public class AdminLinkProviderForUserRequest extends AmazonWebServiceRequest implements Serializable
Links an existing user account in a user pool (DestinationUser)
to an identity from an external identity provider (SourceUser)
based on a specified attribute name and value from the external identity
provider. This allows you to create a link from the existing user account to
an external federated user identity that has not yet been used to sign in, so
that the federated user identity can be used to sign in as the existing user
account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity, so that when the federated user identity is used, the user signs in as the existing user account.
Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external identity providers and provider attributes that have been trusted by the application owner.
See also .
This action is enabled only for admin access and requires developer credentials.
| Constructor and Description |
|---|
AdminLinkProviderForUserRequest() |
| Modifier and Type | Method and Description |
|---|---|
boolean |
equals(Object obj) |
ProviderUserIdentifierType |
getDestinationUser()
The existing user in the user pool to be linked to the external identity
provider user account.
|
ProviderUserIdentifierType |
getSourceUser()
An external identity provider account for a user who does not currently
exist yet in the user pool.
|
String |
getUserPoolId()
The user pool ID for the user pool.
|
int |
hashCode() |
void |
setDestinationUser(ProviderUserIdentifierType destinationUser)
The existing user in the user pool to be linked to the external identity
provider user account.
|
void |
setSourceUser(ProviderUserIdentifierType sourceUser)
An external identity provider account for a user who does not currently
exist yet in the user pool.
|
void |
setUserPoolId(String userPoolId)
The user pool ID for the user pool.
|
String |
toString()
Returns a string representation of this object; useful for testing and
debugging.
|
AdminLinkProviderForUserRequest |
withDestinationUser(ProviderUserIdentifierType destinationUser)
The existing user in the user pool to be linked to the external identity
provider user account.
|
AdminLinkProviderForUserRequest |
withSourceUser(ProviderUserIdentifierType sourceUser)
An external identity provider account for a user who does not currently
exist yet in the user pool.
|
AdminLinkProviderForUserRequest |
withUserPoolId(String userPoolId)
The user pool ID for the user pool.
|
clone, copyBaseTo, getCloneRoot, getCloneSource, getGeneralProgressListener, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, withGeneralProgressListener, withRequestMetricCollectorpublic String getUserPoolId()
The user pool ID for the user pool.
The user pool ID for the user pool.
public void setUserPoolId(String userPoolId)
The user pool ID for the user pool.
userPoolId - The user pool ID for the user pool.
public AdminLinkProviderForUserRequest withUserPoolId(String userPoolId)
The user pool ID for the user pool.
Returns a reference to this object so that method calls can be chained together.
userPoolId - The user pool ID for the user pool.
public ProviderUserIdentifierType getDestinationUser()
The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.
For a native username + password user, the
ProviderAttributeValue for the DestinationUser
should be the username in the user pool. For a federated user, it should
be the provider-specific user_id.
The ProviderAttributeName of the
DestinationUser is ignored.
The ProviderName should be set to Cognito for
users in Cognito user pools.
The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.
For a native username + password user, the
ProviderAttributeValue for the
DestinationUser should be the username in the user
pool. For a federated user, it should be the provider-specific
user_id.
The ProviderAttributeName of the
DestinationUser is ignored.
The ProviderName should be set to
Cognito for users in Cognito user pools.
public void setDestinationUser(ProviderUserIdentifierType destinationUser)
The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.
For a native username + password user, the
ProviderAttributeValue for the DestinationUser
should be the username in the user pool. For a federated user, it should
be the provider-specific user_id.
The ProviderAttributeName of the
DestinationUser is ignored.
The ProviderName should be set to Cognito for
users in Cognito user pools.
destinationUser - The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.
For a native username + password user, the
ProviderAttributeValue for the
DestinationUser should be the username in the
user pool. For a federated user, it should be the
provider-specific user_id.
The ProviderAttributeName of the
DestinationUser is ignored.
The ProviderName should be set to
Cognito for users in Cognito user pools.
public AdminLinkProviderForUserRequest withDestinationUser(ProviderUserIdentifierType destinationUser)
The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.
For a native username + password user, the
ProviderAttributeValue for the DestinationUser
should be the username in the user pool. For a federated user, it should
be the provider-specific user_id.
The ProviderAttributeName of the
DestinationUser is ignored.
The ProviderName should be set to Cognito for
users in Cognito user pools.
Returns a reference to this object so that method calls can be chained together.
destinationUser - The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.
For a native username + password user, the
ProviderAttributeValue for the
DestinationUser should be the username in the
user pool. For a federated user, it should be the
provider-specific user_id.
The ProviderAttributeName of the
DestinationUser is ignored.
The ProviderName should be set to
Cognito for users in Cognito user pools.
public ProviderUserIdentifierType getSourceUser()
An external identity provider account for a user who does not currently exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser is a federated social identity provider
user (Facebook, Google, or Login with Amazon), you must set the
ProviderAttributeName to Cognito_Subject. For
social identity providers, the ProviderName will be
Facebook, Google, or
LoginWithAmazon, and Cognito will automatically parse the
Facebook, Google, and Login with Amazon tokens for id,
sub, and user_id, respectively. The
ProviderAttributeValue for the user must be the same value
as the id, sub, or user_id value
found in the social identity provider token.
