string

	// A valid access token that Amazon Cognito issued to the user whose registered
	// device you want to forget.
	AccessToken *string
	// contains filtered or unexported fields
}

type ForgetDeviceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ForgotPasswordInput struct {

	// The ID of the client associated with the user pool.
	//
	// This member is required.
	ClientId *string

	// The username of the user that you want to query or modify. The value of this
	// parameter is typically your user's username, but it can be any of their alias
	// attributes. If username isn't an alias attribute in your user pool, this value
	// must be the sub of a local user or the username of a user from a third-party
	// IdP.
	//
	// This member is required.
	Username *string

	// The Amazon Pinpoint analytics metadata that contributes to your metrics for
	// ForgotPassword calls.
	AnalyticsMetadata *types.AnalyticsMetadataType

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the ForgotPassword API
	// action, Amazon Cognito invokes any functions that are assigned to the following
	// triggers: pre sign-up, custom message, and user migration. When Amazon Cognito
	// invokes any of these functions, it passes a JSON payload, which the function
	// receives as input. This payload contains a clientMetadata attribute, which
	// provides the data that you assigned to the ClientMetadata parameter in your
	// ForgotPassword request. In your function code in Lambda, you can process the
	// clientMetadata value to enhance your workflow for your specific needs. For more
	// information, see Customizing user pool Workflows with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string

	// A keyed-hash message authentication code (HMAC) calculated using the secret key
	// of a user pool client and username plus the client ID in the message.
	SecretHash *string

	// Contextual data about your user session, such as the device fingerprint, IP
	// address, or location. Amazon Cognito advanced security evaluates the risk of an
	// authentication event based on the context that your app generates and passes to
	// Amazon Cognito when it makes API requests.
	UserContextData *types.UserContextDataType
	// contains filtered or unexported fields
}

type ForgotPasswordOutput struct {

	// The code delivery details returned by the server in response to the request to
	// reset a password.
	CodeDeliveryDetails *types.CodeDeliveryDetailsType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetCSVHeaderInput struct {

	// The user pool ID for the user pool that the users are to be imported into.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type GetCSVHeaderOutput struct {

	// The header information of the CSV file for the user import job.
	CSVHeader []string

	// The user pool ID for the user pool that the users are to be imported into.
	UserPoolId *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetDeviceInput struct {

	// The device key.
	//
	// This member is required.
	DeviceKey *string

	// A valid access token that Amazon Cognito issued to the user whose device
	// information you want to request.
	AccessToken *string
	// contains filtered or unexported fields
}

type GetDeviceOutput struct {

	// The device.
	//
	// This member is required.
	Device *types.DeviceType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetGroupInput struct {

	// The name of the group.
	//
	// This member is required.
	GroupName *string

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type GetGroupOutput struct {

	// The group object for the group.
	Group *types.GroupType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetIdentityProviderByIdentifierInput struct {

	// The IdP identifier.
	//
	// This member is required.
	IdpIdentifier *string

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type GetIdentityProviderByIdentifierOutput struct {

	// The identity provider details.
	//
	// This member is required.
	IdentityProvider *types.IdentityProviderType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetLogDeliveryConfigurationInput struct {

	// The ID of the user pool where you want to view detailed activity logging
	// configuration.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type GetLogDeliveryConfigurationOutput struct {

	// The detailed activity logging configuration of the requested user pool.
	LogDeliveryConfiguration *types.LogDeliveryConfigurationType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetSigningCertificateInput struct {

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type GetSigningCertificateOutput struct {

	// The signing certificate.
	Certificate *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetUICustomizationInput struct {

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string

	// The client ID for the client app.
	ClientId *string
	// contains filtered or unexported fields
}

type GetUICustomizationOutput struct {

	// The UI customization information.
	//
	// This member is required.
	UICustomization *types.UICustomizationType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetUserAttributeVerificationCodeInput struct {

	// A non-expired access token for the user whose attribute verification code you
	// want to generate.
	//
	// This member is required.
	AccessToken *string

	// The attribute name returned by the server response to get the user attribute
	// verification code.
	//
	// This member is required.
	AttributeName *string

