Copyright | (c) 2013-2015 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- Service Configuration
- Errors
- InvalidIdentityPoolConfigurationException
- InvalidParameterException
- NotAuthorizedException
- InternalErrorException
- ExternalServiceException
- TooManyRequestsException
- ConcurrentModificationException
- ResourceConflictException
- DeveloperUserAlreadyRegisteredException
- ResourceNotFoundException
- LimitExceededException
- Waiters
- Operations
- GetOpenIdToken
- GetOpenIdTokenForDeveloperIdentity
- DescribeIdentityPool
- GetId
- DeleteIdentityPool
- UpdateIdentityPool
- UnlinkDeveloperIdentity
- GetIdentityPoolRoles
- ListIdentityPools
- GetCredentialsForIdentity
- DeleteIdentities
- SetIdentityPoolRoles
- ListIdentities
- LookupDeveloperIdentity
- UnlinkIdentity
- DescribeIdentity
- CreateIdentityPool
- MergeDeveloperIdentities
- Types
Amazon Cognito
Amazon Cognito is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. Amazon Cognito uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.
Using Amazon Cognito, you can enable authentication with one or more third-party identity providers (Facebook, Google, or Login with Amazon), and you can also choose to support unauthenticated access from your app. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by AWS Security Token Service (STS) to access temporary, limited-privilege AWS credentials.
To provide end-user credentials, first make an unsigned call to GetId.
If the end user is authenticated with one of the supported identity
providers, set the Logins
map with the identity provider token.
GetId
returns a unique identifier for the user.
Next, make an unsigned call to GetCredentialsForIdentity. This call
expects the same Logins
map as the GetId
call, as well as the
IdentityID
originally returned by GetId
. Assuming your identity pool
has been configured via the SetIdentityPoolRoles operation,
GetCredentialsForIdentity
will return AWS credentials for your use. If
your pool has not been configured with SetIdentityPoolRoles
, or if you
want to follow legacy flow, make an unsigned call to GetOpenIdToken,
which returns the OpenID token necessary to call STS and retrieve AWS
credentials. This call expects the same Logins
map as the GetId
call, as well as the IdentityID
originally returned by GetId
. The
token returned by GetOpenIdToken
can be passed to the STS operation
AssumeRoleWithWebIdentity
to retrieve AWS credentials.
If you want to use Amazon Cognito in an Android, iOS, or Unity application, you will probably want to make API calls via the AWS Mobile SDK. To learn more, see the AWS Mobile SDK Developer Guide.
See: AWS API Reference
- cognitoIdentity :: Service
- _InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError
- _NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError
- _InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
- _ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError
- _TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError
- _DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- module Network.AWS.CognitoIdentity.GetOpenIdToken
- module Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity
- module Network.AWS.CognitoIdentity.DescribeIdentityPool
- module Network.AWS.CognitoIdentity.GetId
- module Network.AWS.CognitoIdentity.DeleteIdentityPool
- module Network.AWS.CognitoIdentity.UpdateIdentityPool
- module Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity
- module Network.AWS.CognitoIdentity.GetIdentityPoolRoles
- module Network.AWS.CognitoIdentity.ListIdentityPools
- module Network.AWS.CognitoIdentity.GetCredentialsForIdentity
- module Network.AWS.CognitoIdentity.DeleteIdentities
- module Network.AWS.CognitoIdentity.SetIdentityPoolRoles
- module Network.AWS.CognitoIdentity.ListIdentities
- module Network.AWS.CognitoIdentity.LookupDeveloperIdentity
- module Network.AWS.CognitoIdentity.UnlinkIdentity
- module Network.AWS.CognitoIdentity.DescribeIdentity
- module Network.AWS.CognitoIdentity.CreateIdentityPool
- module Network.AWS.CognitoIdentity.MergeDeveloperIdentities
- data CognitoErrorCode
- data Credentials
- credentials :: Credentials
- cSessionToken :: Lens' Credentials (Maybe Text)
- cExpiration :: Lens' Credentials (Maybe UTCTime)
- cSecretKey :: Lens' Credentials (Maybe Text)
- cAccessKeyId :: Lens' Credentials (Maybe Text)
- data IdentityDescription
- identityDescription :: IdentityDescription
- idLastModifiedDate :: Lens' IdentityDescription (Maybe UTCTime)
- idCreationDate :: Lens' IdentityDescription (Maybe UTCTime)
- idLogins :: Lens' IdentityDescription [Text]
- idIdentityId :: Lens' IdentityDescription (Maybe Text)
- data IdentityPool
- identityPool :: Text -> Text -> Bool -> IdentityPool
- ipSupportedLoginProviders :: Lens' IdentityPool (HashMap Text Text)
- ipDeveloperProviderName :: Lens' IdentityPool (Maybe Text)
- ipOpenIdConnectProviderARNs :: Lens' IdentityPool [Text]
- ipIdentityPoolId :: Lens' IdentityPool Text
- ipIdentityPoolName :: Lens' IdentityPool Text
- ipAllowUnauthenticatedIdentities :: Lens' IdentityPool Bool
- data IdentityPoolShortDescription
- identityPoolShortDescription :: IdentityPoolShortDescription
- ipsdIdentityPoolId :: Lens' IdentityPoolShortDescription (Maybe Text)
- ipsdIdentityPoolName :: Lens' IdentityPoolShortDescription (Maybe Text)
- data UnprocessedIdentityId
- unprocessedIdentityId :: UnprocessedIdentityId
- uiiErrorCode :: Lens' UnprocessedIdentityId (Maybe CognitoErrorCode)
- uiiIdentityId :: Lens' UnprocessedIdentityId (Maybe Text)
Service Configuration
cognitoIdentity :: Service Source
API version '2014-06-30' of the Amazon Cognito Identity SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by CognitoIdentity
.