For SAML, the ProviderAttributeName can be any value that
matches a claim in the SAML assertion. If you wish to link SAML users
based on the subject of the SAML assertion, you should map the subject to
a claim through the SAML identity provider and submit that claim name as
the ProviderAttributeName. If you set
ProviderAttributeName to Cognito_Subject,
Cognito will automatically parse the default unique identifier found in
the subject from the SAML token.
An external identity provider account for a user who does not currently exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser is a federated social identity
provider user (Facebook, Google, or Login with Amazon), you must
set the ProviderAttributeName to
Cognito_Subject. For social identity providers, the
ProviderName will be Facebook,
Google, or LoginWithAmazon, and Cognito
will automatically parse the Facebook, Google, and Login with
Amazon tokens for id, sub, and
user_id, respectively. The
ProviderAttributeValue for the user must be the same
value as the id, sub, or
user_id value found in the social identity provider
token.
For SAML, the ProviderAttributeName can be any value
that matches a claim in the SAML assertion. If you wish to link
SAML users based on the subject of the SAML assertion, you should
map the subject to a claim through the SAML identity provider and
submit that claim name as the ProviderAttributeName.
If you set ProviderAttributeName to
Cognito_Subject, Cognito will automatically parse
the default unique identifier found in the subject from the SAML
token.
public void setSourceUser(ProviderUserIdentifierType sourceUser)
An external identity provider account for a user who does not currently exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser is a federated social identity provider
user (Facebook, Google, or Login with Amazon), you must set the
ProviderAttributeName to Cognito_Subject. For
social identity providers, the ProviderName will be
Facebook, Google, or
LoginWithAmazon, and Cognito will automatically parse the
Facebook, Google, and Login with Amazon tokens for id,
sub, and user_id, respectively. The
ProviderAttributeValue for the user must be the same value
as the id, sub, or user_id value
found in the social identity provider token.
For SAML, the ProviderAttributeName can be any value that
matches a claim in the SAML assertion. If you wish to link SAML users
based on the subject of the SAML assertion, you should map the subject to
a claim through the SAML identity provider and submit that claim name as
the ProviderAttributeName. If you set
ProviderAttributeName to Cognito_Subject,
Cognito will automatically parse the default unique identifier found in
the subject from the SAML token.
sourceUser - An external identity provider account for a user who does not currently exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser is a federated social identity
provider user (Facebook, Google, or Login with Amazon), you
must set the ProviderAttributeName to
Cognito_Subject. For social identity providers,
the ProviderName will be Facebook,
Google, or LoginWithAmazon, and
Cognito will automatically parse the Facebook, Google, and
Login with Amazon tokens for id, sub
, and user_id, respectively. The
ProviderAttributeValue for the user must be the
same value as the id, sub, or
user_id value found in the social identity
provider token.
For SAML, the ProviderAttributeName can be any
value that matches a claim in the SAML assertion. If you wish
to link SAML users based on the subject of the SAML assertion,
you should map the subject to a claim through the SAML
identity provider and submit that claim name as the
ProviderAttributeName. If you set
ProviderAttributeName to
Cognito_Subject, Cognito will automatically parse
the default unique identifier found in the subject from the
SAML token.
public AdminLinkProviderForUserRequest withSourceUser(ProviderUserIdentifierType sourceUser)
An external identity provider account for a user who does not currently exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser is a federated social identity provider
user (Facebook, Google, or Login with Amazon), you must set the
ProviderAttributeName to Cognito_Subject. For
social identity providers, the ProviderName will be
Facebook, Google, or
LoginWithAmazon, and Cognito will automatically parse the
Facebook, Google, and Login with Amazon tokens for id,
sub, and user_id, respectively. The
ProviderAttributeValue for the user must be the same value
as the id, sub, or user_id value
found in the social identity provider token.
For SAML, the ProviderAttributeName can be any value that
matches a claim in the SAML assertion. If you wish to link SAML users
based on the subject of the SAML assertion, you should map the subject to
a claim through the SAML identity provider and submit that claim name as
the ProviderAttributeName. If you set
ProviderAttributeName to Cognito_Subject,
Cognito will automatically parse the default unique identifier found in
the subject from the SAML token.
Returns a reference to this object so that method calls can be chained together.
sourceUser - An external identity provider account for a user who does not currently exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser is a federated social identity
provider user (Facebook, Google, or Login with Amazon), you
must set the ProviderAttributeName to
Cognito_Subject. For social identity providers,
the ProviderName will be Facebook,
Google, or LoginWithAmazon, and
Cognito will automatically parse the Facebook, Google, and
Login with Amazon tokens for id, sub
, and user_id, respectively. The
ProviderAttributeValue for the user must be the
same value as the id, sub, or
user_id value found in the social identity
provider token.
For SAML, the ProviderAttributeName can be any
value that matches a claim in the SAML assertion. If you wish
to link SAML users based on the subject of the SAML assertion,
you should map the subject to a claim through the SAML
identity provider and submit that claim name as the
ProviderAttributeName. If you set
ProviderAttributeName to
Cognito_Subject, Cognito will automatically parse
the default unique identifier found in the subject from the
SAML token.
public String toString()
toString in class ObjectObject.toString()Copyright © 2020. All rights reserved.