	// A map of custom key-value pairs that you can provide as input for any custom
	// workflows that this action triggers. You create custom workflows by assigning
	// Lambda functions to user pool triggers. When you use the
	// GetUserAttributeVerificationCode API action, Amazon Cognito invokes the function
	// that is assigned to the custom message trigger. When Amazon Cognito invokes this
	// function, it passes a JSON payload, which the function receives as input. This
	// payload contains a clientMetadata attribute, which provides the data that you
	// assigned to the ClientMetadata parameter in your
	// GetUserAttributeVerificationCode request. In your function code in Lambda, you
	// can process the clientMetadata value to enhance your workflow for your specific
	// needs. For more information, see Customizing user pool Workflows with Lambda
	// Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string
	// contains filtered or unexported fields
}

type GetUserAttributeVerificationCodeOutput struct {

	// The code delivery details returned by the server in response to the request to
	// get the user attribute verification code.
	CodeDeliveryDetails *types.CodeDeliveryDetailsType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetUserInput struct {

	// A non-expired access token for the user whose information you want to query.
	//
	// This member is required.
	AccessToken *string
	// contains filtered or unexported fields
}

type GetUserOutput struct {

	// An array of name-value pairs representing user attributes. For custom
	// attributes, you must prepend the custom: prefix to the attribute name.
	//
	// This member is required.
	UserAttributes []types.AttributeType

	// The username of the user that you requested.
	//
	// This member is required.
	Username *string

	// This response parameter is no longer supported. It provides information only
	// about SMS MFA configurations. It doesn't provide information about time-based
	// one-time password (TOTP) software token MFA configurations. To look up
	// information about either type of MFA configuration, use UserMFASettingList
	// instead.
	MFAOptions []types.MFAOptionType

	// The user's preferred MFA setting.
	PreferredMfaSetting *string

	// The MFA options that are activated for the user. The possible values in this
	// list are SMS_MFA and SOFTWARE_TOKEN_MFA .
	UserMFASettingList []string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetUserPoolMfaConfigInput struct {

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string
	// contains filtered or unexported fields
}

type GetUserPoolMfaConfigOutput struct {

	// The multi-factor authentication (MFA) configuration. Valid values include:
	//   - OFF MFA won't be used for any users.
	//   - ON MFA is required for all users to sign in.
	//   - OPTIONAL MFA will be required only for individual users who have an MFA
	//   factor activated.
	MfaConfiguration types.UserPoolMfaType

	// The SMS text message multi-factor authentication (MFA) configuration.
	SmsMfaConfiguration *types.SmsMfaConfigType

	// The software token multi-factor authentication (MFA) configuration.
	SoftwareTokenMfaConfiguration *types.SoftwareTokenMfaConfigType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GlobalSignOutInput struct {

	// A valid access token that Amazon Cognito issued to the user who you want to
	// sign out.
	//
	// This member is required.
	AccessToken *string
	// contains filtered or unexported fields
}

type GlobalSignOutOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}

type InitiateAuthInput struct {

	// The authentication flow for this call to run. The API action will depend on
	// this value. For example:
	//   - REFRESH_TOKEN_AUTH takes in a valid refresh token and returns new tokens.
	//   - USER_SRP_AUTH takes in USERNAME and SRP_A and returns the SRP variables to
	//   be used for next challenge execution.
	//   - USER_PASSWORD_AUTH takes in USERNAME and PASSWORD and returns the next
	//   challenge or tokens.
	// Valid values include:
	//   - USER_SRP_AUTH : Authentication flow for the Secure Remote Password (SRP)
	//   protocol.
	//   - REFRESH_TOKEN_AUTH / REFRESH_TOKEN : Authentication flow for refreshing the
	//   access token and ID token by supplying a valid refresh token.
	//   - CUSTOM_AUTH : Custom authentication flow.
	//   - USER_PASSWORD_AUTH : Non-SRP authentication flow; user name and password are
	//   passed directly. If a user migration Lambda trigger is set, this flow will
	//   invoke the user migration Lambda if it doesn't find the user name in the user
	//   pool.
	// ADMIN_NO_SRP_AUTH isn't a valid value.
	//
	// This member is required.
	AuthFlow types.AuthFlowType

	// The app client ID.
	//
	// This member is required.
	ClientId *string

	// The Amazon Pinpoint analytics metadata that contributes to your metrics for
	// InitiateAuth calls.
	AnalyticsMetadata *types.AnalyticsMetadataType