InvalidIdentityPoolConfigurationException
_InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError Source
Thrown if the identity pool has no role associated for the given auth type (auth/unauth) or if the AssumeRole fails.
InvalidParameterException
_InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError Source
Thrown for missing or bad input parameter(s).
NotAuthorizedException
_NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError Source
Thrown when a user is not authorized to access the requested resource.
InternalErrorException
_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source
Thrown when the service encounters an error during processing the request.
ExternalServiceException
_ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError Source
An exception thrown when a dependent service such as Facebook or Twitter is not responding
TooManyRequestsException
_TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError Source
Thrown when a request is throttled.
ConcurrentModificationException
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError Source
Thrown if there are parallel requests to modify a resource.
ResourceConflictException
_ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError Source
Thrown when a user tries to use a login which is already linked to another account.
DeveloperUserAlreadyRegisteredException
_DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError Source
The provided developer user identifier is already registered with Cognito under a different identity ID.
ResourceNotFoundException
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source
Thrown when the requested resource (for example, a dataset or record) does not exist.
LimitExceededException
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source
Thrown when the total number of user pools has exceeded a preset limit.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait
specification is fulfilled. The Wait
specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects
operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager
instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
GetOpenIdToken
GetOpenIdTokenForDeveloperIdentity
DescribeIdentityPool
GetId
DeleteIdentityPool
UpdateIdentityPool
UnlinkDeveloperIdentity
GetIdentityPoolRoles
ListIdentityPools
GetCredentialsForIdentity
DeleteIdentities
SetIdentityPoolRoles
ListIdentities
LookupDeveloperIdentity
UnlinkIdentity
DescribeIdentity
CreateIdentityPool
MergeDeveloperIdentities
Types
CognitoErrorCode
data CognitoErrorCode Source
Credentials
data Credentials Source
Credentials for the provided identity ID.
See: credentials
smart constructor.
credentials :: Credentials Source
Creates a value of Credentials
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
cSessionToken :: Lens' Credentials (Maybe Text) Source
The Session Token portion of the credentials
cExpiration :: Lens' Credentials (Maybe UTCTime) Source
The date at which these credentials will expire.
cSecretKey :: Lens' Credentials (Maybe Text) Source
The Secret Access Key portion of the credentials
cAccessKeyId :: Lens' Credentials (Maybe Text) Source
The Access Key portion of the credentials.
IdentityDescription
data IdentityDescription Source
A description of the identity.
See: identityDescription
smart constructor.
identityDescription :: IdentityDescription Source
Creates a value of IdentityDescription
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
idLastModifiedDate :: Lens' IdentityDescription (Maybe UTCTime) Source
Date on which the identity was last modified.
idCreationDate :: Lens' IdentityDescription (Maybe UTCTime) Source
Date on which the identity was created.
idLogins :: Lens' IdentityDescription [Text] Source
A set of optional name-value pairs that map provider names to provider tokens.
idIdentityId :: Lens' IdentityDescription (Maybe Text) Source
A unique identifier in the format REGION:GUID.
IdentityPool
data IdentityPool Source
An object representing a Cognito identity pool.
See: identityPool
smart constructor.
:: Text | |
-> Text | |
-> Bool | |
-> IdentityPool |
Creates a value of IdentityPool
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ipSupportedLoginProviders :: Lens' IdentityPool (HashMap Text Text) Source
Optional key:value pairs mapping provider names to provider app IDs.
ipDeveloperProviderName :: Lens' IdentityPool (Maybe Text) Source
The "domain" by which Cognito will refer to your users.
ipOpenIdConnectProviderARNs :: Lens' IdentityPool [Text] Source
A list of OpendID Connect provider ARNs.
ipIdentityPoolId :: Lens' IdentityPool Text Source
An identity pool ID in the format REGION:GUID.
ipIdentityPoolName :: Lens' IdentityPool Text Source
A string that you provide.
ipAllowUnauthenticatedIdentities :: Lens' IdentityPool Bool Source
TRUE if the identity pool supports unauthenticated logins.
IdentityPoolShortDescription
data IdentityPoolShortDescription Source
A description of the identity pool.
See: identityPoolShortDescription
smart constructor.
identityPoolShortDescription :: IdentityPoolShortDescription Source
Creates a value of IdentityPoolShortDescription
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ipsdIdentityPoolId :: Lens' IdentityPoolShortDescription (Maybe Text) Source
An identity pool ID in the format REGION:GUID.
ipsdIdentityPoolName :: Lens' IdentityPoolShortDescription (Maybe Text) Source
A string that you provide.
UnprocessedIdentityId
data UnprocessedIdentityId Source
An array of UnprocessedIdentityId objects, each of which contains an ErrorCode and IdentityId.
See: unprocessedIdentityId
smart constructor.
unprocessedIdentityId :: UnprocessedIdentityId Source
Creates a value of UnprocessedIdentityId
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
uiiErrorCode :: Lens' UnprocessedIdentityId (Maybe CognitoErrorCode) Source
The error code indicating the type of error that occurred.
uiiIdentityId :: Lens' UnprocessedIdentityId (Maybe Text) Source
A unique identifier in the format REGION:GUID.