	// The authentication parameters. These are inputs corresponding to the AuthFlow
	// that you're invoking. The required values depend on the value of AuthFlow :
	//   - For USER_SRP_AUTH : USERNAME (required), SRP_A (required), SECRET_HASH
	//   (required if the app client is configured with a client secret), DEVICE_KEY .
	//   - For USER_PASSWORD_AUTH : USERNAME (required), PASSWORD (required),
	//   SECRET_HASH (required if the app client is configured with a client secret),
	//   DEVICE_KEY .
	//   - For REFRESH_TOKEN_AUTH/REFRESH_TOKEN : REFRESH_TOKEN (required), SECRET_HASH
	//   (required if the app client is configured with a client secret), DEVICE_KEY .
	//   - For CUSTOM_AUTH : USERNAME (required), SECRET_HASH (if app client is
	//   configured with client secret), DEVICE_KEY . To start the authentication flow
	//   with password verification, include ChallengeName: SRP_A and SRP_A: (The
	//   SRP_A Value) .
	// For more information about SECRET_HASH , see Computing secret hash values (https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash)
	// . For information about DEVICE_KEY , see Working with user devices in your user
	// pool (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)
	// .
	AuthParameters map[string]string

	// A map of custom key-value pairs that you can provide as input for certain
	// custom workflows that this action triggers. You create custom workflows by
	// assigning Lambda functions to user pool triggers. When you use the InitiateAuth
	// API action, Amazon Cognito invokes the Lambda functions that are specified for
	// various triggers. The ClientMetadata value is passed as input to the functions
	// for only the following triggers:
	//   - Pre signup
	//   - Pre authentication
	//   - User migration
	// When Amazon Cognito invokes the functions for these triggers, it passes a JSON
	// payload, which the function receives as input. This payload contains a
	// validationData attribute, which provides the data that you assigned to the
	// ClientMetadata parameter in your InitiateAuth request. In your function code in
	// Lambda, you can process the validationData value to enhance your workflow for
	// your specific needs. When you use the InitiateAuth API action, Amazon Cognito
	// also invokes the functions for the following triggers, but it doesn't provide
	// the ClientMetadata value as input:
	//   - Post authentication
	//   - Custom message
	//   - Pre token generation
	//   - Create auth challenge
	//   - Define auth challenge
	// For more information, see  Customizing user pool Workflows with Lambda Triggers (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
	// in the Amazon Cognito Developer Guide. When you use the ClientMetadata
	// parameter, remember that Amazon Cognito won't do the following:
	//   - Store the ClientMetadata value. This data is available only to Lambda
	//   triggers that are assigned to a user pool to support custom workflows. If your
	//   user pool configuration doesn't include triggers, the ClientMetadata parameter
	//   serves no purpose.
	//   - Validate the ClientMetadata value.
	//   - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide
	//   sensitive information.
	ClientMetadata map[string]string

	// Contextual data about your user session, such as the device fingerprint, IP
	// address, or location. Amazon Cognito advanced security evaluates the risk of an
	// authentication event based on the context that your app generates and passes to
	// Amazon Cognito when it makes API requests.
	UserContextData *types.UserContextDataType
	// contains filtered or unexported fields
}

type InitiateAuthOutput struct {

	// The result of the authentication response. This result is only returned if the
	// caller doesn't need to pass another challenge. If the caller does need to pass
	// another challenge before it gets tokens, ChallengeName , ChallengeParameters ,
	// and Session are returned.
	AuthenticationResult *types.AuthenticationResultType

	// The name of the challenge that you're responding to with this call. This name
	// is returned in the InitiateAuth response if you must pass another challenge.
	// Valid values include the following: All of the following challenges require
	// USERNAME and SECRET_HASH (if applicable) in the parameters.
	//   - SMS_MFA : Next challenge is to supply an SMS_MFA_CODE , delivered via SMS.
	//   - PASSWORD_VERIFIER : Next challenge is to supply PASSWORD_CLAIM_SIGNATURE ,
	//   PASSWORD_CLAIM_SECRET_BLOCK , and TIMESTAMP after the client-side SRP
	//   calculations.
	//   - CUSTOM_CHALLENGE : This is returned if your custom authentication flow
	//   determines that the user should pass another challenge before tokens are issued.
	//
	//   - DEVICE_SRP_AUTH : If device tracking was activated on your user pool and the
	//   previous challenges were passed, this challenge is returned so that Amazon
	//   Cognito can start tracking this device.
	//   - DEVICE_PASSWORD_VERIFIER : Similar to PASSWORD_VERIFIER , but for devices
	//   only.
	//   - NEW_PASSWORD_REQUIRED : For users who are required to change their passwords
	//   after successful first login. Respond to this challenge with NEW_PASSWORD and
	//   any required attributes that Amazon Cognito returned in the requiredAttributes
	//   parameter. You can also set values for attributes that aren't required by your
	//   user pool and that your app client can write. For more information, see
	//   RespondToAuthChallenge (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html)
	//   . In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required
	//   attribute that already has a value. In RespondToAuthChallenge , set a value
	//   for any keys that Amazon Cognito returned in the requiredAttributes parameter,
	//   then use the UpdateUserAttributes API operation to modify the value of any
	//   additional attributes.
	//   - MFA_SETUP : For users who are required to setup an MFA factor before they
	//   can sign in. The MFA types activated for the user pool will be listed in the
	//   challenge parameters MFAS_CAN_SETUP value. To set up software token MFA, use
	//   the session returned here from InitiateAuth as an input to
	//   AssociateSoftwareToken . Use the session returned by VerifySoftwareToken as an
	//   input to RespondToAuthChallenge with challenge name MFA_SETUP to complete
	//   sign-in. To set up SMS MFA, an administrator should help the user to add a phone
	//   number to their account, and then the user should call InitiateAuth again to
	//   restart sign-in.
	ChallengeName types.ChallengeNameType

	// The challenge parameters. These are returned in the InitiateAuth response if
	// you must pass another challenge. The responses in this parameter should be used
	// to compute inputs to the next call ( RespondToAuthChallenge ). All challenges
	// require USERNAME and SECRET_HASH (if applicable).
	ChallengeParameters map[string]string

	// The session that should pass both ways in challenge-response calls to the
	// service. If the caller must pass another challenge, they return a session with
	// other challenge parameters. This session should be passed as it is to the next
	// RespondToAuthChallenge API call.
	Session *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListDevicesInput struct {

	// A valid access token that Amazon Cognito issued to the user whose list of
	// devices you want to view.
	//
	// This member is required.
	AccessToken *string

	// The limit of the device request.
	Limit *int32

	// This API operation returns a limited number of results. The pagination token is
	// an identifier that you can present in an additional API request with the same
	// parameters. When you include the pagination token, Amazon Cognito returns the
	// next set of items after the current list. Subsequent requests return a new
	// pagination token. By use of this token, you can paginate through the full list
	// of items.
	PaginationToken *string
	// contains filtered or unexported fields
}

type ListDevicesOutput struct {

	// The devices returned in the list devices response.
	Devices []types.DeviceType

	// The identifier that Amazon Cognito returned with the previous request to this
	// operation. When you include a pagination token in your request, Amazon Cognito
	// returns the next set of items in the list. By use of this token, you can
	// paginate through the full list of items.
	PaginationToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListGroupsAPIClient interface {
	ListGroups(context.Context, *ListGroupsInput, ...func(*Options)) (*ListGroupsOutput, error)
}

type ListGroupsInput struct {

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string

	// The limit of the request to list groups.
	Limit *int32

	// An identifier that was returned from the previous call to this operation, which
	// can be used to return the next set of items in the list.
	NextToken *string
	// contains filtered or unexported fields
}

type ListGroupsOutput struct {

	// The group objects for the groups.
	Groups []types.GroupType

	// An identifier that was returned from the previous call to this operation, which
	// can be used to return the next set of items in the list.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListGroupsPaginator struct {
	// contains filtered or unexported fields
}

type ListGroupsPaginatorOptions struct {
	// The limit of the request to list groups.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

type ListIdentityProvidersAPIClient interface {
	ListIdentityProviders(context.Context, *ListIdentityProvidersInput, ...func(*Options)) (*ListIdentityProvidersOutput, error)
}

type ListIdentityProvidersInput struct {

	// The user pool ID.
	//
	// This member is required.
	UserPoolId *string

	// The maximum number of IdPs to return.
	MaxResults *int32

	// A pagination token.
	NextToken *string
	// contains filtered or unexported fields
}

type ListIdentityProvidersOutput struct {

	// A list of IdP objects.
	//
	// This member is required.
	Providers []types.ProviderDescription

	// A pagination token.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListIdentityProvidersPaginator struct {
	// contains filtered or unexported fields
}

type ListIdentityProvidersPaginatorOptions struct {
	// The maximum number of IdPs to return.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

type ListResourceServersAPIClient interface {
	ListResourceServers(context.Context, *ListResourceServersInput, ...func(*Options)) (*ListResourceServersOutput, error)
}

type ListResourceServersInput struct {

	// The user pool ID for the user pool.
	//
	// This member is required.
	UserPoolId *string

	// The maximum number of resource servers to return.
	MaxResults *int32

	// A pagination token.
	NextToken *string
	// contains filtered or unexported fields
}

type ListResourceServersOutput struct {

	// The resource servers.
	//
	// This member is required.
	ResourceServers []types.ResourceServerType

	// A pagination token.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListResourceServersPaginator struct {
	// contains filtered or unexported fields
}